Types of attacks?
SQL Injection
DDOS attack (distributed denial of service)
social engineering
computer virus
computer worm
trojan horse
sniffer
What is an SQL injection?
a type of attack often used against data driven applications.
Code injection technique that might destroy database.
It is a technique that exploits an application security weaknesses.
Takes advantage of non-validated input vulnerabilities to pass SQL commands through a web application for execution by a backend database
What is an SQL injection used for?
Used to steal databases full of credit card information, passwords, or personal details
How do you prevent an SQL injection?
Use prepared statements
Use stored procedures (that can be saved and used over again)
Validate user input
What is a DDOS attack? (distributed denial of service)
Make a machine or network resource inaccessible to users.
Its a cyberattack that causes the servers to refuse to provide services to genuine clients
What are the 2 types of DDOS attacks? (distributed denial of service)
Flooding and crash attack
What is a flooding DDOS attack?
the hacker sends a huge amount of traffic to the server which the server can not handle. And hence, the server stops functioning. This type of attack is usually executed by using automated programs that continuously send packets to the server
What is a crash DDOS attack?
the hackers exploit a bug on the server resulting in the system to crash and hence the server is not able to provide service to the clients
What do DDOS attacks usually utilize? (distributed denial of service)
botnets
What is a botnet?
A number of devices connected to the internet where each device has one or more bots running on it. The bots on the devices and malicious scripts used to hack a victim. Can be used to steal data, send spams and execute a DDOS attack
How do you prevent DDOS attacks? (distributed denial of service)
Use Anti-DDOS services
Configure Firewalls and Routers
Use Front-End Hardware (or application front-end hardware)
Use Load Balancing: efficient distribution of network or applications across servers
Handle Spikes in Traffic
What is front end hardware in DDOS attack prevention?
any hardware that optimizes or protects network traffic. It is placed on the network's outward-facing frontend or boundary
What is social engineering?
the art of manipulating people into divulging personal and confidential information
Requires very little technical skill, relies heavily on human interaction, most often used with other exploits, sim hijacking
How are malware and viruses used?
Used by an attacker to steal data, disrupt operations or access a private network.
Used to describe many different types of software including viruses, worms, Trojans, key loggers, spyware and others
What is a computer virus?
Any hostile computer program that can replicate itself and spread from one computer to another without input from its creator.
Needs to attach itself to an existing program in order for it to work.
They are used to deliver many different payloads
What is a computer worm?
A program similar to a virus; it can replicate itself and spread from one computer to another.
Unlike a virus a worm does not need to be attached to an existing program in order to function.
Always cause harm to the network, even if it is just increased bandwidth consumption, whereas a virus will always corrupt and/or modify files on a computer.
What is a trojan horse?
A program that pretends to do one thing, but in reality does something else. May appear to be a normal program, but in fact does something malicious.
Used to record keystrokes input by a user. Can be used to steal usernames, passwords, credit card information, personal details and so on.
They do not replicate as viruses do, nor make copies of themselves as worms do.
They simply give access to some hacker or a cracker.
How do you prevent malware and viruses?
Install firewalls
Program network security system used to monitor (allows/block) network traffic.
Have a set of predetermined security rules to filter packets trying to enter the network.
Usually placed between (on the boundary of) a trusted and untrusted networks.
What is a sniffer?
A program and/or service that monitors data travelling over a network. Sniffers are used to steal information off a network.
Unauthorized sniffers can be extremely dangerous to a network’s security because they are virtually impossible to detect.
Used especially in the Wi-Fi connection.
What is a temporary solution to sniffers?
Used to prevent access to computer systems by unwanted programs.
Utilizes many different methods to protect the computer.
Often search for signs of viruses on every website that is visited and do regular scans of the computer to check for infections
What are the types of hacking and data theft?
password cracking
brute forcing
dictionary hack
packet sniffing
phishing
pharming
spear phishing
key loggers
spoofing
IP spoofing
What is password cracking?
Attempting to guess a password using a program
What is brute forcing?
A program that guesses a password by inputting as many randomly generated passwords using the computer’s processing power
What is dictionary hack?
A program that guesses passwords based on words in a dictionary or the program’s vocabulary
What is packet sniffing?
