INTRODUCTION TO CYBER

SECURITY

LONG QUESTIONS:-

1) What is SQL injection attack? Demonstrate few SQL injection

attack.

SQL injection is a web security vulnerability that allows an attacker to

interfere with the queries that an application makes to its database. It

generally allows an attacker to view data that they are not normally able to

retrieve. This might include data belonging to other users, or any other data

that the application itself is able to access. In many cases, an attacker can

modify or delete this data, causing persistent changes to the application's

content or behavior.

Some of SQL injection attack are:-

Retrieving hidden data

Consider a shopping application that displays products in different
categories. When the user clicks on the Gifts category, their browser
requests the URL:
https://insecure-website.com/products?category=Gifts
This causes the application to make an SQL query to retrieve details of the
relevant products from the database:
SELECT * FROM products WHERE category = 'Gifts' AND released = 1
The restriction released = 1 is being used to hide products that are not
released. For unreleased products, presumably released = 0.
This results in the SQL query:
SELECT * FROM products WHERE category = 'Gifts'--' AND released = 1.
Going further, an attacker can cause the application to display all the
products in any category, including categories that they don't know about:
https://insecure-website.com/products?category=Gifts'+OR+1=1--
This results in the SQL query:
SELECT * FROM products WHERE category = 'Gifts' OR 1=1--' AND released =
1
The modified query will return all items where either the category is Gifts, or
1 is equal to 1.

Subverting application logic

Consider an application that lets users log in with a username and password.
If a user submits the username wiener and the password bluecheese, the
application checks the credentials by performing the following SQL query:
SELECT * FROM users WHERE username = 'wiener' AND password =
'bluecheese'
If the query returns the details of a user, then the login is successful.
Otherwise, it is rejected.
SELECT * FROM users WHERE username = 'administrator'--' AND password =
''
• Explain path-traversal attack with suitable example?

• Directory traversal (also known as file path traversal) is a web security

vulnerability that allows an attacker to read arbitrary files on the

server that is running an application. This might include application

code and data, credentials for back-end systems, and sensitive

operating system files. In some cases, an attacker might be able to

write to arbitrary files on the server, allowing them to modify

application data or behavior, and ultimately take full control of the

server.

Some of the example are:-

 • Reading arbitrary files via directory traversal
Consider a shopping application that displays images of items for sale.
Images are loaded via some HTML like the following:
<img src="/loadImage?filename=218.png">
The image files themselves are stored on disk in the
location /var/www/images/. /var/www/images/218.png
URL to retrieve an arbitrary file from the server's filesystem:
https://insecure-website.com/loadImage?filename=../../../etc/passwd
This causes the application to read from the following file path:
/var/www/images/../../../etc/passwd

• Discuss about different types of malwares and viruses

• Malware types are:-

• Adware
Adware (short for advertising-supported software) is a type of
malware that automatically delivers advertisements. Common
examples of adware include pop-up ads on websites and
advertisements that are displayed by software.

• Bots

Bots are software programs created to automatically perform

specific operations. While some bots are created for relatively
harmless purposes (video gaming, internet auctions, online contests,
etc), it is becoming increasingly common to see bots being used
maliciously.

• Bug

A bug is a flaw produces an undesired outcome. These flaws are

usually the result of human error and typically exist in the source code
or compilers of a program. 

• Ransomware

Ransomware is a form of malware that essentially holds a

computer system captive while demanding a ransom. The malware
 restricts user access to the computer either by encrypting files on the
hard drive or locking down the system and displaying messages that
are intended to force the user to pay the malware creator to remove
the restrictions and regain access to their computer.

• Rootkit

A rootkit is a type of malicious software designed to remotely

access or control a computer without being detected by users or
security programs. Once a rootkit has been installed it is possible for
the malicious party behind the rootkit to remotely execute files,
access/steal information, modify system configurations, alter software
(especially any security software that could detect the rootkit), install
concealed malware, or control the computer as part of a botnet. 

• Spyware

Spyware is a type of malware that functions by spying on user activity

without their knowledge. These spying capabilities can include activity
monitoring, collecting keystrokes, data harvesting (account
information, logins, financial data), and more.

• Trojan horse

A Trojan horse, commonly known as a “Trojan,” is a type of

malware that disguises itself as a normal file or program to trick users
into downloading and installing malware. A Trojan can give a malicious
party remote access to an infected computer.

• Virus types are:-

• File Virus
  This type of virus infects the system by appending itself to the end of a
file. It changes the start of a program so that the control jumps to its
code. After the execution of its code, the control returns back to the
main program.
• Boot sector Virus
 It infects the boot sector of the system, executing every time system
is booted and before operating system is loaded. It infects other
bootable media like floppy disks.

