Thursday , 28 May 2020
Home / IT Security (page 25)

IT Security

DoS | Botnet Specific Defensive Strategies

DoS | Botnet Specific Defensive Strategies

DoS | Botnet Specific Defensive Strategies: Let’s look at some DoS defensive strategies:- Disabling Unnecessary Services: You can help protect against DoS and DDoS attacks by hardening individuals systems and by implementing network measures that protect against such attacks. Using Anti-Malware:  Real-time virus protection can help prevent bot installations by reducing Trojan infections with bot payloads. This has the effect …

Read More »

SSL and TLS

SSL and TLS

SSL and TLS: Secure Sockets Layer (SSL) is used to establish a secure communication connection between two TCP-based machines. This protocol uses the handshake method of establishing a session. The number of steps in the handshake depends on whether steps are combined and/or mutual authentication is included. The number of steps is always between four and nine, inclusive, based on …

Read More »

Understanding Cryptography Standards and Protocols

Understanding Cryptography Standards and Protocols

Understanding Cryptography Standards and Protocols: Numerous standards are available to establish secure service. Some of the standard that will be presented in the following section, here we will remind you of them and introduce you to a few more standards. The movement from proprietary governmental standards toward more unified global standards is growing trend that has both positive and negative …

Read More »

Phishing, Spear Phishing, and Vishing

Phishing, Spear Phishing, and Vishing

Phishing, Spear Phishing, and Vishing: Phishing is a form of social engineering in which you ask someone for a piece of information that you are missing by making it look as if it is a legitimate request. An email might look as if it is from a bank and contain some basic information, such as the user’s name. In the …

Read More »

Spoofing Attacks – Understanding Various Types of Attacks

Spoofing Attacks – Understanding Various Types of Attacks

Spoofing Attacks: A spoofing attack is an attempt by someone or something to masquerade as someone else. This type of attack is usually considered an access attack. A common spoofing attack that was popular for many years on early Unix and other timesharing systems involved a programmer writing a fake logon program. It would prompt the user for a user …

Read More »

Identifying Denial-of-Service and Distributed Denial-of-Service Attacks

Identifying Denial-of-Service and Distributed Denial-of-Service Attacks

Identifying Denial-of-Service and Distributed Denial-of-Service Attacks: Denial-of-service (DoS) attacks prevent access to resources by users authorized to use those resources. An attacker may attempt to bring down an e-commerce website to prevent or deny usage by legitimate customers. Most simple DoS attacks from a single system, and a specific server or organization is the target.   TIP: there is not …

Read More »

Top 10 Mobile Devices Security

Top 10 Mobile Devices Security

Mobile Device Security: Mobile device, such as laptops, tablet computers, and Smartphones, provide security challenges above those of desktops workstations, servers, and such in that they leave the office and this increases the odds of their theft. In 2010, AvMed Health Plans, a Florida-based company, had two laptops computer stolen. Together, over one million personal customer records were on those …

Read More »

Authentication (Single Factor) and Authorization

Authentication (Single Factor) and Multifactor Authorization

Authentication (Single Factor) and Authorization: The most basic form of authentication is known as single-factor authentication (SFA), because only one type of authentication is checked. SFA is most often implemented as the traditional username/password combination. A username and password are unique identifiers for a logon process. Here’s a synopsis for how SFA works: when users sit down in front of …

Read More »

VPNs and VPN Concentrators

VPNs and VPN Concentrators

VPNs and VPN Concentrators: A virtual private network (VPN) is a private network connection that occurs through a public networks. A private network provides security over an otherwise unsecure environment. VPNs can be used to connect LANs together across the Internet or other public networks. With a VPN, the remote end appears to be connected to the network as if …

Read More »

SQL: Bypassing Authentication

SQL: Bypassing Authentication

We can now construct a valid SQL statement that will execute gracefully and retrieve information that we have no rights to retrieve. Bypassing Authentication We know we are dealing with a string column because of the quotes being applied to our input, so we can either the 1=1 or ‘a’=’a clause that were introduced earlier in previous articles. Here is …

Read More »