e did you know that Facebook removed 2.29 billion content pieces from their website after a record number of complaints regarding hacked accounts even the mighty Facebook cannot secure its systems 100% such is a situation when it comes to cyber security based on recent events and future predictions cyber crimes will cost organizations worldwide a whopping $10.5 trillion coming from just $3.5 trillion in 2050 so you can understand why it should not come as a surprise that professionals trained in cyber security are in skyh high demand and will be for the foreseeable future so what's better than staying ahead of the curve and getting traded in cyber security subscribe it simply learn of course since we upload Tech related content every day hit the Bell icon to get notified whenever we drop a new video video today's video will be a full course on cyber security for 2023 starting from the basics to the advanced topics we provide a small introduction to cyber security followed by explainers regarding the career scope in this domain and the job roles offered after covering a few cyber security skills we will learn about ethical hacking and network masking techniques like VPN and proxies further we delve into various attacks like d attacks SQL injection and cross-site scripting with live demonstrations that you can carry out on your own system for practice after learning a bit more about different cyber attacks we will learn about cryptography covering topics like encryption famous algorithms like RSA and AES and hashing algorithms like sh 256 algorithms next we look at the Linux based operating systems that you can use for ethical hacking like K Linux and parad security we then further dive into some of the tools that cyber security analysts use to secure their systems finally we cover the industry's most well-known certifications followed by a series of interview questions to prepare you for your first job in cyber security so let's get started meet an she often shops from www. shoppingcart tocom she has her information like email ID address and credit card details saved on the website to enable a faster and hassle-free shopping experience the required information is stored in a server one day Anne received an email which stated her eligibility for a special discount voucher from shopping cart.com in order to receive the coupon code she was asked to fill in her shopping cart.com account credentials this didn't seem fishy to her at the time as she thought it was just an account verification step little did she realize the danger she would be facing she was knocked off her feet when a substantial amount of money was wiped off her account how do you think this happened well yes the email she received was fake ANS shopping cart.com account witnessed unauthorized access from a third party this type of attack is known as a Cyber attack and the person who carries it out is called a hacker could Ann have prevented this attack indeed she could have with the help of cyber security cyber security involves techniques that help in securing various digital components networks data and computer systems from unauthorized digital access there are multiple ways to implement cyber security depending depending on the kind of network you are connected to and the type of cyber attacks you are prone to so let's take a look at the various cyber attacks that Anne could have been exposed to one of the most common types of cyber attacks is a malware attack like Trojan adwar and spyware to name a few had Anne downloaded any suspicious attachments online her system could have gotten corrupted by certain malicious viruses embedded within the attachments next is a fishing attack the type of Cyber attack which Ann experienced here the hacker usually sends fraudulent emails which appear to be coming from a legitimate Source this is done to install malware or to steal sensitive data like credit card information and login credentials another type of attack is the man in the middle attack here the hacker gains access to the information path between Ann's device and the website server the Hacker's computer takes over Ann's IP address by doing so the communication line between an and the website is secretly intercepted this commonly happens with unsecured Wi-Fi networks and also through malware password attack is one of the easiest ways to hack a system here an's password could have been cracked by using either common passwords or trying all possible alphabetical combinations to prevent future cyber attacks and sought to implement a few cyber security practices first she installed a file firewall as the name suggests it is a virtual wall between Ann's computer and the internet firewalls filter the incoming and outgoing traffic from your device to safeguard your network and they can either be software applications or Hardware reinforcements secondly and implemented honeypots just like how flowers attract bees dummy computer systems called honeypots are used to attract attackers these systems are made to look vulnerable in order to deceive attackers and this in in turn defends the real system in addition to these she also decided to use unique alpha numeric passwords antivirus software and started avoiding males from unknown senders that was Ann's story cyber attacks are not just confined to individuals but also to public and private organizations the cyber attacks carried out in such places are more deadly and they result in colossal losses motives of such attacks are many starting from tampering with crucial data to monetary gains let's have a look at a few of the cyber attacks that companies are subjected to various public sector organizations and large corporations face the advanced persistent threat a in this form of attack hackers gain access to networks for a prolonged period in order to continuously gain confidential information companies also witness the denial of service attack where networks are flooded with traffic which in turn leaves legi service requests unattended a variant of this is the distributed denial of service DDOS attack when multiple systems are used to launch the attack when a hacker manipulates a standard SQL query in a database driven website it is known as a SQL injection attack by doing so hackers can view edit and delete tables from databases amidst a plethora of cyber attacks it is indeed a challenge for organizations with several networks and servers to ensure Ure complete Security this is not an easy task and to help with this cyber Security Professionals are hired to work on identifying cyber threats and securing a company's Network there are multiple job roles in the field of cyber security if hacking fascinates you then the role of an ethical hacker is something to be explored such professionals try to exp Network's vulnerabilities just like how a hacker would do but only to identify those vulnerabilities and resolve them for protection against an actual Cyber attack but if you are looking to design robust security structures then the role of a security architect is more act a chief information security officer ciso plays a crucial role in Enterprise security and is entrusted with the overall safety of the information in an organization now there are several reasons as to why you should learn cyber security here we have the top 10 reasons for the same at number 10 the reason we have is basic requirements there is a wrong notion that building a career in cyber security is daunting well it is not a fancy college degree is not at all that it takes to become a successful cyber security professional you can Venture into the domain of cyber security with some basic knowledge of it and with an authorized cyber security certification the overall eligibility Criterion for the cyber security domain is relaxing across the world it professionals with cyber security certificate ations are known to receive higher salary packages certifications are always given extra weightage in the infosec field and it opens doors to bigger opportunities these cyber security certifications can be opted by anyone as the eligibility for these are very basic cyber security certifications train professionals and thus helps in Bridging the Gap between the supply and demand of skilled cyber security professionals so don't take a step back from learning cyber security thinking it is a tedious process if you are a fresher or a professional you can go ahead with just these basic requirements before moving on to our next reason here is a question for you all how many of you like mathematics please let us know in the comment section below I'm sure not everyone loves mathematics and that is completely okay when it comes to learning cyber security and our ninth reason is mathematics is not a concern for learning cyber security many of us find mathematics challenging some have the aptitude for dealing with numbers and some don't and for those who don't they find it difficult to proceed with a career that has maths involved however you can take your decision without any worries when it comes to cyber security as the domain of cyber security does not involve mathematics so if maths is not your strong point then choosing to learn cyber security is a great choice this can definitely be a relief to many instead you can get acquainted with networking network security control and coding to build a career in cyber security our eighth reason is that cyber security is a profession that helps achieve the greater good cyber security consists of a set of measures and approaches that help companies and individuals data from being compromised and stolen cyber Security Professionals have defended organizations from several deadly cyber attacks that aimed at jeopardizing an organization's confidentiality integrity and availability cyber crimes are currently on the rise with different types of cyber attacks the threat to organizations and individuals alike is only growing by the day government agencies police forces and cyber crime cells are tackling this threat however there is more requirement for skilled cyber security professionals who can protect data and work for the greater good therefore if you want to bring about a positive impact and a meaningful difference to the society we live in then learning cyber security is a great choice our seventh reason is that you get to travel the world who doesn't love to travel the globe learning cyber security is a great reason especially for those of you who aspire to travel the world with the lack of cyber Security Professionals in the world there are plenty of opportunities for skilled experts to travel overseas to Showcase their cyber security skills which are in high demand The increased demand for cyber Security Professionals is not just restricted to one area but to the entire world there are several employment opportunities for cyber Security Professionals across the globe so learning cyber security can open new doors for you overseas as well our sixth reason is very interesting and that is the fact that you get to work with secret agencies and high-profile ones like other professionals cyber Security Professionals also have the opportunity to work with several prestigious multinational companies and big giants like Google Dell Accenture and others however a cyber Security Professionals career opportunities can go beyond mnc's and they might get the opportunity to work with top government secret agencies like mosad NSA Nia FBI and so on so what are you waiting for become a cyber security expert and showcase your skills to grab the chance to work with these top agencies our fifth reason is it is never too late to begin with there are very few professions that give you the Liberty to begin late and one such profession is cyber security it is never too late to realize that you want to become a cyber security expert many people work as cyber Security Professionals even after the retirement if they have a good knowledge about it you could also join cyber security courses that train you irrespective of your age as long as you have good cyber security skills there is no need to worry about job security however late it is our fourth reason is cyber security is an evergreen industry cyber security has gradually become an evergreen industry in the current times with the onset of the covid-19 pandemic businesses are moving online and shifting to cloud storage the demand for cyber security is at its peak there is a high demand for cyber Security Experts who can Safeguard Digital Data hence we can be rest assured that cyber security is here to stay and this domain is only going to grow in the coming years according to cyber security Ventures the number of Internet users will hit a whooping 6 billion by 2022 these numbers speak volumes and this reveals the growing demand for cyber Security Professionals across the globe digitalization is taking place across several Industries a cyber security expert finds opportunities in every field as every organization wants to be secure on the digital front so now is the right time if you are looking to learn and start a career in cyber security before moving to our top three reasons to learn cyber security here's some crucial information for you all as you know with relevant certifications you can grow your cyber security career and here we are to help you with that you can check out Simply learns cyber security expert Masters program to equip you with the necessary skill skills to become an expert in this rapidly growing domain training for highly short after certifications like CompTIA Security Plus CH cism and cissp is at the Forefront of this course preparing you for the industry's best jobs so what are you waiting for get certified with simply loan and grow your career in cyber security today so our third reason to learn cyber security is because of the plenty of job opportunities it offers according to the US Bureau of Labor Statistics the employment of information security analysts is projected to grow 33% from 2020 to 2030 much faster than the average for all occupations with the world turning digital there is a dire need for companies to hire cyber Security Experts who can protect and Safeguard sensitive data as firms work to improve their cyber security structure they are also hiring several cyber Security Experts to design Implement and maintain the Cyber Security Solutions cyber security jobs are not limited to the it domain many security positions are found at companies outside of it including Industries like Media Sports or Finance to name a few this emphasizes on the fact that a cyber security export is exposed to several job opportunities from different types of companies across the globe our second reason for for you to learn cyber security is the good salary package it offers salaries play a crucial part in any job that you undertake isn't it every individual likes to get duly rewarded for their work and cyber security is one such domain that provides fat paychecks cyber Security Experts are the individuals who have come to the rescue with the unprecedented rise in cyber crimes across the world organizations are willing to pay Skyhigh salaries for these cyber security EXP experts there is a lack of skilled cyber Security Professionals and this is another reason cyber Security Experts are paid well the salaries of cyber Security Professionals are still expected to grow in the coming times owing to the high demand salaries in cyber security have a high growth potential and if you are a skilled cyber security professional you can always negotiate your salary finally a top reason to learn cyber security is that you will have a job that never gets boring and a domain that offers unlimited potential for personal growth several times individuals find themselves lost in their career due to lack of challenges due to their mundane work and also due to stagnation at work these reasons play a major role when it comes to a professional quitting their job however a job role in cyber security tackles these reasons to an extent and that is why we have this reason at number one cyber security is a domain that is constantly evolving and so are the nature of cyber attacks hackers are always trying to develop new methods to get to your data they develop new exploits regularly and hence as a cyber security professional you will face interesting challenges to find Optimal Solutions for new exploits you will have new puzzles to solve a cyber security carer is not going to be stale along with failures you will also be exposed to new and interesting discoveries to keep yourself updated in this field and to tackle cyber attacks you should be in a position to outsmart the hackers being in the field of cyber security allows you to constantly upskill and enhance your knowledge and experience it also ensures that your Learning Journey will never stop with the world turning virtual cyber attacks are constantly flooding new headlines covid-19 accelerated the current digital transformation and the year 2020 witnessed several data Brees since technology has become more intertwined with our daily lives it is no surprise that the need for skilled cyber Security Professionals is increasing on that note hey everyone welcome yet to another exciting video by simply learn which will take you through the top cyber security career options available today but before we begin if you're new here and haven't subscribed already make sure to hit the Subscribe button and that Bell icon for interesting Tech videos every day there is a significant lack of skilled cyber security professionals who can tackle the cyber security challenges faced daily hence a career in cyber security is demanding and equally rewarding finding the right career path in the cyber security industry isn't always easy here we are here to help you with that there are a few prerequisites for a career in cyber security the basic one being a bachelor's degree in a subject relating to cyber security however if you don't have a relevant degree you can always take up relevant cyber security certifications and Kickstart your cyber security Journey a few other skills like networking knowledge of operating systems and Cloud security are required to start and grow your cyber security career you can check out our video on the top five cyber security skills to no more cyber security jobs vary from entry level to Executive management and everything in between there are several cyber security pads available today it is best if you start with entry level and then move on to the next level with the help of certifications and relevant experience here let us have a look at the top five cyber security job roles today the first job role is that of a network engineer Network Engineers construct and administer a company's computer networks they are responsible for installing configuring and supporting Network equipment they also configure and maintain firewalls switches and routers this entry-level cyber security job can help you start your journey to become an ethical hacker the annual average salary of a network engineer in the US is $85,900 th000 rupees second on our list is information security analyst as an information security analyst your primary duty is to protect sensitive information information security analysts create and Implement plans for preventing cyber attacks they monitor data access and ensure compliance with policies depending on the Cyber threat they decide if it has to be resolved or escalated further in the US an information security analyst earns $ 9,140 annually and in India they earn 64275 rupees third on our list is ethical hacker they are also known as penetration testers they are Network Security Consultants who identify and exploit system vulnerabilities just like how a hacker would do they probe and test the network using various penetrtion tools and software they also design new penetration tools and document the test results in the US a certified ethical hacker earns around $93,000 on an annual average basis and in India they make around 5 lakh rupees the fourth job rooll that we are going to talk about is security architect security Architects research and plan the security elements for their organizations they design robust security structures that are capable of preventing malware attacks a security architect approves the installation of routers VPN and firewalls their duties go beyond just architecture building and including formulating company procedures guidelines and user guides security architects in the US make a handsome sum of $124,000 a year on an average and in India they make nearly 21 lakh 80,000 rupees and finally fifth on our list is Chief Information Security Officer ciso they are senior officers in an organization they ensure the safety of the information they develop Implement and maintain information security and risk management programs they also interact with stakeholders and regularly brief them with information security concerns the average annual salary of a chief information security officer in the states is a whopping $165,000 annually and in India it is 22 lak 22845 rupees several companies are looking for skilled cyber Security Professionals Phillips seens Google Microsoft and GE to name a few with passion the right amount of experience and relevant certifications you can grow your cyber security career you can check out Simply learn cyber security expert Masters program to equip you with the necessary skills needed to become an expert in this rapidly growing domain this course will help you learn various methods as to how you can protect your infrastructure secure your data run risk analysis achieve compliance and much more according to cyber crime magazine by cyber security Ventures globally there would be nearly 3.5 million unfilled cyber security jobs by 2021 and the number of Internet users will hit a whopping 6 billion by 2022 these numbers speak volumes and this shows the growing demand for cyber Security Professionals across the globe now that you know the high demand for cyber Security Professionals let us help you start your cyber security career by bagging the right skill set many of you out there might be waiting to become a cyber security professional but are unsure of how to go about it and what skills you would need to get a cyber security job not to worry we are here to help you with that after extensive research we have come up with the top five skills that will help you get into the field of cyber security let's have a look at these skills individually first we have networking and system administration the number one skill you need to have to enter the field of cyber security is computer networking networking is the backbone of the internet it is imperative that you have an in-depth understanding of networking to start a career in cyber security a network is a group of interconnected devices and networking is the art of understanding how data is sent transmitted and received amongst these devices you you need to know various routing protocols the tcpip and OSI models govern networking The OSI model is comparatively newer basically in these models all the protocols are grouped into layers and work together to help you receive data on your device sent from a server learning networking will help you understand the technical aspects of data transmission which will help you secure your data you can take up networking certifications like Security Plus and Cisco CCNA to gain a strong networking Foundation another skill that be beneficial for you is to Master System Administration if you think about it all of us are CIS admins at some level system administration is all about configuring and maintaining computers you must be curious to know every aspect of your computer features and settings and play around a bit carry out a trial and error method and give yourself small tasks like recovering deleted files or monitoring old viruses on a VM explore new techniques put them into and expand your knowledge let us now move on to our second skill knowledge of operating systems and virtual machines to become a cyber security professional you need to have a strong knowledge of operating environments such as Windows Linux and Mac OS cyber Security Professionals largely use Linux and it comes with several tools to learn operating systems go ahead and set up and use Virtual machines that is VMS and play around with them this will help help you gain hands-on experience as a cyber security expert you should be comfortable working on any OS WMS allow you to train and research in an isolated environment and help you maximize your skills the next point to remember is to know Ki Linux it is the most widely known Linux distribution for ethical hacking and penetration testing it comes with several hundred tools related to penetration testing malware analysis security research computer forensics and so on Kali contains several projects and you can learn a lot another good thing about Kali is that it is free to use so what are you waiting for download and start right away remember that Linux is the backbone of cyber security and a commonly asked topic for cyber security interviews especially for pen testing roles moving on to our third skill our third skill is network security control it is another basic skill that every s C security professional should have network security control refers to the different measures which are employed to enhance the security of a network it is simple you can only Safeguard your network if you know how it works how routers firewalls and other devices work a firewall is a hardware or software that blocks incoming or outgoing traffic from the internet to your computer firewalls are required to secure a network as a cyber security expert you must be able to leverage a 5w to filter and prevent unauthorized traffic onto the network in addition to that as a cyber security expert you must know about intrusion detection systems intrusion prevention systems virtual private networks and remote access an intrusion detection system IDs is designed to detect unauthorized access to a system it is used together with a firewall and a router you should be able to operate the IDS and recognize any security policy violations and malicious traffic on the network as many of you may have used a VPN is a connection between a VPN server and a VPN client it is a secure tunnel across the internet moving on next up we have an interesting skill any idea what that is if yes pause and leave a comment as to what you think the next skill will be if getting your learning started is half the battle what if you could do that for free visit skillup by simply learn click on the link in the description to know more and before we jump into this skill if you find this video interesting make sure to give it a thumbs up fourth skill on our list is coding so you might be wondering if coding is really required to become a cyber security professional well it is true that not all cyber Security Professionals have or need coding skills however having zero coding knowledge May limit your opportunities in the future knowing a couple of programming languages will help you you identify the plan behind an attack and defend against deadly hacking techniques so as seen on your screens these are the best programming languages to learn to make your cyber security career worthwhile we have C and C++ the C programming language is the backbone of most operating systems C and C++ are low-level programming languages that you need to know as a cyber security professional on the other hand python is a highlevel programming language that is becoming popular among cyber Security Experts today knowing python will give you an upper hand in your career it will help you identify and fix vulnerabilities JavaScript is another highlevel programming language that adds interactivity to web pages a good advantage of knowing JavaScript is that you can prevent cross-site scripting attacks from occurring as in these attacks the attacker implants malicious code in a web application speaking of PHP because most of the websites are created using PHP learning it will help you defend against Intruders similarly HTML is another language cyber Security Professionals should understand as most websites use it and it is one of the easiest languages to learn another programming language that you can use is goang it is great for cryptography you can solve various cyber security problems with it then we have SQL that is structured query language attackers use this language to damage the stored data one such example is the SQL injection attack hence having a good understanding of SQL will be highly beneficial another Point we'd like to highlight is to have knowledge of Assembly Language this will help you become a cyber security engineer assembly will help you understand how malware functions and thereby help you defend against it in the cyber security domain you can't just lock into a single language and hence it is advised that you're acquainted with a couple of them you can also do a crash course for these languages and learn them hence determine the best programming language for your cyber security role and get familiar with the basics moving on our fifth skill on the list is cloud security there is a growing demand for cyber Security Professionals with Cloud security skills in the coming years companies are on the lookout for professionals with security skills applicable to public and hybrid Cloud platforms such as Amazon web services and Azure more organizations look to Cloud infrastructure to store data and run applications this includes implementation of policies and technologies that protect cloud-based systems and devices just like application development security Cloud security also involves building secure systems from the start companies want professionals who can manage the cloud security tools to identify and prevent any Cloud breaches people with experience and knowledge in managing big platforms such as Microsoft Azure AWS and the gcp are in high demand now that we have seen the top five cyber security skills let us go through a set of additional skills that can help you get into the cyber security field remember that to become a successful cyber security expert you must possess a rich and diverse skill set so in a list of additional skills first we have risk analysis identifying risks even before their arrival is a great skill cyber Security Professionals are required to identify manage and mitigate risks risk management and mitigation is a skill set that is going to be highly in demand in the coming years next we have information security companies require skilled professionals who can protect their electronic data from unauthorized taxes here in demand skills are authentication authorization malware analysis and data recovery next on our list is security incident handling and response as a cyber security expert you must be prepared to handle any forthcoming threat of violating an organization security policy by following an updated incident response plan your team can proactively protect your data and minimize the damages in security Incident Management you're required to identify manage record and analyze security threats in real time a security incident can be an active threat or a successful compromise of data or an attempted intrusion it can also be incidents like DS attacks fishing APS ransomware and many more another important pointer is that as a security practitioner you must also manage and analyze security information and event management S tools and services moving on we have security audit security auditing is an internal check that is carried out to find flaws in the organization's information system you must be able to conduct a review of the organization's adherence to regulatory guidelines security audit and compliance knowledge are very crucial as any Mysteria of Regulatory Compliance could lead to Hefty penalties soon organizations will need people who are more familiar with the various data privacy regulations if you are good at paperwork you can capitalize on this skill companies will need people who can understand what paperwork to file and which security protocols to use to comply with the regulations finally we have LW and regulations and often overlooked cyber security aspect there are several cyber security laws and regulations and if you break these laws intentionally or not it doesn't matter as you will still be charged these laws Define how you can use the internet and it also defines how people can be protected from becoming the victims of cyber crimes knowing these laws and regulations and following the best practice will make you ethical at your job and this will in turn be good for your organization so those were our list of editional skills apart from these make sure you stay updated with new hacks and learn new tools as cyber security is ever evolving another important skill apart from these technical skills is your soft skills having a set of good sof soft skills will help you bag your dream job we have a video on the top five soft skills that will help you grow in your career do watch that and incorporate those skills as well we humans are highly techsavvy in today's times with the extensive use of the internet and modern Technologies there is a massive challenge in protecting all our Digital Data such as net banking information account credentials and medical reports to name a few have you heard about the deadly one to cry ransomware attack the attack happened in May 2017 in Asia and then it spread across the world within a day more than 230,000 computers were infected across 150 countries the oneac cry crypto worm encrypted the data and locked the users out of their systems for decryption of the data the users were asked for a ransom of $300 to $600 in Bitcoin the users who used the unsupported version of Microsoft Windows and those who hadn't installed the security update of April 2017 were targeted in this attack the one a cry attack took a toll on every sector top tier organizations like Itachi Nissan and FedEx had to put their businesses on hold as their systems were affected too now this is what you call a Cyber attack to prevent such attacks cyber security is implemented we can Define cyber security as the practice of protecting networks programs computer systems and their components from from unauthorized digital attacks these illegal attacks are often referred to as hacking hacking refers to exploiting weaknesses in a computer network to obtain unauthorized access to information a hacker is a person who tries to hack into computer systems this is a misconception that hacking is always wrong there are hackers who work with different motives let's have a look at three different types of hackers black hat hackers are individuals who illegally hack into a system for a monetary gain on the contrary we have white hat hackers who exploit the vulnerabilities in a system by hacking into it with permission in order to defend the organization this form of hacking is absolutely legal and ethical hence they are also often referred to as ethical hackers in addition to these hackers we also have the gray hat hackers as the name suggests the color gray is a blend of both white and black these hackers discover vulnerabilities in a system and report it to the system's owner which is a good act but they do this without seeking the owner's approval sometimes gry hat hackers also ask for money in return for the spotted vulnerabilities now that you have seen the different types of hackers let's understand more about the hacking that is legal and valid ethical hacking through an interesting story Dan runs a Trading Company he does online training with the money his customers invest everything was going well and Dan's business was booming until a hacker decided to hack the company's servers the hacker stole the credentials of various trading accounts he asked for a lump some Ransom in exchange for the stolen credentials Dan took the Hacker's words lightly and didn't pay the hacker as a result the hacker withdrew money from various customers accounts and Dan was liable to pay back the customers Dan lost a lot of money and also the trust of his customers after this incident Dan gave a lot of thought as to what could have gone wrong with the security infrastructure in his company he wished there was someone from his company who could have run a test attack to see how vulnerable a systems were before the hacker penetrated into the network this was when he realized he needed an employee who thinks like a hacker and identifies the vulnerabilities in his Network before an outsider does to do this job he hired an ethical hacker John JN was a skilled professional who worked precisely like a hacker in no time he spotted several vulnerabilities in Dan's organization and closed all the loopholes hiring an ethical hacker helped Dan protect his customers from further attacks in the future this in turn increased the company's productivity and guarded the company's reputation so now you know hacking is not always bad John in this scenario exposed the vulnerabilities in the existing Network and such hacking is known as ethical hacking ethical hacking is distributed into six different phases let us look at these phases step by step with respect to how JN our ethical hacker will act before launching an attack the first step Jon takes is to gather all the necessary information about the organization's system that he intends to attack this step is called reconnaissance he uses tools like inmap and hping for this purpose Jon then tries to spot the vulnerabilities if any in the Target system using tools like inmap and NEX poose this is the scanning phase now that he has located the vulnerabilities he then tries to exploit them this step is known as gaining access after Jon makes his way through the organization's networks he tries to maintain his access for future attacks by installing back doors in the Target system the metas sploit tool helps him with this this phase is called maintaining access Jon is a brilliant hacker hence he tries his best not to leave any evidence of his attack this is the fifth phase clearing tracks we now have the last phase that is reporting in this phase JN documents a summary of his entire attack the vulnerabilities he spotted the tools he used and the success rate of the attack looking into the report Dan is now able to take a call and see how to protect his organization from any external cyber attacks don't you all think Jon is an asset to any organization if you want to become an ethical hacker like John then there are a few skills that you need to acquire first and foremost you need to have a good knowledge of operating environments such as Windows Linux Unix and Macintosh you must have reasonably good knowledge of programming languages such as HTML PHP python SQL and JavaScript networking is the base of ethical hacking hence you should be good at it ethical hackers should be well aware of security laws so that they don't misuse their skills finally you must have a global certification on ethical hacking to successfully bag a position of an ethical hacker like John few examples of ethical hacking certification are certified ethical hacker certification C CompTIA pentest plus and licensed penetration tester certification to name a few simply learn provides a cyber security expert master's program that will equip you with all the skills required by a cyber security expert when it comes to web app hacking it generally refers to the exploitation of applications by HTTP which can be done by manipulating the applications via its graphical user interface this is done by tampering with the uniform resource identifier also known as a URI or tampering with the HTTP elements directly which are not a part of the URI the hacker can send a link via an email or a chat and matrick the users of of a web application into executing actions in case the attack is on an administrator account the entire web application can be compromised anyone who uses a computer connected to the internet is susceptible to the threats that computer hackers and online Predators post these online vain typically use fishing scams spam email or instant messages and bogus websites to deliver dangerous malware to your computer and compromise your computer security computer hackers can also try to access your computer and private information directly if you're not protected by a firewall they can monitor your conversations or produce the back end of your personal website usually disguised with a bogus identity Predators can lure you into revealing sensitive personal and financial information a web server which can be referred to as the hardware the computer or the software which helps to deliver content that can be accessed through the internet the primary function of a web server is to deliver these web pages on the request to clients using the hypertext transfer protocol or HTTP so hackers attack the web server to steal credential information passwords and business information by using different types of attacks like GS attacks SN flooding ping flood port scan and social engineering attacks in the area of web security despite strong encryption on the browser server Channel web users still have no Assurance about what happens at the other end although wireless networks offer great flexibility they have their own security problems a hacker can sniff the network packets without having to be in the same building where the network is located as wireless networks communicate through radio waves a hacker can easily sniff the network from a nearby location most attackers use Network sniffing to find the SSID and hack a wireless network an attacker can attack a network from a distance and therefore it is sometimes difficult to collect evidence against the main hacker social engineering is the art of manipulating users of a Computing system into revealing confidential information which can be later used to gain unauthorized access to a computer system the term can also include activities such as exploiting human kindness greed and curiosity to gain access to restricted access buildings or getting the users to installing backdoor software knowing the tricks used by hackers to trick users into releasing vital login information is fundamental in protecting computer systems coming to our main focus for today let us have a look at the top five most essential ethical hacking tools to be used in 2021 at the top of the chain lies nmap nmap which stands for network mapper is a free and open-source utility for network discovery and security auditing many systems and Network