What Is Cyber Security And Types Of Cyber Attacks

Introduction Of Cyber Security 

We live in a digital age that understands that our private information is more insecure than ever.

From Internet banking to government infrastructure, we all live together in a network where data is stored on computers and other devices.

A portion of that data may be sensitive information, although it may be intellectual property, financial data, personal information or other types of data for which unauthorized access or exposure may have negative consequences.

Cybersecurity is the protection of the Internet connective system, including hardware software and data from cyber-attacks. It is made up of two words, one is cyber and the other is security.

Cyber ​​is related to technology that consists of systems, networks and programs or data. So

Security is concerned with protection which includes system security, network security and application and information security.

We may also define cybersecurity as designed to protect our computer resources and online information against threats. Cybersecurity is a critical task and most businesses need insurance.

History of Cyber ​​Security

In 1969, UCLA professor Leonard Kleinrock and student Charlie Klein sent the first electronic message of the UCLA SDS Sigma 7 host computer to Bill Yud at the Stanford Research Institute. This is a legendary story of the digital world. The message sent from UCLA is "Login". They crashed when they typed the first two letters.

Since then the story has believed that programmers type the start message "take and see". The intent was to "login" the message. Those two letters of the message had changed the way we communicated with each other.

1 In the 1970s, Robert Thomas, a BBN Technologist at Cambridge, Massachusetts, created the first computer worm (virus). He realized that it was possible to navigate the network through computer programs, leaving a small test (series of symbols) wherever he went. 

He named the Creeper program and designed it for ARPNET's initial voyage between Tenex terminals and printed the message "I'm the Creeper: Catch Me If You Can".

The inventor of the email, Ray Tomlinson, an American computer programmer, was also working for BBN Technologies at the time. He saw the idea and liked it. 

He tinctured with the program and made his own replica of "First Computer Worm". They named the program Creeper Rapper, which will find and delete copies of Creeper.

The purpose of cybersecurity

The purpose of cybersecurity is to protect against information theft, compromise or attack.

Cybersecurity can be measured for at least one of three purposes-

1. Protect the privacy of data.

2. Maintain data integrity.

3. Promote the availability of data for authorized users.

These objectives are the basis of the Privacy, Integrity, Availability (CIA) trio, all security programs. The CIA Triad is a security model designed to guide policies for the security of information on the premises of an organization or company. 

This model is referred to as AIC (Availability, Integrity, and Privacy) to avoid confusion within the Central Intelligence Agency. Triad's components are considered to be the three most important components of safety.

1. Privacy-

Privacy equals privacy and prevents unauthorized disclosure of information. This includes access to data protection, denying others access to its content while providing access to those who are allowed to view it. 

This prevents the necessary information from reaching the wrong people and ensures that the right people get it. Data encryption is a good example to ensure privacy.

Tools of privacy

Encryption

Encryption is a method of altering information to make it unreadable for unauthorized users using information algorithms. Data conversion uses one secret key (encryption key) so that the converted data can be read using another secret key (decryption key). It protects by encoding sensitive data such as credit card numbers and converting the data into cipher text that cannot be read.

This encrypted data can only be read by decrypting. Asymmetric-keys and symmetry-keys are the two primary types of encryption.

Access control in Cyber security 

Control Access defines rules and policies for restricting access to the control system or for physical or virtual resources. It is a process by which users are granted access to systems, resources or information and certain privileges. 

In the Control Access system, users are required to submit certificates before being granted access, such as a person's name or computer number. In physical systems, these credentials can occur

Authentication in Cyber security 

Authentication is a must for every organization because it enables organizations to secure their networks so that only authorized users can access their protected resources to keep their networks secure. 

These resources may include computer systems, networks, databases, websites, and other network-based applications. Authentication is a process that confirms and confirms a user's identity.

Authorization in Cyber security 

Authorization is a security mechanism that allows something to be done or allowed to be done. It is used to allow a person to access resources based on a control access policy, including computer programs, files, services, data, and application features. This is usually before authentication for user identity verification. 

System administrators are typically assigned permission levels that cover all system and user resources. During authorization, the system verifies the authorized user's access rules and either grant or denies access to resources.

Physical protection for Cyber security 

Describes measures designed to deny unauthorized access to physical security, IT assets such as facilities, equipment, personnel, resources and other property damage. It protects the property from physical hazards including theft, vandalism, fire and natural disasters.

2. The integrity of cyber security 

Integrity is the process of ensuring that data is real, accurate, and protected from unauthorized user correction. The information has not been changed in an unauthorized way and that information is genuine property.

Tools for integrity for Cyber security 

Backup

Backup is the periodic collection of data. This is the process of making copies of the data or data files to use in the event that the original data or data files are lost or destroyed. 

It is also used for longitudinal studies, statistics or historical records or for copying for historical purposes to meet the requirements of a data retention policy. Many applications in the Windows environment create backup files using the backfile extension.

Code that corrects data

There is a way to store data in such a way that small changes can be easily detected and corrected automatically.

3. Availability

Availability is an asset in which such information can be accessed and modified in a timely manner by authorizers. This is a guarantee of reliable and stable access to our sensitive data by authorized people.

Tools for availability

Physical protection

Physical Safeguard means providing information even when physical challenges arise. This ensures that sensitive information and critical information technology are kept in safe areas.

Computer returns

It is applied as a fault tolerant against accidental error. It protects computers and storage devices that fail to act as fallback.

Types of cyber-attacks in Cybersecurity

 

Cyber-attack is the exploitation of computer systems and networks. It uses malicious code to alter computer code, logic and data, and to turn to cyber-crime such as information and identity theft.

These are attacks on websites. Following are some important web-based attacks

Fishing

Fishing is a form of attack that attempts to steal sensitive information such as user login credentials and credit card numbers. This happens when the attacker is masked as a trusted element in electronic communication.

Injection attack

An injection attack is an attack in which some data is injected into a web application in order to modify the application and retrieve the required information.

Example: - SQL injection, code injection, log injection, XML injection etc.

DNS spoofing

DNS spoofing is a form of computer security hacking. The data was brought into the cache of the DNS solver, which returns the wrong IP address to the name server, diverting traffic to the attacker's computer or any other computer. DNS spoofing attacks can go on for long periods of time without being detected and can cause serious security issues.

Brute force

This is a type of attack that uses a trial and error method. This attack generates a large number of predictions and verifies them to obtain actual data such as user passwords and personal identification numbers. This attack can be used by security analysts to crack criminal encrypted data or to test an organization's network security.

Denial of service

This is an attack that was intended to make the server or network resource unavailable to users. This is achieved by flooding the target with traffic or sending information that causes a crash. It uses a single system and a single Internet connection to attack the server. It can be classified as follows

Dictionary attack

This type of attack collects a list of commonly used passwords and verifies them to retrieve the original password.

URL interpretation

This is a type of attack where we can change a specific part of the URL and create a web server to deliver a webpage for which it is not authorized to browse.

File inclusion attacks

It is a type of attack that allows an attacker to access unauthorized or essential files that are available on a web server or execute malicious files on a web server using the included functionality.

Man in the middle attack

This is a type of attack that allows the attacker to disrupt the connection between the client and the server and acts as a bridge between them. This will allow the attacker to read, embed, and modify the data in the intercepted connection.