Data Communication - Definition, Components, Types, Channels

Transferring data over a transmission medium between two or more

devices, systems, or places is known as data communication. Nowadays,
computing and telecommunications depend heavily on this data
transmission, which makes a variety of applications conceivable,
including email, video chatting, the Internet, and many more things.
In this article, we will learn about Data communication, Definition,
Components, Types, and Channels.
Components of Data Communication
A communication system is made up of the following components:
1. Message: A message is a piece of information that is to be
transmitted from one person to another. It could be a text file, an
audio file, a video file, etc.
2. Sender: It is simply a device that sends data messages. It can be a
computer, mobile, telephone, laptop, video camera, or workstation,
etc.
3. Receiver: It is a device that receives messages. It can be a
computer, telephone mobile, workstation, etc.
4. Transmission Medium / Communication
Channels: Communication channels are the medium that connect
two or more workstations. Workstations can be connected by either
wired media or wireless media.
5. Set of rules (Protocol): When someone sends the data (The
sender), it should be understandable to the receiver also otherwise it
is meaningless. For example, Sonali sends a message to Chetan. If
Sonali writes in Hindi and Chetan cannot understand Hindi, it is a
meaningless conversation.
Therefore, there are some set of rules (protocols) that is followed by every
computer connected to the internet and they are:
 TCP(Transmission Control Protocol): It is responsible for dividing
messages into packets on the source computer and reassembling
the received packet at the destination or recipient computer. It also
makes sure that the packets have the information about the source
of the message data, the destination of the message data, the
sequence in which the message data should be re-assembled, and
checks if the message has been sent correctly to the specific
destination.
 IP(Internet Protocol): Do You ever wonder how computer
determines which packet belongs to which device. What happens if
the message you sent to your friend is received by your father?
Scary Right. Well! IP is responsible for handling the address of the
destination computer so that each packet is sent to its proper
destination.
Type of data communication
As we know that data communication is communication in which we can
send or receive data from one device to another. The data communication
is divided into three types:
 1. Simplex Communication: It is one-way communication or we can
say that unidirectional communication in which one device only
receives and another device only sends data and devices uses their
entire capacity in transmission. For example, IoT, entering data
using a keyboard, listening music using a speaker, etc.
2. Half Duplex communication: It is a two-way communication, or
we can say that it is a bidirectional communication in which both the
devices can send and receive data but not at the same time. When
one device is sending data then another device is only receiving and
vice-versa. For example, walkie-talkie.
3. Full-duplex communication: It is a two-way communication or we
can say that it is a bidirectional communication in which both the
devices can send and receive data at the same time. For example,
mobile phones, landlines, etc.
Communication Channels
Communication channels are the medium that connects two or more
workstations. Workstations can be connected by either wired media or
wireless media. It is also known as a transmission medium. The
transmission medium or channel is a link that carries messages between
two or more devices. We can group the communication media into two
categories:
 Guided media transmission
 Unguided media transmission
1. Guided Media: In this transmission medium, the physical link is
created using wires or cables between two or more computers or devices,
and then the data is transmitted using these cables in terms of signals.
Guided media transmission of the following types:
1. Twisted pair cable: It is the most common form of wire used in
communication. In a twisted-pair cable, two identical wires are wrapped
together in a double helix. The twisting of the wire reduces the crosstalk.
It is known as the leaking of a signal from one wire to another due to
which signal can corrupt and can cause network errors. The twisting
protects the wire from internal crosstalk as well as external forms of
signal interference. Types of Twisted Pair Cable :
 Unshielded Twisted Pair (UTP): It is used in computers and
telephones widely. As the name suggests, there is no external
shielding so it does not protects from external interference. It is
cheaper than STP.
 Shielded Twisted Pair (STP): It offers greater protection from
crosstalk due to shield. Due to shielding, it protects from external
interference. It is heavier and costlier as compare to UTP.
2. Coaxial Cable: It consists of a solid wire core that is surrounded by
one or more foil or wire shields. The inner core of the coaxial cable carries
the signal and the outer shield provides the ground. It is widely used for
television signals and also used by large corporations in building security
systems. Data transmission of this cable is better but expensive as
compared to twisted pair.
3. Optical fibers: Optical fiber is an important technology. It transmits
large amounts of data at very high speeds due to which it is widely used
in internet cables. It carries data as a light that travels inside a thin glass
fiber. The fiber optic cable is made up of three pieces:
1. Core: Core is the piece through which light travels. It is generally
created using glass or plastic.
2. Cladding: It is the covering of the core and reflects the light back to
the core.
3. Sheath: It is the protective covering that protects fiber cable from
the environment.
2. Unguided Media: The unguided transmission media is a transmission
mode in which the signals are propagated from one device to another
device wirelessly. Signals can wave through the air, water, or vacuum. It
is generally used to transmit signals in all directions. Unguided Media is
further divided into various parts :
1. Microwave: Microwave offers communication without the use of
cables. Microwave signals are just like radio and television signals. It is
used in long-distance communication. Microwave transmission consists of
a transmitter, receiver, and atmosphere. In microwave communication,
there are parabolic antennas that are mounted on the towers to send a
beam to another antenna. The higher the tower, the greater the range.
2. Radio wave: When communication is carried out by radio frequencies,
then it is termed radio waves transmission. It offers mobility. It is consists
of the transmitter and the receiver. Both use antennas to radiate and
capture the radio signal.
3. Infrared: It is short-distance communication and can pass through
any object. It is generally used in TV remotes, wireless mouse, etc.
Transmission Modes in Computer Networks (Simplex, Half-Duplex
and Full-Duplex)
Transmission modes also known as communication modes, are methods
of transferring data between devices on buses and networks designed to
facilitate communication. They are classified into three types: Simplex
Mode, Half-Duplex Mode, and Full-Duplex Mode. In this article, we will
discuss Transmission Modes.
What is Transmission Modes?
Transmission mode means transferring data between two devices. It is
also known as a communication mode. Buses and networks are designed
to allow communication to occur between individual devices that are
interconnected. There are three types of transmission modes:
Simplex Mode
In Simplex mode, the communication is unidirectional, as on a one-way
street. Only one of the two devices on a link can transmit, the other can
only receive. The simplex mode can use the entire capacity of the
channel to send data in one direction.
Example: Keyboard and traditional monitors. The keyboard can only
introduce input, the monitor can only give the output.
Advantages of Simplex Mode
  Simplex mode is the easiest and most reliable mode of
communication.
 It is the most cost-effective mode, as it only requires one
communication channel.
 There is no need for coordination between the transmitting and
receiving devices, which simplifies the communication process.
 Simplex mode is particularly useful in situations where feedback or
response is not required, such as broadcasting or surveillance.
Disadvantages of Simplex Mode
 Only one-way communication is possible.
 There is no way to verify if the transmitted data has been received
correctly.
 Simplex mode is not suitable for applications that require
bidirectional communication.
Half-Duplex Mode
In half-duplex mode, each station can both transmit and receive, but not
at the same time. When one device is sending, the other can only receive,
and vice versa. The half-duplex mode is used in cases where there is no
need for communication in both directions at the same time. The entire
capacity of the channel can be utilized for each direction.
Example: Walkie-talkie in which message is sent one at a time and
messages are sent in both directions.
Advantages of Half Duplex Mode
 Half-duplex mode allows for bidirectional communication, which is
useful in situations where devices need to send and receive data.
 It is a more efficient mode of communication than simplex mode, as
the channel can be used for both transmission and reception.
 Half-duplex mode is less expensive than full-duplex mode, as it only
requires one communication channel.
Disadvantages of Half Duplex Mode
 Half-duplex mode is less reliable than Full-Duplex mode, as both
devices cannot transmit at the same time.
 There is a delay between transmission and reception, which can
cause problems in some applications.
 There is a need for coordination between the transmitting and
receiving devices, which can complicate the communication process.
Full-Duplex Mode
In full-duplex mode, both stations can transmit and receive
simultaneously. In full_duplex mode, signals going in one direction share
the capacity of the link with signals going in another direction, this
sharing can occur in two ways:
 Either the link must contain two physically separate transmission
paths, one for sending and the other for receiving.
 Or the capacity is divided between signals traveling in both
directions.
Full-duplex mode is used when communication in both directions is
required all the time. The capacity of the channel, however, must be
divided between the two directions.
Example: Telephone Network in which there is communication between
two persons by a telephone line, through which both can talk and listen at
the same time.
Channel Capacity=2* Bandwidth*propagation Delay
Advantages of Full-Duplex Mode
 Full-duplex mode allows for simultaneous bidirectional
communication, which is ideal for real-time applications such as
video conferencing or online gaming.
 It is the most efficient mode of communication, as both devices can
transmit and receive data simultaneously.
 Full-duplex mode provides a high level of reliability and accuracy, as
there is no need for error correction mechanisms.
Disadvantages of Full-Duplex Mode
 Full-duplex mode is the most expensive mode, as it requires two
communication channels.
 It is more complex than simplex and half-duplex modes, as it
requires two physically separate transmission paths or a division of
channel capacity.
 Full-duplex mode may not be suitable for all applications, as it
requires a high level of bandwidth and may not be necessary for
some types of communication.
Difference Between Simplex, Half Duplex, and Full Duplex
Transmission Modes
Parameter Simplex Half Duplex Full Duplex
s
The Simplex mode is Half Duplex Full Duplex mode is a
direction of a uni-directional mode is a two- two-way directional
communica communication. way directional communication
tion communication simultaneously.
but one at a
time.
Sender and In simplex mode, In Half Duplex In Full Duplex mode,
Receiver Sender can send mode, Sender Sender can send the
the data but that can send the data and also can
sender can’t data and also receive the data
receive the data. can receive the simultaneously.
data but one at a
time.
Channel Usage of one Usage of one Usage of two
usage channel for the channel for the channels for the
transmission of transmission of transmission of data.
data. data.
Performanc The simplex The Half Duplex Full Duplex provides
e mode provides mode provides better performance
less less performance than simplex and half
performance than full duplex. duplex mode.
 than half duplex
and full duplex.
Bandwidth Simplex utilizes The Half-Duplex The Full-Duplex
Utilization the maximum of involves lesser doubles the utilization
a single utilization of of transmission
bandwidth. single bandwidth bandwidth.
at the time of
transmission.
Suitable for It is suitable for It is suitable for It is suitable for those
those those transmissions when
transmissions transmissions there is requirement
when there is when there is of sending and
requirement of requirement of receiving data
full bandwidth sending data in simultaneously in
for delivering both directions, both directions.
data. but not at the
same time.
Examples Example of Example of half Example of full duplex
simplex mode duplex mode is: mode is: Telephone.
are: Keyboard Walkie-Talkies.
and monitor.

TCP/IP Model
the TCP/IP model (Transmission Control Protocol/Internet Protocol) is a
four-layer networking framework that enables reliable communication
between devices over interconnected networks. It provides a
standardized set of protocols for transmitting data across interconnected
networks, ensuring efficient and error-free delivery. Each layer has
specific functions that help manage different aspects of network
communication, making it essential for understanding and working with
modern networks.
TCP/IP was designed and developed by the Department of Defense (DoD)
in the 1970s and is based on standard protocols. The TCP/IP model is a
concise version of the OSI model. It contains four layers, unlike the seven
layers in the OSI model.
Role of TCP/IP
TCP/IP enables interoperability between diverse systems over various
network types (e.g., copper, fiber, wireless). It ensures seamless
communication across LANs, WANs, and the internet. Without TCP/IP,
large-scale global networking would not be possible.
The main condition of this process is to make data reliable and accurate
so that the receiver will receive the same information which is sent by the
sender. To ensure that, each message reaches its final destination
accurately, the TCP/IP model divides its data into packets and combines
them at the other end, which helps in maintaining the accuracy of the
data while transferring from one end to another end.
Layers of TCP/IP Model
It’s composed of four interconnected layers compared to the seven layers
in the OSI model. Each layer performs a specific task on the data that is
being transmitted over the network channel, and data moves from one
layer to another.
 Application Layer
 Transport Layer(TCP/UDP)
 Network/Internet Layer(IP)
 Network Access Layer
1. Application Layer
The Application Layer is the closest to the end user and is where
applications and user interfaces reside. It serves as the bridge between
user programs and the lower layers responsible for data transmission.
 Function: Provides services and interfaces for end-user applications
to access network resources.
 Key responsibilities:
o Supports application protocols like HTTP, FTP, SMTP, DNS, etc.
o Enables communication between software applications across
networks.
o Handles data formatting, encryption, and session management.
2. Transport Layer
This layer ensures data is delivered reliably and in the correct order
between devices. The two main protocols in this layer are TCP
(Transmission Control Protocol) and UDP (User Datagram Protocol).
 Function: Ensures reliable or unreliable delivery of data between
hosts.
 Key responsibilities:
o TCP (Transmission Control Protocol): Provides reliable,
connection-oriented delivery with error checking,
retransmission, and flow control.
o UDP (User Datagram Protocol): Provides faster, connectionless
transmission without guarantees.
o Manages flow control and segmentation/reassembly of data.
3. Internet Layer
It handles the routing of data packets across networks. It uses the
Internet Protocol (IP) to assign unique IP addresses to devices and decide
the most efficient path for data to reach its destination.
 Function: Determines the best path for data to travel across
networks.
 Key responsibilities:
o IP (Internet Protocol): Provides addressing and routing.
o Handles packet forwarding, fragmentation, and logical
addressing (IP addresses).
o Involves protocols like IP, ICMP (for diagnostics), and ARP (for
address resolution).
4. Network Access Layer
This layer is the lowest layer in the model and responsible for the physical
connection between devices within the same network segment.
  Function: Manages the physical transmission of data over the
network hardware.
 Key responsibilities:
o Handles how data is physically sent over cables, Wi-Fi, etc.
o Manages MAC addressing, framing, and error detection at the
physical link.
o Includes Ethernet, Wi-Fi, and other data link technologies.
Working of TCP/IP Model
When Sending Data (From Sender to Receiver)
 Application Layer
o A user sends data through an application (e.g., opening a
website via a browser).
o The application prepares data for transmission (e.g.,
using HTTP, FTP, SMTP).
 Transport Layer (TCP/UDP)
o TCP breaks data into small segments, adds a header (with
sequence numbers, source/destination ports).
o Ensures reliable delivery (TCP) or fast, connectionless delivery
(UDP).
 Internet Layer (IP)
o Adds IP addresses to each packet (source and destination).
o Determines the route the packet should take to reach the
destination.
 Link Layer (Network Access Layer)
o Converts packets into frames, adds MAC (physical) addresses.
o Sends data as binary bits (0s and 1s) over the physical medium
(e.g., Ethernet, Wi-Fi).
When Receiving Data (At the Destination)
 Link Layer
o Receives bits and reconstructs frames.
o Passes frames up to the Internet layer.
 Internet Layer
o Reads the IP address to confirm it’s the correct recipient.
o Removes the IP header and sends the data to the Transport
layer.
 Transport Layer
o Reassembles TCP segments in the correct order.
o Verifies data integrity using acknowledgments and checksums.
 Application Layer
o The data is delivered to the appropriate application (e.g.,
browser displays a web page).
Why TCP/IP is Used Over the OSI Model
Reason Explanation
Simpler TCP/IP has only 4 layers, compared to 7 in OSI, making it
Structure easier to implement and understand in real systems.
Protocol- TCP/IP was designed based on working protocols, while
Driven Design the OSI model is more of a theoretical framework.
 Flexibility and TCP/IP adapts well to different hardware and networks and
Robustness includes error handling, routing, and congestion control.
Open TCP/IP is open, free to use, and not controlled by any
Standard single organization, helping it gain universal acceptance.
Actual Use vs The OSI model is great for education and design
Conceptual principles, but TCP/IP is the one actually used in real-world
Model networking.

Advantages of TCP/IP Model

 Interoperability : The TCP/IP model allows different types of
computers and networks to communicate with each other,
promoting compatibility and cooperation among diverse systems.
 Scalability : TCP/IP is highly scalable, making it suitable for both
small and large networks, from local area networks (LANs) to wide
area networks (WANs) like the internet.
 Standardization : It is based on open standards and protocols,
ensuring that different devices and software can work together
without compatibility issues.
 Flexibility : The model supports various routing protocols, data
types, and communication methods, making it adaptable to different
networking needs.
 Reliability : TCP/IP includes error-checking and retransmission
features that ensure reliable data transfer, even over long distances
and through various network conditions.
Disadvantages of TCP/IP Model
 Security Concerns : TCP/IP was not originally designed with
security in mind. While there are now many security protocols
available (such as SSL/TLS), they have been added on top of the
basic TCP/IP model, which can lead to vulnerabilities.
 Inefficiency for Small Networks : For very small networks, the
overhead and complexity of the TCP/IP model may be unnecessary
and inefficient compared to simpler networking protocols.
 Limited by Address Space : Although IPv6 addresses this issue,
the older IPv4 system has a limited address space, which can lead to
issues with address exhaustion in larger networks.
 Data Overhead : TCP the transport protocol, includes a significant
amount of overhead to ensure reliable transmission. This can reduce
efficiency, especially for small data packets or in networks where
speed is crucial.
What is OSI Model? – Layers of OSI Model
The OSI (Open Systems Interconnection) Model is a set of rules that
explains how different computer systems communicate over a network.
OSI Model was developed by the International Organization for
Standardization (ISO). The OSI Model consists of 7 layers and each
layer has specific functions and responsibilities. This layered approach
makes it easier for different devices and technologies to work together.
OSI Model provides a clear structure for data transmission and managing
network issues. The OSI Model is widely used as a reference to
understand how network systems function.
Layers of the OSI Model
There are 7 layers in the OSI Model and each layer has its specific role in
handling data. All the layers are mentioned below:
 Physical Layer
 Data Link Layer
 Network Layer
 Transport Layer
 Session Layer
 Presentation Layer
 Application Layer
Layer 1 – Physical Layer
The lowest layer of the OSI reference model is the Physical Layer. It is
responsible for the actual physical connection between the devices. The
physical layer contains information in the form of bits. Physical Layer is
responsible for transmitting individual bits from one node to the next.
When receiving data, this layer will get the signal received and convert it
into 0s and 1s and send them to the Data Link layer, which will put the
frame back together. Common physical layer devices
are Hub, Repeater, Modem, and Cables.
Functions of the Physical Layer
 Bit Synchronization: The physical layer provides the
synchronization of the bits by providing a clock. This clock controls
both sender and receiver thus providing synchronization at the bit
level.
 Bit Rate Control: The Physical layer also defines the transmission
rate i.e. the number of bits sent per second.
 Physical Topologies: Physical layer specifies how the different,
devices/nodes are arranged in a network i.e. bus topology, star
topology, or mesh topology.
 Transmission Mode: Physical layer also defines how the data flows
between the two connected devices. The various transmission
modes possible are Simplex, half-duplex and full duplex.
Layer 2 – Data Link Layer (DLL)
The data link layer is responsible for the node-to-node delivery of the
message. The main function of this layer is to make sure data transfer is
error-free from one node to another, over the physical layer. When a
packet arrives in a network, it is the responsibility of the DLL to transmit it
to the Host using its MAC address. Packet in the Data Link layer is referred
to as Frame. Switches and Bridges are common Data Link Layer devices.
The Data Link Layer is divided into two sublayers:
 Logical Link Control (LLC)
 Media Access Control (MAC)
The packet received from the Network layer is further divided into frames
depending on the frame size of the NIC (Network Interface Card). DLL
also encapsulates Sender and Receiver’s MAC address in the header.
The Receiver’s MAC address is obtained by placing an ARP (Address
Resolution Protocol) request onto the wire asking, “Who has that IP
address?” and the destination host will reply with its MAC address.
Functions of the Data Link Layer
 Framing: Framing is a function of the data link layer. It provides a
way for a sender to transmit a set of bits that are meaningful to the
receiver. This can be accomplished by attaching special bit patterns
to the beginning and end of the frame.
 Physical Addressing: After creating frames, the Data link layer
adds physical addresses (MAC addresses) of the sender and/or
receiver in the header of each frame.
 Error Control: The data link layer provides the mechanism of error
control in which it detects and retransmits damaged or lost frames.
 Flow Control: The data rate must be constant on both sides else
the data may get corrupted thus, flow control coordinates the
amount of data that can be sent before receiving an
acknowledgment.
 Access Control: When a single communication channel is shared
by multiple devices, the MAC sub-layer of the data link layer helps to
determine which device has control over the channel at a given
time.
Layer 3 – Network Layer
The network layer works for the transmission of data from one host to the
other located in different networks. It also takes care of packet routing i.e.
selection of the shortest path to transmit the packet, from the number of
routes available. The sender and receiver’s IP address are placed in the
header by the network layer. Segment in the Network layer is referred to
as Packet. Network layer is implemented by networking devices such
as routers and switches.
Functions of the Network Layer
 Routing: The network layer protocols determine which route is
suitable from source to destination. This function of the network
layer is known as routing.
 Logical Addressing: To identify each device inter-network uniquely,
the network layer defines an addressing scheme. The sender and
receiver’s IP addresses are placed in the header by the network
layer. Such an address distinguishes each device uniquely and
universally.
Layer 4 – Transport Layer
The transport layer provides services to the application layer and takes
services from the network layer. The data in the transport layer is referred
to as Segments. It is responsible for the end-to-end delivery of the
complete message. The transport layer also provides the
acknowledgment of the successful data transmission and re-transmits the
data if an error is found. Protocols used in Transport Layer
are TCP, UDP NetBIOS, PPTP.
At the sender’s side, the transport layer receives the formatted data
from the upper layers, performs Segmentation, and also
implements Flow and error control to ensure proper data transmission.
It also adds Source and Destination port number in its header and
forwards the segmented data to the Network Layer.
 Generally, this destination port number is configured, either by
default or manually. For example, when a web application requests a
web server, it typically uses port number 80, because this is the
default port assigned to web applications. Many applications have
default ports assigned.
At the Receiver’s side, Transport Layer reads the port number from its
header and forwards the Data which it has received to the respective
application. It also performs sequencing and reassembling of the
segmented data.
Functions of the Transport Layer
 Segmentation and Reassembly: This layer accepts the message
from the (session) layer and breaks the message into smaller units.
Each of the segments produced has a header associated with it. The
transport layer at the destination station reassembles the message.
 Service Point Addressing: To deliver the message to the correct
process, the transport layer header includes a type of address called
service point address or port address. Thus, by specifying this
address, the transport layer makes sure that the message is
delivered to the correct process.
Services Provided by Transport Layer
 Connection-Oriented Service
 Connectionless Service
Layer 5 – Session Layer
Session Layer in the OSI Model is responsible for the establishment of
connections, management of connections, terminations of sessions
between two devices. It also provides authentication and security.
Protocols used in the Session Layer are NetBIOS, PPTP.
Functions of the Session Layer
 Session Establishment, Maintenance, and Termination: The
layer allows the two processes to establish, use, and terminate a
connection.
 Synchronization: This layer allows a process to add checkpoints
that are considered synchronization points in the data. These
synchronization points help to identify the error so that the data is
re-synchronized properly, and ends of the messages are not cut
prematurely, and data loss is avoided.
 Dialog Controller: The session layer allows two systems to start
communication with each other in half-duplex or full duplex.
Example
Let us consider a scenario where a user wants to send a message through
some Messenger application running in their browser. The “Messenger”
here acts as the application layer which provides the user with an
interface to create the data. This message or so-called Data is
compressed, optionally encrypted (if the data is sensitive), and converted
into bits (0’s and 1’s) so that it can be transmitted.
Layer 6 – Presentation Layer
The presentation layer is also called the Translation layer. The data
from the application layer is extracted here and manipulated as per the
required format to transmit over the network. Protocols used in the
Presentation Layer are JPEG, MPEG, GIF, TLS/SSL, etc.
Functions of the Presentation Layer
 Translation: For example, ASCII to EBCDIC.
 Encryption/ Decryption: Data encryption translates the data into
another form or code. The encrypted data is known as the
ciphertext, and the decrypted data is known as plain text. A key
value is used for encrypting as well as decrypting data.
 Compression: Reduces the number of bits that need to be
transmitted on the network.
Layer 7 – Application Layer
At the very top of the OSI Reference Model stack of layers, we find the
Application layer which is implemented by the network applications.
These applications produce the data to be transferred over the network.
This layer also serves as a window for the application services to access
the network and for displaying the received information to the user.
Protocols used in the Application layer are SMTP, FTP, DNS, etc.
Functions of the Application Layer
The main functions of the application layer are given below.
 Network Virtual Terminal (NVT): It allows a user to log on to a
remote host.
 File Transfer Access and Management (FTAM): This application
allows a user to access files in a remote host, retrieve files in a
remote host, and manage or control files from a remote computer.
 Mail Services: Provide email service.
 Directory Services: This application provides distributed database
sources and access for global information about various objects and
services.
How Data Flows in the OSI Model?
When we transfer information from one device to another, it travels
through 7 layers of OSI model. First data travels down through 7 layers
from the sender’s end and then climbs back 7 layers on the receiver’s
end.
Data flows through the OSI model in a step-by-step process:
 Application Layer: Applications create the data.
 Presentation Layer: Data is formatted and encrypted.
 Session Layer: Connections are established and managed.
 Transport Layer: Data is broken into segments for reliable delivery.
 Network Layer: Segments are packaged into packets and routed.
 Data Link Layer: Packets are framed and sent to the next device.
  Physical Layer: Frames are converted into bits and transmitted
physically.
Why Does the OSI Model Matter?
The OSI Model matters because it provides the user a clear structure of
“how the data moves in the network?”. As the OSI Model consists of 7
layers, each layer has its specific role, and due to which it helps in
understanding, identifying and solving the complex network problems
easily by focusing on one of the layers not the entire network.
As the modern Internet does not prefer the OSI Model, but still, the OSI
Model is still very helpful for solving network problems. It helps people
understanding network concepts very easily.
Difference Between OSI and TCP/IP Model
OSI Model TCP/IP Model
OSI stands for Open Systems TCP/IP stands for Transmission Control
Interconnection. Protocol/Internet Protocol.
OSI model has 7 layers. TCP/IP model consists of 4 layers.
Package delivery is guaranteed in Package delivery is not guaranteed in
OSI Model. the TCP/IP Model.
In the OSI model, only layers 1, 2,
All layers of the TCP/IP model are
and 3 are necessary for data
needed for data transmission.
transmission.
Layers are integrated; some layers
Protocols at each layer are
are required by other layers of the
independent of the other layers.
TCP/IP model.
OSI Model is a conceptual Widely used in actual networks like
framework, less used in practical the Internet and Communication
applications. Systems.

Advantages of OSI Model

The OSI Model defines the communication of a computing system into 7
different layers. Its advantages include:
 It divides network communication into 7 layers which makes it easier
to understand and troubleshoot.
 It standardizes network communications, as each layer has fixed
functions and protocols.
 Diagnosing network problems is easier with the OSI model.
 It is easier to improve with advancements as each layer can get
updates separately.
Disadvantages of OSI Model
 The OSI Model has seven layers, which can be complicated and hard
to understand for beginners.
 In real-life networking, most systems use a simpler model called the
Internet protocol suite (TCP/IP), so the OSI Model is not always
directly applicable.
 Each layer in the OSI Model adds its own set of rules and operations,
which can make the process more time-consuming and less efficient.
  The OSI Model is more of a theoretical framework, meaning it’s great
for understanding concepts but not always practical for
implementation.
Why Does the OSI Model Matter?
The OSI Model matters because it provides the user a clear structure of
“how the data moves in the network?”. As the OSI Model consists of 7
layers, each layer has its specific role, and due to which it helps in
understanding, identifying and solving the complex network problems
easily by focusing on one of the layers not the entire network.
As the modern Internet does not prefer the OSI Model, but still, the OSI
Model is still very helpful for solving network problems. It helps people
understanding network concepts very easily.
Difference Between OSI and TCP/IP Model
OSI Model TCP/IP Model

OSI stands for Open Systems TCP/IP stands for Transmission

Interconnection. Control Protocol/Internet Protocol.

OSI model has 7 layers. TCP/IP model consists of 4 layers.

Package delivery is guaranteed in Package delivery is not guaranteed

OSI Model. in the TCP/IP Model.

In the OSI model, only layers 1,2

All layers of the TCP/IP model are
and 3 are necessary for data
needed for data transmission.
transmission.

Layers are integrated; some layers

Protocols at each layer is
are required by other layers of
independent of the other layer.
TCP/IP model.

