Cyber Security

Unit: - III
Syllabus:
• Cyberspace- Cloud Computing & Security
• Social Network Sites Security
• Attack Prevention- Passwords
• Protection Against Attacks in social media
• Securing Wireless Networks
• Security Threats

Cyberspace- Cloud Computing & Security:

What is cloud computing?
Cloud computing is a method of delivering computing services over
the internet, including servers, storage, networks, software, and
analytic data. Companies choose cloud computing to reduce costs,
gain agility, and improve cloud security. As cloud services, including
cloud security, are easily scalable, it is a way to support continuity
even during times of rapid growth.
Cloud computing services:
Cloud services can appear in one of three ways depending on the
service an organization offers to its customer. These three are SaaS,
PaaS, and IaaS. Let see what each of these means.
• Software as a Service (SaaS) is a cloud application service.
Organizations frequently use this to deliver their applications to
the end-user, while a third party manages the application
through a private cloud.
• Platform as a Service (PaaS) is a cloud platform service that
allows developers to work on their applications through the
cloud. This simplifies their development management process
and allows them to solely focus on development while the
organization or a third party manages the server, storage, and
networking.
 • Infrastructure as a Service (IaaS) offers organizations a
complete working infrastructure, from storage, networking,
monitoring, and other services, all on a private cloud. This
simplifies the management practices of an organization and
frees resources that would have otherwise been used in the
case of legacy infrastructure.
What is cloud security?
Cloud security is a collection of technologies, services, controls, and
practices designed to protect cloud data, applications, and
infrastructure from cyber threats and attacks. Robust cloud cyber
security is essential to prevent data loss and help the organization
maintain compliance with data privacy regulations.
Cloud cyber security can be supplied by the cloud service provider
(CSP) or the customer. In most cases, the CSP offers their customers
the latest in cloud cyber security technology and ensures they have
the best possible protection from known and anticipated threats.
Types of cloud environments:
When you're looking for cloud-based security, you'll find three main
types of cloud environments to choose from. The top options on the
market include public clouds, private clouds, and hybrid clouds. Each
of these environments has different security concerns and benefits,
so it's important to know the difference between them:
1. Public clouds:
Public cloud services are hosted by third-party cloud service
providers. A company doesn't have to set up anything to use
the cloud, since the provider handles it all. Usually, clients can
access a provider's web services via web browsers. Security
features, such as access control, identity management, and
authentication, are crucial to public clouds.
2. Private clouds:
Private clouds are typically more secure than public clouds, as
they're usually dedicated to a single group or user and rely on
that group or user's firewall. The isolated nature of these
 clouds helps them stay secure from outside attacks since
they're only accessible by one organization. However, they still
face security challenges from some threats, such as social
engineering and breaches. These clouds can also be difficult to
scale as your company's needs expand.
3. Hybrid clouds:
Hybrid clouds combine the scalability of public clouds with the
greater control over resources that private clouds offer. These
clouds connect multiple environments, such as a private cloud
and a public cloud, that can scale more easily based on
demand. Successful hybrid clouds allow users to access all their
environments in a single integrated content management
platform.
Cloud Computing Risks, Threats, and Challenges:
While often used interchangeably, cloud computing risks, threats,
and challenges represent distinct facets of the cloud security land-
scape:
Cloud Computing Risks:
Risks in cloud computing refer to potential events or circumstances
that could result in adverse impacts on an organization’s cloud-
based assets or operations.
Examples:
• Data Breaches: Unauthorized access to sensitive customer da-
ta stored in cloud databases, such as personal information, fi-
nancial records, or intellectual property. Data breaches can re-
sult from vulnerabilities in cloud configurations, weak access
controls, or insider threats.
• Service Interruptions: Cloud service outages or disruptions
due to hardware failures, network issues, or cyber-attacks.
Service interruptions can lead to downtime, loss of productivi-
ty, and financial losses for organizations reliant on cloud-based
applications and services.
