Scribd
Upload
27 views16 pages

Cyber Security 1

Uploaded by

the.warlord.mismeel
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
27 views16 pages

Cyber Security 1

Uploaded by

the.warlord.mismeel
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 16

CYBER SECURITY

CYBER SECURITY THREATS


IMPORTANCE OF DATA SAFETY

Privacy-personal data that you want to keep within your family or close
friends

Security-commercial data, such as passwords and bank details.


CYBER THREATS
• brute force attacks
• data interception
• distributed denial of service (DDoS) attacks
• hacking
• malware (viruses, worms, Trojan horse, spyware, adware and ransomware)
• Phishing
• pharming
• social engineering
BRUTE FORCE ATTACKS

• brute force attack – a ‘trial and error’ method used by


cybercriminals to crack passwords by finding all possible
combinations of letters, numbers and symbols until the password is
found
TECHNIQUES
• TRIAL AND ERROR: Systematically trying all the different combinations of letters, numbers and other
symbols until eventually password is found.
• IMPROVED TECHNIQUE:
1 Checking the common passwords like : 123456, password, qwerty, 111111 and abc123);
2 Use the strong word list (this is a text file containing a collection of words that can be used in a
brute force attack);
This is still a faster way of cracking a password than just total trial and error.

The longer a password is and the greater the variation of characters used, the harder it will be to
crack
DATA INTERCEPTION

data interception – an attempt to eavesdrop on a wired or wireless network


transmission; cybercriminal often use packet sniffing or access point mapping /
wardriving to intercept data

• Stealing data by tapping into a wired or wireless communication link.


• The intent is to compromise privacy or to obtain confidential information.
DATA INTERCEPTION
• ON WIRED NETWORKS:
Using a packet sniffer, which examines data packets being sent over a network.
The intercepted data is sent back to the hacker
• ON WIRELESS NETWORKS:
Wi-Fi (wireless) data interception can be carried out using wardriving (or sometimes called Access Point
Mapping).
data can be intercepted using a laptop or smartphone, antenna and a GPS device (together with some
software) outside a building or somebody’s house.
The intercepted Wi-Fi signal can then reveal personal data to the hacker, often without the user being
aware this is happening
PREVENTIVE MEASURES

• Encryption doesn’t stop the data being intercepted or altered in some way but makes the data
incomprehensible to the hacker if they don’t have access to a decryption key.
• To safeguard against wardriving, the use of a wired equivalency privacy (WEP) encryption
protocol, together with a firewall, is recommended.
• It is also a good idea to protect the use of the wireless router by having complex passwords.
• It is important not to use Wi-Fi (wireless) connectivity in public places (such as an airport)
since no data encryption will exist and your data is then open to interception by anyone within
the airport
DISTRIBUTED DENIAL OF SERVICE (DDOS)
ATTACKS
• A denial of service (DoS) attack is an attempt at preventing users from accessing
part of a network, notably an internet server.
• This is usually temporary but may be a very damaging act or a large breach of
security.
• TARGET: individuals, networks
• The attacker may be able to prevent a user from:
» accessing their emails
» accessing websites/web pages
» accessing online services (such as banking).
TECHNIQUE

• One method of attack is to flood the network with useless spam traffic.
• When a user enters a website’s URL in their browser, a request is sent to the web server that contains the
website or web page. Obviously, the server can only handle a finite number of requests. So if it becomes
overloaded by an attacker sending out thousands of requests, it won’t be able to service a user’s legitimate
request. This is effectively a denial of service.
• In a distributed denial of service (DDoS) the spam traffic originates from many different computers, which
makes it hard to block the attack.
EXAMPLE

• This can happen to a user’s email account, for example, by an attacker sending out many spam messages
to their email account. Internet service providers (ISPs) only allow a specific data quota for each user.
Consequently, if the attacker sends out thousands of emails to the user’s account, it will quickly become
clogged up and the user won’t be able to receive legitimate emails
SYMPTOMS

There are certain signs a user can look out for to see if they have become a victim
of a DDoS attack:

» slow network performance (opening files or accessing certain websites)

» inability to access certain websites

» large amounts of spam email reaching the user’s email account.


PREVENTIVE MEASURES
An individual user or a website can guard against these attacks to some degree by:

» using an up-to-date malware checker

» setting up a firewall to restrict traffic to and from the web server or user’s
computer

» applying email filters to filter out unwanted traffic (for example, spam).
HACKING

• Hacking is generally the act of gaining illegal access to a computer system


without the user’s permission.
• This can lead to identity theft or the gaining of personal information; data can
be deleted, passed on, changed or corrupted.
• encryption does not stop hacking; it makes the data meaningless to the hacker
but it doesn’t stop them from deleting, corrupting or passing on the data.
PREVENTIVE MEASURES

• Hacking can be prevented through the use of firewalls,


• user names and frequently changed strong passwords.
• Anti-hacking software and intrusion-detection software also exists in the fight
against hacking.
ETHICAL HACKING

• Malicious hacking takes place without the user’s permission, and is always an
illegal act.
• However, universities and companies now run courses in ethical hacking. This
occurs when companies authorise paid hackers to check out their security
measures and test how robust their computer systems are to hacking attacks.

You might also like