No one can deny to the fact that yes security has become the heart of any innovation. It is applicable to every technology that is emerging around us. This is because our primary concern is to safeguard our ideas (innovation) from inappropriate access and being stolen.

As we are moving towards a world where everything is being digitalized. More number of people are interacting with the internet and they are also storing much of their sensitive data (pictures, contacts, finances etc.) over the internet (cloud, social media platforms etc.). So, keeping things protected over internet has become very difficult today. Thus, the internet tends to pose a great threat on the government, companies, financial institution and millions of users in day-to-day life.

Systematic development by applying appropriate software engineering techniques to the problem can help in obtaining cyber security. In this blog we will discuss what is cyber security, why do we need it some basic related terminologies, tools and technique used in this sector and some recent security attacks.

Introduction: What Is Cyber Security

Cyber security as from the name we can derive it is related to how we can secure ourselves in this digital world where everyone is connected to the internet through laptops, mobiles desktops, tabs etc. In the past few year’s networks have evolved tremendously from more than simply a means of communication to highly dynamic and faster computational infrastructure. The use of computers and network technologies in every walk of life has converted the cyber security issue into an issue of rising concern.

Security Moved Beyond IT

Today security has moved beyond the field of only IT. Thinking of 30 years back the evolution of internet took place. It connected the whole word bringing people close together. At that time security merely meant physical security i.e., preventing the system from being stolen and etc. Soon as internet became familiar concept of security also changed. now security was protecting our systems from malicious programs and files. Then the antiviruses and firewalls became the tools of security. But today security not only means physical security or being secure against malicious activities but it also focuses on being socially secure so that no one takes advantage even of our trust.

Basic Terminologies in Cyber Security

• Confidentiality: It is the state of keeping or being kept secret or private.
• Integrity: Integrity is the practice of being honest and showing a consistency that is data remains unchanged.
• Availability: Availability is the probability that an item will be in an operable and committable state at the start of a mission when the mission is called for at a random time.
• Authenticity: Authenticity is the quality of being genuine or real. • Vulnerability: The quality of being exposed to the possibility of being attacked or harmed, either physically or emotionally.
• Exploit: A software tool designed to take advantage of a flaw in a computer system, typically for malicious purposes such as installing malware.

Security Is Not Just Software Tools and Techniques – It’s a Mindset

Cyber security is very much related to ethical hacking. Today all the tools that are being used for the intension of hacking and other malicious activities were initially developed in order to secure our systems and information against the attacks. There is no tool as such specific for hacking or doing malicious activities, but it is the expertise of the hackers to use these tools so as to get benefits and exploit the vulnerabilities in the victim’s system causing negative impacts to him. Today kali Linux is the most widely used operating system in the field of cyber security and ethical hacking. This is due to the large variety of pre-defined tools in it. Unlike our windows Linux has a command line interface.

Social Engineering: A Growing Concern

It is an act of taking the advantage of someone’s trust to get unauthorized access to his data or systems illegally. Bugs in human, hardware are exploited in various methods to create an attack.

Social Engineering Vectors:

• Phishing: A technique of fraudulently obtaining private information typically by use email services.
• Vishing: social engineering over telephone systems. It is also known as voice phishing.
• Smishing: Act to use SMS to lure victims into a specific course of action.
• Impersonation: Pretending to be another person in order to get access to a system
• physically.

Google Hacking Database:

It is a technique using google search and other apps to find security holes in configuration and codes that a website uses. It includes using of advance operators in google search engine to get more specific results. Some of these operators are: intittle, inurl, site, filetype, intext.

Foot Printing:

Foot printing is the act of information gathering. It is an ethical hacking technique used to gather as much data as possible about a specific targeted computer system, an infrastructure and networks to identify opportunities to penetrate them. It is one of the best methods of finding vulnerabilities.

• Active foot printing: Act of information gathering by making direct contact with the victim.
• Passive foot printing: It is an indirect method of information gathering using third party tools.

Tools:

Protecting our IT environment is very critical. There are number of hacking attacks which affecting businesses of all sizes. Hackers, malware, viruses are some of the real security threats in the virtual world. There are plenty of open-source and paid network tools available in the market you can use to reinforce your security in networking. Enlisted below are the few top ones:

• Nmap: Nmap is an abbreviation of ‘Network Mapper’, and it is a well-known free opensource hacker’s tool. Nmap is mainly used for network discovery and security auditing. It is supported in Linux, Microsoft Windows, OpenBSD, Solaris, IRIX, Mac, OS X.
• John The Ripper: It is mostly just referred as ‘John’ is a popular password cracking penetration testing tool that is most commonly used to carry out dictionary attacks (a method of breaking into a password-protected computer, network or other IT resource by systematically entering every word in a dictionary as a password).
• Wireshark: Wireshark efficiently captures data packets in a network in real time and then displays the data about the packets travelling in human readable format. It is supported in Linux, MacOS, BSD, Solaris, Microsoft.
• WindowsAircrack-ng: Aircrack-ng is one of the most popular wireless passwords cracking tools which one can use for WEP and WPA password cracking. It is a network software suite consisting of a detector, packet sniffer, WEP and WPA/WPA2-PSK cracker and analysis tool for 802.11 wireless LANs.
• Metasploit: Metasploit is a cyber security framework that provides the user with vital information regarding known security vulnerabilities and helps to formulate penetration testing plans, strategies and methodologies for exploitation.
• NSLookup: It is a network utility program used to obtain information regarding Internet servers. As the name suggests, the utility finds all the name server information for domains by querying the DNS. It allows you to search for domain name availability and all the information of the host such as ownership info, IP address history, traffic etc.

Recent Attacks on Security

Ransomware: A ransomware is a malicious software which blocks the user from accessing the data on his own computer system by simply encrypting the data. Then the attacker demands for a ransom(fee) in cryptocurrency (Bitcoin, Ethereum, etc.) within a given time bound denial of which leads to complete loss of data. Some biggest ransomware attacks:

WannaCry: The WannaCry ransomware attack took place in May 2017 across the world. It targeted Microsoft windows operating system and the ransom demanded was in bitcoins. It nearly affected 2lakh computers across 150 countries and caused a loss of nearly 100million to 1billioon dollars. Agent smith: It was discovered to be a malware. It had the capability to avoid detection. This malware didn’t steal any data instead it forced other apps running on the devices to display a greater number of ads and thus the operator took profit of the fraudulent views. It spread mainly through third party app stores like 9apps and etc.

Notpetya: Originally it was known as Petya (family of encrypting ransomware). It was discovered in the year 2017. Similar to the WannaCry it was also targeted on Microsoft windows system and demanded payments in bitcoins. It propagated through email attachments. Initially it was targeted to Ukraine but eventually it spread globally.

Zero access: This is a trojan horse malware and was discovered in the year 2011. It was used to download other malwares from a botnet on infected machine and it itself remained hidden using rootkit techniques. It is mounted by using windows vulnerabilities.

Conclusion

Cyber security must be practiced. It only requires basic knowledge of networks and one’s carefulness. This blog collaborates most of the basic terminologies related to cyber security. It gives a brief information about various tools that are used for security, and why there’s a need for world to learn it. It also describes how security is carried out in industry and what are the different tools and technologies used. Thus, this blog gives a basic understanding in context of information security