administrators also find it useful for tasks such as Network inventory managing service upgrade schedules and monitoring host or service uptime it is most beneficial in the early stages of ethical hacking where a hacker must figure the possible entry point to a system before running the necessary exploits thus allowing the hackers to leverage any insecure openings and thus breach the device nmap users raw IP packets in novel ways to determine what hosts are available on the network what service they are running what operating systems are installed what type of packet filters and firewalls are in Ed and dozens other characteristics it was designed to rapidly scan large networks but works F against single host as well since every application that connects to a network needs to do so via a port the wrong port or a server configuration can open a can of worms which lead to a thorough breach of the system and ultimately a fully hacked device next on our list we have Metasploit the Metasploit framework is a very powerful tool that can be used by cyber criminals as well as ethical hackers to probe systematic vulnerabilities on both networks and servers because it's an open source framework it can be easily customized and used with most operating systems with Metasploit the ethical hacking team can use readymade or custom code and introduce it into a network to probe for weak spots as another flavor of threat hunting once once the flaws are identified and documented the information can be used to address systemic weaknesses and prioritize Solutions once a particular vulnerability is identified and the necessary exploit is fed into the system there are a host of options for the hacker depending on the vulnerability hackers can even run root commands from the terminal allowing complete control over the activities of the compromise system as well as all the personal data stored on the device a big advantage of met exploit is the ability to run full-fledged scans on the target system which gives a detailed picture of the security index of the system along with the necessary exploits that can be used to bypass the antivirus softwares having a single solution to gather almost all the necessary points of attack is very useful for ethical hackers and penetration testers as denoted by its high rank in the list moving on we have the acuns framework actic is an endtoend web security scanner which offers a 360° view of an organization security it is an application security testing tool that helps the company address vulnerability across all their critical web assets the need to be able to test application in depth and further than traditional vulnerability management tools has created a market with several players in the application security space actic can detect over 7,000 vulnerabilities including SQL injections cross- site scripting misconfigurations weak passwords exposed database and other outof band vulnerabilities it can scan all pages web apps and complex web applications running HTML 5 and JavaScript as well it also lets you scan complex multi-level forms and even password protected areas of the site atics is a dynamic application security testing package which has definite perks over status application security testing Frameworks which are also known as sast scanners sast tools only work during development and only for specific languages and have a history of reporting lot of false positives whereas Dynamic testing tools also known as D have the ability to streamline testing from development to deployment with minimal issues next on our list we have air gedon this is a multi-use bash script used for Linux systems to have can audit wireless networks like our everyday Wi-Fi router and its counterparts along with being able to launch denial of service attacks on compromis networks this multi-purpose wi-fi hacking tool has very rich features which support multiple methods for wi-fi hacking including WPS hacking modes WP attacks handshake captures evil twin and so much more it usually needs an external network adapter that supports monitor mode which is necessary to be able to capture Wireless traffic that Traverse the air channels thanks to its open-source nature air Garden can be used with multiple Community plugins and add-ons thereby increasing its Effectiveness against a wide variety of routers both in the 2.4 GHz and the 5 GHz band finally at number five we have John the Ripper John the Ripper is an open-source password security auditing and the password recovery tool which is available for many operating systems John the Ripper jumbo supports 100 of hash and Cipher types including for user passwords of operating systems web apps databased servers encrypted keys and document files some of the key features of the tool include offering multiple modes to speed up the password cracking automatically deselecting the hashing algorithm used by the passwords and the ease of running and configurating the tool to make it password cracking easier it can use dictionary attacks along with regular root forcing to speed up the process of cracking the correct password without wasting additional resources the word list being used in these dictionary attacks can be used by the users end allowing for a completely customizable process we also have a few honorary mentions in our list that just missed the cut netsparker for instance is an automated yet fully configurable web application security scanner that enables you to scan websites web applications and web services the scanning technology is designed to help you secure web applications easily without any fuss so you can focus on fixing the reported vulnerabilities the burp suit professional is one of the most popular penetration testing and vulnerability finder tools and it's used for checking web application security the term burp as it is commonly known is a proxy based tool which is used to evaluate the security of web- based application and to do Hands-On testing moving away from websites and applications Yar is a free and open-source packet analyzer which was launched in 2006 it is used for Network troubleshooting analysis software and Communications protocol development and education it captures Network traffic on the local network and stores data for offline analysis ysha captures Network traffic from ethernet Bluetooth wireless networks and frame relay connections now that we learn about the different types of tools that can be used when conducting an ethical hacking audit let's learn about some potential benefits of such campaigns and why organizations prefer to pay for such audits being able to identify defects from an attacker's perspective is gamechanging since it displays all the potential Avenues of a possible hack one can only prepare for the known vulnerabilities as a defensive specialist but proactively trying to breach a network or device can make hackers think of techniques that no defense contractors can account for this kind of unpredictability goes a long way in securing a network against malicious actors another advantage of hiring ethical hackers is the ability to preemptively fix possible weak points in a company's Network infrastructure as seen on many occasions a real breach will cause loss of data and irreparable damage to the foundation of an organization being able to gauge such shortcomings before they become public and can be used exploited is a benefit most organizations make use of this is not to imply that such security audits are only beneficial to the organization paying for it when coming across companies that provide certain Services a reliable thirdparty security audit goes along long way in instilling trust and confidence over their craft if the ethical hackers cannot find any major vulnerabilities that can be leveraged by hackers it just accentuates the technical bence of the organization and its Engineers thereby increasing the clientele by a substantial amount Jude is waiting at the airport to hop on her flight back home when she realizes that she missed making an important Bank payment she connects her laptop to the public Wi-Fi at the airport and goes ahead to carry out the bank transaction everything goes well and Jude completes her transaction after a couple of days she was wiped off her feet when she learned that her bank account was subjected to a Cyber attack and a hefty amount was wiped from her account after getting in touch with the bank Authority she learned that her account was hacked at the airport she then realized that the public Wi-Fi she used might have caused her this trouble Jude wishes that had her bank transfer escaped the Hacker's eyes she would not have been a victim of a Cyber attack Bank officials advise her to use a VPN for future transactions especially when connecting to an open or public network like most of us Jude had come across the term VPN several times but didn't know much about it and little did she think that the repercussions of not using a VPN would be this bad let's understand how the hacker would have exploited Jude's transaction in the absence of a VPN in this process Jude's computer first connects to the internet service provider ISP which provides access to the internet she sends her details to the bank server using her IP address Internet Protocol address or IP address is a unique address that recognizes a particular device device be it a laptop or a smartphone on the internet when these details pass through the public network the hacker who passively watches the network traffic intercepts it this is a passive Cyber attack where the hacker collects judee's Bank details without being detected more often or not in such an attack payment information is likely to be stolen the targeted data here are the victim's username passwords and other personal information such an unsecured connection exposed Jude's IP address and Bank details to the hacker when it passed through the public network so would Jude have been able to secure her transaction with the help of a VPN well yes picture judee's Bank transaction to be happening in a tunnel that is invisible to the hacker in such a case the hacker will not be able to spot a transaction and that is precisely what a VPN does a virtual private Network more often known as bpn creates a secure tunnel between your device and the internet for using a VPN judee's First Step would be to install software-based technology known as the VPN client on her laptop or smartphone that would let her establish a secure connection the VPN client connects to the Wi-Fi and then to the ISP here the VPN client encrypts judee's information using VPN protocols data is encrypted to make sure it is secure next the VPN client establishes a VPN tunnel within the public network that connect next to the VPN server the VPN tunnel protects Jude's information from being intercepted by the hacker judee's IP address and actual location are changed at the VPN server to enable a private and secure connection finally the VPN server connects to judee's bank server in the last step where the encrypted message is decrypted this way judee's original IP address is hidden by the VPN and the VPN tunnel protects her data from being hacked this explains how VPN makes your data Anonymous and secure when it passes through the public network and the difference between a normal connection and a VPN connection after learning about this Jude was certain that she should start using a VPN to carry out her online transactions in the future this is also applicable to each one of us even if you work remotely or connect to public Wi-Fi using a VPN is the safest option in addition to providing a secure encrypted data transfer vpns are also used to disguise your whereabouts and give you access to Regional web content VPN servers act as proxies on the internet this way your actual location cannot be established VPN enables you to spoof your location and switch to a server to another country and thereby change your location for example by doing so you can watch any content on Netflix that might be unavailable for your region meet Jonathan he is an investigative journalist who occasionally researches and publishes news articles contrary to the government's ideologies on one such occasion he could not access a Global News website dealing with uncensored information it seemed his IP was blocked from visiting the news website with his IP blocked Jonathan turned to a popular proxy service that was able to unblock the news website thereby allowing an open internet to all users just like how your friend gives a proxy attendance for you a prox proxy server serves as a standin user to keep the real client private but what is a proxy let's understand it's working by taking a look at how Jonathan was able to access geoblock content without much hassle a proxy server acts as a Gateway or intermediary server between a user and its destination website when Jonathan wasn't able to access the news website he connected his system to a global proxy server once connected the proxy server assigned a new IP address to Jonathan's system an IP address of a different country where the website is not censored following this process whenever Jonathan visits that website the website administrators see the new IP address assigned via proxy server and sees no reason to deny access to their account once the proxy server is able to access the website it's passed on to Jonathan's system via the same channel regarding accessibility to proxy servers you must first set it up on your computer device or network next check the steps required for your computer or network as each operating system has its setup procedures in most cases however setup intels using an automated configuration script there are plenty of free proxy services available on the internet however the safety of such proxies is rarely verified most free proxies will provide an IP address and a relevant port for connection purposes reputed proxy providers like smart proxy and write data that run on subscription models will most likely provide credentials to log into when establishing the connection this extra stab acts as authentication that verifies an existing subscription on the proxy provider server unlike free providers that are open to all when it comes to hiding IP addresses many people consider a VPN to be the primary solution while that's true up to some extent there are a few things proxies do differently in the case of vpns extra encryption is also carried out to create a secure tunnel between the user's device and a VPN server a VPN is usually much faster more secure thanks to multiple layers of encryption and has little to no downtime proxies tend to be comparatively unsafe with the service owners having the exact IP address of the end user and having no guarantees regarding downtimes and reliability if you want to know more about how vpns work do watch how Jude could have protected her banking credentials using vpns in our detailed video linked above now let's take a small quiz to check how much we have learned what can a VPN connection provide that a proxy service cannot a new IP address B multiple layers of encryption C access to geoblock content D authentication credentials think about it and leave your answers Below in the comment section and three lucky winners will receive Amazon gift vouchers what about the benefits of a proxy service though besides allowing access to blocked content proxies can serve as an efficient firewall system they can also filter content from thirdparty websites allowing control over internet usage in many cases browsing speeds are stabilized compared to vanilla Internet thanks to proper optimization on the Bas proxy server the element of privacy proxies provides is highly lucrative to people looking to hide their actual I IP address from as many crying eyes as possible one can easily argue the benefits of using vpns over proxies for added security measures however a few basic tasks don't warrant maximum privacy for the user's side as in other cases for example many consumers worldwide find proxy Services more convenient since all major operating systems starting from Windows to Android allow proxy configuration without the hassle of installing new applications as is in the case of a VPN in addition there are services online that function as web proxies allowing users to access block content without any setup from their end they can enter the target URL and the web proxy will route data from its physical server this level of freedom is hard to come by in the case of vpns making proxies an ideal solution for casual browsing with the next generation of Internet exchanges focused on maximum privacy and security a variety of ways have been ened Force to maintain them as such censorship has been shifted from the streets to the digital domain it forces the standard citizen to derive alternative ways to maintain anonymity major weapon in this battle for privacy and security is the T browser an independent browser meant to browse the internet while reling information through the Tor Network it serves as a meaningful alternative to the standard internet browsing habits to better understand the purpose of this browser and such we must learn about the work of the T Network featuring its own routing protocol the top browser is an easy way to maintain anonymity while browsing without emptying one's wallet let's take a look at the topics to be covered today we start at the explanation of what is the T Network and its significance in the working of the to browser we take a look at the onion routing protocol and how it transmits the data from the client devices to the Tor directories in order to circumvent government censorship moving on we learn a few features of the to browser and the distinct advantages the tour Network provides next we learn the difference between using a VPN and a t to anonymize internet usage and finally we have a live demonstration of the T browser anonymization features in action let's move on to learning about the T Network T short for the onion router it's an open-source privacy Network that permits users to browse the web anonymously the tour was initially developed and solely used by the US Navy to protect sensitive government Communications before the network was made publicly available the digital era has disrupted the traditional way of doing things in every sector of the economy the rapid rise in development and innovation of digital products has given way to frequent data breaches and cyber thefts in response consumers are increasingly opting for products that offer data privacy and cyber security T is one such underground Network that was implemented for the purpose of protecting users identities the to network is one example of the many emerging technologies that attempt to fill a data privacy void in a digital space plagued by cyber security concerns the to network intercepts the traffic from your browser and bounces a user's request of a random number of other user IP addresses then the data is passed to the user requester Final Destination these random users are volunteer devices which are called as nodes or relays the T Network disguises your identity by encrypting the traffic and moving it across different T relays within the network the T Network uses an onion routing technique for transmitting data hence the original name of onion router to operate within the Tor Network a user has to install the T browser any address or information requested using the browser is transmitted through the T Network it has its own feature set which we will be covering over later in this video as we discussed already the data passing through the to network must follow a unique protocol known as The Onion routing protocol let us learn more about its unique characteristics in our normal Network usage the data is transmitted directly the sender has data packets to transmit which is done directly over a line of communication with either a receiving party or a server of some kind however since the data can easily be captured while being transmitted the security of this exchange is not very reliable moreover it becomes very easy to trace the origin of such requests on many occasions websites with questionable and controversial content are blocked from the ISP this is possible since the ISP is able to detect and spy on user information passing through the network apart from isps there is a steady chance of your private information being intercepted by hackers unfortunately easy detection of the source and contents of a web request make entire network extremely vulnerable for people who seek anonymity over the Internet however in the onion routing protocol things take a longer route we have a sender with the to browser installed on the client system the network sends the information to node one's IP address which encrypts the information and passes it on to node 2's address which performs another encryption and passes it on to node 3 address this is the last address which is also known as the exit node this last node decrypts the encrypted data and finally relays the request to to the Final Destination which can be another device or a server end this final address thinks the request came from the exit node and grants access to it the encryption process across multiple computers repeats itself from the exit node to the original user the to network OB fisat user IP addresses from unwanted surveillance by keeping the users's request untraceable with multiple servers touching the data it makes the tracking very difficult for both isps and malicious attackers now that we understand the way T Works let us learn more about the T browser the T browser was developed by nonprofit organization as a part of the T project in 2008 and its first public release was announced the to browser is a browser Fork from the popular Firefox that anonymizes your web traffic using the to network if you're investigating a competitor researching an opposing litigant in a legal dispute or just think it's creepy for your ISP or the government to know what websites you visit it the to browser might be the right solution before the to browser were developed using that Network to maintain anonymity was a huge task for everyday consumers starting from the setup to the usage the entire process demanded a lot of knowledge and practice the to browser managed to make it easy for users to Traverse the relay servers in tour and guarantee the privacy of the data exchange a major feature of the T browser is the ability to delete all browser history cookies and tracking data the moment it is closed every new launch of the browser opens an empty slate having a usage habits from being tracked and singled out a major feature that is the highlight of the tour network is the availability of onion links only a small portion of the worldwide web is available to the general public we have the Deep Web that contains links that are not allowed to be indexed by standard search engines like Google and Bing the dark web is a further subset of the Deep Web which contains onion links to browser gives you access to these onion websites which are only available within the T Network onion is a special use top level domain which designates an anonymous onion service which is also known as a hidden service similar to The Links of the Deep Web these onion links provide services like online shopping cryptocurrency and many other products not available in the consumer Internet space often being considered as a Haven for illegal activities and sales onion links provide both information and assets in a priv prate manner without the risk of spying by authorities browsing the web over tour is slower than the clear net due to the multiple layers of encryption some web services also block to users to browser is also illegal in authoritarian regimes that want to prevent citizens from Reading publishing and communicating anonymously journalists and dissidents around the world have embraced tore as a Cornerstone of democracy and researchers are hard at work at improving TS anonymity properties let us take a look at some of the advantages of using the to browser over standard web browsers the highlight of using the T browser is to maintain anonymity over the Internet the cause for such requests can differ from person to person but all of these concern are answered by the to network doubting the information via multiple nodes and relay servers make it entirely difficult for the ISP to keep a track of usage data the entire to project is designed to be completely free and open source allowing the code for the browser to be inspected and audited by Third parties helps in the early detection of faulty configurations and critical bugs it is present for multiple operating system starting from laptops to mobile devices a number of websites are blocked by governments for a variety of reasons journalists under authoritarian regimes have difficulty in getting the word out regarding the situation since the onion routing protocol transfers data between multiple servers of random countries the domains being blocked become available when used via tour usage of these encryption messaging platforms is easily enforced using the T browser which otherwise would have been a difficult task under oppressive circumstances many people believe that a VPN offers the same benefits as the top browser let's put both of them to the test and see the differences between them coming to the first point of difference to is completely free and open Source all of the code for the browser and the network can be audited and has been cleared for security concerns when it comes to VPN there are many different brands which have open- Source clients but the same cannot be said for their counterparts some have partly open source while some have completely locked up their code so that they cannot be stolen further moving on T has multiple relay points in his data transfer protocol between the server and the receiver there are three different IP nodes that number can increase but it'll always be more than two once the data is passed from the cender it goes through all of those delay points while in the case of a VPN the connection is made from the client device to the VPN server and then to the requested destination there is no other IP node that comes into work here thereby making the connection a one: one between the client and a VPN as a next Point since store handles multiple layers of encryption and the data passes through multiple systems along the way the performance is slow compared to a VPN where the performance is relatively fast due to the less number of nodes the data passes through similarly the multi-layer encryption of T is consistent if you use T browser every single request passes with the same layer of encryption and follows the same routing protocol in the case of a VPN different companies offer different levels of encryption some have multihop some prefer a single onet toone connection and these kind of differences make the Choice much more variable finally the nodes and relays being used in the Tor Network are volunteer there is no company holding over them so jurisdiction becomes relatively straightforward when in the case of vpns many such vpns are hosted by adware companies or are being monitored by Central governments to note the usage information now that we have a better understanding of the T browser and its routing let us take a look at how the to browser can anonymize and protect our internet usage on opening up the tour browser for the first time this is the page that you're going to be welcomed with you have the option of connecting to the to network before we start our browsing so let's press connect and we can see that it is connected coming to the anonymization let's check my current location on Google Chrome currently is showing as Navi Mumbai in Maharashtra if we check the same link on the T browser we should get a different address now every link that we open in the tour browser will be little delayed and the speed will be hampered because of the multiple layers of encryption like we discussed now as you can see it's showing a German IP and the state of Bavaria this is how the anonymization works there is no VPN configured there is no proxy attached it's straight up the out of the box settings that come inbuilt with the tour browser similarly we have an option of cleaning up the data let's say if you want to refresh your location and you want to use a different ID for the next browsing session if you just restart it once and we can have to check it again we should be seeing a different country this time as you can see we have Netherlands right now so this is how you can keep refreshing your address you can keep refreshing your host location so that you cannot be tracked when in browsing the internet like we discussed we have some onion links that can only be used on the tour Network as you can see these kind of links do not open in the Google Chrome browser but once we copy these over to the T browser as you can see we have opened the hidden WI which is available only on the tour Network this is kind of an alternative Wikipedia website where we can find articles to read and more information to learn similarly we have another onion link over here which is once again available only for the toall browser now these kind of delays are expected but they are a valid compromise because they maintain the the anonymity that many people desire similarly we have found a hidden wallet which is a cryptocurrency wallet which is specifically for dark web members this operates over the T Network and this is used by mostly journalists and people who want to anonymize their internet transactions when it comes to dealing money all of the transactions that occur over the T Network are almost impossible to track therefore these kind of cryptocurrency wallets are very big on the Deep Web this is just one example while having multiple different wallets for every single cryptocurrency available imagine our houses without a fence or boundary wall this would make our properly easy accessible to trespassers and robbers and place our homes at Great risk right hence fencing our property helps safeguarded and keeps trespassers at Bay similarly imagine our computers and networks without protection this would increase the probability of hackers in trting our networks to overcome this challenge just like how boundary walls protect our houses a virtual wall helps saf guard and secure our devices from Intruders and such a wall is known as a firewall firewalls are security devices that filter the incoming and outgoing traffic within a private Network for example if you were to visit your friend who lives in a gated community you would First Take permission from the security guard the security guard would check with your friend if you should be allowed entry or not if all is well your access is granted on the other hand the security guard would not Grant permission to a trespasser looking to enter the same premises here the entry access depends solely on your friend the resident's discretion the role of the security guard in this case is similar to that of a firewall the firewall works like a gatekeeper at your computer's entry point which only welcomes incoming traffic that it has been configured to accept firewalls filter the network traffic within your network and analyzes which traffic should be allowed or restricted based on a set of rules in order to spot and prevent cyber attacks your computer communicates with the internet in the form of network packets that hold details like the source address destination address and information these Network packets enter your computer through ports the firewall works on a set of rules based on the details of these Network packets like their Source address a destination address content and port numbers only trusted traffic sources or IP addresses are allowed to enter your network when you connect your computer to the internet there is a high chance of hackers infiltrating your network this is when a firewall comes to your Rescue by acting as a barrier between your computer and the internet the firewall rejects the malicious data package and thus protects your network from hackers on the other hand traffic from trusted websites is allowed access to your network this way the firewall carries out quick assessment ments to detect malware and other suspicious activities thereby protecting your network from being susceptible to a Cyber attack firewalls can either be Hardware or software software firewalls are programs installed on each computer this is also called a host firewall meanwhile Hardware firewalls are equipments that are established between the Gateway and your network linky routers are a good example of a hardware firewall besides this there are other types of firewalls designed based on their traffic filtering methods structure and functionality the firewall that compares each outgoing and incoming Network packet to a set of established rules such as the allowed IP addresses IP protocols port number and other aspects of the packet is known as a packet filtering firewall if the incoming Network traffic is not for the predefined rules that traffic is blocked a variant of the packet filtering firewall is the stateful inspection firewall these types of firewalls not only examine each Network packet but also checks whether or not that Network packet is part of an established network connection such firewalls are also referred to as Dynamic packet filtering firewalls our next type of firewall is called a proxy firewall this draws close comparison to how you give proxy attendance for a friend like how you take the authority to represent your friend the proxy firewall pretends to be you and interacts with the internet they come between you and the internet and thereby prevents direct connection actions this protects your device's identity and keeps the network safe from potential attacks only if the incoming data packet contents are protected the proxy firewall transfers it to you they're also known as application Level Gateway the firewall can spot malicious actions and block your computer from receiving data packets from harmful sources in addition to preventing cyber attacks firewalls are also used in educational institutions and offices to restrict users access to certain websites or ation it is used to avoid access to unauthorized content it's the year 2015 and Richard has just finished playing games on his computer after a long gaming session Richard tries to shut it down but find some random text file on the desktop that says Ransom note the text file mentioned how a hacking group had encrypted Richard's game files in private documents and he had to pay a ransom of $500 worth of bitcoin in a specified Bitcoin address Richard quickly checked his files only to see them being encrypted and unreadable this is the story of how the Tesla Crypt ransomware spread in 2015 which affected thousands of Gamers before releasing the master key used for encrypting the files so what is ransomware for Richard to be targeted by such an attack he must have installed applications from untrusted sources or clicked an unverified link both of them can function as gateways for a ransomware breach ransomware is a type of malware that encrypts personal information and documents while demanding a ransom amount to decrypt them this Ransom payment is mainly done using cryptocurrency to ensure anonymity but can also employ other routes once the files are encrypted or locked behind the password a text files available to the victim explaining how to make the ransom payment and unlock the files for it just like Richard found the ransom note text file on his desktop even after the money has been paid there's there's no guarantee that the hackers will send the decryption key or unlock the files but in certain sensitive situations victims make the payment hoping for the best having never been introduced to ransomware attacks before this gave Richard an opportunity to learn more about this and he began his research on the topic the spread of ransomware mostly starts with fishing attacks to know more about fishing attacks click the link in the button above users tend to click on unknown links received via emails and chat applications promising rewards of some nature once clicked the ransomware files installed on the system that encrypts all the files or blocks access to computer functions they can also be spread via malware transmitted via untrusted application installation or even a compromised wireless network another way to breach a system with ransomware is by using the remote desktop protocol or RDP access a computer can be accessed remotely using this protocol allowing a hacker to install malicious software on the system with the owner unaware of these developments coming to the different types of ransomware first we have Locker ransomware which is a type of malware that blocks standard computer functions from being accessed until the payment to the hackers is complete it shows a loog screen that doesn't allow the victim to use the computer for even basic purposes another type is crypto ransomware which encrypts the local files and documents in the computers once the files are encrypted finding the decryption key is impossible unless the ransomware variant is old and the keys are already available on the Internet scareware is fake software that claims to have detected a virus or other issue on your computer and directs you to pay to resolve the problem some types of scareware lock the computer While others simply flood the screen with pop-up alerts without actually damaging files to prevent getting affected by ransomware Richard could have followed a few steps to further enhance his security one must always have backups of their data cloud storage for backup is easy but a physical backup in a hard drive is always recommended keeping the system updated with the latest security patches is always a good idea apart from system updates one must always have reputed antivirus software installed many antivirus software like kasperski and Bit Defender have anti-ransomware features that periodically check for encryption of private documents when browsing the internet a user must always check for the lock symbol on the address bar which signifies the presence of https protocol for additional security if a system is infected with ransomware already there's a website Noor ransom. org it has a collection of decryption tools for most well-known ransomware packages it can also help decrypt specific encrypted files if the list of anti-ransomware tools didn't help the victim malware is a malicious software that is programmed to cause damage to a computer system Network and Hardware devices many malicious programs like prion viruses bombs and Bots which cause damage to the system are known as malware most of the malware programs are designed to steal information from the targeted user or to steal money from the Target by stealing sensitive data let's take a look at the introduction for two different types of malware virus and Trojan firstly let's take a look what exactly is a virus program a computer virus is a type of malicious program that on execution replicates itself they get attached to different files and programs which are termed as host programs by inserting their code if the attachment succeeds the targeted program is termed as infected with a computer virus now let's take a look at the Trojan Horse Trojan Horse program is a program that disguises es itself as a legitimate program but harms the system on installation they hide within the attachments and emails then transfer from one system to another they create back doors into a system to allow the cyper criminal to steal our information let's take a look how they function after getting installed into our system firstly we have virus programs the computer virus must contain two parts to infect the system first is is a search routine which locates new files and data that is to be infected by the virus program and the second part is known as the copy routine which is necessary for the program to copy itself into the targeted file which is located by the search routine now let's take a look at the troan hor functioning for troan hes entryway into our system is through emails that may look legitimate but may have unknown attachments and when such files are downloaded into the device the tro program gets installed and infects the system they also infect the system on the execution of infected application or the executable file and attacks the system now that we understand what virus and erosions are let's understand different types of virus Andros let's take a look at different types of viruses the first one is known as the boot sector virus this type of virus damages the booting section of the system by infecting the master board record which is also known as MBR this damages the boot sector section by targeting the hard disk of the system then we have the macrovirus macro virus is a type of virus that gets embedded into the document related data and is executed when the file is open they also are designed to replicate themselves and infect the system on a larger scale and lastly we have the direct action virus this type of virus gets attached to executable files which on execution activates the virus program and infects the system once the infection of the file is completed they exit the system which is also the reason it is known as a non-resident virus let's take a look at different types of Trojans the first type of troan is the back door verion they are designed to create a back door in the system on execution of an infected program they provide remote access of a system to the hacker this way the Cyber criminal can steal our system data and may use it for illegal activities next we have cric sour troen they enter the system by clicking the random popups which we come across on the internet they ATT the user to give their personal details for different transactions or schemes which may provide remote access of a system to the cyber criminal and the last troan type is Ransom troan this type of troan program after entering the system blocks the user from accessing its own system and also affects the system functioning the Cyber criminal Demands a ransom from the targeted user for the removal of the troan program from the device now that we understand some details regarding viruses and prion let's solve a question the question is J was denied access to his system and he wasn't able to control the data and information in his system now the actual question is what could be the reason behind this system's