Unit-5

🔐 Phishing Attack

Definition:
A phishing attack is a type of cybercrime where an attacker pretends to be a trusted entity to
trick individuals into revealing confidential information, such as usernames, passwords, bank
details, or credit card numbers.

How It Works:

• The attacker sends a fraudulent email, message, or website link that looks
genuine.
• The victim is lured into clicking the link or downloading an attachment.
• The link typically leads to a fake website that closely resembles a legitimate one.
• Once the victim enters their information, it is captured by the attacker.

Common Targets:

• Online banking users

• E-commerce shoppers
• Social media users
• Corporate employees

Example:
You receive an email that looks like it's from your bank, asking you to "verify your account."
The link takes you to a fake website, and when you enter your login details, the attacker captures
them.

Types of Phishing Attacks:

1. Email Phishing: The most common form, using fake emails.

2. Spear Phishing: Targeted at specific individuals or companies.
3. Whaling: Targets high-level executives (like CEOs).
4. Smishing: Phishing through SMS messages.
5. Vishing: Phishing via voice calls.

Consequences:

• Financial loss
• Identity theft
• Unauthorized access to systems
• Spread of malware
Prevention Measures:

• Never click on suspicious links.

• Check the sender’s email address carefully.
• Enable two-factor authentication (2FA).
• Use updated antivirus software.
• Verify website URLs (look for “https://”).

Sure! Here’s the explanation of SQL Injection in the same format as Phishing Attack:

SQL Injection

Definition:

SQL Injection is a code injection technique where an attacker inserts malicious SQL code into a
query through input fields to access or manipulate the database in unauthorized ways.

How It Works:

• A user enters input in a web form (like login fields).

• If the application doesn’t validate or filter this input, attackers can inject SQL commands.
• These commands are run by the database server, leading to unauthorized access or
control over the database.

Common Targets:

• Login pages
• Search fields
• Contact forms
• URL parameters
• Any input-based database interactions
•

Example:

Suppose a login form executes this query:

SELECT * FROM users WHERE username = ‘admin’ AND password = ‘1234’;

An attacker can input: Username: admin

Password: ‘ OR ‘1’=’1

The query becomes:

SELECT * FROM users WHERE username = ‘admin’ AND password = ‘’ OR ‘1’=’1’;

This condition is always true, and the attacker gains access.

Types of SQL Injection:

a. Classic SQLi: Basic injection using input fields.

b. Blind SQLi: No visible result; attacker observes behavior.
c. Error-based SQLi: Uses error messages to extract information.
d. Union-based SQLi: Combines results from different queries.
e. Time-based SQLi: Uses response time to infer information.

Consequences:

• Unauthorized access to sensitive data

• Data leakage, manipulation, or deletion
• Bypassing authentication
• Full control of the database
• Server or system compromise

Prevention Measures:

• Use Prepared Statements or Parameterized Queries

• Validate and sanitize all user inputs
• Avoid using dynamic SQL
• Implement least privilege access in the database
• Use Web Application Firewalls (WAF)
• Keep database systems and web apps updated
🛡️ Securing Databases and Database Access

Definition:
Securing databases and their access involves applying technical and administrative measures
to protect data stored in databases from unauthorized access, misuse, or data breaches.

How It Works:
By implementing various security controls, such as strong authentication, encryption, and
access limitations, organizations can prevent attackers from exploiting database vulnerabilities or
gaining access to sensitive data.

Common Targets:

• Database servers (e.g., MySQL, PostgreSQL, Oracle, SQL Server)

• Stored sensitive data like passwords, emails, financial records
• Admin interfaces and APIs connected to databases

🔑 Key Security Measures:

1. Access Control:
o Use role-based access control (RBAC).
o Grant users the minimum privileges they need.
o Disable unused or default accounts.
2. Authentication and Authorization:
o Use strong passwords or multi-factor authentication (MFA).
o Avoid using shared or generic database accounts.
3. Data Encryption:
o Encrypt data at rest (stored data) and data in transit (transferred data).
o Use SSL/TLS for secure communication.
4. Input Validation:
o Protect against SQL Injection by validating and sanitizing inputs.
o Use prepared statements in application code.
5. Monitoring and Logging:
o Monitor database activity in real-time.
o Enable audit logs to track login attempts, changes, and suspicious behavior.
6. Backup and Recovery:
o Schedule regular backups of database data.
o Test backup restoration procedures.
7. Patch Management:
o Keep database software and operating systems up to date.
o Apply security patches as soon as they are released.
8. Database Firewalls:
 o Use Database Activity Monitoring (DAM) tools or Web Application
Firewalls (WAF) to detect and block threats.