OSI Model is a conceptual Widely used in actual networks like

framework, less used in practical Internet and Communication
applications. Systems.
Advantages of OSI Model
The OSI Model defines the communication of a computing system into 7
different layers. Its advantages include:
 It divides network communication into 7 layers which makes it easier
to understand and troubleshoot.
 It standardizes network communications, as each layer has fixed
functions and protocols.
 Diagnosing network problems is easier with the OSI model.
 It is easier to improve with advancements as each layer can get
updates separately.
Disadvantages of OSI Model
 The OSI Model has seven layers, which can be complicated and hard
to understand for beginners.
 In real-life networking, most systems use a simpler model called the
Internet protocol suite (TCP/IP), so the OSI Model is not always
directly applicable.
 Each layer in the OSI Model adds its own set of rules and operations,
which can make the process more time-consuming and less efficient.
 The OSI Model is more of a theoretical framework, meaning it’s great
for understanding concepts but not always practical for
implementation.
TCP flags
In TCP connection, flags are used to indicate a particular state of
connection or to provide some additional useful information like
troubleshooting purposes or to handle a control of a particular connection.
Most commonly used flags are “SYN”, “ACK” and “FIN”. Each flag
corresponds to 1 bit information.
Types of Flags:
 Synchronization (SYN) – It is used in first step of connection
establishment phase or 3-way handshake process between the two
hosts. Only the first packet from sender as well as receiver should
have this flag set. This is used for synchronizing sequence number
i.e. to tell the other end which sequence number they should accept.
 Acknowledgement (ACK) – It is used to acknowledge packets
which are successful received by the host. The flag is set if the
acknowledgement number field contains a valid acknowledgement
number.
In given below diagram, the receiver sends an ACK = 1 as well as
SYN = 1 in the second step of connection establishment to tell
sender that it received its initial packet.
 Finish (FIN) – It is used to request for connection termination i.e.
when there is no more data from the sender, it requests for
connection termination. This is the last packet sent by sender. It
frees the reserved resources and gracefully terminate the
connection.
 Reset (RST) – It is used to terminate the connection if the RST
sender feels something is wrong with the TCP connection or that the
conversation should not exist. It can get send from receiver side
when packet is send to particular host that was not expecting it.
 Urgent (URG) – It is used to indicate that the data contained in the
packet should be prioritized and handled urgently by the receiver.
This flag is used in combination with the Urgent Pointer field to
identify the location of the urgent data in the packet.
 Push (PSH) – It is used to request immediate data delivery to the
receiving host, without waiting for additional data to be buffered on
the sender’s side. This flag is commonly used in applications such as
real-time audio or video streaming.
  Window (WND) – It is used to communicate the size of the receive
window to the sender. The window size is the amount of data that
the receiving host is capable of accepting at any given time. The
sender should limit the amount of data it sends based on the size of
the window advertised by the receiver.
 Checksum (CHK) – It is used to verify the integrity of the TCP
segment during transmission. The checksum is computed over the
entire segment, including the header and data fields, and is
recalculated at each hop along the network path.
 Sequence Number (SEQ) – It is a unique number assigned to each
segment by the sender to identify the order in which packets should
be received by the receiver. The sequence number is used in
conjunction with the acknowledgement number to ensure reliable
data transfer and to prevent duplicate packets.
 Acknowledgement Number (ACK) – It is used to acknowledge the
receipt of a TCP segment and to communicate the next expected
sequence number to the sender. The acknowledgement number field
contains the sequence number of the next expected segment, rather
than the number of the last received segment.
Finish (FIN) v/s Reset (RST) –

 Push (PSH) – Transport layer by default waits for some time for
application layer to send enough data equal to maximum segment
size so that the number of packets transmitted on network
minimizes which is not desirable by some application like interactive
applications(chatting). Similarly transport layer at receiver end
buffers packets and transmit to application layer if it meets certain
criteria.
This problem is solved by using PSH. Transport layer sets PSH = 1 and
immediately sends the segment to network layer as soon as it receives
signal from application layer. Receiver transport layer, on seeing PSH = 1
immediately forwards the data to application layer.
In general, it tells the receiver to process these packets as they are
received instead of buffering them.
 Urgent (URG) –Data inside a segment with URG = 1 flag is
forwarded to application layer immediately even if there are more
data to be given to application layer. It is used to notify the receiver
to process the urgent packets before processing all other packets.
 The receiver will be notified when all known urgent data has been
received.
Push (PSH) v/s Urgent (URG) –

Network Address Translation(NAT)

Network Address Translation (NAT) is a process in which one or more
local IP addresses are translated into one or more Global IP addresses and
vice versa to provide Internet access to the local hosts. It also does the
translation of port numbers, i.e., masks the port number of the host with
another port number in the packet that will be routed to the destination. It
then makes the corresponding entries of IP address and port number in
the NAT table. NAT generally operates on a router or firewall.
Network Address Translation
Working of Network Address Translation (NAT)
Generally, the border router is configured for NAT i.e. the router which has
one interface in the local (inside) network and one interface in the global
(outside) network. When a packet traverse outside the local (inside)
network, then NAT converts that local (private) IP address to a global
(public) IP address. When a packet enters the local network, the global
(public) IP address is converted to a local (private) IP address.
If NAT runs out of addresses, i.e., no address is left in the pool configured
then the packets will be dropped and an Internet Control Message
Protocol (ICMP) host unreachable packet to the destination is sent.
Why Mask Port Numbers?
Suppose, in a network, two hosts A and B are connected. Now, both of
them request for the same destination, on the same port number, say
1000, on the host side, at the same time. If NAT does only translation of IP
addresses, then when their packets will arrive at the NAT, both of their IP
addresses would be masked by the public IP address of the network and
sent to the destination. Destination will send replies to the public IP
address of the router. Thus, on receiving a reply, it will be unclear to NAT
as to which reply belongs to which host (because source port numbers for
both A and B are the same). Hence, to avoid such a problem, NAT masks
the source port number as well and makes an entry in the NAT table.
NAT inside and outside addresses
Inside refers to the addresses which must be translated. Outside refers to
the addresses which are not in control of an organization. These are the
network Addresses in which the translation of the addresses will be done.
 Inside local address - An IP address that is assigned to a host on
the Inside (local) network. The address is probably not an IP address
 assigned by the service provider i.e., these are private IP addresses.
This is the inside host seen from the inside network.
 Inside global address - IP address that represents one or more
inside local IP addresses to the outside world. This is the inside host
as seen from the outside network.
 Outside local address - This is the actual IP address of the
destination host in the local network after translation.
 Outside global address - This is the outside host as seen from the
outside network. It is the IP address of the outside destination host
before translation.
Types of Network Address Translation (NAT)
There are 3 ways to configure NAT:
Static NAT
In this, a single unregistered (Private) IP address is mapped with a legally
registered (Public) IP address i.e one-to-one mapping between local and
global addresses. This is generally used for Web hosting. These are not
used in organizations as there are many devices that will need Internet
access and to provide Internet access, a public IP address is needed.
Suppose, if there are 3000 devices that need access to the Internet, the
organization has to buy 3000 public addresses that will be very costly.
Dynamic NAT
In this type of NAT, an unregistered IP address is translated into a
registered (Public) IP address from a pool of public IP addresses. If the IP
address of the pool is not free, then the packet will be dropped as only a
fixed number of private IP addresses can be translated to public
addresses.
Suppose, if there is a pool of 2 public IP addresses then only 2 private IP
addresses can be translated at a given time. If 3rd private IP address
wants to access the Internet then the packet will be dropped therefore
many private IP addresses are mapped to a pool of public IP addresses.
NAT is used when the number of users who want to access the Internet is
fixed. This is also very costly as the organization has to buy many global
IP addresses to make a pool.
Port Address Translation (PAT)
This is also known as NAT overload. In this, many local (private) IP
addresses can be translated to a single registered IP address. Port
numbers are used to distinguish the traffic i.e., which traffic belongs to
which IP address. This is most frequently used as it is cost-effective as
thousands of users can be connected to the Internet by using only one
real global (public) IP address.
Advantages of NAT
 NAT conserves legally registered IP addresses.
 It provides privacy as the device's IP address, sending and receiving
the traffic, will be hidden.
 Eliminates address renumbering when a network evolves.
Disadvantage of NAT
 Translation results in switching path delays.
  Certain applications will not function while NAT is enabled.
 Complicates tunneling protocols such as IPsec.
 Also, the router being a network layer device, should not tamper
with port numbers(transport layer) but it has to do so because of
NAT.
What is Network Security?
Any action intended to safeguard the integrity and usefulness of your
data and network is known as network security. In other words, Network
security is defined as the activity created to protect the integrity of your
network and data.
Network security is the practice of protecting a computer network from
unauthorized access, misuse, or attacks. It involves using tools,
technologies, policies and procedures to ensure the confidentiality,
integrity, and availability of systems and data within the network to
ensure that data traveling over the network is safe and secure, keeping
sensitive information away from hackers and other threats.
How Does Network Security Work?
Network security uses several layers of protection, both at the edge of the
network and within it. Each layer has rules and controls that determine
who can access network resources. People who are allowed access can
use the network safely, but those who try to harm it with attacks or other
threats are stopped from doing so.
The basic principle of network security is protecting huge stored data and
networks in layers that ensure the enforcement of rules and regulations
that have to be acknowledged before performing any activity on the
data. These levels are:
 Physical Network Security: This is the most basic level that
includes protecting the data and network through unauthorized
personnel from acquiring control over the confidentiality of the
network. The same can be achieved by using devices like biometric
systems.
 Technical Network Security: It primarily focuses on protecting the
data stored in the network or data involved in transitions through the
network. This type serves two purposes. One is protected from
unauthorized users, and the other is protected from malicious
activities.
 Administrative Network Security: This level of network security
protects user behavior like how the permission has been granted
and how the authorization process takes place. This also ensures the
level of sophistication the network might need for protecting it
through all the attacks. This level also suggests necessary
amendments that have to be done to the infrastructure.
Types of Network Security
There are several types of network security through which we can make
our network more secure, Your network and data are shielded from
breaches, invasions, and other dangers by network security. Here below
are some important types of network security:
Email Security
Email Security is defined as the process designed to protect the Email
Account and its contents safe from unauthorized access. For Example,
you generally see, fraud emails are automatically sent to the Spam folder.
because most email service providers have built-in features to protect the
content.
The most common danger vector for a security compromise is email
gateways. Hackers create intricate phishing campaigns using recipients’
personal information and social engineering techniques to trick them and
direct them to malicious websites. To stop critical data from being lost, an
email security programme restricts outgoing messages and stops
incoming threats.
Network Segmentation
Network traffic is divided into several categories by software-defined
segmentation, which also facilitates the enforcement of security
regulations. Ideally, endpoint identity—rather than just IP addresses—is
the basis for the classifications. To ensure that the appropriate amount of
access is granted to the appropriate individuals and that suspicious
devices are controlled and remediated, access permissions can be
assigned based on role, location, and other factors.
Access Control
Your network should not be accessible to every user. You need to identify
every user and every device in order to keep out any attackers. You can
then put your security policies into effect. Noncompliant endpoint devices
might either have their access restricted or blocked. Network access
control (NAC) is this process.
Sandboxing
Sandboxing is a cybersecurity technique in which files are opened or code
is performed on a host computer that simulates end-user operating
environments in a secure, isolated environment. To keep threats off the
network, sandboxing watches the code or files as they are opened and
searches for harmful activity.
Cloud Network Security
This is very vulnerable to the malpractices that few unauthorized dealers
might pertain to. This data must be protected and it should be ensured
that this protection is not jeopardized by anything. Many businesses
embrace SaaS applications for providing some of their employees the
allowance of accessing the data stored in the cloud. This type of security
ensures creating gaps in the visibility of the data.
Workloads and applications are no longer solely housed in a nearby data
centre on-site. More adaptability and creativity are needed to protect the
modern data centre as application workloads move to the cloud.
Web Security
A online security solution will restrict access to harmful websites, stop
web-based risks, and manage staff internet usage. Your web gateway will
be safeguarded both locally and in the cloud. “Web security” also include
the precautions you take to safeguard your personal website.
Intrusion Prevention System(IPS)
An intrusion Prevention System is also known as Intrusion Detection and
Prevention System. It is a network security application that monitors
network or system activities for malicious activity. The major functions of
intrusion prevention systems are to identify malicious activity, collect
information about this activity, report it, and attempt to block or stop it.
Antivirus and Anti-malware Software
This type of network security ensures that any malicious software does
not enter the network and threaten the security of the data. Malicious
software like Viruses, Trojans, and Worms is handled by the same. This
ensures that not only the entry of the malware is protected but also that
the system is well-equipped to fight once it has entered.
Firewalls Security
A firewall is a network security device, either hardware or software-based,
which monitors all incoming and outgoing traffic and based on a defined
set of security rules accepts, rejects, or drops that specific traffic. Before
Firewalls, network security was performed by Access Control Lists (ACLs)
residing on routers.
Application Security
Application security denotes the security precautionary measures utilized
at the application level to prevent the stealing or capturing of data or
code inside the application. It also includes the security measurements
made during the advancement and design of applications, as well as
techniques and methods for protecting the applications whenever.
Wireless Security
Wireless networks are less secure than wired ones. If not properly
secured, setting up a wireless LAN can be like having Ethernet ports
available everywhere, even in places like parking lots. To prevent attacks
and keep your wireless network safe, you need dedicated products
designed to protect it from exploits and unauthorized access.
Web Security
A web security solution manages how your staff uses the internet, blocks
threats from websites, and stops access to harmful sites. It safeguards
your web gateway either onsite or in the cloud. Additionally, “web
security” involves measures taken to protect your own website from
potential attacks and vulnerabilities.
Mobile Device Security
Cybercriminals are focusing more on mobile devices and apps. In the next
three years, about 90 percent of IT organizations might allow corporate
applications on personal mobile devices. It’s crucial to control which
devices can connect to your network and set up their connections
securely to protect network traffic from unauthorized access.
Industrial Network Security
As industries digitize their operations, the closer integration of IT, cloud
services, and industrial networks exposes Industrial Control Systems (ICS)
to cyber threats. To safeguard against these risks, it’s crucial to have
complete visibility into your Operational Technology (OT) security status.
This involves segmenting the industrial network and providing detailed
information about OT devices and their behaviors to IT security tools. This
approach helps in effectively monitoring and protecting critical industrial
systems from potential cyber attacks.
VPN Security
A virtual private network (VPN) encrypts the connection between a device
and a network, usually over the internet. A remote-access VPN commonly
uses IPsec or Secure Sockets Layer (SSL) to verify and secure the
communication between the device and the network. This encryption
ensures that data transmitted between the device and the network
remains private and secure from unauthorized access.
Benefits of Network Security
Network Security has several benefits, some of which are mentioned
below:
 Network Security helps in protecting clients’ information and data
which ensures reliable access and helps in protecting the data from
cyber threats.
 Network Security protects the organization from heavy losses that
may have occurred from data loss or any security incident.
 It overall protects the reputation of the organization as it protects
the data and confidential items.
Advantages of Network Security
 Protection from Unauthorized Access: Network security
measures such as firewalls and authentication systems prevent
unauthorized users from accessing sensitive information or
disrupting network operations.
 Data Confidentiality: Encryption technologies ensure that data
transmitted over the network remains confidential and cannot be
intercepted by unauthorized parties.
 Prevention of Malware and Viruses: Network security solutions
like antivirus software and intrusion detection systems (IDS) detect
and block malware, viruses, and other malicious threats before they
can infect systems.
 Secure Remote Access: Virtual private networks (VPNs) and other
secure remote access methods enable employees to work remotely
without compromising the security of the organization’s network and
data.
Disadvantages of Network Security
 Complexity and Management Overhead: Implementing and
managing network security measures such as firewalls, encryption,
and intrusion detection systems (IDS) can be complex and require
specialized knowledge and resources.
 Cost: Effective network security often requires investment in
hardware, software, and skilled personnel, which can be expensive
for organizations, especially smaller ones.
 Privacy Concerns: Some network security measures, such as deep
packet inspection and monitoring, may raise privacy concerns
 among users and stakeholders, requiring careful balancing of
security needs with individual privacy rights.
What is Information Security (InfoSec)?
Information Security is not only about securing information from
unauthorized access. Information Security is basically the practice of
preventing unauthorized access, use, disclosure, disruption, modification,
inspection, recording, or destruction of information. Information can be a
physical or electronic one. Information can be anything like Your details or
we can say your profile on social media, your data on your mobile phone,
your biometrics, etc. Thus Information Security spans so many research
areas like Cryptography, Mobile Computing, Cyber Forensics, Online
Social Media, etc.

During the First World War, a Multi-tier Classification System was

developed keeping in mind the sensitivity of the information. With the
beginning of the Second World War, formal alignment of the Classification
System was done. Alan Turing was the one who successfully decrypted
the Enigma Machine which was used by Germans to encrypt warfare
data.
Effective information security requires a comprehensive approach that
considers all aspects of the information environment, including
technology, policies and procedures, and people. It also requires ongoing
monitoring, assessment, and adaptation to address emerging threats and
vulnerabilities.
Why We Use Information Security?
We use information security to protect valuable information assets from a
wide range of threats, including theft, espionage, and cybercrime. Here
are some key reasons why information security is important:
 Protecting sensitive information: Information security helps
protect sensitive information from being accessed, disclosed, or
modified by unauthorized individuals. This includes personal
information, financial data, and trade secrets, as well as confidential
government and military information.
 Mitigating risk: By implementing information security measures,
organizations can mitigate the risks associated with cyber threats
and other security incidents. This includes minimizing the risk of
data breaches, denial-of-service attacks, and other malicious
activities.
 Compliance with regulations: Many industries and jurisdictions
have specific regulations governing the protection of sensitive
information. Information security measures help ensure compliance
with these regulations, reducing the risk of fines and legal liability.
 Protecting reputation: Security breaches can damage an
organization's reputation and lead to lost business. Effective
information security can help protect an organization's reputation by
minimizing the risk of security incidents.
  Ensuring business continuity: Information security helps ensure
that critical business functions can continue even in the event of a
security incident. This includes maintaining access to key systems
and data, and minimizing the impact of any disruptions.
What are the 3 Principles of Information Security?
Information security is necessary to ensure the confidentiality, integrity,
and availability of information, whether it is stored digitally or in other
forms such as paper documents. Information Security programs are build
around 3 objectives, commonly known as CIA - Confidentiality, Integrity,
Availability.
 Confidentiality - Means information is not disclosed to
unauthorized individuals, entities and process. For example if we say
I have a password for my Gmail account but someone saw while I
was doing a login into Gmail account. In that case my password has
been compromised and Confidentiality has been breached.
 Integrity - Means maintaining accuracy and completeness of data.
This means data cannot be edited in an unauthorized way. For
example if an employee leaves an organisation then in that case
data for that employee in all departments like accounts, should be
updated to reflect status to JOB LEFT so that data is complete and
accurate and in addition to this only authorized person should be
allowed to edit employee data.
 Availability - Means information must be available when needed.
For example if one needs to access information of a particular
employee to check whether employee has outstanded the number of
leaves, in that case it requires collaboration from different
organizational teams like network operations, development
operations, incident response and policy/change
management. Denial of service attack is one of the factor that can
hamper the availability of information.
Types of Information Security
Information Security (InfoSec) focuses on protecting data from threats
and unauthorized access. Here are five important types:
 Network Security: Protects computer networks from attacks and
unauthorized access using tools like firewalls, Intrusion Detection
Systems (IDS), and Virtual Private Networks (VPNs). For
example, a firewall can block malicious traffic trying to enter a
company's network.
 Application Security: Secures software applications by finding and
fixing vulnerabilities, using methods like code
reviews and security patches. An example is a web
application firewall (WAF) that prevents attacks on websites by
filtering and monitoring HTTP traffic.
 Data Security: Ensures data safety during storage and transfer by
using encryption and data masking. For instance, encrypted
emails are unreadable to anyone without the decryption key,
protecting sensitive information.
  Endpoint Security: Secures individual devices such as computers,
smartphones, and tablets through antivirus
software and Endpoint Detection and Response (EDR) tools.
An example is an antivirus program that scans and removes
malware from a personal laptop.
 Cloud Security: Protects data and applications hosted in cloud
environments with measures like secure cloud
configurations and Identity and Access Management (IAM).
For instance, using multi-factor authentication (MFA) helps ensure
that only authorized users can access cloud-based services.
Why is Information Security Important?
Advantages for implementing an information classification system in an
organization's information security program:
 Improved security: By identifying and classifying sensitive
information, organizations can better protect their most critical
assets from unauthorized access or disclosure.
 Compliance: Many regulatory and industry standards, such as
HIPAA and PCI-DSS, require organizations to implement information
classification and data protection measures.
 Improved efficiency: By clearly identifying and labeling
information, employees can quickly and easily determine the
appropriate handling and access requirements for different types of
data.
 Better risk management: By understanding the potential impact
of a data breach or unauthorized disclosure, organizations can
prioritize resources and develop more effective incident response
plans.
 Cost savings: By implementing appropriate security controls for
different types of information, organizations can avoid unnecessary
spending on security measures that may not be needed for less
sensitive data.
 Improved incident response: By having a clear understanding of
the criticality of specific data, organizations can respond to security
incidents in a more effective and efficient manner.
There are some potential disadvantages for implementing an
information classification system in an organization's information
security program:
 Complexity: Developing and maintaining an information
classification system can be complex and time-consuming,
especially for large organizations with a diverse range of data types.
 Cost: Implementing and maintaining an information classification
system can be costly, especially if it requires new hardware or
software.
 Resistance to change: Some employees may resist the
implementation of an information classification system, especially if
it requires them to change their usual work habits.
  Inaccurate classification: Information classification is often done
by human, so it is possible that some information may be
misclassified, which can lead to inadequate protection or
unnecessary restrictions on access.
 Lack of flexibility: Information classification systems can be rigid
and inflexible, making it difficult to adapt to changing business
needs or new types of data.
 False sense of security: Implementing an information
classification system may give organizations a false sense of
security, leading them to overlook other important security controls
and best practices.
 Maintenance: Information classification should be reviewed and
updated frequently, if not it can become outdated and ineffective.
Uses of Information Security
Information security has many uses, including:
 Confidentiality: Keeping sensitive information confidential and
protected from unauthorized access.
 Integrity: Maintaining the accuracy and consistency of data, even
in the presence of malicious attacks.
 Availability: Ensuring that authorized users have access to the
information they need, when they need it.
 Compliance: Meeting regulatory and legal requirements, such as
those related to data privacy and protection.
 Risk management: Identifying and mitigating potential security
threats to prevent harm to the organization.
 Disaster recovery: Developing and implementing a plan to quickly
recover from data loss or system failures.
 Authentication: Verifying the identity of users accessing
information systems.
 Encryption: Protecting sensitive information from unauthorized
access by encoding it into a secure format.
 Network security: Protecting computer networks from
unauthorized access, theft, and other types of attacks.
 Physical security: Protecting information systems and the
information they store from theft, damage, or destruction by
securing the physical facilities that house these systems.
Issues of Information Security
Information security faces many challenges and issues, including:
 Cyber threats: The increasing sophistication of cyber attacks,
including malware, phishing, and ransomware, makes it difficult to
protect information systems and the information they store.
 Human error: People can inadvertently put information at risk
through actions such as losing laptops or smartphones, clicking on
malicious links, or using weak passwords.
 Insider threats: Employees with access to sensitive information
can pose a risk if they intentionally or unintentionally cause harm to
the organization.
  Legacy systems: Older information systems may not have the
security features of newer systems, making them more vulnerable to
attack.
 Complexity: The increasing complexity of information systems and
the information they store makes it difficult to secure them
effectively.
 Mobile and IoT devices: The growing number of mobile devices
and internet of things (IoT) devices creates new security challenges
as they can be easily lost or stolen, and may have weak security
controls.
 Integration with third-party systems: Integrating information
systems with third-party systems can introduce new security risks,
as the third-party systems may have security vulnerabilities.
 Data privacy: Protecting personal and sensitive information from
unauthorized access, use, or disclosure is becoming increasingly
important as data privacy regulations become more strict.
 Globalization: The increasing globalization of business makes it
more difficult to secure information, as data may be stored,
processed, and transmitted across multiple countries with different
security requirements.
Cryptography Introduction
Cryptography is the study and practice of techniques for secure
communication in the presence of third parties called adversaries. It deals
with developing and analyzing protocols that prevents malicious third
parties from retrieving information being shared between two entities
thereby following the various aspects of information security. Secure
Communication refers to the scenario where the message or data shared
between two parties can’t be accessed by an adversary. In Cryptography,
an Adversary is a malicious entity, which aims to retrieve precious
information or data thereby undermining the principles of information
security. Data Confidentiality, Data Integrity, Authentication and Non-
repudiation are core principles of modern-day cryptography.
1. Confidentiality refers to certain rules and guidelines usually
executed under confidentiality agreements which ensure that the
information is restricted to certain people or places.
2. Data integrity refers to maintaining and making sure that the data
stays accurate and consistent over its entire life cycle.
3. Authentication is the process of making sure that the piece of data
being claimed by the user belongs to it.
4. Non-repudiation refers to the ability to make sure that a person or
a party associated with a contract or a communication cannot deny
the authenticity of their signature over their document or the
sending of a message.
Types of Cryptography:
There are several types of cryptography, each with its own unique
features and applications. Some of the most common types of
cryptography include:
1. Symmetric-key cryptography: This type of cryptography involves
the use of a single key to encrypt and decrypt data. Both the sender and
receiver use the same key, which must be kept secret to maintain the
security of the communication.
2. Asymmetric-key cryptography: Asymmetric-key cryptography, also
known as public-key cryptography, uses a pair of keys – a public key and
a private key – to encrypt and decrypt data. The public key is available to
anyone, while the private key is kept secret by the owner.
Hash functions: A hash function is a mathematical algorithm that
converts data of any size into a fixed-size output. Hash functions are often
used to verify the integrity of data and ensure that it has not been
tampered with.
Applications of Cryptography:
Cryptography has a wide range of applications in modern-day
communication, including:
 Secure online transactions: Cryptography is used to secure
online transactions, such as online banking and e-commerce, by
encrypting sensitive data and protecting it from unauthorized
access.
 Digital signatures: Digital signatures are used to verify the
authenticity and integrity of digital documents and ensure that they
have not been tampered with.
 Password protection: Passwords are often encrypted using
cryptographic algorithms to protect them from being stolen or
intercepted.
Military and intelligence applications: Cryptography is widely used in
military and intelligence applications to protect classified information and
communications.
Challenges of Cryptography:
While cryptography is a powerful tool for securing information, it also
presents several challenges, including:
 Key management: Cryptography relies on the use of keys, which
must be managed carefully to maintain the security of the
communication.
 Quantum computing: The development of quantum computing
poses a potential threat to current cryptographic algorithms, which
may become vulnerable to attacks.
 Human error: Cryptography is only as strong as its weakest link,
and human error can easily compromise the security of a
communication.
Difference between Steganography and Cryptography
Steganography and cryptography are critical components of network
security. Network security has emerged as an essential part of today's
communication infrastructure. There was an urgent need for network
security to protect confidentiality and data integrity. It protects the user
against unauthorized access. Steganography hides communication
traces, while cryptography uses encryption to make the message
unreadable.
Cryptography vs Steganography
What is Steganography?
Steganography is a method in which a secret message is hidden in a
cover media. Steganography means covered writing. Steganography is
the idea of preventing secret information by creating suspicion.
Steganography is less popular than Cryptography. In steganography, the
structure of data is not usually altered. The forms of steganography are:
 Text
 Audio
 Video
 Images
 Network or Protocol
What is Cryptography?
Cryptography means secret writing. In cryptography, the sender does not
send a message directly to the receiver, before sending information to the
receiver information or plain text is converted into cipher text by using
some encryption algorithm then sent to the receiver and the receiver
decrypts the cipher text into plain text to read the original information. It
is of two types:
 Symmetric key cryptography
 Asymmetric key cryptography
Difference between Steganography and Cryptography
Basis Steganography Cryptography

Definiti Steganography means cover Cryptography means secret

on ed writing. writing.

popular Steganography is less While cryptography is more

ity popular than Cryptography. popular than Steganography.

The attack's name in

Attack In cryptography, the Attack's
Steganography
Name name is Cryptanalysis.
is Steganalysis.

Data In steganography, the

While in cryptography, the
Alterati structure of data is not
structure of data is altered.
on usually altered.

Securit Steganography Cryptography

y supports Confidentiality an supports Confidentiality an
Principl d Authentication security d Authentication security
es principles. principles as well as Data
Basis Steganography Cryptography

integrity and Non-

repudiation.

In steganography, the fact

Visibilit While in cryptography only a
that a secret communication
y secret message is hidden.
is taking place is hidden.

Mathe Cryptography involves the

In steganography, not many
matical use of number theory,
mathematical
Involve mathematics, etc. to modify
transformations are involved.
ment data

Informa
tion In Steganography the In cryptography, the
Handlin information is hidden. information is transformed.
g

Informa
tion The hidden information is not Transformed information is
Visibilit visible. visible.
y

Securit
Cryptography Provides
y Steganography Provides
Confidentiality, Integrity,
Service Confidentiality only.
Non-repudiation.
s

Cryptography has Various

Algorith Steganography doesn't have
recognized and approved
ms specific algorithms.
algorithms.