problem option a macrovirus option b Ransom troan option C back do Rion give your answers in the comment section now let's understand how to detect the activity of viruses and troan in our system to detect virus or troan activity in a system we can refer to the following points for viruses we have slowing down of the system and frequent application freeze shows that the infection of the virus is present in the system then we have the viruses can also steal sensitive data including passwords Account Details which may lead to unexpected log out from the accounts or Corruption of the sensitive data and lastly we have frequent system crashes due to varus infection which damages the operating system for troan we have frequent system crashes and system also faces slow reaction time then we have there are more random popups from the system which may indicate crosan activity and lastly we have modification in the system application and change of the desktop appearance can be also due to the infection of a troan program next let's take a look at a famous Cyber attack for virus and a TR for virus we have the maom virus which was identified in the year 2004 which affected over 50 million systems by creating a network of sending spam emails which was to gain back door access into our systems next for the Trojan Horse we have the emot troan program which is a specifically designed for financial theft and for stealing Bank related information next we have few points for how to prevent virus entry or troan attack for our system the most basic way of virus protection is to using antivirus and do regular viruses can this will prevent virus entry in the system and also having more than one antivirus provides birge better protection then avoid visiting uncertified websites can also prevent virus entry into our system then we have using regular driver updates and system updates to prevent virus entry for troan we have using certified softwares from legal sites to prevent any troan activity in our system and also avoid clicking random popups that we often see on the internet and lastly using antivirus and firewalls for protection against troan horses is a good habit now the that we have reached the end of the video Let's Take a look what we learned for the first part we saw the main objective of the virus is to harm the data and information in a system whereas for the troan we have stealing of the data files and information effect of viruses is more drastic in comparison to the Trojan horses then we have viruses which are non- remote programs whereas pran horses are remote accessed and lastly viruses have the ability to replicate itself to harm multiple files where as strojan does not have the replication ability so let's begin with what is SQL injection as the name suggest SQL injection vulnerability allows an attacker to inject malicious input into a SQL statement so SQL stands for structured query language which is a language used by an application to interact with a database now normally this attack is targeted towards a database to extract uh the data that is stored within however the vulnerability does not lie in the database itself the vulnerability will always lie in the application it is the developers prerogative of how to develop the application how to configure it to prevent SQL injection queries from happening a database is created to answer questions and if a question is asked it is supposed to answer it database needs to be configured for some amount of security but the varability the flaw here for SQL injection will always lie in the application itself it is how the application interacts with the database that needs to be modified that needs to be maintained by the developer rather than just configuring the database itself so the attacker at this point in time when they send a query to the application will form a malformed query by injecting a particular command or an operator that is recognized by the SQL language and if that operator is passed through the application to the database then the database uh basically gets cracked or does a data dump because of that unwanted character coming in so this character needs to be filtered at the application Level itself now let's look at a quick demo so what we have done here is I have this virtual machine called oasp broken web applications virtual machine version 1.2 I'm going to power this on till this poers on I'm going to show you where you can download this uh utility from so you can just look for OAS broken web application project download you'll find it on sourceforge.net click on the link you can download the broken web application project from here this is a 1.9gb download and you can have a zip machine directly for VMware or Oracle virtual box now this this is an application that has been developed by oasp which stands for open web application security project which is a not for-profit organization and uh periodically uh releases the most top 10 risks that an application uh will face for that particular year so they have given a web application uh with inbuilt vulnerabilities for professionals like us to practice upon to develop our skills upon because doing this in the real world is illegal I cannot go onto a website to demonstrate how a SQL injection attack Works uh neither should you try your hands on it till you become very well rehearsed with it so till to upgrade your skills to upskill yourself please download this machine hosted in a VM workstation or Oracle virtual box and you can uh then try your skills on it right so just going back to the browser here if if I open up uh a new tab you'll see that this machine has booted up and has an IP address called 7113 to so if I just go on to that IP address and I type in 192 168 7113 to and you'll see the oasp broken web application project and there are a lot of training applications realistic intentionally vulnerable applications old versions of real applications and so on so forth so there is a lot of applications inbuilt over here that you can try your skills upon we are going to try to use the OAS mutil day over here uh this gives you the uh OAS top 10 risks for 2010 2013 2017 is the latest one so far uh but the difference between 2013 and 2017 is that some of these have changed but not all of them uh the order has changed a little bit but you can see that SQL injection is on the top A1 amongst the injection attacks right and you can see there are multiple typ that have been given here the SQL injection for extracting data or SQL injection for bypass authentication or insert your injection uh attacks blind SQL injection and then there is a tool called SQL map which is available freely on your Linux machines K Linux or parot Linux whichever you want to use uh for your practice targets and so on so forth so if I just take you here for bypass authentication and this is a regular login page that an application may have right you look at a username you look at password you type that in and you log in so let's say I don't know a password here I'm just going to type in the username test password is pssw Rd I try to log in and it shows me that the account does not exist so the authentication mechanism does work I did try type in a username and password it wasn't recognized so the account does not exist now let's try to type in a SQL query here I'm going to just give it a single quote which is an operator that is recognized by the SQL language which when the database tries to execute uh will cause the database to uh dump some data or to bypass authentication in this case and I'm going to give it a condition single quote r 1 equals 1 space hyphen hyphen space and I'm going to click on login now right now I'm not logged in at all and we tried our username password and we weren't able to log in so now if I log in you will see that it give me a status update saying the user has been authenticated and I'm logged in as admin got root so that is what these SQL queries can achieve I'm going to log out right now and uh we're going to look at the basics of SQL injection so looking at that small demo looking now let's look at what types of SQL injections are available so the first is inband SQL injection the there are two subtypes within inband error based injection attack and a union based injection attack the second type is blind SQL injection attack where there's a Boolean based and a Time based attack and the third one is outof bound SQL injection attack now what is inband sequal injection attack in bandage where we either attempting the error based or the union based what is error based uh we send a query to the database we craft a query to the database and uh it generates an error me message and it dumps the error message right in front of us on the screen that makes us realize that there is a flaw and there there is some information that is dumped on the screen which we can then further utilize to craft our further queries as we go ahead whereas Union base is the it is where we combine multiple statements at the same time so if you look at the URL earlier in the URL you would see a large structure in that URL uh we can try to add more two or more statements within the URL itself to combine them and then confuse the database into executing both the statements together and giving a data dump at the same time right so what would a error based uh SQL injection look like if I go back to the same database uh which is here right and if you remember the username we give it a single quote or 1 equals 1 space hyphen Hy space we gave it the condition right so basically what it did was a single code is an operator that goes to the database selects the default uh table uh in the user tables in this database column and then Compares it to the condition that is given so the condition that we gave was 1 equals 1 which is always true so what it did was it selected the default uh user table that was available in the database and instead of comparing it to a password it compared it to the condition so if I give it 1 equals 2 where the condition is false and if I log in you will see that the account doesn't exist comes back again because the condition was false and instead of comparing the user account to the password it basically uh compared the user account to the condition so if I give it a single quote or 1 equals 1 hyphen I space uh and log in you can see that this is a correct condition and does we are able to log in now before we even go to that extent if I just forget the condition over here and I just give it a single code the operator and I send this operator to the database and I click on login you will see that it generates an error which is right on top and it tells us the line the uh file where the error happened and you can see it happened in the MySQL handler. PHP file right and then it give us the message you have an error in your SQL syntax check the manual that corresponds to your MySQL server version for the right syntax to use now why would a hacker want to do this in the first place because there are different types of databases so there is a MySQL Ms SQL or Microsoft SQL Oracle SQL IBM db2 all of these are variations of the SQL database uh they use the SQL language however every database has its own Command right they they have their own syntax they have their own uh specific commands that are utilized for the data datase so in this scenario the hacker wants to identify what database is being currently utilized so they can craft those particular queries so now with this injection with just me sending the quote and the error getting generated I now come to know that we are using a MySQL server and the version of that server is 5173 and uh the rest of the information about uh where the handlers are located and so on so forth right this gives the information to the hacker of how they want to proceed next what kind of queries they want to create what kind of syntax they want to utilize so error based attack is where you generate these kind of Errors uh and you get this information the union base is where you craft your queries within the URL or you can try to combine multiple statements within the input fields and try to generate a response from that then we come to Boolean based SQL injection uh sends a SQL query to the database which forces the application to return a different result depending on whether the query returns a true or a false result so basically if the input is false the input both the inputs are false the output would be false uh there's one input that is false the other input that is true input B the output would be true and so on so forth right so depending on the result from the inputs the attackable will come to know which input is true with this he can then access the database of the website so you're trying to to figure out by sending out multiple inputs uh and then analyzing the output to see what exactly uh which command exactly worked what was the resultant output of that command thus from this kind of an information the hacker can infer their next step forward then you have time based SQL injections uh now there are times when a database administrator an application administrator has done some security configuration and does have disabled verbos error messages now what is a verbos error message the error message that we saw right here is a verbos error message that means that the message gives out details the message gives out details about what the database is the version and whatnot so if they have sanitized these errors and you no longer can generate these errors and does you cannot figure out what database is then what do you do right for example if I just take you to Simply learn and take you to a URL that is supposedly not accessible you can see that it gives a generic error oops like it looks like you have crash landed on Mars it doesn't give you a verbos error that we saw here so this gives us a detail error of what went wrong where it gives us the database the version of the database and uh where the query went wrong and etc etc etc whereas on this side where there's some there's a lot of security that goes in here so you can see that it doesn't generate a error it just get a generic page in front of you so in that case what does a hacker do so the the hacker then injects a Time based uh query in the URL which allows us to verify whether the command is being executed or not so uh we put in a time weit let's say 10 seconds of time weit so if we the moment we inject the query if the query times for 10 seconds and then gets executed that means that the SQL injection is possible however if we inject the query and uh it just gets executed without the delay that means that the time uh injection attack would not be uh possible on that particular site out of bound is not a very common attack it depends on the features being enabled on the database management system that is being used by the web application so this can be a somewhat of a misconfiguration error uh by the database administrator where you have enabled functions and not sanitize them so you have not done in access controls properly you have not given account control so queries should never be executed at an administrative level they should always be uh executed at a user level with minimum privileges that are required for that query to be executed now if you're allowing these kind of functions to be uh to be enabled at the dbms and there's an administrative account that can have access to them at that point in time an outof bound injection attack is possible so let's look at how a website works right uh how SQL works on a website now the website is constructed of HTML hypertext markup language uh which would include javascripting for functionality cascading stylesheets for the mapping of the website right and then reactjs and whatnot uh for further functionality now when we send a query to the website it is normally using the HTTP protocol or https protocol when the query reaches the application the application would then go ahead and generate the SQL query uh at the client side you'll have uh all these scripting languages coming in uh on the front end uh that we can utilize to craft queries and then send them across at the Sero side you'll have uh databases like Oracle MySQL Ms SQL and so on so forth that will then execute those queries right so just to give you an example if I use a tool called Postman what we generally do uh when we craft a query is we send out a uh get request to the website and then we receive a response from the site uh with the HTML code and everything so this is a tool that is utilized by software testers to test the responses that you're going to get from various websites so on the left hand side you can see I've uh used it on quite a bit uh here we have a example for gmail.com so let's continue with that so this is a get request being sent to Gmail the moment I sent it it's going to create an HTTP request and send it across the response that I get is this this is the HTML code for gmail.com right these are the cookies uh these are the headers uh that include information so you can see this is a text HTML character set utilized is utf8 and the configuration uh that has been done with the application right so this is where uh everything comes in this is the cookie that has been sent with that particular uh request that I had sent out now if you Analyze This query right so when we went onto this application and I typed in that single quote and we generated this error right uh you can see that the application converted this into a SQL query so the query was select username from accounts where the username in quote single quotes and we use the quote right the single quote right there so uh that's where we use that operator and that's where the exception error occurred so these are the kind of queries that are structured by the application and then taken on to the database for execution when we type in uh it is a HTTP get request with the username and password within that query uh that is sent to the application the application converts it into a SQL query sends it to the database and the database responds with the appropriate response so how do we prevent SQL injection in the first place use prepared statement and parameterized queries uh these statements make sure that the parameter do passed into sequence statements are treated in a safe manner so for example we saw that the single code was an operator this shouldn't be allowed to be utilized in the first place right so here what we are doing here is a secure way of running a SQL query in the jdbc using a parameterized statement Define which user we want to find so there's a string the email comes in connection to the database we are going to figure out how the connection is going to be passed how it is going to be created construct the SQL statement we want to run specifying the parameter right so we Define how is it going to be uh created what is going to be created what can be passed to the database and what should not be passed to the database so that is one way of utilizing prepared statements and parameterized queries then we have object relational mapping most development uh teams prefer to use OB object relational mapping Frameworks to make the translation of SQL results set into code objects more seamless so this is an example examp Le of object relational mapping where we map certain objects and allow that to be executed and then escaping inputs it a simple way to protect against most SQL injection attacks many languages have standard functions to achieve this right so you need to be very careful while using Escape characters in your code base when a SQL statement is constructed not all injection attacks rely on abuse of quote characters so you need to know what characters are being us utilized uh in the configuration that you have created in the structure that you have created in the code that you have created uh which characters are being recognized as operators you need to sanitize those operators and you need to uh basically ensure that these operators cannot be accepted as user input if they are they feed out by the application and they never reach the database other methods of uh preventing SQL injection are uh password hashing so that passwords cannot be bypass pass the passwords cannot be recovered passwords cannot be cracked uh third party authentication you use o or uh some other service for a single sign on mechanism does uh you rely on a third party to maintain the security of authentication and uh what kind of parameters are passed for example uh using LinkedIn logins or Facebook logins right uh for the Layman you normally go on to Facebook and you allow if you're using a game right if you start playing a game you're allowed to log into the game using your Facebook credentials or your Google credentials now that is not just for ease of use but the game user the developer has outsourced the authentication mechanisms to third party such as Facebook or Google because they understand that that authentication mechanism is as safe as can be Facebook and Google are wealthy organizations uh hire a lot of Security Experts and the develop for their authentication mechanisms is topnotch small organization cannot spend that kind of money on security itself right so you use a third party authentication mechanism to ensure that these kind of attacks may not happen then web application firewalls uh having a web application firewall and configuring it properly uh for SQL injection attacks is one of the Sure Shot method of uh mitigating or minimizing the uh threat in the first place so at this point in time you have realized that the application has some V abilities for SQL injection and instead of recoding or restructuring the application uh you want to take the easier way out or the cheaper way out so what you do is you uh you install a web application firewall and you configure the web application firewall to identify malicious queries and stop them uh at the firewall level itself so they never reach the application and thus the vulnerabilities on the application don't get executed buy better software and up keep on updating the software so it's not necessary that once you have a software you install it it's going to be safe for Life new V abilities are discovered every day every hour and it may so happen what is secured today maybe completely insecure tomorrow or the day after right so you need to keep on upgrading the software if there are no upgrades available and the vity still exist you might want to migrate to a better software and does uh ensure that you don't get hacked right always update and use patches organizations keep on sending out updates and patches as and when they are released you need to install them to uh enhance your security postures and then continuously monitor SQL statements and databases use protocol monitors uh use different softwares use the firewalls to keep on monitoring what kind of queries you're uh getting and based on those queries you want to ensure the inputs and the queries that are creating uh are not detrimental to the health of the software that you have Jane is relaxing at home when she receives an email from a bank that asks her to update her credit card pin in the next 24 hours as a security measure judging the severity of the message Jane follows the link provided in the email on delivering her current credit card pin and the supposedly updated one the website became unresponsive which prompted her to try sometime later however after a couple of hours she noticed a significant purchase from a random website on that same credit card which she never authorized frantically contacting the bank Jane realized the original email was a counterfeit or a fake message with a malicious link that entailed credit card fraud this is a classic example of a fishing attack fishing attacks are a type of social engineering where a fraudulent message is sent to a Target on the premise of arriving from a trusted Source its basic purpose is to trick the victim into revealing sensitive information like passwords and payment information it's based on the word fishing which works on the concept of baits if a supposed victim catches the bait the attack can go ahead which in our case makes Jane the fish and the fishing emails the bait if Jane never opened the malicious link or was cautious about the email authenticity an attack of this nature would have been relatively ineffective but how does the hacker gain access to these credentials a fishing attack starts with a fraudulent message which can be transmitted via email or chat applications even using SMS conversations to impersonate legitimate sources is known as smishing which is a specific category of fishing attacks irrespective of the manner of transmission the message targets the victim in a way that coaxes them to open a malicious link and provide critical information on the requisite website more often than not the websites are designed to look as authentic as possible possible once the victims submit information using the link be it a password or credit card details the data is sent to the hacker who designed the email and the fake website giving him complete control over the account whose password was just provided often carried out in campaigns where an identical fishing mail is sent to thousands of users the rate of success is relatively low but never zero between 2013 and 2015 corporate giants like Facebook and Google were tricked off of $100 million due to an extensive fishing campaign where a known common associate was impersonated by the hackers apart from credit access some of these campaigns Target the victim device and install malware when clicked on the malicious links which can later function as a botn net or a target for ransomware attacks there is no single formula for there are multiple categories of fishing attacks the issue with Jane or the hacker stoer Bank credentials falls under the umbrella of deceptive fishing a general email is sent out to thousands of users in this category hoping some of them fall prey to this scam spear fishing on the other hand is a bit customized version the targets are researched before being sent an email for example if you never had a Netflix subscription sending you an email that seems like the Netflix Team sends it becomes pointless this is a potential drawback of deceptive fishing techniques on the other hand a simple screenshot of a Spotify play list being shared on social media indicates a probable point of entry the hacker can send counterfeit messages to the Target user while implying the source of such messages being Spotify tricking them into sharing private information since the hacker already knows the target uses Spotify the chances of victims taking the bait increase substantially for more important targets like CEOs and people with a fortune on their back the research done is 10f which can be called a case of wailing the hack ERS prepare and wait for the right moment to launch their fishing attack often to steal industry secrets for rival companies or sell them off at a higher price apart from just emails farming focuses on fake websites that resemble their original counterparts as much as possible a prevalent method is to use domain names like Facebook with a single o or YouTube with no e these are mistakes that people make when typing the full URL in the browser leading them straight to a counterfeit web page which can fool them into into submitting private data a few more complex methods exist to drive people onto fake websites like ARP spoofing and DNS cash poisoning but they are rarely carried out due to time and resource constraints now that we know how fishing attacks work let's look at ways to prevent ourselves from becoming victims while the implications of a fishing attack can be extreme protecting yourself against these is relatively straightforward Jane could have saved herself from credit card fraud had she checked the link in the email for authenticity and that it redirected to a secure website that runs on the https protocol even suspicious messages shouldn't be entertained one must also refrain from entering private information on random websites or pop-up Windows irrespective of how legitimate they seem it is also recommended to use secure anti-fishing browser extensions like cloudfish to sniff out malicious emails from legitimate ones the best way to prevent fishing is browsing the internet with care and being on alert for malicious attempts at all times start by learning about cross-site scripting from a Layman's perspective cross-site scripting also known as xss is a type of code injection attack that occurs on the client side the attacker intends to run harmful scripts in the victim's web browser by embedding malicious code in a genuine web page or online application the real Attack takes place when the victim hits the malicious code infected web page or online application the web page or application serves as a vehicle for the malicious script to be sent to the user's browser forums message boards and online pages that enable comments are vulnerable vehicles that are frequently utilized for cross scripting assaults a web page or web application is vulnerable to xss if the output it creates contains unsanitized user input the victim's browser must then par this user input in VB script ActiveX Flash and and even CSS cross-side scripting attacks are conceivable they are nevertheless most ubiquitous in JavaScript o to the fact that JavaScript is most important to most browser experiences nowadays the main purpose of this attack is to steal the other users's identity be it via cookies session tokens and other information in most of the cases this attack is being used to steal the other person's cookies as we know cookies help us to log in automatically therefore with the stolen cookies we can log in with other identities and this is one of the reasons why this attack is considered as one of the riskiest attacks it can be performed with different client side programming languages as well cross-site scripting is often compared with similar client side attacks as client side languages are mostly being used during this however an xss attack is considered riskier because of its ability to damage even less vulnerable Technologies most often this attack is performed with JavaScript and HTML JavaScript is a programming language that runs on web pages inside your browser the client site code adds functionality and interactivity to the web page and is used extensively on all major applications and CMS platforms unlike serers side languages such as PHP JavaScript code runs inside your browser and cannot impact the website for other visitors it is sandboxed to your own Navigator and can only perform actions within your own browser window while JavaScript is client site and does not run on the server it can be used to interact with the server by performing background requests attackers can then use these background requests to add unwanted spam content to a web page without refreshing it they can then gather analytics about the client's browser or perform actions asynchronously the manner of attack can range in a variety of ways it can be a single link which the user must click on to initiate a JavaScript piece of code it can be used to show any piece of images that can be later used as a front end for malicious code being installed as malware with the majority of Internet users unaware of how metadata works or the ways in which web requests are called the chances of victims clicking on a redirecting links is far too high cross-side scripting can occur on the malicious script executed at the client's side using a fake page or even a form that is displayed to the user on websites with displayed advertisements malicious emails can also be sent to the the victim these attacks occur when the malicious user finds the vulnerable parts of the website and send it as appropriate malicious input now that we understand the basics of cross-side scripting let us learn more about how this kind of attack works in the first place we have the website or the web browser which is used to show content to the victim or which is the user in our case whenever the user wants to grab some content from the website the website ask the data from the server the server provides this information to the website and the web browser which ultimately Rees the victim how the hacker comes into play here it passes on certain arguments to the web browser which is can be then forwarded back to the server or to the user at hand the entire cross-site scripting attack Vector means sending and injecting malicious code or script this attack can be performed in different ways depending on the type of attack the ious script may be reflected on the victim's browser or stored in the database and executed every time when the user calls the appropriate function the main reason for this attack is inappropriate users input validation where the malicious input can get into the output a malicious user can enter a script which will be injected onto the website's code then the browser is not able to know if the executed code is malicious or not therefore this malicious script is being executed on the victim's browser or or any faked form if that is being displayed for the users there are many ways to trigger an xss attack for example the execution could be triggered automatically when the page loads or when a user hovers over specific elements of the page like hyperlinks potential consequences of cross-site scripting attacks include capturing keystrokes of a user redirecting a user to malicious websites running web browser based exploits obtaining cookie information of a user who is logged into a website and anymore in some cases cross-side scripting attack leads to complete compromise of the victim's account attackers can trick users into entering credentials on a fake form which can then provide all information to the attacker with the basic working of a cross-side scripting attack out of the way let us go over the different ways hackers can leverage vulnerable web applications to gather information and eventually breach those systems the prime purpose of Performing xss attack is to steal the other person's identity as mentioned it may be cookies session tokens Etc xss may also be used to display faked Pages or forms for the victim however this can be performed in several ways we have a reflected attack this attack occurs when a malicious script is not being saved on the web server but is reflected in the website results reflected accss code is not being saved permanently in this case the malicious code is being reflected in any website result the attack code can be included in the faked URL or in the HTTP parameters it can affect the victim in different ways by displaying fake malicious page or by sending a malicious email in a reflected cross-side scripting example the input of a search form is reflected on the page to show what the search key was an attacker May craft a URL that contains malicious code and then spread the same URL via email or social media a user who clicks on this link opens the valid web application which then runs the malicious code in the browser this script is not stored in the web application and malicious code is shown only to one user the user that opens the link executes the script and the attack is not necessarily visible on the server s side or to the app owner itself the next variant is a stored cross-site scripting attacks this occurs when a malicious script is being saved on the web server permanently this can be considered a riskier attack since it has leverage for more damage in this type of attack the malicious code or script is being saved on the server for example in the database of the website it is executed every time the users call the appropriate functionality this way stored xss attack can affect many users also as the script is being stored on the web server it will affect the website for a longer time in order to perform stored xss attack the malicious scripts should be sent through the vulnerable input form for example can be a comment field or a review field this way the appropriate script will be saved in the database and evaluated on the page load or appropriate function calling in a stored xss example the script might have been submitted by an input field to the web server which did not perform a sufficient validation and stores the script permanently in the database the consequence of this might be that the script is now being delivered to all users visiting the web application and for example able to gain access to the user session cookies in this attack the script is permanently St in the web app the users visiting the app after the information retrieve the script the malicious code then exploits the flaws in the web application and the script and the attack is visible on the server side or to the app owner as well the third variant is Dom based cross-site scripting attacks this type of attack occurs when the Dom environment is being changed but the client side code does not change when the Dom environment is being modified in the victim's browser the client side code executes differently in order to get a better understanding of how xss Dom attack is being performed Let Us analyze the following example if there is a website called texting.com we know default is a parameter therefore in order to perform access's Dom attack we should send a script as parameters a Dom based accs attack may be successfully executed even when the server does not embed any malicious code into the web page by using a flaw in the JavaScript executed in the browser for example if the client side JavaScript modifies the Dom tree of the web page it can be based on an input field or the get parameter without validating the input this allows the malicious code to be executed the malicious code the exploits flaws in the browser on the user site and the script and the attack is not not necessarily visible on the server side or to the app owner by now it is clear that cross side scripting attacks are difficult to detect and even tougher to fight against there are however plenty of fears one can Safeguard against such attacks let's go through some of these preventive measures like mentioned earlier exist attacks are sometimes difficult to detect however this can be changed if you get some external help a way to prevent accss attacks is using automated testing tools like crash test security suit or atic security suit still manual testing is highly timec consuming and costly and therefore not possible to be done for every iteration of your web application consequently your code shouldn't be untested before any release using automated security you can scan your web application for cross-side scripting and other critical vulnerabilities before before every release this way you can ensure that your web application live version is still secured whenever you alter or add a feature input fields are the most common point of entry for xss attack script therefore you should always screen and validate any information input into data fields this is particularly important if the data will be included as HTML output this can be used to protect against reflected exsis attacks validation should occur on both the client side and server side as an added precaution this helps validating the data before it's being sent to the servers and can also protect against persistent xss scripts this can be accomplished using JavaScript xss attacks only appear if any user input is being displayed on the web page therefore try to avoid displaying any untrusted user input if possible if you need to display user data restrict the places where the user input might appear any input displayed inside a JavaScript tag or a URL shown on the site is much more likely to be exploited than the input that appears inside a division or a span element inside the HTML body protecting against accss vulnerabilities typically requires properly escaping user provided data that is placed on the page rather than trying to determine if the data is user provided and could be compromised we should always play it safe and Escape data whether it is user provided or not unfortunately Ely because there are many different rules for escaping you still must choose the proper type of escaping before settling on a final code encoding should be applied directly before user controllable data is written to a page because the context your writing into determines what kind of encoding you need to use for example values inside a JavaScript string require a different type of escaping to those in an HTML context sometimes you'll need to apply multiple layers of encoding in the correct order for example to safely embed user input inside an event handler you need to deal with both JavaScript context and the HTML context so you need to First Unicode escape the input and then HTML encoded content security policy or CSP is a computer security standard introduced to prevent cross-side scripting click checking and other code injection attacks resulting from the execution of malicious content in The Trusted web page page context it is a candidate recommendations of the w3c working group on web application security it's widely supported by modern web browsers and provides a standard method for website owners to declare approved origins of content that browser should be allowed to load on that website HTTP only is an additional flag included in a set cookie HTTP response header using the HTTP only flag when generating a cookie helps mitigate the risk of client side script accessing the protected cookie that is if the browser supports it if the HTTP only flag is included in the HTTP response header the cookie cannot be accessed through a client side script again this is if the browser supports this flag as a result even if a cross-side scripting flaw exists and a user accidentally accesses a link that exploits this flaw the browser will not reveal the cookie to a third party if a browser does not support HTTP only and a website attempts to to set an HTTP only cookie the HTTP only flag will be ignored brows the browser thus creating a traditional script accessible cookie as a result the cookie becomes vulnerable to theft of modification by any malicious script next on our docket is a live demonstration where we solve a set of cross-site scripting problems starting from the basic level to the topmost level six we're going to start at level one in this web application it demonstrates the common cause of cross side scripting where user input is directly included in the page without proper escaping if we