What is called malware in cyber security? Explain thee today's most common types of malware attacks to the data and software system.
Malware (short for malicious software) is any software or code intentionally designed to damage, disrupt, steal data from, or gain unauthorized access to a computer system, network, or device.
It can affect:
- Data (steal, corrupt, delete, or encrypt it)
- Software (disrupt or control applications)
- Systems (slow down or completely disable devices or networks)
Most Common Types of Malware Attacks Today
1. Virus
A computer virus is malware that attaches itself to a legitimate file or program and spreads when the file is executed.
How it works:
- Activates when the infected file is opened
- Replicates and spreads to other files or systems
Impact:
- Corrupts files
- Damages system performance
- Can delete data
2. Worm
A worm is a standalone malware that spreads automatically across networks without needing a host file.
How it works:
- Exploits network vulnerabilities
- Self-replicates and spreads quickly
Impact:
- Consumes bandwidth
- Slows down networks
- Can cause large-scale outages
3. Trojan Horse (Trojan)
A Trojan is malware disguised as a legitimate program to trick users into installing it.
How it works:
- Appears safe (e.g., fake app or software update)
- Once installed, it opens backdoors for attackers
Impact:
- Steals passwords and sensitive data
- Allows remote control of the system
- Installs other malware
4. Ransomware
Ransomware locks or encrypts a victim’s data and demands payment (ransom) to restore access.
How it works:
- Encrypts files or locks system access
- Displays ransom message
Impact:
- Loss of access to important data
- Financial loss
- Business disruption
5. Spyware
Spyware secretly monitors user activity and collects personal information without consent.
How it works:
- Runs in the background unnoticed
- Tracks keystrokes, browsing habits, and passwords
Impact:
- Identity theft
- Privacy invasion
- Financial fraud
Define different types of computer related threats. What types of control measure should be applied to get protected from them
Computer-related threats are any possible dangers that can harm computer systems, networks, software, or data by causing unauthorized access, disruption, damage, or theft.
1. Malware threats
These are harmful software programs designed to damage or control systems.
- Examples: viruses, worms, Trojans, ransomware, spyware
- Effects: data loss, system slowdown, data theft, system takeover
2. Phishing and social engineering threats
These rely on tricking users into revealing sensitive information.
- Examples: fake emails, fake websites, impersonation calls/messages
- Effects: password theft, financial fraud, identity theft
3. Network threats
These target communication systems and data transmission.
- Examples: hacking, packet sniffing, man-in-the-middle attacks, DoS/DDoS attacks
- Effects: service disruption, data interception, network downtime
4. Password-based threats
Attackers try to break or steal passwords to gain access.
- Examples: brute-force attacks, dictionary attacks, credential stuffing
- Effects: unauthorized account access, data breach
5. Insider threats
Threats coming from people within an organization.
- Examples: employees misusing access, leaking data intentionally or accidentally
- Effects: data theft, sabotage, loss of trust
6. Physical threats
Damage caused to hardware or physical systems.
- Examples: theft of devices, fire, water damage, power failure
- Effects: hardware loss, data destruction, system downtime
7. Software vulnerabilities
Weaknesses in software that attackers exploit.
- Examples: unpatched software, bugs, outdated systems
- Effects: unauthorized access, system crashes, malware injection
Control measures to protect computer systems
1. Technical controls
These are technology-based protections:
- Install and update antivirus/anti-malware software
- Use firewalls to block unauthorized access
- Apply encryption for sensitive data
- Keep software and operating systems updated (patching)
- Use secure authentication (strong passwords, MFA)
- Regular data backups
2. Administrative controls
These involve rules and policies:
- Cybersecurity training for users
- Access control policies (limit who can access what)
- Regular security audits
- Incident response plans
- Password management policies
3. Physical controls
Protect hardware and physical infrastructure:
- Locked server rooms
- CCTV surveillance
- Biometric or card access systems
- Backup power supply (UPS)
- Fire and disaster protection systems
4. Behavioral controls (user practices)
- Avoid clicking unknown links or attachments
- Use strong, unique passwords
- Do not share sensitive information online
- Verify emails and websites before logging in
- Log out after use on public systems
What is called firewall in network security? Differentiatae IDS and IPS in network security management.
