Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Application Software
With the proper software, a computer is a valuable tool. Software
allows users to create letters, memos, reports, and other documents; develop
multimedia presentations; design Web pages and diagram; draw and alter
images; record and enhance audio and video clips; prepare and file taxes; play
single player or multimedia games; compose email messages and instant
messages; and much more. To accomplish these and many other tasks, user
work with application software
Application Software consists of programs designed to make users
more productive and/or assist them with personal tasks. Application software
has a variety of uses:
To make business activities more efficient
To assist with graphics and multimedia projects
To support home, personal and educational tasks
To facilitate communications
Kinds of Software
Commercial/Shareware VS Freeware
Shareware is copyrighted software that is distributed as no
cost for a trial period. To use a shareware program beyond that period, you
send payment to the program developer. Shareware developers trust users to
send payment if software use extend beyond the stated trial period. In some
cases, a scaled-down version of the software is distributed free, and payment
entitles the user to fully functional product.
Freeware is copyrighted software provided at no cost by an individual
or a company that retains all rights to the software. Thus programmers
typically cannot incorporate freeware in application they intend to sell. The
work free in freeware indicates software has no charge.
Proprietary VS Open Source
Proprietary Software are Computer programs that are exclusive
property of their developers or publishers, and cannot be copied or distributes
without complying with their licensing agreements. Almost all commercial
(shrink wrapped) software is proprietary, but many excellent new programs
(such as Apache web server, Linux operating system, and StarOffice office
suite) are non-proprietary (and free).
Desktop publishing
(DTP) software enables professional designers to create sophisticated
documents that contain text, graphic, and many colors. Professional
DTP software is ideal for the production of high quality color
documents such as textbooks, corporate newsletters, marketing
literature, product catalogs, and annual reports. Although many word
processing programs have some of the capabilities of DTP software,
professional designers and graphic artist use DTP software because it
supports page layout.
Paint/Image Editing Software grpahic artist, multimedia
professionals, technical illustrators, and desktop publishers use paint
software and image editing software to create and modify graphical
images such as those used in DTP documents and Web pages. Paint
software, also called illustration software, allows users to draw
pictures, shapes, and other graphical images with various on-screen
tools such as a pen, brush, eyedropper, and paint bucket.
Multimedia authoring
software allows users to
combine text, graphics,
audio, video and
animation in an interactive
application. With this
software, users control the
placement of text and
images and the duaration of sounds, video, and animation. Once
created, multimedia presentations often take the form of interactive
computer-based presentations of Web-based presentations designed to
facilitate learning, demonstrate product fuctionality and elicit direct-
user participation. Training centers, educational institutions, and online
magazine publishers all use multimedia authoring software to develop
interactive applications. These applications may be available on an
optical disc, over a local area network, or via the Internet.
Web page authoring software helps users all skill levels create Web
pages that include graphical images, video, audio, animation, and other
special effects with interactive content. In addition, many Web page
authoring programs allow users to organize, mange, and maintain Web
sites. Application software, such as Word and Excel, often includes
Web page authoring features. This allows home and small business
users to create basic Web pages using application software they
already own. For more sophisticated Web pages, user work with Web
page authoring software. Many Web page developers
also use multimedia authoring software along with, or instead of, Web
page authoring software for Web page development.
Internet Explorer is
one of the most widely used
web browsers, attaining a peak
of about 95% usage share
during 2002 and 2003. Its usage
share has since declined with
the lauch of Firefox (2004) and
Google Chrome (2008), and
with the growing popularity of
operating systems with such as
OX S, Linux, iOS and Android
that do not run Internet
Explorer, Estimates for Internet
Explorer’s overall market share
range form 16.9% to 57.38%
(or even as lows as 13.09% when counting all platforms), as of February 2015
(browser market share is notoriuosly difficult to calculate). Microsoft spent
over US$100 million per year on Internet Explorer in the late 1900s, with over
1000 people working on it by 1999.
Mozilla Firefox (known simply as Firefox) is a free and open-source web
browser developed for Windows, OS X, and Linux, with a mobile version for
Android, by the Mozzila Foundation and its subsidiary, the Mozzila
Corporation. Firefox uses the Gecko layout engine to render web pages, which
implements current and anticipated web standards.
As of February 2015, Firefox has between 12% and 20% of worldwide usage
as a “desktop” browser, making it, per different sources, the third most
popular web browser.
Google Chrome is a freeware web browser developed by Google. It used the
Webkit layout engine until version 27 and, with the exception of its iOS
releases, from version 28 and beyond uses the WebKit fork Blink. It was first
released as a beta version for Microsoft Windows on September 2,2008 and as
a sstable public release on December 11, 2008
Outlook Express was an email and news client included with Internet
Explorer version 4.0 through 6.0 As such, it was also bundled with several
version of Microsoft Windows, from Windows 98 to Windows Server 2003,
and was available for Windows 3.x, Windows NT 3.51, Windows 95 and Mac
OS 9. In Windows Vistra, Outlook Express was superseded by Windows Mail,
then again by Windows Live Mail as separate software. Microsoft Entourage
(up to the 2008 edition) and then Microsoft Outlook (in Office 2011), sold as
part of Microsoft Office for Macintosh, has replaced the Machintosh version.