interact with a vulnerable application window here and find a way to make it execute JavaScript of our choosing we can take actions inside the vulnerable window or directly edit its URL bar this task needs only basic knowledge let's see why the most primitive injections work here right away let's do a simple query and inspect the resulting HTML page I'm going to use this phrase with a single quote as a special character we can now inspect the HTML page we can see here in this line the special character single code appears in the result over here the provided query text is placed directly in a b tag as in a body element we need to perform a reflected xss into the web application because they are non-persistent xss attacks and the payload should be included in the URL to perform successful exploitation we can use any payload but we're going to use the simple one to perform an alert in this web application it's simple and can be shown easily just going to write the script over here I'm going to press search as you can see we have successfully launched our first cross-site scripting attack we can see an alert box pop up with the necessary message and a similar process can be used to steal browser cookies and passwords allbe it with different commands now we have the option to move to level two in this web application it shows that how easily xss bugs can be introduced in complex chat applications chat app conversations are stored in a database and retrieved when a user wants to see the conversation therefore if a malicious user injects some JavaScript code all visitors will be infected this kind of cross-site scripting attack is more powerful and it is more riskier than reflected crossed scripting attacks and that's why is known as stored xss I posted my query with a special character of a single quote and this is what I get whatever I typed in simply appeared on the page right after I click on share status let's see the source you can see here the text I posted seems directly put inside a block code tag so even a simple script tag we used in level one should work here but it will not let us examine the code to understand why we're going to toggle the code of here and check the index.html file important part is line 32 the generated HTML fragment which is the HTML variable in the code is added to the male HTML using the inner HTML method so when the browser passing this HTML fragment it will not execute any script tag defined within that HTML fragment HTML parser will not not execute a script tag when it passes htmls via this method this is why the script tag like we used in level one is not going to work here our solution is to use events events will execute the defined javascripts we're going to use an image over here and when we press on share status in the above injection we are loading an image that doesn't exist which causes to trigger an on error event in on error event the it will execute our alert method with that we are able to beat level two and we can now move up to the next level in our challenge as you can see clicking on any tab causes the tab number to be displayed in the URL fragment this hints that the value after the hashtag controls the behavior of the page that is it is an input variable to confirm let's analyze the code as you can see in line 43 inside the event handling the value provided after the hash in the URL is directly passed onto the chew tab method no input validation is being performed the value passed to the choose tab method is directly injected into the IMG tag in line 17 this is an unsafe assignment and it is the vulnerable part of the code now all we have to do now is to craft a payload that would adjust the IMG tag to execute our JavaScript remember the script tag from level one would not work here since the variable HTML is used to add the Dom dynamically hence the events are ases here once again I will choose to use the existing IMG tag and change the source to something that doesn't exist hence forcing it to fall in to execute an on error even which I will pass the URL once we visit that URL we can see that our Java popup has opened up here with the same message of xss level 3 has been completed with this we can now move on to level four which is going to present a different kind of attack in this application there is a timer on the page that means whatever numbers we put in the Box countdown starts and then when it finishes the application alerts that the countown is finished and we can see the time is a popup appearing over here and this resets the timer again now it is obvious that the value entered in the text box is transferred to the server over the timer parameter in the URL let us examine the code to see how the timer parameter is being handled we're going to visit timer. HTML over here and we're going to check over here in line 21 the start timer method is being called in the onload event however the timer parameter is being directly passed to the start timer method we need to perform a popup Alert in the web application which escapes the content of the function start timer without breaking the JavaScript code the parameter value is directly added to the start timer method without any filtering what we can try to do here is to inject an alert function to be executed inside the onload event along with the start timer method we're going to remove this argument and put our script over here now when me press on create timer and we have a popup with xss level 4 completed we can now move on to level five in this web application this application xss is different CU this challenge description says cross-side scripting isn't just about correctly escaping data sometimes attackers can do bad things even without injecting new elements into the Dom it's kind of open redirect cuz the attack payload is executed as a result of modifying the Dom environment in the victim's browser this environment is used by the original client side script so that the client side code runs in an unexpected manner the vulnerability can be easily detected if the next Link in the signup page is inspected the href attribute value of next link is confirm which is exactly the value of the next URL query parameter as you can see over here this means using the next query parameter can be used to inject a JavaScript code to the href attribute of the next link the following is the best way to do it as soon as the user clicks on the link the script will be triggered going to press anything random and now that we click next we can see the xss level 5 that we had provided in the URL as a parameter to the next variable since the value of next provided appears on a popup we can consider the attacker success and move on to the final level six in this sub application it shows some of the external Javascript is received if you analyze the URL you can see that the script is loaded already the vulnerability lies within how the code handles the value after the hashtag if you check on line 45 the value right after the hashtag is taken as the gadget name and then in line 48 the value is directly passed on to the include Gadget method and in the include Gadget method that we can see over here you can see in line 18 a script tag is created and the URL Gadget name parameter value is directly used as the source attribute of the script tag in line 28 this means we can completely control the source attribute of the script tag that is being created that is with this vulnerability we can inject our own Javascript file into the code we can inject a URL of our own hosted JavaScript into the web application's URL after the hashtag and the URL should not be using https but anything like that to bypass the regular expression for security checking going to remove the pre-stored URL and we're going to load our own JavaScript file finally we have reached the end of our challenge we completed six different varieties of cross scripting attacks and used different solutions for all of the six questions with work from home being the norm in today's era people spend considerable amount of time on the internet often without specific measures to ensure a secure session apart from individuals organization worldwide that host data and conduct business over the internet are always at the risk of a DS attack these DS attacks are getting more extreme with hackers getting easy access to botet farms and compromised devices as can be seen in the graph three of the six strongest DDOS attacks were launched in 2021 with the most extreme attack occurring just last year in 2020 lately cyber criminals have been actively seeking out new services and protocols for amplifying these D dos attacks active involvement with hacked machines and botet allow further penetration into the consumer space allowing much more elaborate attack campaigns apart from General users multinational corporations have also had their fair share of problems GitHub a platform for software developers was the target of a DS attack in 2018 widely suspected to be conducted by Chinese authorities this attack went on for about 20 minutes after which the systems were brought into a stable condition it was the strongest DS attack to date at the time and made a lot of companies reconsider the security practices to combat such attacks even after years of experimentation dedos attacks are still at large and can affect anyone in the consumer and corporate space hey everyone this is B from Simply learn and welcome to this video on what is a DS attack let's learn more about what is a DS attack a distributed denial of service attack or dos is when an attacker or attackers attempt to make it impossible for a service to be delivered this can be achieved by thating access to virtually anything servers devices Services networks applications and even specific transactions within applications in a Dos attack it's one system that is sending the malicious data or requests a detos attack comes from multiple systems generally these attacks work by Drowning a system with requests for data this could be sending a web server so many requests to serve a page that it crashes under the demand or it could be a database being hit with a high volume of queries the result is available internet bandwidth CPU and RAM capacity become overwhelmed the impact could range from a minor annoyance from disrupted services to experiencing entire websites applications or even entire businesses taking offline more often than not these attacks are launched using machines in a botn net a botnet is a network of devices that can be triggered to send requests from a remote Source often known as the command and control center the bots in the network attack a particular Target thereby hiding the original perpetrator of the DS campaign but how do these devices come under a botnet and what are the requests being made to the web servers let's learn more about these and how dos attack work a DS attack is a two-phase process in the first phase a hacker creates a bot net of devices simply put a vast network of computers are hacked via malware ransomware or just simple social engineering these devices become a part of the botn net which can be triggered any time to start bombarding a system or a server on the instruction of the hacker that created the botnet the devices in this networks are called Bots or zombies in the second phase a particular Target is selected for the attack when the hacker finds the right time to attack all the zombies in the botnet network send these requests the target thereby taking up all the servers available bandwidth these can be simple ping requests or complex attacks like SN flooding and UDP flooding the aim is to overwhelm them with more traffic than the server or the network can accommodate the goal is to render the website or service inoperable there's a lot of wiggle room when it comes to the type of DS attack a hacker can go with depending on the target's vulnerability we can choose one of the three broad categories of Dos attacks volume based attacks use massive amounts of bogus traffic to overwhelm a resource it can be a website or a server they include icmp udap and spoofed packet flood attacks the size of volume based attack is measured in bits per second these attacks focus on clogging all the available bandwidth for the server thereby cutting the supply short several requests are sent to the server all of which warrant a reply thereby not allowing the target to cater to the general legitimate users next we have the protocol level attacks these attacks are meant to consume essential resources of the target server they exhaust the load balancers and firewalls which are meant to protect the system against the dors attacks these protocol attacks include SN floods and Smurf DDOS among others and the size is measured in packets per second for example in an SSL handshake server replies to the Hello message sent by the hacker which will be the client in this case but since the IP is spoofed and leads nowhere the server gets stuck in an endless loop of sending the acknowledgement without any end in sight finally we have the application Level attacks application layer attacks are conducted by flooding applications with maliciously crafted requests the size of application layer attacks is measured in request per second these are relatively sophisticated attacks that Target the application and operating system level vulnerabilities they prevent the specific applications from delivering necessary information to users and hog the network bandid up to the point of a system crash examples of such an attack are HTTP flooding and bgp hijacking a single device can request data from a server using HTTP post or get without any issue isues however when the requisite botnet is instructed to bombard the server with thousands of requests the database bandd gets jammed and it eventually becomes unresponsive and unusable but what about the reasons for such an attack there are multiple lines of thought as to why a hacker decides to launch a Dos attack on unsuspecting targets let's take a look at a few of them the first option is to gain a competitive Advantage many ds attacks are conducted Ed by hacking communities against rival groups some organizations hire such communities to stagger their Rivals resources at a network level to gain an advantage in the playing field since being a victim of a DS attack indicates a lack of security the reputation of such a company takes a significant hit allowing the rivals to cover up some ground secondly some hackers launch these deos attacks to hold multinational corporations at Ransom the resources are jammed and the only way to clear the way is if the target company agrees to pay a designated amount of money to the hackers even a few minutes of inactivity is detrimental to a company's reputation in the global market and it can cause a spiral effect both in terms of market value and product security index most of the time a compromise is reached and the resources are freed after a while DS attacks have also found use in the political segment certain activists tend to use DS attacks to voice their opinion spreading the word online is much faster than any local Rally or Forum primarily political these attacks also focus on online communities ethical dilemas or even protest against corporations let's take a look at a few ways that companies and individuals can protect themselves against Ros attacks the company can employ load balancers and firewalls to help protect the data from such attacks load balances reroute the traffic from from one server to another in a DS attack this reduces the single point of failure and adds resiliency to the server data a firewall blocks unwanted traffic into a system and manages the number of requests made at a definite rate it checks for multiple attacks from a single IP and occasional slowdowns to detect a Dos attack in action early detection of a Dos attack goes a long way in recovering the data lost in such an event once you've detected the attack you will have to find a way to respond for example you will have to work on dropping the malicious DS traffic before it reaches your server so that it doesn't throttle and exhaust your bandwidth here's where you will filter the traffic so that only legitimate traffic reaches the server by intelligent routing you can break the remaining traffic into manageable chunks that can be handled by your cluster resources the most important stage in DOS mitigation is where you will look for patterns of Dos attacks and use those to analyze and strengthen your mitigation techniques for example blocking an IP that's repeatedly found to be offending is a first step Cloud providers like Amazon web services and Microsoft Azure who offer high levels of cyber security including firewalls and threat monitoring software can help protect your assets and network from dos criminals the cloud also has greater bandwidth than most private networks so it is likely to fail if under the pressure of increased DS attacks additionally reputable Cloud providers offer Network redundancy duplicating copies of your data systems and equipment so that if your service becomes corrupted or unavailable due to a Dos attack you can switch to a secure access on backed up versions without missing a beat one can also increase the amount of bandwidth available to a host server being targeted since dedos attacks fundamentally operate on the principle of overwhelming systems with heavy traffic simply provisioning extra bandwidth to handle unexpected traffic spikes can provide a measure of protection this solution can prove expensive as a lot of that bandwidth is going to go unused most of the time a Content delivery Network or a CDN distributes your content and boost performance by minimizing the distance between your resources and end users it stores the cached version of your content in multiple locations and this eventually mitigates dos attacks by avoiding a single point of failure when the attacker is trying to focus on a single Target popular CDN include acomi CDN Cloud flare AWS cloudfront Etc let's start with our demo regarding the effects of DS attacks on a system for a demo we have a single device that will attack a Target making it a Dos attack of sorts once a botet is ready multiple devices can do the same and eventually emulate a DS attack to do so we will use use the virtualization software called VMware with an instance of parro security operating system running for a Target machine we will be running another VMware instance of a standard Linux distribution known as Linux light in a Target device we can use wire shockk to determine when the attack begins and see the effects of the attack accordingly this is Linux light which is a target machine and this is parro security which is used by the hacker when trying to launch a DS attack this is just one of the dror that can be used to launch the attack we must first find the IP address of our Target so to find the IP address we open the terminal we use the command if config and here we can find the IP address now remember we're launching this attack in VMware now the both the instances of parro security and Linux light are being run on my local network so the address that you can see here is 192.168 72129 which is a private address this IP cannot be accessed from outside the network basically anyone who is not connected to my Wi-Fi when launching attacks with public servers or public addresses it will have a public IP address that does not belong to the 19 to 168 subnet once we have the IP address we can use a tool called hping 3 hping 3 is an open- Source packet generator and analyzer for the TCP IP protocol to check what are the effects of an attack we will be using wire shark wihar is a network traffic analyzer we can see whatever traffic that is passing through the Linux light drro is being displayed over here with the IP address the source IP and the destination IP as to where the request is being transferred to once we have the Dos attack launched you can see the results coming over here from The Source IP which will be par security Now to launch the hping 3 command we need to give pseudo access to the console which is the root AIS now we have the root AIS for the console the hping 3 command will have a few arguments to go with it which are as you can see on the screen minus s and a flood a hyphen V hyphen p80 and the IP address of the target which is 1921 168 72. 1229 in this command we have a few arguments that such as the minus s which specifies SN packets like in an SSL handshake we have the SN request that the client sends to the server to initiate a connection The Hyphen flood aims to ignore the replies that the server will send back to the client in response to the SN packets here the par security OS is the client and Linux slide being the server minus v stands for verbosity as in where we will see some output when the requests are being sent the hyphen p80 stands for Port 80 which we can replace the port number if we want to attack a different port and finally we have the IP address of our Target as of right now if we check wire shock it is relatively clear and there is no indication of a DS attack incoming now once we launch the attack over here we can see the requests coming in from this IP which is 19268 72128 till now even if the network is responsive and so is Linux light the requests keep on coming and we can see the HTTP flooding has started in flood mode after a few seconds of this attack continuing the server will start shutting down now remember Linux light is a drro that can focus on and that serves as a backend now remember Linux light is a drro and such Linux dros are served as backend to many servers across the world for example a few seconds have passed from the attack now the system has become completely irresponsive this has happened due to the huge number of requests that came from p security you can see whatever I press nothing is responded even the wire shockk has stopped capturing new request because the CPU usage right now is completely 100% and at this point of time anyone who is trying to request some information from this Linux drro or where this Linux drro is being used as a backend for a server or a database cannot access anything else the system has completely stopped responding and any request any legitimate request from from legitimate users will be dropped once you stop the attack over here it takes a bit of time to settle down now remember it's still out of control but eventually the traffic dies down and the system regains its strength it is relatively easy to gauge right now the effect of a Dos attack now remember this Linux light is just a VM instance actual website servers and web databases they have much more bandwidth and a very secure and it is tough to break into that is why we cannot use a single machine to break into them that is where a DS attack comes into play what we did right now is a Dos attack as in a single system is being used to penetrate a Target server using a single request now when a Dos attack multiple systems such as multiple parro security instances or multiple zombies or bots in a botnet network can attack a Target server to completely shut down the machine and drop any legitimate request thereby rendering the service and the target completely unusable and inoperable as a final note we would like to remind that this is for educational purposes only and we do not endorse any attacks on any domains only test this on servers and networks that you have permission to test on cyber security has become one of the most rigid Industries in the last decade while simultaneously being the most challenged with every aspect of corporate culture going online and embracing cloud computing there is a plethora of critical data circulating through the internet all worth billions of dollars to the right person increasing benefits require more complex attacks and one of these attacks is a Brute Force attack a brute force or known as Brute Force cracking is the Cyber attack equivalent of trying every key on your key ring and eventually finding the right one boot Force attacks are simple and reliable there is no prior knowledge knowled needed about the victim to start an attack most of the systems falling prey to Brute Force attacks are actually well secured attackers let a computer do the work that is trying different combinations of usernames and passwords until they find a one that works due to this repeated trial and error format the strength of password matters a great deal although with enough time and resources brute force will break a system since they run multiple combinations until they find the right passcode hey everyone this is B from Simply learn and welcome to this video on what is a Brute Force attack let's begin with learning about Brute Force attacks in detail a Brute Force attack also known as an exhaustive search is a cryptographic hack that relies on guessing possible combinations of targeted password until the current password is discovered it can be used to break into online accounts encrypted documents or even Network peripheral devices the longer the password the more combinations that will need to be test tested a Brute Force attack can be time consuming and difficult to perform if methods such as data aisc are used and at times downright impossible however if the password is weak it could merely take seconds with hardly any effort dictionary attacks are an alternative to Brute Force attacks where the attacker already has a list of usernames and passwords that need to be tested against the target it doesn't need to create any other combinations on its own dictionary attacks are much more rela liable than brute force in a real world context but the usefulness depends entirely on the strength of passwords being used by the general population there is a three-step process when it comes to brute forcing a system let's learn about each of them in detail in step one we have to settle on a tool that we are going to use for brute forcing there are some popular names on the market like hashcat Hydra and John the Ripper while each of them has its own strength and weaknesses each of them perform well with the right configuration all of these tools come pre-installed with certain Linux distributions that cater to penetration testers and cyber security analysts like K Linux and parro security after deciding what tool to use we can start generating combinations of alpha numeric variables whose only limitation is the number of characters for example while using Hydra a single six-digit password will create 900,000 passwords with only digits involved add alphabets and symbols to that sample space and that numbers grows exponentially the popular tools allow customizing this process let's say the hacker is aware of the password being a specific 8-digit word containing only letters and symbols this will substantially increase the chances of being able to get the right password since we remove the time taken to generate the longer ones we omit the need for including digits in such combinations these small tweaks go a long way in organizing an efficient Boost Force attack since running all the combinations with no filters will dramatically reduce the odds of finding the right credentials in time in the final step we run these combinations against the file or service that is being broken we can try and break into a specific encrypted document a social media account or even devices at home that connect to the internet let's say there is a Wi-Fi router the generated passwords are then fed into the connection one after the other it is a long and arduous process but the work is left to the computer rather than someone manually clicking and checking each of these passcodes any password that doesn't unlock the router is discarded and The Brute Force tool simply moves on to the next one this keeps going on until we find the right combination which unlocks the router sometimes reaching the success stage takes days and weeks which makes it cumbersome for people with low computing power at their disposal however the ability to crack any system in the world purely due to bad password habits is very appealing and the general public tends to stick with simple and easy to ous passwords now that we have a fair idea about how Brute Force Works let's see if you can answer this question we learned about how complex passwords are tougher to crack by Brute Force among the ones listed on the screens which one do you believe will take the longest to be broken when using Brute Force tools leave your answers in the comment section and we will get back to you with the correct option next week let's move on to the harmful effects of getting a system compromised due to Brute Force attacks a hack laptop or mobile can have social media accounts logged in giving the hackers free access to the victim's connections it has been reported on multiple occasions where compromised Facebook accounts are sending malicious links and attach ments to people on their friends list one of the significant reasons for hacking malware infusion is best done when spread from multiple devices similar to Distributing spam this reduces the chance of circling back the source to a single device which belongs to the hacker once brute forced A system can spread malware via email attachments sharing links file upload via FTP Etc personal information such as credit card data usage habits private images and videos are all stored in our systems be it in plain format or root folders a compromised laptop means easy access to these information that can be further used to impersonate the victim regarding Bank verification among other things once a system is hacked it can also be used as a mail server that distributes spam across lists of victims since the Hacked machines all have different IP addresses and Mac addresses it becomes challenging to trace the spam back to to the original hacker with so many harmful implications arising from a boot Force attack it's imperative that the general public must be protected against such let's learn about some of the ways we can prevent ourselves from becoming a victim of Brute Force attacks using passwords consisting of alphabets letters and numbers have a much higher chance of its standing Brute Force attacks thanks to the sheer number of combinations they can produce the longer the password the less likely it is that a hacker will devote the time and resources to brute force them having alpha numeric passwords also allows the user to keep different passwords for different websites this is to ensure that if a single account or password is compromised due to a breach or a hack the rest of the accounts are isolated from the incident two-factor authentication involves receiving a one-time password on a trusted device before a new login is allowed this OTB can be obtained either via email SMS or specific 2fa applications like ATI and Aegis email and SMS based otps are considered relatively less secure nowadays due to the ease with which SIM cards can be duplicated and mailboxes can be hacked applications that are specifically made for tofa CES are much more reliable and secure captur are used to stop Bots from running through web pages precisely to prevent brute forcing through their website since Brute Force tools are autom Ed forcing the hacker to solve capture for every iteration of a password manually is very challenging the capture system can filter out these automated Bots that keep refreshing the page with different credentials thereby reducing the chances of BR Force considerably a definite rule that locks the account being hacked for 30 minutes after a specific number of attempts is a good way to prevent Brute Force attempts many websites lock account for 30 minutes after three failed password attempts to secure the account against any such attack on an additional note some websites also send an email instructing the user that there have been three insecure attempts to log into the website let's look at a demonstration of how Brute Force attacks work in a real world situation the world has gone Wireless with Wi-Fi taking the re in every household it's natural that the security will always be up for debate to further tou the security index and understand brot Force tax you will attempt to break into the password of a Wi-Fi router for that to happen you first need to capture a handshake file which is a connection file from the Wi-Fi router to a connecting device like a mobile or a laptop the operating system used for this process is parot security a Linux distribution that is catered to penetration testers all the tools being used in this demo can easily be found pre-installed in this operating system if getting your learning started is half the battle what if you could do that for free visit scaleup by simply learn click on the link in the description to know more to start our demo we're going to use a tool called airgeddon which is made to hack into wireless network specifically at this point it's going to check for all the necessary scripts that are installed in the system to crack into a wi- and to capture the handshake file we're going to need an external network card the significance of the external network card is a managed mode and a monitor mode for now the WL X1 named card is my external network adapter which I'm going to select to be able to capture data over the air we're going to need to put it in monitor mode as you can see above it's written it is in manage mode right now so we're going to select option two which is to put the interface in monitor mode and its name is now dou l0o monitor the monitor mode is necessary to capture data over the air that is the necessary reason why we need an external card since a lot of inbuilt cards that come with the laptops and the systems they cannot have a monitor mode installed once we select the mode we can go into the fifth which is the handshake tools menu in the first step we have to explore for targets and it is written that monitor mode is necessary to select a Target so let's explore for targets and press enter we have to let this run for about 60 seconds to get a fair idea about the networks that are currently working in this locality for example this ESS ID is supposed to be the Wi-Fi name that we see when connecting to a network go24 recover me these are all the names that we see on our mobile when trying to search for the Wi-Fi this BSS ID is supposed to be an identifier somewhat like a MAC address that identifies this network from other devices the channels features on one or two or there are some many channels that the networks can focus on this here is supposed to be a client that is connected to one such Network for example the station that you can see 56 26 this is supposed to be the MAC address of the device that is connected to a router this BSS ID is supposed to be which wi-fi it is connected to for example 5895 d8 is this one which is the go24 router so we already know which router has a device connected to it and we can use our attack to capture this handshake now that we it has already run for 1 minute now that we press contrl C it will be asked to select a Target see it has already selected the number five which is the ge24 router as the one with clients so it is easy to run an attack on and it is easy to capture a handshake for select Network 5 and we run a capture handshake it says you have a valid WPA WPA2 Network Target selected and that the script can continue now to capture the handshake we have a couple of attacks a do a A or air replay attack what this attack does is kick the clients out of the network in return when they try to reconnect to the Wi-Fi as they are configured that way that when a client is disconnected it tries to reconnect it immediately it tries to capture a handshake file which in turn contains the security key which is necessary to initiate the handshake for our demo let's go with the second option that is the do air replay attack select a timeout value let's say we give it 60 seconds and we start the script we can see it capturing data from the ge24 network and here we go we have the WPA handshake file once the handshake file is captured you can actually close this and here we go congratulations in order to capturing a handshake it has verified that a pmk ID from the target network has successfully been captured this is the file that is already stored a do cap file for the path we can let's say we can keep it in a desktop okay we give the path and the Hand Shi file is generated we can already see a Target over here same go24 router with the BSS ID now if we return to its main menu we already have the handshake file captured with us now our job is to Brute Force into that handshake capture file the capture file is often encrypted with the security key of the Wi-Fi network if we know how to decrypt it we will automatically get the security key so let's go to the offline wpwp to decrypt menu since we'll be cracking personal networks we can go with option one now to run the Brute Force tool we have two options either we can go with the air crack or we can go with the hashcat let's go with air crack plus crunch which is a Brute Force attack against a handshake file we can go with option two it can already detect the capture file that we have generated so we select yes the BSS ID is the one which denotes the go24 router so we're going to select yes as well the minimum length of the key for example it has already checked that the minimum length of a Wi-Fi security key which is a WPA2 psk key will always be more than 8 digits and Below 64 digits so we have to select something in between this range so if we already know let's say that the password is at least 10 digits we can go with the minimum length as 10 and as a rough guess let's say we put the maximum length as 20 the character set that we going to use for checking the password will affect the time taken to Brute Force for for example if we already know that or we have seen a user use the password while connecting to the router as something that has only numbers and symbols then we can choose accordingly let's say if we go with only uppercase characters and numeric characters go with option 7 and it's going to start decrypting so how aircrack is working right here you can see this pass phrase over here the first five or six digits are a it starts working its way from the end from the last character it keeps trying every single combination you can see the last the fourth character from the right side the D it'll eventually turn to e because it keeps checking up every single character from the end this will keep going on until all the single characters are tested and every single combination is tried out since the handshake file is encrypted using the security key that is the WPA2 key of the router whichever pass phrase is able to decrypt the handshake key completely will be the key of the Wi-Fi router this is the way we can Brute Force into Wi-Fi routers anywhere in the world cyber attacks are frequently making headlines in today's digital environment at any time everyone who uses a computer could become a victim of a Cyber attack there are various sorts of cyber tanks ranging from fishing to password attack in this video we'll look into one such attack that is known as botet but before we begin if you love watching Tech videos subscribe to our Channel and hit the Bell icon never to miss an update to begin with let's take a look at some of the famous botet attacks the first one is Mirai botet which is a malicious program designed to attack vulnerable iot devices and infect them to form a network of bots that on command perform basic and medium level denial of service attacks then we have the zo bot is specifically designed for attacking the system for Bank related information and data now let's see what exactly a botnet is botnet refers to a network of hijack interconnected devices that are installed with malicious codes known as malware each of these infected devices are known as Bots and the hijack criminal known as bot hoer remotely controls them the Bots are used to automate large scale attacks including Data Theft server failure malware propagation and denial of service attacks now that we know what exactly a bot net is let's dive deeper into learning how bot net works during the preparation of a botet network the first step involves preparing the botn net Army after that the connection between the botnet Army and the control server established and the end the launching of the attack is done by the bot Herer let's understand through a illustration firstly we have a b Herer that initiates the attack according to the control server commands the devices that are infected with the malware programs and begins to attack the infected system let's see some details regarding the preparation of the botnet army the first step is known as the prepping the bot net Army the first step is is creating a bot inet is to infect as many as connected devices as possible this ensures that there are enough Bots to carry out the attack this way it creates Bots either by exploiting the security gaps in the software or websites or using fishing attacks they are often deployed through Trojan horses for the next step we have establishing the connection once it hacks the device as per previous step it infects it with the specific Mal Ware that connects the device back to the control bot server a bot Herer uses command programming to drive the bot's actions and the last step is known as launching the attack once infected a bot allows access to admin level operation like Gathering and stealing of data reading and rewriting the system data monitoring user activities performing denial of service attacks including other cyber crimes now let's take a look at the B architecture the first type is known as client server model the client server model is a traditional model that operates with the help of a command and control center server and communication protocols like IRC when the bot Herer issues a command to the server it is then related to the clients to perform malicious actions then we have peer-to-peer model here controlling the infected Bots involves a peer-to-peer Network that relies on a decentralized approach that is the BS are topological interconnected and act as both C and C servers that is the server and the client to the hackers adopt this approach to avoid detection and single point failure in the end we will see some points on some countermeasure against bot net attacks the first step is to have updated drivers and system updates after that we should avoid clicking random popups or links that we often see on the internet and