The goal of steganography is The main goal of

to make the information cryptography is to keep the
Goal invisible to anyone who contents of the message
doesn't know where to look or secret from unauthorized
what to look for access.
Types of hacking
Hacking is the activity of characterizing weaknesses in a knowledge
processing system and a network to take advantage of the security to
comprehend access to private knowledge or business data. Computers
became obligatory in running a decent business. It is not enough to
possess isolated computer systems. These are various cybersecurity
threats and vulnerabilities, including phishing, viruses, UI redress
attacks, cookie theft, DDoS attacks, DNS spoofing, social
engineering, missing security patches, malware-injection
devices, and password cracking.
They need to be networked to facilitate communication with external
businesses. This exposes them to the surface world and hacking. System
hacking means the exploitation of computers to commit fallacious acts
like fraud, privacy invasion, stealing corporate/personal knowledge, etc.
Cyber-crimes cost several organizations several bucks every year.
Businesses are compelled to defend themselves against such attacks.
Types of Hacking
Hacking is something from which you've to protect yourself and can solely
be done by anticipating how a hacker might think to get into the system.
1. Phishing -
In this type of hacking, the hacker intends to steal critical
information of users like account passwords, MasterCard details, etc.
For example, hackers can replicate an original website for user
interaction and can steal critical information from the duplicate
website the hacker has created.
2. Virus -
These are triggered by the hacker entering the filters of the website
once they enter the website filters it. The purpose is to corrupt the
information or resources on the net website.
3. UI redress -
In this technique, the hacker creates a pretend interface and once
the user clicks with the intent of progressing to a particular website,
they are directed to a special website.
4. Cookie theft -
Hackers access the net websites exploiting malicious codes and
stealing cookies that contain tips, login passwords, etc. Get access
to your account then will do any factor besides your account.
5. Distributed Denial-of-service(DDoS) -
This hacking technique is aimed at taking down a website so that a
user cannot access it or deliver their service. Gets the server down
and stops it from responding, which may cause a condition error
constantly.
6. DNS Spoofing -
This essentially uses the cache knowledge of an internet website or
domain that the user might have forgotten to keep up to date. It
then directs the data to a distinct malicious website.
7. Social Engineering -
Social engineering is an attempt to manipulate you to share personal
info, sometimes by impersonating a trustworthy supply.
8. Missing Security Patches -
Security tools will become outdated as a result of the hacking
 landscape advancement and need frequent updates to protect
against new threats.
9. Malware-Injection Devices -
Cyber-criminals will use hardware to sneak malware onto your pc.
You would have detected infected USB sticks which can allow
hackers remote access to your device when it is connected to your
pc.
10. Cracking Password -
Hackers will get your credentials through a technique known as
keylogging.
Techniques to Protect Yourself
1. First, you've to make sure that your personal information and
account details are kept private.
2. Install antivirus code for shielding from malicious activity.
3. Do not click on an unauthorized link and make sure to check any
data sent to you is from a legitimate source.
4. Always have updated software and do not use default configurations
on devices.
Effects and Impact of Hackers
There are many hazardous effects of hackers on our personal and
professional lives.
1. It leads to data breaches, it is the most harmful effect of hacking.
Unauthorized access to sensitive information, leads to identity theft
and privacy violations. This will also lead to many online frauds.
2. Increased security cost, surpassing company security parameters
means a weak security system and needs further improvements.
3. Loss of a company's reputations, exposing the customer's data in an
external environment is harmful to a company's reputation.
4. Damage in the system, and deleting the data from the company's
database will lead to exceptional rebuilding of the system from
scratch.
5. It leads to legal consequences like fines, legal fees, and regulatory
penalties resulting from non-compliance and negligence policies.
How to Prevent Hackers
There are many ways through which we can prevent hackers from
entering our database or accessing our files or folders.
1. Use a Strong password. We should avoid keeping passwords
like 11111111, 00000000, 123456789, qwertyui, dragon, a
that etc. Anything which can be easily guessed is not safe as
password. We can use capital letters along with small letters and
special characters (like @,#, $, & ).
2. Keep our software updated so it has the latest security measures.
Old computers are easily hacked due to their weak security
measures.
3. Backup data in case of data loss. In case of hackings like SQL
injection, we should always have backup data ready in case of data
loss.
 4. Educate users and inform them about the latest hacking trends so
that they can prepare themselves and not be a victims of phishing.
5. By using secure network configurations, such as VPNs, firewalls, and
intrusion detection systems, to safeguard network traffic.
Types of Hackers
Hacker is a person who is intensely interested in the mysterious workings
of any computer operating system. Hackers are most often programmers.
They gather advanced knowledge of operating systems and programming
languages and discover loopholes within systems and the reasons for
such loopholes. In this article, we will learn about all types of hackers, the
Difference between White, black and, grey hat hackers, ways to protect
against them.
What are The Three Main Types of Hackers?
White Hat Hackers
White hat hackers are the one who is authorized or certified hackers who
work for the government and organizations by performing penetration
testing and identifying loopholes in their cybersecurity. They also ensure
the protection from the malicious cyber crimes. They work under the rules
and regulations provided by the government, that’s why they are
called Ethical hackers or Cybersecurity experts.
Black Hat Hackers
They are often called Crackers. Black Hat Hackers can gain
unauthorized access to your system and destroy your vital data. The
method of attack they use common hacking practices they have learned
earlier. They are considered to be criminals and can be easily identified
because of their malicious actions.
Gray Hat Hackers
Gray hat hackers fall somewhere in the category between white hat and
black hat hackers. They are not legally authorized hackers. They work
with both good and bad intentions, they can use their skills for
personal gain. It all depends upon the hacker. If a gray hat hacker uses his
skill for his personal gains, he/she is considered as black hat hackers.
Other Types of Hackers
There are generally 7 types of Hackers, after the main 3 types,
they are:
 Script Kiddies: They are the most dangerous people in terms of
hackers. A Script kiddie is an unskilled person who uses scripts or
downloads tools available for hacking provided by other hackers.
They attempt to attack computer systems and networks and deface
websites. Their main purpose is to impress their friends and society.
Generally, Script Kiddies are juveniles who are unskilled about
hacking.
 Green Hat Hackers: They are also amateurs in the world of
hacking but they are bit different from script kiddies. They care
about hacking and strive to become full-blown hackers. They are
inspired by the hackers and ask them few questions about. While
hackers are answering their question they will listen to its novelty.
  Blue Hat Hackers: They are much like the white hat hackers, they
work for companies for security testing of their software right before
the product launch. Blue hat hackers are outsourced by the company
unlike white hat hackers which are employed by the (part of the)
company.
 Red Hat Hackers: They are also known as the eagle-eyed hackers.
Like white hat hackers, red hat hackers also aims to halt the black
hat hackers. There is a major difference in the way they operate.
They become ruthless while dealing with malware actions of the
black hat hackers. Red hat hacker will keep on attacking the hacker
aggressively that the hacker may know it as well have to replace the
whole system.
 State/Nation Sponsored Hackers: State or Nation sponsored
hackers are those who are appointed by the government to provide
them cybersecurity and to gain confidential information from other
countries to stay at the top or to avoid any kind of danger to the
country. They are highly paid government workers.
 Hacktivist: These are also called the online versions of the
activists. Hacktivist is a hacker or a group of anonymous hackers
who gain unauthorized access to government’s computer files and
networks for further social or political ends.
 Malicious Insider or Whistleblower: A malicious insider or a
whistleblower could be an employee of a company or a government
agency with a grudge or a strategic employee who becomes aware
of any illegal activities happening within the organization and can
blackmail the organization for his/her personal gain.
What’s the Difference Between White, Black, and Gray Hat
Hackers?
White hat hackers are ethical hackers who help improve cybersecurity by
identifying and fixing vulnerabilities in systems. They work with
organizations to enhance security measures and protect sensitive data.
Black hat hackers, on the other hand, engage in malicious activities for
personal gain, exploiting system weaknesses to steal, alter, or destroy
data. Gray hat hackers fall somewhere in between, as they may break
laws or ethical guidelines but do not have malicious intent. Understanding
the differences between white, black, and gray hat hackers is essential for
grasping the diverse landscape of hacking and the various motivations
behind these activities. By recognizing these distinctions, organizations
can better address security challenges and foster a safer digital
environment.
Ways to Protect Against Hackers
Protecting against hackers involves implementing various cybersecurity
measures to safeguard your data and systems.
 Regularly updating software and operating systems ensures that
security patches are applied to fix vulnerabilities.
 Using strong, unique passwords for different accounts and
enabling two-factor authentication adds an extra layer of security.
  Installing and maintaining reliable antivirus software helps detect
and remove malware.
 Educating employees and users about phishing and social
engineering tactics can prevent successful attacks.
 Additionally, securing networks with firewalls
and encryption protects sensitive information from unauthorized
access.
By adopting these practices, individuals and organizations can
significantly reduce the risk of hacking and enhance their overall
cybersecurity posture.
What is Cyber Crime?
Cybercrime refers to illegal activities involving computers,
networks, or the internet as a tool to commit offenses. These crimes
include:
 Identity Theft – Stealing personal information to commit fraud.
 Financial Fraud – Online scams, fake transactions, and credit card
fraud.
 Cyberbullying – Harassment or threats through digital platforms.
 Phishing Attacks – Deceptive emails or websites tricking users into
revealing sensitive data.
 Hacking – Unauthorized access to systems and data breaches.
 Malware Attacks – Spreading viruses, ransomware, and trojans to
damage or steal data.
Cybercriminals target individuals, businesses, and even government
systems, leading to significant financial losses, data breaches, and
security threats.
As the internet becomes an essential part of daily life, from online
shopping to business operations and communication, cybercrime cases
have surged globally. Criminals exploit system vulnerabilities to steal
personal data, manipulate financial transactions, and disrupt critical
services
It’s very important to know and protect ourself against the cyber crime.
We can avoid these by use of secure
networks, frequent updating of software, and not to engage in activities
that may appear suspicious online. Cybercrime, especially through the
Internet, has grown as the computer has become central to every field
like commerce, entertainment, and government. Cybercrime may
endanger a person or a nation security and financial health.
Types of Cyber Crime
Cybercrime includes a wide range of illegal activities that exploit
computers, networks, and the internet. These crimes can be categorized
into two main types:
1. Cyber Crimes Targeting Computer Networks or Devices
These crimes involve direct attacks on computers, servers, or
digital infrastructure to steal data, cause disruption, or damage
systems. It involves different threats like- viruses, bugs, etc. and (DoS)
denial-of-service attacks.
  Malware Attacks: This kind of
cyber threat relates to malware viruses, worms, Trojans, etc. for inter
fering, damaging, or unauthorized access to computer systems.
For example, ransomware encrypts files and then later demands ransom
for decryption.
 Denial-of-Service (DoS) Attacks: Here, the attackers focus on a
system and flood it with high traffic, hence making it inaccessible to
the users. Another dangerous variant of DoS is DDoS, wherein many
compromised systems target one, thus, much difficult to defend
against.
For example, A DDoS attack crashes an e-commerce website by
overwhelming its server with traffic.
 Phishing Attacks: These are masqueraded e-mails or
messages claiming to
be from a formal web but only request that the user grant
access to sensitive information like password points for an account
or credit card numbers. Phishing can be described as an outstanding
one of the most common cyber threats.
For example, A fake PayPal login page that steals your credentials.
 Botnets (Zombie
Networks): A number of hijacked computers can become a
“botnet” of malware that can be used by an attacker for coordinated
attacks or spamming.
For example, Hackers use botnets to send millions of spam emails in a
single day.
 Exploits and Vulnerabilities: The typical area through which
cyber-thieves exploit software weakness is
the application or operating system vulnerability in order to access it
illegally.
For example, Exploiting an outdated banking app to steal user financial
details.
2. Crimes Using Computer Networks to Commit Other Criminal
Activities
These types of crimes include cyberstalking, financial fraud, or identity
thief.
 Cyberstalking: This is considered as that crime in the nature of
threatening or frightening a person on-line and spreading fear and
emotional distress. This can be termed as involving threats, constant
monitoring, or receiving repeated unwanted messages.
For example, Sending threatening messages to a person via email or
social media.
 Financial Fraud: This is an example of a cybercrook manipulating
the victim online to proceed with stealing money, such as fake
investment opportunities, hacking a business email, and using
someone else’s credit card details.
For example, A fake online store that steals credit card details without
delivering products.
  Identity Theft: It is normally the identity of people whose
information is stolen with the intention of only acting like them
either to misuse their cash or money from their account or
even to do malicious reasons. It always lowers the credit score of the
victim and in the worst case scenario, misused the account/loan
financially with incorrect transactions.
For example, A hacker using stolen credentials to apply for credit
cards and loans.
 Online Harassment and Hate Crimes: When people use the
internet to discriminate against a particular person based on his or
her racial background, gender, religion, or whatever, which can
psychologically disturb the harassed person.
For example, Cyberbullying campaigns that target individuals based on
race, gender, or religion.
 Intellectual Property Theft: Intellectual property theft refers to
the theft of copyrighted content or business secrets through the
internet, thereby financially and competitively hurting individuals
and companies.
For example, A software company illegally using another firm’s source
code to create a competing product.
Also Read:
 Cyber Criminals and its types
Examples of Cyber Crime
Cybercrime includes a wide range of illegal activities that exploit the
internet, computer systems, and networks for financial, political, or
personal gain. Here are some of the most common cybercrime
examples:
1. Cyber Terrorism:
Cyber terrorism involves using the internet to carry out violent
threats, disrupt essential services, or spread fear among people.
Cyber terrorists target critical infrastructure, government systems,
or financial institutions to cause panic or damage.
Example: Hacking into power grids or communication networks to create
widespread disruption
2. Cyber Extortion (Ransomware Attackes):
Cyber extortion happens when hackers attack websites or computer
systems and demand money to stop the attacks. They threaten to keep
attacking unless they receive a large payment.
Example: A ransomware attack on a hospital system, blocking access to
patient records until a ransom is paid
3. Cyber Warfare:
Cyber warfare is when countries use computers and networks as part of
their battles. It includes both attacking and defending against cyber
threats, like hacking and spying.
Example: A government hacking another country’s defense networks to
steal classified information.
4. Internet Fraud:
This type of fraud occurs when someone tricks others on internet to steal
money or private information. It involves hiding or giving false
information to deceive people and covers many different illegal actions.
Example: A scam website pretending to sell products but stealing users’
payment details instead
5. Cyber Stalking and Online Harassement
Cyber stalking is a form of online harassment where someone sends
threatening messages or emails to a victim they know. If the stalker feels
it’s not working, they may also start following the victim in real life to
make their life more difficult.
Example: An ex-partner repeatedly sending threatening messages and
tracking a victim’s online activity
6. Financial Fraud:
Cybercriminals steal personal and financial data to commit fraud,
open fake bank accounts, or make unauthorized transactions. Phishing
attacks are one of the most common methods used to trick victims into
providing sensitive information.
Example: A phishing email pretending to be from a bank, asking users to
enter their login details on a fake website.
7. Cyber Espionage:
Cyber espionage refers to hacking into government agencies,
businesses, or corporations to steal confidential data or trade
secrets. It is often used by competitor businesses or state-
sponsored hackers.
Example: A company stealing another firm’s product designs through
hacking.
Challenges of Cyber Crime
 People are unaware of their cyber rights: The Cybercrime
usually happen with illiterate people around the world who are
unaware about their cyber rights implemented by the government of
that particular country.
 Anonymity: Those who Commit cyber crime are anonymous for us
so we cannot do anything to that person.
 Less numbers of case registered: Every country in the world
faces the challenge of cyber crime and the rate of cyber crime is
increasing day by day because the people who even don’t register a
case of cyber crime and this is major challenge for us as well as for
authorities as well.
 Mostly committed by well educated people: Committing a
cyber crime is not a cup of tea for every individual. The person who
commits cyber crime is a very technical person so he knows how to
commit the crime and not get caught by the authorities.
 No harsh punishment: In Cyber crime there is no harsh
punishment in every cases. But there is harsh punishment in some
cases like when somebody commits cyber terrorism in that case
there is harsh punishment for that individual. But in other cases
 there is no harsh punishment so this factor also gives
encouragement to that person who commits cyber crime.
Impact of Cyber Crimes
 Financial Losses: The fraud and theft can cause great losses not
only for the given organizations but for individuals also.
 Reputational Damage: Some people may realize that reputation
becomes an issue they may lose depending on the legal outcomes
resulting from lawsuits.
 Operational Disruption: As will be highlighted later, such an
occurrence leads to a shutdown and consequently a loss of
productivity.
 Legal Consequences: In the cases where clients have been
involved in some legal cases or even regulatory fines, they may
have to go through another phase of legal activities, clients have to
spend considerable amount of money on protecting their data.
What is Cyber Attack?
A cyber attack occurs when hackers try to penetrate computer systems
or networks with a personal agenda or some purpose to damage or steal
information by gaining unauthorized access to computer systems. It can
occur to anyone, either companies or government agencies, which can
then have stolen data and financial losses. Common forms of cyber
attacks include malware, which is harmful software like
viruses, ransomware, and phishing, where attackers send emails that
appear to be authentic but have malicious intent, to convince other users
to share sensitive information with them. Other forms are denial of
service, DoS, and MitM attacks, which intercept communications between
two parties. It is through this cyber knowledge of the threats that people
are protected in the sensitive information secured through digital security
by advanced technology these days.
Active Attacks
Active attacks are unauthorized actions that alter the system or data. In
an active attack, the attacker will directly interfere with the target to
damage or gain unauthorized access to computer systems and networks.
This is done by injecting hostile code into communications, masquerading
as another user, or altering data to get unauthorized access.
Types of active attacks are as follows:
1. Masquerade Attack
2. Modification of Messages
3. Repudiation
4. Replay Attack
5. Denial of Service (DoS) Attack
1. Masquerade Attack
Masquerade attacks are considered one type of cyber attack in which the
attacker disguises himself to pose as some other person and accesses
systems or data. It could either be impersonating a legal user or system
and demanding other users or systems to provide information with
sensitive content or access areas that are not supposed to be accessed
normally. This may even include behaving like an actual user or even
some component of the system with the intention of manipulating people
to give out their private information or allowing them into secured
locations.
There are several types of masquerading attacks, including:
 Username and Password Masquerade: In this masquerade
attack, a person uses either stolen or even forged credentials to
authenticate themselves as a valid user while gaining access to the
system or application.
 IP address masquerade: This is an attack where the IP address of
a malicious user is spoofed or forged such that the source from
which the system or the application is accessed appears to be
trusted.
 Website masquerade: A hacker creates a fake website that
resembles as a legitimate one in order to gain user information or
even download malware.
 Email masquerade: This is an e-mail masquerade attack through
which an attacker sends an apparently trusted source email so that
the recipient can mistakely share sensitive information or
download malware.
2. Modification of Messages
This is when someone changes parts of a message without permission, or
mixes up the order of messages, to cause trouble. Imagine someone
secretly changing a letter you sent, making it say something different.
This kind of attack breaks the trust in the information being sent. For
example, a message meaning “Allow JOHN to read confidential file X” is
modified as “Allow Smith to read confidential file X”.
3. Repudiation
Repudiation attacks are a type of cyber attack wherein some person does
something damaging online, such as a financial transaction or sends a
message one does not want to send, then denies having done it. Such
attacks can seriously hinder the ability to trace down the origin of the
attack or to identify who is responsible for a given action, making it tricky
to hold responsible the right person.
There are several types of repudiation attacks, including:
 Message repudiation attacks: In this attack, a message has been
sent by an attacker, but the attacker later denies the sending of the
message. This can be achieved either through spoofed or modified
headers or even by exploiting vulnerabilities in the messaging
system.
 Transaction repudiation attacks: Here, in this type of attack, a
transaction-for example, monetary transaction-is made, and at after
some time when the evidence regarding the same is being asked to
be give then the attacker denies ever performing that particular
transaction. This can be executed either by taking advantage of the
vulnerability in the transaction processing system or by the use of
stolen and forged credentials.
  Data repudiation attacks: In a data repudiation attack, data is
changed or deleted. Then an attacker will later pretend he has never
done this. This can be done by exploiting vulnerabilities in the data
storage system or by using stolen or falsified credentials.
4. Replay
It is a passive capturing of a message with an objective to transmit it for
the production of an authorized effect. Thus, in this type of attack, the
main objective of an attacker is saving a copy of the data that was
originally present on that particular network and later on uses it for
personal uses. Once the data gets corrupted or leaked it becomes an
insecure and unsafe tool for its users.
5. Denial of Service (DoS) Attack
Denial of Service (DoS) is a form of cybersecurity attack that involves
denying the intended users of the system or network access by flooding
traffic or requests. In this DoS attack, the attacker floods a target system
or network with traffic or requests in order to consume the available
resources such as bandwidth, CPU cycles, or memory and prevent
legitimate users from accessing them.
There are several types of DoS attacks, including:
 Flood attacks: Here, an attacker sends such a large number of
packets or requests to a system or network that it cannot handle
them all and the system gets crashed.
 Amplification attacks: In this category, the attacker increases the
power of an attack by utilizing another system or network to
increase traffic then directs it all into the target to boost the strength
of the attack.
To Prevent DoS attacks, organizations can implement several
measures, such as:
1. Using firewalls and intrusion detection systems to monitor network
traffic and block suspicious activity.
2. Limiting the number of requests or connections that can be made to
a system or network.
3. Using load balancers and distributed systems to distribute traffic
across multiple servers or networks.
4. Implementing network segmentation and access controls to limit the
impact of a DoS attack.
Passive Attacks
A Passive attack attempts to learn or make use of information from the
system but does not affect system resources. Passive Attacks are in the
nature of eavesdropping on or monitoring transmission. The goal of the
opponent is to obtain information that is being transmitted. Passive
attacks involve an attacker passively monitoring or collecting data
without altering or destroying it. Examples of passive attacks
include eavesdropping, where an attacker listens in on network traffic to
collect sensitive information, and sniffing, where an attacker captures and
analyzes data packets to steal sensitive information.
Types of Passive attacks are as follows:
 1. The Release of Message Content
2. Traffic Analysis
1. The Release of Message Content
Telephonic conversation, an electronic mail message, or a transferred file
may contain sensitive or confidential information. We would like to
prevent an opponent from learning the contents of these transmissions.

Passive attack
2. Traffic Analysis
Suppose that we had a way of masking (encryption) information, so that
the attacker even if captured the message could not extract any
information from the message.
The opponent could determine the location and identity of
communicating host and could observe the frequency and length of
messages being exchanged. This information might be useful in guessing
the nature of the communication that was taking place.
The most useful protection against traffic analysis is encryption of SIP
traffic. To do this, an attacker would have to access the SIP proxy (or its
call log) to determine who made the call.
What is Threat?
A cyber threat is a malicious act that seeks to steal or damage data or
discompose the digital network or system. Threats can also be defined as
the possibility of a successful cyber attack to get access to the sensitive
data of a system unethically. Examples of threats include computer
viruses, Denial of Service (DoS) attacks, data breaches, and even
sometimes dishonest employees.
Types of Threat
Threats could be of three types, which are as follows:
1. Intentional- Malware, phishing, and accessing someone's account
illegally, etc. are examples of intentional threats.
2. Unintentional- Unintentional threats are considered human errors,
for example, forgetting to update the firewall or the anti-virus could
make the system more vulnerable.
3. Natural- Natural disasters can also damage the data, they are
known as natural threats.
What is Vulnerability?
In cybersecurity, a vulnerability is a flaw in a system's design, security
procedures, internal controls, etc., that can be exploited by
cybercriminals. In some very rare cases, cyber vulnerabilities are created
as a result of cyberattacks, not because of network misconfigurations.
Even it can be caused if any employee anyhow downloads a virus or a
social engineering attack.
Types of Vulnerability
Vulnerabilities could be of many types, based on different criteria, some
of them are:
1. Network- Network vulnerability is caused when there are some
flaws in the network's hardware or software.
2. Operating system- When an operating system designer designs an
operating system with a policy that grants every program/user to
have full access to the computer, it allows viruses and malware to
make changes on behalf of the administrator.
3. Human- Users' negligence can cause vulnerabilities in the system.
4. Process- Specific process control can also cause vulnerabilities in
the system.
What is Risk?
Cyber risk is a potential consequence of the loss or damage of assets or
data caused by a cyber threat. Risk can never be completely removed,
but it can be managed to a level that satisfies an organization's tolerance
for risk. So, our target is not to have a risk-free system, but to keep the
risk as low as possible.
Cyber risks can be defined with this simple formula- Risk = Threat +
Vulnerability. Cyber risks are generally determined by examining the
threat actor and type of vulnerabilities that the system has.
Types of Risks
There are two types of cyber risks, which are as follows:
1. External- External cyber risks are those which come from outside an
organization, such as cyberattacks, phishing, ransomware, DDoS attacks,
etc.
2. Internal- Internal cyber risks come from insiders. These insiders could
have malicious intent or are just not be properly trained.
Real World Examples of Threat, Vulnerability and Risk in
Computer Network
Threats
1. The WannaCry Ransomware Attack in 2017 used flaws in Microsoft
Windows by encrypting data and demand ransom payments from
users.
2. Phishing Attacks, is the attack where the attacker uses email to
tricks users into disclosing their personal information that leads to
data breaches or financial loss.
3. A malicious code was inserted into SolarWinds Orion software by the
hackers that made it's supply chain security vulnerable.
Vulnerabilities
1. A bug in the OpenSSL cryptographic package allowed attackers to
access sensitive data from different sites using this package.
2. In 2018, critical vulnerabilities was found in modern processors
permitted unauthorized access to data stored in memory.
 3. A multiple zero-day vulnerabilities, together referred
as ProxyLogon, allowed attackers to inject malware in Microsoft
Exchange Server, which made it possible for the hackers to access
email accounts.
Risks
1. Target’s network, had some flaws which was exploited by external
attackers in 2013, allowing the attacker to steal credit card
information of millions of customers.
2. Due to a bug in Equifax’s web application, sensitive private
information of 147 million people was exposed.
3. In 2022, attackers obtained access to Okta's internal system that
highlighted the vulnerability in it's identity management system.
Difference Between Threat, Vulnerability, and Risk
Threat Vulnerability Risk

Take advantage
Known as the
of vulnerabilities
weakness in
in the system The potential for loss or
hardware, software,
and have the destruction of data is
or designs, which
potential to steal caused by cyber threats.
might allow cyber
and damage
threats to happen.
data.

Generally, can't
Can be controlled Can be controlled
be controlled

It may or may
Generally,
not be Always intentional
unintentional
intentional.

Reducing data transfers,

Vulnerability
downloading files from
management is a
reliable sources, updating
process of identifying
the software regularly,
Can be blocked the problems, then
hiring a professional
by managing the categorizing them,
cybersecurity team to
vulnerabilities prioritizing them, and
monitor data, developing an
resolving the
incident management plan,
vulnerabilities in that
etc. help to lower down the
order
possibility of cyber risks

Can be detected Can be detected by Can be detected by

by anti-virus penetration testing identifying mysterious
software and hardware and many emails, suspicious pop-ups,
Threat Vulnerability Risk

observing unusual password

threat detection vulnerability
activities, a slower than
logs scanners
normal network, etc
1. Threat
 A threat is any potential danger that can exploit a vulnerability to
breach system security.
 It can be intentional (e.g., hackers) or unintentional (e.g., natural
disasters).
 Example: A hacker trying to gain unauthorized access to a system.

2. Vulnerability
 A vulnerability is a weakness in the system that can be exploited by
a threat.
 It can exist in software, hardware, configuration, or user behavior.
 Example: Using outdated software or weak passwords.

3. Target of Evaluation (TOE)

 The TOE is the specific system, software, or component being tested
for security.
 It is the object of analysis in security certification and evaluations.
 Example: A web application being tested for SQL injection.

4. Attack
 An attack is a deliberate action taken by a threat to exploit a
vulnerability.
 Attacks can be active (modifying data) or passive (intercepting
data).
 Example: Launching a DDoS attack on a website.