• Macro Virus
Unlike most virus which are written in low-level language(like C or
assembly language), these are written in high-level language like
Visual Basic. These viruses are triggered when a program capable of
executing a macro is run

• Source code Virus

 It looks for source code and modifies it to include virus and to help
spread it.

• Polymorphic Virus
A virus signature is a pattern that can identify a virus(a series of
bytes that make up virus code). So in order to avoid detection by
antivirus a polymorphic virus changes each time it is installed..

• Encrypted Virus
In order to avoid detection by antivirus, this type of virus exists in
encrypted form. It carries a decryption algorithm along with it. So the
virus first decrypts and then executes.

• Stealth Virus
 It is a very tricky virus as it changes the code that can be used to
detect it. Hence, the detection of virus becomes very difficult

• Tunneling Virus
This virus attempts to bypass detection by antivirus scanner by
installing itself in the interrupt handler chain. Interception programs,
 which remain in the background of an operating system and catch
viruses, become disabled during the course of a tunneling virus.

Multipartite Virus
 This type of virus is able to infect multiple parts of a system including
boot sector,memory and files. This makes it difficult to detect and
contain.

• Armored Virus
 An armored virus is coded to make it difficult for antivirus to unravel
and understand. It uses a variety of techniques to do so like fooling
antivirus to believe that it lies somewhere else than its real location or
using compression to complicate its code.

• What is social engineering? What are the different way to perform social
engineering?

• Social Engineering scams are the art of deception used by evil-minded

people to nourish their greed for money or something else. They try to
take their targets into confidence and make them pay a hefty amount
to claim the offers. We call such things as a fraud. That’s an
example/type of social engineering, where people try confidence tricks
on their targets.

This social manipulation is not just for financial benefits. Social

engineering can be done for other purposes too, for instance,
harvesting information from people. It involves playing with their mind
to get things done.
ways to perform of Social Engineering :

There are many social engineering tactics depending on the medium

used to implement it. The medium can be email, web, phone, USB
drives, or some other thing. So, let’s tell you about different types of
social engineering attacks:

• Phishing

Phishing is the most common type of social engineering attack.

The attacker recreates the website or support portal of a renowned
company and sends the link to targets via emails or social media
platforms. The other person, completely unknown of the real attacker,
ends up compromising personal information and even credit card
details.

• Spear Phishing

A social engineering technique known as Spear Phishing can be

assumed as a subset of Phishing. Although a similar attack, it requires
an extra effort from the side of the attackers. They need to pay
attention to the degree of uniqueness for the limited number of users
they target. And the hard work pays off, the chances of users falling for
the false emails are considerably higher in the case of spear phishing.

• Vishing

Imposters or social engineers can be anywhere on the internet.

But many prefer the old fashioned way; they use the phone. This type
of social engineering attack is known as Vishing. They recreate the IVR
(Interactive Voice Response) system of a company. They attach it to a
toll-free number and trick people into calling the phone number and
entering their details. 

• Pretexting

Pretexting is another example of social engineering you

might’ve come across. It’s based on a scripted scenario presented in
 front of the targets, used to extract PII or some other information. An
attacker might impersonate another person or a known figure.

5) Discuss about different types access control methodologies.

There are various types of access control methologies. Some of them are:-

• Mandatory Access Control (MAC) management is the strictest

management option and cedes total control of an entire operating

system — doors, cloud-based services, elevators, smartphones — to a

system administrator. Without this administrator's permission, no one

and nothing can gain access. 

• Discretionary Access Control (DAC) management is one step down from

MAC and allows businesses to decide who has access to which areas.

Think of this as a bit like the official guest list for a party: The people on

the list have access to the party, but they can’t bring a friend and might

not have access to every room at the event. Unlike with MAC systems,

there is no single entity that grants permissions. Similar to DAC, 

• Role-Based Access Control (RAC) grants permissions based on certain

criteria. Here, a user might have access to his or her personal email,

but not to a business’s private files on the same server. This allows

businesses to create layers of security and grant access based on

unique needs. 

• Rule-Based Access Control (RBAC) is a mixture of DAC and RAC. Here,

an individual or list of individuals have access to certain areas based on

unique needs but must abide by certain rules (think of elevators that
 lock out employees after hours, regardless of whether they have

keycards).

6.Explain different scanning scheme. Write down the different nmap

commands used for scanning?

• Nmap

• Nmap is a free and open-source network scanner created by

Gordon Lyon. Nmap is used to discover hosts and services on a

computer network by sending packets and analyzing the

responses. Nmap provides a number of features for probing

computer networks, including host discovery and service and

operating system detection.