lastly having certified antivirus anti-spyware softwares and firewall installed into a system will protect against malware attack the internet is an endless source of information and data still in some cases we come across some occurrences like cyber attacks hacking force entry which may affect a Time on the web hi everyone and welcome to the simply La Channel today we will discuss a topic that secret records our input data that is known as key loggers but before we begin if you like watching Tech videos subscribe to our Channel and hit the Bell icon to never miss an update to understand the key logging problem better let's take a look at an example this is June she works in a business firm where she manages the company's data regularly this is jaer from the information Department who is here to inform her about some of the security protocols during the briefing she informed him about some of the problems her system was facing with which included slow reaction speed and unusual internet activity as Jacob heard about the problems with the system he thinks of the possibility what could be the reason behind these problems a system was facing with the conclusion that he came across was the key logging issue unknown to the problem her system was facing with she ask him about some of the details regarding it for today's topic we learn what exactly key loggers are and how they affect our system what are the harmful effects that key logging can bring into the system to begin with we learn what exactly the key logging program is as the name suggests key logger is a malicious program or a tool that is designed to record key strokes that are typed during data input and record them into a lock file then the same program secretly sends these lock files to its origin where they can be used for malicious acts by the hacker now that we know what the key logging program is let's take a look how they enter into the system searching for a suitable driver for a system can often lead to the installation of the key logging program into the system if we often visit suspicious sites and uncertified software are installed into a system then if we use unknown links or visiting unknown websites which come through unknown addresses can also be a reason behind the key logging issue entering into the system and lastly there are often cases where different popups that we often see on social sites or different media sites can lead to the installation of key logging program into our system now that we know how the problem gets into the system let's take a look how to identify whether the system is infected by the key logging issue the key logging issue can be identified if there are often cases when a keyboard lags behind the system the data that we enter sometimes is stuck in between when we type through the input then there are cases when the system freeze occurs unknowingly to what exactly could be the reason behind them and also there are Delayed Reaction Time for different applications that run on the system and lastly there are different cases when we often see suspicious internet activity on the system that we don't know about this could lead to the identification of a problem into the system now we'll take a look at different types of key loggers that are present on the net which can harm our system differently the first problem problem that key loggers arouse is API based the most common key logging case which uses apis to keep a log of the type data and share it to its origin for malicious purposes each time we press a key the key logger intercepts the signal and logs it then we have form grabbing based key loggers as the name suggests they are based key loggers that store the form data that is if we often use web forms or different kinds of forms to enter different data they can be recorded into the system by the program and send it to its origin then we have kernel based key loggers these key loggers are installed deeply into the operating system where they can hide from different antivirus if not checked properly and they record the data that we type on the keyboard and send it to its origin and lastly we have Hardware Key loggers these key loggers are present directly into the hardware that is they are embedded into system where they record the data that we type on the keyboard now let's take a look how hackers differentiate different type of recorded data and exploit them when hackers receive information about the target they might use it to Blackmail the target which may affect the personal life of the Target and also blackmail them for different money related issues then in case of company data that is recorded by the key logging program can also affect the economic value of the company in the market which may lead to the downfall of the company also in some cases the key logging program can also log data about military Secrets which may include nuclear codes or security protocols which are necessary to maintain the security of a country now let's take a look whether mobile devices get infected with the key logging issue or not in the case of hand devices infection of key loggers are low in comparison to the computer systems as they use onscreen keyboard or virtual keyboard but in some cases we often see different kindes of malicious programs getting installed into the hand device if we often visit different uncertified websites or illegal websites or torrent sites and also the device that is infected with the key logging issue or different kind of malicious program can often lead to the exploitation of data that includes photos emails or important files by the hacker or the Cyber criminal that install the particular malicious program into the system now to prevent a system from getting infected by the key locking program let's take a look at different points the first point includes using of different antivirus softwares or tools which can prevent the entering of malicious program into the system then keeping system security protocols regularly updated is also a good habit and lastly using virtual keyboard to input our sensitive data which may include Bank details login details or different passwords related to different websites now that we have some understanding about the topic of key loggers let's take a look at the demo to further increase the knowledge about the topic for the first step we have to download some of the important libraries that are required into the system which is this library now we'll run it the system says the library is already installed into the system now let's take a look what exactly modules are required from the particular library from this Library we'll import the keyboard module which will help us to record the data that we type on the keyboard now from the same we'll also import key module and The Listener module and also the logging module which will help us to record the data into a log file for the next part we'll write a piece of code that will allow us to save the data that is recorded by the program into a text file that will be named as keor log text file along with the date and time stamp let's take a look now we'll provide it with the file name that will be given as keog do txt file and also so the part where the format of the data is recorded put the brackets over over here to contain the file name now we'll write the format in which the data will be recorded into the log file which will be given as the format would be the message and the time stamp which would be given as along with the time stamp given as percentage and ending it with the bracket now for the next step we'll design two of the functions that will be used into the program that will be termed as while press function and while release function let's take a look while press function would be a function that will come into play when the keyboard key has been pressed is pressed and this would go for the format that we designed in the above line and logging the Press key info or string file to be recorded into the lock file now now we'll design a function that is while release that will come into play when the Escape key has been pressed that is the program will terminate itself and the program will stop from running and in the end we require for the functioning of the program to Loop these functions that is while press and while release to continue its cycle that will be going for while press and on release will contain while release function as listen now and now this part would join the different threads and store them into the log file now that we have completed the code for the program let's run it we have to wait for a moment so the program runs it now to verify the program let's open Notepad and on the notepad we'll write hello world which will be the basic whether the program is working or not let's take a look and we'll go for the main page on Jupiter notebook and refresh the page go to the bottom over here we see the key log text that is a text file that we created let's open it and over here we have the data that is created as we started with Note then this is the hello world part that we created just now which shows that the program we created is working properly now that we have reached the end of the module let's take a look at the summary firstly we learn what exactly key loggers are then we understood what different modes up pris how the system get infected with the key loging problem then we learned how to detect the problem into our system then we learn what different types of key loggers are present on the net we also understood how hackers use the recorded data from the program and we also learned whether mobile devices get infected with the key logging problem or not and lastly we understood what different points can be taken to prevent the entering of the key logging problem into the system before we learn about the Pegasus platform let us understand what spyware is and it's working spyware is a category of malware that can gather information regarding a user or a device straight from the host machine it is mostly spread by malicious links via email or chat applications when a link with the malware is received clicking on this link will activate the spyware which allows the hacker to spy on all our user information with some spy systems even clicking on the link isn't necessary to trigger the malicious payload this can ultimately cause security complications and further loss of privacy one such spy system that is making the rounds in the tech industry today is Pegasus the Pegasus is a spyware system developed by an Israeli company known as the NSO group it runs on mainly mobile devices spanning across the major operating systems like the Apple's IOS on iPhone and the standard Android versions this is not a newly developed platform since Pegasus has existed since as early as 2016 a highly intricate spy program that can track user location read text messages scan through mobile files access device camera and microphone to record voice and video Pegasus has all the tools necessary to enforce surveillance for any client that wishes to buy its services initially the NSO group had designed the software to be used against terrorist factions of the world with more and more encrypted communication channels coming to the Forefront Pegasus was designed to maintain control over for the data transmission that can be a threat to National Security unfortunately the people who bought the software had complete control over who how and up to what level they can put surveillance limits on eventually the primary clients became Sovereign Nations spying on Public Information that is supposed to stay private became really easy with this service multiple devices can be affect With the same spyer system to create a network information this network keeps feeding data to the host to understand how a network can be created let's know how a mobile device can be affected by Pegasus we all communicate with friends and family over instant messaging applications and email in some instances if you check your inbox on a regular basis you must have noticed that we receive some spam emails that the mail providers like Gmail and Yahoo can just filter into the spam folder some of these messages bypass this filter and make their way into a person's inbox they look like generic emails which are supposed to be safe the Pegasus spyware targets such occurrences by passing malicious messages and links which install the necessary Spy software on the user's mobile device be it Android or an iPhone this isn't unique to the email ecosystem since it's equally likely to be targeted by SMS text WhatsApp Instagram or even the most secure messaging apps like signal and threa once the malicious links are clicked a spy package is downloaded and installed on the device after this pyer is successfully installed the perpetrator who sent the payload to the victim can monitor everything the user does Pegasus can collect private emails passwords images videos and every other piece of information that passes through the device Network all this data is transmitted back to the central server where the primary spying organization can monitor the activities at a granular level this is not even surface level since complex PIV software like Pegasus can access the root files on our mobiles these root files hold information that is crucial to the working of the Android and iOS operating systems leaking such private information is a massive blow to the security and the privacy of an individual the information that may seem trivial like the name of your Wi-Fi connection or the last time you ordered an item from Amazon are indeed all valuable information this exploitation is primarily possible due to the zero day vulnerabilities known as bugs in the software development process the zero day bugs are the ones that have just been discovered by some independent security company or a researcher once they are found reporting these vulnerabilities to the developer of the platform which would be either Google for Android or Apple for iOS is the right thing to do however many such critical bugs make their way onto the dark web where hackers can use them to create exploits these exploits are then sent to innocent users with a link or a message like we had discussed before Pegasus was able to affect ffect the latest devices with the all the security patches installed but some bugs are not reported to the developers or just cannot be fixed without breaking some core functionality these become the Gateway for spyware to enter into the system you can never be 100% safe but you sure can give it all in protecting yourself the one thing where Pegasus stands out is a zero click action feature usually in spam emails the malicious code is activated when the user clicks the malware link a user doesn't need to click the Link in the new version of the Pegasus and a few other spyware programs once the message arrives in the inbox of WhatsApp Gmail or any other chat applications the spyware gets activated and everything can be recorded and sent back to the central server the primary issue with being affected by spyware as a victim is detection unlike Crypt Miners and Trojans spying Services usually do not demand many system resources which makes them tough to detect after they have been activated since many devices is slow down after a couple of years any kind of Performance Set due to such spyware is often attributed to poor software longivity by the users they do not check meticulously for any other causes that is causing the Slowdown when left unchecked these devices can capture voice and video from the mobile sensors while keeping the owner in the dark let's take a moment to check if we are well aware of the causes of such attacks how do users fall prey to such spyware programs a by installing untested software B by clicking on the third party links from email and messages C by not keeping the apps and phones updated or D all of the above let us know your answers in the comment section below and we will rev the correct answer next week but what about the unaffected devices the vulnerable ones while we cannot be certain of our security there are a few things we can do to boost our device be it against Pegasus or the next big SP on the market let's say we are safe now and we have the time to take the necessary steps to prevent a spyware attack what are the things we can go for a primary goal must always be to keep our apps and the operating system updated the latest security patches the vulnerabilities that the exploits Target are often discovered by developers from Google and apple which send the security patches quickly this can be done for individual apps as well so keeping them updated is of utmost importance while the most secure devices have fallen pre to Pegasus as as well a security patch from developers may help in minimizing the damage at a later stage or maybe negate the entire spyware platform allog together another big factor is the spread of malware is the trend of sideloading Android applications using do APK files downloading such apps from a thirdparty website have no security checks involved and are mostly responsible for adware and spyware invasions on user devices avoiding the side loading of apps would be a major step in protecting yourself we often receive spam emails or texts from people we may not know on social medias they are accompanied with links that allow malware to creep into our device we should try to follow the trusted websites and not click on any links that redirect us to unknown domains spiv is a controversial segment in governance while the ramifications are pretty extreme in theory it severely impacts user privacy against authoritarian regimes sufficient resources and a contingent plan can alter the false ve of democracy Al together even if our daily life is rather simplistic we must understand that privacy is not about what we have to hide instead it portrays the things we have to protect it stands for everything we have to share with the outside world both theorically and literally hey everyone today we look at the hack which took the World by storm and affected multiple governments and corporations the solar winds attack the global statistics indicate that upward of 18,000 customers have been affected potentially needing billions to recover the losses incurred before we have a look at this hack Make sure to subscribe to our Channel and hit the notification Bell to never miss an update from Simply learn the date is December 8th 2020 firei a global leader in company specializing in cyber security released a blog post that caught the attention of the entire it Community a software known as Orion which was developed by solar wison corporator had become a victim of a remote access Trojan or a rat the breach was estimated to be running since the spring of 2020 and went virtually unnoticed for months the reveal sent the developers of the Orion software into a frenzy as they quickly released a couple of hot fixes for their platform in order to mitigate this threat and prevent further damage but how did this come into existence we first need to understand the platform which was responsible for this breach soloin a software company based in Texas United States had developed a management platform known as Orion Hing to corporations and governments world white Orion was responsible for the monitoring and management of it Administration this included managing the client servers virtualization components and even the organization Network infrastructure that bought the platform solar winds claims they have more than 300,000 clients including US government agencies and several Fortune 500 companies this entire chain can be classified as a supply chain attack in this variant of cyber crime the hackers Target relatively weaker links in an organization's chain of control and delivery these are preferably services rendered by a third party since there is no direct jurisdiction over it in this case the Orion platform was the primary target the culprit however was software updates the update server for solar Orion had a malicious version attached with malware or a Trojan to be precise this was made possible since the code repository that handled the software updates was breached once the update server repository was compromised the source code of the applications became open to modification and malicious code found its way onto the software the remote access troen was attached to a potential update nicknamed the Sunburst update this update gave hackers backd door access to any client that uses the correct version on its release many clients believe the update to be legitimate since it came from the right source and they had no reason to believe otherwise American government agencies were supposedly hit the hardest as the list of victims included the US Departments of Homeland Security treasury and health several private companies like Cisco Nvidia and Intel were compromised according to a list published by the cyber security firm trusk most of the companies had issued quick updates to fix these vulnerabilities introduced by the software while the actual perpetrators have never been found it is believed that this was an act of crossborder corporate Espionage conducted by state sponsored hackers either from Russia or China before we move forward let's take a recap of the things we learned what category of malware was responsible for the solar winds hack was it one a virus a remote access trojen a spyware or a worm let us know your answers in the comment section right away and we will reveal the correct answer in a week coming to possible reparations the Biden government has launched a full investigation on the effects and the repercussions of this breach there are a couple of things that we as consumers must always tend to when working our way through the worldwide web using a password manager is highly recommended which can generate secure alpha numeric passwords you must also use different passwords for different accounts thereby reducing the chances of a single point of failure should one of those accounts get breached usage of two-factor authentication applications is also encouraged since it access a safety net if hackers directly get a hold of our credentials clicking on unknown links transmitted via emails is also a strict no as is installing applications from unverified sources the solar winds hack is estimated to cost the parent company near $8 million as reparations making it one if not the biggest hacks in cyberspace history as recently as of July 2021 the hackers accessed some us attorneys Microsoft 365 email accounts as part of the attack criminal organizations like the FBI and CIA are determined to figure out the culprits responsible for this debacle however the intricacy and the full extent of the breach makes it a way more complicated job than it looks on paper the day is 26th February 2022 the world is hit with breaking news that Russian State tv channels have been hacked by Anonymous a activist Collective and movement who have made a name taking part in multiple Cyber Wars in the past decade this was in response to the Russian aggression on Ukrainian territory in the hopes of annexation Anonymous hacked the Russian State TV networks to combat propaganda in Russia and highlight the damage to life Meed out by the Kremlin in Ukraine they also hacked 120,000 Russian troops personal information and the Russian Central Bank stealing 35,000 files this served as a clear indicator of how cyber War can change the momentum in battle something which people had never seen so closely so what is cyber War a digital assault or series of strikes or hacks against a country is sometimes referred to as a cyber War it has the ability to cause havoc on government and civilian infrastructure as well as disrupted essential systems causing State harm and even death in this day and age the internet plays a bigger role than just watching videos and learning content it's where you have your personal data and carry Financial transactions so rather than resorting to physical violence cyber War has become the new means to cause Havoc considering the vulnerability of the data passing through the internet in most circumstances cyber warfare involves a nation state attacking another in certain cases the assaults are carried out by terrorist organizations or non-state actors pursuing a hostile nation's aim in June 2021 Chinese hackers targeted organizations like Verizon to secure remote access to their networks stuck net was a computer worm designed to attack Iran's nuclear facilities but evolved and expanded to many other industrial and energy producing sites in 2010 since the definition of cyber war is so vague applying rules and sanctions based on digital assault is even tougher making the field of cyber warfare a lawless land not bound by any rules or policies there are multiple ways in which these attacks can be carried out a major category of Cyber attack is espionage Espionage entails monitoring other countries to steal critical Secrets this might include compromising vulnerable computer systems with botn Nets or spear fishing attempts before extracting sensitive data in cyber warfare the next weapon in cyber war is sabotage government agencies must identify sensitive data and its dangers if it is exploited Insider threats such as disgruntled or irresponsible Personnel or government staff with ties to the attacking country can be used by hostile countries or terrorists to steal or destroy information by overwhelming a website with bogus requests and forcing it to handle them denial of service attacks prohibit real users from accessing it attacking parties may use this form of assault to disrupt key operations and systems and prevent citizens military and security officials and research organizations from accessing sensitive websites but what benefits does Cyber War offer in contrast to traditional physical Warfare the most important Advantage is the ability to conduct attacks from anywhere globally without having to travel thousands of miles as long as the attacker and Target are connected to the internet organizing and launching Cyber Wars is relatively less tedious Than Physical Warfare people living in or battling for a country are subjected to propaganda attacks in an attempt to manipulate their emotions and thoughts digital infrastructure is highly crucial in today's modern world starting from communication channels to Secure Storage servers crippling a country's footprint and control on the Internet is very damaging but what are some of the ways we as Citizens protect ourselves in the case of a cyber war in the unfortunate event that your country is involved in Warfare be sure to fact check every piece of information and follow only trusted sources in that frame of time even conversations online should be limited to a need to know basis considering propaganda campaigns have the power to influence the tide of War drastically it is highly crucial to follow basic security guidelines to secure our devices like regularly updating our operating systems occasionally running full system antivirus scans Etc if your country or organization is being attacked having devices segregated in a network goes a long way in bolstering security try to avoid sharing a lot of personal data online in this era of Instagram and Facebook divulging private information can be detrimental to keeping a secure firewall for your data the more information an attacker has access to the higher his chances of being able to devise a plan to infiltrate defenses in this video we bring you the top 10 computer hacks of all time but before we begin if you're new here and haven't subscribed already make sure to hit the Subscribe button and the bell icon for interesting Tech videos every day let's see what we have at number 10 from April 27 2007 Estonia the European country faced a series of cyber attacks that lasted for weeks this happened when the Estonian government desired to move the bronze soldier from Talent Center to a less prominent military cemetery located on the city's outskirts unprecedented levels of internet traffic took down Estonian Banks online services media Outlets broadcasters and government bodies botnet sent massive waves of spam and vast amounts of automated Online requests according to researchers the public fa dos attacks there were conflicts to edit the English language version of The Bronze soldiers Wikipedia page as well although there is no confirmation Russia is believed to be behind these cyber attacks that largely crippled the Estonian Society let's now move on to the next attack on December 23rd 2015 several parts of Ukraine witnessed a par outage and this this was not a typical blackout it was indeed the result of a Cyber attack Information Systems of three energy distribution companies in Ukraine were compromised it is the first known Victorious Cyber attack on a par grid it is said that here hackers sent out fishing emails to the par companies 30 substations were Switched Off and about 230,000 people were left in the dark for about 1 to 6 hours us investigators believed that Russia based hackers were responsible for this experts have warned that other countries could also be vulnerable to such attacks let's see what we have at number eight in the year 1999 a Cyber attack caused a 21-day shutdown of NASA computers unbelievable isn't it the hacker was none other than the then 15-year-old Jonathan James he first penetrated US Department of Defense division's computers and installed a back door on its servers this allowed him to intercept more than a thousand government emails including the ones containing usernames and passwords this helped James steal a piece of NASA software and crack the NASA computers that support the International Space Station which cost a space exploration agency's $41,000 as systems were shut down for 3 weeks he was the first person to carry out a computer hack against the American space agency let's now move on to the next attack in late November 2014 there was a leak of confidential data from the film studio of Sonni pictures information about Sony Pictures employees their emails copies of the then unreleased Sony films future propositions and other crucial data were leaked this Cyber attack was carried out by a hacker group named Guardians Of Peace so what did the hackers want well they demanded that Sony withdraw its then upcoming movie the interview this movie was a comedy story line to assassinate the North Korean leader Kim jnun Sony then decided to cancel the film's theatrical release due to the threats at Cinema screening the movie it is indeed hard to trace the roots of a Cyber attack in this case after evaluation the US intelligence officials arrived with the theory that the attack was in a way related to the government of North Korea however North Korea had denied the same moving on to our number six in December 2006 TJX the US retailer company identified that 45.6 million debit and credit card details were stolen this happened from one of its systems over 18 months by an unknown number of intruders it was one of the first largest ever cyber attacks involving the loss of personal data as a result banks in the affected regions had to reissue and block thousands of payment cards a group of hackers did this Albert Gonzalez being The Mastermind the group was from Miami the place where the TJX Heist was believed to have originated reports said that the TJX data breach occurred because of weak web encryption at two of its Marshall stores in Miami next moving on to our top five let see what we have at number five the year 2010 witnessed the discovery of the deadly computer worm stuck net this Mal motive was unlike any other usual cyber attacks it aimed at destructing the equipment the computers controlled stuck net came with the deadly purpose of damaging Iran's nuclear infrastructure it infected more than 200,000 computers including 14 Industrial sites and a uranium enrichment plant in Iran stuck net initially spread via Microsoft Windows and targeted seens industrial Control Systems although it was discovered only in 2010 It is believed to have been silently sabotaging Iran's nuclear facilities it was one of the first discovered malware that was capable of hampering hardware systems it largely damaged the centrifuges of the Iranian reactors this is believed to be a cyber weapon created by the US and the Israeli intelligence although there is no documented evidence or acceptance by either of the countries for the same moving on to number four in the year 2014 Home Depot was the victim of one of the deadliest cyber attacks 56 million payment cards were compromised along with 53 million customer email addresses stolen this security breach happened from April to September 2014 criminals were believed to have used a thirdparty wendor username and password to enter the perimeter of Home Depot's Network the attackers were then able to deploy custombuilt malware on its self checkout systems in the US and Canada moving on to our top three as you might be aware the PlayStation gaming system is one of Sony's most popular products unfortunately in April 2011 Sony Executives witnessed abnormal activity on the PlayStation Network this resulted in the compromise of approximately 77 million PlayStation users accounts and prevented users of PlayStation 3 and PlayStation Portable consoles from accessing the service this forced Sony to turn off the PlayStation Network on April 20th on May 4th Sony confirmed that personally identifiable information from each of the 77 million accounts had been exposed the outage lasted for 23 days Sony released almost daily announcements concerning the system outage in the end Sony is believed to have invested approximately $170 million to improve the network security to investigate the attack and to cover the expenses of caring for the consumers that had been affected let's now move on to the next attack at number two in May 2017 one of the most dangerous cyber attacks took place it was known as the wry ransomware attack caused by the wry crypto worm the victims were the users that used the unsupported version of Microsoft Windows and those who hadn't installed the new security update this did not take place through fishing like other attacks but through an exposed vulnerable SMB Port the the attack originated in Asia and then eventually spread across the globe in a day more than 200,000 computers were infected across 150 countries the W cry Cryptor locked the users out of the targeted systems and encrypted their data the users were asked for a ransom of $300 to $600 which had to be paid via Bitcoin in exchange for their data this attack took a toll on both private and government organizations it resulted in Damages from hundreds of of millions to billions of dollars in a matter of few days the emergency patches released by Microsoft halted the attack also the discovery of a kill switch prevented the infected computers from spreading the Cryptor worm Security Experts and a few countries believed that North Korea was behind this attack and finally let's see what we have at number one more than two decades ago in March 1999 the Melissa virus a mass mailing macro virus was released it targeted Microsoft word and Outlook based systems and created considerable Network traffic Melissa virus infected computers via emails the email would look like an important message well yes it was fake if the recipient opens the attachments in the mail and downloads the document and then opens it with Microsoft Word a virus was released on their computers this would then massmail itself to the first 50 people in the victim's contact list and then disable multiple Safeguard features on Microsoft Word and Microsoft Outlook this began spreading like a wildfire across the internet David L Smith released the virus the virus caused nearly 80 million worth of Damages it did not steal data or money however it cost a Havoc almost 1 million email accounts were disrupted worldwide agencies were overloaded and some had to be shut down entirely and internet traffic in some locations was slowed down security was traditionally considered an afterthought in socare develop it is becoming an increasingly important concern for all aspects of app development from design through deployment and Beyond the number of programs produced distributed deployed and patched across Network continually increases as a result application security features must deal with a wide range of risks let's take an example a malicious script may be mirrored on the victim's web browser or kept in a database and run whenever the user contacts the proper function depending on the kind of attack in question this allows malicious code to be entered in the case of an output the major cause of this attack is faulty user input validation which allows malicious input to enter the final output an evil user can enter a script that will be injected into the websites code the browser will then be unable to determine whether the process code is harmful as a result a malicious script is performed on the victim's browser or a bogus form is shown to the users are you aware of which attack this is if not do stay till the end to find the correct answer are you aware of which attack this is if not please stay till the end of the video to know the correct answer hey everyone welcome to today's video on application security before we move forward subscribe to our Channel and hit the Bell icon to never miss an update from us let's take a look at the topics to be covered today we start by learning about application security and its different types we learn about the most common vulnerabilities in abset followed by the import import of application Security in today's cyber security space next we cover some attacks against application layer security and end the video with some protection techniques to enforce application security parameters so let's start by learning about application security from a Grassroots perspective application security which is often known as appsx protects application software from external security threats by utilizing security software Hardware methodologies best practices and different processes organizations require application security technologies that Safeguard all of their programs from internal to popular external apps on consumer mobile phones these Solutions must address the whole development cycle and provide testing after an application has been deployed to detect possible issues application security mechanism must be capable of testing web pages for possible and exploitable vulnerabilities analyzing code and assisting in the administration of development and Safety Management processes the testing Solutions must also be simple and easy to install for system administrators worldwide consumers utilize hundreds of applications daily to access theoretically important and favored services such as e-commerce banking music Etc to be productive these professionals use a variety of software Solutions as well ranging from online word Checkers to tablet based creative tools among other things backend software of course exists to automate essential operations and processes and decrease this human labor but to make matters worse the quantity and complexity of these apps and the backend code is increasing the software security problem 10 years ago was about securing desktop apps and static web pages that were natively harmless and easy to scale through and defend because of Outsource development the number of Legacy programs and in-house development that uses thirdparty open source and commercialized of the Shelf software modules the software supply chain has become considerably more convoluted now that we understand application Security on a general level let us go through some of the different categories or the types of application security the three major types to be covered in the section web application security API security and Cloud native application security a web application is a program available through the internet and it operates on a web server the client is accessed using a web browser the applications by definition must allow connections from clients across unsecured Network this exposes them to a variety of risks many online apps are mission critical and include sensitive customer data making them an attractive Target for attackers and a top concern for any cyber security program or framework the Advent of https which offers an encrypted channel of communication Gods versus man in the middle attacks or mitm attacks has addressed several online application weaknesses many weaknesses though still persist many security providers have created Solutions specifically geared to safeguard online applications in response to the rising challenge of web application security a web application firewall is an example of a security technology meant to identify and prevent application layer sols in the case of web applications when it comes to apis apis that have security flaws are the root of many major data breaches they have the potential to reveal sensitive data and disrupt vital corporate processes API security flaws include unsufficient authentication unintended data disclosure and a failure to apply rate restriction which allows API abuse the requirement for API security like the necessity for web application security has led to the creation of sophisticated equipment that can discover API vulnerabilities and protect apis in production level the third type is cloud native application security infrastructure and environments are often built up automatically in Cloud native apps depending on declarative configuration which is known as infrastructure as code or IAC developers are tasked with developing declarative settings and application code both of which should be secure because practically everything is defined during the development stage shifting left is even more crucial in Cloud native setups traditional testing techniques can help Cloud native apps but they are insufficient that dedicated Cloud native Security Solutions are mandatory at this point of time which are capable of instrumenting vessels container clusters and serverless operations reporting on security concerns and providing developers with a quick feedback loop now that you have covered the different types of application security let us go through some of the most common vulnerabilities that these Frameworks face on a daily basis first is cryptographic failure when data is not adequately safeguarded in transit and at rest cryptographic failures which are forly known as sensitive data exposures occur it has the