A firewall is a network security system (hardware, software, or both) that monitors and controls incoming and outgoing network traffic based on predefined security rules.
Functions of a Firewall:
- Blocks unauthorized access to a network
- Allows safe and trusted communication
- Filters traffic based on IP addresses, ports, and protocols
- Acts as a barrier between internal network and external networks (like the internet)
👉 In simple terms: A firewall is like a security guard at the entrance of a network.
Difference Between IDS and IPS
1. IDS (Intrusion Detection System)
An IDS (Intrusion Detection System) is a security tool that monitors network traffic and alerts administrators when suspicious activity is detected.
2. IPS (Intrusion Prevention System)
An IPS (Intrusion Prevention System) is a security tool that not only detects threats but also automatically blocks or prevents them.
Key Differences
Feature | IDS (Intrusion Detection System) | IPS (Intrusion Prevention System) |
Main Function | Detects and alerts about threats | Detects and actively prevents threats |
Action | Passive (no direct blocking) | Active (blocks malicious traffic) |
Response | Sends alert to admin | Automatically stops attack |
Placement | Monitors network traffic | Placed inline in network path |
Risk Handling | Only reports suspicious activity | Stops harmful activity immediately |
Example Use | Security monitoring and analysis | Real-time protection of systems |
Simple Summary
- Firewall: Controls and filters network traffic based on rules
- IDS: Detects attacks and alerts the system admin
- IPS: Detects and automatically blocks attacks
What does identity and access control mean in cyhber swcurity?: Expalin single factor and multifactor authentication applied in network and system security with suitable example.
Identity and Access Control (IAM – Identity and Access Management) refers to the process of:
- Identifying users (who they are)
- Authenticating users (verifying their identity)
- Authorizing users (deciding what resources they can access)
In simple terms:
It ensures that only the right people get access to the right systems at the right time.
Example:
- A student logs into a college portal using a username and password.
- The system verifies the student’s identity and allows access only to student-related data, not admin controls.
Authentication Types in Network and System Security
Authentication is the process of verifying a user’s identity before granting access.
There are mainly two types:
1. Single-Factor Authentication (SFA)
Definition:
Single-factor authentication uses only one method to verify identity, usually something the user knows (like a password).
Common factors:
- Password
- PIN
- Security question
Example:
- Logging into your email using only a username and password.
Advantages:
- Simple and fast
- Easy to use
Disadvantages:
- Less secure
- Passwords can be stolen or guessed
2. Multi-Factor Authentication (MFA)
Definition:
Multi-factor authentication uses two or more verification methods from different categories:
- Something you know (password/PIN)
- Something you have (mobile phone, OTP, security token)
- Something you are (fingerprint, face recognition)
Example:
- Logging into a bank account:
- Enter password (something you know)
- Enter OTP sent to mobile (something you have)
Advantages:
- Much more secure
- Harder for attackers to access accounts
Disadvantages:
- Slightly slower login process
- Requires extra devices or steps
Simple Comparison
Feature | Single-Factor Authentication | Multi-Factor Authentication |
Security Level | Low | High |
Methods Used | One (password) | Two or more factors |
Example | Password login | Password + OTP or fingerprint |
Risk | Easy to hack | Very difficult to hack |
Summary
Identity and access control ensures secure system access by verifying users. Single-factor authentication uses only one method like a password, while multi-factor authentication uses multiple verification steps such as OTPs and biometrics, making it much more secure for modern network and system protection.
What do you mean by digital signature?: How does it provide far more inherent security than handwritten signature?
A digital signature is a cryptographic technique used to verify the authenticity, integrity, and origin of a digital message or document.