• Tracert

• The tracert command is a Command Prompt command

that's used to show several details about the path that a packet

takes from the computer or device you're on to whatever

destination you specify. You might also sometimes see

the tracert command referred to as the trace route command

or traceroute command.
 • Ping

• Ping is a computer network administration software utility used to

test the reachability of a host on an

Internet Protocol (IP) network. ... Ping measures the round-trip time

for messages sent from the originating host to a destination

computer that are echoed back to the source.

• Nmap scan commands

Scan using TCP

nmap -sT 192.168.1.1
connect

Scan using TCP SYN

nmap -sS 192.168.1.1
scan (default)

nmap -sU -p 123,161,162

Scan UDP ports
192.168.1.1

Scan selected ports -

nmap -Pn -F 192.168.1.1
ignore discovery

Scan a single IP nmap 192.168.1.1

nmap
Scan a host
www.testhostname.com

Detect OS and
nmap -A 192.168.1.1
Services

Standard service
nmap -sV 192.168.1.1
detection
7. Write down short notes on a. File integrity check
b. VPN

• A file integrity checker calculates a hash value, usually MD5 or SHA-1,

of important files and stores them in a database. The checker can then

be used to calculate and compare the current hash values of

these files against those in the database .File integrity

monitoring (FIM) is an internal control or process that performs the act

of validating the integrity of operating system and application

software files using a verification method between the

current file state and a known, good baseline. ...

Other file attributes can also be used to monitor integrity.

Benefits of File Integrity Monitoring:

• Total Oversight of Your IT Environment

• Faster incident response times,
• More effective change remediation,
• Real-time, continuous monitoring, and
• Regulatory compliance.
How File Integrity checker Works
FIC works by detecting changes to files and configurations. When you
initially install FIC, it creates a baseline to determine your status quo, which
is stored in a database as cryptographic hashes that cannot be edited,
deleted, or altered.
An agent-based FIC will compare data on the state of monitored
elements against the baseline on a continual basis. Better solutions like
CimTrak work at the OS kernel level to detect change the second it occurs
without continuously scanning files. This makes the CimTrak agent very
lightweight, which means it operates on a system transparently in the
background.
• VPN
A virtual private network extends a private network across a public network,
and enables users to send and receive data across shared or public networks
as if their computing devices were directly connected to the private network.
A VPN works by routing your device's internet connection through your
chosen VPN's private server rather than your internet service provider (ISP)
so that when your data is transmitted to the internet, it comes from
the VPN rather than your computer.

VPN is a Virtual Private Network that allows a user to connect to a private

network over the Internet securely and privately. VPN creates an encrypted
connection, known as VPN tunnel, and all Internet traffic and communication
is passed through this secure tunnel. Thus, keeping the user data secure and
private.

There are two basic VPN types which are explained below.

1. Remote Access VPN

Remote access VPN allows a user to connect to a private network and
access its services and resources remotely. The connection between the
user and the private network happens through the Internet and the
connection is secure and private.

2. Site – to – Site VPN

A Site-to-Site VPN is also called as Router-to-Router VPN and is mostly used
in the corporates. Companies, with offices in different geographical
locations, use Site-to-site VPN to connect the network of one office location
to the network at another office location. When multiple offices of the same
company are connected using Site-to-Site VPN type, it is called as Intranet
based VPN.

Types of VPN protocols

The above two VPN types are based on different VPN security protocols.
Each of these VPN protocols offer different features and levels of security,
and are explained below:
1. Internet Protocol Security or IPSec:
Internet Protocol Security or IPSec is used to secure Internet communication
across an IP network. IPSec secures Internet Protocol communication by
authenticating the session and encrypts each data packet during the
connection.
IPSec operates in two modes,

2. Layer 2 Tunneling Protocol (L2TP):

L2TP or Layer 2 Tunneling Protocol is a tunneling protocol that is usually
combined with another VPN security protocol like IPSec to create a highly
secure VPN connection

3. Point – to – Point Tunneling Protocol (PPTP):

PPTP or Point-to-Point Tunneling Protocol creates a tunnel and encapsulates
the data packet. It uses a Point-to-Point Protocol (PPP) to encrypt the data
between the connection.

4. Secure Sockets Layer (SSL) and Transport Layer Security (TLS):

SSL (Secure Sockets Layer) and TLS (Transport Layer Security) create a VPN
connection where the web browser acts as the client and user access is
restricted to specific applications instead of entire network. SSL and TLS
protocol is most commonly used by online shopping websites and service
providers

5. OpenVPN:
OpenVPN is an open source VPN that is useful for creating Point-to-Point and
Site-to-Site connections. It uses a custom security protocol based on SSL
and TLS protocol.