potential to reveal credentials health information credit card details and personal information as well depending on the type of data being protected in that particular case injection attacks see thre actors can use injection vulnerabilities to convey malicious information to a web application interpreter it has the potential to assemble and execute this data on the server SQL injection is a popular type of injection which I've already covered in an introduction for this video another major vulnerability are outdated components vulnerable and out ofate components Encompass any vulnerability caused by obsolete or unmaintained software it can happen if you construct or even use an application without first learning about its core components and versions authentication failures identification and authentication failure which are previously known as broken Authentication encap any security issue involving user identities identity attacks and exploitation may be avoided by implementing secure session Administration authentication and validation for all identities in the organization in the next section let us cover some of the protection mechanisms employed by cyber security firms and third party automated software to prevent the application layer from being bombarded with SQL injections and other attacks the first is a web application firewall or w f a web application firewall monitors and filters HTTP traffic between a web application and the worldwide web web application firewall architecture does not address all risks but it may be used in conjunction with other defense mechanisms it can use to the portfolio of Security Solutions to provide a comprehensive defense against diverse attack Roes it is a protocol layer 7 protection in the open systems interconnection or the OSI model paradigm that helps defend online application against attacks such as cross-site scripting cross-site fraud esale injection and file intrusion unlike a proxy server which conceals the identity of client computers by an intermediary a w functions as a reverse proxy shielding the server from exposure it acts as a barrier in front of a web application protecting it from the internet the clients must pass through the web application firewall before they can access the application the second is threat assessment a list of sensitive assets to safeguard will assist you in understanding the threat to your firm and how to minimize them considering how a hacker can infiltrate an application if existing security protections are in place and whether additional tools or defense cap abilities are required it's also crucial to keep your security expectations in check nothing is impenetrable even if the most stringent security measures it would be best if you were realistic about what you believe your team can handle in the long when pushed to aggressively safety regulations and procedures might be disregarded remember that safety is a lengthy and time-taking project that requires the collaboration of other employees and sometimes even your customers the next topic is privilege management limiting privileges is vital especially for Mission critical and sensitive systems the least privilege principle states that access to programs and data should be limited to those who require them when they require them for two reasons the least privileged principle is absolutely critical the first is that hackers May compromise less privileged accounts and ensuring they do not acquire access to highly sensitive systems is critical the second is that internal ders are equally harmful as external adversaries if insiders go bad it's critical to ensure they never have more power than they need minimizing the harm that they may be able to cause to the organization network security is a set of Technology Oles that protects the usability and integrity of a company's infrastructure by preventing the entry or proliferation within a network it architecture comprises of tools that protect the network itself and the applications that run over it effective network security strategies employ multiple lines of defense that are scalable and automated each defensive layer here enforces a set of security policies which are determined by the administrator beforehand this aims at securing the confidentiality and accessibility of the data and the network the every company or organization that handles a large amount of data has a degree of solutions against many cyber threats the most basic example of network security is password protection it has the network the user chooses so recently network security has become the central topic of cyber security with many organizations involving applications from people with skills in this area it is crucial for both personal and professional networks most houses with highspeed internet one or more wireless routers which can be vulnerable to attacks if they're not adequately secured data loss theft and sabotage risk may be decreased with the usage of a strong network security system your workstations are protected from hazardous F thanks to network security additionally it guarantees the security of the data which is being shared over a network by dividing information into various sections encrypting these portions and transferring them over separate pathways network security infrastructure offers multiple levels of protection to th man in the middle attacks preventing situations like eavesdropping among other harmful attacks it is becoming increasingly difficult in today's hyperconnected environment as more coroporate applications migrate to both public and private clocks additionally modern applications are also frequently virtualized and dispersed across several locations some outside the physical control of the IT team Network traffic and infrastructure must be protected in the these cases since assaults on businesses are increasing every single day we now understood the basics of network security but we need to understand how network security works in the next section in slightly more detail network security revolves around two processes authentication and authorization the first process which is authentication is similar to access cards which ensure that only those have the right to enter a building in other words authentication checks and verifies that it is indeed the user belonging to the network is trying to access or enter it thereby preventing unauthorized intrusions next comes authorization this process decides the level of access provided to the recently authenticated user for example Network admin needs access to the entire network whereas those working within it probably need access to only certain areas within the network based on the network users's role the process of determining the level of access or permission level is known as authorization today's Network architecture is complex and faces a threat environment that is always changing and attackers that are always trying to find and exploit vulnerabilities these vulnerabilities can exist in many areas including devices data applications users and locations for this reason many Network Security Management tools and applications are in use today that address individual threats when it's just a few minutes of down times can cause widespread disruption and massive damage to an organization's bottom line and reputation it is essential that these protection measures are in place beforehand now that you know a little about network security and its working let's cover the different types of network security the fundamental tenant of network security is the layering of protection for massive networks and store data that ensure the acceptance of rules and regulations as a whole there are three types the first of which is physical security the next being Technical and the third being administrative let's look into physical security first this is the most basic level that includes protecting data and network to unauthorized Personnel from acquiring control over the confidentiality of the network this include external peripherals and routers that might be used for cable connections the same can be achieved by using devices like biometric systems physical security is critical especially for small businesses that do not have many resources to devote to security personnel and the tools as opposed to large firms when it comes to technical network security it focuses mostly on safeguarding data either kept in the network or engaged in network transitions this kind fulfills two functions one is defense against unauthorized users the other is a defense against malevolent actions the last category is Administrative this level of network security protects user Behavior like how the permission has been granted and how the authorization process takes place this also ensures the level of sophistication the network might need to protect it through all the attacks this level also suggests necessary amendments that have to be done to the infrastructure I think that's all the basics that we need to cover on network security in which our next topic we're going to go through two mediums of network security which are the transport layer and the application layer so transport layer is a way to secure information as it is carried over the Internet with users browsing websites emails instant messaging Etc TLS aims to provide a private and secure connection between a web browser and a website server it does this with a cryptographic handshake between two systems using public key cryptography the two parties to the connection exchange a secret token and once each machine validates this token it is used for all Communications the connection employs lighter symmetric cryptography to save bandwidth and processing power since the application layer is the closest layer to the end user it provides hackers with the largest threat surface poor app player security can lead to Performance and stability issues data theft and in some cases the network being taken down examples of application lay attacks include distributed denal of service attacks or DDOS attacks HTTP floods hql injections cross-site scripting Etc most organizations have an arsenal of application layer security ctions to combat these and more such as web application firewalls secure web Gateway Services Etc other to have the theory behind network security has been covered in detail let us go through some of the tools that can be used to enforce these network security policies the first to to be covered in the section is a firewall a firewall is a type of network security device that keeps track of incoming and outgoing Network traffic and it decides which traffic to allow or deny in accordance to a set of security rules for more than 25 years firewalls have served as Network Security's first line of defense they provide a barrier between trustworthy internal protected and regulated networks from Shady external networks like the internet at some point the next tool which can be used to bolster network security is a virtual private Network or VPN for short it's an encrypted connection between a device and a network via the Internet the encrypted connection AIDS the secure transmission of sensitive data it makes it impossible for unauthorized parties to e stop on the traffic and enables remote work for the user the usage of VPN technology is common in both corporate and personal networks next we cover the importance of intrusion prevention systems in network security or IPS Frameworks an intrusion prevention system is a network security tool that continually scans a network for harmful activity and responds to it when it does by reporting blocking or discarding it it can be either Hardware or software it's more sophisticated that an intuition detection system or an IDs framework which can just warn an administrator and merely identify harmful activities while in the case of an IPS it actually takes against that activity the next tool in this section and the final one are going to be behavioral analytics behavioral analytics focus more on the statistics that are being carried over and stored through months and years of usage on some kind of similar pattern is noted but the it administrator can detect some kind of attack the similar attacks can be stopped and the security can be further enhanced now that we have covered all that we need to know about network security the necessary tools it's different types Etc let's go through the benefits of network security as a whole the first which is protection against external threats the objective for cyber assaults can be as varied as the Defenders themselves allthough the typical initiated for financial gain whether they are industrial spies activists or cyber criminals these Bad actors all have one thing in common which is how quick clever and covert the attacks are getting a strong cyber security posture that considers routine software updates May assist firms in identifying and responding to the abuse techniques tools and the common entry points the next benefit is protection against internal threats the human aspect continues to be the cyber security system weakest link Insider risk can originate from current or former workers third party vendors or even trusted partners and they can be unintentional careless or downright even aside from that the rapid expansion of remote work and the personal devices used for business purposes while even iot devices in remote locations can make it easier for these kind of threats to go undetected until it's too late however by proactively monitoring networks and managing access these dangers may be identified and dealt with before they become expensive disasters the third benefit is increased productivity it nearly impossible for employees to function when networks and personal devices are slow to a crawl by viruses and other cyber attacks during the operation of website and for the company to run you may significantly minimize violations and the amount of downtime required to fix the breach by implementing various cyber security measures such as enhanced firewalls virus scanning and automatic backups employee identification of possible email fishing schemes suspicious links and other malicious criminal activities can also be aided by Education and Training another benefit is brand trust and reputation customer retention is one of the most crucial elements in business development customers today place a premium on maintaining brand loyalty through a strong cyber security stance since this is the fastest way to get other businesses back get referrals and sell more tickets over all additionally it helps manufacturers get on the vender list with bigger companies as a part of the supply chain which is only as strong as its weest link this opens possibilities for potential future endeavors and development with the rise in censorship and general fear over privacy loss consumer security is at an all-time high risk technology has made our life so much easier while putting up a decent Target on our personal information it is necessary to understand how to simultaneously Safeguard our data and be up to date with the latest technological developments maintaining this balance has become easier with cryptography taking its place in today's digital world so hey everyone this is B from Simply learn and welcome to this video on cryptography but before we begin if you love watching Tech videos subscribe to our Channel and hit the Bell icon to never miss an update from Simply learn so here's a story to help you understand cryptography meet an an wanted to look for a decent recent discount on the latest iPhone she started searching on the internet and found a rather Shady website that offered a 50% discount on the first purchase once an submitted her payment details a huge chunk of money was withdrawn from a bank account just moments after devastated and quickly realized she had failed to notice that the website was a HTTP web page instead of an HTTP S1 the payment information submitted was not encrypted and it was visible to anyone keeping an eye including the website owner and hackers had she used a reputed website which has encrypted transactions and employes cryptography our iPhone Enthusiast could have avoided this particular incident this is why it's never recommended to visit unknown websites or share any personal information on them now that we understand why cryptography is so important let's take a look at the topics to be covered today we take a look into what cryptography is and how it works we learn where cryptography is being used in our daily lives and how we are benefiting from it then we will understand the different types of cryptography and their respective uses moving on we will look at the usage of cryptography in ancient history and a live demonstration of cryptography and encryption in action let's Now understand what cryptography is cryptography is the science of encrypting or decrypting information to prevent on authorized access we transform our data and personal information so that only the correct recipient can understand the message as an essential aspect of modern data security using cryptography allows the Secure Storage and transmission of data between willing parties encryption is the primary route for employing cryptography by adding certain algorithms to Jumble up the data decryption is the process of reversing the work done by encrypting information so that the data becomes readable again both of these methods form the basis of cryptography for example when simply learn is jumbled up or changed in any format not many people can guess the original word by looking at the encrypted text the only ones who can are the people who know how to decrypt the coded word thereby reversing the process of encryption any data pre encryption is called plain text or clear text to encrypt the message we use certain algorithms that serve a single purpose of scrambling the data to make them unreadable without the necessary tools these algorithms are called ciphers they are a set of detailed steps to be carried out one after the other to make sure the data becomes as unreadable as possible until it reaches the receiver we take the plain text pass it to the cipher algorithm and get the encrypted data this encrypted text is called the cipher text and this is the message that is transferred between the two parties the key that is being used to scramble the data is known as the encryption key these steps that is the cipher and the encryption key are made known to the receiver who can then reverse the encryption on receiving the message unless any third party manages to find out both the algorithm and the secret key that is being used they cannot decrypt the messages since both of them are necessary to unlock the hidden content wonder what else we would lose if not for cryptography any website where you have an account can read your passwords important emails can be intercepted and their contents can be read without encryption during the transit more than 65 billion messages are sent on WhatsApp every day all of which are secured thanks to endtoend encryption there is a huge Market opening up for cryptocurrency which is possible due to blockchain technology that uses encryption algorithms and hashing functions to ensure that the data is secure if this is of particular interest to you you can watch our video on blockchain the link of which will be in the description of course there is no single solution to a problem as diverse as explained there are three variants of how cryptography works and is in practice they are symmetric encryption asymmetric encryption and hashing let's find out how much we have understood until now do you remember the difference between a cipher and Cipher text leave your ansers in the comments and before we proceed if you find this video interesting make sure to give it a thumbs up before moving ahead let's look at symmetric encryption first symmetric encryption uses a single key for both the encryption and decryption of data it is comparatively less secure than asymmetric encryption but much faster it is a compromise that has to be embraced in order to deliver data as fast as possible without living information completely vulnerable this type of encryption is used when data rests on servers and identifies Personnel for payment applications and services the potential drawback with symmetric encryption is that both the sender and receiver need to have the same secret key and it should be kept hidden at all times Caesar Cipher Enigma machine are both symmetric encryption examples that we will look into further for example if Alice wants to send a message to Bob she can apply a substitution shifer or or a shift Cipher to encrypt the message but Bob must be aware of the same key itself so he can decrypt it when he finds it necessary to read the entire message symmetric encryption uses one of the two types of ciphers stream ciphers and block ciphers block ciphers break the plain text into blocks of fixed size and use the key to convert it into Cipher text stream ciphers convert the plain text into Cipher text one bit at a time instead of resorting to breaking them up into bigger chunks in today's world the most widely used symmetric encryption algorithm is aes256 that stands for advanced encryption standard which has a key size of 256bit with 128bit and 196 bit key sizes also being available other primitive algorithms like the data encryption standard that is the dees the triple data encryption standard 3des and Blowfish have all fallen out of favor due to the rise of AES AES chops UPS the data into blocks and performs 10 plus rounds of obscuring and substituting the message to make it unreadable asymmetric encryption on the other hand has a double whammy at its disposal there are two different keys at play here a public key and a private key the public key is used to encrypt information pre-transit and a private key is used to decrypt the information post Transit if Alice wants to communicate with Bob using asymmetric encryption she encrypts the message using Bob's public key after receiving the message Bob uses his own private key to decrypt the data this way nobody can intercept the message in between transmissions and there is no need for any secure key exchange for this to work since the encryption is done with the public key and the decryption is done with a private key that no one except Bob has access to both the keys are necessary to read the full message there is also a reverse scenario where we can use the private key for encryption and the public key for decryption a server can sign non-confidential information using its private key and anyone who has its public key can decrypt the message this mechanism also proves that the sender is authenticated and there is no problem with the origin of the information RSA encryption is the most widely used asymmetric encryption standard it is named after its Founders reest Shamir anded and it uses block ciphers that separate the data into blocks and obscure the information widely considered the most secure form of encryption albeit relatively slower than AES it is widely used in web browsing secure identification vpns emails and chat applications with so much hanging on the key secrecy there must be a way to transmit the keys without others reading our private data many systems use a combination of symmetric encryption an asymmetric encryption to bolster security and match speed at the same time since asymmetric encryption takes longer to decrypt large amounts of data the full information is encrypted using a single key that is symmetric encryption that single key is then transmitted to the receiver using asymmetric encryption so you don't have to compromise either way another route is using the Diffy helpman key exchange which relies on a one-way function and is much tougher to break into the third variant of cryptography is termed as hashing hashing is a process of scrambling a piece of data beyond recognition it gives an output of fixed size which is known as the hash value of the original data or just hash in general the calculations that do the job of messing up the data collection form the hash function they are generally not reversible without resilient Brute Force mechanisms and are very helpful when storing data on website servers that need not be stored in plain text for example many websites store your account passwords in a hashed format so that not even the administrator can read your credentials when a user tries to log in they can compare the entered password's hash value with the hash value that is already stored on the servers for authentication since the function will always return the same value for the same input cryptography has been in practice for centuries Julius Caesar used a substitute shift to move alphabets a certain number of spaces beyond their place in the alphabet table a spy can't decipher the original message at first glance for example if he wanted to pass confidential information to his armies and decides to use the substitution shift of plus two a becomes c b becomes D and so on the word attack when passed to a substitution shift of plus three becomes dww dfn this Cipher has been appropriately Nam the Caesar Cipher which is one of the most widely used algorithms the Enigma is probably the most famous cryptographic Cipher device used in ancient history it was used by the Nazi German armies in the world wars they were used to protect confidential political military and administrative information and it consisted of three or more rotors that scrambled the original message depending on the machine State at that time the decryption is similar but it needs both machines to stay in the same state before passing the cipher text so that we receive the same plane text message let's take a look at how our data is protected while we browse the internet thanks to cryptography here we have a webbased tool that will help us understand the process of RSA encryption we see the entire workflow from selecting the key size to be used until the decryption of the cipher text in order to get the plain text back as we already know RSA encryption algorithm falls under the umbrella of asymmetry key cryptography that basically implies that we have two keys at play here a public key and a private key typically the public key is used by the sender to encp the message and the private key is used by the receiver to decrypt the message there are some occasions when this allocation is reversed and we will have a look at them as well in RSA we have the choice of key size we can select any key from 512 bit to 1, 24-bit all the way up to a 496 bit key the longer the key length the more complex the encryption process becomes and thereby strengthening the cipher text although with added security more complex functions take longer to perform the same operations on similar size of data we have to keep a balance between both speed and strength because the strongest encryption algorithms are of no use if they cannot be practically deployed on systems around the world let's take a 1024-bit key over here here now we need to generate the keys this generation is done by functions that operate on past phrases the tool we are using right now generates the sudo random keys to be used in this explanation once we generate the keys you can see the public key is rather smaller than the private key which is almost always the case these two keys are mathematically linked with each other they cannot be substituted with any other key and in order to encrypt the original message or decrypt the cipher text this pair must be kept together the public key is then sent to the sender and the receiver keeps the private key with himself in this scenario let's try an encrypt a word simply learn we have to select if the key being used for encryption is either private or public since that affects the process of scrambling the information since we are using the public key over here let's select the same and copy it and paste over here this Cipher we are using right now is plain RSA there are some modified ciphers with their own pros and cons that can also be used provided we use it on a regular basis and depending on the use case as well once we click on encrypt we can see the cipher text being generated over here the sudo random generating functions are created in such a way that a single character change in the plain text will trigger a completely different Cipher text this is a security feature to strengthen the process from Brute Force methods now that we are done with the encryption process let's take a look at the decryption part the receiver gets this Cipher text from the sender with no other key or supplement he or she must already possess the private key generated from the same pair no other private key can be used to deip the message since they are mathematically linked we paste the private key here and select the same the Cipher must always so be the same used during the encryption process once we click decrypt you can see the original plane text we had decided to encrypt this sums up the entire process of RSA encryption and decryption now some people use it the other way around we also have the option of using the private key to encrypt information and the public key to decrypt it this is done mostly to validate the origin of the message since the keys only work in pairs if a different PR private key is used to encrypt the message the public key cannot decrypt it conversely if the public key is able to decrypt the message it must have been encrypted with the right private key and hence the rightful owner here we just have to take the private key and use that to encrypt the plain text and select the same in this checkbox as well you can see we have generated a completely new Cipher text this Cipher text will be sent to the receiver and this time we will use the public key for de ction let's select the correct checkbox and decrypt and we still get the same output now let's take a look at practical example of encryption in the real world we all use the internet on a daily basis and many are aware of the implications of using unsafe websites let's take a look at Wikipedia here pretty standard https website where the Ed stands for secured let's take a look at how it secures the data wi shock is the world's foremost and most widely used Network protocol analyzer it let you see what's happening on your network at a microscopic level and we are going to use the software to see the traffic that is leaving a machine and to understand how vulnerable it is since there are many applications running in this machine let's apply a filter that will only show us the results related to Wikipedia [Music] let's search for something that we can navigate the website with okay once we get into it a little you can see some of the requests being populated over here let's take a look at the specific request these are the data packets that basically transport the data from our machine to the internet and vice versa as you can see there's a bunch of gibberish data here that doesn't really reveal anything that we searched or watched similarly other secured websites function the same way and it is very difficult if at all possible to Snoop on user data this way to put this in perspective let's take a look at another website which is a HTTP web page this has no encryption enabled from the server end which makes it vulnerable to attacks there is a login form here which needs legitimate user credentials in order to Grant access let's enter a random pair of credentials these obviously won't work but we can see the manner of data transfer un surprisingly we weren't able to get into the platform instead we can see the data packets let's apply a similar filter that will help us understand what request this website is sending these are the requests being sent by the HTTP login form to the internet if we check here see whatever username and password that we are entering we can easily see it with the wire shark now we used a dummy pair of credentials if we select the right data packet we can find a correct credentials if any website had asked for a payment information or a legitimate credentials it would have been really easy to get a hold of these to reiterate what we have already learned we must always avoid HTTP websites and just unknown or not trustworthy websites in general because the problem we saw here is just the tip of the iceberg even though cryptography has managed to lessen the risk of cyber attacks it is still prevalent and we should always be alert to keep ourselves safe online there are two types of encryption in cryptography symmetric key cryptography and asymmetric key cryptography both of these categories have their pros and cons and differ only by the implementation today we are going to focus exclusively on symmetry key cryptography let us have a look at its applications in order to understand its importance better this variant of cryptography is primarily used in banking applications where personally identifiable information needs to be encrypted with so many aspects of banking moving onto the internet having a reliable safety net is crucial symmetric cryptography helps in detecting bank fraud and boost the security index of these payment gateways in general they are also helpful in protecting data that is not in transit and rests on servers and data centers these centers house a massive amount of data that needs to be encrypted with a fast and efficient algorithm so that when the data needs to be recalled by the respective service there is the Assurance of minor to no delay while browsing the internet we need symmetric encryption to browse secure https websites so that we get an all-around protection it plays a significant role in verifying website server authenticity exchanging the necessary encryption Keys required and generating a session using those keys to ensure maximum security this helps us in preventing the rather insecure HTTP website format so let us understand how symmetric key cryptography works first before moving on to the specific algorithms symmetric key cryptography relies on a single key for the encryption and decryption of information both the sender and receiver of the message need to have a pre-shared secret key that they will use to convert the plain text into Cipher text and vice versa as you can see in the image the key used for encryption is the same key needed for decrypting the message at the other end the secret key shouldn't be sent along with the cipher text to the receiver because that would defeat the entire purpose of using cryptography key exchange can be done beforehand using other algorithms like the defy Helman key exchange protocol for example for example if Paul wants to send a simple message to Jane they need to have a single encryption key that both of them must keep secret to prevent snooping on by malicious actors it can be generated by either one of them but must belong to both of them before the messages start flowing suppose the message I am ready is converted into Cipher text using a specific substitution Cipher by Paul in that case Jane must also be aware or the substitution shift to deip the cipher text once it reaches her irrespective of the scenario where someone manages to grab the cipher text mid transit to try and read the message not having the secret key renders everyone helpless looking to snow in the symmetric key algorithms like the data encryption standard have been in use since the 1970s while the popular ones like the EES have become the industry standard today with the entire architecture of symmetric cryptography depending on the single key being used you can understand why it's of Paramount importance to keep it secret on not all locations the side effect of having a single key for the encryption and decryption is it becomes a single point of failure anyone who gets their hand on it can read all the encrypted messages and do so mainly without the knowledge of the sender and the receiver so it is the priority to keep the encryption and decryption key private at all times should it fall into the wrong hands the third party can send messages to either the sender or the receiver using the same key to encrypt the message upon receiving the message and decrypting it with the key it is impossible to guess its origin if the sender somehow transmits the secret key along with the cipher text anyone can intercept the package and access the information consequently this encryption category is termed private key cryptography since a big part of the data's Integrity is writing on the promise that the users can keep the key secret this terminology contrasts with asymmetri key cryptography which is called public key cryptography because it has two different keys at play one of which is public provided we manage to keep the key secret we still have to choose what kind of ciphers we want to use to encrypt this information in symmetric key cryptography there are broadly two categories of ciphers that we can employ let us have a look stream ciphers are the algorithms that encrypt basic information one bit at a time it can change depending on the algorithm being used but usually it relies on a single bit or bite to do the encryption this is the relatively quicker alternative considering the algorithm doesn't have to deal with blocks of data at a single time every piece of data that goes into the encryption can and needs to be converted into binary format in stream ciphers each binary digit is encrypted one after the other the most popular ones are the rc4 salsa and Panama the binary data is passed through an encryption key which is a randomly generated bit stream upon passing it through we receive the s Tex that can be transferred to the receiver without fear of man in the middle attacks the binary data can be passed through an algorithmic function it can have either X or operations as it is most of the time or any other mathematical calculations that have the singular purpose of scrambling the data the encryption key is generated using the random bitstream generator and it acts as a supplement in the algorithmic function the output is in binary form which is then converted into the decimal or hexadecimal format to give our final Cipher text on the other hand block ciphers dissect the raw information into chunks of data of fixed size the size of these blocks depend on the exact Cipher being used a 128bit block Cipher will break the plane text into blocks of 128bit each and encrypt those blocks instead of a single digit once these blocks are encrypted individually they are chained together to form a final Cipher text block ciphers are much slower but they are more tamper proof and and are used in some of the most widely used algorithms employed today just like stream ciphers the original Cipher text is converted into binary format before beginning the process once the conversion is complete the blocks are passed through the encryption algorithm along with the encryption key this would provide us with the encrypted blocks of binary data once these blocks are combined we get a final binary string this string is then converted into hexadecimal format to get our Cipher text today the most popular symmetry key algorithms like AES Dees and 3des are all block Cipher methodology subsets with so many factors coming into play there are quite a few things symmetrically cryptography excels at while falling short in some other symmetric K cryptography is much faster variant when compared to asymmetric cryptography there is only one key in play unlike asymmetric encryption and this drastically improves calculation speed in the encryption and decryption similarly the performance of symmetric encryption is much more efficient under similar computational limitations fewer calculations help in better memory management for the host system bulk amounts of data that need to be encrypted are very well suited for symmetric algorithms since they are much quicker handling large amounts of data is simple and easy to use in servers and data forms this helps in better latency during data recall and fewer mixed packets thanks to its simple single key structure symmetry key cryptography algorithms are much easier to set up a communication Channel with and offer a much more straightforward maintenance duties once the secret key is transmitted to both the sender and receiver without any prior mishandling the rest of the system aligns easily and everyday Communications becomes easy and secure if the algorithm is applied as as per the documentation symmetric algorithms are very robust and can enip vast amounts of data with very less overhead the algorithm stands for data encryption standard it is a symmetric key Cipher that is used to encrypt and recpt information in a block by block manner each block is encrypted individually and they later chained together to form our final Cipher text which is then sent to a receiver DS takes the original unaltered piece of data called the plain text in a 64-bit block and it is converted into an encryptor text that is called the cipher text it uses 48 bit Keys during the encryption process and follows a specific structure called the fistal Cipher structure during the entire process it is a symmetry key algorithm which means DS can reuse the keys used in the encryption format to decrypt the cipher text back to the original plain text once the 64bit blocks are encrypted they can be combined together before being transmitted let's take a look at the origin and the reason Dees was founded Dees is based on a fistal block Cipher called Lucifer developed in 1971 by IBM cryptography researcher host fist Dees uses 16 rounds of this fistel structure using a different key for each round it also utilizes a random function with two inputs and provides a single output variable DS becames the organization's approved encryption standard in November 1976 and was later reaffirmed as a standard in 1983 1988 and finally in 1999 but eventually DS was cracked and it was no longer considered a secure solution for all official roots of communication consequently triple Ds was developed triple Ds is a symmetri key block Cipher that uses a double Ds Cipher encrypt with the first key delete encryption with the second key and encrypt again with a third key there is also a variation of the two keys where the first and second key are duplicate of each other but triple Ds was ultimately deemed too slow for the growing need for fast communication channels and people eventually fell back to using DS for encrypting messages in order to search for a better alternative a public wide competition was organized and helped cryptographers