The project strategy was modeled after Mozzila Firefox, a project aimed at
creating a web browser. On December 7,2004, version 1.0 was released, and
received more than 500,000 downloads in its first three days of release, and
1,000,000 in 10 days. On July 6, 2012, Mozzila announced the company was
dropping the priority of Thunderbird development because the continuous
effort to extend Thunderbird’s feature set was mostly fruitless. The new
development model is based on Mozzila offering only “Extended Support
Releases”, which deliver security and maintenance updates, while allowing the
community to take over the development of new features. On November 25,
2014, Kent James of the volunteer-led Thunderbird Council announced that
more staff are required to be working full-time on Thunderbird so that,
through the Council, there can be stable and reliable product releases, and
progress made on features that have been frequently requested by the
community. They have also set up a roadmap for the next major release,
Thunderbird 38, due in May 2015.
FTP is built on a client-server architecture and uses separate control and data
connections between the client and the server. FTP users may authenticate
themselves using a clear-text sign-in protocol, normally in the form of a
username and password, but can connect anonymously if the server is
configured to allow it. For secure transmission that protects the username and
password, and encrypts the content, FTP is often secured with SSL/TLS
(FTPS). SSH File Transfer Protocol (STFP) is sometimes also used instead,
but is technologically different.
FileZilla is open source software distributed free of charge under the terms of
the GNU General Public License.
Web applications are becoming increasingly popular, and some people prefer
the convenience of using a web application instead of application software
installed on their computer. For example, some prefer to use Google docs (a
web application) to Microsoft word. Your manager notices this trend , and
asks you whether it will benefit the company to use web applications instead
of application software. Compare application installed on your computer with
comparable web applications. Are any security risk associated with using the
application software?How do the features compare between a web application
and the application software? Would you recommend using web application to
application software? Why?
Hardware/Sofware Interaction
The role of software is programming oced written to provide
instructions to the hardware so it can perform tasks. The way hardware and software
interact as computer processes data allows us to use the computer to complete many
tasks. A computer processes data by applying rules called algorithms. An algorithm is
a set of clearly defined, logical steps that solve a problem. A programmer will then
write the code in a formal programming language and then translate to machine
language that the computers understand.
Compilers and Interpretes
Computer understands programs only if it is coded in its machine language.
Because the computer can understand only machine language instructions, programs
that are written in a high-level language must be translated into machine language.
Once a program has been written in a high-level language, the programmer will use a
compiler or an interpreter to make the translation.
There are generally two types of programming languages: compiled
languages and interpreted languages. A compiler is need to translate a program
written in a compiled language into machine-understandable code (that is , bianry
code) beofre you can run the program on your machine. When the transaltion is done,
the binary code can be saved into an application file. You can keep running the
application file without the compiler unless the program (source code) is updated and
you have to recompile it. The binary code or application file is also called executable
code (or an excutable file)
On the other hand, a program written in an interpreted language can be run
immediatedly after you finish writing it – or for that matter, while you are writing it.
But such a program always needs an interpreter to translate the high-level instructions
into machine-understandable instructions (binary code) at runtime. You cannot run
the program on a machine unless the right interpreter is available.
However, there is nothing ingerent to a compiled language to prevent someone
from providing an interpreter for the language; likewise, people can and often do
write compilers for interpreted languages. In fact, it is not common to mix the two
flavors of languages, where a programmer compiles sourec code into a small binary
file, which is then executed by a run time interpreter. It is the job of the programmer
to write and tesh the program. There are four steps in this process: (1) writing and
editing the program, (2) compiling the program, (3) linking the program with the
required library modules, and (4) executing the program,
Five Generations of Programming Languages
First Generation: Machine Language
Machine language, known as the first generation of programming languages,
is the only language the computer directly recognizes. Machine-language
instructions use a series of binary digist (1s and 0s) or a combination of
numbers and letter that represents binary digits. The binary digits correspond
to the on and off electrical states. As you might imagine, coding in machine
language is tedious and time-cosuming.
A major benefit of OOP is the ability to reuse and modify existing objects. For
example, once a programmer creates an Employee object, it is available for
use by any other existing or future program. Thus, programmers repeatedly
reuse existing objects.
1. Analyze Requirements
2. Design Solution
3. Validate Design
4. Implement Design
5. Test Solution
6. Document Solution
The steps in the program development life cycle form a loop. Program
development is an ongoing process within system development. Each
time someone identifies errors in or improvements to a program and
request program modifications. The Analyze Requirements step begins
again,When programmers correct errors or add enhancements to an
existing program, they are said to be maintaining the program.
Program maintenance is an ongoing activity that occurs after a
program has been delivered to users, or place into production.
5. Test Solution
Once a programmer codes and enter the program, the next step
is to test it. Through testing is very important,After programmers place
the program into production, many users rely on the program and its
output to support their daily activities and decisions. The goal of
program testing is to ensure the program runs correctly and is error
free. Errors uncovered during this steps usually are one of two types
(1) syntax errors or (2) logic errors. A syntax error occurs when the
code violates the syntax, or grammar, of the programming language
6. Document Solution
In documenting the solution, the programmer performs two
activities: (1) review the program code and (2) review all the documentation.