6. Secure Shell (SSH):

Secure Shell or SSH creates the VPN tunnel through which the data transfer
happens and also ensures that the tunnel is encrypted.
8.Explain buffer overflow with an example?
• Buffer is a temporary area for data storage. When more data (than was

originally allocated to be stored) gets placed by a program or system

process, the extra data overflows. It causes some of that data to leak

out into other buffers, which can corrupt or overwrite whatever data

they were holding.

• In a buffer-overflow attack, the extra data sometimes holds specific

instructions for actions intended by a hacker or malicious user; for

example, the data could trigger a response that damages files,

changes data or unveils private information

Example

/ A C program to demonstrate buffer overflow

#include <stdio.h>
#include <string.h>
#include <stdlib.h>
  
int main(int argc, char *argv[])
{
  
       // Reserve 5 byte of buffer plus the terminating NULL.
       // should allocate 8 bytes = 2 double words,
       // To overflow, need more than 8 bytes...
       char buffer[5];  // If more than 8 characters input
                        // by user, there will be access 
                        // violation, segmentation fault
  
       // a prompt how to execute the program...
       if (argc < 2)
       {
              printf("strcpy() NOT executed....\n");
              printf("Syntax: %s <characters>\n", argv[0]);
              exit(0);
       }
  
       // copy the user input to mybuffer, without any
       // bound checking a secure version is srtcpy_s()
       strcpy(buffer, argv[1]);
       printf("buffer content= %s\n", buffer);
  
       // you may want to try strcpy_s()
       printf("strcpy() executed...\n");
  
       return 0;
}

9. Identify and explain different weak configuration issues.

• Fundamental weak configuration weaknesses

• Technology weakness
• Policy weakness
• Configuration weakness

Technology weakness
Every technology has some known or unknown inherent
weaknesses, or vulnerabilities that can be exploited by a sufficiently
motivated troublemaker. Some weaknesses are publicized widely in
the media because they’re associated with a well-known product. Don’t
fall into the faulty logic that because you don’t hear about the other
products, they must be secure.

Policy weakness
 Policy weakness is a catchall phrase for company policies, or a lack of
policies, that inadvertently lead to security threats to the network
system..

The following examples are some of the policy issues that can
negatively impact a businesses computer system:

• No written security policy Lack of a documented and adopted plan

means the security efforts evolve and are enforced, if at all, in a best-
effort manner.

• Lack of disaster recover plan Without a plan, the efforts to fight a

network attack—or even a physical emergency such as fire, flood, or
earthquake—are left to the judgment and knowledge of the staff on
hand.

Configuration weakness
Many network devices have default settings that emphasize performance
or ease of installation without regard for security issues. Installation
without adequate attention to correcting these settings could create
serious potential problems. Some common configuration issues include
the following:
• Ineffective access control lists failing to block intended traffic
• Default, missing, or old passwords
• Unneeded ports or services left active
• User IDs and passwords exchanged in clear text
• Weak or unprotected remote access through the Internet or dial-up
services

10. Write short notes on Industry standard frame works and reference

architecture.

• Industry-standardframeworks are a set of criteria within an industry

relating to carrying out operations known as best practices; this is the
best way that the operations should be set up and carried out. Best
 practices produce better results than a standard way of setting up the
operations.

• These industry standard frameworks are carried out by all members of

that industry. In networking, the International Standard
Organization (ISO) is responsible for the industry framework within
communications and the IT industry. The ISO is a body comprising
international standards bodies that mainly look at communication.

• A reference architecture is a document or a set of documents to which

a project manager or other interested party can refer for best
practices; this will include documents relating to hardware, software,
processes, specifications, and configurations, as well as logical
components and interrelationships.

• A reference architecture is a document or set of documents to which a

project manager or other interested party can refer for best
practices. ... Typically, a reference will document such things as
hardware, software, processes, specifications and configurations, as
well as logical components and interrelationships.

11. Explain Single Sign On (SSO) issues and how to overcome them?

• Single sign-on (SSO) is a session and user authentication service that

permits a user to use one set of login credentials (e.g., name and

password) to access multiple applications. SSO can be used by

enterprises, smaller organizations, and individuals to mitigate the

management of various usernames and passwords.  

 In a basic web SSO service, an agent module on the application server

retrieves the specific authentication credentials for an individual user

from a dedicated SSO policy server, while authenticating the user

against a user repository such as a lightweight directory access

protocol (LDAP) directory. 

How single sign-on works

Single sign-on is a federated identity management (FIM) arrangement

and the use of such a system is sometimes called identity

federation. OAuth, which is pronounced "oh-auth," is the framework

that allows an end user's account information to be used by third-party

services, such as Facebook, without exposing the user's password

OAuth acts as an intermediary on behalf of the end user by providing

the service with an access token that authorizes specific account

information to be shared

Types of SSO configurations

• SAML is an XMLstandard that facilitates the exchange of user

authentication and authorization data across secure domains. SAML-based

SSO services involve communications between the user, an identity

provider that maintains a user directory, and a service provider. 