• Compliance Violations: Failure to comply with regulatory re-
quirements and industry standards, leading to fines, legal pen-
 alties, and reputational damage. Examples include mishandling
personally identifiable information (PII) in violation of GDPR or
healthcare data under HIPAA regulations.
• Financial Losses: Risks include unexpected costs associated
with cloud services, such as over provisioning of resources,
unexpected data transfer fees, or vendor lock-in leading to in-
creased expenses. Financial losses can also result from con-
tractual disputes, service-level agreement (SLA) breaches, or
legal liabilities.
Cloud Computing Threats:
Threats in cloud computing encompass malicious activities, attacks,
or exploits that target vulnerabilities within cloud environments
with the intent of causing harm or gaining unauthorized access.
Examples:
1. Malware Infections: Malware targets cloud-based applica-
tions, storage, or infrastructure, such as ransomware encrypt-
ing data or crypto jacking malware exploits cloud resources for
cryptocurrency mining.
2. Phishing Attacks: Fraudulent emails or messages impersonate
legitimate entities, aiming to deceive users into revealing sen-
sitive information, credentials, or financial details.
3. DDoS Attacks: Distributed denial-of-service (DDoS) attacks
target cloud infrastructure or services, flooding them with ma-
licious traffic to overwhelm resources and disrupt operations.
4. Insider Threats: Dissatisfied employees intentionally leak con-
fidential data to negligent insiders inadvertently exposing sen-
sitive information through misconfigured cloud resources or
weak security practices.
Cloud Computing Challenges:
Challenges in cloud computing refer to obstacles or complexities
that organizations encounter in effectively securing their cloud in-
frastructure and operations.
Examples:
• Shared Responsibility Models: Challenges arise in delineating
security responsibilities between cloud providers and users,
 particularly in infrastructure-as-a-service (IaaS), platform-as-a-
service (PaaS), or software-as-a-service (SaaS) models.
• Compliance Complexity: Navigating the complexities of com-
pliance requirements across multiple jurisdictions, industries,
and cloud service providers, such as achieving compliance with
GDPR, HIPAA, or SOC 2 in multi-cloud environments.
• Identity and Access Management (IAM): Challenges encom-
pass managing user identities, permissions, and access con-
trols across diverse cloud environments, ensuring secure au-
thentication, authorization, and auditing.
• Data Protection: Instances involve ensuring data encryption,
key management, and secure transmission of data in transit
and at rest, as well as protecting against data leakage, unau-
thorized access, or data residency requirements.
• Monitoring and Incident Response: Challenges include estab-
lishing robust monitoring, detection, and incident response
capabilities in complex, multi-cloud architectures, ensuring
timely identification and remediation of security incidents and
breaches.
Security Risks of Cloud Computing:
The transition to cloud platforms means malicious actors will
continue to seek ways to penetrate companies’ cloud defences.
Below are some of the biggest security risks businesses face when
trying to protect their data on the cloud.
• MALICIOUS MALWARE:
Often, when companies implement cloud computing, they
erroneously believe that they’re now safe from traditional
malware attacks. Unfortunately, this isn’t always the case.
Although cloud malware’s intended target is the cloud platform
provider, end users can still experience repercussions.
• LIMITED VISIBILITY INTO NETWORK OPERATIONS:
When businesses use a mix of cloud platforms and
environments as well as on-premises servers, this
infrastructure can become complex and cause limited visibility
 within a network. Although complex networks can cause
inefficient operations and network downtime, leading to
overspending, the main security issue is the unintentional
creation of network “dark spots.” This term refers to areas
within a cloud network or infrastructure that monitoring tools
frequently miss, leaving those segments open and exposed to a
security breach.
• COMPLIANCE ISSUES:
The regulations you have to comply with depend on your
industry or the service you provide. Two of the most
widespread and relevant pieces of legislation regarding cloud
computing are the EU General Data Protection Regulation
(GDPR) and the Health Insurance Portability and Accountability
Act of 1996 (HIPAA).
• DATA LOSS:
Although one of the major reasons to use cloud computing is to
safeguard data and assets, it is not immune to data loss.