First programmers review the program for any dead code and remove it. Dead
code is any program instructions that a program never executes. When
programmers write a program, they often write a section of code at a time. The
programmers should run the program one final time to verify it still works.
After reviewing the program code, the programmer gives the program and all
of its documentation to the system analyst. The documentation includes all
charts, solution algorithms, test data, and program code listings that contain
global and internal comments. The programmer should be sure all
documentation is complete and accurate. This becomes especially valuable if
the program requires changes in the future. Proper documentation greatly
reduces the amount of time a new programmer spends learning about existing
programs.
Introduction to Web Programming
Web programming refers to the writing, markup and coding involved
in Web development, which includes Web content, Web client and server scripting
and network security. The most common languages used for Web programming are
XML, HTML, JavaScript, Perl 5 and PHP. Web programming is different from just
programming, which requires interdisciplinary knowledge on the application are,
client and server scripting and database technology.
Web programming can be briefly categorized into client and server coding.
The client side needs programming related to accessing data from users and providing
information. It also needs to ensure there are enough plug-ins to enrich user
experience in a graphic user interface including security measures.
1. To improve user experience and related functionalities on the client
side, JavaScript is usually used. It is an excellent client side platform
for designing and implementing Web applications.
2. HTML5 and CSS3 supports most of the client side functionality
provided by other application frameworks,
The server side needs programming mostly related to data retrieval,
security and performance. Some of the tools used here include ASP,
Lotus Notes, PHP , Java , and MySQL.
Features of Perl
LESSON 11 :
INTRODUCTION TO DATABASES AND DATA-MINING
Introduction to Databases
Databases are used to store, manipulate, and receive data in nearly every type
of organization including personal or home use, business and offices, education,
government and world wide web. Database technology is routinely used by
individuals on personal computers, by workgroups accessing databases on
network servers, and by all employees using enterprise-wide distributed
applications.
Databases Types
A flat file database is a database that stores data in a plain text file usually
designed around a single table. The flat file design puts all database information on
one table, or list, with fields to represent all parameters. Table in a flat file do not have
interconnection. The example of this type is a student records in an excel file.
The ECE Instructor’s table
The column in the ICT instructor’s table pertains to the attribute or field in
the database concepts. The row in the ECE instructor’s table to the record or tuple.
Notice that in the previous tables the column Student Reg.No. is shared in all tables.
ranch Table
Problem: Searching a text file will not be efficient to large sizes of text file.
Reason: One has to search sequentially through the entire file to gather desired
info.
A relational database is a type of database that organizes data into tables, and
links them, based on defined relationships. These relationship enable you to retrieve
and combine data from one or more tables with a single query.
Using the relational database above it is now easy to find the best student as shown in the
new generated table below.
What is DBMS?
Database Management Systems (DBMS) is software that allows you to create access
and manage database. A typical DBMS is able to perform data housekeeping, data sorting,
data searching, and report generation.
b. Entity Integrity- no primary key attribute may be null. All primary key fields MUST have
data.
c. Referential Integrity requires that an item referenced by the data for some other item must
itself exist in the database. Example: If an airline reservation is requested to a particular flight,
then the corresponding flight number must actually exist.
Data Accessibility and Responsiveness- end users withouth programming experience can
often retrieve and display data, even when it crosses traditional departmental boundaries.
* Data Warehousing Concepts
The original concept of a data warehouse was devised by IBM as the "information
warehouse and presented as a solution for accessing data held in non-relational systems. The
information warehouse was proposed to allow organizations to use their data archives to help
them gain a business advantage. However, due to the sheer complexity and performance
problems associated with the implementation of such solutions, the early attempts at creating an
information warehouse were mostly rejected. Since then, the concept of data warehousing has
been raised several times but it is only in recent years that the potential of data warehousing is
now seen as a valuable and viable solution. The latest and most successful advocate for data
warehousing is Bill Inmon, who has earned the title of " father of data warehousing" due to his
active promotion of the concept.
Data warehousing (Inmon) is a subject-oriented, integrated, time-variant, and non- volatile
collection of data in support of management's decision-making process.
In this definition by Inmon (1993), the data is:
•Subject-oriented as the warehouse is organized around the major subjects of the enterprise
(such as customer, products, and sales) rather than the major application areas (such as customer
invoicing, stock control, and produxt sales).
Data Security ensures proper access control to the data residing in the database.
•Integrated because of the coming together of source data form different enterprise-wide
applications systems. The integrated data source must be made consistent to present a unified
view of the data to the users
•Time-variant because data in the warehouse is only accurate and valid at some point in time
or over some time interval. The time-variance of the data warehouse is also shown in the
extended time that the data is held, the implicit or explicit: association of time with all data, and
the fact that the data represents a series of snapshots.
•Non-volatile as the data is not updated in real time but is refreshed from operational
systems on a regular basis. New data is always added as a supplement to the database, rather than
a replacement. The database continually absorbs this new data, incrementally integrating it with
the previous data.
Take note that the ultimate goal of the data warehousing is to integrate enterprise-wide
corporate data into a single repository from which users can easily run queries, produce reports
and perform analysis. In summary, a data warehouse is data management and data analysis
technology.