• In a Kerberos-based setup, once the user credentials are provided, a

ticket-granting ticket (TGT) is issued. The TGT fetches service tickets for

other applications the user wishes to access, without asking the user to

re-enter credentials.
• Smart-card-based SSO will ask an end user to use a card holding the sign-

in credentials. Once first used, a user will not have to re-enter usernames

or passwords. SSO smart cards will store either certificates or passwords.

12. Write down short notes on tablespace management in oracle database.

• Oracle stores data logically in tablespaces and physically

in datafiles associated with the corresponding tablespace.

Databases, tablespaces, and datafiles are closely related, but they have

important differences:

• An Oracle database consists of one or more logical storage units called

tablespaces, which collectively store all of the database's data.

• Each tablespace in an Oracle database consists of one or more files

called datafiles, which are physical structures that conform to the

operating system in which Oracle is running.

• A database's data is collectively stored in the datafiles that constitute

each tablespace of the database. For example, the simplest Oracle

database would have one tablespace and one datafile. Another

database can have three tablespaces, each consisting of two datafiles

(for a total of six datafiles).

Oracle-Managed Files

Oracle-managed files eliminate the need for you, the DBA, to directly manage

the operating system files comprising an Oracle database. You specify

operations in terms of database objects rather than filenames. Oracle

internally uses standard file system interfaces to create and delete files as

needed for the following database structures:

• Tablespaces

• Redo log files

• Control files

The SYSTEM Tablespace

Every Oracle database contains a tablespace named SYSTEM, which Oracle

creates automatically when the database is created.

The SYSTEM tablespace is always online when the database is open.

13. Write down short notes on user management in oracle database.

• Database Users and Schemas

Each Oracle database has a list of user names. To access a database, a user
must use a database application and attempt a connection with a valid user
name of the database. Each user name has an associated password to
prevent unauthorized use.

Security Domain

Each user has a security domain—a set of properties that determine such
things as:

• The actions (privileges and roles) available to the user

• The tablespace quotas (available disk space) for the user
• The system resource limits (for example, CPU processing time) for the
user

Each property that contributes to a user's security domain is discussed in the

following sections.

Privileges

A privilege is a right to run a particular type of SQL statement. Some

examples of privileges include the right to:
 • Connect to the database (create a session)
• Create a table in your schema
• Select rows from someone else's table
• Run someone else's stored procedure

Default Tablespace

Each user is associated with a default tablespace. When a user creates a

table, index, or cluster and no tablespace is specified to physically contain
the schema object, the user's default tablespace is used if the user has the
privilege to create the schema object and a quota in the specified default
tablespace. The default tablespace provides Oracle with information to
direct space use in situations where schema object's location is not
specified.

Temporary Tablespace

Each user has a temporary tablespace. When a user runs a SQL statement
that requires the creation of temporary segments (such as the creation of an
index), the user's temporary tablespace is used. By directing all users'
temporary segments to a separate tablespace, the temporary tablespace can
reduce I/O contention among temporary segments and other types of
segments.

14. Why secure coding is important? List out few best secure coding

practices.

• Secure code will help to prevent many cyber-attacks from happening

because it removes the vulnerabilities many exploits rely on. If your

software has a security vulnerability it can be exploited. The WannaCry

ransomware attack of 2017, exploited a Windows protocol

vulnerability. Software vulnerabilities are rampant.

• Secure coding is the practice of developing computer software in a

way that guards against the accidental introduction

 of security vulnerabilities. Defects, bugs and logic flaws are

consistently the primary cause of commonly exploited software

Some of the best secure practices are:-

• Validate input. Validate input from all untrusted data sources. ...

• Heed compiler warnings. ...

• Architect and design for security policies. ...

• Keep it simple. ...

• Default deny. ...

• Adhere to the principle of least privilege. ...

• Sanitize data sent to other systems. ...

• Practice defense in depth.

15. Explain the importance of policies, plans, and procedures related to

organizational security.

• Policies and procedures are an essential component of any

organization.

• Policies are important because they address pertinent issues, such

as what constitutes acceptable behavior by employees.

• Procedures, on the other hand, clearly define a sequence of steps to

be followed in a consistent manner, such as how the organization
will respond to any policy violations.

• However, these policies and procedures are rendered useless if

employers neglect to adhere to them or fail to effectively
communicate them to employees. Utilizing both policies and
 procedures during decision-making ensures that employers are
consistent in their decisions.

Some of the plans are:-

• THE SITUATION

• An employee of a large organization reported to the organization’s

Human Resources (HR) department that a co-worker “harassed” her
based on her gender.