It is created using public key cryptography, where:
- The sender uses a private key to sign the data
- The receiver uses the sender’s public key to verify it
In simple terms:
A digital signature is an electronic “seal” or proof that a message truly comes from the sender and has not been changed.
How a Digital Signature Works (Basic Idea)
- A message is created (e.g., an email or document)
- A hash (digital fingerprint) of the message is generated
- The hash is encrypted using the sender’s private key → this becomes the digital signature
- The receiver decrypts it using the sender’s public key
- The receiver compares the hash → if it matches, the message is authentic and unchanged
Why Digital Signatures are More Secure than Handwritten Signatures
1. Authentication (Identity Verification)
- Handwritten signature: Can be copied or forged
- Digital signature: Cryptographically linked to the sender’s private key, making it extremely hard to fake
2. Integrity (No Tampering)
- Handwritten signature: Document can be changed after signing without easy detection
- Digital signature: Any change in the document invalidates the signature immediately
3. Non-repudiation (No Denial)
- Handwritten signature: Sender may deny signing it
- Digital signature: Legally and technically proves the sender signed it using their private key
4. Strong Encryption Security
- Uses advanced algorithms like RSA or ECC
- Breaking it without the private key is practically impossible with current computing power
5. Automatic Verification
- Handwritten signatures require human judgment
- Digital signatures are verified instantly by systems with high accuracy
6. Security Against Forgery
- Handwritten signatures can be traced, scanned, or replicated
- Digital signatures are unique and tied to secure cryptographic keys
Summary
A digital signature is a secure electronic method of signing data using cryptography. It is far more secure than handwritten signatures because it ensures:
- Identity verification
- Data integrity
- Prevention of forgery
- Legal proof of authenticity
What do yo mean by hacking? Classify the types of hacker with suitable example.
Hacking is the process of gaining unauthorized or authorized access to a computer system, network, or digital device by exploiting weaknesses in security.
It may be used for:
- Testing security (ethical use)
- Stealing data or causing damage (illegal use)
Types of Hackers (with examples)
Hackers are classified based on their intent and purpose.
1. White Hat Hackers (Ethical Hackers)
These hackers work legally and ethically to find and fix security vulnerabilities.
Purpose:
- Improve system security
- Protect organizations from attacks
Example:
- A security expert hired by a company to test their website for weaknesses (penetration testing)
2. Black Hat Hackers (Malicious Hackers)
These hackers hack systems illegally for personal gain or to cause harm.
Purpose:
- Steal data
- Financial fraud
- Damage systems
Example:
- A hacker stealing credit card information from an online shopping site
3. Grey Hat Hackers
These hackers fall between ethical and unethical. They may break into systems without permission but not for harmful intent.
Purpose:
- Discover vulnerabilities, sometimes report them later
- May violate laws but not always for personal gain
Example:
- A hacker accessing a website without permission and informing the owner about security flaws
4. Script Kiddies
These are unskilled hackers who use existing tools or scripts created by others.
Purpose:
- Cause disruption or show off
- Lack deep technical knowledge
Example:
- A teenager using a ready-made tool to crash a website
5. Hacktivists
These hackers use hacking for political or social causes.
Purpose:
- Protest against governments or organizations
- Spread messages or awareness
Example:
- Defacing a government website to protest a policy
Summary Table
Type | Intent | Example |
White Hat | Ethical, security improvement | Company security tester |
Black Hat | Illegal, harmful | Data theft hacker |
Grey Hat | Mixed intent | Unauthorized vulnerability finder |
Script Kiddie | Low skill, uses tools | Uses hacking software to attack sites |
Hacktivist | Political/social cause | Website defacement for protest |
What is digital signature? Explain the major aplication of digital signature?
A digital signature is a cryptographic method used to verify the authenticity, integrity, and origin of a digital message or document.
It works using public key cryptography, where:
- The sender signs the document using a private key
- The receiver verifies it using the sender’s public key
In simple terms:
A digital signature is an electronic proof of identity and approval for digital data, ensuring it has not been altered.
Major Applications of Digital Signature
Digital signatures are widely used in areas where security, trust, and legal validity are important.