*Data Mining
Data mining is the process of (automatically) extracting useful information from data. The
following examples of data mining applications.
Retail/Marketing
•Identifying buying patterns of customers.
•Finding associations among customer demograohic characteristics.
•Predicting response to mailing campaigns
•Market basket analysis
Banking
•Detecting patterns of fraudulent credit card use.
•Identifying loyal customers.
•Predicting customers like to change their credit card affiliation
• Determining credit card spending by customers group.
Insurance
• Claims analysis
•Predicting which customers will buy new policies.
Medicine
• Characterizing patient behavior to predct surgery visits.
• Identifying succeeding medical therapies for different illnesses
LESSON 12
INFORMATION AND COMMUNICATION SECURITY
Information Security refers to the process and methodologies which are designed and
implemented to protect print, electronic, or any other form of confidential , private and
sensitive information or data from unauthrized access, use misuse, disclosure ,
destruction, modification or disruption.
Basic Terminologies
Terms commonly associated in Information and communication security.
Threat- is the expressed potential for the occurrence of a harmful event such as an
attack.
Attack- action taken against a target with the intention of doing harm.
Vulnerability- wekness that makes targets susceptible to an attack.
Hacker-general term that has historically been used to describe a computer programming
expert. More recently, this term is commonly used in a negative way to describe an individual
who attempts to gain unauthorized access to network resources with malicious intent.
Cracker- term that is generally regarded as the more accurate word that is used to
describe an individual who attempts to gain unauthorized access to network resources with
malicious intent.
Phreaker- an individua who manipulates the phone network to cause it to perform a
function that is normally not allowed. A common goal of phreaking is breaking into the phone
network, usually through a payphone, to make free long-distance calls.
Spammer- an individual who sends large number of unsolicited email messages.
Phisher- IT, INTERNET, BANKING a person who attempts to trick people into giving
information over the internet or by email so that they can take money out of their bank
account: Phishers use forged emails and web pages to steal your identity and commit fraud.
Phishing is the fraudulent attempt to obtain sensitive information such as usernames,
passwords and credit card details, often for malicious reasons, by disguising as a trustworthy
entity in an electronic communication.
White hat- A white hat hacker is an individual who uses hacking skills to identify
security vulnerabilities in hardware, software or networks. However, unlike black hat hackers,
white hat hackers respect the rule of law as it applies to hacking.
White hat hackers, also called ethical hackers, only seek vulnerabilities or exploits when
they are legally permitted to do so. White hats may do their research on open source software, as
well as on software or systems that they own or that they have been authorized to investigate,
including products and services that operate bug bounty programs.
Marc Maiffret is known for exposing vulnerabilities in Microsoft products, such as the Code Red
worm, starting when he was a teenager. He later went on to co-found a software security
company and eventually become the chief technology officer of the security company
BeyondTrust.
Kevin Mitnick is another well-known white hat hacker. Formerly known as the most wanted
cybercriminal in America, Mitnick was arrested in 1995 and served five years in jail for his
hacking. After that brush with the law, Mitnick became a white hat hacker and now runs a
security consulting firm.
Tsutomu Shimomura is the white hat hacker responsible for finally catching Mitnick. A
computer scientist and physicist, Shimomura has worked for the NSA, and he assisted the FBI in
the highly publicized takedown of Mitnick.
Robert "RSnake" Hansen is also a well-known white hat hacker who co-coined the
term clickjacking. He is now the CISO at OutsideIntel.
In the same vein, Dan Kaminsky became famous when he discovered a critical DNS design flaw,
and he went on to become the chief scientist of the security firm White Ops.
Other big names in white hat hacking include Jeff Moss, who founded the Black Hat and
DEFCON security conferences; Dr. Charlie Miller, who hacked for the NSA for five years; and
Apple co-founder Steve Wozniak.
Black hat- A black hat hacker (or black-hat hacker) is a hacker who "violates computer
security for little reason beyond maliciousness or for personal gain"
MALWARE- or malicious software, is any program or file that is harmful to a computer
user. Malware includes computer viruses, worms, Trojan horses and spyware.
The following is a list of common types of malware, but it's hardly exhaustive:
Worms- Worms infect entire networks of devices, either local or across the internet, by
using network interfaces. It uses each consecutive infected machine to infect more.
Keyloggers- sometimes called a keystroke logger or system monitor, is a type of
surveillance technology used to monitor and record each keystroke typed on a specific
computer's keyboard.
Video frame grabbers- A frame grabber is a hardware device used to convert
a video frame to a single, still bitmapped image. Frame grabbers were initially standalone cards
that attached to a computer port, but now they are available as part of video capture boards or
display adapters in most computers.
Rootkits- is a collection of computer software, typically malicious, designed to enable access to
a computer or areas of its software that is not otherwise allowed (for example, to an unauthorized
user) and often masks its existence or the existence of other software.[1] The term rootkit is
a concatenation of "root" (the traditional name of the privileged account on Unix-like operating
systems) and the word "kit" (which refers to the software components that implement the tool).
