.png)
Active security threats or active attacks are the type of attacks in which the attacker efforts to change or modify the content of messages. Active Attack is danger for Integrity as well as availability. Due to active attack system is always damaged and System resources can be changed. The most important thing is that, In active attack, Victim gets informed about the attack.
Passive security threats or passive attacks are the type of attacks in which the attacker observes the content of messages or copy the content of messages. Passive Attack is danger for Confidentiality. Due to passive attack, there is no any harm to the system. The most important thing is that In passive attack, Victim does not get informed about the attack.
| Active Attack | Passive Attack |
|---|---|
| Modification in information take place. | Modification in the information does not take place. |
| Danger for Integrity as well as availability | Danger for Confidentiality. |
| Attention is on detection. | Attention is on prevention. |
| System is always damaged. | There is no any harm to the system. |
| Victim gets informed about the attack. | Victim does not get informed about the attack. |
| System resources can be changed. | System resources are not changed. |
| Influence the services of the system. | Information and messages in the system or network are acquired. |
| Information collected through passive attacks are used during executing. | Attack is performed by collecting the information such as passwords, messages by itself. |
| Active attack is tough to restrict from entering systems or networks. | Passive Attack is easy to prohibited in comparison to active attack. |
A computer worm is a standalone malware computer program that replicates itself in order to spread to other computers. It often uses a computer network to spread itself, relying on security failures on the target computer to access it. It will use this machine as a host to scan and infect other computers. When these new worm-invaded computers are controlled, the worm will continue to scan and infect other computers using these computers as hosts, and this behaviour will continue. Computer worms use recursive methods to copy themselves without host programs and distribute themselves based on the law of exponential growth, thus controlling and infecting more and more computers in a short time. Worms almost always cause at least some harm to the network, even if only by consuming bandwidth, whereas viruses almost always corrupt or modify files on a targeted computer.
Many worms are designed only to spread, and do not attempt to change the systems they pass through. However, as the Morris worm and Mydoom showed, even these "payload-free" worms can cause major disruption by increasing network traffic and other unintended effects.
Depending on the type of worm and your security measures, they can do serious damage. These parasitic nasties can:
A Trojan horse (or simply trojan) is any malware which misleads users of its true intent. The term is derived from the Ancient Greek story of the deceptive Trojan Horse that led to the fall of the city of Troy.
Trojans are generally spread by some form of social engineering, for example where a user is duped into executing an email attachment disguised to appear not suspicious, (e.g., a routine form to be filled in), or by clicking on some fake advertisement on social media or anywhere else. Although their payload can be anything, many modern forms act as a backdoor, contacting a controller which can then have unauthorized access to the affected computer. Trojans may allow an attacker to access users' personal information such as banking information, passwords, or personal identity. It can also delete a user's files or infect other devices connected to the network. Ransomware attacks are often carried out using a trojan.
Unlike computer viruses, worms, and rogue security software, trojans generally do not attempt to inject themselves into other files or otherwise propagate themselves, but need a host to work. Once you’ve got the Trojan on your device, hackers can use it to:
A computer virus is a type of computer program that, when executed, replicates itself by modifying other computer programs and inserting its own code. If this replication succeeds, the affected areas are then said to be "infected" with a computer virus.
Computer viruses generally require a host program. The virus writes its own code into the host program. When the program runs, the written virus program is executed first, causing infection and damage. A computer worm does not need a host program, as it is an independent program or code chunk. Therefore, it is not restricted by the host program, but can run independently and actively carry out attacks.
Computer viruses cause billions of dollars' worth of economic damage each year.
They are usually spread via infected websites, file sharing, or email attachment downloads, a virus will lie dormant until the infected host file or program is activated. Once that happens, the virus is able to replicate itself and spread through your systems.
Spyware describes software with malicious behavior that aims to gather information about a person or organization and send such information to another entity in a way that harms the user; for example by violating their privacy or endangering their device's security. This behavior may be present in malware as well as in legitimate software. Websites may engage in spyware behaviors like web tracking. Hardware devices may also be affected.
Spyware is a common threat, usually distributed as freeware or shareware that has an appealing function on the front end with a covert mission running in the background that you might never notice. It’s often used to carry out identity theft and credit card fraud.
Once on your computer, spyware relays your data to advertisers or cyber criminals. Some spyware installs additional malware that make changes to your settings.
Network security is any practice or tool designed and implemented to secure a network and its data. It includes software, hardware, and cloud solutions. Effective network security tools stop a wide range of cyberattacks, and prevent attacks spreading throughout the network in case of a data breach.
In today’s cyber environment, every organization must implement network security processes and solutions to maintain the uptime of their online resources. All network security solutions are implemented in accordance with the core principles of network security.
Some methods toprotect the Network are:
Anti-virus and anti-malware protect networks from malicious software that is used by threat actors to create a backdoor that they can use to further infiltrate the network. It’s important to note that while there are similarities between anti-virus and anti-malware programs, they are not exactly the same.
Application security ensures that the software used throughout the network is secure. Application security is ensured by limiting the amount of software that is used, ensuring that software is kept up-to-date with the latest security patches and that applications developed for use in the network are appropriately hardened against potential exploits.