5. Exploit
 An exploit is a tool, code, or method used to take advantage of a
vulnerability.
 It enables attackers to gain control, steal data, or cause disruption.
 Example: A script that performs a buffer overflow attack.
What is Ethical Hacking?
Ethical hacking involves the probing and testing of computer systems,
networks, and applications purposely to identify and make amends on
security vulnerabilities, an ethical hacker alias white-hat or pen tester, is
mandated with similar goals to enhance security within an organization.
The proactive approach of ethical hacking ensures the strength of
organizational defenses against cyberattacks, protection of sensitive
information, and compliance with security standards and regulations, this
understanding and subsequent simulation of techniques used
by cybercriminals make ethical hackers pivotal in maintaining a good
state of cybersecurity and the protection of digital assets.
For more details refer to the Ethical Hacking Tutorial
Key aspects of ethical hacking include:
 Reporting: Ethical hackers report back to the organization with the
results of the tests.
 Permission-Based: This permission becomes necessary to
differentiate their job from criminal hacking jobs
 Objective: The main goal is to find the holes before hostile
attackers can penetrate them. This includes discovering system,
application, and network vulnerabilities that an attacker could
exploit.
 Methodology: Ethical hackers perform these steps using a variety
of tools and techniques, similar to criminal hackers. It includes
scanning for vulnerabilities testing to break in, and accessing control
measures available.
Importance of Ethical Hacking
Ethical hacking contributes significantly to contemporary cybersecurity,
ethical hackers are able to identify and address vulnerabilities before they
are exploited by simulating the strategies and tactics utilized by
cybercriminals. This proactive methodology serves to:
 Enhance Security: Identify and address flaws to stop data
breaches and cyberattacks.
 Compliance: Meet security standards set by the industry and
regulatory requirements.
 Management of risk: Assess and reduce potential threats to the
assets of the organization
 Occurrence Reaction: Enhance the company's capacity to respond
to security incidents and recover from them.
Types of Ethical Hacking
Depending on the focus of the security testing, ethical hacking can be
broken down into a number of different categories:
 Hacking the network: involves testing the infrastructure of the
network in order to find flaws in the protocols, configurations, and
devices of the network
 Hacking Web Applications: Centers around distinguishing
shortcomings in web applications, for example, SQL injection or
cross-website prearranging (XSS) weaknesses
 Hacking the system: Targets working frameworks and
programming to find security defects that could be taken advantage
of.
 Social Designing: attempts to manipulate individuals into revealing
confidential information or performing actions that could
compromise security, putting the human element to the test.
 Hacking into wireless networks: involves identifying potential
dangers in wireless communications and evaluating the security of
wireless networks.
Types of Ethical Hackers
Ethical hacking is to scan vulnerabilities and to find potential threats on a
computer or network. An ethical hacker finds the weak points or loopholes
in a computer, web application or network and reports them to the
organization. So, let’s explore more about Ethical Hacking step-by-step.
These are various types of hackers:
 White Hat Hackers (Cyber-Security Hacker)
 Black Hat Hackers (Cracker)
 Gray Hat Hackers (Both)
 Blue Hat hackers
 Green Hat Hackers
 Red Hat Hackers.
Let's summarize them one by one.
1. White Hat Hackers: Here, we look for bugs and ethically report
them to the organization. We are authorized as a user to test for
bugs in a website or network and report it to them. White hat
hackers generally get all the needed information about the
application or network to test for, from the organization itself. They
use their skills to test it before the website goes live or attacked by
malicious hackers. To become a white hat hacker, you can earn a
bachelor's degree in computer science, information technology, or
cybersecurity. In addition, certifications such as Certified Ethical
Hacker (CEH) and Certified Information Systems Security
Professional (CISSP) are highly recommended.
2. Black Hat Hackers: Here, the organization doesn't allow the user
to test it. They unethically enter inside the website and steal data
from the admin panel or manipulate the data. They only focus on
themselves and the advantages they will get from the personal data
for personal financial gain. They can cause major damage to the
company by altering the functions which lead to the loss of the
company at a much higher extent. This can even lead you to
extreme consequences.
3. Grey Hat Hackers: They sometimes access to the data and violates
the law. But never have the same intention as Black hat hackers,
they often operate for the common good. The main difference is that
they exploit vulnerability publicly whereas white hat hackers do it
privately for the company. One criticism of Grey Hat hackers is that
their actions can still cause harm. Even if they do not steal or
damage data, their unauthorized access to computer systems can
still disrupt operations and cause financial losses for companies.
Additionally, there is always the risk that a Grey Hat hacker will
accidentally cause damage while attempting to identify
vulnerabilities.
4. Blue Hat hackers: They are much like the script kiddies, are
beginners in the field of hacking. If anyone makes angry a script
kiddie and he/she may take revenge, then they are considered as
the blue hat hackers. Blue Hat hackers payback to those who have
 challenged them or angry them. Like the Script Kiddies, Blue hat
hackers also have no desire to learn.
5. Green Hat hackers : They are also amateurs in the world of
hacking but they are bit different from script kiddies. They care
about hacking and strive to become full-blown hackers. They are
inspired by the hackers and ask them few questions about. While
hackers are answering their question they will listen to its novelty.
6. Red Hat Hackers: They are also known as the eagle-eyed hackers.
Like white hat hackers, red hat hackers also aims to halt the black
hat hackers. There is a major difference in the way they operate.
They become ruthless while dealing with malware actions of the
black hat hackers. Red hat hacker will keep on attacking the hacker
aggressively that the hacker may know it as well have to replace the
whole system.
Phases of Ethical Hacking
Ethical hacking typically involves the following key phases:
 Preparation and planning: Characterize the extent of the test,
acquire fundamental authorizations, and accumulate data about the
objective framework.
 Reconnaissance: Gather in-depth data about the target system,
including information about its network structure, IP addresses, and
potential security holes.
 Scanning: Scan the target system using a variety of tools and
methods to look for vulnerable services, open ports,
and vulnerabilities.
 Gaining Access: Attempt to gain access to the system by
mimicking potential real-world attacks by taking advantage of
identified vulnerabilities.
 Maintaining Access: Test the capacity to keep up with access
inside the framework and survey ingenuity components that could
be utilized by assailants.
 Reporting and Analysis: Produce a comprehensive report to the
organization, document findings, and offer suggestions for reducing
vulnerabilities.
Ethical hacking has advantages that go beyond just enhancing
security, They consist of:
 Preventing Data Breach: Organizations can avoid costly data
breaches by identifying vulnerabilities before attackers do.
 Protecting Private Information: safeguards vital data from
misuse and unauthorized access.
 Enhancing the System's Resilience: It makes applications and
systems stronger and more resistant to attacks.
 Developing Trust: Demonstrates a commitment to data
security and improves the company's reputation.
What is Hacktivism?
Hacktivism, a blend of the words “hacking” and “activism”, uses hacking
techniques for political or social causes. It’s a form of civil disobedience,
leveraging digital tools to protest or take direct action.
Hacktivists, the individuals involved in hacktivism, often work to promote
issues related to freedom of speech, human rights, or information ethics.
Hacktivism might employ methods such as website defacement or denial-
of-service (DoS) attacks to make statements or disrupt the operations of
the organization(s) they oppose. While the ethical implications are a topic
of debate, hacktivism is a new frontier in activism, showing digital
technologies’ impact on society.
Types of Hacktivism
There are various forms of hacktivism, each with distinct methods and
objectives. Let’s explore some of them:
1. Website defacement: This form of hacktivism involves altering the
appearance of a website to make a political statement or protest. It’s
like digital graffiti, displaying content that reflects the hacktivist’s
cause or message.
2. Denial-of-Service attacks (DoS): In a DoS attack, a website’s server
is overwhelmed with traffic, rendering it inaccessible to users. This
method disrupts operations and draws attention to the cause.
3. Data breaches: Hacktivists infiltrate systems to access and expose
confidential information. Their objective is often to reveal hidden
secrets or data, functioning as digital whistleblowing.
4. Redirection: Hacktivists manipulate website traffic to redirect users
to websites highlighting the issues they advocate for. This approach
helps them to reach a larger audience and spreads their message
more effectively.
5. Anonymous blogging: Hacktivists may engage in anonymous
blogging, providing a platform to share their views and raise
awareness about social or political issues.
6. Doxing: Hacktivists sometimes engage in doxing, which involves
publicly exposing private information about individuals or
organizations to harm their reputation or advance their cause.
7. Geobombing: Geobombing is a form of hacktivism where
geographical locations are targeted to create a visual impact. This
can be done by manipulating mapping services or changing the
names of places to reflect a specific message.
8. Website mirroring: Hacktivists may mirror websites to create copies
that preserve the content and make it accessible even if the original
website is taken down or blocked.
While these methods can raise awareness for social or political issues,
they often blur the line between activism and cybercrime, leading to
ongoing debates about their ethical and legal implications.
Hackers vs Hacktivists
While “hackers” and “hacktivists” are often used interchangeably, they
denote different entities with distinct motivations and methods.
Hackers, at their core, are individuals who are skilled in manipulating
computer systems. Not all hackers are malicious. The term can be broken
down into three categories: white, black, and gray hat hackers.
 White hat hackers are ethical hackers who use their skills to find and
fix vulnerabilities, typically working with organizations to secure
their systems.
 Black hat hackers exploit these vulnerabilities for personal gain,
often involving illegal activities.
 Gray hat hackers sit in the middle, conducting unsanctioned
operations, but usually without malicious intent.
Hacktivists represent a subset of hackers, primarily driven by political or
social motives rather than personal gain. They use their skills to advance
a cause, addressing issues they feel are ignored or mishandled.
Hacktivism operates in a gray area of ethics and legality. While the
intentions may be noble, the methods employed often involve
unauthorized access and can infringe upon laws.
In summary, while all hacktivists are hackers, not all hackers are
hacktivists. The key difference lies within their motivations and how they
apply their skills.
Famous Examples of Hacktivism Events
1. Operation Payback (2010): Operated by the hacktivist group
known as Anonymous, Operation Payback was a series of retaliatory
attacks against various major organizations involved in anti-piracy
operations. The operation gained significant attention when the
group targeted companies that withdrew support from WikiLeaks.
2. Arab Spring (2010-2012): The Arab Spring was a wave of anti-
government protests, uprisings, and armed rebellions that spread
across much of the Arab world. Hacktivists played a key role in this
movement, using their skills to bypass government censorship,
disseminate information, and coordinate protests.
3. Hacking Team Exposure (2015): A yet-unidentified hacktivist
leaked 400 gigabytes of data from Hacking Team, an Italian company
selling intrusion and surveillance capabilities to governments, law
enforcement agencies, and corporations. The leaked data exposed
the company’s controversial clients, which included oppressive
governments.
4. The Ashley Madison Data Breach (2015): A group known as The
Impact Team breached the system of Ashley Madison, a dating
website designed for extramarital affairs, leaking user data online.
While the action was illegal and caused harm to individuals, the
group claimed moral high ground, criticizing the company’s business
practices and user fraud.
5. Panama Papers (2016): An anonymous hacktivist leaked over 11.5
million documents from the Panamanian law firm Mossack Fonseca,
revealing how wealthy individuals worldwide used offshore firms to
evade taxes. The act was deemed a form of hacktivism due to its
political significance and the use of digital means to execute it.
What is Cyber Terrorism?
Digital terrorism is the act of utilizing online methods and strategies to
execute acts of violence. It usually pertains to attacks that are driven by
political or ideological beliefs, aiming at computer systems, networks, or
the structures that hold information. The objectives can vary from
interrupting services and acquiring confidential information to inflicting
physical harm or instilling fear.
Such instances could involve breaching essential systems like electricity
grids or transportation networks, initiating distributed denial-of-service
(DDoS) attacks to flood and shut down websites, or distributing viruses to
cause extensive harm. The motive behind digital terrorism is frequently to
generate disorder, tarnish reputations, or push forward political or
ideological goals.
Examples of Cyber Terrorism
Here are a few notable examples of cyber terrorism:
 Stuxnet (2010): A refined piece of malware that designated Iran's
atomic improvement offices. It was intended to cause actual harm to
rotators by controlling their velocities, eventually deferring Iran's
atomic program. This is viewed as perhaps the earliest case of a
digital assault causing actual harm.
 Ukraine Power Lattice Assault (2015 and 2016): In December
2015, a digital assault brought down pieces of Ukraine's power
network, causing far and wide power outages. This assault,
attributed to Russian-connected programmers, was huge for its
effect on the basic framework. A comparable assault happened in
December 2016, further showing the weakness of force lattices for
digital dangers.
 Sony Pictures Hack (2014): North Korean programmers went
after Sony Pictures because of the arrival of the film "The Meeting,"
which portrayed the imaginary death of North Korean pioneer Kim
Jong-un. The assault brought about delicate information, monetary
misfortunes, and critical disturbances to Sony's activities.
 WannaCry Ransomware Assault (2017): This
worldwide ransomware assault impacted a huge number of PCs
across 150 nations. The ransomware encoded documents on tainted
PCs and requested emancipate installments in Bitcoin. It upset basic
administrations, remembering medical services frameworks for the
UK.
 NotPetya Assault (2017): A digital assault at first masked as
ransomware, NotPetya principally designated Ukraine, yet in addition
impacted worldwide organizations. It spread quickly, causing critical
monetary harm and disturbance by encoding information and
overwriting Ace Boot records, rendering frameworks unusable.
 Saudi Aramco Digital Assault (2012): Programmers, accepted to
be connected to Iran, designated Saudi Aramco, one of the world's
biggest oil organizations. The assault included sending an infection
 that cleared information off of thousands of PCs, disturbing the
organization's tasks, and causing huge monetary harm.
How Big is The Threat of Cyber Terrorism?
The threat of cyber terrorism is significant and growing due to several
factors:
 Expanded Network: As additional frameworks and foundations
become interconnected through the Web and IoT (Web of Things),
the potential assault surface for digital psychological militants
grows. This interconnectedness builds on the weaknesses of basic
foundations like power networks, transportation frameworks, and
monetary organizations.
 Cutting-Edge Innovation: Advances in innovation and digital
capacities have made it simpler for aggressors to execute modern
assaults. Devices and procedures that were once accessible just to
state entertainers or profoundly talented programmers are presently
more open to a more extensive scope of noxious entertainers.
 Potential for Extreme Effect: Digital psychological warfare can
possibly hurt. Assaults on the basic foundation can prompt broad
interruptions of administrations, monetary misfortunes, and,
surprisingly, actual damage, assuming frameworks like influence
lattices or transportation networks are compromised.
 Namelessness and Attribution Difficulties: The obscurity of the
Web makes it hard to follow and credit assaults to explicit culprits or
gatherings. This confounds endeavors to forestall, answer, and
prevent digital illegal intimidation.
 Inspiration and Plan: Digital fear mongers might be propelled by
political, philosophical, or financial objectives. This expectation can
drive them to target prominent or high-influence frameworks to
boost their impact and harm.
 Developing Digital Abilities: Both state and non-state
entertainers are progressively putting resources into digital
capacities, including creating progressed malware, taking advantage
of weaknesses, and sending off facilitated assaults. This speculation
upgrades their capacity to successfully direct digital psychological
oppression.
 Absence of Readiness: Numerous associations and legislatures
are as yet fostering their digital guard systems and reaction
capacities. Insufficient readiness can leave frameworks more
helpless against assault and lessen the capacity to really answer.
How Businesses Can Defend Against Cyber Terrorism?
Businesses can take several steps to defend against cyber terrorism and
improve their overall cybersecurity posture:
 Carry out Vigorous Network safety Arrangements: Foster far
reaching online protection strategies that frame methodology for
safeguarding information, answering episodes, and keeping up with
security norms. Guarantee these arrangements are consistently
refreshed to address advancing dangers.
  Put Resources into Cutting Edge Security Innovations: Use
progressed network safety apparatuses, like firewalls, interruption
location frameworks (IDS), interruption anticipation frameworks
(IPS), and endpoint assurance arrangements. Execute encryption for
delicate information to shield it from unapproved access.
 Normal Security Preparing: Direct customary network protection
preparing and mindfulness programs for workers. Teach them about
phishing assaults, social designing, and safe internet based practices
to diminish the gamble of human mistake.
 Lead Standard Security Evaluations: Perform customary
weakness appraisals and entrance testing to recognize and address
expected shortcomings in your frameworks. Tending to these
weaknesses proactively can assist with forestalling effective
assaults.
 Keep Frameworks and Programming Refreshed: Routinely
update and fix working frameworks, applications, and firmware to
address known weaknesses. Mechanized fix the board can assist
with guaranteeing ideal updates.
Working
The cyber terrorism attacks work in the following ways:
 They use computer viruses, worms, spyware, and trojans to target
web servers and IT service stations. They want to attack military
utilities, air force stations, power supply stations to disrupt all the
services.
 They use a Denial of Service attack where the original verified user
cannot access the services for which he is authorized. This creates a
sense of fear among the people for important essential services like
medical emergencies.
 These attacks help cyber criminals to get unauthorized access to the
user's computer using hacking and then stealing that information to
fulfill their wrong purposes.
 Ransomware helps them to hold data and information by asking for
some ransom money from the victim and they even leak the private
data of the users if they don't get the desired amount.
 They mostly use phishing-based techniques to target users using
infected spam emails to steal the user's information and reveal that
identity to everyone.
 The most popular attack used in cyber terrorism is the APT
(Advanced persistent threat). They use complex penetrating network
models to hack into large-scale computer networks like in an
organization. They make themselves undetected in that organization
network and then they continuously steal information related to
military equipment, national defense information, etc.
Attacks
The cyber terrorism attacks are usually carried out as follows:
  Unauthorized Access: Attackers aim to disrupt and damage all the
means of access to the service. Instead, the hacker gains
unauthorized access to the important resources.
 Disruption: These attacks focus on disrupting public websites and
critical infrastructure resources to create fear within the society of
massive fatalities and commotion.
 Cyberespionage: The government usually carry out some spyware
operations on other government of other country related to military
equipment to gain an advantage over rival nations in terms of
military intelligence.
 Economic Failure: Cybercriminals want all the technical system
failures to cause a large-scale economic failure like crashing the
electricity or water systems for multiple days to create a panic of
these services within the society.
Prevention
We can prevent situations like cyber terrorism in the following ways:
 Government must regulate all cybercriminal activities and make
stricter rules regarding its violation. They must dedicate more
resources to deal with cyber threats.
 There must be more public education about these activities to the
general audience. This will help to create even fewer vulnerabilities
that the criminals take advantage of targeting the user's data. It
empowers the citizens to protect themselves from such kinds of
phishing and spyware attacks.
 We must use VPNs that help us to use private and protected network
setup that is difficult to crack into by hackers.
 Use strong passwords with a strong combination of alphabets,
strings, and numbers in them. Features like two-factor
authentication also play an important role in this thing.
 Don't open unknown links, URLs, websites, and spam emails that
may contain harmful infected files in it and it may harm the entire
computer system.
What is the Information Technology Act, 2000 (IT Act)?
The Information Technology Act, 2000, also known as the IT Act, was
passed by the Indian Parliament on 17th October 2000. It provides the
legal framework for electronic transactions, digital communication,
and cybercrimes in India. This law was designed to promote e-
governance, regulate online transactions, and protect against
cybercrimes.
The IT Act was modeled after the UNCITRAL Model Law on Electronic
Commerce 1996 (United Nations), which aimed to provide a framework
for international electronic commerce and digital transactions.
Main Purpose of the IT Act
The main goal of the IT Act is to promote secure digital
transactions, make cybercrimes easier to handle, and ensure e-
governance, and individual use the internet safely.
The Act has 94 sections and is divides into 13 chapters. The last few
sections focus on changes to India's older law, the Indian Penal Code,
1860.
Key Features of the IT Act
1. Digital Signatures: The IT Act grants legal
recognition to electronic signatures, ensuring that digital transactions
and contracts are legally valid, much like traditional handwritten
signatures.
2. Cybercrime Regulation: The Act defines and penalizes several
cybercrimes, such as hacking, identity theft, cyber terrorism,
and cyber stalking. It provides legal recourse for victims of cybercrimes.
3. Cyber Cafes: The IT Act defines a cyber cafe as any place where
internet access is provided for a fee to the public. Although the relevance
of cyber cafes has diminished in recent years, the Act still recognizes
them in its provisions.
4. Overriding Provisions: The Act also makes it clear that its rules are
above other laws, like the Copyright Act, 1957, meaning they don’t
interfere with the rights granted by other laws.
5. Regulation of Digital Media: With the Intermediary Guidelines and
Digital Media Ethics Code rules of 2021, the IT Act introduced a
framework to regulate social media platforms and digital news content,
including measures for addressing objectionable content and user data
privacy.
Important Sections and Their Penalties
The IT Act has different sections that deal with different cyber offenses.
Here's an overview of some important ones:
Section Offense Penalty

Compensation for
Section Unauthorized access or damage
damages to the system
43 to computer systems
owner

Section Up to 3 years in prison

Hacking a computer system
66 or ₹5 lakh fine or both

Section Up to 3 years in prison

Fraud and identity theft
66B, C, D or ₹1 lakh fine or both

Section Violation of privacy by Up to 3 years in prison

66E transmitting private images or ₹2 lakh fine or both

Cyber terrorism threatening

Section
India’s sovereignty, integrity, or Life imprisonment
66F
security
Section Offense Penalty

Section Publication of obscene content Up to 5 years in prison

67 online or ₹10 lakh fine or both
Note: These are the maximum penalties prescribed under the Act. The
actual penalty is determined by the courts, depending on the specifics of
the case.
Amendments and Updates to the IT Act
The IT Act has undergone multiple amendments to address emerging
technologies and new forms of cybercrimes. The Information
Technology (Intermediary Guidelines and Digital Media Ethics
Code) Rules, 2021 were introduced as a significant addition to the Act,
making online platforms more accountable for the content published by
users.
Important Updates:
 Section 66A (dealing with offensive online content) was struck
down by the Supreme Court of India in the case of Shreya
Singhal v. Union of India (2015), as it was
deemed unconstitutional.
 Intermediary Guidelines and Digital Media Ethics Code: These
rules now hold social media platforms, news portals, and digital
platforms accountable for offensive or harmful content shared by
users. They also provide users with greater control over their
personal data.
Email Spoofing:
The most common type of identity theft on the Internet is email spoofing.
Phishers, send emails to many addresses and pose as representatives of
banks, companies, and law enforcement agencies by using official logos
and headers. Links to dangerous or otherwise fraudulent websites, as well
as attachments loaded with malicious software, are included in the emails
they send.
Attackers may also utilize social engineering techniques to persuade the
target to voluntarily reveal information. Fake banking or digital wallet
websites are frequently created and linked to in emails. When an
unknowing victim clicks on that link, they are brought to a false site
where they must log in with their information, which is then forwarded to
the fake user behind the fake email.
Manual Detection Method:
 Even though the display name appears to be real, if it does not
match the "From" address, it is an indication of email spoofing.
 Mail is most likely fake if the "Reply-to" address does not match the
original sender's address or domain.
 Unexpected messages (such as a request for sensitive information or
an unwanted attachment) should be opened with caution or reported
 immediately to your IT department, even if the email appears to
come from a trustworthy source.
Preventive measures:
Implement additional checks like Sender Policy Framework, DomainKeys
Identified Mail, Domain-based Message Authentication Reporting &
Conformance, and Secure/Multipurpose Internet Mail Extensions.
What is Malware?
Malware is software that gets into the system without user consent to
steal the user’s private and confidential data, including bank details and
passwords. They also generate annoying pop-up ads and change system
settings. Malware includes computer viruses, worms, Trojan horses,
ransomware, spyware, and other malicious programs. Individuals and
organizations need to be aware of the different types of malware and take
steps to protect their systems, such as using antivirus software, keeping
software and systems up-to-date, and being cautious when opening email
attachments or downloading software from the internet.
What Does Malware Do?
Malware is designed to harm and exploit your computer or network. It can
steal sensitive information like passwords and credit card numbers,
disrupt your system’s operations, and even allow attackers to gain
unauthorized access to your device. Some types of malware, such as
ransomware, encrypt your files and demand payment to unlock them,
while spyware monitors your activities and sends the information back to
the attacker. Additionally, malware can spread to other devices on the
same network, making it a significant threat. Protecting your devices with
up-to-date antivirus software and being cautious about your open links
and attachments can help mitigate these risks.
Why Do Cybercriminals Use Malware?
 Cybercriminals use malware, including all forms of malicious
software including viruses, for various purposes.
 Using deception to induce a victim to provide personal information
for identity theft
 Theft of customer credit card information or other financial
information
 Taking over several computers and using them to launch denial-of-
service attacks against other networks
 Using infected computers to mine for cryptocurrencies like bitcoin.
Types of Malware
 Viruses - A Virus is a malicious executable code attached to another
executable file. The virus spreads when an infected file is passed
from system to system. Viruses can be harmless or they can modify
or delete data. Opening a file can trigger a virus. Once a program
virus is active, it will infect other programs on the computer.
Various types of viruses:
1. File Virus:
This type of virus infects the system by appending itself to the
end of a file. It changes the start of a program so that the control
 jumps to its code. After the execution of its code, the control
returns back to the main program. Its execution is not even
noticed. It is also called a Parasitic virus because it leaves no
file intact but also leaves the host functional.
2. Boot sector Virus:
It infects the boot sector of the system, executing every time
system is booted and before the operating system is loaded. It
infects other bootable media like floppy disks. These are also
known as memory viruses as they do not infect the file
systems.
3. Macro Virus:
Unlike most viruses which are written in a low-level language(like
C or assembly language), these are written in a high-level
language like Visual Basic. These viruses are triggered when a
program capable of executing a macro is run. For example, the
macro viruses can be contained in spreadsheet files.
4. Polymorphic Virus:
A virus signature is a pattern that can identify a virus(a series of
bytes that make up virus code). So in order to avoid detection by
antivirus a polymorphic virus changes each time it is installed.
The functionality of the virus remains the same but its signature is
changed.
5. Encrypted Virus:
In order to avoid detection by antivirus, this type of virus exists in
encrypted form. It carries a decryption algorithm along with it. So
the virus first decrypts and then executes.
6. Stealth Virus:
It is a very tricky virus as it changes the code that can be used to
detect it. Hence, the detection of viruses becomes very difficult.
For example, it can change the read system call such that
whenever the user asks to read a code modified by a virus, the
original form of code is shown rather than infected code.
7. Multipartite Virus:
This type of virus is able to infect multiple parts of a system
including the boot sector, memory, and files. This makes it difficult
to detect and contain.
8. Browser Hijacker:
As the name suggests this virus is coded to target the user's
browser and can alter the browser settings. It is also called the
browser redirect virus because it redirects your browser to other
malicious sites that can harm your computer system.
9. FAT Virus:
The File Allocation Table is the part of the disk used to store all
information about the location of files, available space , unusable
space etc.
This virus affects the FAT section and may damage crucial
information.
  Worms - Worms replicate themselves on the system, attaching
themselves to different files and looking for pathways between
computers, such as computer network that shares common file
storage areas. Worms usually slow down networks. A virus needs a
host program to run but worms can run by themselves. After
a worm affects a host, it is able to spread very quickly over the
network.
 Trojan horse - A Trojan horse is malware that carries out malicious
operations under the appearance of a desired operation such as
playing an online game. A Trojan horse varies from a virus because
the Trojan binds itself to non-executable files, such as image files,
and audio files.
Types of Malware
 Ransomware - Ransomware grasps a computer system or the data
it contains until the victim makes a payment. Ransomware encrypts
data in the computer with a key that is unknown to the user. The
user has to pay a ransom (price) to the criminals to retrieve data.
Once the amount is paid the victim can resume using his/her
system.
 Adware - It displays unwanted ads and pop-ups on the computer. It
comes along with software downloads and packages. It generates
revenue for the software distributer by displaying ads.
 Spyware - Its purpose is to steal private information from a
computer system for a third party. Spyware collects information and
sends it to the hacker.
 Logic Bombs - A logic bomb is a malicious program that uses a
trigger to activate the malicious code. The logic bomb remains non-
functioning until that trigger event happens. Once triggered, a logic
bomb implements a malicious code that causes harm to a computer.
Cybersecurity specialists recently discovered logic bombs that attack
and destroy the hardware components in a workstation or server
including the cooling fans, hard drives, and power supplies. The logic
bomb overdrives these devices until they overheat or fail.
 Rootkits - A rootkit modifies the OS to make a backdoor. Attackers
then use the backdoor to access the computer distantly. Most
rootkits take advantage of software vulnerabilities to modify system
files.
 Backdoors - A backdoor bypasses the usual authentication used to
access a system. The purpose of the backdoor is to grant cyber
criminals future access to the system even if the organization fixes
the original vulnerability used to attack the system.
 Keyloggers - Keylogger records everything the user types on
his/her computer system to obtain passwords and other sensitive
information and send them to the source of the keylogging program.
How To Know If Our Devices Are Infected With Malware?
 Performing poorly on the computer by execution.
  When your web browser directs you to a website you didn't intend to
visit, this is known as a browser redirect.
 Warnings about infections are frequently accompanied by offers to
buy a product to treat them.
 Having trouble starting or shutting down your computer.
 Persistent pop-up ads.
How To Protect From Malware?
 Update your operating system and software. Install updates as soon
as they become available because cybercriminals search for
vulnerabilities in out-of-date or outdated software.
 Never click on a popup's link. Simply click the "X" in the message's
upper corner to close it and leave the page that generated it.
 Don't install too many apps on your devices. Install only the apps
you believe you will regularly use and need.
 Be cautious when using the internet.
 Do not click on unidentified links. If a link seems suspicious, avoid
clicking it whether it comes from an email, social networking site, or
text message.
 Choose the websites you visit wisely. Use a safe search plug-in and
try to stick to well-known and reputable websites to avoid any that
might be malicious without your knowledge.
 Emails requesting personal information should be avoided. Do not
click a link in an email that appears to be from your bank and asks
you to do so in order to access your account or reset your password.
Log in immediately at your online banking website.
Advantages of Detecting and Removing Malware
 Improved Security: By detecting and removing malware,
individuals, and organizations can improve the security of their
systems and reduce the risk of future infections.
 Prevent Data Loss: Malware can cause data loss, and by removing
it, individuals and organizations can protect their important files and
information.
 Protect Reputation: Malware can cause harm to a company's
reputation, and by detecting and removing it, individuals and
organizations can protect their image and brand.
 Increased Productivity: Malware can slow down systems and
make them less efficient, and by removing it, individuals and
organizations can increase the productivity of their systems and
employees.
Disadvantages of Detecting and Removing Malware
 Time-Consuming: The process of detecting and removing malware
can be time-consuming and require specialized tools and expertise.
 Cost: Antivirus software and other tools required to detect and
remove malware can be expensive for individuals and organizations.
 False Positives: Malware detection and removal tools can
sometimes result in false positives, causing unnecessary alarm and
inconvenience.
  Difficulty: Malware is constantly evolving, and the process of
detecting and removing it can be challenging and require specialized
knowledge and expertise.
 Risk of Data Loss: Some malware removal tools can cause
unintended harm, resulting in data loss or system instability.
What is Antivirus Software?
Antivirus software (computer protection software) is a program(s) that is
created to search, detect, prevent and remove software viruses from your
system that can harm your system. Other harmful software such
as worms, adware, and other threats can also be detected and removed
via antivirus. This software is designed to be used as a proactive
approach to cyber security, preventing threats from entering your
computer and causing issues. Most antivirus software operates in the
background once installed, providing real-time protection against virus
attacks.
How Antivirus Works?
Antivirus software works by comparing your computer applications and
files to a database of known malware kinds. Because hackers are
continually creating and disseminating new viruses, they will also check
systems for the presence of new or undiscovered malware threats. The
antivirus checks files, programs, and applications going in and out of your
computer to its database to identify matches. Similar and identical
matches to the database are segregated, scanned, and eliminated.
How Antivirus Works?
Most Antivirus programs will employ these four types of detection
techniques:
 Signature detection is a method by which an antivirus keenly
scans files that are brought into a system to analyze more likely
hazardous files.
 Specific detection, which looks for known parts or types of
malware or patterns that are linked by a common codebase
 A genericthe detection is a type of detection that looks for known
parts or types of malware or patterns that are related to a common
codebase.
 Heuristic detection is a type of virus detection that looks for
unknown infections by spotting suspicious file structures.
To learn more about computer security threats, please see this article
Examples of Antivirus Software
The antivirus software is available in 2 types:
(i) Free: Free anti-virus software provides basic virus protection
(ii) Paid: commercial anti-virus software provides more extensive
protection.
Examples of Antivirus Software
The following are some commonly used antivirus software:
1. Bitdefender: Bitdefender Total Security is a comprehensive security
suite that protects against viruses and dangerous malware of all varieties.
This user-friendly antivirus software is compatible with all four major
operating systems and smart homes, and it also includes a free VPN with
a daily limit of 200MB, parental controls, camera protection, a password
manager, etc. This security suite is reasonably priced and will protect up
to five devices 24 hours a day, seven days a week.
2. AVAST: This is a free antivirus available. All you have to do to obtain
top-notch protection on your computer, emails, downloads, and instant
messages in the free version is register (for free) once a year. It includes a
sophisticated heuristics engine that enables it to detect viruses.
3. Panda: It can detect viruses, trojans, spyware, adware, worms, and
malware at the same level as other antiviruses do. It is different from
others because using this software, when you scan your computer, it
doesn't consume any of your computer's resources instead, it runs in the
cloud, allowing your machine to continue to function normally.
Benefits of Antivirus Software
 Spam and advertisements are blocked: Viruses exploit pop-up
advertising and spam websites as one of the most common ways to
infect your computer and destroy your files. Antivirus acts against
harmful virus-infected adverts and websites by denying them direct
access to your computer network.
 Virus protection and transmission prevention: It identifies any
possible infection and then attempts to eliminate it.
 Hackers and data thieves are thwarted: Antivirus do regular
checks to see if there are any hackers or hacking-related apps on the
network. As a result, antivirus offers complete security against
hackers.
 Protected against devices that can be detached: Antivirus
scans all removable devices for potential viruses, ensuring that no
viruses are transferred.
 To improve security from the toweb, restrict website
access: Antivirus restricts your online access in order to prevent you
from accessing unauthorized networks. This is done to ensure that
you only visit websites that are safe and non-harmful to your
computer.
 Password Protection: Using antivirus, you should consider using a
password manager for added security.
Disadvantages of Antivirus programs
 Slows down system's speed: When you use antivirus programs,
you're using a lot of resources like your RAM and hard drive. As a
result, the computer's overall speed may be significantly slowed.
 Popping up of Advertisements: Apart from commercial antivirus
applications, free antivirus must make money in some way. One
approach to attaining these is through advertising. Many times these
advertisements degrade the user experience by popping up every
time.
 Security Holes: When security flaws exist in the operating
system or networking software, the virus will be able to defeat
 antivirus protection. The antivirus software will be ineffective unless
the user takes steps to keep it updated.
 No customer care service: There will be no customer service
provided unless you pay for the premium version. If an issue arises,
the only method to solve it is to use forums and knowledge
resources.
What is a DOS Attack?
A DOS (Denial of Service) attack is a type of cyberattack where one
internet-connected computer floods a different computer with traffic
especially a server to instigate a crash. It always floods the server with
requests which will cause it to either crash or be unavailable to users of
the website in question. DOS attacks specifically appear when targeted at
a website, making the site unavailable and causing a major disruption of
online services.
Key Characteristics of a DOS Attack:
 Single Source: It is started from one system only as explained
above.
 Traffic Volume: The Turnover is high, however, it is a single point of
call Turnover.
 Traceability: As the attack originates from a particular system it is
traceable as compared to the case of the distributed one.
 Blockability: It is more easily blocked since ALL of the traffic comes
from one source as opposed to a DDOS attack.
Features to help mitigate these attacks:
 Network Segmentation: Segmenting the network can help
prevent a DoS attack from spreading throughout the entire network.
This limits the impact of an attack and helps to isolate the affected
systems.
 Implement Firewalls: Firewalls can help prevent DoS attacks by
blocking traffic from known malicious IP addresses or by limiting the
amount of traffic allowed from a single source.
 Use Intrusion Detection and Prevention Systems: Intrusion
Detection and Prevention Systems (IDS/IPS) can help to detect and
block DoS attacks by analyzing network traffic and blocking
malicious traffic.
 Limit Bandwidth: Implementing bandwidth limitations on incoming
traffic can help prevent a DoS attack from overwhelming the
network or server.
 Implement Content Delivery Network (CDN): A CDN can help to
distribute traffic and reduce the impact of a DoS attack by
distributing the load across multiple servers.
 Use Anti-Malware Software: Anti-malware software can help to
detect and prevent malware from being used in a DoS attack, such
as botnets.
 Perform Regular Network Scans: Regular network scans can help
identify vulnerabilities and misconfigurations that can be exploited in
 a DoS attack. Patching these vulnerabilities can prevent a DoS
attack from being successful.
 Develop a Response Plan: Having a DoS response plan in place
can help minimize the impact of an attack. This plan should include
steps for identifying the attack, isolating affected systems, and
restoring normal operations.
What is a DDOS Attack?
A DDOS Which is a short form of Distributed Denial of Service attack
works on similar lines as the DOS attack but is more complicated in that
the attack is launched with the help of several systems located in
different places. These systems, sometimes ge fringe computers or ‘bots,’
operate in parallel in the manner of amplifying the traffic volume to a
level much more difficult for the target to counter. An inherent advantage
of a distributed attack is that it is difficult to track the origin and,
therefore, put a stop to it.
Key Characteristics of a DDOS Attack
 Multiple Sources: The attack is initiated from the different
systems; at times, originated from different environments.
 Traffic Volume: It has multiple sources and the volume of traffic is
much higher and for this reason it is much more devastating.
 Difficulty in Tracing: This is because the attack is launched in
several instances of computers at different locations, hence it is
difficult to track its origin.
 Complexity in Blocking: It is even more challenging to block a
DDOS attack because the attack originates from many different
places.
Difference Between DoS and DDoS Attacks
DOS DDOS

DOS Stands for Denial of service DDOS Stands for Distributed Denial
attack. of service attack.

In Dos attack single system In DDoS multiple systems attacks

targets the victim system. the victims system..

Victim PC is loaded from the

Victim PC is loaded from the packet
packet of data sent from a single
of data sent from Multiple location.
location.

Dos attack is slower as compared DDoS attack is faster than Dos

to DDoS. Attack.

Can be blocked easily as only It is difficult to block this attack as

one system is used. multiple devices are sending
 DOS DDOS

packets and attacking from multiple

locations.

In DOS Attack only single device In DDoS attack, The volumeBots are
is used with DOS Attack tools. used to attack at the same time.

DOS Attacks are Easy to trace. DDOS Attacks are Difficult to trace.

Volume of traffic in the Dos DDoS attacks allow the attacker to

attack is less as compared to send massive volumes of traffic to
DDos. the victim network.

Types of DDOS Attacks are: 1.