1. E-Governance and Government Services
Digital signatures are used in online government systems for secure document submission.
Examples:
- Filing income tax returns
- Online passport applications
- Digital land record submissions
2. Banking and Financial Services
Banks use digital signatures to secure transactions and documents.
Examples:
- Online fund transfers
- Loan agreements
- Digital account opening forms
3. E-Commerce Transactions
They help ensure secure online business activities.
Examples:
- Signing purchase agreements
- Verifying online contracts
- Securing payment confirmations
4. Legal Documents and Contracts
Digital signatures make electronic documents legally valid.
Examples:
- Employment contracts
- Business agreements
- Court filings in e-legal systems
5. Email Security
Digital signatures are used to verify that emails are genuine and not altered.
Examples:
- Business communication verification
- Preventing email spoofing or fraud
6. Software Distribution
Software companies use digital signatures to ensure software authenticity.
Examples:
- Verifying software updates
- Preventing installation of tampered software
What is phising ? Explain the types of phising?
Phishing is a type of cyber attack where attackers try to trick users into revealing sensitive information such as:
- Passwords
- Bank account details
- Credit card numbers
- OTPs or personal data
They usually do this by pretending to be a trusted source like a bank, company, or government service.
👉 In simple terms: Phishing is a fake attempt to steal your personal information by deception.
Types of Phishing Attacks
1. Email Phishing
This is the most common type of phishing attack.
How it works:
- Attackers send fake emails that look like they are from banks or companies
- The email contains fake links or attachments
Example:
An email saying “Your bank account is blocked. Click here to verify.”
2. Spear Phishing
This type targets a specific person or organization.
How it works:
- The attacker collects personal information about the victim
- Sends highly customized and believable messages
Example:
A fake email sent to an employee pretending to be their company manager asking for login details.
3. Whaling
This is a form of spear phishing that targets high-level executives like CEOs or managers.
How it works:
- Uses very convincing messages
- Focuses on important people with access to valuable data
Example:
A fake legal email sent to a company CEO requesting urgent financial transfer.
4. Smishing (SMS Phishing)
Phishing done through text messages (SMS).
How it works:
- Victim receives a fake SMS with malicious links
Example:
“Your bank account is locked. Click this link to unlock it.”
5. Vishing (Voice Phishing)
Phishing done through phone calls.
How it works:
- Attackers pretend to be bank officers or customer support
- They try to extract sensitive information
Example:
A caller asking for your OTP or ATM PIN pretending to be from a bank.
6. Clone Phishing
This involves creating a fake copy of a real email.
How it works:
- Attacker duplicates a legitimate email
- Replaces safe links with malicious ones
Example:
A copied delivery confirmation email with a fake tracking link.
What is the role of confidentially, integrity and Availability in cyber Security? Explain
The CIA Triad is the core model of cyber security. It defines three main goals that protect information systems and data from threats and misuse:
- Confidentiality
- Integrity
- Availability
Together, they ensure information is secure, trustworthy, and accessible to the right users.
1. Confidentiality
Confidentiality means keeping information secret from unauthorized users.
Role in cyber security:
- Protects sensitive data from being accessed by hackers or outsiders
- Ensures privacy of users and organizations
How it is maintained:
- Passwords and authentication systems
- Encryption (data is converted into unreadable form)
- Access control (user permissions and roles)
Example:
Only a bank customer can see their account balance, not other users.
2. Integrity
Integrity means ensuring that data is accurate, complete, and not changed without permission.
Role in cyber security:
- Prevents unauthorized modification or tampering of data
- Ensures trust in information systems
How it is maintained:
- Hash functions
- Digital signatures
- Data validation and checksums
Example:
The amount of money in a bank transaction should not be changed during transfer.
3. Availability
Availability means ensuring that data and systems are accessible when needed by authorized users.