The term "rootkit" has negative connotations through its association with malware.[1]
Rootkit installation can be automated, or an attacker can install it after having obtained root or
Administrator access. Obtaining this access is a result of direct attack on a system, i.e. exploiting
a known vulnerability (such as privilege escalation) or a password(obtained by cracking or social
engineering tactics like "phishing"). Once installed, it becomes possible to hide the intrusion as
well as to maintain privileged access. The key is the root or administrator access. Full control
over a system means that existing software can be modified, including software that might
otherwise be used to detect or circumvent it.
A spoofing attack is when an attacker or malicious program successfully acts on another person’s
(or program’s) behalf by impersonating data.
Takes place when the attacker pretends to be someone else (or another computer, device, etc.) on
a network in order to trick other computers, devices or people into performing legitimate actions
or giving up sensitive data. Some common types of spoofing attacks include ARP spoofing, DNS
spoofing and IP address spoofing. These types of spoofing attacks are typically used to attack
networks, spread malware and to access confidential information and data.
The most commonly-used spoofing attack is the IP spoofing attack. This type of spoofing attack
is successful when a malicious attacker copies a legitimate IP address in order to send out IP
packets using a trusted IP address. Replicating the IP address forces systems to believe the
source is trustworthy, opening any victims up to different types of attacks using the ‘trusted’ IP
packets.
The most popular type of IP spoofing attack is a Denial of Service attack, or DoS, which
overwhelm and shut down the targeted servers. One outcome attackers can achieve using IP
spoofing attacks is the ability to perform DoS attacks, using multiple compromised computers to
send out spoofed IP packets of data to a specific server. If too many data packets reach the
server, the server will be unable to handle all of the requests, causing the server to overload. If
trust relationships are being used on a server, IP spoofing can be used to bypass authentication
methods that depend on IP address verification.
2.ARP Spofing attacks
This type of spoofing attack occurs when a malicious attacker links the hacker’s
MAC address with the IP address of a company’s network. This allows the attacker to
intercept data intended for the company computer. ARP spoofing attacks can lead to
data theft and deletion, compromised accounts and other malicious consequences.
ARP can also be used for DoS, hijacking and other types of attacks
Packet filtering should be implemented so that all packets are filtered and scanned for
inconsistencies. As a result, packets with inconsistencies are blocked, which can
effectively prevent spoofing attacks from being successful.
Avoid trust relationships- Avoid all types of trust relationships, as trust relationships only
use IP address verification, opening users up to easy spoofing attacks.
Use spoofing detection software- Use spoofing-detection programs, which inspect and
certify data before transmitting it to avoid attacks, especially ARP spoofing attacks.
Use cryptographic network protocols- Using secure encryption protocols such as Secure
Shell (SSHs), Transport Layer Security (TLS), and HTTP Secure (HTTPS) help avoid
many types of spoofing attacks, as the protocols encrypt the data, therefore making
verification and must be verified in order to be spoofed.
NETWORK-BASED ATTACK
Are threats that are launched and controlled from a device or devices other than those under
attack. Denial of service attacks and distributed denial of service attacks are examples of network
based attacks.
Types of network-based attacks
DENIAL OF SERVICE ATTACK
The idea of DOS attack is to reduce the quality of service offered by server, or to crash server
with heavy work load. DoS (Denial of Service) attack does not involve breaking into the target
server. This is normally achieved by either overloading the target network or target server, or
by sending network packets that that may cause extreme confusion at target network or target
server.
One simple DoS (Denial of Service) attack was called the "Ping of Death." The Ping of Death
was able to exploit simple TCP/IP troubleshooting ping tool. Using ping tool, hackers would
flood a network with large packet requests that may ultimately crash the target server.
Before understanding what is SYN attack, we need to know about TCP/IP three-way
handshake mechanism. Transmission Control Protocol/Internet Protocol (TCP/IP) session is
initiated with a three-way handshake. The two communicating computers exchange a SYN,
SYN/ACK and ACK to initiate a session. The initiating computer sends a SYN packet, to
which the responding host will issue a SYN/ACK and wait for an ACK reply from the initiator.
Click the following link to learn more about TCP/IP three-way handshake mechanism.
The SYN flood attack is the most common type of flooding attack. The attack occurs when the
attacker sends large number of SYN packets to the victim, forcing them to wait for replies that
never come. The third part of the TCP three-way handshake is not executed. Since the host is
waiting for large number of replies, the real service requests are not processed, bringing down
the service. The source address of these SYN packets in a SYN flood attack is typically set to
an unreachable host. As a result it is impossible to find the attacking computer.
SYN cookies provide protection against the SYN flood. A SYN cookie is implemented by
using a specific initial TCP sequence number by TCP software and is used as a defense against
SYN Flood attacks. By using stateful firewalls which reset the pending TCP connections after
a specific timeout, we can reduce the effect of SYN attack.
Teardrop attack- A teardrop attack is a denial-of-service (DoS) attackthat involves sending
fragmented packets to a target machine. Since the machine receiving such packets cannot
reassemble them due to a bug in TCP/IP fragmentation reassembly, the packets overlap one
another, crashing the target network device
Physical infrastructure attacks- Cause a Denial of Service (DoS) attack. These physical
infrastructure attacks can be accomplished simply by snipping a fiber-optic cable. They are
typically mitigated by the reality that traffic can quickly be rerouted.