Types of DOS Attacks are: 1.
Volumetric Attacks 2.
Buffer overflow attacks 2. Ping of
Fragmentation Attacks 3.
Death or ICMP flood 3. Teardrop
Application Layer Attacks 4.
Attack 4. Flooding Attack
Protocol Attack.
Intrusion Detection System (IDS)
Intrusion Detection System (IDS) observes network traffic for malicious
transactions and sends immediate alerts when it is observed. It is
software that checks a network or system for malicious activities or policy
violations. Each illegal activity or violation is often recorded either
centrally using an SIEM system or notified to an administration. IDS
monitors a network or system for malicious activity and protects a
computer network from unauthorized access from users, including
perhaps insiders. The intrusion detector learning task is to build a
predictive model (i.e. a classifier) capable of distinguishing between ‘bad
connections’ (intrusion/attacks) and ‘good (normal) connections’.
Common Methods of Intrusion
 Address Spoofing: Hiding the source of an attack by using fake or
unsecured proxy servers making it hard to identify the attacker.
 Fragmentation: Sending data in small pieces to slip past detection
systems.
 Pattern Evasion: Changing attack methods to avoid detection by
IDS systems that look for specific patterns.
 Coordinated Attack: Using multiple attackers or ports to scan a
network, confusing the IDS and making it hard to see what is
happening.
Working of Intrusion Detection System(IDS)
 An IDS (Intrusion Detection System) monitors the traffic on a
computer network to detect any suspicious activity.
  It analyzes the data flowing through the network to look for patterns
and signs of abnormal behavior.
 The IDS compares the network activity to a set of predefined rules
and patterns to identify any activity that might indicate an attack or
intrusion.
 If the IDS detects something that matches one of these rules or
patterns, it sends an alert to the system administrator.
 The system administrator can then investigate the alert and take
action to prevent any damage or further intrusion.
Classification of Intrusion Detection System(IDS)
Intrusion Detection System are classified into 5 types:
 Network Intrusion Detection System (NIDS): Network intrusion
detection systems (NIDS) are set up at a planned point within the
network to examine traffic from all devices on the network. It
performs an observation of passing traffic on the entire subnet and
matches the traffic that is passed on the subnets to the collection of
known attacks. Once an attack is identified or abnormal behavior is
observed, the alert can be sent to the administrator. An example of a
NIDS is installing it on the subnet where firewalls are located in order
to see if someone is trying to crack the firewall.
 Host Intrusion Detection System (HIDS): Host intrusion
detection systems (HIDS) run on independent hosts or devices on
the network. A HIDS monitors the incoming and outgoing packets
from the device only and will alert the administrator if suspicious or
malicious activity is detected. It takes a snapshot of existing system
files and compares it with the previous snapshot. If the analytical
system files were edited or deleted, an alert is sent to the
administrator to investigate. An example of HIDS usage can be seen
on mission-critical machines, which are not expected to change their
layout.
 Hybrid Intrusion Detection System: Hybrid intrusion detection
system is made by the combination of two or more approaches to
the intrusion detection system. In the hybrid intrusion detection
system, the host agent or system data is combined with network
information to develop a complete view of the network system. The
hybrid intrusion detection system is more effective in comparison to
the other intrusion detection system. Prelude is an example of
Hybrid IDS.
 Application Protocol-Based Intrusion Detection System
(APIDS): An application Protocol-based Intrusion Detection
System (APIDS) is a system or agent that generally resides within a
group of servers. It identifies the intrusions by monitoring and
interpreting the communication on application-specific protocols. For
example, this would monitor the SQL protocol explicitly to the
middleware as it transacts with the database in the web server.
 Protocol-Based Intrusion Detection System (PIDS): It
comprises a system or agent that would consistently reside at the
 front end of a server, controlling and interpreting the protocol
between a user/device and the server. It is trying to secure the web
server by regularly monitoring the HTTPS protocol stream and
accepting the related HTTP protocol. As HTTPS is unencrypted and
before instantly entering its web presentation layer then this system
would need to reside in this interface, between to use the HTTPS.
 Signature-Based Detection: Signature-based detection checks
network packets for known patterns linked to specific threats. A
signature-based IDS compares packets to a database of attack
signatures and raises an alert if a match is found. Regular updates
are needed to detect new threats, but unknown attacks without
signatures can bypass this system
Detection Method of IDS
 Signature-Based Method: Signature-based IDS detects the
attacks on the basis of the specific patterns such as the number of
bytes or a number of 1s or the number of 0s in the network traffic. It
also detects on the basis of the already known malicious instruction
sequence that is used by the malware. The detected patterns in the
IDS are known as signatures. Signature-based IDS can easily detect
the attacks whose pattern (signature) already exists in the system
but it is quite difficult to detect new malware attacks as their pattern
(signature) is not known.
 Anomaly-Based Method: Anomaly-based IDS was introduced to
detect unknown malware attacks as new malware is developed
rapidly. In anomaly-based IDS there is the use of machine learning to
create a trustful activity model and anything coming is compared
with that model and it is declared suspicious if it is not found in the
model. The machine learning-based method has a better-generalized
property in comparison to signature-based IDS as these models can
be trained according to the applications and hardware
configurations.
Why Are Intrusion Detection Systems (IDS) Important?
An Intrusion Detection System (IDS) adds extra protection to your
cybersecurity setup, making it very important. It works with your other
security tools to catch threats that get past your main defenses. So, if
your main system misses something, the IDS will alert you to the threat.
Benefits of IDS
 Detects Malicious Activity: IDS can detect any suspicious
activities and alert the system administrator before any significant
damage is done.
 Improves Network Performance: IDS can identify any
performance issues on the network, which can be addressed to
improve network performance.
 Compliance Requirements: IDS can help in meeting compliance
requirements by monitoring network activity and generating reports.
  Provides Insights: IDS generates valuable insights into network
traffic, which can be used to identify any weaknesses and improve
network security.
Disadvantages of IDS
 False Alarms: IDS can generate false positives, alerting on
harmless activities and causing unnecessary concern.
 Resource Intensive: It can use a lot of system resources,
potentially slowing down network performance.
 Requires Maintenance: Regular updates and tuning are needed to
keep the IDS effective, which can be time-consuming.
 Doesn't Prevent Attacks: IDS detects and alerts but doesn’t stop
attacks, so additional measures are still needed.
 Complex to Manage: Setting up and managing an IDS can be
complex and may require specialized knowledge.
Intrusion Prevention System (IPS)
Intrusion Prevention System is also known as Intrusion Detection and
Prevention System. It is a network security application that monitors
network or system activities for malicious activity. Major functions of
intrusion prevention systems are to identify malicious activity, collect
information about this activity, report it and attempt to block or stop it.
Intrusion prevention systems are contemplated as augmentation
of Intrusion Detection Systems (IDS) because both IPS and IDS operate
network traffic and system activities for malicious activity.
How Does an IPS Work?
An IPS works by analyzing network traffic in real-time and comparing it
against known attack patterns and signatures. When the system detects
suspicious traffic, it blocks it from entering the network.
Types of IPS
There are two main types of IPS:
1. Network-Based IPS: A Network-Based IPS is installed at the
network perimeter and monitors all traffic that enters and exits the
network.
2. Host-Based IPS: A Host-Based IPS is installed on individual hosts
and monitors the traffic that goes in and out of that host.
Why Do You Need an IPS?
An IPS is an essential tool for network security. Here are some reasons
why:
 Protection Against Known and Unknown Threats: An IPS can block
known threats and also detect and block unknown threats that
haven't been seen before.
 Real-Time Protection: An IPS can detect and block malicious traffic in
real-time, preventing attacks from doing any damage.
 Compliance Requirements: Many industries have regulations that
require the use of an IPS to protect sensitive information and prevent
data breaches.
  Cost-Effective: An IPS is a cost-effective way to protect your network
compared to the cost of dealing with the aftermath of a security
breach.
 Increased Network Visibility: An IPS provides increased network
visibility, allowing you to see what's happening on your network and
identify potential security risks.
Classification of Intrusion Prevention System (IPS):
1. Network-based intrusion prevention system (NIPS): It
monitors the entire network for suspicious traffic by analyzing
protocol activity.
2. Wireless intrusion prevention system (WIPS): It monitors a
wireless network for suspicious traffic by analyzing wireless
networking protocols.
3. Network behavior analysis (NBA): It examines network traffic to
identify threats that generate unusual traffic flows, such as
distributed denial of service attacks, specific forms of malware and
policy violations.
4. Host-based intrusion prevention system (HIPS): It is an inbuilt
software package which operates a single host for doubtful activity
by scanning events that occur within that host.

Snooping
Snooping, in a security context, is unauthorized access to another
person's or company's data. The practice is similar to eavesdropping but
is not necessarily limited to gaining access to data during its
transmission. Snooping can include casual observance of an e-mail that
appears on another's computer screen or watching what someone else is
typing. More sophisticated snooping uses software programs to remotely
monitor activity on a computer or network device.
Malicious hackerkeyloggers to monitor keystrokes, capture passwords and
login information, and to intercept e-mail and other private
communications and data transmissions. Corporations sometimes snoop
on employees legitimately to monitor their use of business computers
and track Internet usage; governments may snoop on individuals to
collect information and avert crime and terrorism.
Eavesdropping Attack In Detail
Eavesdropping attacks, also called sniffing or snooping attacks, are a
major concern regarding cyber security. Attackers exploit vulnerabilities
in communication channels to access confidential information, which can
include personal details, financial data, and proprietary business
information.
These kinds of attacks are the most successful. They don't raise any sort
of alert during transmission because they take advantage of unsecured
network communications to access data while it is being sent or received
by its user.
Types of Eavesdropping Attacks
 Passive Eavesdropping
  Active Eavesdropping
Passive Eavesdropping
In passive eavesdropping, the attacker silently moniters and picks up the
communication without changing or meddling with the data flow therefore
difficult to identify this kind of assault as it doesn’t cause any disturbance
in the network’s common behavior.
Active Eavesdropping
Active eavesdropping involves the attacker inserting themselves into the
communication channel, often by posing as a legitimate participant. This
type of attack can manipulate the data being transmitted, leading to
more severe consequences.
Aspect Active Eavesdropping Passive Eavesdropping

Involves the attacker silently

Involves the attacker actively
Definitio listening to the
inserting themselves into the
n communication without
communication channel.
interfering.

The attacker interacts with The attacker does not

Interacti
and can alter the interact with or alter the
on
communication. communication.

More likely to be detected

Detectio Harder to detect since there
due to the manipulation of
n is no alteration of data.
data.

Can lead to more severe Primarily involves data theft

Impact consequences, such as data without immediate
modification and fraud. disruption.

