Lakhasly

Cyber security Fundamentals - Confidentiality: Confidentiality is about preventing the disclosure of data to unauthorized parties.It occurs when an attacker is masquerading as a trustworthy entity in electronic communication.Whereby a data is introduced into a DNS resolver's cache causing the name server to return an incorrect IP address, diverting traffic to the attackers computer or any other computer.Often confidentiality is compromised by cracking poorly encrypted data, Man-in-the-middle (MITM) attacks, disclosing sensitive data. Cyber-attacks can be classified into the following categories:

1. Web-basedattacks 2) System-basedattacks Web-based attacks These are the attacks which occur on a website or web applications.This attack generates a large number of guesses and validates them to obtain actual data like user password and personal identification number.Data redundancy Types of Cyber Attacks A cyber-attack is an exploitation of computer systems and networks.It uses malicious code to alter computer code, logic or data and lead to cybercrimes, such as information and identity theft.Injection attacks It is the attack in which some data will be injected into a web application to manipulate the application and fetch the required information.Example- SQL Injection, code Injection, log Injection, XML Injection etc.2.3.4.5.

Cyber security Fundamentals – Confidentiality:
Confidentiality is about preventing the disclosure of data to unauthorized parties.
It also means trying to keep the identity of authorized parties involved in sharing and holding data private and anonymous.
Often confidentiality is compromised by cracking poorly encrypted data, Man-in-the-middle (MITM) attacks, disclosing sensitive data.
Standard measures to establish confidentiality include:
 Data encryption
 Two-factor authentication
 Biometric verification
 Security tokens
Integrity
Integrity refers to protecting information from being modified by unauthorized parties. Standard measures to guarantee integrity include:
 Cryptographic checksums
 Using file permissions
 Uninterrupted power supplies
 Data backups
Availability
Availability is making sure that authorized parties are able to access the information when needed.
Standard measures to guarantee availability include:
 Backing up data to external drives
 Implementing firewalls
 Having backup power supplies
 Data redundancy
Types of Cyber Attacks
A cyber-attack is an exploitation of computer systems and networks. It uses malicious code to
alter computer code, logic or data and lead to cybercrimes, such as information and identity theft.
Cyber-attacks can be classified into the following categories:

1. Web-basedattacks 2) System-basedattacks
   Web-based attacks
   These are the attacks which occur on a website or web applications. Some of the important
   web-based attacks are as follows-

1. Injection attacks
   It is the attack in which some data will be injected into a web application to manipulate the application and fetch the required information.
   Example- SQL Injection, code Injection, log Injection, XML Injection etc.


2. DNS Spoofing
   DNS Spoofing is a type of computer security hacking. Whereby a data is introduced into a DNS resolver's cache causing the name server to return an incorrect IP address, diverting traffic to the attackers computer or any other computer. The DNS spoofing attacks can go on for a long period of time without being detected and can cause serious security issues.


3. Session Hijacking
   It is a security attack on a user session over a protected network. Web applications create cookies to store the state and user sessions. By stealing the cookies, an attacker can have
   access to all of the user data.


4. Phishing
   Phishing is a type of attack which attempts to steal sensitive information like user login credentials and credit card number. It occurs when an attacker is masquerading as a trustworthy entity in electronic communication.


5. Brute force
   It is a type of attack which uses a trial and error method. This attack generates a large number of guesses and validates them to obtain actual data like user password and personal
   identification number. This attack may be used by criminals to crack encrypted data, or by security, analysts to test an organization's network security.