develop their own algorithm as a proposal for the next global standard this is where the rile algorithm came into play and was later credited to be the next advanced encryption standard for a long time DS was the standard for data encryption for data security its rule ended in 2002 when finally the advanced encryption standard replaced Dees as an acceptable standard following a public competition for a place to understand the structure of a fistal Cipher we can use the following image as a reference the block being encrypted is divided into two parts one of which is being passed onto the function while the other part is exort with the function's output the function also uses the encryption key that differs for each individual round this keeps going on until the last step until where the right hand side and the left hand side are being swapped here we receive our final Cipher text for the decryption process the entire procedure is reversed starting from the order of the keys to the block sorting if the entire process is repeated in a reverse order we will eventually get back our plain text and this simpl helps the speed overall This was later detrimental to the efficiency of the algorithm hence the security was compromised a fistal block Cipher is a structure used to derive many symmetric block ciphers such as Dees which as we have discussed in our previous comment pistal Cipher proposed a structure that implements substitution and permutation alternately so that we can obtain Cipher text from the plain text and vice versa this helps in reducing the redundancy of the program and increases the complexity to combat Brute Force attacks the fistal Cipher is actually based on the Shannon structure that was proposed in 1945 the fistel cipher is the structure suggested by horse feistel which was considered to be a backbone while developing many symmetric block ciphers the Shannon structure highlights the implementation of alternate confusion and diffusion and like we already discussed the fistal Cipher structure can be completely reversed depending on the data however we must consider the fact that to decrypt the information by reversing the fal structure we will need the exact polinomial functions and the key orders to understand how the blocks are being calculated we take a plane test which is of 64bit and that is later divided into two equal halves of 32 bit each in this the right half is immediately transfer to the next round to become the new Left half of the second round the right hand is again passed off to a function which uses an encryption key that is unique to each round in the fistal Cipher whatever the function gives off as an output it is passed on as an exor input with the left half of the initial plane text the next output will become the right half of the second round for the plain text this entire process constitutes of a single round in the fistal Cipher taking into account what happens in the polinomial function we take one half of the block and pass it through an expansion box the work of the expansion box is to increase the size of the half from 32-bit to 48-bit text this is done to make the text compatible to a 48-bit keys we have generated before hand once we pass it through the EXO function we get a 48 bit text as an output now remember a half should be of 32-bit so this 48-bit output is then later passed on to a substitution box this substitution box reduces its size from 48 bit to 32bit Output which is then later exort with the first half of the plane text a block Cipher is considered the safest if the size of the block is large but large block sizes can also slow down encryption speed and the decryption speed generally the size is 64-bit sometimes modern block ciphers like AES have a 128bit block size as well the security of the block sver increases with increasing key size but larger key sizes may also reduce the speeds of the process earlier 64-bit keys were considered sufficient modern ciphers need to use 128bit Keys due to the increasing complexity of today's computational standards the increasing number of rounds also increase the security of the block Cipher similarly they're inversely proportional to the speed of encryption a highly complex round function enhances the security of the block Cipher Al we must maintain a balance between the speed and security the symmetric block Cipher is implemented in a software application to achieve better execution speed there is no use of an algorithm it it cannot be implemented in a real life framework that can help organizations to encrypt or decrypt the data in a timely manner now that we understand the basics of FAL ciphers we can take a look at how Dees manages to run through 16 rounds of the structure and provide the cipher text at the end now that we understand the basics of FAL ciphers we can take a look at how DS manages to run through 16 rounds of this structure and provide a cipher text in simple terms DS takes the 64-bit plane text and converts it into a 64-bit Cipher text and since we are talking about asymmetric algorithms the same key is being used when it is decrypting the data as well we first take a 64bit ke plane text and we pass it through an initial permutation function the initial permutation function has the job of dividing the block into two different parts so that we can perform fisal Cipher structures on it there are multiple rounds being procured in the DS algorithm namely 16 rounds of FAL Cipher structure each of these rounds will need keys initially we take a 56-bit cipher key but it is a single key we pass it onto a round key generators which generat 16 different keys for each single round that the fistal Cipher is being run these keys are passed on to the rounds as 48 bits the size of these 48 bit Keys is the reason we use the substitution and permutation Bongs in the polinomial functions of the faal ciphers when passing through all these rounds we reach round 16 by the final key is passed on from the round key generator and we get a final permutation in the final permutation the are swapped and we get our final Cipher text this is the entire process of Dees with 16 rounds of hisel ciphers and compassed in it to decrypt a cipher text back to the plain text we just have to reverse the process we did in the DS algorithm and reverse the key order along with the functions this kind of Simplicity is what gave Dees the bonus when it comes to speed but eventually it was detrimental to the overall efficiency of the program when it comes to security factors B have five different modes of operation to choose from this one of those is electronic code book each 64-bit block is encrypted and decrypted independently in the electronic code book format we also have Cipher block chaining or the CBC method here each 64-bit block depends on the previous one and all of them use an initialization Vector we have a cipher feedback block mechanism where the preceding Cipher text becomes the input for the encryption algorithm it produces a sud random output which in turn is exor with the plain text there is an output feedback method as well which is the same as Cipher feedback except that the encryption algorithm input is the output from the preceding Dees a counter method has a different way of approach where each plain text block is exor with an encrypted counter the counter is then incremented for each subsequent block there are a few other alternatives to these modes of operation but the five mentioned above are the most widely used in the industry and recommended by cryptographers worldwide let's take a look at the future of Dees the dominance of Dees ended in 2002 when the advanced encryption standard replaced the DS encryption algorithm as the accepted standard it was done following a public competition to find a replacement nist officially withdrew the global acceptance standard in May 2005 although triple Ds has approved for some sensitive government information through 2030 n also had to change the DS algorithm because its key length was too short given the increased processing power of the new computers encryption power is related to the size of the key and D found itself a victim of ongoing technological advances in Computing we have received a point where 56-bit was no longer a challenge to the computers of tracking note that because DS is no longer the nist federal standard does not mean that it is no longer in use tripl DS is still used today and is still considered a legacy encryption algorithm to get a better understanding of how these keys and Cipher Tex look like we can use an online tool for our benefit as we already know to encrypt any kind of data a key is mandatory this key can be generated using mathematical functions or computerized key generation program such as this website offers it can be based on any piece of text let's say the word is simply [Music] learn in our example once the key is settled we provide the plain text or the clear text that needs to be encrypted using the aformentioned key suppose a sentence for this example is this is my first message we have satisfied two prerequisites the message and the key another variable that goes into play is the mode of operation we have already learned about five different modes of operation while we can see some other options here as well let us go with the CBC variant which basically means the cipher block chaining method one of cbc's key characteristics is that it uses a chaining process it causes the decryption of a block of Cipher text to depend all on the preceding Cipher text blocks as a result the entire validity of all the blocks is contained in the previous adjacent blocks as well a single bit error in a cipher Tex block affects the decryption of all the subsequent blocks rearrangement of the order of these for example can cause the decryption process to get corrupted regarding the manner of displaying binary information we have two options here we can either go with base 64 or the hexadecimal format let's go with the base 64 right now as you can see the cipher text is readily available b64 is a little more efficient than hex so we will be getting a smaller Cipher text when it comes to Bas 64 albeit the size of both the formats will be the same the hex has a longer Cipher text since B 64 takes four characters for every three bytes while hex will take two characters for each B hence B 64 turns out to be more efficient now to decut the cipher text we go by the same format we choose Bas 64 we copy the cipher text onto a decryption tool and we have to make sure that the key we are using is exactly the same we choose similar mode of operation and we choose the correct encoding format as well which is BAS 64 in this case as you can see the decryption is complete and we get a plain text back even if you keep everything the same but we just change the encoding format it will not be able to decrypt anything unfortunately DS has become rather easy to crack even without the help of a key the advanced encryption standard is still on top when it comes to symmetric encryption security and will likely stay there for a while eventually with so much computing power growth the need for a stronger algorithm was necessary to safeguard a personal data as solid as Dees was the computers of today could easily break the encryption with repeated attempts thereby rendering the data security helpless to counter this dilemma a new standard was introduced which was termed as the advanced encryption standard or the AES algorithm let's learn what is Advanced encryption standard the AES algorithm also known as the reenal algorithm is a symmetric block Cipher with a block size of 128 bits it is converted into Cipher text using keys of 128 192 or 256 bits it is implemented in software and Hardware throughout the world to encrypt sensitive data the National Institute of Standards and Technology also known as NC started development on AES in 1997 when it was announced the need for an alternative to the data encryption standard the new internet needed a replacement for Dees because of its small key size with increasing computing power it was considered unsafe against entire key search attacks the triple Ds was designed to overcome this problem however it was deemed seemed to be too slow to be deployed in machines worldwide strong cases were present by the Mars rc6 Serpent and the TW fish algorithms but it was the rindal encryption algorithm also known as AES which was eventually chosen as the standard symmetric key encryption algorithm to be used its section was formalized with the release of federal information processing standards publication 197 in the November of 2001 it was approved by the US Secretary of Commerce now that we understand the origin of AES let us have a look at the features that make AES encryption algorithm unique the AES algorithm uses a substitution permutation or SP Network it consists of multiple rounds to produce a cipher text it has a series of linked operations including replacing inputs with specific outputs that is substitutions and others that involve bit shuffling which is permutations at the beginning of the the encryption process we only start out with a single key which can be either a 128bit key a 192bit key or a 256bit key eventually this one key is expanded to be used in multiple rounds throughout the encryption and the decryption cycle interestingly AES performs all its calculations on bite data instead of bit data as seen in the case of the dees algorithm therefore AES treats 128 bits of a clear text block as 16 bytes the number of rounds during the encryption process depends on the key size that is being used the 128bit key size fixes 10 Rounds the 192bit key size fixes 12 rounds and the 256bit key holds 14 rounds a round key is required for each of these rounds but since only one key is input into the algorithm the single key needs to be expanded to get the key for each round including the round zero with so many mathematical calculations going on in the background there bound to be a lot of steps throughout the procedure let's have a look at the steps followed in AES before we move ahead we need to understand how data is being stored during the process of AES encryption everything in the process is stored in a 4 into four Matrix format this Matrix is also known as a state array and we'll be using these State AR is to transmit data from one step to another and from one round to the next round each round takes straight array as input and gives a straight array as output to be transferred into the next round it is a 16 byte Matrix with each cell representing one byte with each four bytes representing a word so every state array will have a total of four words representing it as we previously discussed we take a single key and expand it to the number of rounds that we need the key to be used in let's say the number of rounds are n then the key has to be expanded to be used with n + one rounds because the first round is the key zero round let's say n is the number of rounds the key is expanded to n + 1 rounds it is also a state array having four words in its vicinity every key is used for a single round and the first key is used as a round key before any round begins if in the very beginning the plane text is captured and passed through an exor function with a round key as a supplement this key can be considered the first key from the n+1 expanded set moving on the state array resulting from the above step is passed on to a bite substitution process beyond that there is a provision to shift rows in the state arrays later on the state array is mixed with a constant Matrix to shuffle its column in the mix column segment after which we add the round key for that particular round the last four steps mentioned are part of every single round that the encryption algorithm goes through the state arrays are then passed from one round to the next as an input in the last round however we skipped the mix columns portion with the rest of the process remaining unchanged but what are these bite substitution and row shifting processes let's find out regarding each step step in more detail in the first step the plain text is stored in a state array and is exor with the k0 which is the first key in the expanded key set this step is performed only once on a block while being repeated at the end of each round as per iteration demands the state array is exor with the key to get a new state array which is then pass office input to the sub bytes process in the second stage we have bite substitution we leverage an Xbox called as a substitution box to randomly switch data among each element every single bite is converted into a heximal value having two parts the first part denotes the row value and the second part denotes the column value the entire State array is passed through the sbox to create a brand new state array which is then passed off as an input to the row shifting process the 16 input bytes are replaced by looking at a fixed table given in the design we finally get a matrix with four rows and four columns when it comes to row shifting each bit in the four rows of the Matrix is shifted to the left an entry that is a fall off is reinserted to the right of the line the change is done as follows the first line is not moved in any way the second line is shifted to a single position to the left the third line is shifted two positions to the left and the fourth line is shifted three positions to the left the result is a new Matrix that contains the same 16 bytes but has been moved in relation to each other to boost the complexity of the program in mix columns each column of four bytes is now replaced using a special mathematical function the function takes four bytes of a column as input and outputs four completely new bytes we will get a new Matrix with the same size of 16 bytes and it should be noted that this phase has not been done in the last round of the iteration when it comes to adding a round key the 16 bytes of the Matrix are treated as 128 bits and the 128 bits of the round key are exort if it is the last round the output is the cipher text if we still have a few rounds remaining the resulting 128 bits are interpreted as 16 bytes and we start another similar round let's take an example to understand how all these processes work if our plain text is the string 2192 we first convert it into a heximal format as follows we use an encryption key which is that's my comu and it is converted into a heximal format as well as per the guidelines we use a single key which is then later expanded into n +1 number of keys in which case it's supposed to be 11 keys for 10 different rounds in round zero we add the round key the plane test is exor with the k0 and we get a state array that is passed off as an input to the substitution by its process when it comes to the substitution byes process we leverage an sbox to substitute the elements of each bite with a completely new bite this way the state array that we receive is passed off as an input to the row shifting process on the next step when it comes to row shifting each element is shifted a few places to the left with the first row being shifted by zero places second row by one place third row by two places and the last by three the state array that we received from the row shifting is passed off as an input to mix columns in mix columns we multiply the straight array with a constant Matrix after which I receive a new state are to be passed on onto the next step we add the new state array as an exor with the round key of the particular iteration whatever state array we receive here it becomes an output for this particular round now since this is the first round of the entire encryption process the state array that we receive is passed off as an input to the new round we repeat this process for 10 more rounds and we finally receive a cipher text once the final State array can be denoted in the hexad deal format this becomes our final Cipher text that we can use for transferring information from the sender and receiver let's take a look at the applications of AES in this word AES finds most use in the area of WI less Security in order to establish a secure mode of authentication between routers and clients highly secure mechanisms like WPA and WPA2 psk are extensively used in securing Wi-Fi endpoints with the help of RI algorithm it also helps in SSL TLS encryption that is instrumental in encrypting our internet browser sessions AES Works in tandem with other asymmetric encryption algorithms to make sure the web browser and web server are properly configured and use encrypted channels for communication AES is also prevalent in general file encryption of various formats ranging from critical documents to the media files having a large key allows people to encrypt media and decrypt data with maximum security possible AES is also used for processor Security in Hardware Appliances to prevent machine hijacking among other things as as a direct successor to the dees algorithm there are some aspects that AES provides an immediate advantage in let us take a look when it comes to key length the biggest flaw in DS algorithm was its small length was easily vulnerable by today's standards AES has managed to NAB up 128 192 and 256bit key lens to bolster the security further the block size is also larger in AES owing to more complexity of the algorithm the number of rounds in DS is fixed irrespective of the plain text being used in AES the number of round depends on the key length that is being used for the particular iteration thereby providing more Randomness and complexity in the algorithm the de algorithm is considered to be simpler than AES even though AES beats DS when it comes to relative speed of encryption and decryption this makes Advanced encryption standard much more streamlined to be deployed in Frameworks and systems worldwide when it compares to the data encryption standard hello in our last video on cryptography we took a look at symmetry key cryptography we used a single private key for both the encryption and decryption of data and it works very well in theory let's take a look at a more realistic scenario now let's meet Joe Joe is a journalist who needs to communicate with Ryan via long-distance messaging due to to the critical nature of the information people are waiting for any message to leave Joe's house so that they can intercept it now Joe can easily use symmetric cryptography to send the encrypted data so that even if someone intercepts the message they cannot understand what it says but here's the tricky part how will Joe send the required decryption key to Ryan the sender of the message as well as the receiver need to have the same decryption key so that they can exchange messages otherwise Ryan cannot decrypt the information even when he receives the cipher text if someone intercepts the key while transmitting it there is no use in employing cryptography since a third party can now decode all the information easily key sharing is a risk that will always exist when symmetric key cryptography is being used thankfully asymmetric key encryption has managed to fix this problem this is B from Simply learn and welcome to this video on asymmetry key cryptography let's take a look at what we are going to learn today We Begin by explaining what asymmetry key cryptography is and how it works we take a look at its application and uses we understand why it's called publicy cryptography and then learn a little bit about RS encryption and then we learn about the advantages of asymmetric key cryptography over symmetric key cryptography let's understand what asymmetry key cryptography is asymmetry encryption uses a double layer of protection there are two different keys at play here a private key and and a public key a public key is used to encrypt the information pre-transit and a private key is used to decrypt the data post Transit these pair of keys must belong to the receiver of the message the public keys can be shared via messaging blog posts or key servers and there are no restrictions as you can see in the image the two keys are working in the system the sender first encrypts the message using the receiver's private key after which we receive the cipher text the cipher text is then transmitted to the receiver without any other key on getting the cipher text the receiver uses his private key to decrypt it and get the Plaine text back there has been no requirement of any key exchange throughout this process therefore solving the most glaring flaw faced in symmetry key cryptography the public key known to everyone cannot be used to decrypt the message and the private key which can decrypt the message need not be shared with anyone the sender and receiver can exchange personal data using the same set of keys as often as possible to understand this better take the analogy of your mailbox anyone who wants to send you a letter has access to the box and can easily share information with you in a way you can say the mailbox is publicly available to all but only you have access to the key that can open the mailbox and read the letters in it this is how the private key comes to play no one can intercept the message and read its contents since it's encrypted once the receiver gets its content contents he can use his private key to decrypt the information both the public key and the private key are generated so they are interl and you cannot substitute other private keys to decrypt the data in another example if Alice wants to send a message to Bob let's say treats call me today she must use Bob's public key while encrypting the message upon receiving the cipher message Bob can proceed to use his private key in order to decp the message and hence complete Securities attained during transmission without any need for sharing the key since this type of encryption is highly secure it has many uses in areas that require High confidentiality it is used to manage digital signatur so there is valid proof of a document's authenticity with so many aspects of business transitioning to the digital sphere critical documents need to be verified before being considered authentic and acted upon thanks to asymmetric cryptography senders can sign documents with their private Keys anyone who needs to verify the authenticity of such signatures can use the sender's public key to decrypt the signature since the public and the private keys are linked to each other mathematically it's impossible to repeat this verification with with duplicate Keys document encryption has been made very simple by today's standards but the background implementation follows the similar approach in blockchain architecture asymmetri key cryptography is used to authorize transactions and maintain the system system thanks to its two key structures changes are reflected across the blockchain's peer-to-peer Network only if it is approved from both ends along with asymmetric key cryptography stamp appro architecture its non- repudiation characteristic also helps in keeping the network stable we can also use asymmetry key cryptography combined with symmetri key cryptography to monitor SSL or TLS encrypted browsering sessions to make sure nobody can steal up personal information when accessing banking websites or the internet in general it plays a significant role in verifying website server authenticity exchanging the necessary encryption Keys required and generating a session using those keys to ensure maximum security instead of the rather insecure HTTP website format security parameters differ on a session by session basis so the verification process is consistent and utterly essential to Modern data security another great use of the asymmetric key cryptography structure is transmitting keys for symmetric key cryptography with the most significant difficulty in symmetric encryption being key exchange asymmetric keys can help clear the shortcoming the original message is first encrypted using a symmetry key the key used for encrypting the data is then converted into the cipher text using the receiver's public key now we have two Cipher texts to transmit to the receiver on receiving both of them the receiver uses his private key to decrypt the Symmetry key he can then use it to decrypt the original information on getting the key used to encrypt the data while this may seem more complicated than just asymmetry key cryptography alone symmetric encryption algorithms are much more optimized for vast amounts of data on some occasions encrypting the key using asymmetric algorithms will definitely be more memory efficient and secure you might remember us discussing why symmetric encryption was called private key cryptography let us understand why asymmetric falls under the public key cryptography we have two keys at our disposal the encryption key is available to everyone the decryption key is supposed to be private unlike symmetric key cryptography there is no need to share anything privately to have an encrypted messaging system to put that into perspective we share our email address with anyone looking to communicate with us it is supposed to be public by Design so that our email login credentials are private and they help in preventing any data mishandling since there is is nothing hidden from the world if they want to send us any encrypted information this category is called the public key cryptography there are quite a few algorithms being used today that follow the architecture of asymmetric cryptography none more famous than the RS encryption RSA encryption is the most widely used encryption or publicly encryption standard using asymmetri approach named after its Founders reest Shamir and Adelman it uses block ciphers to obscure the information if you are unfamiliar with how block ciphers work there are encryption algorithms that divide the original data into blocks of equal size the block size depends on the exact Cipher being used once they are broken down these blocks are encrypted individually and later chained together to form the final Cipher text widely considered to be the most secure form of encryption Al B relatively slower than symmetric encryption algorithms it is widely used in web browsing secure identification vpns emails and other chat applications with so many variables in play there must be some advantages that give asymmetrically cryptography an edge over the traditional symmetric encryption methodologies let's go through some of them there is no need for any reliable key sharing channel in asymmetric encryption it was an added risk in private key cryptography that has been completely eliminated in public key architecture the key which is made public cannot decrypt any confidential information and the only key that can decrypt doesn't need to be shared publicly under any circumstance we have much more extensive key lens in RSA encryption and other asymmetric algorithms like 248 bit key and 496 bit Keys larger keys are much harder to break into via brute force and are much more secure asymmetric key cryptography can use as a proof of authenticity since only the rightful owner of the keys can generate the messages to be decrypted by the private key the situation can also be reversed encryption is done using a private key and decryption is done by the public key which would not function if the correct private key is not used to generate the message hence proving the authenticity of the owner it also has a tamper protection feature where the message cannot be intercepted and changed without invalidating the private key used to encrypt the data consequently the public key cannot decrypt the message and it is easy to re realize the information is not 100% legitimate when and where the case requires now that we have a proper revision let's understand what digital signatures are before moving on to the algorithm the objective of digital signatures is to authenticate and verify documents and data this is necessary to avoid tampering and digital modification or forgery of any kind during the transmission of official documents they work on the public key cryptography architecture with one exception typically an asymmetry key system encrypts using a public key and decrypts with the private key for digital signatures however the reverse is true the signature is encrypted using a private key and is decrypted with the public key because the keys are ink together decoding it with the public key verifies that the proper private key was used to sign the document thereby verifying the signatures Provence let's go through each step to understand the procedure thoroughly in step one we have M which is the original plain text message and it is passed onto a hash function denoted by H hash to create a digest next it bundles the message together with the hash digest and encrypts it using the sender's private key it sends the encrypted bundle to the receiver who can decrypt it using the sender public public key once the message is decrypted it is passed to the same hash function H hash to generate a similar digest it compares the newly generated hash with the bundled hash value received along with the message if they match it verifies data Integrity in many instances they provide a layer of validation and security to messages through non-secure Channel properly implemented a digital signature gives the receiver reason to believe that the message was sent by the claimed sender digital signatures are equivalent to traditional handwritten signatures in many respects but properly implemented digital signatures are more difficult to forge than the handwritten type digital signature schemes in the sense used here are cryptographically based and must be implemented properly to be effective they can also provide non-repudiation meaning that the signer cannot successfully claim that they did not sign a message while also claiming their private key remains secret further some non-repudiation schemes offer a timestamp for the digital signature so that even if the private key is exposed the signature is valid to implement the concept of digital signature in real world we have two primary algorithms to follow the RSA algorithm and the DSA algorithm but the latter is a topic of learning today so let's go ahead and see what the digital signature algorithm is supposed to do digital signature algorithm is a fips standard which is a federal information processing standard for digital signatures it was proposed in 1991 and globally standardized in 1994 by the National Institute of Standards and Technology also known as the nist it functions on the framework of modular exponation and discrete logarithmic problems which are difficult to compute as a force brute system unlike DSA most signature types are generated by signing message digest with the private key of the originator this creates a digital thumbprint of the data since just the message digest is signed the signature is generally much smaller compared to the data that was signed as a result digital signatures impose less load on processors at the time of signing execution and they use small volumes of bandwidth DSA on the other hand does not encrypt message digest using private key or decp message Digest chosing public key instead it uses mathematical functions to create a digital signature consisting of two 160 bit numbers which are originated from the message digests and the private key DCS make use of the public key for authenticating the signature but the authorization process is much more complicated when compared with RSA DSA also provides three benefits which is the message authentication Integrity verification and non- repudiation in the image we can see the entire process of DSF validation a plain text message is passed onto a hash function where the digest is generated which is passed onto a signing function signing function also has other parameters like a global variable G of random variable K and the private key of the sender the outputs are then bundled onto a single pack with a plain text and send to the receiver the two outputs we receive from the signing functions are the two 160 bit numbers denoted by S and R on the receiver end we pass the plain text to the same hash function to regenerate the message digest it is passed onto verification function which has other requirements such as the publicy of the sender Global variable G and SNR received from the sender the value generated by the function is then compared to R if they match then the verification ation process is complete and data Integrity is verified this was an overview of the way the DSA algorithm works you already know it depends on logarithmic functions to calculate the outputs so let us see how we can do the same in our next section we have three phases here the first of which is key generation to generate the keys we need some prerequisites we select a q which becomes a prime divisor we select a prime number P such that P minus 1 mod Q equal to 0 we also select a random integer G which must satisfy the two formulas being mentioned on the screen right now once these values are selected we can go ahead with generating the keys the private key can be denoted by X and it is any random integer that falls between the bracket of zero and the value of Q the public key can be calculated as y = g ^ x mod P where Y is stand for the public key the private key can then be packaged as a bundle which comprises of values of p q G and X similarly the public key can also be packaged as a bundle having the values of p q G and Y once we're done with key generation we can start verifying the signature and this generation repeat once the keys are generated we can start generating the signature the message is passed through a hash function to generate the digest Edge first we can choose any random integer K which falls under the bracket of 0 and Q to calculate the first 160 bit number of a signing function of r we use the formula G ^ K mod P into mod Q similarly to calculate the value of the second output that is s we use the following formula that is shown on the screen the signature can then be packaged as a bun bundle having R and S this bundle along with a plain text message is then passed on to the receiver now with the third phase we have to verify the signature we first calculate the message digest received in the bundle by passing it to the same hash function we calculate the value of w U1 and U2 using the formulas shown on the screen we have to calculate a verification component which is then to be compared with the value of R being sent by the sender this verification component can be calculated using the following formula once calculated this can be compared with the value of R if the values match then the signature verification is successful and our entire process is complete starting from Key generation to the signature Generation all the way up to the verification of the signature with so many steps to follow we are bound to have a few advantages to boot this and we would be right to think so DSA is highly robust in the security and stability aspect when compared to Alternative signature verification algorithms we have a few other ciphers that aim to achieve the Simplicity and the flexibility of DSA but it has been a tough ask for all the other suits the key generation is much faster when compared to the RSA algorithm and such while the actual encryption and decryption process May falter a little in comparison a quicker start in the beginning is well known to optimize a lot of Frameworks DSA requires Less storage space to work its entire cycle in contrast its direct correspondent that is RSA algorithm needs a certain amount of computational and storage space to function efficiently this is not the case with Ds which has been optimized to work with weaker hardware and lesser resources the the DSA is patented but nist has made this patent available worldwide royaltyfree a draft version of the speculation fips 1865 indicates that DSA will no longer be approved for digital signature generation but it may be used to verify signatures generated prior to the implementation date of that standard the RSA algorithm is a public key signature algorithm developed by Ron reest ADI Shamir and leanard men the paper was first published in 1977 and the algorithm uses logarithmic functions to keep the working complex enough to withstand brute force and streamlined enough to be fast post deployment RSA can also encrypt and decrypt general information to securely exchange data along with handling digital signature verification let us understand how it achieve this we take our plain text message M we pass it through a hash function to generate the digest h which is then encrypted using the sender's private key this is appended to the original plan text message and sent over to the receiver once the receiver receives the bundle he can pass the plane text message through the same hash function to generate a digest and the cipher text can be decrypted using the public key of the sender the remaining hashes are compared if the values match then the data Integrity is verified and the sender is authenticated apart from digital signatures the main case of RS say is encryption and decryption of private information before being transmitted across communication challeng this is where the data encryption comes into play when using RSA for encryption and decryption of General data it reverses the key set usage unlike signature verification it receives the receiver's public key to encrypt the data and uses the receiver's private key in decrypting the data thus there is no need to exchange any keys in this scenario there are two broad components when it comes to RSA cryptography one of them is key generation key generation employs a step of generating the private and the public keys that are going to be used for encrypting and decrypting the data the second part is the encryption and decryption functions these are the ciphers and steps that need to be run when scrambling the data or recovering the data from the cipher text you will Now understand each of these steps in our next subtopic keeping the previous two concepts in mind let us go ahead and see how the entire process works starting from creating the keeper to encrypting and decrypting the information you need to generate the public and private Keys before running the functions to generate Cipher text and plain text they use certain variables and parameters all of which are explained we first use two large prime numbers which can be denoted by P and Q we can compute the value of n as n = p into q and compute the value of Z as P -1 into Q -1 a number e is chosen at random satisfying the following conditions and a number D is also