A hacker intercepting and A person quietly listening to

Exampl
altering messages between a confidential conversation
e
two parties in a chat. in a public place.
What Does Eavesdropping Mean For Your Business?
Eavesdropping attacks can have severe consequences for businesses,
including financial losses, reputational damage, and legal repercussions.
Confidential business information, customer data, and intellectual
property can be compromised, leading to competitive disadvantages and
loss of trust among clients and partners. This directly leads to the
violation of one of the fundamental roots of Information Security
Systems which is CIA triad.
Methods of Eavesdropping
 Packet Sniffing: The process of packet sniffing captures packets of
data while they are traversing a network. To analyze the intercepted
 packets and retrieve useful information like usernames and
passwords, cybercriminals employ dedicated software tools.
 Man-in-the-Middle (MitM) Attacks: An individual who arranges
and oversees the conversation between you and your friend could
follow all your messages without you knowing it. Interceptor may
listen in on your talks and change their contents at will, resulting
into information loss or even money loss.
 Wireless Eavesdropping: Wireless networks are particularly
vulnerable to eavesdropping due to the broadcast nature of wireless
signals. Attackers can intercept wireless communications using tools
like wireless sniffers and analyze the captured data. Using open or
public Wi-Fi can cause serious harm in this way.
 Pickup devices: They pick up sounds or images, from the attached
microphones and video cameras, and then the attackers can convert
them into an electrical format to eavesdrop on targets. Attackers
may also use mini amplifiers that help them in minimizing the
background noise.
 A Listening Post: When we put bugs on telephones to hear the
conversations taking place. It uses triggers that records when a
telephone is picked up to make or take a call and it is automatically
turned off when the call ends. Secure areas where these recordings
are monitored are known as listening posts. It can be anywhere, and
they have voice-activated equipment available to eavesdrop and
record every activity.
How to Prevent Eavesdropping Attacks
 Avoid using public Wi-fi networks.
 Use a virtual private network (VPN).
 Encrypting data ensures that even if it is intercepted, it remains
unreadable to unauthorized parties. Implementing strong encryption
protocols for all sensitive communications is a crucial step in
preventing eavesdropping attacks.
 Set strong passwords and change them frequently.
 Don't repeat passwords for every site you register in.
 Protect your pc with an antivirus and keep it updated.
 Use a personal firewall.
 Avoid clicking on shady or dodgy links.
 Educating employees about the risks of eavesdropping attacks and
promoting best practices for secure communication can help in
minimizing human errors that could lead to security breaches.
 Make sure your phone is using the latest version available of its
operating system.
 Download apps only from trusted sources like Android or Apple
stores.
 Military-grade encryption is a great way to defend against an
eavesdropping attack as it will take attackers around 500 billion
years to decode it.
Keyloggers
Keyloggers are built for the act of keystroke logging — creating records of
everything you type on a computer or mobile keyboard. These are used to
quietly monitor your computer activity while you use your devices as
normal. Keyloggers are used for legitimate purposes like feedback for
software development but can be misused by criminals to steal your data.
Keystroke Logging Definition
The concept of a keylogger breaks down into two definitions:
1. Keystroke logging: Record-keeping for every key pressed on your
keyboard.
2. Keylogger tools: Devices or programs used to log your keystrokes.
You’ll find use of keyloggers in everything from Microsoft products to your
own employer’s computers and servers. In some cases, your spouse may
have put a keylogger on your phone or laptop to confirm their suspicions
of infidelity. Worse cases have shown criminals to implant legitimate
websites, apps, and even USB drives with keylogger malware.
Whether for malicious intent or for legitimate uses, you should be aware
how keyloggers are affecting you. First, we’ll further define keystroke
logging before diving into how keyloggers work. Then you’ll be able to
better understand how to secure yourself from unwanted eyes.
How Keystroke Logging Works
Keystroke logging is an act of tracking and recording every keystroke
entry made on a computer, often without the permission or knowledge of
the user. A “keystroke” is just any interaction you make with a button on
your keyboard.
Keystrokes are how you “speak” to your computers. Each keystroke
transmits a signal that tells your computer programs what you want them
to do.
These commands may include:
 Length of the keypress
 Time of keypress
 Velocity of keypress
 Name of the key used
What does a Keylogger Do?
Keylogger tools can either be hardware or software meant to automate
the process of keystroke logging. These tools record the data sent by
every keystroke into a text file to be retrieved at a later time. Some tools
can record everything on your copy-cut-paste clipboard, calls, GPS data,
and even microphone or camera footage.
Keyloggers are a surveillance tool with legitimate uses for personal or
professional IT monitoring. Some of these uses enter an ethically
questionable grey area. However, other keylogger uses are explicitly
criminal.
Regardless of the use, keyloggers are often used without the user’s fully
aware consent and keyloggers are used under the assumption that users
should behave as normal.
Types of Keyloggers
Keylogger tools are mostly constructed for the same purpose. But they’ve
got important distinctions in terms of the methods they use and their
form factor.
Here are the two forms of keyloggers
1. Software keyloggers
2. Hardware keyloggers
Software Keyloggers
Software keyloggers are computer programs that install onto your
device’s hard drive. Common keylogger software types may include:
1. API-based keyloggers directly eavesdrop between the signals sent
from each keypress to the program you’re typing into. Application
programming interfaces (APIs) allow software developers and
hardware manufacturers to speak the same “language” and
integrate with each other. API keyloggers quietly intercept keyboard
APIs, logging each keystroke in a system file.
2. “Form grabbing”-based keyloggers eavesdrop all text entered
into website forms once you send it to the server. Data is recorded
locally before it is transmitted online to the web server.
3. Kernel-based keyloggers work their way into the system’s core
for admin-level permissions. These loggers can bypass and get
unrestricted access to everything entered in your system.
Hardware Keyloggers
Hardware keyloggers are physical components built-in or connected to
your device. Some hardware methods may be able to track keystrokes
without even being connected to your device. For brevity, we’ll include
the keyloggers you are most likely to fend against:
1. Keyboard hardware keyloggers can be placed in line with your
keyboard’s connection cable or built into the keyboard itself. This is
the most direct form of interception of your typing signals.
2. Hidden camera keyloggers may be placed in public spaces like
libraries to visually track keystrokes.
3. USB disk-loaded keyloggers can be a physical Trojan horse that
delivers the keystroke logger malware once connected to your
device.
Introduction of Firewall in Computer Network
A firewall is a network security device either hardware or software-based
which monitors all incoming and outgoing traffic and based on a defined
set of security rules it accepts, rejects, or drops that specific traffic. It acts
like a security guard that helps keep your digital world safe from
unwanted visitors and potential threats.
 Accept: allow the traffic
 Reject: block the traffic but reply with an “unreachable error”
 Drop: block the traffic with no reply
A firewall is a type of network security device that filters incoming and
outgoing network traffic with security policies that have previously been
set up inside an organization. A firewall is essentially the wall that
separates a private internal network from the open Internet at its very
basic level.
Need For Firewall
Before Firewalls, network security was performed by Access Control
Lists (ACLs) residing on routers. ACLs are rules that determine whether
network access should be granted or denied to specific IP address. But
ACLs cannot determine the nature of the packet it is blocking. Also, ACL
alone does not have the capacity to keep threats out of the network.
Hence, the Firewall was introduced. Connectivity to the Internet is no
longer optional for organizations. However, accessing the Internet
provides benefits to the organization; it also enables the outside world to
interact with the internal network of the organization. This creates a
threat to the organization. In order to secure the internal network from
unauthorized traffic, we need a Firewall.
Types of Firewall
Firewalls can be categorized based on their generation.
1. Packet Filtering Firewall
Packet filtering firewall is used to control network access by monitoring
outgoing and incoming packets and allowing them to pass or stop based
on source and destination IP address, protocols, and ports. It analyses
traffic at the transport protocol layer (but mainly uses first 3 layers).
Packet firewalls treat each packet in isolation. They have no ability to tell
whether a packet is part of an existing stream of traffic. Only It can allow
or deny the packets based on unique packet headers. Packet filtering
firewall maintains a filtering table that decides whether the packet will be
forwarded or discarded. From the given filtering table, the packets will be
filtered according to the following rules:
 Incoming packets from network 192.168.21.0 are blocked.
 Incoming packets destined for the internal TELNET server (port 23)
are blocked.
 Incoming packets destined for host 192.168.21.3 are blocked.
 All well-known services to the network 192.168.21.0 are allowed.
2. Stateful Inspection Firewall
Stateful firewalls (performs Stateful Packet Inspection) are able to
determine the connection state of packet, unlike Packet filtering firewall,
which makes it more efficient. It keeps track of the state of networks
connection travelling across it, such as TCP streams. So the filtering
decisions would not only be based on defined rules, but also on packet’s
history in the state table.
3. Application Layer Firewall
Application layer firewall can inspect and filter the packets on any OSI
layer, up to the application layer. It has the ability to block specific
content, also recognize when certain application and protocols
(like HTTP, FTP) are being misused. In other words, Application layer
firewalls are hosts that run proxy servers. A proxy firewall prevents the
direct connection between either side of the firewall, each packet has to
pass through the proxy.
4. Next Generation Firewalls (NGFW)
NGFW consists of Deep Packet Inspection, Application
Inspection, SSL/SSH inspection and many functionalities to protect the
network from these modern threats.
5. Circuit Level Gateway Firewall
This works as the Sessions layer of the OSI Model's . This allows for the
simultaneous setup of two Transmission Control Protocol (TCP)
connections. It can effortlessly allow data packets to flow without using
quite a lot of computing power. These firewalls are ineffective because
they do not inspect data packets; if malware is found in a data packet,
they will permit it to pass provided that TCP connections are established
properly.
6. Software Firewall
A software firewall is any firewall that is set up locally or on a cloud
server. When it comes to controlling the inflow and outflow of data
packets and limiting the number of networks that can be linked to a single
device, they may be the most advantageous. But the problem with
software firewall is they are time-consuming.
7. Hardware Firewall
They also go by the name "firewalls based on physical appliances." It
guarantees that the malicious data is halted before it reaches the network
endpoint that is in danger.
8. Cloud Firewall
These are software-based, cloud-deployed network devices. This cloud-
based firewall protects a private network from any unwanted access.
Unlike traditional firewalls, a cloud firewall filters data at the cloud level.
What Can Firewalls Protect Against?
 Infiltration by Malicious Actors: Firewalls can block suspicious
connections, preventing eavesdropping and advanced persistent
threats (APTs).
 Parental Controls: Parents can use firewalls to block their children
from accessing explicit web content.
 Workplace Web Browsing Restrictions: Employers can restrict
employees from using the company network to access certain
services and websites, like social media.
 Nationally Controlled Intranet: Governments can block access to
certain web content and services that conflict with national policies
or values.
By allowing network owners to set specific rules, firewalls offer
customizable protection for various scenarios, enhancing overall network
security.
Advantages of Using Firewall
 Protection From Unauthorized Access: Firewalls can be set up to
restrict incoming traffic from particular IP addresses or networks,
preventing hackers or other malicious actors from easily accessing a
network or system. Protection from unwanted access.
  Prevention of Malware and Other Threats: Malware and other
threat prevention: Firewalls can be set up to block traffic linked to
known malware or other security concerns, assisting in the defense
against these kinds of attacks.
 Control of Network Access: By limiting access to specified
individuals or groups for particular servers or applications, firewalls
can be used to restrict access to particular network resources or
services.
 Monitoring of Network Activity: Firewalls can be set up to record
and keep track of all network activity.
 Regulation Compliance: Many industries are bound by rules that
demand the usage of firewalls or other security measures.
 Network Segmentation: By using firewalls to split up a bigger
network into smaller subnets, the attack surface is reduced and the
security level is raised.
Disadvantages of Using Firewall
 Complexity: Setting up and keeping up a firewall can be time-
consuming and difficult, especially for bigger networks or companies
with a wide variety of users and devices.
 Limited Visibility: Firewalls may not be able to identify or stop
security risks that operate at other levels, such as the application or
endpoint level, because they can only observe and manage traffic at
the network level.
 False Sense of Security: Some businesses may place an excessive
amount of reliance on their firewall and disregard other crucial
security measures like endpoint security or intrusion detection
systems.
 Limited adaptability: Because firewalls are frequently rule-based,
they might not be able to respond to fresh security threats.
 Performance Impact: Network performance can be significantly
impacted by firewalls, particularly if they are set up to analyze or
manage a lot of traffic.
 Limited Scalability: Because firewalls are only able to secure one
network, businesses that have several networks must deploy many
firewalls, which can be expensive.
 Limited VPN support: Some firewalls might not allow
complex VPN features like split tunnelling, which could restrict the
experience of a remote worker.
 Cost: Purchasing many devices or add-on features for a firewall
system can be expensive, especially for businesses.
What are Bots, Botnets, and Zombies?
Cyber Security is a procedure and strategy associated with ensuring the
safety of sensitive information, computer frameworks, systems, and
programming applications from digital attacks. In this article we will see
Bot, Botnets and Zombies in detail.
Bots
Bots are automated software programs that conduct internet-based tasks.
They can be developed for a variety of objectives, both good and
bad. Search engines utilize good bots, such as web crawlers, to index web
pages. Malicious bots, on the other hand, are designed to do destructive
tasks such as propagating malware, stealing data, or initiating assaults.
Features
 Bots are automated software programs that can do activities without
the need for human involvement, saving time and effort.
 Efficiency: Bots can do jobs faster than humans, enhancing
efficiency in a variety of activities.
 Scalability: Bots can easily be expanded to do enormous volumes
of activities at the same time, making them ideal for repetitive or
high-volume processes.
 Accuracy: Bots are trained to execute tasks precisely, reducing
mistakes that can occur when humans are involved.
Advantages
 Increased Productivity: Bots may automate repetitive and
monotonous work, freeing up people to focus on more difficult and
strategic duties, resulting in increased overall productivity.
 Savings: By automating operations, bots can minimize labour costs
associated with manual execution, particularly for jobs that take a
long time or involve huge amounts of data.
 Time Efficiency: Bots can execute jobs significantly faster than
humans, allowing for speedier reaction times and increased
efficiency in a variety of processes.
 Bots conduct jobs consistently, adhering to present rules and
processes, and are not impacted by factors like as weariness or
emotions, which can lead to deviations in human execution.
Disadvantages
 Lack of Adaptability: Bots are programmed to do certain activities
according to predetermined rules. They may struggle with activities
that need adaptation or complicated decision-making in response to
changing conditions.
 Programming Dependence: Bots are constrained to the
capabilities and limits established during programming. Without
human interaction, they may be unable to manage unforeseen
events or tasks outside of their predefined scope.
 Bots have the potential to be used maliciously, such as
propagating malware, participating in fraudulent operations,
executing cyberattacks, and providing security hazards to persons
and organizations.
 Impersonal Interactions: Interacting with bots can often lack the
human touch and personalisation that clients need, thus harming
user experience and satisfaction.
Botnets
Botnets are infected computer networks, often known as zombies or bots.
These machines have been infected with malware, allowing a botmaster
to remotely control them. The botmaster has the ability to send orders to
the botnet and coordinate their activities for different nefarious activities.
Botnets are frequently used in distributed denial-of-service (DDoS)
assaults, spam email distribution, cryptocurrency mining, and other types
of cybercrime.
Features
 Botnets are controlled by a centralized command and control (C&C)
server or a botmaster. This enables the botmaster to send orders to
the whole botnet at the same time.
 Botnets may grow in size from a few hacked computers to millions of
infected devices throughout the world. This vast network gives
enormous power and resources for conducting coordinated strikes.
 Botnets are built to be durable and avoid discovery or disruption. To
make it difficult for security measures to detect and neutralise them,
they frequently use tactics like as encryption, peer-to-peer
communication, and frequent changes in C&C servers.
Advantages
 Botnets allow fraudsters to undertake coordinated assaults using a
large number of compromised devices. This gives them a lot of
computational power and bandwidth, which they may use to launch
distributed denial-of-service (DDoS) assaults, overwhelm target
servers, and disrupt internet services.
 Botnets may be used to send spam emails or to carry
out phishing campaigns. Botnets may produce and distribute a large
amount of malicious emails by sharing the workload over numerous
hacked machines, boosting the spread of malware, or duping victims
into disclosing critical information.
Disadvantages
 Botnets are mostly employed for nefarious purposes, inflicting harm
to individuals, businesses, and organizations. These actions range
from service disruption to financial losses, data breaches, and
privacy violations.
 Most jurisdictions make it unlawful to create, control, or use botnets.
If detected and punished, engaging in such actions can result in
serious legal repercussions, including fines and jail.
Zombies
Individual machines infected with malware and controlled by a botmaster
within a botnet are referred to as zombies in the context of cybersecurity.
These infected machines might have been hacked by visiting malicious
websites, opening infected email attachments, or falling prey to social
engineering assaults. When a computer is infected, it becomes a member
of the botnet and may be used to carry out harmful operations.
Features
 Compromised State: Computers that have been compromised by
malware, which often acquires control of the system without the
user's knowledge or agreement, are referred to as zombies.
  Remote Control: Once infected, zombies are placed under the
command and control of a botmaster, who may remotely manipulate
and use their resources for a variety of malevolent purposes.
 Unwanted Activities: Zombies can be used to perform distributed
denial-of-service (DDoS) assaults, disseminate malware or spam,
conduct phishing campaigns, and participate in botnet-driven
criminality.
 Silent Operation: Zombies frequently remain dormant or function
silently in the background, undetected by the user. This enables the
botmaster to maintain control of them discretely and carry out
destructive acts unnoticed.
Advantages
 Botnets may leverage the combined power of a large number of
hacked machines, allowing for more effective coordinated assaults.
 Botnets may quickly grow by infecting more machines, giving a
greater pool of resources for various cybercriminal actions.
 Botnets provide the botmaster with some anonymity because their
orders are routed across several infected machines, making it
difficult to pinpoint the source.
 Botnets can be built with redundant command and control (C&C)
infrastructure, allowing them to survive even if some nodes are
destroyed or hacked.
Disadvantages
 Botnet construction, control, and usage are all unlawful. Botnet-
related acts can result in serious legal penalties.
 Botnets are typically used for nefarious purposes, such as initiating
DDoS attacks, spreading malware, stealing personal information, or
sending spam emails, all of which cause harm to persons,
organisations, and networks.
 Infected systems within a botnet endure diminished performance as
a result of the botnet's increased processing and network resources.
This can cause system slowdowns, instability, and hardware
damage.
 Botnets represent substantial security dangers to people and
organisations alike. They can exploit computer weaknesses, resulting
in data breaches, financial loss, and reputational harm.
Difference between Bots, Botnets, and Zombies
Point of Bots Botnets Zombies
Comparison
Definition Automated Networks of Malware infiltrated
software infected individual computers
programs computers
Purpose Perform Controlled by a A botmaster controls it
automatic central command remotely
chores, server
whether good
or bad.
Communica It is possible to Inter-botnet N/A - Avoid
tion communicate communication communicating within
with a a network.
command
server.
Infection Infected by Malware Infected by malware or
Method malware or infection, other techniques of
social followed by exploitation
engineering replication via
techniques self-propagation
or command and
control servers
Botmaster/ Controls and Controls and N/A - No central control
Bot Herder manages the commands the
bots botnet
Size Individual The number of Individual instances
instances people might within a botnet
range from a few
to millions.
Payload Spamming, Executes N/A - Typically part of a
Delivery DDoS attacks, coordinated botnet
data theft, and assaults,
more uses are spamming, data
possible. theft,
cryptocurrency
mining, and so
on.
Persistence It is possible Remains May remain on the
that it will connected to the system until removed.
remain on the botnet may.
system until it
is deleted.
Botnet Size Individual bot Can span N/A - A single infected
and Reach globally computer
Examples Web crawlers, Mirai, Zeus, Infected computers
chatbots Necurs, Emotet, used in DDoS attacks,
Conficker spamming, etc.
Top Security Risks in Web Applications
What is Cross Site Scripting (XSS) ?
Cross Site Scripting (XSS) is a vulnerability in a web application that
allows a third party to execute a script in the user's browser on behalf of
the web application. Cross-site Scripting is one of the most prevalent
vulnerabilities present on the web today. The exploitation of XSS against a
user can lead to various consequences such as account compromise,
account deletion, privilege escalation, malware infection and many
more.In its initial days, it was called CSS and it was not exactly what it is
today. Initially, it was discovered that a malicious website could utilize
JavaScript to read data from other website's responses by embedding
them in an iframe, run scripts and modify page contents. It was called
CSS (Cross Site Scripting) then. Depending on the context, there
are two types of XSS -
1. Reflected XSS: If the input has to be provided each time to
execute, such XSS is called reflected. These attacks are mostly
carried out by delivering a payload directly to the victim. Victim
requests a page with a request containing the payload and the
payload comes embedded in the response as a script. An example of
reflected XSS is XSS in the search field.
2. Stored XSS: When the response containing the payload is stored on
the server in such a way that the script gets executed on every visit
without submission of payload, then it is identified as stored XSS. An
example of stored XSS is XSS in the comment thread.
3. DOM based XSS : There is another type of XSS called DOM based
XSS and its instances are either reflected or stored. DOM-based XSS
arises when user-supplied data is provided to the DOM objects
without proper sanitizing.
What is SQL Injection?
SQL Injection (SQLi) is a security vulnerability that occurs when an
attacker is able to manipulate a web application's database queries by
inserting malicious SQL code into user input fields. These injected
queries can manipulate the underlying database to retrieve, modify,
or delete sensitive data. In some cases, attackers can even escalate
privileges, gaining full control over the database or server.
How Does SQL Injection Work?
SQL Injection typically works when a web application improperly validates
user input, allowing an attacker to inject malicious SQL code. For
example, if a web application takes user input (e.g., a username or
password) and directly inserts it into an SQL query without proper
sanitization, an attacker can manipulate the query to perform
unintended actions.
Types of SQL Injection
There are several types of SQL Injection attacks, each with different
methods of exploiting the vulnerability. These include:
1. In-band SQL Injection
In-band SQL Injection is the most common type, where the attacker
sends malicious SQL queries directly through the application interface.
This method allows attackers to extract sensitive information or
manipulate the database.
2. Error-based SQL Injection
This type of SQL injection exploits error messages generated by the
database. Attackers can use the information provided in error messages
to learn about the database structure and craft more sophisticated
attacks.
3. Blind SQL Injection
In blind SQL injection, the attacker does not receive error messages but
can infer information about the database by observing the behavior of the
application. The attacker uses boolean conditions to test various aspects
of the database.
4. Out-of-band SQL Injection
Out-of-band SQL injection relies on the attacker using a different
communication channel to exfiltrate data from the database. This type of
attack is less common but can be very effective.
The attacker might direct the database to send a DNS request or HTTP
request with the extracted data.
5. Time-based Blind SQL Injection
In this form of blind SQL injection, the attacker sends a query that causes
a time delay (e.g., using SLEEP), allowing them to infer whether the query
was true or false based on the response time.
Impact of SQL Injection Attacks
 Unauthorized access to sensitive data: Attackers can retrieve
personal, financial, or confidential information stored in the
database.
 Data integrity issues: Attackers can modify, delete, or corrupt
critical data, impacting the application's functionality.
 Privilege escalation: Attackers can bypass authentication
mechanisms and gain administrative privileges.
 Service downtime: SQL injection can overload the server, causing
performance degradation or system crashes.
 Reputation damage: A successful attack can severely harm the
reputation of an organization, leading to a loss of customer trust.
Detecting SQL Injection Vulnerabilities
To detect SQL injection vulnerabilities, consider the following:
 Input validation testing: Test inputs by inserting special
characters like --, ;, ', or " to see if they cause errors or unintended
behavior.
 Automated tools: Use tools like SQLMap, Burp Suite, or OWASP
ZAP to scan for vulnerabilities.
 Review source code: Inspect source code for insecure coding
practices such as concatenating user inputs directly into SQL
queries.
 Monitor error messages: Unexpected or detailed error messages
can indicate that the application is vulnerable.
 Penetration testing: Regularly perform penetration testing to
identify security gaps.
Preventing SQL Injection Attacks
There are several best practices to prevent SQL injection attacks:
1. Use Prepared Statements and Parameterized Queries
Prepared statements and parameterized queries ensure that user inputs
are treated as data rather than part of the SQL query. This approach
eliminates the risk of SQL injection.
2. Employ Stored Procedures
Stored procedures are predefined SQL queries stored in the database.
These procedures can help prevent SQL injection because they don't
dynamically construct SQL queries.
3. Whitelist Input Validation
Ensure that user inputs are validated before being used in SQL queries.
Only allow certain characters and patterns, such as alphanumeric input,
for fields like usernames or email addresses.
4. Use ORM Frameworks
Object-Relational Mapping (ORM) frameworks like Hibernate or Entity
Framework can help prevent SQL injection by automatically handling
query generation, preventing dynamic query construction.
5. Restrict Database Privileges
Grant the minimum required database permissions to users. Ensure that
applications can only perform necessary actions (e.g., SELECT, INSERT),
and restrict permissions like DROP TABLE or ALTER.
6. Error Handling
Configure the database and application to not display detailed error
messages to the user. Instead, log errors internally and display generic
error messages to end users.
What is Drive By Download?
A drive-by download is a cyber-attack that unintentionally downloads
malicious code onto a computer or mobile device that exposes the users
to different threats and could be used to conduct one or more of the
following things:
 Configure IoT devices like PCs and other tech.
 Analyzes all activity and traffic, both inbound and outbound.
 Destroys, alters, or renders your device inoperable.
The user doesn't have to click on anything, press download, or open a
malicious email attachment to become infected. These types of attacks
can take advantage of an app, operating system, or web browser that
contains security flaws due to a lack of updates or unsuccessful updates.
Command Injection Vulnerability and Mitigation
Command injection is basically injection of operating system commands
to be executed through a web-app. The purpose of the command injection
attack is to inject and execute commands specified by the attacker in the
vulnerable application. In situation like this, the application, which
executes unwanted system commands, is like a pseudo system shell, and
the attacker may use it as an authorized system user. However,
commands are executed with the same privileges and environment as the
web application has. Command injection attacks are possible due to lack
of correct input data validation, which can be manipulated by the attacker
(forms, cookies, HTTP headers etc.). There is a variant of the Code
Injection attack. In code injection, the attacker adds his own code to the
existing code. Injected code is executed with the same privileges and
environment as the application has. An OS command injection attack
occurs when an attacker attempts to execute system level commands
through a vulnerable application.
What is buffer overflow?
Buffer overflow is an anomaly that occurs when software writing data to a
buffer overflows the buffer’s capacity, resulting in adjacent memory
locations being overwritten. In other words, too much information is being
passed into a container that does not have enough space, and that
information ends up replacing data in adjacent containers.
Buffer overflows can be exploited by attackers with a goal of modifying a
computer’s memory in order to undermine or take control of program
execution.
How to protect against buffer overflow attacks
Luckily, modern operating systems have runtime protections which help
mitigate buffer overflow attacks. Let’s explore 2 common protections that
help mitigate the risk of exploitation:
 Address space randomization - Randomly rearranges the address
space locations of key data areas of a process. Buffer overflow
attacks generally rely on knowing the exact location of important
executable code, randomization of address spaces makes that nearly
impossible.
 Data execution prevention - Marks certain areas of memory
either executable or non-executable, preventing an exploit from
running code found in a non-executable area.
Software developers can also take precautions against buffer overflow
vulnerabilities by writing in languages that have built-in protections or
using special security procedures in their code.
Despite precautions, new buffer overflow vulnerabilities continue to be
discovered by developers, sometimes in the wake of a successful
exploitation. When new vulnerabilities are discovered, engineers need to
patch the affected software and ensure that users of the software get
access to the patch.
What are the different types of buffer overflow attacks?
There are a number of different buffer overflow attacks which employ
different strategies and target different pieces of code. Below are a few of
the most well-known.
 Stack overflow attack - This is the most common type of buffer
overflow attack and involves overflowing a buffer on the call stack*.
 Heap overflow attack - This type of attack targets data in the
open memory pool known as the heap*.
 Integer overflow attack - In an integer overflow, an arithmetic
operation results in an integer (whole number) that is too large for
the integer type meant to store it; this can result in a buffer
overflow.
 Unicode overflow - A unicode overflow creates a buffer overflow by
inserting unicode characters into an input that expect ASCII
characters. (ASCII and unicode are encoding standards that let
computers represent text. For example the letter ‘a’ is represented
by the number 97 in ASCII. While ASCII codes only cover characters
from Western languages, unicode can create characters for almost
 every written language on earth. Because there are so many more
characters available in unicode, many unicode characters are larger
than the largest ASCII character.)
What is a Directory Traversal Attack?
Directory Traversal Attack is a kind of Brute-force attack which will give
potential access to restricted files and directories. This attack can also tell
the attacker about the directory structure of the web application. It is very
important to make web applications secure by giving protection to web
content & giving controlled access.
Working Methodology
The working of directory traversal attacks is quite simple. It basically
works with wordlist; wordlist means the words which are most ordinarily
used for critical or useful files and directories. Directory Traversal
basically traverses the webserver in the search of all the words defined in
the wordlist & reverts with HTTP Status codes which are basically
responses to URL requests sent by the webserver. A numeric code is
going to be returned which can show whether the file is present or there
might be chances the URL defined is wrong.
A wordlist is the foundation of such kind of attack but if an attacker puts
very common words in the wordlist or words that are used earlier, or
filenames are changed (that most usually happens) then it could result in
nothing. So, the wordlist should be organized properly to execute a
successful attack.
Working of Directory Traversal Attack
A Directory Traversal Attack typically works by exploiting a vulnerability in
a web application that allows an attacker to manipulate the input
parameters used by the application to access files and directories.
For example, let's say a web application allows users to download files by
specifying the file name in a URL parameter. If the application does not
properly validate and sanitize the input, an attacker can manipulate the
parameter to access files and directories that are outside of the web root
directory.
Here is an example URL that could be used in a Directory
Traversal Attack:
http://example.com/download.php?file=../../../../etc/passwd
In this example, the attacker is trying to access the /etc/passwd file,
which is typically only accessible by the root user. By using the "../"
notation to traverse up the directory structure, the attacker is able to
bypass any access controls and access the file.
Preventing a Directory Traversal Attack:
Preventing a Directory Traversal Attack requires proper input validation
and sanitization in web applications. This can be achieved by:
 Implementing proper input validation and sanitization to ensure that
user input is only used for its intended purpose.
 Avoiding the use of user input to specify file paths or directory
locations.
  Restricting file permissions to limit access to sensitive files and
directories.
 Using a web application firewall (WAF) to block requests that match
known Directory Traversal Attack patterns.
Directory Traversal Vulnerability
A directory traversal vulnerability is the effect of inadequate
filtering/validation of browser input from users. Directory Traversal
vulnerabilities are often located during a web server software/files or in
application code that's executed on the server. Directory Traversal
vulnerabilities can exist during a sort of programming language, including
Python, PHP, Apache, and more. Directory Traversal vulnerabilities are
often prevented using certain measures.A Directory Traversal Attack
typically works by exploiting a vulnerability in a web application that
allows an attacker to manipulate the input parameters used by the
application to access files and directories.
Tools used for Directory Traversal Attack
 DIRBUSTER: DirBuster is a Java application that offers a GUI
interface. It is used to find concealed files by brute-forcing files &
directories with the aim of gaining some valuable information that
could help in attacks. The effectiveness of such a tool could be
determined by wordlist, the more effective the wordlist, the more
effective will be the tool.
 DIRB: It is a CLI (Command Line Interface) based web page Scanner
written in C language. DIRB works by launching a Dictionary-based
attack on a web server and as a result show hidden files &
Directories. It comes with preinstalled files & directories but if the
user wants, he can add his own list for search. DIRB is usually
utilized in Web Application testing or Auditing.
 GOBUSTER: GoBuster performs tasks very fast. GoBuster is a
Command Line Interface (CLI) based tool & has been developed in
Go Language. It doesn’t come preinstalled. GoBuster has 3 modes;
First is DNS mode which is used to find subdomain of a given
domain, second is DIR mode which is used to find hidden files &
directories, and Third is the VHOST mode which is used to discover
virtual hosts of server; Virtual hosts means sometimes one server
hosts many domains so GoBuster can find about them.
 Advantages
1. DirBuster provides a GUI interface, which is obviously very easy to
understand and use. DirBuster is often employed by anyone with no
hustle.
2. As compared to other Directory Brute-forcing tools, GoBuster is
extremely fast. GoBuster has been developed in the Go language &
This language is known for speed.
3. DIRB is very easy to use as it supports Command Line Interface,
User just has to type DIRB & then the URL in the prompt & That’s it.
So, it is not complicated.
 4. DIRB is the most used tool as a Directory-forcing tool. It is mostly
utilized in Web Application Testing or Auditing.
5. Before any attack, Information Gathering is a must. So, Directory
Traversal tools are mostly used to find details about files &
directories in a server.
Disadvantages
1. DirBuster provides a GUI interface which is a plus also a
disadvantage because it is straightforward to use but it's not
compatible with CLI (Command Line Interface) OS.
2. DIRB works very fast when a user is using a small wordlist. But if the
wordlist is sort of long, DIRB works very slow.
3. GoBuster doesn’t support traversing directories recursively which
suggests directories that are deep need scanning again.
4. In DirBuster when the user tries to increase the number of threads
for getting the results faster, it actually stops after getting 20
consecutive errors.
5. DIRB has one big disadvantage as Multithreading as it is sort of
helpful in directory brute-force tools but DIRB doesn’t support which
makes this tool very slow.
What is Phishing?
Phishing is a form of online fraud in which hackers attempt to get your
private information such as passwords, credit cards, or bank account
data. This is usually done by sending false emails or messages that
appear to be from trusted sources like banks or well-known websites.
They aim to convince you so that they can manage to have your
information and use it as a fraudster. Always ensure that you are certain
about whom you are dealing with before you provide any information.The
main motive of the attacker behind phishing is to gain confidential
information like:
 Password
 Credit card details
 Social security numbers
 Date of birth
How is Phishing Carried Out?
Below mentioned are the ways through which Phishing generally occurs.
Upon using any of the techniques mentioned below, the user can lead to
Phishing Attacks.
 Clicking on an unknown file or attachment: Here, the attacker
deliberately sends a mysterious file to the victim, as the victim
opens the file, either malware is injected into his system or it
prompts the user to enter confidential data.
 Using an open or free wifi hotspot: This is a very simple way to
get confidential information from the user by luring him by giving
him free wifi. The wifi owner can control the user's data without the
user knowing it.
 Responding to social media requests: This commonly includes
social engineering. Accepting unknown friend requests and then, by
 mistake, leaking secret data are the most common mistakes made
by naive users.
 Clicking on unauthenticated links or ads: Unauthenticated links
have been deliberately crafted that lead to a phished website that
tricks the user into typing confidential data.
Types of Phishing Attacks
 Email Phishing: The most common type where users are tricked
into clicking unverified spam emails and leaking secret data. Hackers
impersonate a legitimate identity and send emails to mass victims.
Generally, the goal of the attacker is to get personal details like bank
details, credit card numbers, user IDs, and passwords of any online
shopping website, installing malware, etc. After getting the personal
information, they use this information to steal money from the user's
account or harm the target system, etc.
 Spear Phishing: In spear phishing a phishing attack, a particular
user(organization or individual) is targeted. In this method, the
attacker first gets the full information of the target and then sends
malicious emails to his/her inbox to trap him into typing confidential
data. For example, the attacker targets someone(let's assume an
employee from the finance department of some organization). Then
the attacker pretends to be like the manager of that employee and
then requests personal information or transfers a large sum of
money. It is the most successful attack.
 Whaling: Whaling is just like spear-phishing but the main target is
the head of the company, like the CEO, CFO, etc. A pressurized email
is sent to such executives so that they don't have much time to
think, therefore falling prey to phishing.
 Smishing: In this type of phishing attack, the medium of phishing
attack is SMS. Smishing works similarly to email phishing. SMS texts
are sent to victims containing links to phished websites or invite the
victims to call a phone number or to contact the sender using the
given email. The victim is then invited to enter their personal
information like bank details, credit card information, user ID/
password, etc. Then using this information the attacker harms the
victim.
 Vishing: Vishing is also known as voice phishing. In this method, the
attacker calls the victim using modern caller ID spoofing to convince
the victim that the call is from a trusted source. Attackers also use
IVR to make it difficult for legal authorities to trace the attacker. It is
generally used to steal credit card numbers or confidential data from
the victim.
 Clone Phishing: Clone Phishing this type of phishing attack, the
attacker copies the email messages that were sent from a trusted
source and then alters the information by adding a link that redirects
the victim to a malicious or fake website. Now the attacker sends
this mail to a larger number of users and then waits to watch who
 clicks on the attachment that was sent in the email. It spreads
through the contacts of the user who has clicked on the attachment.
Impact of Phishing
 Financial Loss: Phishing attacks often target financial information,
such as credit card numbers and bank account login credentials. This
information can be used to steal money or make unauthorized
purchases, leading to significant financial losses.
 Identity Theft: Phishing attacks can also steal personal
information, such as Social Security numbers and date of birth,
which can be used to steal an individual's identity and cause long-
term harm.
 Damage to Reputation: Organizations that fall victim to phishing
attacks can suffer damage to their reputation, as customers and
clients may lose trust in the company's ability to protect their
information.
 Disruption to Business Operations: Phishing attacks can also
cause significant disruption to business operations, as employees
may have their email accounts or computers compromised, leading
to lost productivity and data.
 Spread of Malware: Phishing attacks often use attachments or
links to deliver malware, which can infect a victim's computer or
network and cause further harm.
Signs of Phishing
 Suspicious email addresses: Phishing emails often use fake email
addresses that appear to be from a trusted source, but are
controlled by the attacker. Check the email address carefully and
look for slight variations or misspellings that may indicate a fake
address.
 Urgent requests for personal information: Phishing attacks
often try to create a sense of urgency to trick victims into providing
personal information quickly. Be cautious of emails or messages that
ask for personal information and make sure to verify the authenticity
of the request before providing any information.
 Poor grammar and spelling: Phishing attacks are often created
quickly and carelessly, and may contain poor grammar and spelling
errors. These mistakes can indicate that the email or message is not
legitimate.
 Requests for sensitive information: Phishing attacks often try to
steal sensitive information, such as login credentials and financial
information. Be cautious of emails or messages that ask for sensitive
information and verify the authenticity of the request before
providing any information.
 Unusual links or attachments: Phishing attacks often use links or
attachments to deliver malware or redirect victims to fake websites.
Be cautious of links or attachments in emails or messages,
especially from unknown or untrusted sources.
  Strange URLs: Phishing attacks often use fake websites that look
similar to the real ones, but have slightly different URLs. Look for
strange URLs or slight variations in the URL that may indicate a fake
website.
How To Stay Protected Against Phishing?
 Authorized Source: Download software from authorized sources
only where you have trust.
 Confidentiality: Never share your private details with unknown
links and keep your data safe from hackers.
 Check URL: Always check the URL of websites to prevent any such
attack. it will help you not get trapped in Phishing Attacks.
 Avoid replying to suspicious things: If you receive an email from
a known source but that email looks suspicious, then contact the
source with a new email rather than using the reply option.
 Phishing Detection Tool: Use phishing-detecting tools to monitor
the websites that are crafted and contain unauthentic content.
 Try to avoid free wifi: Avoid using free Wifi, it will lead to threats
and Phishing.
 Keep your system updated: It's better to keep your system
always updated to protect from different types of Phishing Attacks.
 Keep the firewall of the system ON: Keeping ON
the firewalls helps you filter ambiguous and suspicious data and only
authenticated data will reach you.
How To Distinguish Between a Fake Website and a Real Website?
 Check the URL of the website: A good and legal website always
uses a secure medium to protect yourself from online threats. So,
when you first see a website link, always check the beginning of the
website. That means if a website is started with https:// then the
website is secure because https:// "s" denotes secure, which means
the website uses encryption to transfer data, protecting it from
hackers. If a website uses http:// then the website is not guaranteed
to be safe. So, it is advised not to visit HTTP websites as they are not
secure.
 Check the domain name of the website: The attackers generally
create a website whose address mimics large brands or companies
like www.amazon.com/order_id=23. If we look closely, we can see
that it's a fake website as the spelling of Amazon is wrong, that is
amazon is written. So it's a phished website. So be careful with such
types of websites.
 Look for site design: If you open a website from the link, then pay
attention to the design of the site. Although the attacker tries to
imitate the original one as much as possible, they still lack in some
places.
 Check for the available web pages: A fake website does not
contain the entire web pages that are present in the original website.
So when you encounter fake websites, then open the option(links)
 present on that website. If they only display a login page, then the
website is fake.
Anti-Phishing Tools
Well, it's essential to use Anti-Phishing tools to detect phishing attacks.
Here are some of the most popular and effective anti-phishing tools
available:
 Anti-Phishing Domain Advisor (APDA): A browser extension that
warns users when they visit a phishing website. It uses a database of
known phishing sites and provides real-time protection against new
threats.
 PhishTank: A community-driven website that collects and verifies
reports of phishing attacks. Users can submit phishing reports and
check the status of suspicious websites.
 Webroot Anti-Phishing: A browser extension that uses machine
learning algorithms to identify and block phishing websites. It
provides real-time protection and integrates with other security
tools.
 Malwarebytes Anti-Phishing: A security tool that protects against
phishing attacks by detecting and blocking suspicious websites. It
uses a combination of machine learning and signature-based
detection to provide real-time protection.
 Kaspersky Anti-Phishing: A browser extension that provides real-
time protection against phishing attacks. It uses a database of
known phishing sites and integrates with other security tools to
provide comprehensive protection.
How does Drive By Download Attack Work?
There are two main ways malicious drive by downloads get into the
device:
1. Authorized Downloads Without Knowing Full Implications
Authorized attacks happen when a website or software seller offers a
trustworthy program or application that is downloaded automatically
when a user visits the website or uses the product. Typically, the user is
alerted about the download and may be prompted to approve the
installation.
Authorized drive-by downloads are designed to be efficient and can often
be detected before an attack occurs. The process is as follows:
 Hacker creates a corrupt website, links, or Ads: The hacker
creates a delivery mechanism for malware, such as through online
messages, advertisements, or legitimate program downloads.
 User Interacts with delivery mechanism: The user interacts with
the delivery mechanism by clicking on a misleading link,
downloading software, or taking other actions.
 Malware installs on the device: The malware installs on the
user's device, either by failing to opt out of additional software or by
accessing a site infected with malware.
 Hacker gains access to the device: Once installed, the malware
can allow the hacker to gain unauthorized access to the user's data."
2. Unauthorized Downloads Without Any Notification
Unauthorized downloads (without any notification): Attacks described as
unauthorized drive-by downloads happen when hackers penetrate a
website and insert harmful code into its HTML or JavaScript files. The user
may not even be aware that something was downloaded onto their
machine if the site has been compromised in their absence. An
unauthorized drive by download operates in several stages, despite its
apparent simplicity, the process is as follows:
 Hacker infects a legitimate website: The hacker first
compromises a webpage by exploiting a security vulnerability and
inserting a malicious component.
 You trigger the component: When you visit the webpage, the
component detects any security weaknesses in your device.
 Component downloads the malware: The component then
downloads malware onto your device using the exploited security
vulnerabilities.
 Malware executes its task: The malware executes its task,
allowing the hacker to gain control, and interfere with or steal
information from your device.
Types of Drive By Download Attack
There are several types of drive-by-download attacks, including:
 Malicious Ads: Ads that contain malicious code can be displayed by
attackers who have gained access to ad networks. When a victim
visits a website where the ads are displayed, the ads may then
spread the infection to the victim's device.
 Exploit Kits: An intruder can use an exploit kit to take advantage of
a victim's device by gathering an inventory of software flaws,
Attackers can send exploit tools via email or a website that links to a
fake site.
 Watering hole threats: Attackers may gain access to an online
resource that is commonly used by a particular target market, and
site visitors who engage with it may unknowingly download malware
to their devices.
 Cross-site scripting (XSS) assaults: When a website is
compromised, malicious code is injected into it by attackers so that
it can run when a target accesses it.
 Phishing attacks: Attacks referred to as "phishing" entail tricking
victims into opening a file or clicking on a link that downloads
software. This may occur via email, social media, or other
communications services.
How to Avoid Drive-by Download Attacks?
The following are some measures to protect yourself from the risks
associated with drive-by download attacks: -
 Update your operating system and software with the most recent
security fixes, this will guarantee that any vulnerabilities are
patched.
 Install and use only legitimate Antivirus software.
  Make use of a safe browser, such as Microsoft Edge, Mozilla Firefox,
or Google Chrome. The built-in security features of these browsers
frequently guard against fraudulent websites and downloads.
 Install pop-up blockers in your browser and turn off automated
downloads to increase security. Always download files from trusted
and legitimate sites only.
 Employ a content filter to help find and block potentially hazardous
websites, such as Web of Trust or McAfee Site Advisor.
 Back up your crucial data and files frequently to a safe location or
cloud service. The backup of a successful assault will assist in
protecting against data loss.
Concept of Wireless Networking and Wireless Standards
📉 Concept of Wireless Networking
✅ Definition:
Wireless networking refers to the method of transmitting data and
information between devices without the use of physical wired
connections. Instead, devices use electromagnetic waves, typically radio
frequencies or infrared, to communicate over the air. This type of
networking is a key enabler for mobile computing and flexible
communication systems.
✅ How Wireless Networks Operate:
 Devices communicate using wireless signals transmitted through
antennas.
 Access points (APs) serve as hubs that relay data between the
wireless devices and the wired network (e.g., the internet).
 Common frequencies used include 2.4 GHz and 5 GHz, and more
recently 6 GHz.
✅ Types of Wireless Networks:
1. WLAN (Wireless Local Area Network):
o Typically uses Wi-Fi.
o Operates over small geographical areas like homes, offices,
schools.
o Provides high-speed internet access to multiple users.
2. WPAN (Wireless Personal Area Network):
o Covers a very small area, typically a few meters.
o Technologies: Bluetooth, Infrared (IR), ZigBee.
o Ideal for connecting personal devices like smartphones,
smartwatches, and headsets.
3. WMAN (Wireless Metropolitan Area Network):
o Covers a city or campus.
o Often used for public internet access like city-wide Wi-Fi or ISP
coverage.
o Example: WiMAX.
4. WWAN (Wireless Wide Area Network):
o Covers large geographical areas or even the globe.
o Uses mobile phone networks such as GSM, 3G, 4G, and 5G.
 o Commonly used for cellular communication and mobile
internet.
✅ Components of Wireless Networking:
 Wireless Access Point (WAP): Connects wireless devices to a
wired network.
 Router: Directs traffic within and outside the local network.
 Wireless NIC (Network Interface Card): Installed in devices to
enable wireless communication.
 Antenna: Enhances signal transmission and reception.
✅ Advantages:
 Supports mobility and remote access.
 Flexible and easy to deploy.
 Reduces physical infrastructure and cable clutter.
✅ Disadvantages:
 Susceptible to interference and signal degradation.
 Security risks such as unauthorized access.
 Typically slower and less stable than wired networks.
📦 Wireless Standards (IEEE 802.11 Family)
✅ Definition:
Wireless standards are a set of specifications that define how wireless
communication should function, ensuring that devices from different
manufacturers can communicate efficiently and securely. The most
common wireless standards for Wi-Fi are defined under the IEEE 802.11
family.
✅ Evolution of IEEE 802.11 Standards:
Stand Frequenc Max Rang
Key Features & Notes
ard y Band Speed e
802.1
2.4 GHz 2 Mbps Short First standard; obsolete today.
1
802.1 High speed, but lower range and
5 GHz 54 Mbps Short
1a more costly; limited adoption.
802.1 Affordable; more interference;
2.4 GHz 11 Mbps Longer
1b widely used in early 2000s.
802.1 Backward compatible with
2.4 GHz 54 Mbps Longer
1g 802.11b; better speed.
802.1 Up to 600 Mediu Introduced MIMO and channel
2.4/5 GHz
1n Mbps m bonding for better throughput.
802.1 Up to 1.3 Mediu Beamforming, wider channels,
5 GHz
1ac Gbps m used in modern routers.
802.1 2.4/5/6 Up to 9.6 Also known as Wi-Fi 6/6E; better
Long
1ax GHz Gbps performance in congested areas.
802.1 Estimated Known as Wi-Fi 7; ultra-low latency,
6 GHz High
1be 30 Gbps high throughput, future standard.
✅ Wi-Fi Generations:
Wi-Fi IEEE Introduction
Features
Name Standard Year
Wi-Fi 4 802.11n 2009 Dual band, MIMO support
Higher speeds, better
Wi-Fi 5 802.11ac 2014
streaming
High efficiency, OFDMA, MU-
Wi-Fi 6 802.11ax 2019
MIMO
Extension of Wi-Fi 6 with 6 GHz
Wi-Fi 6E 802.11ax 2020
band
Expected Higher bandwidth, ultra-low
Wi-Fi 7 802.11be
~2024 latency
✅ Wireless Security Protocols:
Proto Security
Description
col Level
Wired Equivalent Privacy; outdated,
WEP Low
insecure
Wi-Fi Protected Access; better than
WPA Medium
WEP
Strong encryption (AES); standard
WPA2 High
for years
Latest standard; stronger security &
WPA3 Very High
encryption

🔹 Common Terms Used in Wireless Networking

 WLAN (Wireless Local Area Network): A local network that uses
radio signals to connect devices instead of wires.
 Wireless: A broad term for any technology that enables
communication without physical connections.
 Wireless Access Point (WAP): A device that creates a wireless
LAN and acts as a bridge between wireless clients and a wired
network.
 Cellular: A wireless communication system used in mobile phones,
involving cell towers and mobile switching centers.
 Attenuation: The weakening of a signal as it travels through
distance or obstacles.
 Antenna: A component that emits or receives radio waves in
wireless communication.
 Microwave: A type of electromagnetic wave used for long-distance
line-of-sight communication, such as satellite or backhaul links.
 Jamming: The deliberate disruption of wireless signals, often used
in attacks or by accident from strong electromagnetic interference.
 SSID (Service Set Identifier): The unique name assigned to a
wireless network.
 Bluetooth: A WPAN technology for short-range communication
between devices like smartphones, headsets, and computers.
  Wi-Fi Hotspots: Physical locations where people can access Wi-Fi
networks, usually public or commercial.
What is Wi-Fi?
WiFi is a wireless technology that allows electronic devices to connect to
the internet and communicate with each other without a physical cable.
This uses radio waves to transmit the data between a WiFi router and
compatible devices like smartphones, computers, and smart home
gadgets. These WiFi networks are common in homes, offices, and public
spaces providing convenient internet access and local connectivity. This
technology has become an essential part of modern digital life enabling
wireless internet browsing, file sharing, and device communication in
various settings.
What is a Wireless Access Point?
The WAP means a wireless access point is the networking device that
allows WiFi-enabled devices to connect to the wired network. It acts as
the central hub broadcasting the Wi-Fi signal that devices can detect and
join. Access points are commonly used to extend the range of existing
networks, create separate network segments, or provide Wi-Fi
connectivity in large spaces like offices, schools or public areas. They can
be standalone devices or integrated into a router and they enable
multiple devices to access network resources and the internet wirelessly
within their coverage area.
Applications of Wi-Fi
 Using Wi-Fi we can access the internet in any Wi-Fi-capable device
wirelessly. We can stream or cast audio or video wirelessly on any
device using Wi-Fi for our entertainment.
 We can share files, data, etc between two or more computers or
mobile phones using Wi-Fi, and the speed of the data transfer rate is
also very high. Also, we can print any document using a Wi-Fi
printer, this is very much used nowadays.
 We can use Wi-Fi as HOTSPOTS also, it points Wireless Internet
access for a particular range of area. Using Hotspot the owner of the
main network connection can offer temporary network access to Wi-
Fi-capable devices so that the users can use the network without
knowing anything about the main network connection. Wi-Fi
adapters are mainly spreading radio signals using the owner network
connection to provide a hotspot.
 Using Wi-Fi or WLAN we can construct simple wireless connections
from one point to another, known as Point to point networks. This
can be useful to connect two locations that are difficult to reach by
wire, such as two buildings of corporate business.
 One more important application is VoWi-Fi, which is known as voice-
over Wi-Fi. Some years ago telecom companies are introduced VoLTE
(Voice over Long-Term Evolution ). Nowadays they are introduced to
VoWi-Fi, by which we can call anyone by using our home Wi-Fi
network, only one thing is that the mobile needs to connect with the
Wi-Fi. Then the voice is transferred using the Wi-Fi network instead of
 using the mobile SIM network, so the call quality is very good. Many
mobile phones are already getting the support of VoWi-Fi.
 In an office, all the computers are interconnected using Wi-Fi. For Wi-
Fi, there are no wiring complexities. Also, the speed of the network is
good. For Wi-Fi, a project can be presented to all the members at a
time in the form of an excel sheet, ppt, etc. For Wi-Fi, there is no
network loss as in cable due to cable break.
 Also using W-Fi a whole city can provide network connectivity by
deploying routers at a specific area to access the internet. Already
schools, colleges, and universities are providing networks using Wi-Fi
because of its flexibility. Wi-Fi is used as a positioning system also,
by which we can detect the positions of Wi-Fi hotspots to identify a
device location.
Types of Wi-Fi
Standard Year of Description
s Release
Wi-Fi-1 1999 This version has a link speed from
(802.11b 2Mb/s to 11 Mb/s over a 2.4 GHz
) frequency band
Wi-Fi-2 1999 After a month of release previous
(802.11a version, 802.11a was released and
) it provide up to 54 Mb/s link speed
over 5 GHz band
Wi-Fi-3 2003 In this version the speed was
(802.11g increased up to 54 to 108 Mb/s
) over 2.4 GHz
802.11i 2004 This is the same as 802.11g but
only the security mechanism was
increased in this version
802.11e 2004 This is also the same as 802.11g,
only Voice over Wireless LAN and
multimedia streaming are
involved
Wi-Fi-4 2009 This version supports both 2.4
(802.11n GHz and 5 GHz radio frequency
) and it offers up to 72 to 600 Mb/s
speed
Wi-Fi-5 2014 It supports a speed of 1733 Mb/s
(802.11a in the 5 GHz band
c)