If physical access to a computer system can be obtained, then gaining access to the information
on that computer system can also be obtained
Overprovisioning your bandwidth provides extra time to identify and deal with a DDoS attack.
Extra bandwidth also allows your server to accommodate unexpected spikes in traffic,
cushioning you against an intense attack.
Overprovisioning alone will not stop a large DDoS attack, but it could buy you critical time
before your resources are completely overwhelmed.
This technique works well against volumetric DDoS attacks, and many organisations use this
strategy to simply scale bandwidth to soak up large volumes of traffic. However, because of the
arms race between scalable bandwidth and attack power of DDoS attacks, this is mainly an
option for large enterprises willing to pay for the bandwidth needed.
But if an attacker is unable to muster enough traffic to overwhelm this, a volumetric attack is
generally ineffective.
Additional:
2. Make your architecture as resilient as possible
To withstand an attack, it’s crucial to make your architecture as resilient as possible. It’s not just
crucial for DDoS attacks, it’s highly beneficial for any kind of business continuity in response to
a general outage or disaster.
Priorities for architecture should be geographic and provider diversity. By spreading your
resources across multiple data centres, you’ll ensure that if one service is knocked offline, you’ve
got a backup. Popular cloud providers, like Microsoft Azure or Amazon AWS, often provide the
option to host your services in geographically separate data centres, ensuring you have a backup
if you’re struck.
DDoS attacks can strike whenever, so don’t wait for an attack to bring your business to its knees.
Create a system that can help you survive a DDoS attack, enabling you to mitigate the risk if one
does occur.
A DDoS action plan might include using automated reports to send an internal alert when your
traffic increases beyond normal levels (you should do this as best practice anyway!) and
documenting your IT infrastructure to create a network topology diagram with an asset
inventory.
For more information on creating your own plan, take a look at this DDoS incident response
cheat sheet from GIAC security expert Lenny Zeltser.
4. Improve the security of your Internet of Things (IoT) devices
DDoS attacks are on the rise and hackers are now leveraging massive worldwide botnets
composed of Internet of Things (IoT) devices. The Internet of Things, the worldwide network of
connected devices like fridges and DVRs, is heralded as the next industrial revolution – but it’s
also the best thing to happen to DDoS attackers.
Why? IoT devices typically lack security and hackers are now able to manipulate armies of
connected devices to launch traffic at victims of their choosing.
To reduce the attack power of DDoS attacks, consumers and businesses must boost the security
of their devices. One quick and effective way to do this is by updating from default factory-set
passwords – easily guessed by hackers using bruteforce techniques. Pick a strong password and
change it regularly.
This will also reduce the risk of these devices being used against you, as one university
experienced when attacked by their own internet-connected vending machines.
5. Monitor traffic levels
DDoS attacks cause huge traffic spikes, but this could be hidden amidst real traffic. To disguise
an attack, smart cyber criminals launch DDoS attacks when websites and services are usually
busy, like Christmas or Black Friday.
The best way to detect a DDoS attack is to look out for these abnormal spikes in traffic to your
website. Stay alert, monitor traffic and set thresholds for automated reports when these are
exceeded.
CDNs, however, are not cheap and a typical monthly plan can edge into the five figure mark.
The value proposition will be hard to swallow for small businesses, well worth it for large
enterprises that cannot risk being knocked offline by a DDoS attack.
Organisations can invest in security forever and there’s no end to the money that could be spent.
Some organisations won’t be able to afford a CDN, luckily, it’s not the only option.
These faux-attacks could be performed as part of a penetration test, a safe hacking attack
performed by a skilled ethical hacker. These simulations find hidden security flaws and monitor
how well businesses could withstand DDoS attacks. Regardless, you should be conducting
regular penetration tests on your business to ensure you’re as secure as you think you are.
Run a DDoS attack simulation during planned maintenance to spare your end users the
inconvenience, and if you have a CDN you should warn the provider that it’s a test.
Customer education is an important part of DDoS protection. DDoS attacks will be significantly
reduced in strength if the number of users unknowingly running DDoS malware was reduced.
Proactively guard your customers against cyber bullies by encouraging them to follow security
best practices to secure their devices.
10. Train your staff in incident handling and recovery
Knowledge is power and you’ll need it to prevent and recover from a DDoS attack. Whoever is
responsible for your IT infrastructure should understand proper incident handling procedure, so
in the event of a DDoS attack, they can respond effectively and mitigate any further attacks.
If your businesses is serious about resisting and recovering from DDoS attacks, consider training
a member of your team in one of the myriad security certifications available.
In Distributed Denial of Service (DDoS), an intruder compromise one computer and make it
Distributed Denial of Service (DDoS) master. Using this Distributed Denial of Service (DDoS)
master, the intruder identifies and communicates with other systems that can be compromised.
Then the intruder installs Distributed Denial of Service (DDoS) tools on all compromised
systems. With a single command, the intruder instructs the compromised computers to launch
flood attacks against the target server. Here thousands of compromised computers are flooding
or overloading the resources of the target server preventing the legitimate users from accessing
the services offered by the server.