One significant cause of data loss is insufficient data backup
and recovery. Many startup owners and entrepreneurs place
too much faith in the cloud, meaning they don’t have adequate
planning and resources for data recovery.
• DATA BREACHES:
Surprisingly, or perhaps not, the largest cause of data breaches
is human error. According to Verizon’s 2023 Data Breaches
Investigations Report, 74 percent of data breaches involved a
human element, whether intentional or not.
• ACCOUNT HIJACKING:
This won’t be news to you but, if users write down their cloud
account password or share it with others, the chance of their
cloud accounts being hijacked increases. As a result of this type
of negligence, hackers can gain access to employees’ emails
and, from there, can easily access their whole cloud accounts.
• INSIDER THREATS:
 Now it’s time for the snakes in the grass, the true rogues:
insider threats. These can be current or former employees,
workers who have been reckless or negligent with their actions,
or threat actors who’ve gained the trust of naïve employees.
How Can You Minimize Risks of Cloud Computing?
Ideally, cybersecurity experts could recommend software that was a
one-stop-shop for all cloud computing risks. Unfortunately, that
solution doesn’t exist today and likely never will.

• Multifactor authentication (MFA): This relatively simple fix of

asking for a password and a thumbprint or face scan can block
more than 99.9 percent of account compromises, according to
Microsoft.
• Network segmentation: This practice reduces the all-access
approach that many businesses follow. Enabling strict rules for
each network segment means only specific actions would be al-
lowed and a select number of approved users would be granted
access.
• Virtual private networks (VPNs): VPNs hide users’ IP addresses
and create a secure tunnel encrypting their online traffic. Their
use should be a standard practice within an office and readily
available to remote employees when using their cloud accounts
and accessing work files and data.
• Cloud audits: Not only can this assessment determine the
cloud’s computing performance, but it can also check estab-
lished controls and best practices regarding identity and access
management, data backup and recovery, and vendor manage-
ment. Audits can scan for potential unauthorized access and
ensure everyone is following compliance rules.
Social Network Sites Security:
Security on social networking sites is crucial due to the vast amount
of personal and sensitive information users share on these platforms.
Here are some key aspects of social network site security:
• Privacy Settings: Social networking sites typically offer privacy
settings that allow users to control who can view their profile,
posts, and other personal information. Users should regularly
review and adjust these settings to ensure their privacy
preferences are up to date.
• Data Encryption: Social networking sites should employ strong
encryption protocols to protect user data transmitted between
users' devices and the platform's servers. This helps prevent
unauthorized access to sensitive information.
• Secure Authentication: Strong authentication mechanisms,
such as two-factor authentication (2FA), help verify the identity
of users and prevent unauthorized access to accounts.
Encouraging users to enable 2FA can significantly enhance the
security of their accounts.
• Secure Development Practices: Social networking sites must
follow secure software development practices to minimize
vulnerabilities that could be exploited by attackers. This
includes regular security testing, code reviews, and
vulnerability assessments.
• User Education: Educating users about common security risks,
such as phishing attacks and malware, helps them recognize
and avoid potential threats. Providing tips on creating strong
passwords, identifying suspicious links, and safeguarding
personal information can empower users to protect themselves
online.
• Monitoring and Response: Social networking sites should
implement robust monitoring systems to detect suspicious
activity, such as unusual login attempts or unauthorized access
 to user accounts. Prompt response to security incidents is
essential to mitigate potential damage and protect user data.
• Third-Party App Permissions: Many social networking sites
allow users to connect third-party apps and services to their
accounts. It's crucial to review and manage these permissions
carefully to avoid granting unnecessary access to personal
information.
• Regular Updates: Social networking platforms should regularly
update their software and security features to address known
vulnerabilities and strengthen overall security posture.
• Transparency and Accountability: Social networking sites
should be transparent about their data handling practices and
security measures. They should also hold themselves
accountable for protecting user data and promptly addressing
security incidents.
