Smart cities and IIoT

-
Image
Smart cities and IIoT In this article we will talk about smart citites asd IIoT ( Industrial Internet of Things) if you want to know about smart cities and IIoT then this article gonna help you alot. Smart Cities  In general, a smart city is a city that uses technology to provide services and solve city problems. A smart city does things like improve transportation and accessibility, improve social services, promote sustainability, and give its citizens a voice.  The main goals of a smart city are to improve:  Public Transportation  IT-connectivity  Water Management  Power Supply  Sanitation  Waste management  Urban mobility  E-governance  Citizen participation  How a smart city works ? Smart cities use a combination of the internet of things (IoT) devices, software solutions, user interfaces (UI) and communication networks. However, they rely first and foremost on the IoT. Smart cities utilize their web of con...
Post a Comment

Computer System Security (CSS)

-

Computer Security Introduction 

In this article we will talk about computer security.If you want to make your system secure and wants to know about different types of attack and wants to prevent yourself from attacker then this article gonna help you alot.


1. Computer security is the protection of information systems from theft or damage to
the hardware, software and to the information on them.
2. It includes controlling physical access to the hardware, as well as protecting against 
harm that may come via network access, data and code injection, and due to
malpractice by operators.

We can design the policies for information security within an organization by providing :

Confidentiality : Only authorized users can access the data resources and information
Integrity : Only authorized users should be able to modify the datawhen needed.
Availability : Data should be available to users when needed.
Authentication : Communicating with the authorized

Advantages of computer security :

1. Protects system against viruses, worms, spyware and other unwanted programs. 
2. Protection against data from theft. 
3. Protects the computer from being hacked.
4. Minimizes computer freezing and crashes. 
5. Gives privacy to users

Disadvantages of computer security :

1. Firewalls can be difficult to configure correctly. 
2. Makes the system slower.
3. Need to keep updating the new software in order to keep security up todate. 
4. Could be costly for average user

Components of the computer system needs to be protected:



The components of a computer system that needs to be protected are : 

1. Hardware : The physical part of the computer, like the system memory and disk drive.
 


2. Firmware : Permanent software that is etched into a hardware device’s non-volatile memory and is mostly invisible to the user. 



3. Software : The programming that offers services, like operating system, word processor, internet browser to the user

To protect the system, security measures can be taken at the following levels 

1. Physical :

a. The sites containing computer systems must be physically secured against armed and malicious intruders. 
b. The workstations must be carefully protected. 

2. Human : 

a. Only appropriate users must have the authorization to access the system. 
b. Phishing (collecting confidential information) and dumpster diving (collecting basic information so as to gain unauthorized access) must be avoided. 

3. Operating system : 



The system must protect itself from accidental or purposeful security breaches. 

4. Networking system : 



a. Almost all of the information is shared between different systemsvia a network. 
b. Intercepting these data could be just as harmful as breaking into acomputer. 
c. Henceforth, Network should be properly secured against suchattacks

Five steps to protect computer system hardware are :

1. Install firewall : 



a. A firewall enacts the role of a security guard. 
b. A firewall is the first step to provide security to the computer. It creates a barrier between the computer and any unauthorized program trying to come in through the Internet. 

2. Install antivirus software : 



a. Antivirus is a software that helps to protect the computer from anyunauthorized code or software that creates a threat to the system. 
b. Unauthorized software includes viruses, keyloggers, Trojans etc. 
c. This might slow down the processing speed of our computer, delete important files and access personal information. 

3. Install anti-spyware software : 



a. Spyware is a software program that collects personal informationor information about an organization without their approval. 
b. This information is redirected to a third party website. 
c. Anti-Spyware software is solely dedicated to combat spyware. 
d. Anti-spyware software offers real time protection. 
e. It scans all the incoming information and helps in blocking the threat once detected. 

4. Use complex and secure passwords : 



a. For maintaining system security we have to use strong and complexpasswords. 
b. Complex passwords are difficult for the hackers to find. 

5. Check on the security settings of the browser : 



a. Browsers have various security and privacy settings that we shouldreview and set to the level we desire. Recent browsers give us ability to tell websites to not track ourmovements, increasing our privacy and security

Goals of computer security system:


Computer security has three main goals : 
1. Confidentiality : Making sure people cannot acquire information they should not (keeping secrets). 
2. Integrity : Making sure people cannot change information they should not (protecting data). 
3. Availability : Making sure people cannot stop the computer from doingits job.