• The HR Manager concluded that an internal investigation should be

conducted to understand the details of the allegation. The HR
Manager further concluded that a third-party was best suited to
conduct such an investigation.

• THE INVESTIGATION

• An on-site investigation was conducted in which numerous

employees were interviewed and documentation was reviewed.

• During the interview process, it became clear that there was a

consistent theme that the accused individual has a history of
problematic behavior spanning the last several years.

• THE UNDERLYING PROBLEM

• This case clearly exemplifies that this organization, rather than

address the employee’s problematic behavior, ignored it and simply
transferred the employee when a problem arose.

• THE END RESULT

• This organization invested significant resources in engaging a third-

party to investigate an employee who should have been terminated
years earlier. Based upon all information gathered by the external
 investigators, the organization terminated the accused employee;
however, the effort and expense to the organization were significant.

16. What is Risk Assessment ? What are the chief components of risk
assessment?

• Risk assessment is a term used to describe the overall process or

method where you:

• Identify hazards and risk factors that have the potential to cause harm
(hazard identification).

• Analyze and evaluate the risk associated with that hazard (risk
analysis, and risk evaluation).

• Determine appropriate ways to eliminate the hazard, or control the risk

when the hazard cannot be eliminated (risk control).

A risk assessment is a thorough look at your workplace to identify those

things, situations, processes, etc. that may cause harm, particularly to
people.

Hazard identification and elimination and risk assessment and control" uses
the following terms:

Risk assessment – the overall process of hazard identification, risk analysis,

and risk evaluation.

Hazard identification – the process of finding, listing, and characterizing

hazards.

Risk analysis – a process for comprehending the nature of hazards and

determining the level of risk.

(1) Risk analysis provides a basis for risk evaluation and decisions about risk
control.
(2) Information can include current and historical data, theoretical analysis,
informed opinions, and the concerns of stakeholders.
(3) Risk analysis includes risk estimation.
Risk evaluation – the process of comparing an estimated risk against given
risk criteria to determine the significance of the risk.

Risk control – actions implementing risk evaluation decisions.

Note: Risk control can involve monitoring, re-evaluation, and compliance
with decisions.

• Risk Components are:

• The event that could occur – the risk,

• The probability that the event will occur – the likelihood,
• The impact or consequence of the event if it occurs – the penalty
(the price you pay).

17. Briefly discuss foot printing techniques?

• Footprinting means gathering information about a target system which

can be used to execute a successful cyber attack. To get this
information, a hacker might use various methods with variant tools.
This information is the first road for the hacker to crack a system.
There are two types of footprintying as following below.
1.Active Footprinting:
Active footprinting means to perform footprinting by getting in direct
touch with the target machine.
2.Passive Footprinting:
Passive foot printing means collecting information of a system located
at a remote distance from the attacker.

Information can be gathered from Footprinting

• Operating system of the target machine.

• Firewall.

• IP address.

• Network map.

• Security configurations of the target machine.

 • Email id, password.

• Server configurations.

• URLs.

• VPN.

Sources –

• Social Media:
Most of the people has the tendency to release most of their
information online. Hackers use these sensitive information in a big
deal. They may create a fake account for looking real to be added
as friend or to follow someone’s account for grabbing their
information.
• JOB websites:
Organisations share some confidential data in many JOB websites
like monsterindia.com . For example, a company posted on a
website : “Job Opening for lighttpd 2.0 Server Administrator”. From
this information can be gathered that an organisation uses lighttpd
web server of version 2.0 .

• Google:
Search engines such as Google have the ability to perform more
powerful searches than one can think and one had gone through. It
can be used by hackers and attackers to do something that has
been termed Google hacking

• Social Engineering:

There are various techniques that fall in this category. A few of them are:
• Eavesdropping – Attacker tries to record personal
conversation of the target victim with someone that’s being
held over communication mediums like Telephone.
• Shoulder Surfing – In this technique Attacker tries to catch
the personal information like Email id, password, etc; of the
victim by looking over the victim’s shoulder while the same is
 entering(typing/writing) his/her personal details for some
work.

• Archieve.org:
Archived version refers to the older version of the website which
existed in a time before and many features of the website has been
changed. archieve.org is a website that collects snapshots of all the
website at a regular interval of time.
• An Organization’s Website:
Its the best place to begin for an attacker. If an attacker wants to
look for open source information, which is information freely
provided to clients, customers, or the general public then simply the
best option is: “ORGANISATION’s WEBSITE”.
• Using Neo Trace:
NeoTrace is a powerful tool for getting path information. The
graphical display displays the route between you and the remote
site, including all intermediate nodes and their information.
NeoTrace is a well-known GUI route tracer program.
• Who is:
This is a website which serves a good purpose for Hackers. Through
this website information about the domain name, email-id, domain
owner etc; a website can be traced

Advantages:
• Footprinting allows Hackers to gather the basic security configurations
of a target machine along with network route and data flow.
• Once attacker finds the vulnerabilities he/she focuses towards a
specific area of the target machine.
• It allows the hacker to identify as to which attack is more handy to
hack the target system.