• Regulatory Compliance: Compliance with relevant privacy and
data protection regulations, such as the General Data
Protection Regulation (GDPR) in the European Union, is
essential for social networking sites to ensure the lawful and
ethical handling of user data.

Attack Prevention- Passwords:

Here’s a detailed description of attack prevention strategies
regarding passwords:
• Strong Password Policies: Enforce strong password require-
ments such as minimum length, complexity (mix of uppercase,
lowercase, numbers, and special characters), and prohibition of
commonly used passwords.
• Password Storage: Store passwords securely using crypto-
graphic hashing algorithms such as bcrypt or Argon2. Hashing
ensures that even if the password database is compromised,
the actual passwords remain hidden.
• Salting: Add a unique salt to each password before hashing it.
Salting prevents attackers from using precomputed tables like
rainbow tables to reverse the hashes back to passwords.
• Multi-Factor Authentication (MFA): Require additional forms
of verification beyond just a password, such as a temporary
code sent to a user’s mobile device or generated by an authen-
ticator app. This significantly enhances security by requiring
something the user knows (password) and something they have
(e.g., smartphone).
• Regular Password Changes: Encourage or enforce regular
password changes to mitigate the risk of compromised pass-
words. However, this should be balanced with usability consid-
erations to avoid users resorting to weak or easily guessable
passwords.
• Account Lockout Policy: Implement an account lockout policy
that temporarily locks an account after a certain number of
failed login attempts. This prevents brute-force attacks where
attackers try to guess passwords repeatedly.
• Monitoring and Logging: Monitor login attempts for suspicious
activity and log relevant information such as IP addresses,
timestamps, and user agents. This helps identify and respond to
potential attacks in real-time.
• User Education: Educate users about password security best
practices, such as not sharing passwords, avoiding password
reuse across multiple accounts, and being cautious of phishing
attempts.
• Security Awareness Training: Provide regular training to em-
ployees or users on recognizing common social engineering
techniques used to obtain passwords, such as phishing emails
or impersonation calls.
• Password Management Tools: Encourage the use of password
management tools that generate and store complex passwords
securely. These tools can help users manage a large number of
unique passwords effectively without resorting to insecure
practices like password reuse.
 • Use strong passwords: Use at least eight characters that in-
clude a mix of uppercase and lowercase letters, numbers, and
symbols. Avoid using common or easily guessable passwords.
• Use different passwords for different accounts: Each account
should have a unique password.
• Limit login attempts: Limit the number of times someone tries
to log in to your website.
• Use Passwordless authentication: Passwordless authentication
is safer than traditional passwords because it mitigates the at-
tack vectors related to weak or stolen passwords.
• Enable biometric authentication: Biometric data is exclusive to
each individual, so it is virtually impossible for hackers to repli-
cate or steal them.
• Use a firewall: A firewall helps protect your passwords and
computer security.
• Stay informed about cybersecurity trends: Learn how to spot
phishing attempts.
• Use up-to-date malware protection: routinely scan your com-
puter.
Protection Against Attacks in social media:
Protection against attacks on social media platforms involves several
measures to safeguard personal information, privacy, and digital
security:
• Strong Passwords: Use unique, strong passwords for each so-
cial media account. Avoid using easily guessable information
and consider enabling multi-factor authentication (MFA) for an
extra layer of security.
• Privacy Settings: Regularly review and adjust privacy settings
on social media platforms to control who can see your posts,
contact you, and access your personal information. Limit the
visibility of sensitive data to trusted connections only.
• Beware of Phishing: Be cautious of phishing attempts via social
media messages, emails, or ads. Avoid clicking on suspicious
links or providing personal information to unknown sources.
 • Secure Connections: Ensure that your social media accounts
are accessed over secure connections (HTTPS) to prevent
eavesdropping and man-in-the-middle attacks.
• Update Software: Keep your device’s operating system, web
browsers, and social media apps up to date to patch security
vulnerabilities and protect against known exploits.
• Two-Factor Authentication (2FA): Enable two-factor authenti-
cation whenever possible to add an extra layer of security be-
yond just a password. This typically involves receiving a code
via SMS or authenticator app to verify your identity during log-
in.
