Today the lecture was by Mr. Devgan from BHEL. He is an expert in his field from past 17 years and has delivered a session on Information Security today. He has done many projects accordingly.
In the beginning, we get to know about the basics of security. He put light on current issues like Ransomware, WannaCry ransomware attack (A malware attack which corrupts the system or data and demand for some payment in return.)
There are many other types of ransomware:
- CRYPTO Ransomware (files vulnerable)
- LOCKER Ransomware (device vulnerable) …..
He also talks about CDAC, which is Centre for development of advance computing. It’s an institute offering many courses and it organises campaigns on Information Security Awareness.
We get to know about the basic terms related to Security:
- Digital Signature
- Availability (Ensures about a handy environment related to hardware, software, connection etc.)
He also enlighted about Attacks on different layers in an OSI Model.
One can always Google to learn in depth, as I am detailing about the terms which are new to me.
Many types of attacks can take place to disturb out system:
- Interruption (Information will not be sent to the destined user)
- Modification (Wrong data sent to the receiver i.e Integrity Vulnerable)
- Interception (Third person is having eye on your data)
- Fabrication (Authenticity vulnerable)
- Repudiation (Tricking the authenticity)
- Spoofing (Making a user jump to another website by spoofing links etc.)
- Phishing (Sending bank related fake emails to get the information about the respective victim’s account.)
- Dictionary Attack (To pursue using a very large set of words to identify the password. “That’s why it’s said to use a complicated password“)
- Clickjacking(Manipulating the website links to make the user shift to another site.)
- Tabnapping (A user is in a habit of opening no. of tabs simultaneously. If one of them is malfunctioned one and side by side he is accessing bank related information. Then, it will be at risk. Plus the malfunctioned site can enter into all other sites being active at that time.)
- Stegobot (It can even detect data from an image. Hence, attack steganography technique.)
Apart from this, a new term I get to embark today is Botnet.
Example, If there is a hacker who wants to make any site like Amazon down for 2 days using Denial of Service (DOS), then he will make a script and will send that malfunctioned script to lakhs of users. It can be through e-mails depicting about “You have won a lottery, click here to claim”. All the persons clicking that link are inviting that script to get installed on their systems unknowingly.
Later on, The Bot master (Hacker) gives a command to hack Amazon and all those Bots (malfunctioned system) will start attacking Amazon site.
Plus, there is a robot.txt file through which websites can communicate with Web crawllers, robots etc. Also, this file gives permission to web crawlers (In the case of Google, Spiders) to read the website’s data and then show the results to the user.
Beside this, another way to hack systems is through Software Engineering.
It can be pursued in several ways like:
- Dumpster Diving (Accesses trashed information, even passwords are sometimes written on sticky notes.)
- Shoulder surfing (Back cameras for getting password information)
- Persuasion (Fake calls, making a person pursue according to the hacker’s demand.)
- Baiting (Similar to phishing, though difference comes in the usage of an item to entice persons. Example, an infected USB threw in a parking lounge and people took that and plug it with their systems. It may contain a malfunctioned script.)
- Vishing (Related to phishing, but is done through Voice emails, calls etc. Example, Bank information related fake calls.)
One need to be alert and aware of the facts as there are numerous type of attacks which can infect your system.
It refers to the usage of another’s person Identity (name) to do some kind of illegal work. It can be done using Skimming attack (Example, even SIM Card can be used in this way and the person can make use of the victim’s number to pursue things. The victim is the one paying the full bill.)
For understanding, one can relate to Wifi password hacking and it’s usage for their need. But, it’s not a skimming attack purely.
Plus, I was encountered with a new term i.e Virtual Keyboards. As Keyloggers (S/W or H/W) is an attack which can record the key presses and can further detect the passwords. To resolve this type of attack, software component for users to enter characters is introduced called virtual keypad which enhances security level.
Also, the difference between a Magenetic stripe and chip-based card. Though, EMV-chip-based credit and debit cards are emerging nowadays because of their security levels. As they are having embedded microprocessor chips which protect the data. It’s named after it’s originators i.e Europay, MasterCard, and Visa.
There are few other expressions:
- Trojan: Trojan horse is a type of computer program which is inserted in any system to corrupt it.
- Spyware: A Spyware is a kind of software program injected in a system which will give information about the user. It’s a kind of malware, not a virus. Though both are dangerous, there is a slight difference. Malware is not self-replicating. Hence, need user interference for clicking a fake link etc. to get injected.
- Worm/Virus: These are self-replicating which doesn’t need human intervention to spread. eg, ILOVEYOU worm etc.
Nowadays, the concept of hacking is approaching towards Mobile market, as there are huge no. of users operating through their cell phones.
- Bluejacking: It refers to sending unsolicited messages through Bluetooth to enables devices which can inject the virus int the system. It’s done using OBEX (Object Exchange) Protocol that facilitates the exchange of binary objects among devices.
- Bluesnarfing: It refers to the theft of information like messages, Address book etc.
Hence, one should be acquainted with the security measures.