Problems related with computer security or Various sample attacks in computer security: 

1. Phishing : 



Phishing is an attempt to obtain users sensitive information, including credit card details and banking information, by disguising as a trustworthy entity in an online communication (e-mail, social media, etc). 

2. Vishing : 



Vishing (voice phishing) is an attempt of fraudsters to persuade the victim to deliver personal information or transfer money over the phone. 

3. Smishing : 

Smishing (SMS phishing) is any case where sent text messages attempt to make potential victims pay money or click on suspicious links. 

4. Pharming : 

a. Pharming is a cyber attack meant to redirect a website’s traffic toanother, fake one. 
b. Pharming can be done either by changing the hosts file on a victim’smachine or by exploiting a flaw in DNS server software. 
c. In pharming, no conscious user interaction is required. 

5. Vulnerability : 

a. Vulnerability is a software mistake that enables a bad actor toattack a system or network by directly accessing it. 
b. Vulnerabilities can permit an attacker to act as a super-user oreven a system admin and granting them full access privileges. 

6. Malware : 



a. Malware is used to describe malicious software, including spyware,ransomware, viruses and worms. b. Malware breaches a network through vulnerability typically whena user clicks a dangerous link or email attachment that then installsrisky software. 

7. Macro viruses : 

These viruses infect applications such as Microsoft Word or Excel. 
a. Macro viruses attach to an application’s initialization sequence. 
b. When the application is opened, then virus executes instructions before transferring control to the application. 
c. The virusreplicates itself and attachesto other code in the computer system. 

8. File infectors : 

a. File infector viruses usually attach themselves to executable code, such as .exe files. 
b. The virus is installed when the code is loaded. 

9. System or boot-record infectors : 

a. A boot-record virus attaches to the master boot record on hard disks. 
b. When the system is started, it will look at the boot sector and load the virus into memory, where it can propagate to other disks and computers. 

10. Stealth viruses : 

a. Stealth viruses take over system functions to conceal themselves. 
b. They do this by compromising malware detection software so that the software will report an infected area as being uninfected. 
c. These viruses conceal any increase in the size of an infected file orchanges to the file’s date and time of last modification. 

11. Trojans : 

a. A Trojan is a program that hides in a useful program and has a malicious function. 
b. A major difference between viruses and Trojans is that Trojans do not selfreplicate. 

12. Logic bombs : 

A logic bomb is a type of malicious software that is appended to an application and is triggered by a specific occurrence, such as a logical condition or a specific date and time. 

13. Ransomware : 



Ransomware is a type of malware that blocks access to the victim’s data and threatens to publish or delete it unless a ransom ispaid. 

14. Denial of service attack : 

a. A denial of service attack floods systems, servers, or networks with traffic to exhaust resources and bandwidth. 
b. As a result, the system is unable to fulfill legitimate requests. Attackers can also use multiple compromised devices to launch thisattack. 
c. This is known as a Distributed Denial of Service (DDoS) attack. 

Market place for vulnerabilities

1. Vulnerable consumers fail to understand their preferences and lack the knowledge, skills, or freedom to act on them. 
2. To protect them, we can censor information, restrict choices, and mandate behaviors. 
3. One-fifth of the public is functionally illiterate and substantial majorityof consumers (adolescents included) appear to be marketplace literate. 
4. Rather than curtail consumer prerogatives to protect a vulnerable minority, education reform focused on the values, knowledge, and skillsnecessary to create and navigate responsive markets should be developed. 
5. Reformed adult and adolescent education can refine, expand, and accelerate learner’s informal and experiential understanding of marketplace fundamental

Error 404 Hacking Digital India part1

1. In error 404 hacking digital India part 1 chase, the cyber crime and cyberattacks hack the information of users like bank detail and personal information. 
2. It is real time incident. In this, attacker or hacker creates an attractive video so that victim gets attracted and plays that video into system. 
3. When we clicked on video to play then at the time of buffering, hacker can know our current location and GPS history but also have complete access to our contacts, text messages, Facebook, Whatsapp and most importantly our bank details, including our CVV number. 
4. Hackers are creating a kind Trojan file, and android apk files. The apk files that will be distributed all over the internet. Those who download this file will be hacked easily. 
5. Potential cyber attacks that is most common in error 404 hacking : 

a. Web application attacks : 

i. A web application is a client-server computer program which uses web browsers and web technology to allow its visitors to store and retrieve data to/from the database over the internet. 
ii. Ifthere is flaw in the web application, it allowsthe attacker tomanipulate data using SQL injection attack. 

b. Network security attacks : 

i. Network security attacks are unauthorized actions against private, corporate or governmental IT assets in order to destroy them; modify them or steal sensitive data. 
ii. As more enterprises invite employees to access data from mobile devices, networks become vulnerable to data theft or total destruction of the data or network. 

c. Mobile security attacks :

i. Mobile security, or mobile device security, has become increasingly important in mobile computing. ii. The security of personal and businessinformation now storedon smartphones. 
iii. More and more users and businesses use smartphones to communicate, but also to plan and organize their users' work and also private life.

Control Hijacking: 



1. Hijacking is a type of network security attack in which the attacker takes control of a communication. 2. In hijacking (also known as a man in the middle attack), the perpetrator takes control of an established connection while it is in progress. 
3. The attacker intercepts messages in a public key exchange and then retransmits them, substituting their own public key for the requested one, so that the two original parties still appear to be communicating with each other directly. \
4. The attacker uses a program that appears to be the server to the client and appears to be the client to the server. 
5. This attack may be used simply to gain access to the messages, or to enable the attacker to modify them before retransmitting them. 
6. Attacker’s goal in control hijacking : 
a. Takeover target machine (for example web server) 
b. Execute arbitrary code on target by hijacking application control flow 
7. There are three types of control hijacking in computer security : 
a. Buffer overflow attacks 
b. Integer overflow attacks 
c. Format string vulnerabilities 

Buffer overflow in Control Hijacking : 

1. Buffers are memory storage regions that temporarily hold data while it is being transferred from one location to another. 
2. A buffer overflow (or buffer overrun) occurs when the volume of data exceeds the storage capacity of the memory buffer. 
3. As a result, the program attempting to write the data to the buffer overwrites adjacent memory locations. Attackers exploit buffer overflow issues by overwriting the memory of an application. This changes the execution path of the program, triggering a response that damages files or exposes private information

Integer Overflow attack in Control Hijacking: 

1. An integer overflow attack occurs when an attacker causes a value in the program to be large enough to overflow unexpectedly. 
2. A common form of this attack is to cause a buffer to be allocated that is too small to hold data copied into it later, thus enabling a buffer overflow attack. 
3. We are able to detect buffer overflow attacks in the same way as a normal buffer overflow attack. 
4. An integer overflow is the condition that occurs when the result of an arithmetic operation, such as multiplication or addition, exceeds the maximum size of the integer types used to store it. 

Format string vulnerabilities in Control Hijacking: 

1. A format string vulnerability is a bug where user input is passed as the format argument to printf, scanf, or another function in that family. 
2. The format argument has many different specifies which could allow an attacker to leak data if they control the format argument to printf. Since printf and scanf are variadic functions, they will continue popping dataoff of the stack according to the format. 3. For example, if we can make the format argument “%x.%x.%x.%x”, printf will pop off four stack values and print them in hexadecimal, potentially leaking sensitive information. 

Defence against control hijacking/ How to control Hijacking: 

Hijacking attack is controlled through 

i. Platform defense : 

Through platform defense we can prevent target machine by using : 

1. Fixed the bug : 

a. Audit software through automated tools. 
b. Rewrite software in a safe language. 

2. Marking memory as non-execute : 

a. Prevent attack code execution by marking stack and heap asnon-executable. 

ii. Run-time defense : 

1. In run-time defense, we tests for stack integrity. 
2. We embed “canaries or a parity bit” in stack frames and verify their integrity prior to function return. There are three types of canaries or parity bits: 
a. Starting canary or parity bit 
b. Random bit 
c. Terminal bit Advanced control hijacking techniques: 






 

Comments

Post a Comment

Popular posts from this blog