• Review App Permissions: Regularly review and revoke unnec-
essary app permissions granted to third-party applications con-
nected to your social media accounts. Only authorize trusted
applications with a legitimate need for access.
• Be Mindful of Sharing: Be cautious about sharing sensitive in-
formation, such as your location, financial details, or personal
contact information, publicly on social media platforms. Exer-
cise discretion when accepting friend requests or connection
requests from unknown individuals.
• Report Suspicious Activity: Promptly report any suspicious ac-
tivity, such as unauthorized account access, suspicious messag-
es, or fraudulent content, to the social media platform’s sup-
port team or help centre.
• Educate Yourself: Stay informed about common social media
scams, tactics used by cybercriminals, and privacy best practic-
es. Regularly review security resources provided by social me-
dia platforms and cybersecurity experts to enhance your
awareness and vigilance.
Securing Wireless Networks:
Securing wireless networks is crucial to prevent unauthorized access
and protect sensitive data. Here are key steps to ensure wireless
network security:
• Change Default Settings: Change default usernames, pass-
words, and SSIDs (network names) of your wireless rout-
er/access point to unique, strong ones. Default settings are of-
ten known to attackers and can be exploited.
• Use Encryption: Enable Wi-Fi Protected Access (WPA) or WPA2
encryption on your wireless router/access point. Avoid using
WEP (Wired Equivalent Privacy) as it’s vulnerable to attacks.
• Enabling WPA3 Security: Enabling WPA3 security is another
best practice for wireless network security. WPA3 is the most
recent and most secure wireless security protocol. It provides
stronger protection than WPA2 and should be used whenever
possible.
• Strong Passwords: Set a strong, unique password for your Wi-Fi
network. Avoid using common or easily guessable passwords.
• Network Segmentation: If possible, segment your network into
different subnets to isolate sensitive devices or areas from the
rest of the network. This helps contain potential breaches.
• Disable SSID Broadcasting: SSID stand for Service Set Identifi-
er, Disable the broadcasting of your SSID to prevent your net-
work from being visible to nearby devices. While not a fool
proof security measure, it adds an extra layer of obscurity.
• MAC Address Filtering: Use MAC address filtering to only allow
specific devices to connect to your network. However, be
aware that MAC addresses can be spoofed, so this method
should be used in conjunction with other security measures.
• Update Firmware: Regularly update the firmware of your wire-
less router/access point to patch security vulnerabilities and
improve performance.
• Firewall Configuration: Configure a firewall on your router to
filter incoming and outgoing traffic. Block unnecessary ports
and services to minimize the attack surface.
• Guest Network: Set up a separate guest network for visitors
with restricted access to your main network. This prevents
guests from accessing sensitive data or devices.
 • Regular Monitoring: Monitor network traffic and device activi-
ty for any signs of unauthorized access or suspicious behaviour.
Utilize intrusion detection systems (IDS) or intrusion prevention
systems (IPS) for automated monitoring and response.
• Physical Security: Physically secure your wireless router/access
point to prevent unauthorized access or tampering. Keep it in a
locked cabinet or room if possible.
• Disabling UPnP: Universal Plug and Play (UPnP) is a protocol
that allows devices to automatically discover and connect to
each other. This can be a security risk, as it allows unauthorized
devices to potentially gain access to the network.
• Using A VPN: Using a VPN is another best practice for wireless
network security. A VPN encrypts all traffic between a device
and the VPN server, making it more difficult for someone to
eavesdrop on the connection.
This is especially important when using public Wi-Fi networks,
as they are often less secure than private ones. Be sure to only
use VPNs from trusted providers and make sure that
employees are aware of the importance of using a VPN when
working remotely.
Security Threats:
Cyber security threats can have multiple impacts, from causing
financial damage to compromising confidential information. They
can also lead to a loss of productivity, as systems are unavailable or
disrupted. In addition, cyber security threats can pose a physical
safety risk in some cases if they allow attackers to take control of
critical infrastructure or devices.