Sniffing packets sent over the internet to gain security details over unsecured connections
What is phishing?
Is the attempt to acquire sensitive information such as usernames, passwords, and credit card details (and sometimes, indirectly, money) by pretending as a trustworthy entity in an electronic communication. Legitimate looking sites designed to lure users. Ex. An email sent.
What is pharming?
Another technique used to steal confidential access code. It works by redirecting users to a rogue server. Example: malicious website that resembles a legitimate website – used to gather username/pwd
When does spear phishing occur?
when criminals obtain information about you from websites or social networking sites, and customize a phishing scheme to you
What are key loggers?
records keystrokes and can be software or hardware
What is spoofing?
can be define as misrepresenting the sender of a message (e-mail, IM, letter, resume, etc.) in a way that causes the human recipient to behave a certain way
What is IP spoofing?
Masks the IP address of a hacker and prevents them from being found. ◼ When a hacker spoofs an IP address through a Web site, it is known as IP / Web spoofing
What are the types of hacking attacks?
Domain Name Server Tunneling
Eavesdropping
Jailbreaking
Business email compromise
Cross site scripting
drive by attack
What is DNS tunneling?
an attack designed specifically with the intension of providing hackers with continual access to the target. ◼ Enables the hacker to insert (or tunnel) malware into DNS request coming from the client to the server by tempering with the HTTP (protocol)
What is eavesdropping?
Involves a hacker intercepting and accessing \n the data traveling across a network by \n exploiting unsecured communication
What is jailbreaking?
Involves a hacker “rooting your device to allow the installation of software that has not been verified by vendors or made available in official app stores. This leaves the device vulnerable to incoming malware.
What is BEC? (business email compromise)
attack involves hacker targeting employees with authorization privileges for various transactions.
What is cross site scripting?
An XSS infects users by inserting malicious scripts when a user visits a website, thereby infecting device, stealing cookies, credentials, etc
How to prevent phishing attack?
Do not enter sensitive information in the webpages that you don’t trust
Verify the site’s security
Use Firewalls
Use Antivirus Software that has Internet Security
Use Anti-Phishing Toolbar
Steps in AI
Know the Domain, Study the Data (Data Mining), Cleanse and Normalize Data, Choose a Model, Test and compare with other models, Short List optimum models, Fine Tune
AI in steps
Correct and Modify, Monitor Errors, Record Learning.
What is the turing test?
A machine trying to fool a human into thinking that it is human
VR
a complete immersion experience with lenses, 3D visualizations
AR
an interactive experience of a real world environment where the objects that reside in the real world are enhanced by computer generated perceptual information, sometimes across multiple sensory modalities
MR
combines elements of both AR and VR, real world and digital objects interact
Acronym for CAPTCHA
Completely Automated Public Turing test to tell Computers and Humans Apart
What is security?
Protection against intentional harm
What is safety?
Protection against accidental harm
Deon theory
regards ‘duty’ as most important for morality. There are absolute rights and wrongs
Example of Deon Theory
shooting an intruder (killing is wrong) to protect your family (protecting them is right).
UT theory
regards consequences as most moral. The end justifies the mean
Positive right
An obligation of some people to provide certain things for \n others. Ex: safe workplace; access to a free public education. Provide a good or service
Negative right
The right to act without interference. Ex: freedom of speech; right \n to strike. Requires other to abstain from your actions
Who is a hacker?
Intelligent individuals with computer skills and an ability to explore the system details. For some, hacking is a hobby. Their intention can either be to gain knowledge or to explore and do illegal things
Different types of hackers
black hat
white hat
grey hat
blue hat
hacktivist
script kiddie
elite hacker
bots
What is cracking?
Penetrating into someone’s system without their permission just for fun or to harm that system and get some crucial data.
What is a black hat hacker?
Malicious hacker
What are white hat hackers?
A hacker with the main intention of improving computer security. Also called an Ethical hacker
What is a grey hat hacker?
(Mixture of white and black, offers their services to improve the system for a fee). A hacker who will identify but not exploit discovered vulnerabilities, yet may still expect a reward for not disclosing the vulnerability openly
What is a blue hat hacker?
(consults firms, perform system tests before launch). Invites professionals to find vulnerabilities.
