CYBER SECURITY

SAGAR PRAKSHISHAN SANSTHAN

SINCE 1989
 INTRODUCTION TO CYBER SECURITY

Cyber security is a process that’s

designed to protect networks and
devices from external threats.

Cyber security is the protection of

Internet-connected systems, including
hardware, software, and data from
cyber-attacks.
NEED OF CYBER SECURITY

• Protection of data.
• Protection against cyber attacks.
• Protection against increasing
digitalization.
• Ensuring business continuity.
• Protects privacy.
GOALS OF CYBER SECURITY

• The goal of cyber

security is to ensure
secure storage, control
access, and prevent
unauthorized
processing, transfer, or
deletion of data.
WHAT ARE THE KEY GOALS OF CYBER SECURITY

Confidentiality Integrity Availability

Encryption of data Checksums Redundancy

Access control
Data backups Programmed failovers

Physical security
Digital signatures
Non-disclosure
agreements
Correction codes
Authentication
And authorization
 TYPES OF CYBER ATTACKS

• Cyber-attacks can be classified

into the following categories:
1. Web-based attacks
2. System-based attacks
 WEB-BASED ATTACKS
• These are the attacks that occur on a website or web applications.
Some of the important web-based attacks are as follows:
1. Injection attacks
2. DNS Spoofing
3. Session Hijacking
4. Phishing
5. Brute Force
6. Denial of Service
7. DDOS (Distributed Denial of Service) Attack
8. Dictionary attacks
9. Man in the middle attacks
INJECTION ATTACKS
• It is an attack in which some data will be
injected into a web application to manipulate
the application and fetch the required
information.
• Example: SQL injection, code injection, log
injection, XML injection, etc.
DNS SPOOFING
• whereby data is introduced into a DNS
resolver’s cache causing the name server to
return an incorrect IP address, diverting
traffic to the attacker’s computer or any
other computer.
SESSION HIJACKING
• It is a security attack on a user session over
a protected network. Web applications
create cookies to store the state and user
sessions. By stealing the cookies, an
attacker can have access can have access to
all of the user data.
PHISHING
• Phishing is a type of attack that attempts to steal
sensitive information like user login credentials and
credit card numbers.
BRUTE FORCE
• This attack generates a large number of
guesses and validates them to obtain
actual data like user passwords and
personal identification numbers. This
attack may be used by criminals to crack
encrypted data, or by security, analysts
to test an organization’s network
security.
DENIAL OF SERVICE
• It is an attack which meant to make a server
or network resource unavailable to the users.
It uses a single system and a single internet
connection to attack a server.
DDOS (DISTRIBUTED DENIAL OF SERVICE) ATTACK
• In this attack dos attacks are done from
many different locations using many
systems.
DICTIONARY ATTACKS
• This type of attack stored the list of a
commonly used password and validated them
to get the original password.
MAN IN THE MIDDLE ATTACKS
• It is a type of attack that allows an attacker to intercept the connection between client and server and acts as a
bridge between them.
SYSTEM-BASED ATTACKS
• These are the attacks that are intended to
compromise a computer or a computer network.
• System-based attacks are as follows”
1. Virus
2. Worm
3. Trojan Horse
4. Backdoors
VIRUS
• It is a type of malicious software program
that spreads throughout the computer files
without the knowledge of a user.
WORM
• It is a type of malware whose primary
function is to replicate itself to spread to
uninfected computers. It works the same
as the computer virus.
TROJAN HORSE
• It is a malicious program that causes
unexpected changes to computer
settings and unusual activity, even
when the computer should be idle.
BACKDOORS
• It is a method that bypasses the normal
authentication process.
SECURING PC
• When it comes to computer security, a wide range
of threats must be considered, including malicious
attacks by hackers and losses such as data theft.
1. Keep your operating system and software updated.
2. Enable firewall
3. Install antivirus software to protect your PC.
4. Adjust your browser settings
5. Keep your password safe and hard to guess.
6. Back up your system
7. Be careful online and don’t click on suspicious links.
8. Use a standard user account in place of an administrative account.
9. Always use license software
• Securing a browser involves several steps and best practices to ensure a safe browsing
experience. Here are some key points:
1. Keep the browser updated
2. Use strong, unique passwords
3. Enable two-factor authentication
4. Install reliable security extensions SECURING BROWSER
5. Regularly clear cache and cookies
6. Disable unnecessary plugins
7. Use secure connections (HTTPS)
8. Enable browser privacy settings
9. Regularly review permissions
10. Be wary of public Wi-Fi
11. Use a virtual private network (VPN) for secure connections.
12. Use private web browsing.
 SECURING EMAIL AND SOCIAL MEDIA ACCOUNTS
• Here are key points for securing accounts on platforms like Facebook, Instagram,
WhatsApp, and Email.
10. Log out from shared devices
1. Enable two-factor authentication
11.Educate yourself on security features
2. Use strong, unique passwords
12.Report suspicious activity
3. Regularly update passwords
4. Be cautious of phishing scams 13.Secure recovery options
5. Review and manage account permissions 14.Avoid public Wi-Fi
6. Enable login alerts
7. Keep apps and software updated
8. Use privacy settings
9. Monitor account activity
SECURING SMART PHONE

• All smartphones, like computers, are favourite targets of hackers. Many types of personal information
are preserved in a smartphone in smartphones like pictures, location, banking applications, social media
applications, etc.

• All this information needs to be kept safe.

 SOME OF THE FOLLOWING MEASURES CAN BE TAKEN TO KEEP THE
SMARTPHONE SAFE

1. Keep a strong passcode 6. Wi-Fi & Hotspot security

2. Use two-factor authentication 7. Set up remote wipe
3. Use only trusted apps 8. Back up phone data
4. Update phones and apps regularly
5. Understand app permission before accepting them