Behavioral analytics is an advanced threat detection method that compares historical network activity data to current events in an effort to detect anomalous behavior. An example of this would be if a user typically uses a given endpoint device to access a specific database somewhere between 3-4 times per day on average, an instance where that user instead uses a new endpoint device to access a different database several times would be flagged for review.
Distributed denial-of-service (DDoS) attacks attempt to crash the network by overloading it with a large influx of incoming connection requests. DDoS prevention solutions analyze incoming requests to identify and filter out illegitimate traffic in an effort to maintain the network’s accessibility for legitimate connections.
This video explains what are DDoS:
Data loss prevention (DLP) tools protect the data inside a network by preventing users from sharing sensitive or valuable information outside of the network and ensuring that data is not lost or misused. This can be accomplished by analyzing files that are sent via email, file transfers, and instant messages for data that is considered to be sensitive, such as personally identifiable information (PII).
Email security measures protect networks from phishing attacks that attempt to trick users into clicking links to malicious websites or downloading seemingly innocent attachments that introduce malware into the network. Email security tools proactively fight phishing by identifying suspicious emails and filtering them out before they reach the user’s inbox.
Endpoint security protects networks by ensuring that the devices that will be connected to the network are secured against potential threats. Endpoint security is achieved alongside network security by combining several other network security tools such as network access control, application security, and network monitoring.
Firewalls are hardware appliances and software programs that act as a barrier between incoming traffic and the network. The firewall compares data packets that are sent over the network to predefined policies and rules that indicate whether or not the data should be permitted into the network.
This video expolains what a firewall is:
Stands for "Secure Sockets Layer." SSL is a secure protocol developed for sending information securely over the Internet. Many websites use SSL for secure areas of their sites, such as user account pages and online checkout. Usually, when you are asked to "log in" on a website, the resulting page is secured by SSL.
SSL encrypts the data being transmitted so that a third party cannot "eavesdrop" on the transmission and view the data being transmitted. Only the user's computer and the secure server are able to recognize the data. SSL keeps your name, address, and credit card information between you and merchant to which you are providing it. Without this kind of encryption, online shopping would be far too insecure to be practical. When you visit a Web address starting with "https," the "s" after the "http" indicates the website is secure. These websites often use SSL certificates to verify their authenticity.
While SSL is most commonly seen on the Web (HTTP), it is also used to secure other Internet protocols, such as SMTP for sending e-mail and NNTP for newsgroups. Early implementations of SSL were limited to 40-bit encryption, but now most SSL secured protocols use 128-bit encryption or higher.
Hypertext Transfer Protocol Secure (HTTPS) is an extension of the Hypertext Transfer Protocol (HTTP). It is used for secure communication over a computer network, and is widely used on the Internet. n HTTPS, the communication protocol is encrypted using Transport Layer Security (TLS) or, formerly, Secure Sockets Layer (SSL). The protocol is therefore also referred to as HTTP over TLS, or HTTP over SSL.
The principal motivations for HTTPS are authentication of the accessed website, and protection of the privacy and integrity of the exchanged data while in transit. It protects against man-in-the-middle attacks, and the bidirectional encryption of communications between a client and server protects the communications against eavesdropping and tampering. The authentication aspect of HTTPS requires a trusted third party to sign server-side digital certificates. This was historically an expensive operation, which meant fully authenticated HTTPS connections were usually found only on secured payment transaction services and other secured corporate information systems on the World Wide Web. In 2016, a campaign by the Electronic Frontier Foundation with the support of web browser developers led to the protocol becoming more prevalent. HTTPS is now used more often by web users than the original non-secure HTTP, primarily to protect page authenticity on all types of websites; secure accounts; and to keep user communications, identity, and web browsing private.
Internet Protocol version 6 (IPv6) is the most recent version of the Internet Protocol (IP), the communications protocol that provides an identification and location system for computers on networks and routes traffic across the Internet. IPv6 was developed by the Internet Engineering Task Force (IETF) to deal with the long-anticipated problem of IPv4 address exhaustion. IPv6 is intended to replace IPv4. In December 1998, IPv6 became a Draft Standard for the IETF,[2] who subsequently ratified it as an Internet Standard on 14 July 2017.
Devices on the Internet are assigned a unique IP address for identification and location definition. With the rapid growth of the Internet after commercialization in the 1990s, it became evident that far more addresses would be needed to connect devices than the IPv4 address space had available. By 1998, the IETF had formalized the successor protocol. IPv6 uses a 128-bit address, theoretically allowing 2^128, or approximately 3.4×10^38 addresses. The actual number is slightly smaller, as multiple ranges are reserved for special use or completely excluded from use. The two protocols are not designed to be interoperable, and thus direct communication between them is impossible, complicating the move to IPv6. However, several transition mechanisms have been devised to rectify this.
IPv6 provides other technical benefits in addition to a larger addressing space. In particular, it permits hierarchical address allocation methods that facilitate route aggregation across the Internet, and thus limit the expansion of routing tables. The use of multicast addressing is expanded and simplified, and provides additional optimization for the delivery of services. Device mobility, security, and configuration aspects have been considered in the design of the protocol.