Types of Wi-Fi Connections

LAN (Local Area Network)
A LAN operates within a limited area like an office building or home,
connecting various devices such as computers, printers, and storage
devices. It uses components like switches, routers, and cables, with Wi-Fi
being the most common wireless form of LAN. Think of it as a network
that serves a single location.
PAN (Personal Area Network)
A PAN is the smallest network type, centered around one person's devices
in a specific location, typically connecting personal gadgets like phones,
computers, and gaming consoles. Bluetooth is the most well-known
wireless PAN technology. These networks are perfect for personal use in
homes or small offices.
MAN (Metropolitan Area Network)
A MAN covers a larger geographical area than a LAN, typically spanning
across a city, college campus, or business complex. It's designed to
connect multiple locations within a metropolitan area, making it ideal for
organizations that need to manage systems across several buildings or
facilities.
WAN (Wide Area Network)
A WAN is the largest network type, covering vast geographical areas like
cities, countries, or even the entire globe - the Internet being the most
famous example. It can encompass multiple smaller networks like LAN
and MAN, and cellular networks are the most common type of wireless
WAN.
How does a Wi-Fi work?
Wi-Fi is a wireless technology for networking, so it uses Electromagnetic
waves to transmit networks. We know that there are many divisions of
Electromagnetic waves according to their frequency such as X-ray,
Gamma-ray, radio wave, microwave, etc, in Wi-Fi, the radio frequency is
used. For transmitting Wi-Fi signal there is three medium,
 Base Station Network or an Ethernet(802.3) Connection: It is
the main host network from where the network connection is
provided to the router.
 Access Point or Router: it is a bridge between a wired network
and a wireless network. It accepts a wired Ethernet connection and
converts the wired connection to a wireless connection and spreads
the connection as a radio wave.
 Accessing Devices: It is our mobile, computer, etc from where we
use the Wi-Fi and surfing internet.
Working of Wi-Fi
All the electronics devices read data in binary form, also router or our
devices, here routers provide radio waves and those waves are receive by
our devices and read the waves in binary form. We know how a wave
looks like a upper pick of the wave is known as a 1 and the lower pick of
the wave is known as the 0 in a binary as mentioned below :
 SSID (Service Set Identifier): This 32 character name that
identifies the Wi-Fi network and differentiates the one Wi-Fi from a
another Wi-Fi. All the devices are attempting to connect a
particular SSID. A SSID is the name of a wireless network.
 WPA-PSK (Wi-Fi Protected Access- Pre-Shared Key): The
program developed by Wi-Fi Alliance Authority to secure a wireless
 networks with a use of a Pre Shared Key authentication. The WPA
has a 3 types such as WPA, WPA2 and a WPA3. It is a way of
encrypting a Wi-Fi signal to protect from a unwanted users.
 Wi-Fi uses Ad-Hoc networks to transmit. It is a point-to-point network
without any interface.
Advantages of Wi-Fi
 The Wi-Fi allows easy cable-free connection to the internet from
multiple devices. Users can access the network from anywhere
within a range enhancing mobility and flexibility.
 The Wi-Fi networks eliminate the need for extensive cabling,
reducing installation and maintenance costs. It is particularly
beneficial for the businesses and a large spaces.
 The Wi-Fi networks can be easily expanded to a accommodate more
devices. Adding new devices does not require the additional
infrastructure making it more scalable for the growing needs.
Disadvantages of Wi-Fi
 The WiFi networks are vulnerable to a hacking and unauthorized
accesses if not secured. This can lead to the data breaches and a
privacy concerns for all the users.
 The Wi-Fi signals can be affected by the physical obstacles and a
interference from other devices. This can result in a slower speeds or
dropped connections especially at a greater distances from the
router.
 The Wi-Fi routers require a electricity to function. During the power
outages the network becomes inaccessible potentially disrupting the
important communications or work.
Types of Wireless Network Attacks
Wireless networks have undoubtedly revolutionized the way we
communicate and conduct business, offering unparalleled convenience
and mobility. However, with this freedom comes the lurking threat of
malicious attackers seeking to exploit the vulnerabilities inherent in
wireless technology. Here are some of the common types of wireless
network attacks:
1. Wireless Eavesdropping (Passive Attacks)
Attackers use tools like packet sniffers to intercept and monitor wireless
communications between devices. By capturing data packets transmitted
over the air, they can potentially obtain sensitive information, such as
login credentials, financial data, or personal information.
2. Wireless Spoofing (Man-in-the-Middle Attacks)
In these attacks, the attacker positions themselves between the wireless
client and the legitimate access point, intercepting and manipulating data
transmissions. The attacker may then relay the information back and
forth, making it appear as if they are the legitimate access point. This
enables them to snoop on data or perform other malicious actions
unnoticed.
3. Wireless Jamming (Denial-of-Service Attacks)
Attackers flood the wireless frequency spectrum with interference signals,
disrupting legitimate communications between devices and access points.
By creating excessive noise, they can render the wireless network
unusable for legitimate users.
4. Rogue Access Points
Attackers set up unauthorized access points, mimicking legitimate ones,
to deceive users into connecting to them. Once connected, the attacker
can eavesdrop, capture data, or launch further attacks on the
unsuspecting users.
5. Brute-Force Attacks
Attackers try various combinations of passwords or encryption keys in
rapid succession until they find the correct one to gain unauthorized
access to the wireless network.
6. WEP/WPA Cracking
Attackers exploit vulnerabilities in older wireless security protocols like
Wired Equivalent Privacy (WEP) and Wi-Fi Protected Access (WPA) to gain
unauthorized access to encrypted wireless networks.
7. Evil Twin Attacks
Attackers create fake access points with names similar to legitimate ones,
tricking users into connecting to the malicious network. Once connected,
the attacker can intercept sensitive data or execute further attacks.
8. Deauthentication/Disassociation Attacks
Attackers send forged deauthentication or disassociation frames to
wireless devices, forcing them to disconnect from the network, leading to
service disruptions or potential vulnerabilities when devices automatically
reconnect.
Preventing Wireless Network Attacks: Safeguarding Your Digital
Domain
Protecting your wireless network from potential threats is paramount, and
we have compiled a comprehensive list of preventive measures to ensure
your digital domain remains secure. Follow these essential tips to fortify
your wireless network against attacks:
1. Update your computer often
Regularly update your operating system and applications to ensure you
have the latest security patches and fixes. Timely updates help address
discovered vulnerabilities, making it harder for attackers to exploit known
weaknesses.
2. Use MAC filtering
Enable MAC filtering on your wireless router to control access to your
network. By specifying which devices are allowed to connect based on
their unique MAC addresses, you can prevent unauthorized access and
enhance your network’s security.
3.Disable SSID broadcasting
Turn off SSID broadcasting to make your wireless network invisible to
casual observers. This prevents your network from being easily
discoverable and adds an extra layer of obscurity for potential attackers.
4. Use WPA2 encryption
Utilize WPA2 encryption, the latest and most secure protocol, to
safeguard your data as it travels between devices and access points.
Encryption ensures that even if intercepted, your data remains
unintelligible to unauthorized entities.
5. Change the default SSID
Customize your router’s SSID to something unique and unrelated to
personal information. Avoid using common names like “Linksys” or
“default” to deter attackers from identifying and targeting your network.
6. Disable file sharing
Turn off file sharing on your network to prevent unauthorized users from
accessing your sensitive files. If file sharing is necessary, ensure you set
up secure passwords to limit access to approved users only.
7. Enable WEP encryption (only if using an older router)
If your router doesn’t support WPA2, use WEP encryption as a fallback
option. However, keep in mind that WEP is less secure than WPA2 and
should only be considered if absolutely necessary.
Wardriving
Wardriving is a hacking method and has its origins in the
movie WarGames, which starred actor Matthew Broderick. In the movie,
Broderick’s character dials every phone number in his local area to
discover all existing computers. That evolved into a process of mapping
access points, which involves attackers finding vulnerable or unsecured
Wi-Fi networks.
Wardriving was termed by computer security consultant Peter Shipley,
who developed software that can interact with portable Global Positioning
Systems (GPS).
How Wardriving Works
Wardriving involves attackers searching for wireless networks with
vulnerabilities while moving around an area in a moving vehicle. They use
hardware and software to discover unsecured Wi-Fi networks then gain
unauthorized access to the network by cracking passwords or decrypting
the router. The attacker then records vulnerable network locations on
digital maps, known as access point mapping, and may share that
information with third-party applications and websites.
This wardriving definition has several variations, depending on the mode
of transport the hacker uses: warbiking, warcycling, warrailing,
warjogging, and warwalking.
What is HTTP ?
HTTP (Hypertext Transfer Protocol) is a fundamental protocol of
the Internet, enabling the transfer of data between a client and a server.
It is the foundation of data communication for the World Wide Web.
HTTP provides a standard between a web browser and a web server to
establish communication. It is a set of rules for transferring data from one
computer to another. Data such as text, images, and other multimedia
files are shared on the World Wide Web. Whenever a web user opens their
web browser, the user indirectly uses HTTP. It is an application protocol
that is used for distributed, collaborative, hypermedia information
systems.
Methods of HTTP
 GET: Used to retrieve data from a specified resource. It should have
no side effects and is commonly used for fetching web pages,
images, etc.
 POST: Used to submit data to be processed by a specified resource.
It is suitable for form submissions, file uploads, and creating new
resources.
 PUT: Used to update or create a resource on the server. It replaces
the entire resource with the data provided in the request body.
 PATCH: Similar to PUT but used for partial modifications to a
resource. It updates specific fields of a resource rather than
replacing the entire resource.
 DELETE: Used to remove a specified resource from the server.
 HEAD: Similar to GET but retrieves only the response headers,
useful for checking resource properties without transferring the full
content.
 OPTIONS: Used to retrieve the communication options available for
a resource, including supported methods and headers.
 TRACE: Used for debugging purposes to echo the received request
back to the client, though it's rarely used due to security concerns.
 CONNECT: Used to establish a tunnel to the server through an HTTP
proxy, commonly used for SSL/TLS connections.
HTTP Request/Response:
HTTP is a request-response protocol, which means that for every request
sent by a client (typically a web browser), the server responds with a
corresponding response. The basic flow of an HTTP request-response
cycle is as follows:
 Client sends an HTTP request: The client (usually a web browser)
initiates the process by sending an HTTP request to the server. This
request includes a request method (GET, POST, PUT, DELETE, etc.),
the target URI (Uniform Resource Identifier, e.g., a URL), headers,
and an optional request body.
 Server processes the request: The server receives the request
and processes it based on the requested method and resource. This
may involve retrieving data from a database, executing server-side
scripts, or performing other operations.
 Server sends an HTTP response: After processing the request,
the server sends an HTTP response back to the client. The response
includes a status code (e.g., 200 OK, 404 Not Found), response
headers, and an optional response body containing the requested
data or content.
 Client processes the response: The client receives the server's
response and processes it accordingly. For example, if the response
contains an HTML page, the browser will render and display it. If it's
 an image or other media file, the browser will display or handle it
appropriately.
 Stateless: Each request is independent, and the server doesn't
retain previous interactions' information.
 Text-Based: Messages are in plain text, making them readable and
debuggable.
 Client-Server Model: Follows a client-server architecture for
requesting and serving resources.
 Request-Response: Operates on a request-response cycle
between clients and servers.
 Request Methods: Supports various methods like GET, POST, PUT,
DELETE for different actions on resources.
Advantages
 Platform independence: Works on any operating system
 Compatibility: Compatible with various protocols and technologies
 Efficiency: Optimized for performance
 Security: Supports encryption for secure data transfer
Disadvantages
 Lack of security: Vulnerable to attacks like man in the middle
 Performance issues: Can be slow for large data transfers
 Statelessness: Requires additional mechanisms for maintaining
state
Explain the Working of HTTPS
HTTPS stands for HyperText Transfer Protocol Secure. It is the most
common protocol for sending data between a web browser and a website.
HTTPS is the secure variant of HTTP and is used to communicate between
the user's browser and the website, ensuring that data transfer is
encrypted for added security.
Any website, especially those requiring login details, should use HTTPS.
You can see a padlock icon in the URL bar, which means the page is
secure. Browsers, like Google Chrome, treat HTTPS seriously and mark
non-HTTPS websites as "Not Secure."
How Does HTTPS Work?
HTTPS establishes the communication between the browser and the web
server. It uses the Secure Socket Layer (SSL) and Transport Layer
Security (TLS) protocol for establishing communication. The new version
of SSL is TLS(Transport Layer Security).
HTTPS uses the conventional HTTP protocol and adds a layer of SSL/TLS
over it. The workflow of HTTP and HTTPS remains the same, the browsers
and servers still communicate with each other using the HTTP protocol.
However, this is done over a secure SSL connection. The SSL connection
is responsible for the encryption and decryption of the data that is being
exchanged to ensure data safety.
Why HTTPS Matters and What Happens Without It?
HTTPS is important because it keeps the information on websites safe
from being easily viewed or stolen by anyone who might be spying on the
network. When a website uses regular HTTP, data is sent in small chunks
called packets that can easily be intercepted using free software. This
makes communication, especially over public Wi-Fi, very vulnerable to
attacks.
On the other hand, HTTPS encrypts the data, so even if someone
manages to intercept the packets, they will appear as random,
unreadable characters.
Secure Socket Layer (SSL)
The main responsibility of SSL is to ensure that the data transfer between
the communicating systems is secure and reliable. It is the standard
security technology that is used for encryption and decryption of data
during the transmission of requests.
As discussed earlier, HTTPS is basically the same old HTTP but with SSL.
For establishing a secure communication link between the communicating
devices, SSL uses a digital certificate called SSL certificate.
There are two major roles of the SSL layer
 Ensuring that the browser communicates with the required server
directly.
 Ensuring that only the communicating systems have access to the
messages they exchange.
Encryption in HTTPS
HTTP transfers data in a hypertext format between the browser and the
web server, whereas HTTPS transfers data in an encrypted format. As a
result, HTTPS protects websites from having their information broadcast
in a way that anyone eavesdropping on the network can easily see.
During the transit between the browser and the web server, HTTPS
protects the data from being accessed and altered by hackers. Even if the
transmission is intercepted, hackers will be unable to use it because the
me ssage is encrypted.
It uses an asymmetric public key infrastructure for securing a
communication link. There are two different kinds of keys used for
encryption -
 Private Key: It is used for the decryption of the data that has been
encrypted by the public key. It resides on the server-side and is
controlled by the owner of the website. It is private in nature.
 Public Key: It is public in nature and is accessible to all the users
who communicate with the server. The private key is used for the
decryption of the data that has been encrypted by the public key.
Advantage of HTTPS
 Secure Communication: HTTPS establishes a secure
communication link between the communicating system by
providing encryption during transmission.
 Data Integrity: By encrypting the data, HTTPS ensures data
integrity. This implies that even if the data is compromised at any
point, the hackers won't be able to read or modify the data being
exchanged.
  Privacy and Security: HTTPS prevents attackers from accessing
the data being exchanged passively, thereby protecting the privacy
and security of the users.
 Faster Performance: TTPS encrypts the data and reduces its size.
Smaller size accounts for faster data transmission in the case of
HTTPS.
HTTP vs HTTPS
Below are the basic differences between HTTP and HTTPS.
HTTP HTTPS

HTTP stands for HyperText Transfer HTTPS stands for HyperText

Protocol. Transfer Protocol Secure.

URL begins with “http://”. URL starts with “https://”.

HTTP Works at the Application

HTTPS works at Transport Layer.
Layer.

HTTP speed is faster than HTTPS. HTTPS speed is slower than HTTP.
File Transfer Protocol (FTP)
File transfer protocol (FTP) is an Internet tool provided by TCP/IP. The
first feature of FTP was developed by Abhay Bhushan in 1971. It helps to
transfer files from one computer to another by providing access to
directories or folders on remote computers and allows software, data, and
text files to be transferred between different kinds of computers. The end-
user in the connection is known as localhost and the server which
provides data is known as the remote host.
The goals of FTP are:
 It encourages the direct use of remote computers.
 It shields users from system variations (operating system, directory
structures, file structures, etc.)
 It promotes the sharing of files and other types of data.
Why FTP?
FTP is a standard communication protocol. There are various other
protocols like HTTP which are used to transfer files between computers,
but they lack clarity and focus as compared to FTP. Moreover, the systems
involved in connection are heterogeneous systems, i.e. they differ in
operating systems, directories, structures, character sets, etc the FTP
shields the user from these differences and transfers data efficiently and
reliably.
FTP can transfer ASCII, EBCDIC, or image files. The ASCII is the default file
share format, in this, each character is encoded by NVT ASCII. In ASCII or
EBCDIC the destination must be ready to accept files in this mode. The
image file format is the default format for transforming binary files.
Type of FTP Connections
FTP connections are of two types:
 Active FTP connection:- In an Active FTP connection, the client
establishes the command channel and the server establishes the
data channel. When the client requests the data over the connection
the server initiates the transfer of the data to the client. It is not the
default connection because it may cause problems if there is a
firewall in between the client and the server.
 Passive FTP connection:- In a Passive FTP connection, the client
establishes both the data channel as well as the command channel.
When the client requests the data over the connection, the server
sends a random port number to the client, as soon as the client
receives this port number it establishes the data channel. It is the
default connection, as it works better even if the client is protected
by the firewall.
 Anonymous FTP:- Some sites can enable anonymous FTP whose
files are available for public access. So, the user can access those
files without any username or password. Instead, the username is
set to anonymous and the password to the guest by default. Here,
the access of the user is very limited. For example, the user can
copy the files but not allowed to navigate through directories.
Detail Steps of FTP
 FTP client contacts FTP server at port 21 specifying TCP as transport
protocol.
 Client obtain authorization over control connection.
 Client browse remote directory by sending commands over control
connection.
 When server receives a command for a file transfer, the server open
a TCP data connection to client.
 after transferring one file, server closes connection.
 server opens a second TCP data connection to transfer another file.
 FTP server maintains state i.e. current directory, earlier
authentication.
Transmission Mode
FTP transfer files using any of the following modes:
 Stream Mode: It is the default mode. In stream mode, the data is
transferred from FTP to TCP in stream bytes. Here TCP is the cause
for fragmenting data into small segments. The connection is
automatically closed if the transforming data is in the stream bytes.
Otherwise, the sender will close the connection.
 Block Mode: In block mode, the data is transferred from FTP to TCP
in the form of blocks, and each block followed by a 3-byte header.
The first byte of the block contains the information about the block
so it is known as the description block and the other two bytes
contain the size of the block.
 Compressed Mode: This mode is used to transfer big files. As we
know that, due to the size limit we can not transfer big files on the
 internet, so the compressed mode is used to decrease the size of the
file into small and send it on the internet.
Applications of FTP
The following are the applications of FTP:
 FTP connection is used by different big business organizations for
transferring files in between them, like sharing files to other
employees working at different locations or different branches of the
organization.
 FTP connection is used by IT companies to provide backup files at
disaster recovery sites.
 Financial services use FTP connections to securely transfer financial
documents to the respective company, organization, or government.
 Employees use FTP connections to share any data with their co-
workers.
Advantages of FTP
 Multiple transfers: FTP helps to transfer multiple large files in
between the systems.
 Efficiency: FTP helps to organize files in an efficient manner and
transfer them efficiently over the network.
 Security: FTP provides access to any user only through user ID and
password. Moreover, the server can create multiple levels of access.
 Continuous transfer: If the transfer of the file is interrupted by any
means, then the user can resume the file transfer whenever the
connection is established.
 Simple: FTP is very simple to implement and use, thus it is a widely
used connection.
 Speed: It is the fastest way to transfer files from one computer to
another.
Disadvantages of FTP
 Less security: FTP does not provide an encryption facility when
transferring files. Moreover, the username and passwords are in
plain text and not a combination of symbols, digits, and alphabets,
which makes it easier to be attacked by hackers.
 Old technology: FTP is one of the oldest protocols and thus it uses
multiple TCP/IP connections to transfer files. These connections are
hindered by firewalls.
 Virus: The FTP connection is difficult to be scanned for viruses,
which again increases the risk of vulnerability.
 Limited: The FTP provides very limited user permission and mobile
device access.
 Memory and programming: FTP requires more memory and
programming efforts, as it is very difficult to find errors without the
commands.
What are SSH Keys?
The SSH (Secure Shell) is an access credential that is used in the SSH
Protocol. In other words, it is a cryptographic network protocol that is
used for transferring encrypted data over the network. The port number
of SSH is 22. It allow users to connect with server, without having to
remember or enter password for each system. It always comes in key
pairs:
 Public key - Everyone can see it, no need to protect it. (for
encryption function).
 Private key - Stays in computer, must be protected. (for decryption
function).
Key pairs can be of the following types:
 User Key - If the public key and private key remain with the user.
 Host Key - If public key and private key are on a remote system.
 Session key - Used when a large amount of data is to be
transmitted.
What is the Secure Shell Key?
Secure Shell or SSH, is a protocol that allows you to connect securely to
another computer over an unsecured network. It developed in 1995. SSH
was designed to replace older methods like Telnet, which transmitted data
in plain text.
Features of SSH
 Encryption: Encrypted data is exchanged between the server and
client, which ensures confidentiality and prevents unauthorized
attacks on the system.
 Authentication: For authentication, SSH uses public and private
key pairs which provide more security than traditional password
authentication.
 Data Integrity: SSH provides Data Integrity of the message
exchanged during the communication.
 Tunneling: Through SSH we can create secure tunnels for
forwarding network connections over encrypted channels.
SSH Functions
There are multiple functions performed by SSH Function, here below are
some functions:
 SSH provides high security as it encrypts all messages of
communication between client and server.
 SSH provides confidentiality.
 SSH allows remote login, hence is a better alternative to TELNET.
 SSH provides a secure File Transfer Protocol, which means we can
transfer files over the Internet securely.
 SSH supports tunneling which provides more secure connection
communication.
SSH Protocol
To provide security between a client and a server the SSH protocol uses
encryption. All user authentication and file transfers are encrypted to
protect the network against attacks.
SSH Protocol
Techniques Used in SSH
There are majorly three major techniques used in SSH, which are
  Symmetric Cryptography: In Symmetric key cryptography the
same key used for encrypting and decrypting the message, a unique
single shared key is kept between the sender and reciever. For
ex: DES (Data Encryption Standard) and AES (Advanced Encryption
Standard).
 Asymmetric Cryptography: In Asymmetric key cryptography the
key used for encrypting is different from the key used for decrypting
the message. For ex: RSA (Rivest–Shamir–Adleman) and Digital
Signature Algorithm.
 Hashing: Hashing is a procedure used in cryptography which
convert variable length string to a fixed length string, this fixed
length value is called hash value which is generated by hash
function.
What is Telnet?
TELNET is a type of protocol that enables one computer to connect to the
local computer. It is used as a standard TCP/IP protocol for virtual
terminal service which is provided by ISO. The computer which starts the
connection is known as the local computer. The computer which is
being connected to i.e. which accepts the connection known as
the remote computer. During telnet operation, whatever is being
performed on the remote computer will be displayed by the local
computer. Telnet operates on a client/server principle.
Logging in TELNET
The logging process can be further categorized into two parts:
 Local Login
 Remote Login
1. Local Login
Whenever a user logs into its local system, it is known as local login.
Local Login
The Procedure of Local Login
 Keystrokes are accepted by the terminal driver when the user types
at the terminal.
 Terminal Driver passes these characters to OS.
 Now, OS validates the combination of characters and opens the
required application.
2. Remote Login
Remote Login is a process in which users can log in to a remote site i.e.
computer and use services that are available on the remote computer.
With the help of remote login, a user is able to understand the result of
transferring the result of processing from the remote computer to the
local computer.
Network Virtual Terminal(NVT)
NVT (Network Virtual Terminal) is a virtual terminal in TELNET that has a
fundamental structure that is shared by many different types of real
terminals. NVT (Network Virtual Terminal) was created to make
communication viable between different types of terminals with different
operating systems.
How TELNET Works?
 Client-Server Interaction
o The Telnet client initiates the connection by sending requests
to the Telnet server.
o Once the connection is established, the client can
send commands to the server.
o The server processes these commands and responds
accordingly.
 Character Flow
o When the user types on the local computer, the local
operating system accepts the characters.
o The Telnet client transforms these characters into a universal
character set called Network Virtual Terminal
(NVT) characters.
o These NVT characters travel through the Internet to the remote
computer via the local TCP/IP protocol stack.
o The remote Telnet server converts these characters into a
format understandable by the remote computer.
o The remote operating system receives the characters from a
pseudo-terminal driver and passes them to the appropriate
application program3.
 Network Virtual Terminal (NVT)
o NVT is a virtual terminal in Telnet that provides a common
structure shared by different types of real terminals.
o It ensures communication compatibility between various
terminals with different operating systems.
Uses of TELNET
 Remote Administration and Management
 Network Diagnostics
 Understanding Command-Line Interfaces
 Accessing Bulletin Board Systems (BBS)
 Automation and Scripting
Advantages of TELNET
 It provides remote access to someone's computer system.
 Telnet allows the user for more access with fewer problems in data
transmission.
 Telnet saves a lot of time.
 The oldest system can be connected to a newer system with telnet
having different operating systems.
Disadvantages of TELNET
 As it is somehow complex, it becomes difficult to beginners in
understanding.
 Data is sent here in form of plain text, that's why it is not so secured.
 Some capabilities are disabled because of not proper interlinking of
the remote and local devices.
Modes of Operation
  Default Mode: If no other modes are invoked then this mode is
used. Echoing is performed in this mode by the client. In this mode,
the user types a character and the client echoes the character on
the screen but it does not send it until the whole line is completed.
 Character Mode: Each character typed in this mode is sent by the
client to the server. A server in this type of mode normally echoes
characters back to be displayed on the client's screen.
 Line Mode: Line editing like echoing, character erasing, etc. is
done from the client side. The client will send the whole line to the
server.
Simple Mail Transfer Protocol (SMTP)
Simple Mail Transfer Protocol (SMTP) is an application layer protocol
used for exchanging email messages between servers. It is essential in
the email communication process and operates at the application layer of
the TCP/IP stack.
To send an email, the client opens a TCP connection to the SMTP server.
The server, which is always listening on port 25, initiates the connection
as soon as it detects a client. Once the TCP connection is established, the
client sends the email across the connection.
SMTP
Types of SMTP Protocol
The SMTP model supports two types of email delivery methods: end-to-
end and store-and-forward.
 End-to-end delivery is used between organizations. In this method,
the email is sent directly from the sender's SMTP client to the
recipient's SMTP server without passing through intermediate
servers.
 Store-and-forward is used within organizations that have TCP/IP
and SMTP-based networks. In this method, the email may pass
through several intermediate servers (Message Transfer Agents, or
MTAs) before reaching the recipient.
With end-to-end delivery, the SMTP client waits until the email is
successfully copied to the recipient's SMTP server before sending it. This
is different from the store-and-forward method, where the email might
stop at multiple intermediate servers before reaching its destination. In
store-and-forward systems, the sender is notified as soon as the email
reaches the first server, not the final destination.
Features
 Dedicated IP
 Email API: Integrating SMTP.com with your business can be easy
with the email API feature. They have complete API documentation
on their website that can help you integrate your business in just 5
minutes.
 24x7 Customer Support: The round-the-clock support is one of the
best features of SMTP.com. Support is available both on the website
and also for paid customers. 24x7, all human support is available for
all customers across all plans. No third party is involved and
 solutions are provided fast for easy implementation. Online chat
support is also available for those who are looking for more
information about SMTP.com
 High Volume Sending Solutions: This newly launched feature is
great for those businesses who want to send more than 250 million
emails a month. Customized quotations and solutions are available.
 Reputation Defender: This is an add-on feature that helps clean
up your email lists. It doesn’t need any integration but actively
monitors your lists and provides a report.
Components of SMTP
 Mail User Agent (MUA): It is a computer application that helps you
in sending and retrieving mail. It is responsible for creating email
messages for transfer to the mail transfer agent(MTA).
 Mail Submission Agent (MSA): It is a computer program that
receives mail from a Mail User Agent(MUA) and interacts with the
Mail Transfer Agent(MTA) for the transfer of the mail.
 Mail Transfer Agent (MTA): It is software that has the work to
transfer mail from one system to another with the help of SMTP.
 Mail Delivery Agent (MDA): A mail Delivery agent or Local
Delivery Agent is basically a system that helps in the delivery of mail
to the local system.
Comparison to Regular Mail
 Think of the SMTP envelope as the address on a physical
envelope for regular mail.
 Just like an envelope guides postal delivery, the SMTP envelope
directs email servers on where to send the email.
SMTP Ports
 Port 587: This is the most commonly used port for secure SMTP
submission using TLS (Transport Layer Security). It is
recommended for client-to-server communication, as it ensures the
security of the email transmission.
 Port 465: Previously used for secure SMTP (SMTPS), this port is no
longer considered an official standard and is generally not
recommended anymore. Many email providers have moved away
from port 465 in favor of port 587.
 Port 25: This port is traditionally used for SMTP relay between mail
servers, not for email submission from clients. It is often blocked by
ISPs for outgoing mail due to its frequent use for spam and malicious
activities.
 Port 2525: Although not an official SMTP port, it is sometimes
used as an alternative for SMTP submission, especially in cases
where port 25 is blocked or restricted. Many email providers support
this port as an alternative for secure communication.
Difference Between SMTP and Extended SMTP
SMTP Extended SMTP

Users were not verified in SMTP as

In Extended SMTP, authentication
a result of massive-scale scam
of the sender is done.
emails being sent.