The top following cyber security threats with examples are as
follows:
➢ Malware:
Malware is a cyber security threat that can come in many
forms, such as viruses, worms, Trojan horses, and spyware.
Malware can damage or disable a computer, steal information,
or gain access to confidential data.
 In some cases, malware can even be used to take control of a
victim’s computer. There are many different types of malware
attacks, and each one can have various consequences.
• Trojan virus: It is a type of malware that tricks users into
thinking they are downloading a legitimate file when the
file is malicious. Once the file is executed, the Trojan virus
can give the attacker access to the victim’s system and al-
low them to perform malicious actions, such as stealing
data or installing more malware.
• Worm: It is a type of malware designed to spread itself by
replicating itself and sending it to other systems. Worms
can cause a lot of damage because they can spread quick-
ly and use up a lot of resources, which can cause systems
to crash.
• Ransomware: It is another type of malware that can be
used to understand what is a cyber-attack. This type of
malware encrypts a victim’s files and then demands a ran-
som be paid to decrypt the files.
• Spyware: It is a malware designed to collect information
about a victim without their knowledge. This information
can be used to track the victim or steal their Identity.
• Wiper malware: It is malware that is designed to delete
files or render a system inoperable. This type of malware
is often used in attacks where the attacker wants to cause
as much damage as possible.
Protecting against malware:
• Use reputable antivirus/antimalware software and keep it up to
date.
• There are hundreds of tools out there claiming to offer protec-
tion, but organizations need to ensure the solutions they
choose can detect even previously unknown malware by spot-
ting their key characteristics.
• For Example, a program that tries to hide once installed. It’s al-
so essential this is kept up to date and is able to scan every po-
 tential entry point to a network, from emails to USB flash
drives.
➢ Social Engineering Attacks:
A social engineering attack is any attack where the attacker
uses human interaction to trick the victim into doing something
that will compromise their security. They are cyber security
threats that use deception to trick people into revealing
sensitive information or performing an action that they
wouldn’t normally do.
• Phishing: Phishing is a standard social engineering attack
that uses fraudulent emails or websites to lure victims in-
to revealing personal information or clicking on a mali-
cious link.
• Malvertising: Malvertising is another type of social engi-
neering attack where the attacker uses online advertising
to place malicious code on a website that will redirect vis-
itors to a malware-infected site or download malware on-
to their system.
• Drive-by downloads: Drive-by downloads occur when a
victim unknowingly downloads malware by visiting a mali-
cious website or clicking on a malicious ad.
• Baiting: Baiting is a social engineering attack where an at-
tacker leaves a USB drive or other type of media contain-
ing malware in a public place, hoping that someone will
find it and plug it into their computer.
• Honey trap: In a honey trap, an attacker uses an attrac-
tive person or bait to lure a victim into a compromising
situation.
• Tailgating or piggybacking: Tailgating or piggybacking is
an attack where an attacker follows someone through a
door or into a restricted area without them knowing.
Protecting against social engineering:
• Be cautious of unsolicited emails and phone calls don’t click on
links or give out personal information unless you are 100% sure
of the source.
 ➢ Distributed Denial of Service (DDoS):
A distributed denial of service (DDoS) attack is a cyber security
threat in which an attacker attempts to make a network or
server unavailable by flooding it with requests from multiple
computers.
• Botnets: DDoS attacks are often carried out by botnets,
which are networks of infected computers controlled by a
malicious actor. A botnet can send many requests to a
target, resulting in the target being overwhelmed and un-
able to respond to legitimate requests.
• Smurf attack: In a Smurf attack, the attacker spoofs the IP
address of the target to flood it with requests.
• TCP SYN (Synchronize Sequence Number) flood attack:
Here, the attacker sends many SYN requests to the target,
resulting in the target’s resources being exhausted.
• UDP flood attack: It is a type of DDoS attack in which the
attacker sends many UDP packets to the target, resulting
in the target’s resources being exhausted.