⚠️ Consequences of Poor Database Security:

• Data theft or loss

• Identity theft or privacy violations
• Service disruptions
• Legal and compliance issues (e.g., GDPR, HIPAA violations)
• Loss of trust and financial penalties

🕷️ Cross-Site Scripting (XSS)

Definition:
Cross-Site Scripting (XSS) is a web security vulnerability that allows an attacker to inject
malicious scripts (usually JavaScript) into web pages viewed by other users.

How It Works:
The attacker injects a script (e.g., in a form, URL, or comment) that gets stored or reflected in a
webpage. When another user loads the page, the script runs in their browser as if it came from a
trusted source.

Common Targets:

• Comment boxes
• Search bars
• URL parameters
• User profiles or messages
• Any field that reflects user input back to the webpage

🧪 Types of XSS Attacks:

1. Stored XSS:
The malicious script is saved on the server (e.g., in a database or comment) and is sent to
all users who view the page.
 2. Reflected XSS:
The script is reflected off a web server (e.g., in a search result) and executed immediately
in the user’s browser.
3. DOM-Based XSS:
The vulnerability exists in the client-side JavaScript, where the script is executed based
on DOM (Document Object Model) changes.

📌 Example:

A user inputs the following in a comment section:

<script>alert('Hacked!');</script>

If the site doesn’t sanitize this input, it will be saved and shown to other users. When someone
views the comment, the alert box will appear — proving that JavaScript is executed in their
browser..

🎯 What XSS Can Do:

• Steal cookies, session tokens, or login credentials

• Deface websites or trick users with fake content
• Redirect users to malicious websites
• Perform actions on behalf of the user (like making a purchase)

🛡️ Prevention Measures:

1. Input Validation and Output Encoding:

o Validate and escape user input before displaying it on a page.
2. Content Security Policy (CSP):
o Restricts the sources from which scripts can be executed.
3. Sanitize HTML:
o Use libraries like DOMPurify to clean user inputs.
4. Use HTTPOnly and Secure Cookies:
o Prevents JavaScript access to cookies.
5. Avoid Inline Scripts:
o Use external scripts and follow best HTML practices.
6. Framework-level Protection:
o Use frameworks like React or Angular, which have built-in XSS protection.
⚠️ Consequences of XSS:

• Theft of sensitive user data

• Hijacking of user sessions
• Website reputation damage
• Legal or regulatory non-compliance
• Spread of malware through trusted sites

Here is a clear and detailed explanation of Cookies followed by Session Hijacking, in the same
formal and easy-to-understand format:

🍪 Cookies

Definition:
Cookies are small pieces of data stored by a web browser on a user's device. They are used by
websites to remember information about the user between visits or during a browsing session.

How It Works:
When you visit a website, the server may send a cookie to your browser. The browser stores this
cookie and sends it back with future requests to the same site. Cookies help in identifying users,
maintaining sessions, and storing preferences.

🔑 Types of Cookies:

1. Session Cookies:
o Temporary; deleted when the browser is closed.
o Used to maintain login sessions.
2. Persistent Cookies:
o Stored on the device for a set duration.
o Used to remember user preferences or login info.
3. Secure Cookies:
o Only transmitted over HTTPS.
o Provides security against eavesdropping.
4. HttpOnly Cookies:
o Not accessible by JavaScript.
o Helps protect against XSS attacks.
 5. Third-party Cookies:
o Set by domains other than the one the user is visiting.
o Commonly used for advertising and tracking.

🛡️ Cookie Security Measures:

• Use Secure and HttpOnly flags

• Set proper expiration and domain scope
• Avoid storing sensitive data directly in cookies
• Use encrypted session identifiers

⚠️ Risks if Not Secured Properly:

• Can be stolen via XSS attacks

• Used in session hijacking
• May leak user behavior to third parties

🕵️‍♂️ Session Hijacking

Definition:
Session Hijacking is a cyberattack where an attacker takes control of a valid session between a
user and a web application. It typically happens by stealing session identifiers (like cookies).

How It Works:
Once a user logs into a website, a session ID is created and stored in a cookie. If an attacker
steals this session ID (e.g., via XSS, network sniffing), they can impersonate the user without
knowing the username or password.

🔓 Techniques to Perform Session Hijacking:

1. Cookie Theft (via XSS):

o Malicious scripts access cookies and send them to the attacker.
2. Session Sniffing:
o Capturing session data from unsecured HTTP traffic (man-in-the-middle
attack).
3. Session Fixation:
 o Attacker sets a known session ID before the user logs in.
4. Man-in-the-Middle (MITM) Attacks:
o Intercepting session data between client and server.