SOCIAL ENGINEERING
Social engineering relies heavily on the 6 principles of influence established by Robert Cialdini.
Cialdini's theory of influence is based on six key principles: reciprocity, commitment and
consistency, social proof, authority, liking, scarcity.
Six key principles[edit]
1. Reciprocity – People tend to return a favor, thus the pervasiveness of free samples in
marketing. In his conferences, he often uses the example of Ethiopia providing thousands
of dollars in humanitarian aid to Mexico just after the 1985 earthquake, despite Ethiopia
suffering from a crippling famine and civil war at the time. Ethiopia had been
reciprocating for the diplomatic support Mexico provided when Italy invaded Ethiopia in
1935. The good cop/bad cop strategy is also based on this principle.
2. Commitment and consistency – If people commit, orally or in writing, to an idea or goal,
they are more likely to honor that commitment because of establishing that idea or goal
as being congruent with their self-image. Even if the original incentive or motivation is
removed after they have already agreed, they will continue to honor the agreement.
Cialdini notes Chinese brainwashing of American prisoners of war to rewrite their self-
image and gain automatic unenforced compliance. Another example is marketers make
you close popups by saying “I’ll sign up later” or "No thanks, I prefer not making
money”.
3. Social proof – People will do things that they see other people are doing. For example, in
one experiment, one or more confederates would look up into the sky; bystanders would
then look up into the sky to see what they were seeing. At one point this experiment
aborted, as so many people were looking up that they stopped traffic. See conformity,
and the Asch conformity experiments.
4. Authority – People will tend to obey authority figures, even if they are asked to perform
objectionable acts. Cialdini cites incidents such as the Milgram experiments in the early
1960s and the My Lai massacre.
5. Liking – People are easily persuaded by other people that they like. Cialdini cites the
marketing of Tupperware in what might now be called viral marketing. People were
more likely to buy if they liked the person selling it to them. Some of the many biases
favoring more attractive people are discussed. See physical attractiveness stereotype.
6. Scarcity – Perceived scarcity will generate demand. For example, saying offers are
available for a "limited time only" encourages sales.
Pretexting
"Blagger" redirects here. For the video game, see Blagger (video game).
Pretexting (adj. pretextual), is the act of creating and using an invented scenario (the pretext) to
engage a targeted victim in a manner that increases the chance the victim will divulge
information or perform actions that would be unlikely in ordinary circumstances.[7] An
elaborate lie, it most often involves some prior research or setup and the use of this information
for impersonation (e.g., date of birth, Social Security number, last bill amount) to establish
legitimacy in the mind of the target.[8]
This technique can be used to fool a business into disclosing customer information as well as
by private investigators to obtain telephone records, utility records, banking records and other
information directly from company service representatives.[9] The information can then be used
to establish even greater legitimacy under tougher questioning with a manager, e.g., to make
account changes, get specific balances, etc.
Pretexting can also be used to impersonate co-workers, police, bank, tax authorities, clergy,
insurance investigators—or any other individual who could have perceived authority or right-to-
know in the mind of the targeted victim. The pretexter must simply prepare answers to questions
that might be asked by the victim. In some cases, all that is needed is a voice that sounds
authoritative, an earnest tone, and an ability to think on one's feet to create a pretextual scenario.
Phishing
Main article: Phishing
Phishing is a technique of fraudulently obtaining private information. Typically, the phisher
sends an e-mail that appears to come from a legitimate business—a bank, or credit card
company—requesting "verification" of information and warning of some dire consequence if it is
not provided. The e-mail usually contains a link to a fraudulent web page that seems legitimate—
with company logos and content—and has a form requesting everything from a home address to
an ATM card's PIN or a credit card number. For example, in 2003, there was a phishing scam in
which users received e-mails supposedly from eBay claiming that the user's account was about to
be suspended unless a link provided was clicked to update a credit card (information that the
genuine eBay already had). Because it is relatively simple to make a Web site resemble a
legitimate organization's site by mimicking the HTML code and logos the scam counted on
people being tricked into thinking they were being contacted by eBay and subsequently, were
going to eBay's site to update their account information. By spamming large groups of people,
the "phisher" counted on the e-mail being read by a percentage of people who already had listed
credit card numbers with eBay legitimately, who might respond.
IVR or phone phishing
Main article: Vishing
Phone phishing (or "vishing") uses a rogue interactive voice response (IVR) system to recreate a
legitimate-sounding copy of a bank or other institution's IVR system. The victim is prompted
(typically via a phishing e-mail) to call in to the "bank" via a (ideally toll free) number provided
in order to "verify" information. A typical "vishing" system will reject log-ins continually,
ensuring the victim enters PINs or passwords multiple times, often disclosing several different
passwords. More advanced systems transfer the victim to the attacker/defrauder, who poses as a
customer service agent or security expert for further questioning of the victim.