Role in cyber security:
- Keeps systems running without interruption
- Prevents downtime caused by attacks or failures
How it is maintained:
- Backups and disaster recovery systems
- Firewalls and DDoS protection
- Redundant servers and power supply systems
Example:
A website should remain accessible even during heavy traffic or cyber attacks.
Summary (CIA Triad)
Principle | Meaning | Purpose | Example |
Confidentiality | Prevent unauthorized access | Protect privacy | Secure login to email |
Integrity | Prevent data modification | Ensure accuracy | Safe bank transaction |
Availability | Ensure system access | Maintain uptime | Website always online |
What do yo mean of Denial of Service Attack? How can you protect firm DOS attack Explain?
A Denial of Service (DoS) attack is a cyber attack in which an attacker tries to make a computer system, server, or network unavailable to its legitimate users by overwhelming it with excessive traffic or requests.
In simple terms:
A DoS attack is like blocking the entrance of a shop by crowding it with fake customers so real customers cannot enter.
Key idea:
- The system becomes slow, unresponsive, or completely unavailable
Types (brief idea)
- DoS (single source attack)
- DDoS (Distributed Denial of Service): Attack comes from many systems (botnet), making it more powerful
Effects of DoS Attack
- Website or server downtime
- Slow network performance
- Loss of business and revenue
- Service disruption for users
- Damage to company reputation
How to Protect a Firm from DoS/DDoS Attacks
1. Use Firewalls and Filtering Systems
- Firewalls block suspicious or unwanted traffic
- Filters can block traffic from known malicious IP addresses
2. Intrusion Detection and Prevention Systems (IDS/IPS)
- IDS detects unusual traffic patterns
- IPS automatically blocks malicious traffic
3. Traffic Monitoring and Rate Limiting
- Controls number of requests from a single user/IP
- Prevents overload on servers
4. Use DDoS Protection Services
- Cloud-based services like Cloudflare or AWS Shield absorb and filter attack traffic
- They distribute traffic across multiple servers
5. Load Balancing
- Distributes traffic across multiple servers
- Prevents a single server from being overloaded
6. Increase Bandwidth and Server Capacity
- Helps handle sudden traffic spikes
- Reduces chances of system crash
7. IP Blacklisting and Geo-blocking
- Blocks malicious IP addresses or regions where attacks originate
8. Regular Security Updates
- Keeps systems patched against vulnerabilities attackers may exploit
List out the types of social engineering attack and explain any five of them briefly.
Social engineering attacks are methods used by cybercriminals to manipulate people into revealing confidential information instead of hacking systems directly.
Common types include:
- Phishing
- Spear Phishing
- Whaling
- Vishing
- Smishing
- Pretexting
- Baiting
- Quid Pro Quo
- Tailgating (Piggybacking)
Explanation of Any Five Types
1. Phishing
Phishing is a fraudulent attempt to steal sensitive information using fake emails or websites.
How it works:
- Attacker sends fake emails pretending to be a trusted organization
- User clicks malicious links or enters personal data
Example:
Email saying “Your bank account is blocked, click here to verify.”
2. Spear Phishing
Spear phishing targets a specific individual or organization using personalized information.
How it works:
- Attacker researches the victim
- Sends highly convincing and customized messages
Example:
An email sent to an employee pretending to be their manager requesting login credentials.
3. Whaling
Whaling is a type of spear phishing that targets high-profile individuals like CEOs or executives.
How it works:
- Very carefully crafted fake emails
- Focus on large financial or sensitive data access
Example:
Fake email to a company CEO requesting urgent fund transfer.
4. Vishing (Voice Phishing)
Vishing uses phone calls to trick victims into revealing information.
How it works:
- Attacker pretends to be bank staff or technical support
- Asks for OTPs, passwords, or account details
Example:
A caller pretending to be a bank officer asking for ATM PIN.
5. Smishing (SMS Phishing)
Smishing uses text messages (SMS) to deceive users.
How it works:
- Fake SMS contains malicious links or urgent warnings
- Victim is tricked into clicking links or sharing data
Example:
“You have won a prize! Click this link to claim.”
0 Komentar