🎯 What Attackers Can Do:

• Access user’s private data

• Perform actions on behalf of the user (like making transactions)
• Modify account settings
• Compromise additional accounts using the same session

🛡️ Prevention Measures:

1. Use HTTPS Everywhere:

o Encrypts data in transit, preventing interception.
2. Regenerate Session IDs after Login:
o Prevents session fixation.
3. Use HttpOnly and Secure Cookies:
o Protects session IDs from client-side access.
4. Set Session Timeouts:
o Automatically ends sessions after inactivity.
5. Detect Session Anomalies:
o Monitor IP address or device fingerprint changes.
6. Two-Factor Authentication (2FA):
o Adds an extra layer of security even if a session is hijacked.

⚠️ Consequences of Session Hijacking:

• Unauthorized access to accounts

• Identity theft
• Financial loss
• Loss of trust in web applications
• Legal and reputational damage
🛒 E-Commerce Security

Definition:
E-Commerce Security refers to the protection of online shopping platforms from threats and
fraud. It ensures that all online transactions are safe, private, and trustworthy for both
customers and businesses.

✅ Main Goals:

1. Confidentiality – Keeps personal and payment data private.

2. Integrity – Ensures data is not changed during transfer.
3. Authentication – Confirms the identity of buyers and sellers.
4. Availability – Keeps the website running without interruption.
5. Non-Repudiation – Prevents denial of online transactions.

⚠️ Common Threats:

• Phishing – Fake emails or sites to steal user info

• SQL Injection – Hacking databases through forms
• XSS (Cross-Site Scripting) – Inserting harmful code in web pages
• Session Hijacking – Taking over user sessions
• DDoS Attacks – Making the website crash using heavy traffic
• Credit Card Fraud – Misusing payment details

🛡️ Security Measures:

• Use of HTTPS (SSL) for secure browsing

• Strong passwords and Two-Factor Authentication
• Regular data backups and security updates
• Secure payment gateways
• Firewalls and antivirus software
• Privacy policies and user consent
🎯 Why It Is Important:

• Builds customer trust

• Prevents financial loss
• Ensures legal compliance
• Maintains business reputation

🧱 Firewall

Definition:
A firewall is a security system that monitors and controls incoming and outgoing network
traffic based on predefined security rules. It acts as a barrier between trusted and untrusted
networks.

🔐 Functions:

• Blocks unauthorized access

• Allows legitimate traffic
• Monitors data packets

🛡️ Importance:

• Protects from hackers and malware

• Prevents data leakage
• Essential for network security

🔄 Types of Firewalls:
1. Packet Filtering Firewall (Stateless):

• Inspects each data packet individually

• Uses rules to allow or deny packets
• Fast but less secure as it doesn’t track connection states
2. Stateful Inspection Firewall:

• Keeps track of active connections

• Analyzes packet context and state
• More secure than stateless filtering

🌐 Application Layer Proxies

Definition:
Also called proxy firewalls, these act as intermediaries between the user and the internet.

🔍 How it works:

• Accepts user request

• Forwards it on behalf of the user
• Filters traffic at application layer (e.g., HTTP, FTP)

✅ Benefits:

• Hides real IP addresses

• Deep traffic inspection
• Prevents direct access to internal systems

📍 Firewall Location and Configuration

Placement:

• Typically placed at the network perimeter (between internal LAN and internet)

Configuration Includes:

• Access control lists (ACLs)

• Port blocking or opening
• IP address filtering
• Rule sets for traffic types
⚠️ Good Practices:

• Update firewall rules regularly

• Block unused ports
• Use layered security

🚨 Intruders

Definition:
Intruders are unauthorized users or software that try to break into a system or steal/modify
information.

🧑‍💻 Types:

1. Masqueraders: Outsiders pretending to be legitimate users

2. Misfeasors: Authorized users misusing privileges
3. Clandestine users: Trying to hide their actions or presence

🎯 Objective:

• Steal sensitive data

• Cause disruption
• Gain unauthorized access

🕵️‍♂️ Intrusion Detection System (IDS)

Definition:
An IDS is a system that monitors network traffic or system activity for signs of malicious
activity or policy violations.

🛠️ Types:

1. Network-based IDS (NIDS): Monitors traffic on a network

2. Host-based IDS (HIDS): Monitors activities on a specific device
✅ Functions:

• Detects intrusions
• Alerts system administrators
• Logs incidents for review