We cannot attach a Multimedia file

We can directly attach Multimedia
in SMTP directly without the help
FIle in ESMTP.
of MMIE.

We cannot reduce the size of the We can reduce the size of the
email in SMTP. email in Extended SMTP.

The main identification feature for

SMTP clients open transmission ESMTP clients is to open a
with the command HELO. transmission with the command
EHLO (Extended HELLO).
Advantages of SMTP
 If necessary, the users can have a dedicated server.
 It allows for bulk mailing.
 Low cost and wide coverage area.
 Offer choices for email tracking.
 Reliable and prompt email delivery.
Disadvantages of SMTP
 SMTP's common port can be blocked by several firewalls.
 SMTP security is a bigger problem.
 Its simplicity restricts how useful it can be.
 Just 7-bit ASCII characters can be used.
 If a message is longer than a certain length, SMTP servers may
reject the entire message.
 Delivering your message will typically involve additional back-and-
forth processing between servers, which will delay sending and raise
the likelihood that it won't be sent.
Domain Name System (DNS)
The Domain Name System (DNS) translates human-readable domain
names (e.g., www.google.com) into machine-readable IP addresses (e.g.,
142.250.190.14), enabling internet communication
 It enables computers to locate and communicate with each other on
the internet.
 Functions as a hierarchical, distributed database.
 Queries pass through multiple levels:
o Root server
o Top-Level Domain (TLD) server
o Authoritative server (stores the specific IP address).
  Ensures seamless website access using easy-to-remember names
instead of numerical IP addresses.
How Does DNS Work?
 When we type a website like https://www.geeksforgeeks.org in our
browser, our computer tries to find the IP address.
 First, it checks the local cache (our browser, operating system, or
router) to see if it already knows the IP address.
 If the local cache doesn’t have the IP, the query is sent to a DNS
resolver to find it.
 DNS resolver may check host files (used for specific manual
mappings), but usually, it moves on.
 Resolver sends the query to a Root DNS server, which doesn't know
the exact IP address but points to the TLD server (e.g., .org server
for this example).
 TLD server then directs the resolver to the authoritative nameserver
for geeksforgeeks.org.
 Authoritative nameserver knows the exact IP address for
geeksforgeeks.org and sends it back to the resolver.
 Resolver passes the IP address to our computer.
 Our computer uses the IP address to connect to the real server
where the website is hosted.
 The website loads in our browser.
Structure of DNS
It is very difficult to find out the IP address associated with a website
because there are millions of websites and with all those websites we
should be able to generate the IP address immediately, there should not
be a lot of delays for that to happen organization of the database is very
important.
Root DNS Server
 DNS Record: Domain name, IP address what is the validity? what is
the time to live? and all the information related to that domain
name. These records are stored in a tree-like structure.
 Namespace: Set of possible names, flat or hierarchical. The naming
system maintains a collection of bindings of names to values – given
a name, a resolution mechanism returns the corresponding value.
 Name Server: It is an implementation of the resolution mechanism.
Types of Domain
There are various kinds of domains:
 Generic
Domains: .com(commercial), .edu(educational), .mil(military), .org(
nonprofit organization), .net(similar to commercial) all these are
generic domains.
 Country Domain: .in (India) .us .uk
 Inverse Domain: if we want to know what is the domain name of
the website. IP to domain name mapping. So DNS can provide both
the mapping for example to find the IP addresses of
geeksforgeeks.org then we have to type
Domain Name Server
The client machine sends a request to the local name server, which, if the
root does not find the address in its database, sends a request to the root
name server, which in turn, will route the query to a top-level domain
(TLD) or authoritative name server. The root name server can also contain
some hostName to IP address mappings. The Top-level domain (TLD)
server always knows who the authoritative name server is. So finally the
IP address is returned to the local name server which in turn returns the IP
address to the host.
DNS Lookup
DNS Lookup, also called DNS Resolution, is the process of translating a
human-readable domain name (like www.example.com) into its
corresponding IP address (like 192.0.2.1), which computers use to locate
and communicate with each other on the internet. It allows users to
access websites easily using names instead of remembering numeric IP
addresses.
 DNS Lookup starts when a user types a domain name into their
browser.
 The query goes through a series of servers: the DNS resolver, Root
server, TLD server, and authoritative server.
 Each server plays a role in finding the correct IP address for the
domain.
 Once the IP address is found, the browser connects to the website’s
server and loads the page.
DNS Resolver
DNS Resolver is simply called a DNS Client and has the functionality for
initiating the process of DNS Lookup which is also called DNS Resolution.
By using the DNS Resolver, applications can easily access different
websites and services present on the Internet by using domain names
that are very much friendly to the user and that also resolves the problem
of remembering IP Address.
Types of DNS Queries
There are basically three types of DNS Queries that occur in DNS Lookup.
These are stated below.
 Recursive Query: In this query, if the resolver is unable to find the
record, in that case, DNS client wants the DNS Server will respond to
the client in any way like with the requested source record or an
error message.
 Iterative Query: Iterative Query is the query in which DNS Client
wants the best answer possible from the DNS Server.
 Non-Recursive Query: Non-Recursive Query is the query that
occurs when a DNS Resolver queries a DNS Server for some record
that has access to it because of the record that exists in its cache.
DNS Caching
DNS Caching can be simply termed as the process used by DNS Resolvers
for storing the previously resolved information of DNS that contains
domain names, and IP Addresses for some time. The main principle of
DNS Caching is to speed up the process of future DNS lookup and also
help in reducing the overall time of DNS Resolution.
 Speeds Up Access: It stores previous website lookups, so your
device can quickly load frequently visited sites without asking the
network for the IP address each time.
 Reduces Internet Traffic: This storage cuts down on the number of
requests sent across the internet, helping reduce overall network
congestion.
 Enhances User Experience: With faster loading times for websites
and less waiting, browsing the internet becomes a smoother, more
enjoyable experience.
What is POP3?
POP 3 stands for Post Office Protocol Version 3. POP3 protocol is used to
provide access to the mail inbox that is stored in the email server. POP3
protocol can download and delete messages. Once the POP3 client has
established a connection with the mail server it can easily retrieve all the
messages from the server. The user can access the messages locally
even if the user is offline. The protocol does not inherently support real-
time synchronization or automatic checking for new messages, users can
configure their email clients to check for new messages at intervals or
manually. Many email programs, including Apple Mail, Gmail, and
Microsoft Outlook, support the POP3 protocol, although IMAP is often
preferred for its synchronization features.
POP3 Ports
POP3 makes use of two network ports. They are:
 Port 110: Port 110 is a default TCP port used by POP3. But It has a
disadvantage that it does not support encrypted communication.
 Port 995: Port 995 is majorly used for more secure applications.
Port 995 is a TLS or SSL port used to provide more security.
Advantages of POP3
 The message can be read offline also.
 POP3 requires less storage space.
 POP3 is easy to use and configure.
 POP3 is supported by many email applications.
 Since our PC already has the emails stored there, accessing them is
quick and simple.
 The size of emails we send and receive is unrestricted.
 Since all emails are kept locally, less server storage space is needed.
Disadvantages of POP3
 POP3 does not provide the feature of real-time synchronization.
 If an email consists of virus attachments it can affect the system
easily.
 POP3 does not support accessing the same email at the same time
on different systems.
 At a time entire email folder can be discarded.
 It is also possible for the email folder that is downloaded from the
mail server to get corrupted.
  Since the emails are kept locally, anyone using your computer can
access the email folder.
Difference Between POP3 and IMAP
POP3 IMAP

POP is a simple protocol that only IMAP (Internet Message Access

allows downloading messages Protocol) is much more advanced
from your Inbox to your local and allows the user to see all the
computer. folders on the mail server.

The POP server listens on port The IMAP server listens on port
110, and the POP with SSL 143, and the IMAP with SSL secure
secure (POP3DS) server listens on (IMAPDS) server listens on port
port 995 993.

In POP3 the mail can only be

Messages can be accessed across
accessed from a single device at a
multiple devices.
time.

To read the mail it has to be The mail content can be read

downloaded on the local system. partially before downloading

The user can create, delete or

The user can not create, delete or
rename an email on the mail
rename email on the mail server.
server.

🔶 Proxy Concept
A proxy (or proxy server) is an intermediate server that acts as a
gateway between a user and the internet. When you use a proxy server,
your requests to access websites or services go through the proxy instead
of directly reaching the target server.
Primary functions of a proxy:
 Privacy/Anonymity: Masks the user's IP address.
 Security: Can filter harmful content or malicious traffic.
 Content control: Often used in corporate networks to restrict or
monitor employee access.
 Caching: Stores copies of frequently accessed content to improve
speed.
 Bypassing restrictions: Can help access geo-blocked or censored
content.
🔷 Types of Proxy Servers
1. Forward Proxy
 Positioned between the client (user) and the internet.
 Client-aware but not necessarily server-aware.
  Clients send requests to the proxy, which then forwards them to the
target server.
 Useful for:
o Hiding client identities.
o Filtering outgoing content.
o Controlling internet usage (e.g., parental or organizational
controls).
Example Use Case: A school restricts students' access to social media
by filtering web traffic through a forward proxy.
2. Reverse Proxy
 Positioned in front of one or more web servers.
 Server-aware but not necessarily client-aware.
 Clients send requests to the proxy, which determines which internal
server will handle it.
 Useful for:
o Load balancing.
o Caching and compression.
o Protecting backend servers (hides their identity).
o SSL termination (handling encryption/decryption).
Example Use Case: A large e-commerce site uses a reverse proxy to
distribute traffic among multiple servers during high traffic periods.
Feature Forward Proxy Reverse Proxy
Client and the
Sits Between Internet and Web Server
Internet
Used By Clients (Users) Servers (Web services)
Anonymity, content Load balancing, security,
Purpose
filtering caching
IP Address
Client’s IP Server’s IP
Masked

🔷 Proxy Chain
A proxy chain involves connecting through multiple proxy servers in
sequence before reaching the final destination. Each proxy in the chain
adds a layer of obfuscation, improving anonymity and privacy.
Why use a proxy chain?
 Harder to trace back to the original user.
 More difficult for attackers or surveillance tools to identify the
source.
 Used in ethical hacking, penetration testing, or by those in
censorship-heavy regions.
Example Flow:
User → Proxy 1 → Proxy 2 → Proxy 3 → Target Server
Tools for Proxy Chaining:
 ProxyChains (Linux utility)
 TOR (The Onion Router – uses layered proxies)
 Custom VPN + proxy setups
Note: More proxies = more anonymity, but also slower speed.
Types of Password
Passwords are a type of secret data in the form of a string of characters
and are the first gateway for digital defenses, through which personal and
professional information is protected against intrusion. In this article, we
look at different forms of passwords used in the current society, which is
faced with increased threats in the cyber world.
As a starting point, this introduction shares information about password
types, making use of their distinctive features, advantages, and potential
weaknesses. Through exploring these various approaches, it becomes
rather clear why the development of secure password procedures remains
highly essential in the modern conditions of growing connectivity.
Types of Password
1. Alphanumeric Passwords
Alphanumeric passwords are possibly the simplest form of protection,
containing letters and numbers and creating a password. These forms of
passwords may include simple forms such as the letter and number
combination of, say, ‘abc123’ or the alphabetic and numeric form of
something more elaborate, such as ‘A1b2C3d4’. This is because, apart
from the 26 letters of the alphabet, there are also 10 numbers available,
which means that the chances of an unauthorized user getting the right
password are reduced. Even if the passwords are alphanumeric, they are
simple to develop and memorize, and in terms of security, they are only
determined by their length and the level of randomness they have.
Benefits of Alphanumeric Passwords
 Increased Security: A combination of letters and numbers in
passwords enhances the complexity standard of passwords more
than those using only alphabets or numbers, thereby making it
difficult for attackers to compromise the passwords by breaking the
codes through hacking.
 Compatibility: Due to their common nature and flexibility of use,
alphanumeric passwords are capable of being used on most systems
and platforms without conflicts.
 Ease of Creation: They are relatively uncomplicated to formulate
and memorize as compared to other password forms, such as those
that embed the use of special characters as well as biometric data.
 Balancing Security and Usability: Alphanumeric passwords are
intermediate degrees of passwords since they offer a fair degree of
protection against unauthorized access but are also easy to manage
for day-to-day usage.
2. Passphrases
Plaintext passwords PWP is a good and secure substitute for regular
passwords, it is a sequence of words or a whole saying. While short and
complicated passwords may be difficult to memorize, passphrases build
on the length and entropy of multiple words and numbers and are more
secure but manageable. For instance, if a password is formed from the
words “CorrectHorseBattery Staple”, the password is far more complex to
hack than if we assume a four-digit numerical code.
Benefits of Passphrases
 Increased Security: The first advantage of passphrases is that
they can be long and even contain working symbols. When the
sequence of words is significantly longer, the chances of guessing it
right through brute force or dictionary attacks reduce dramatically,
making passphrases almost impossible to break
 Memorability: The major advantage of passphrases is that they are
easier to remember as compared to hard-coded formal passwords.
Forgetting a password is unlikely to happen since it is in the familiar
form of using words, comprehensible word formation, or a coherent
sentence.
 User-Friendly: While passwords have some strict rules concerning
their use, such as the mandatory use of special characters, numbers,
and uppercase letters, passphrases, on the other hand, are easy to
devise and type on the keyboard. This makes it easier to adopt
better-secured passwords without necessarily having to change the
password constantly.
 Adaptability: Hence, passphrases are highly flexible and can be
applied to any security requirements that may exist, right from the
user’s security domain to the security domain of even corporate-
type levels.
3. PIN (Personal Identification Number)
A PIN can therefore be described as a numerical code used to validate
one’s identity on diverse platforms, for instance, in the banking sector,
facility security, and electronics. The password is normally an
alphanumerical code with four to six digits, in essence, it is designed to
be easily recalled by the user while at the same time being a fairly secure
form of authentication. Selecting PINs is often accomplished at the same
time for multi-factor authentication that can include tokens and
biometrics.
Benefits of PIN (Personal Identification Number)
 Convenience: Because they are often composed of a small number
of characters, which are easy to remember, PINs are quite
convenient for the users to enter easily when time is of the essence.
 Widespread Adoption: PINs are established universally and are
already familiar to the community through their application in the
banking sector, telecommunications, and even access control
systems.
 Immediate Access: For example, with a PIN, it is easier to log into
an account or use a device without having to find more hardware or
software tokens that they would need, which would make the
process a little complicated.
 Enhanced Security: Despite their simplicity, even PINs are not
without their merits because they can afford a degree of security by
 limiting the openness of a particular device or system to only people
who know the right numeric code.
4. Biometric Passwords
Biometric passwords involve standards that involve the physiological or
behavioral traits of an individual and include fingerprints, iris scans, facial
features, and dactyloscopy, respectively. These are passwords that rely on
body intrinsic values, which cannot be imitated or hacked. Biometric
authentication improves on the traditional methods of authentication and
grants the right to use a system or device only to the right person since
each person’s biometric information is unique and cannot be forged or
copied by another.
Benefits of Biometric Passwords
 Enhanced Security: Another advantage of using biometric data is
that it cannot be forged as it is attached to one individual only, and
therefore it is very difficult for any other person to emulate or
impersonate another person without the necessary authorization,
hence making the security strong enough.
 Convenience: One major advantage of biometric authentication
over other forms of authentication, such as passwords, pin codes,
etc., is the fact that users rarely forget or get to remember codes/
easily.
 Reduced Risk of Credential Theft: Biometric data is an inherent
aspect of the user, therefore, there are limitations to the possibility
of forgetting it or even losing it, unlike passwords or tokens, thereby
minimizing the impact of credential theft.
 Accuracy and Reliability: As a rule, biometric systems offer high
accuracy and efficiency, their authentication rates are rather stable,
and the percentage of false acceptances or rejects is low.
5. Pattern-Based Passwords
Pattern-based passwords also referred to as graphical passwords, involve
the creation of a set of shapes, gestures, or patterns that are personalized
by the user to authenticate him. As opposed to the next generation of
alphanumeric passwords, which only contain characters, the pattern-
based password involves a pattern or a sequence of lines on any
graphical point-and-click interface, including a grid and touch screen.
Such patterns can fall under connecting dots, dragging shapes, or swipe
motions.
Benefits of Pattern-Based Passwords
 Memorability: Hence, patterns can be better than passwords, the
main reason perhaps being that, for the user who has a poor
memory for characters, sequences of characters, and other such
ideal passwords, the pattern is easier to remember.
 User-Friendly: Of the two, pattern-based authentication is more
convenient for the user, especially when they are using a touch-
based device, as it involves drawing a pattern, preferably on a
sensitive area that would allow the user to draw the pattern without
much slip in sensitivity.
  Resistance to Shoulder Surfing: Pattern-based Passwords are
even safer than gesture, password, and PIN-based passwords since
they involve drawing shapes and patterns on the screen and thus
cannot be easily overwatched like the common passwords and PINs.
 Enhanced Security: Even if applied in the form of patterns to make
passwords more complex and apply randomizers, a pattern-based
password offers the same level of protection as a traditional
alphanumeric one, which means that pattern-based passwords may
be successfully used for the protection of important accounts and
devices.
6. One-Time Passwords (OTP)
One-time passwords (OTPs) are passwords that are used on a one-off
basis to ensure confirmation of a person’s identity and that can only be
used for a single login or transaction. Compared to conventional
passwords that are constant for a considerable amount of time, OTP
delivers an additional layer of security where, for each attempted login, a
new code would be generated. These channels include SMS, email, and
maybe dedicated applications on mobile phones, tablets, or any other
portable devices or hardware tokens. OTP, once utilized, lapses and
cannot perhaps be utilized again, and this in some way limits the
probability of unauthorized admittance even when the code has been
compromised.
Benefits of One-Time Passwords (OTP)
 Enhanced Security: OTP is generally considered a more secure
method than the conventional static password because it has a
single use, or its period of use is very limited. This also minimizes
the threat of identity theft. For instance, if there is an interception of
OTPs, the intruder cannot benefit from the interception as they are
valid for a certain time.
 Protection Against Replay Attacks: Non-reusable OTPs, because
they are only used once, are effective in preventing replay attacks
whereby attackers reuse credentials intercepted from users to gain
unauthorized access.
 Two-Factor Authentication (2FA) or Multi-Factor
Authentication (MFA): 2FA, or MFA, applies OTPs as one of the
measures to secure computer systems or online accounts alongside
passwords.
 Flexibility in Delivery: These solutions can be deployed for
receiving OTP by SMS, email, by using applications or physical
tokens enabling customers to choose according to their convenience
or by the security standard of the system.
 User-Friendly: OTP is usually flexible and convenient for users to
apply due to the simple message authentication code required from
the user.
7. Graphical Password Authentication
With increasing technical advancements the world is becoming digital at
a high pace and everything is happening online. From paying your bills to
ticket bookings to paying the person sitting next to you, you prefer to pay
online. Not only payments but all activities, be it, communication through
e-mails and messaging apps, keeping your documents in a digital locker,
etc happen online. With everything turning online, the risk of cybercrimes
and privacy breaches is also increasing. Passwords play a huge role in
keeping your data safe online as well as offline platforms. Passwords are
the default method of authentication to get access to our accounts. There
are various types of authentication available for users to secure
their accounts. Types of authentication
 Token-based authentication includes key cards, bank cards, smart
cards, etc.
 Knowledge-based authentication includes text-based authentication
and picture-based authentication.
 Biometric authentication include fingerprints authentication, iris scan
and facial recognition.
Graphical Password Authentication has three major
categories based on the activity they use for authentication of
the password:
 Recognition based Authentication: A user is given a set of
images and he has to identify the image he selected during
registration. For example, Passfaces is a graphical password scheme
based on recognizing human faces. During password creation, users
are given a large set of images to select from. To log in, users have
to identify the pre-selected image from the several images
presented to him.
 Recall based Authentication: A user is asked to reproduce
something that he created or selected at the registration stage. For
example, in the Passpoint scheme, a user can click any point in an
image to create the password and a tolerance around each pixel is
calculated. During authentication, the user has to select the points
within the tolerance in the correct sequence to login.
 Cued Recall: Cued Click Points (CCP) is an alternative to the
PassPoints technique. In CCP, users click one point on each image
rather than five points on one image (unlike PassPoints). It offers
cued-recall and instantly alerts the users if they make a mistake
while entering their latest click-point.
Advantages:
 It is user-friendly.
 It provides higher security than other traditional password schemes.
 Dictionary attacks are infeasible.
 CCP makes attacks based on hotspot analysis more challenging.
Disadvantages:
 Registration and login take too long.
 It requires more storage space because of images.
 Shoulder surfing(Watching over people’s shoulders as they process
information).
Tips to Create a Strong Password
 Length: Ideally, a password should be created using more than 12
characters. The reasoning is understandable to a certain extent
since longer passwords are always more secure as they imply more
variations the crackers have to try.
 Complexity: obstructions must consist of capital and small letters,
numbers, and other symbols (! @, #, etc.). Thus, the use of different
types of characters complicates the password and makes it, to a
certain degree, safer from an attack that aims at guessing the
password.
 Avoid Predictable Patterns: However, do not use something such
as a string of numbers or letters like 1, 2, 3, or a word like car or ball,
or any information about you that can be easily found like your
name, birthday, telephone number, etc. This is because hackers
utilize computers and script kiddies who, through the use of
automated scripts, can in a very short time attempt to guess
passwords based on probability.
 Unique and Random: Never use the same passwords with different
accounts, but come up with a distinctive password for each account.
For example, if you steal one password, it does not mean that all the
other accounts to which you entered this password are also in
danger.
 Passphrases: This is especially important if you find that you have
been reusing the same password for several of your accounts. A
passphrase is created from a series of random words or even a
sentence, one that you would easily recall and that would be
impossible for an intruder to guess. For instance, a good use of a
passphrase is one like “PurpleElephant$Jumping@Moon.”
 Avoid Dictionary Words: DO NOT use ‘dictionary words’, or
ordinary phrases that any scholar would easily look up. Thus,
passwords can be easily penetrated, especially by hackers, by using
a dictionary-based attack.
 Use Password Managers: Therefore, manage your passwords by
using a password manager to create passwords for all accounts you
create and ensure that they’re complex and different. A password
manager is an application that can sustain passwords for an
individual or a company efficiently.
 Regularly Update Passwords: Alter your passwords as frequently
as you can, particularly on accounts that consist of more valuable
information. It is thus recommended that the passwords be changed
often in a bid to reduce vulnerability to illegitimate penetration.
Password Security Best Practices
 Use Strong, Unique Passwords: The creation of passwords should
include the use of at least 12 characters and the integration of
numbers, uppercase and lowercase letters, and other special
characters.
  Example: A password like “123456” or “qwerty” should not be used
as they are easily hackable. Avoid Reusing Passwords, Aim to have a
different password for each account that you create online. It poses
a higher risk of breach given that a number of your accounts link to
the same password, once it is hacked, all those accounts have been
penetrated.
 Enable Multi-Factor Authentication (MFA): Generally, it is
recommended to enable MFA for your accounts when possible.
Secure: MFA enhances security by providing an additional step to
authenticate besides a password like the code to be entered from
the phone or generated by a particular application.
 Regularly Update Passwords: Perform the power changes often,
especially with important accounts, to change your passwords
regularly. Ensure you change your passwords regularly, for instance,
every few months, to minimize the rate at which you open your
passwords to third parties.
 Use Passphrases: Perhaps one might consider the use of
passphrases instead of conventional passwords. A passphrase is a
string longer than the password, which could be a phrase or a
sentence. Remembering it would not pose any problem while
outsiders could hardly guess it. They provide better security than
normal passwords as compared to other authentication mechanisms.
Types of password attacks
Password attacks fall into several broad categories. They are categorized
based on the tactics and techniques used and the nature of the attack.
The main types of password attacks are:
 Credential reuse attacks exploit credentials leaked from
previous data breaches in attacks where attackers use known
username-password pairs on multiple services (credential stuffing).
 Exhaustive search attacks attempt to systematically guess
passwords by trying all possible combinations (brute force) or using
precompiled lists of common passwords or phrases (dictionary
attacks).
 Network interception attacks capture passwords as they are
transmitted over networks (man-in-the-middle attacks, packet
sniffing, and DNS spoofing).
 Offline cracking attacks target password hashes or encrypted
password databases obtained from compromised systems (rainbow
table attacks).
 Password-guessing attacks rely on guessing passwords based on
personal information or predictable patterns (password spraying).
 Social engineering attacks manipulate human behavior and exploit
users' weaknesses to obtain passwords (phishing and
impersonation).
 Surveillance attacks involve monitoring user input or behavior to
capture credentials (keylogging, shoulder surfing, or hidden camera
surveillance).
Common types of password attacks
Password hacking encompasses various techniques that cybercriminals
employ to gain unauthorized access to secure systems. These hacking
methods, along with others, highlight the ongoing threat landscape that
necessitates robust cybersecurity practices and vigilance. By
understanding these primary attack types, individuals and organizations
can implement targeted strategies to strengthen their defenses against
unauthorized access attempts.
 Brute-force attack
o A brute-force attack is a type of password attack where hackers
make numerous hit-or-miss attempts to gain access. It is a
simple attack and often involves automated methods, such as
software, for trying multiple letter-number variations.
 Keylogger attack
o A keylogger is a type of spyware that records a user's activity
by logging keyboard strokes. Cybercriminals use keyloggers to
steal a variety of sensitive data, from passwords to credit card
numbers. In a password attack, the keylogger records not only
the username and password but also the website or application
where those credentials are used, along with other sensitive
information.
 Dictionary attack
o A type of brute-force password attack, a dictionary attack is
based on a list of commonly used words and phrases, as well as
often-used passwords. To avoid having to crack a long list of
possible passwords, attackers narrow down the list to what's
known as dictionary words.
 Credential stuffing
o Credential stuffing password attacks are similar to brute-force
attacks in that the attackers use trial-and-error to gain access.
However, instead of guessing passwords, they use stolen
credentials. Credential stuffing is based on the assumption that
many people reuse their passwords for multiple accounts
across various platforms.
 Man-in-the-middle
o A man-in-the-middle scenario involves three parties: the user,
the attacker, and the third party with whom the person is trying
to communicate. In a password attack, cybercriminals typically
impersonate a legitimate third party, often through a phishing
email.
 Traffic interception
o Traffic interception, a variation on the man-in-the-middle attack,
involves the threat actors eavesdropping on network traffic to
monitor and capture data. A common way of doing this is
through unsecured Wi-Fi connections or connections that don't
use encryption, such as HTTP.
  Phishing
o As mentioned above, phishing is a versatile approach.
Cybercriminals use different phishing and social engineering
tactics, from phishing emails for man-in-the-middle attacks to a
combination of spear phishing and vishing (a multi-step
password attack that includes a voice call and a link to a
malicious site that harvests credentials). The latter has been
used in attacks targeting employees' virtual private network
(VPN) credentials.
 Password spraying
o Another form of a brute-force attack, password spraying,
involves trying a large number of common passwords on a
small number of user accounts or even on just one account..
 Cybersecurity best practices to reduce password attack risks
o Despite the fact that password attacks are one of the most
common types of cyber attacks, they can be prevented. A well-
planned cyber defense strategy combined with cybersecurity
tools and programs materially reduces the risk and impact of
password attacks.
 Defending against password attacks
o The best password attack strategies start with an
understanding of common password security risks and an
assessment of password vulnerabilities. Once security gaps or
weaknesses have been identified, IT and security teams should
determine what existing tools and processes can be leveraged
as part of the defense and consider how these can be
optimized and bolstered.
 Preventing password attacks
o Adopting best practices for password hygiene and management
is the best way to prevent password attacks. Easy-to-hack
environments with a weak security posture are much more
appealing to opportunistic cybercriminals. Effective defense
against password attacks requires a combination of policies,
tools, and frameworks to boost an enterprise's ability to avoid a
data breach.
Policies for password attack defense
 Requiring strong passwords that are long (e.g., 12+ characters),
complex, usual, and unique for each website or account
 Changing passwords when a breach is suspected
 Implementing multi-factor authentication when possible
 Adopting a password manager to simplify password
management and ensure secure storage
 Limiting access to privileged accounts and adding additional security
layers for those accounts
  Educating all employees and anyone else with access to
organizational resources about password security also enables
prevention
Tools to prevent password attacks
 Multi-factor authentication (MFA)—access control tools that require
users to present multiple forms of verification (e.g.,
passwords, biometrics, hardware tokens) login
 Privileged Access Management (PAM)—tools that secure, monitor,
and manage privileged accounts
 Password hashing and salting—tools that store passwords securely
by applying strong hashing algorithms (e.g., bcrypt, Argon2) with
unique salts make offline cracking attacks like rainbow tables
ineffective
 Rate limiting and account lockout mechanisms—tools that throttle
login attempts or temporarily lock accounts after multiple failed
attempts
 Monitoring anomaly detection—tools that proactively
monitor authentication attempts and detect unusual behavior
 Secure password reset mechanisms—tools that ensure that
password recovery processes are secure
 Network segmentation—dividing network resources into isolated
segments to limit the damage from compromised credentials and
prevent lateral movement
 Continuous authentication—continuously assessing user identity
through contextual signals (e.g., device posture, geolocation,
behavioral biometrics)
✅ Steps to Stay Secure in the Digital World
🔐 1. Have a Strong Password
A strong password is your first line of defense against unauthorized
access.
Best Practices:
 Use at least 12 characters.
 Combine uppercase, lowercase, numbers, and special
characters.
 Avoid using personal information (name, DOB, etc.).
 Never reuse passwords across websites.
 Use a password manager to securely store complex passwords.
Example:
S@f3tY!P@55w0rD2025
🔒 2. Encrypt Your Data
Encryption ensures that even if your data is stolen, it cannot be read
without the decryption key.
How to encrypt:
 Use Full Disk Encryption (FDE) tools (e.g., BitLocker for Windows,
FileVault for macOS).
 Encrypt sensitive files using software like VeraCrypt.
  Use end-to-end encryption for messaging apps (e.g., Signal,
WhatsApp).
Benefits:
 Protects your data from hackers and unauthorized access.
 Essential for laptops, smartphones, and cloud storage.
3. Use Security Suite Software
Install a comprehensive security suite to defend against malware,
ransomware, and phishing.
Components usually include:
 Antivirus
 Anti-malware
 Email protection
 Web protection
 Real-time scanning
Trusted software examples:
 Kaspersky
 Bitdefender
 Norton
 ESET
🔥 4. Set Up a Firewall
A firewall monitors and controls incoming and outgoing network
traffic based on security rules.
Types of firewalls:
 Software firewalls: Run on individual devices.
 Hardware firewalls: Used in networks (usually routers).
Purpose:
 Blocks unauthorized access to your computer.
 Can filter malicious IP addresses or suspicious traffic.
Tip: Ensure the firewall is enabled and properly configured on your
system.
🔄 5. Regularly Update Your Operating System and Software
Software updates often include security patches that fix vulnerabilities
hackers may exploit.
Why it's important:
 Prevents zero-day attacks.
 Ensures compatibility and improves performance.
 Fixes known bugs and flaws.
Best Practices:
 Enable automatic updates for OS and apps.
 Regularly check for firmware updates on routers and IoT devices.