Protecting against DDoS attacks:
• Use a firewall and limit incoming connections to known IP ad-
dresses if possible.
• Therefore, preventative and remedial measures must be taken.
While companies can take several steps themselves, such as
bandwidth buffering, having a DDoS mitigation service can be
the most effective defence.
➢ Software Supply Chain Attacks:
A software supply chain attack is a cyber security threat in which
an attacker inserts malicious code into a legitimate software
program. It can occur at any stage of the software development
process, from the initial coding to the final product distribution.
Once the malicious code is implanted, it can steal sensitive data,
cause Denial of Service (DoS) attacks, or even take control of the
victim’s system.
There are many ways in which an attacker can carry out a
software supply chain attack.
 • To compromise a software developer’s account and then insert
malicious code into the software they are working on.
• To target a software repository such as GitHub and insert mali-
cious code into a legitimate project. This can be done by creat-
ing a fake account and submitting a pull request with the mali-
cious code or gaining access to a maintainer’s account and
pushing the code directly to the repository.
• To take control of the victim’s system, using it to carry out fur-
ther attacks or access sensitive data.
Protecting against supply chain attacks:
To mitigate the risk of these attacks, it is imperative to:
• Conduct thorough security assessments of third-party vendors
• Implement stringent access controls
• Regularly update all software to patch potential vulnerabilities
• Continuously monitor network activity for early anomaly detec-
tion
• Establish a robust incident response plan for swift action in the
event of a breach
• Educate employees about threat recognition and the im-
portance of reporting suspicious activities
• Keep your software up to date, and only download programs
from trusted sources.
➢ Cross-Site Scripting (XSS):
Cross-Site Scripting (XSS) is a type of cyber security threat that in-
volves injecting malicious code into a web page. This can be done
by exploiting vulnerabilities in the web application or tricking the
user into clicking on a malicious link.
XSS can steal information from the user, such as cookies or ses-
sion information. It can also be used to inject malicious code into
the web page, which can be used to redirect the user to a mali-
cious website or to display ads.
Examples of XSS attacks include:
1. Injecting malicious code into a web page that is then executed
by the user's browser.
2. Redirecting the user to a malicious website.
 3. Displaying ads on the web page.
4. Stealing information from the user, such as cookies or session
information.
There are two types of XSS attacks:
• Reflected XSS: This attack occurs when the attacker injects ma-
licious code into a web page that reflects the user. It can hap-
pen when the web page takes user input and displays it without
first sanitizing it.
• Stored XSS: Stored XSS occurs when the attacker injects mali-
cious code into a web page stored on the server. It can happen
when the web page needs to properly sanitize user input be-
fore storing it.
Protecting against cross site scripting:
• Use a web browser extension or plugin that will filter out mali-
cious scripts – such as NoScript for Firefox.
➢ SQL Injection:
SQL Injection is a type of cyber security threat that allows attackers
to execute malicious SQL code on a database. This can bypass
security controls, access sensitive data, or even delete data. SQL
Injection is one of the most common attacks on databases and can
be very difficult to detect and prevent.
There are many different types of SQL Injection attacks, but some
of the most common include the following:
1. Blind SQL Injection: It exploits vulnerabilities in a web applica-
tion that does not correctly validate user input. It can allow at-
tackers to execute SQL code without being able to see the re-
sults of their actions.
2. Error-based SQL Injection: It takes advantage of errors re-
turned by a web application when an SQL query is run. By ma-
nipulating the input, attackers can cause the application to re-
turn sensitive data they can use to their advantage.
3. Union-based SQL Injection: This attack takes advantage of the
UNION SQL operator to combine the results of two or more SQL
queries. It can be used to access data that would otherwise be
inaccessible.
 Protecting against SQL injection:
Never insert user input directly into your SQL queries. Always use pa-
rameterized queries or prepared statements instead. It will help to
ensure that your queries are always executed with the correct data
and that no malicious code can be injected into them.
➢ Password attacks:
A password attack is a cyber security threat where an attacker
tries to gain access to a computer system or network by guessing
the password.
1. Brute-force password guessing: Here, the attacker tries every
possible combination of characters until they find the correct
password.
2. Pass-the-hash attack: In a pass-the-hash attack, the attacker
gets hold of the hashed password and uses that to log in with-
out knowing the actual password.
3. Dictionary attack: It is another type of password attack where
the attacker tries common words and phrases that might be
used as a password.
Protecting against password attacks:
• Beyond educating employees on the importance of using
strong passwords to prevent putting your company at risk.
• These include using multi-factor authentication (MFA) that re-
quires users to provide more than a single piece of infor-
mation to gain access, as well as running regular penetration
tests (pen tests) to assess the security of your system.
• Use strong passwords that are difficult to guess. Also, never re-
use passwords across different accounts, and use a password
manager to help keep track of them.
➢ Man in the Middle (MitM) attack:
A man-in-the-middle attack (MitM) is a type of cyber security
attack where the attacker inserts themselves between the vic-
tim and the intended recipient, intercepting communications
between the two. The attacker can then eavesdrop on the
conversations or modify the messages sent.
An attacker can carry out a MitM attack in a few different ways:
 • Session hijacking: Session hijacking is a MitM attack in which
the attacker takes over an active communication session be-
tween two parties. The attacker can then eavesdrop on the
conversation or alter messages.
• Replay attack: Here, the attacker intercepts and records a
communication between two parties, then replay the record-
ing later to eavesdrop on the conversation or alter messages.
• IP spoofing: In IP spoofing, the attacker alters the source IP
address of a packet so that it appears to come from a different
device. This can be used to intercept and change communica-
tions.
Protecting against MITM:
To protect against MitM attacks, implementing the following two
encryption protocols is recommended:
❖ Transport Layer Security (TLS):
• TLS provides a secure channel between two communicating
applications
• It encrypts the data in transit, maintaining confidentiality and
data integrity
• Through the use of digital certificates, TLS authenticates the
communicating parties, making it easier to detect any attempt-
ed interference by an intermediary
❖ Secure Shell (SSH):
• SSH is ideal for system administrators requiring secure remote
access via potentially insecure networks
• It encrypts all communications to and from the client and serv-
er, thwarting attackers from intercepting or altering transmit-
ted data
• SSH applies robust authentication techniques to guarantee that
connections are established only by authorized users
Use SSL/TLS to encrypt your communications. It will ensure that
your data is safe from interception by third parties. Additionally,
you should be careful about the networks you connect to and only
use trusted ones.
➢ Advanced persistent attacks:
 Advanced persistent threats (APT) are a type of cyber security
threat characterized by their sophisticated methods and tech-
niques and their ability to maintain a presence on a system for an
extended period to steal sensitive data. APT attacks are often
targeted and well-planned and can be challenging to detect and
defend against.
1. New account creation: This includes creating new accounts, of-
ten using stolen or fake credentials. It gives the attackers a
foothold on the system they can use to carry out further activi-
ties.
2. Abnormal activity: These include downloading large amounts
of data or connecting to unusual services. It can help the at-
tackers to avoid detection and stay under the radar.
3. Backdoor malware: This type of malware allows attackers to
access the system remotely and carry out activities without be-
ing detected.
Protecting against Advanced persistent attacks:
• Keep your software up to date. Attackers often exploit vulnera-
bilities in outdated software, so by keeping your software up to
date, you can make it more difficult for them to succeed.
➢ Wireless attacks:
A wireless attack is a cyber security threat that explicitly targets
wireless networks and devices. These attacks can take many
forms, from stealing data and information to disrupting or disa-
bling the network entirely. Wireless attacks are becoming increas-
ingly common as more and more devices and networks rely on
wireless technology. As such, it is essential to be aware of the dif-
ferent types of wireless attacks, understand what cyber
threat is, and how to protect against them.
Protecting against wireless attack:
• Use a strong encryption method like WPA2 to protect your
wireless network. You should also disable any remote man-
agement features that are not absolutely necessary, as these
can provide attackers with a way to gain access to your net-
work.