Counter Measures:
• Avoid posting confidential data in social media websites.
• Avoid accepting unwanted friend requests on social media platforms.
 • Promotion of education on various hacking tricks.
• Usage of footprinting techniques for identifying and removing sensitive
information fromSS social media platforms.
• Proper configuration of web servers to avoid loss of information about
system configuration.

SHORT QUESTIONS:-

What is man-in-the-middle attack?

A man-in-the-middle attack (MITM) is an attack where the attacker secretly

relays and possibly alters the communications between two parties who

believe that they are directly communicating with each other. Attackers

might use MitM attacks to steal login credentials or personal information,

spy on the victim, or sabotage communications or corrupt data.

Write down the difference between black hat and white hat hacker.

A Black Hat Hacker is more specifically in line with media portrayals. They

are the hackers who break into systems, steal information, manipulate data,

and compromise security. As for motivations, they generally do this for either

financial gain (stealing cards, identity theft), political interest (vandalizing

websites, creating bots to manipulate information),

On the other hand, a White Hat Hacker is known as an “ethical hacker”.

These are hackers who are often employed by the government to protect

data against Black Hat Hacker. For example, a very common job for a White
Hat Hacker would be a penetration tester. A penetration tester is somebody

hired to break into someones system so they can outline the system’s flaws.

Write down the difference between black box and white box testing.

Black Box White Box

It is a way of software testing in It is a way of testing the software

which the internal structure or
the program or the code is
hidden and nothing is known
about it.
It is mostly done by software
testers
in which the tester has
knowledge about the internal
structure r the code or the
program of the software.
It is mostly done by software
developers.

No knowledge of Knowledge of implementation is

implementation is needed.
It can be referred as outer or
external software testing.
It is functional test of the
software.
This testing can be initiated on
the basis of requirement
specifications document.
required.
It is the inner or the internal
software testing.
It is structural test of the
software.
This type of testing of software is
started after detail design
document.

• What is buffer overflow?

A buffer overflow occurs when data written to a buffer also corrupts data

values in memory addresses adjacent to the destination buffer due to

insufficient bounds checking. This can occur when copying data from

one buffer to another without first checking that the data fits within the

destination buffer

Write down a short notes on escalation privilege.

Privilege escalation is the act of exploiting a bug, design flaw or

configuration oversight in an operating system or software application to

gain elevated access to resources that are normally protected from an

application or user.

privilege escalation is a type of activity when a hacker is exploiting a bug,

taking advantage of configuration oversight and programming errors, or using

any vulnerabilities in a system or application to gain elevated access to

protected resources.

What is false acceptance rate ( FAR) and false rejection rate(FRR)?

The false rejection rate is the measure of the likelihood that the biometric

security system will incorrectly reject an access attempt by an authorized

user. A system's FRR typically is stated as the ratio of the number

of false rejections divided by the number of identification attempts

The false acceptance rate, or FAR, is the measure of the likelihood that the

biometric security system will incorrectly accept an access attempt by an

unauthorized user. A system's FAR typically is stated as the ratio of the

number of false acceptances divided by the number of identification

attempts.

Write short notes on HIDS/HIPS.

• A host-based intrusion prevention system (HIPS) is a system or a program

employed to protect critical computer systems containing crucial data

against viruses and other Internet malware. Starting from the network

layer all the way up to the application layer, HIPS protects from known

and unknown malicious attacks

• A host-based intrusion detection system (HIDS) is an intrusion detection

system that is capable of monitoring and analyzing the internals of a

computing system as well as the network packets on its network

interfaces, similar to the way a network-based intrusion detection system

(NIDS) operates

What do you mean by packet sniffer? Name two popular packet sniffer
tools.

• A packet sniffer — also known as a packet analyzer,

protocol analyzer or network analyzer — is a piece of hardware or

software used to monitor network traffic. Sniffers work by examining

streams of data packets that flow between computers on a network as

well as between networked computers and the larger Internet.

Two packet sniffer tools are:-

 • Tcpdump

• Wireshark

What is steganography ?

• Steganography is data hidden within data. Steganography is an

encryption technique that can be used along with cryptography as an

extra-secure method in which to protect data. 

Steganography techniques can be applied to images, a video file or an

audio file. Steganography works by replacing bits of useless or unused

data in regular computer files (such as graphics, sound, text, HTML, or

even floppy disks ) with bits of different, invisible information.