Spear phishing
Main article: Spear phishing
Although similar to "phishing", spear phishing is a technique that fraudulently obtains private
information by sending highly customized emails to few end users. It is the main difference
between phishing attacks because phishing campaigns focus on sending out high volumes of
generalized emails with the expectation that only a few people will respond. On the other hand,
spear phishing emails require the attacker to perform additional research on their targets in order
to "trick" end users into performing requested activities. The success rate of spear-phishing
attacks is considerably higher than phishing attacks with people opening roughly 3% of phishing
emails when compared to roughly 70% of potential attempts. Furthermore, when users actually
open the emails phishing emails have a relatively modest 5% success rate to have the link or
attachment clicked when compared to a spear-phishing attack's 50% success rate.[10]
Spear Phishing success is heavily dependent on the amount and quality of OSINT (Open Source
Intelligence) that the attacker can obtain. Social media account activity is one example of a
source of OSINT.
Water holing
Main article: Watering hole attack
Water holing is a targeted social engineering strategy that capitalizes on the trust users have in
websites they regularly visit. The victim feels safe to do things they would not do in a different
situation. A wary person might, for example, purposefully avoid clicking a link in an unsolicited
email, but the same person would not hesitate to follow a link on a website he or she often visits.
So, the attacker prepares a trap for the unwary prey at a favored watering hole. This strategy has
been successfully used to gain access to some (supposedly) very secure systems.[11]
The attacker may set out by identifying a group or individuals to target. The preparation involves
gathering information about websites the targets often visit from the secure system. The
information gathering confirms that the targets visit the websites and that the system allows such
visits. The attacker then tests these websites for vulnerabilities to inject code that may infect a
visitor's system with malware. The injected code trap and malware may be tailored to the specific
target group and the specific systems they use. In time, one or more members of the target group
will get infected and the attacker can gain access to the secure system.
Baiting
Baiting is like the real-world Trojan horse that uses physical media and relies on the curiosity or
greed of the victim.[12] In this attack, attackers leave malware-infected floppy disks, CD-ROMs,
or USB flash drives in locations people will find them (bathrooms, elevators, sidewalks, parking
lots, etc.), give them legitimate and curiosity-piquing labels, and waits for victims.
For example, an attacker may create a disk featuring a corporate logo, available from the target's
website, and label it "Executive Salary Summary Q2 2012". The attacker then leaves the disk on
the floor of an elevator or somewhere in the lobby of the target company. An unknowing
employee may find it and insert the disk into a computer to satisfy his or her curiosity, or a good
Samaritan may find it and return it to the company. In any case, just inserting the disk into a
computer installs malware, giving attackers access to the victim's PC and, perhaps, the target
company's internal computer network.
Unless computer controls block infections, insertion compromises PCs "auto-running" media.
Hostile devices can also be used.[13] For instance, a "lucky winner" is sent a free digital audio
player compromising any computer it is plugged to. A "road apple" (the colloquial term for
horse manure, suggesting the device's undesirable nature) is any removable media with malicious
software left in opportunistic or conspicuous places. It may be a CD, DVD, or USB flash drive,
among other media. Curious people take it and plug it into a computer, infecting the host and any
attached networks. Hackers may give them enticing labels, such as "Employee Salaries" or
"Confidential".[14]
One study done in 2016 had researchers drop 297 USB drives around the campus of the
University of Illinois. The drives contained files on them that linked to webpages owned by the
researchers. The researchers were able to see how many of the drives had files on them opened,
but not how many were inserted into a computer without having a file opened. Of the 297 drives
that were dropped, 290 (98%) of them were picked up and 135 (45%) of them "called home".[15]
Quid pro quo
Quid pro quo means something for something:
An attacker calls random numbers at a company, claiming to be calling back from technical
support. Eventually this person will hit someone with a legitimate problem, grateful that
someone is calling back to help them. The attacker will "help" solve the problem and, in the
process, have the user type commands that give the attacker access or launch malware.
In a 2003 information security survey, 90% of office workers gave researchers what they
claimed was their password in answer to a survey question in exchange for a
cheap pen.[16] Similar surveys in later years obtained similar results using chocolates and
other cheap lures, although they made no attempt to validate the passwords.[17]
Tailgating[edit]
Main article: Piggybacking (security)
An attacker, seeking entry to a restricted area secured by unattended, electronic access control,
e.g. by RFID card, simply walks in behind a person who has legitimate access. Following
common courtesy, the legitimate person will usually hold the door open for the attacker or the
attackers themselves may ask the employee to hold it open for them. The legitimate person may
fail to ask for identification for any of several reasons, or may accept an assertion that the
attacker has forgotten or lost the appropriate identity token. The attacker may also fake the action
of presenting an identity token.
Vishing
Vishing, otherwise known as "voice phishing", is the criminal practice of using social
engineering over the telephone system to gain access to private personal and financial
information from the public for the purpose of financial reward. It is also employed by attackers
for reconnaissance purposes to gather more detailed intelligence on a target organisation.
Other types
Common confidence tricksters or fraudsters also could be considered "social engineers" in the
wider sense, in that they deliberately deceive and manipulate people, exploiting human
weaknesses to obtain personal benefit. They may, for example, use social engineering techniques
as part of an IT fraud.
A very recent type of social engineering technique includes spoofing or hacking IDs of people
having popular e-mail IDs such as Yahoo!, Gmail, Hotmail, etc. Among the many motivations
for deception are: