Pages

Friday, April 27, 2018

Cyber Security Terminology - 2

Cyber Security - Terminology - List 2

Social Engineering: Social engineering is essentially the art of gaining access to buildings, computer systems or data by exploiting human psychology, rather than by breaking in or using technical hacking techniques.

Email spoofing: Email spoofing is the creation of email messages with a forged sender address. Email spoofing is the forgery of an email header so that the message appears to have originated from someone or somewhere other than the actual source. Email spoofing is a tactic used in phishing and spam campaigns because people are more likely to open an email when they think it has been sent by a legitimate source.

Active Attacks: An active attack is a network exploit in which a hacker attempts to make changes to data on the target or data en route to the target.

Passive Active: A passive attack is a network attack in which a system is monitored and sometimes scanned for open ports and vulnerabilities. The purpose is solely to gain information about the target and no data is changed on the target. Passive attacks include active reconnaissance and passive reconnaissance.

Types of Cyber security Attacks
  • Phishing Attacks.
  • SQL Injection Attacks (SQLi)
  • Cross-Site Scripting (XSS)
  • Man-in-the-Middle (MITM) Attacks.
  • Malware Attacks.
  • Denial-of-Service Attacks, etc..
Authentication: the process or action of verifying the identity of a user or process.

Confidentiality: Confidentiality is the protection of personal information. Confidentiality means keeping a client's information between you and the client, and not telling others including co-workers, friends, family, etc. Examples of maintaining confidentiality include: individual files are locked and secured.

Cyber space: the notional environment in which communication over computer networks occurs. Cyberspace refers to the virtual computer world, and more specifically, is an electronic medium used to form a global computer network to facilitate online communication. It is a large computer network made up of many worldwide computer networks that employ TCP/IP protocol.

Certifying Authority: A certificate authority (CA) is a trusted entity that issues electronic documents that verify a digital entity's identity on the Internet. The electronic documents, which are called digital certificates, are an essential part of secure communication and play an important part in the public key infrastructure (PKI).

Domain name: A domain name is your website name. A domain name is the address where Internet users can access your website. A domain name is used for finding and identifying computers on the Internet.

Intellectual property: Intellectual property (IP) is a category of property that includes intangible creations of the human intellect, and primarily encompasses copyrights, patents, and trademarks.

Jurisdiction: the official power to make legal decisions and judgements.

Brute force attack: A brute force attack is a trial-and-error method used to obtain information such as a user password or personal identification number (PIN). In a brute force attack, automated software is used to generate a large number of consecutive guesses as to the value of the desired data.

Salami attack: A “salami attack” is a form of cybercrime usually used for the purpose of committing financial crimes in which criminals steal money or resources a bit at a time from financial accounts.

References: https://en.wikipedia.org

Monday, April 23, 2018

Cyber Security Terminology-1


Basic Terminology related to Cyber Security

Information systems: An information system (IS) is an organized system for the collection, organization, storage and communication of information.

Information management: Information management (IM) is the process of collecting, storing, managing and maintaining information in all its forms.

Security Attacks: In computer and computer networks an attack is any attempt to expose, alter, disable, destroy, steal or gain unauthorized access to or make unauthorized use of an Asset.

Three Basic Security Goals: The three basic security goals are confidentiality, integrity, and availability. All information security measures try to address at least one of three goals.

Computer Criminals: Convicted computer criminals are people who are caught and convicted of computer crimes such as breaking into computers or computer networks.

Viruses: A computer virus is a type of malicious software program ("malware") that, when executed, replicates itself by modifying other computer programs and inserting its own code.

It is a piece of code which is capable of copying itself and typically has a detrimental effect, such as corrupting the system or destroying data.

Malicious Code: Malicious code is the term used to describe any code in any part of a software system or script that is intended to cause undesired effects, security breaches or damage to a system. Malicious code is an application security threat that cannot be efficiently controlled by conventional antivirus software alone.

System Threats: System threats refers to misuse of system services and network connections to put user in trouble. System threats can be used to launch program threats on a complete network called as program attack. System threats creates such an environment that operating system resources/ user files are misused.

Physical Security: Physical security is the protection of personnel, hardware, software, networks and data from physical actions and events that could cause serious loss or damage to an enterprise, agency or institution. This includes protection from fire, flood, natural disasters, burglary, theft, vandalism and terrorism.

Physical Access Control: In the fields of physical security and information security, access control (AC) is the selective restriction of access to a place or other resource. The act of accessing may mean consuming, entering, or using. ... Locks and login credentials are two analogous mechanisms of access control.

Windows File Protection (WFP), a sub-system included in Microsoft Windows operating systems of the Windows 2000 and Windows XP era, aims to prevent programs from replacing critical Windows system files. Protecting core system files mitigates problems such as DLL hell with programs and the operating system.

Network Security: Network security consists of the policies and practices adopted to prevent and monitor unauthorized access, misuse, modification, or denial of a computer network and network-accessible resources.

Intrusion Detection System: An intrusion detection system (IDS) is a device or software application that monitors a network or systems for malicious activity or policy violations.

Privacy on the Web/ Internet Privacy: Internet privacy involves the right or mandate of personal privacy concerning the storing, repurposing, provision to third parties, and displaying of information pertaining to oneself via of the Internet. Internet privacy is a subset of data privacy.

References: https://en.wikipedia.org


Click here to read more Cyber Security Terminology.

Friday, April 13, 2018

Top 10 Website of the World (March 2018)

Following is the list of Top 10 Website declared by Alexa in March 2018.

    Company Name         Website Name         Rank
Top 10 Website of the World


Detailed information about the same are available at following URLs:

Reference: en.wikipedia.org/wiki/List_of_most_popular_websites
www.alexa.com


Tuesday, April 10, 2018

Best Life Insurance Plan


Program to compare best life insurance plan using an array.

Assumption: Best life insurance company plan is one which offers more risk cover for the specified premium.

Other parameters are also important to find best life insurance plan, but in this program only one parameter(risk cover) is considered.

#include<stdio.h>

int main()
{
 int riskcover[5], i, max, ans=1;
 char insurance_company[5][30];

 printf("Enter Risk Cover offered for Rs. 1000 premium by Each life insurance company.\n\n");

 for(i=0;i<5;i++) {
printf("Enter Name of Life Insurance Company- %d:",i+1);
scanf("%s",insurance_company[i]);
printf("Enter Risk Covered by Policy- %d:",i+1);
scanf("%d",&riskcover[i]);
 }
 //Logic to find Best Life Insurance Company.
 max=riskcover[0];
 for(i=0;i<5;i++) {
if(riskcover[i] >= max)
{
  max=riskcover[i];
  ans=i;
}
 }

 printf("Best Insurance Plan is offered by company:%s", insurance_company[ans]);
}

Output of program

Enter Risk Cover offered for Rs. 1000 premium by Each life insurance company.

Enter Name of Life Insurance Company- 1: AAA
Enter Risk Covered by Policy- 1:5000
Enter Name of Life Insurance Company- 2: BBB
Enter Risk Covered by Policy- 2:10000
Enter Name of Life Insurance Company- 3: CCC
Enter Risk Covered by Policy- 3:15000
Enter Name of Life Insurance Company- 4: DDD
Enter Risk Covered by Policy- 4:8000
Enter Name of Life Insurance Company- 5: EEE
Enter Risk Covered by Policy- 5:5000
Best Insurance Plan is offered by company: CCC