Write down the difference between authentication and authorization.

• Authentication is about validating your credentials like User

Name/User ID and password to verify your identity. The system
determines whether you are what you say you are using your
credentials. In public and private networks, the system authenticates
the user identity via login passwords..

• On the other hands, Authorization occurs after your identity is

successfully authenticated by the system, which ultimately gives you

full permission to access the resources such as information, files,

databases, funds, locations, almost anything. In simple terms,

authorization determines your ability to access the system and up to

what extent.
• What is black box testing?

• Black-box testing (also known as functional testing) treats software

under test as a black-box without knowing its internals. Tests are

using software interfaces and trying to ensure that they work as

expected. As long as functionality of interfaces remains

unchanged, tests should pass even if internals are changed

• What is white box testing?

• White-box testing (also known as clear box testing, glass box testing,

transparent box testing, and structural testing) looks inside the

software that is being tested and uses that knowledge as part of

the testing process.  

White-box testing requires internal knowledge of the system and

programming skills.

• What is race condition attack?

• A race condition attack happens when a computing system that's

designed to handle tasks in a specific sequence is forced to perform

two or more operations simultaneously. This technique takes

advantage of a time gap between the moment a service is initiated and

the moment a security control takes effect.

• What is zero day?

• Zero-day is a flaw in software, hardware or firmware that is unknown to

the party or parties responsible for patching or otherwise fixing the

flaw. The term zero day may refer to the vulnerability itself, or

an attack that has zero days between the time the vulnerability is

discovered and the first attack.

• What a packet sniffer will do ? Mention the two popular packet sniffer

tool names.

• A packet sniffer — also known as a packet analyzer,

protocol analyzer or network analyzer — is a piece of hardware or

software used to monitor network traffic. Sniffers work by examining

streams of data packets that flow between computers on a network as

well as between networked computers and the larger Internet

Sniffer tools are:-

• Tcpdump

• Wireshark

• What is banner grabbing?

• Banner grabbing is a technique used to gain information about a

computer system on a network and the services running on its open

ports. Administrators can use this to take inventory of the systems and

services on their network. Banner Grabbing (Search) Banner

Grabbing is a reconnaissance technique to discover network services

by simply querying the service port. Many services will respond with a

simple text message (known as a service banner) indicating the

technology in use.
• Differentiate between TCP and UDP?

• TCP UDP

• UDP is the Datagram oriented

protocol. This is because

• TCP is a connection-oriented there is no overhead for

protocol. Connection- opening a connection,

orientation means that the maintaining a connection,

communicating devices should and terminating a

establish a connection before connection. UDP is efficient

transmitting data and should for broadcast and multicast

close the connection after type of network

transmitting the data. transmission.

• TCP is reliable as it guarantees • The delivery of data to the

delivery of data to the destination cannot be

destination router. guaranteed in UDP.

• TCP provides extensive error

checking mechanisms. It is

because it provides flow • UDP has only the basic error

control and acknowledgment of checking mechanism using

data. checksums.
• Sequencing of data is a feature • There is no sequencing of
 of Transmission Control data in UDP. If ordering is

Protocol (TCP). this means that required, it has to be

packets arrive in-order at the managed by the application

receiver. layer.
• TCP is comparatively slower • UDP is faster, simpler and

than UDP. more efficient than TCP.

18) What do you mean by Application Whitelisting?

• Application whitelisting is the practice of specifying an index of

approved software applications or executable files that are permitted

to be present and active on a computer system. The goal

of whitelisting is to protect computers and networks from potentially

harmful applications.

19) What do you mean by defence –in-depth?

• Defense in Depth (DiD) is an approach to cybersecurity in which a

series of defensive mechanisms are layered in order to protect

valuable data and information. If one mechanism fails, another steps

up immediately to thwart an attack. Defense in depth is the concept of

protecting a computer network with a series of defensive mechanisms

such that if one mechanism fails, another will already be in place to

thwart an attack
 20) What tablespace is with related to oracle database management

system?

• System tablespace is with related to oracle database management

system

21) Define transitive access issue.

• Transitive access is a misuse of trust that causes issues with securing

information or control. If system A trusts B and system B trusts C, then

it is possible for system A to inadvertently trust system C, which might

lead to exploitation by a nefarious operator on system C.

22) Define fault tolerant system.

Fault-tolerant system A computer system that is capable of providing either

full functionality (fail-safe) or reduced functionality (fail-soft) after a failure
has occurred. Fault tolerance is usually provided through a combination of
redundant system elements and error detection and correction procedures.

SUBMITTED BY:- SAUMYA SWAIN

REGD. NO-180301120014
BTECH CSE (A)