What is a hacktivist?
Utilizes technology
What is a script kiddie?
(Skiddie) – non-expert in technology lacking knowledge, immature, trying to crack into systems by using products created by others. Early hackers
What is a elite hacker?
The most skilled hacker. Master of deception
What is a bot?
Software tools that hackers use
Advantages of ethical hacking?
It helps to fight against cyber terrorism and national security breaches.
➢ It helps to take preventive actions against other hackers.
➢ Detects the weaknesses and closes the gaps in a system or a network.
➢ Prevents gaining access from malicious hackers.
➢ Provides security to banking and financial settlements
Disadvantages of ethical hacking?
➢ Might use the data against malicious hacking activities.
➢ May corrupt the files of an organization.
➢ Possibility to steal sensitive information on the computer system.
Phases of hacking
reconnaissance
scanning
gaining access
maintaining access
covering tracks
What is data mining?
the process of sorting through large data sets to identify patterns and relationships that can help solve business problems through data analysis
What are the 4 classifications of MLP?
supervised, unsupervised, and reinforcement learning
semi supervised is a combination of supervised and unsupervised
3 foundations of cyber security
Privacy, Control, and Agency (or lack thereof, i.e. Surveillance)
What is IOT
Internet of things
What does IOT relate to
processing speed,
cloud computing,
wireless communication,
light weight OS,
small footprint protocols,
research,
reducing cost and memory
What is XR?
overs all of the various technologies that enhance our senses, whether they’re providing additional information about the actual world or creating totally unreal, simulated worlds for us to experience. It includes Virtual Reality (VR), Augmented Reality (AR) and Mixed Reality (MR) technologies
Examples of IOT
cars (tesla), selfie fridge
How do augmented and virtual realities differ?
Purpose (explain):
Could be for healthcare [training in surgical operations
media/entertainment [movies and shows to create unique experiences]
Virtual travel [trips to museum, or different planet]
Professional sports [training programs]
Gaming [first person shooters]
Delivery method
Head mounted or smart device
Operate independently as well as often blended together
What is ethics?
study of what it means to “do the right thing”
Rational Agents
A rational agent or rational being is a person or entity that always aims to perform optimal actions based on given premises and information. (could be an entity of action)
Formula for agents: f:P*→A
Vulnerability vs Threat vs Risk
A vulnerability is a weakness, flaw or other shortcoming in a system. a threat is anything that could exploit a vulnerability, which could affect the confidentiality, integrity or availability of your systems, data, people and more. Finally, risk is the probability of a negative (harmful) event occurring as well as the potential of scale of that harm.
Behaviors associated with human intelligence?
planning
learning
problem solving
knowledge representation
Perception motion
Reasoning social intelligence /creativity
Easy way to remember hacking
Legal activities done trying to \n improve technology
Easy way to remember cracking
illegal activities, hacking with a malicious intent
Phases of hacking
reconnaissance
scanning
gaining access
maintaining access
covering tracks
What is the HGP
Human Genome \n Project (HGP) coordinated by Department of Energy and \n National Institute of Health \n Goal is to identify all of the approximately 100,000 genes \n in human DNA \n Store and analyze the data \n Address the ethical, legal, and social issues 33
What impact does the Human Genome Project have \n on society?
Understand the functions of genes and proteins. This \n knowledge will have a major impact in the fields of \n medicine, biotechnology, and the life sciences. \n It could help with the diagnosis and prevention of \n human disease. \n It would allow us to modify medication for more \n effective treatment cycles. \n -ve: It could develop a trend in “designer” humans. \n -ve: could create classes of individuals - only be \n accessible to the wealthy. \n -ve: health and environment threats 35
Phases of Offshoring
Awareness
Exploration
Expansion
Commitment
Dissolution
Sources of Errors for Machine Learning and Data Analysis
Sampling error and Non-sampling error
Sampling error
Arises when only a part of the population is used to represent the whole population
Non-Sampling Error
occurs at any stage of a sample survey and can also occur with censuses.
Machine learning is the study of algorithms that
Improve their performance (P), at some task (T), with experience (E)
4 Types of Leakage
Reveal identity
Reveal value hidden attribute
Reveal link between two entities
Reveal group membership