selected at random following the formula Ed mod Z equal to 1 and it can be calculated with the formula given below the public ke is then packaged as a bundle with n and E and the private key is packaged as a bundle using n and D this sums of the key generation process for the encryption and decryption function we use the formula C and M the cipher text can be calculated as c = m ^ e mod n and the plain text can be calculated from the cipher text as C power D mod n when it comes to a data encryption example let's take p and Q as 7 and 13 the value of n can be calculated as 91 if we select the value of e to be 5 it satisfy all the criteria that we needed to the value of D can be calculated using the following function which gives it as 29 the public key can then be packaged as 91a 5 and the private key can then be packaged as 91a 29 the pl text if it is 10 which is denoted by m Cipher text can be calculated to the formula c = m^ e mod n which gives us 82 if somebody receives this Cipher text they can calculate the plain text using the formula C to the^ D mod n which gives us the value of 10 as selected as our plain text we can now look at the factors that make the RSA algorithm Stand Out versus its competitors in the advantageous topics of this lesson RSA encryption depends on using the receivers public key so that you don't have to share any secret key to receive the messages from others this was the most glaring flaw faced by symmetric algorithms which were eventually fixed by asymmetric cryptography structure since the key pairs are related to each other a receiver cannot intercept the message since they didn't have the correct private keys to deip the information if a public key can deip the information the sender cannot refuse signing it with his private key without admitting the private key is not in fact private anymore the encryption process is faster than that of the DSA algorithm even if the key generation is slower in RSA many systems across the world tend to reuse the same keys so that they can spend less time in key generation and more time on actual Cipher text management data will be tamper proof in transit since meddling with the data will alter the usage of the keys the private key won't be able to decrypt the information hence alerting the receiver of any kind of manipulation in between the receiver must be aware of any third party who possesses the private key since they can alter the data mid Transit the cases of which are rather low imagine creating an account on a new website you provide your email address and set a password that you are confident and you would not forget what about the website owner how securely are they going to store your password for website administrators they have three Alternatives they can either store the passwords in a plain text format they can encrypt the passwords using an encryption and decryption key or they can store the passwords in a hash value let's have a look at each of these when a password is stored in clean text format it is considered to be the most unsafe option since anyone in the company can read your passwords a single hack and a data server breach will expose all the accounts credentials without needing any extra effort to counter this owners can encrypt the passwords and keep them in the servers as a second alternative but that would mean they also have to store the decryption key somewhere on their servers in the event of a data breach or the server hack both the decryption key and encrypted passwords will be leaked thus making it a single point of failure what if there was an option to store the passwords after scrambling them completely but with no way to decrypt them this is where hashing comes to play since only the hashed values are stored in the server no encryption is needed with no plain text passwords to protect your credentials are safe from the website administrators considering all the pros hashed passwords are the industry standard when it comes to storing credentials nowadays before getting too deep into the topic let's get a brief overview of how hashing Works hashing is the process of scrambling a piece of information or data beyond recognition we can achieve this by using hash functions which are essentially algorithms that perform mathematical operations on the main plain text the value generated after passing the plain text information through the hash function is called the hash value digest or in general just the hash of the original data while this may sound similar to encryption the major difference is hashes are meant to be irreversible no decryption key can convert a digest back to its original value however a few hashing algorithms have been broken due to the increase in computational complexity of today's new generation computers and processors there are new algorithms that stand the test of time and are still in used among multiple areas for password storage identity verification Etc like we discussed earlier websites use hashing to store the users passwords so how do they make use of these hash passwords when a user signs up to create a new account the password is then run through the hash function and the resulting hash value is stored on the servers so the next time a user comes to log to the account the password he enters is passed through the same hash function and compared to the hash stored on the main server if the newly calculated hash is the same as the one stor on the website server the password must have been correct because according to Hash functions terminology same inputs will always provide the same outputs if the hashes do not match then the password entered during login is not the same as the password entered during the sign up hence the login will be denied this way no plain text passwords get stored preventing both the owner from snooping on user data and protecting users's privacy in the unfortunate event of a data breach or a hack apart from password storage hashing can also be used to perform Integrity checks when a file is uploaded on the internet the file's hash value is generated and it is uploaded along with the original information when a new user downloads the file he can calculate the digest of the downloaded file using the same hash function when the hash values are compared if they match then file Integrity has been maintained and there has been no data corruption since so much important information is being passed on the hash function we need to understand how they work a hash function is a set of mathematical calculations operated on two blocks of data the main input is broken down into two blocks of similar size the block size is dependent on the algorithm that is being used hash functions are designed to be one way they shouldn't be reversible at least by Design some algorithms like the previously mention md5 have been compromised but more secure algorithms are being used today like the sh F of algorithms the digest size is also dependent on the respective algorithm being used md5 has a digest of 128 bits while sh 256 has a digest of 256 bits this digest must always be the same for the same input irrespective of how many times the calculations are carried out this is a very crucial feature since comparing the hash value is the only only way to check if the data is untouched as the functions are not reversible there are certain requirements of a hash function that need to be met before they are accepted while some of them are easy to guess others are placed in order to preserve Security in the long run the hash function must be quick enough to encrypt large amounts of data at a relatively Fast Pace but it also shouldn't be very fast running the algorithm on all cylinders makes the functions easy to boot force and a security liability there must be a balance to allow the hash function to handle large amounts of data and not make it ridiculously easy to Brute Force by running through all the possible combinations the hash function must be dependent on each bit of the input the input can be text audio video or any other file extension if a single character is being changed it doesn't matter how small that character may be the entire digest must have have a distinctly different hash value this is essential to create unique digest for every password that is being store but what if two different users are using the same password since the hash function is the same for all users both the digests will be the same this is called a hash Collision you may think this must be a rare occasion where two users have exactly the same password but that is not the case we have techniques like salting that can be used to reduce these hash collisions as we will discuss later in this video you would be shocked to see the most used passwords of 2020 all of these passwords are laughably insecure and since many people use the same passwords repeatedly on different websites hash collisions risk are more common than one would expect let's say the hash functions find two users having the same password how can they store both the hashers without messing up the original data this is where salting and peppering come to play salting is the process of adding a random keyword to the end of the input before it is passed on to the hash function this random keyword is unique for each user on the system and it is called the salt value or just the salt so even if two passwords are exactly the same the solt value will differ and so will the digest there is a small problem with this process though since the salt is unique for each user they need to be stored in the database along with the passwords and sometimes given in plain text to speed up the process of continuous verification if the server is hacked then the hashes will need to be brute forced which takes a lot of time but if they receive the salts as well the entire process becomes very fast this is something that peppering aims to solve peppering is the process of adding a random string of data to the input before passing them to the hash function but this time the random string is not unique for each user it is supposed to be common for all us users in the database and the extra bit added is called the pepper in this case the pepper isn't stored on the servers it is mostly hardcoded onto the website source code since it's going to be the same for all credentials this way even if the servers get hacked they will not have the right pepper needed to crack into all the passwords many websites use a combination of salting and peppering to solve the problem of hash collision and bolster security since Brute Force takes such a long time many hackers avoid taking the effort the returns are mostly not worth it and the possible combinations of using both salting and peppering is humongous with the consensus aiming towards an educated public on digital privacy it's no surprise to see an increasing interest in encryption algorithms we have already covered the major names like the dees and the AES algorithm md5 algorithm was one of the first hashing algorithms to take the glob M stage as a successor to the md4 despite the security vulnerabilities encountered in the future md5 Still Remains a crucial part of data infrastructure in a multitude of environments the md5 hashing algorithm is a one-way cryptographic functions that accepts a message of any length as input and it returns as output a fixed length digest value to be used for authenticating the original messages the digest size is always always 128 bits irrespective of the input the md5 hash function was originally designed for use as a secure cryptographic hash algorithm to authenticate digital signatures md5 has also been depreciated for users other than as a non- cryptographic check sum to verify data integrity and detect unintentional data corruption Ronald dest founder of RSA data security and Institute professor at MIT designed md5 as an improvement to a prior message digest algorithm which was the md4 as already iterated before the process is straightforward we pass up PL text message to the md5 hash functions which in turn perform certain mathematical operations on the clear text to scramble the data the 128bit digest received from this is going to be radically different from the plain text the goal of any message digest function is to produce digest that appear to be random to be considered cryptographically secure the hash functions should meet two requirements first that it is impossible for an attacker to generate a message that matches a specific hash value and second that it is impossible for an attacker to create two messages that produce the same hash value even a slight change in the plane text should trigger a drastic difference in the two digest this goes a long way in preventing hash collisions which take place when two different plane Texs have the same Digest to achieve this level of intricacy there are a number of steps to be followed before we receive the diges let us take a look at the detailed procedure as to how the md5 hash algorithm works the first step is to make the plane text compatible with the hash function to do this we need to pad the bits in the message when we receive the input string we have to make sure the size is 64 bits short of a multiple of 512 when it comes to pad adding the bits we must add one first followed by zeros to round out the extra characters this prepares a string to have a length of just 64 bits less than any multiple of 512 here and out we can proceed On To The Next Step where we have to Pat the length bits initially in the first step we appended the message in such a way that the total length of the bits in the message was 64 bits short of any multiple of 512 now we add the length bits in such a way that the total number of bits in the message is perfectly a multiple of 512 that means 64 bit lens to be precise are added to the message our final string to be hashed is now a definite multiple of 512 The Next Step would be to initialize the message digest buffer the entire hashing plane text is now broken down into 512-bit blocks the there are four buffers or registers that are of 32 bits each named a b c and d these are the four words that are going to store the values of each of these subblocks the first iteration to follow these registers will have fixed heximal values as shown on the screen below once these values are initial of these 512 blocks we can divide each of them into 16 further subblocks of 32 bits each for each of these subblocks we run four rounds of operations having the four buffer variables a b c and d these rounds require the other constant variables as well which defer with each round of operation the constant values are stored in a random array of 64 elements since each 32-bit subblock is run four times 16 such subblocks equal 64 constant values needed for a single block iteration the subblocks can be denoted by the alphabet M and the constant values are denoted by the alphabet T coming to the actual round of operation we see our four buffers which already have pre-initialized values for the first iteration at the very beginning the values of buffers b c and d are passed on to a nonlinear logarithmic function the formula behind this function changes by the particular round being worked on as we shall see later in this video Once the output is calculated it is added to the raw value stored in buffer a the output of this addition is added to the particular 32bit subblock using which we are running the four operations the output of this requisite function then needs to be added to a constant value derived from the constant array K since we have 64 different elements in the array repeat since we have 64 different elements in the array we can use a distinct element for each iteration of a particular block The Next Step involves a circular shift that increases the complexity of the hash algorithm and is necessary to create a unique digest for each individual input the output generated is later added to the value stored in the buffer B the final output is now stored in the second buffer of B of the output registor individual values of c d and a are derived from the preceding element before the iteration started meaning the value of b gets stored in C value of C gets stored in D and the value of D in a now that we have a full register ready for this subblock the values of a b c d are moved on as input to the next subblock Once all 16 subblocks are completed the final register value is saved and the next 512 bit block begins at the end of all these blocks we get a final digest of the md5 algorithm regarding the nonlinear process mentioned in the first step the formula changes for each round it's being run on this is done to maintain the computational complexity of the algorithm and to increase randomness of the procedure the formula for each of the four rounds uses the same parameters that is b c and d to generate a single output the formulas being used are shown on the screen right now algorithm unlike the latest hash algorithm families a 32-bit digest is relatively easier to compare when verifying the Digest they don't consume a noticeable amount of disc storage and are comparatively easier to remember and reiterate passwords need not be stored in plain text format making them accessible for hackers and malicious actors when using digest the database security also gets a boost since the sizes of all the hash values will be the same in the event of a hack or a breach the malicious actor will only receive the hashed values so there is no way to reach generate the plain text which should be the user passwords in this case since the functions are irreversible by Design hashing has become a compulsion when storing user credentials on the server nowadays a relatively low memory footprint is necessary when it comes to integrating multiple Services into the same framework without a CPU overhead the digest size is the same and the same steps are run to get the hash value irrespective of the size of the input string this helps in creating a low requirement for computational power and is much easier to run on older Hardware which is pretty common in server farms around the world we can monitor file corruption by comparing hash values before and after Transit once the hash is match file Integrity checks are valid and we can avoid data corruption hash functions will always give the same output for the similar input irrespective of the iteration parameters it also helps in ensuring that the data hasn't been tampered with on route to the receiver of the message we use our Wi-Fi everyday for work and we use the internet for entertainment and communication the dependency on technology is at an all-time high thanks to the radical developments and innovation in these last two decades a big portion of this belongs to ensuring secure channels of communication and data transmission the secure hash algorithm are a family of cryptographic hash functions that are published by the National Institute of Standards and Technology along with the NSA it was passed as a federal information processing standard also known as FPS it has four different families of hash functions ssj 0 is a 160 bit hash function published in 1993 and it was closed down later after an undisclosed significant flaw sha1 is also a 160 bit hash function which resembles the earlier md5 algorithm this was designed by the NSA to be a part of the digital signature algorithm S2 is a family of two similar hash functions with different block sizes known as the Sha 256 and the Sha 512 they differ in the word size sh 256 uses 32 bit words while sha 512 uses 64bit words sha3 is a hash function properly known as kak it was chosen in 2012 after a public competition among non NSA designers it supports the same hash lens as H2 and its internal structure differs significantly from the rest of the S family as we have already iterated the process is straightforward we pass a plain text message to the sh hash function which in turn performs certain mathematical operations on the clear text to scramble the data the one 60 bit digest received from this is going to be radically different from the plain text the goal of any hash function is to produce digest that appear to be random to be considered cryptographically secure the hash function should meet two requirements first that it is impossible for an attacker to generate a message that matches a specific hash value and second it should be impossible for an attacker to create two messages producing the exactly same hash value even a slight change in the PL Tex should trigger a drastic difference in the two digest this goes a long way in preventing hash collisions which takes place when two different plane text have the same digest the sh family functions have some characteristics that they need to follow while generating the digest let's go through a few of them the length of the clear text should be less than 2 the^ 64 bits in the case of sh 1 and sh25 six this is essential to keep the plane text compatible with the hash function and the size needs to be in comparison area to keep the digest as random as possible the length of the hash digest should be 256 bits in the Sha 256 algorithm 512 bits in the Sha 512 algorithm and so on bigger digest usually suggest significantly more calculations at the cost of speed and space we typically go for the longest diges to bolster security but there must be a definite balance between the speed and security of a hash function by Design all hash function of the Sha 512 sh 256 are irreversible you should neither get a plain text when you have the digest beforehand nor should the digest provide the original value when you pass it through the same hash function again another case of protection is that when the hash digest is passed into the Sha function for a second time we should get a completely different digest from the first instance this is done to reduce the chance of Brute Force attacks to achieve this level of intricacy there are a number of steps to be followed before we receive the digest let us take a look at the detailed procedure as to how the Sha algorithm works the first step is to make the plain text compatible with the hash function to to do this we need to pad the bits in the message when you receive the input string you have to make sure the size is 64 bit short of a multiple of 512 when it comes to padding the mids you must add one first followed by the remaining zeros to round out the extra characters this prepares our string to have a length just 64 bits less than any multiple of 512 here on out we can proceed to The Next Step where we have to Pat the length bits initially in the first step we appended the message in such a way that the total number of bits in the message was 64 bits short from becoming a multiple of 52 now we add the length of bits in such a way that the total number of bits in the message is a perfect multiple of 512 that means 64 bits plus the length of the original message becomes a multiple of 512 this becomes a final string that needs to be hashed in the next step we have to initialize this chaining variables the entire plain text message can now be broken down into blocks of 512 bits each unlike other hash algorithms like md5 which use four registers or buffers sh family use five buffers of 32 bits each they are named a b c d and e these registers go through multiple rounds of operation where the first iteration has fixed H aimal values as can be seen in the screen moving on we have to process each of the 512-bit blocks by breaking each of them into 16 subblocks of 32 bits each each of them goes through four rounds of operation that use the entire register and have the 512-bit block along with the constant array out of those four rounds each round has 20 iterations so in general we have 80 rounds some total the constant value of K is an array of 80 elements of those 80 16 elements are being used each round so that comes out to 80 rounds for each of those elements the value of T differs by the number of rounds as can be seen in the table below a single formula is necessary to calculate the output of each round and iteration the formula can be AB B CDE e registor is equal to e plus a nonlinear process P along with a circular shift of a plus WT Plus SKT in this formula ABCD is the register value of the chaining variables as we discussed before p is a logical process which has a different formula for each round S5 is a circular shift by five bits and WT is a 32-bit string derived from the existing subblock this can be calculated depending on the iteration at hand KT signifies a single element of the 80 character element array which changes depending on the particular round at hand for the values of WT the first 16 values are the same as that of the sub blocks so there is no extra calculation needed for the next 64 elements the value of WT can be calculated as shown in the formula here to better understand this let's take a look at how each of this goes in a sequential process we have our initial register using the five words of 32 bits each in the first step we put the values of a b c and d to the subsequent registor as the output next we use a nonlinear process P that changes depending on the round and uses the values of b c and d as input whatever output is generated from the nonlinear process it is added with the value of the E register next the value of a is circular shifted by five bits and is added with the output generated in the previous step the next step is adding the value of WT and the constant element of KT the current output is then stored in the register a similarly this iteration is repeated every round and for each subblock in the process once all the registers are complete and all the subblocks are joined together to form the single Cipher text message we will have our hash output regarding the nonlinear process P that uses the values of b c and d as input the formula changes every round to maintain a complexity of the program that can withstand Brute Force attacks depending on the round the values are passed through a logical operation which is then added with the values of WT KT and so on now that we understand how to get our hash digest from the plain text let us learn about the advantages we obtain when using the Sha hash algorithm instead of relying on data in a plain text format digital signatures follow asymmetric encryption methodology to verify the authenticity of a document or a file hash algorithms like sh 256 and the industry standard s 512 go a long way in ensuring the verification of signatures passwords need not be stored in a plain text format which makes them accessible to hackers and other malicious actors when using digest the database security also gets a boost since the size of all hash values will be the same in the event of of a hack or a breach the malicious actor will only receive the hash values with no way to regenerate the plane text in this case the pl text would be user credentials since the hash functions are irreversible by design it has become a compulsion when storing passwords on the servers the SSL handshake is a crucial segment of the web browsing sessions and it's done using sha functions it consists of your web browsers and the web servers agreeing on encryption keys and hashing authentication to prepare a secure connection it relies on a combination of symmetric and asymmetric algorithms which ensure the confidentiality of the data transmitted between a web server and a web client like the browsers you can monitor file corruption by comparing hash values before and after Transit once the hash is match file Integrity checks are valid and data corruption is avoided hash functions will always give the same output for the same input irrespective of the iteration parameters it also helps in ensuring that the data hasn't been tampered with on route to the receiver of the message passwords are by far the most common type of user authentication they are popular because their Theory makes perfect sense to individuals and is reasonably simple to implement for developers on the other hand poorly constructed passwords can pose security flaws a well-designed password-based authentication process does not save the user's actual password this would make make it far too simple for a hacker or a malevolent Insider to access all of the systems user accounts in this video you will learn how to crack passwords and simultaneously try to make your passwords as Brute Force resistant as possible let's take a look at the topics to be covered today we start by learning about what is password cracking in general next we take a look at the different techniques of password cracking that hackers use in order to generate user credentials for hacking moving on we take a look at the multiple tools that hackers can use to generate these hashes and the passwords finally we take a look at the steps and the guidelines that users can follow to prevent their passwords from being cracked let's start by giving a basic idea about password cracking password cracking is the process of identifying an unknown password to a computer or a network resource using a program code it can also assist a threat actor in gaining illegal access to resources malicious actors can engage in various criminal activities with the information obtained through password tracking the procedure might entail comparing a set of words to guess credentials or using an algorithm to guess the password repeatedly password cracking can be done for several reasons but the most malicious reason is in order to gain unauthorized access to a computer without the owner's awareness this results in cyber crime such as stealing passwords for the purpose of accessing banking information Miss other non-malicious reasons for password cracking occur when someone has misplaced or forgotten a password another example of non-malicious password cracking may take place if a system administrator is conducting test on password strength as a form of security test this enables so that the hacker cannot easily access protected systems the best way that users can protect their passwords from cracking is to ensure that they choose strong passwords typically passwords must contain a combination of mixed case random letters dig digs and symbols strong passwords should never be actual words in addition strong passwords are at least eight characters long in many password protected applications users are notified of the strength of the password they've chosen upon entering it the user can then modify it and strengthen the password based on the indications of its strength now that we understand the basics of password cracking let's go to the basic techniques hackers use to retrieve passwords from General victims asking the customer for the password is simple approach to hacking a fishing email directs the unwary reader to a counterfeit login page linked with whatever service the hacker wants to access generally by demanding the user fix some critical security flaw or Aid in a database reset that page then captures their password which the hacker can subsequently exploit for their own purpose social engineering influences the victim to get personal information such as bank account numbers or passwords the strategy is popular among hackers because they realize that humans are the gateway to vital credentials and information through social engineering the employer tried and through tactics to exploit and influence age-old human Tendencies rather than devising novel means to breach secure and Advanced Technologies it has been demonstrated that many firms either lack adequate security or are overly friendly and trustworthy when they should not be they allow granting access to critical facilities based on a un form or a so story a hacker searches a password dictionary for the correct password in the case of a dictionary attack password dictionaries cover many themes and a mixture of topics such as politics movies and music groups users failure to create a strong password is why this approach efficiently cracks passwords till today simply said this assault employs the same terms that many individuals use as passwords a hacker can compare the password hash obtained to hashes of the password dictionaries to find the correct plain text password now that the passwords have been hashed the hackers attempt to achieve authentication by breaking the password hash they accomplish this by employing a rainbow table which is a set of pre-computed hashes of portable password combinations hackers can use the rainbow table to crack the hash resulting in guessing your password as a result it retrieves the password hash from the system and eliminates any need to break it furthermore it does not not necessitate the discovery of the password itself the breach is accomplished if the hash matches in a Brute Force assault the attacker attempts multiple password combinations until the correct one is identified the attacker uses software to automate this process and run exhaustive password combination in a substantially shorter length of time with the growth of hardware and technology in recent years such programs have been invigorated it won't be quick if your password is more than a few characters lengthy but it will eventually reveal your password boot Force assaults can be sped up by throwing more processing resources at them with so many different techniques coming together to correct passwords none of them are useful without the right tools there are a prora of scripts and Snippets of code that can retrieve passwords from either encrypted storage or from the hash digest let's go through some of these tools cane and able is a password recovery tool for Microsoft operating systems it allows easy recovery of various kinds of passwords by sniffing the network cracking encrypted passwords using dictionary brute force and crypt analysis attacks recording Vibe conversations recording scrambled passwords recovering wireless network Keys Etc are some of the other features of G enable the latest version is faster and contains a lot of new features like ARP poison routing which enables sniffing on switch L and man in the- Middle attacks the sniffer in this version can also analyze encrypted protocols such as SS H1 and https while containing filters to capture credentials from a wide range of authentication mechanisms it also ships routing protocol authentication monitors and Route extractors dictionary and boot Force crackers are also present along with common hashing algorithms and several specific authentications password hash calculators and other features John the Ripper is a password cracking application that was first released in 1996 for Unix based computers it was created to evaluate password strength Brute Force encrypted hash passwords and break passwords using dictionary attacks it can use dictionary attacks rainbow tables and other attacks depending on the target type Rainbow Crack is a password cracking application that uses time memory trade-off algorithm to crack password hashes with rainbow tables rainbow tables make password cracking more easier and faster than traditional Brute Force attacks it is like a dictionary containing nearly every possible password and the pre-calculated hashes creating this kind of dictionary takes much more time than cracking a single hash but after that you can use the same dictionary over and over again this procedure might take a long time however once the table is ready it can break passwords far quicker than Brute Force methods with so many tools ready to NAB our passwords there are certain set of rules users can follow to protect their credentials from being compromised let's cover some of these guidelines longer passwords are required making the Brute Force mechanism tougher to implement longer passwords and pass phrases have been demonstrated to boost security significantly however it is still critical to avoid lenier passwords that have previously been hacked or that feature often in cracking dictionaries this password policy encourages users to establish passwords that do not contain personal information as previously said most users create passwords utilizing personal information such as Hobbies nicknames pet or family member names Etc if a hacker has access to personal information about a specific user for example via social media they will test password combinations based on that knowledge password regulations should compel users to distinguish between security and convenience user should be prohibited from using the same password for all services password sharing with between users including those who work in the same department or use the same equipment should be avoided a single breached password doesn't affect your other accounts with this policy some password regulations necessitate the creation of a pass phrase rather than a pass word while pass phrases serve the same objective the length make them more difficult to break in addition to letters a good pass should include numbers and symbols passwords may be easier for users to remember than pass phases however the latter is much more breach resistant two-factor authentication or 2fa can help secure an online account or even a smartphone tofa does this by asking the user to provide two forms of information a password or a personal identification PIN and a code texted to the user smartphone or a fingerprint before accessing whatever is secured this helps discourage an authorized entries to an account without the original owner's permission at this point you may wonder why you need a strong password in the first place even if most websites are safe there is still a danger that someone will try to access or exploit your information a strong password is among the most effective ways to protect your accounts and personal information from hackers you should follow certain rules and guidelines while creating a strong password password managers are also recommended to help remember the created passwords for convenience of usage with that being said let's take a look at the topics we are covering today we start by learning about the state of password cracking in today's world and why creating strong passwords is an absolute must for every account next we will look at some guidelines and rules that help strengthen passwords and make password cracking a daunting task for hackers moving on we understand why past phes have grown in popularity and are being recommended for credential protection over traditional passwords and finally we take a look at how password managers help alleviate the problem of creating and remembering complex passwords along with other critical personal information let's start by learning about why strong passwords have become an absolute necessity one of the most common ways that hackers break into computers is by guessing passwords simple and commonly used passwords enable Intruders to easily gain access and control a Computing device conversely a password that is difficult to guess makes it prohibitively difficult for common hackers to break into a machine and force them to look for another Target the more difficult the password the lower the likelihood that one's computer will fall victim to an unwanted intrusion many individuals opt to tie their websites to something they can readily recall to generally easy memorable combos however this does not make the password unique in fact it's the reverse passwords are handled by 53% of individuals using their Recollections and memory with modern computational standards simple passwords take seconds and a couple of minutes at worst to be completely brute forced according to Global surveys more than 60% of people use the same passwords for their personal and job applications while this may allow the user never to forget the password it makes a single point of failure the only pin to drop if one of the accounts gets breached all subsequent accounts are as good as hacked to further elaborate on how you can create strong passwords let's go through some of the guidelines let's go through some dos and Dons to understand how to create new passwords for our accounts it is recommended to keep the password length at least 12 characters to ensure brute forcing to be difficult a combination of upper and lowercase alphabets is an absolute necessity when creating strong passwords it is also recommended to use numerics along with those alphabets to create a complicated password finally special character help in making a password much more Brute Force assistant than any number of alphabets or letters can make moving over to the d section it's absolutely not recommended to keep Simple dictionary terms such as computer or even the word password as your credential because those are very easy to be brute forced and are usually present in majority of the dictionary attack word list similarly changing a single alphabet or a single character in a dictionary word does not make it Brute Force instant considering there are already algorithms present that can counter this tactic using the same character multiple times in a password also reduces the strength and makes it easier to crack for hackers apart from using single characters multiple times following patterns that are present on this traditional English keyboard such as e w t y or the line below the main alphabet such as the ZX cvbnm Etc make it easier to guess since these are once again common combinations that are present in word list already finally the most important part being not using personal information such as birthdays addresses and other important information in the passwords more often than not if a hacker is trying to break into your account there has been some amount of research done be via social media or any other medium if they have already this inform present with them breaking into your account becomes all the more easier now that you understand how to create strong password look at how pass phrases have become prevalent as a replacement for plain text passwords a passphrase is a sentence-like string of words used for authentication that is longer than a traditional password easy to remember and difficult to crack typical passwords range on an average from 8 to 16 characters while pass phrases can reach up to 100 characters or more using a long fast phrase instead of a short password to create a digital signature is one of the many ways that users can strengthen the security of their data devices and accounts the longer a passphrase is the more likely a user is to incorporate bits of entropy of factors that make it less predictable to potential attackers as more websites applications and services increase the user security requirements apostas is a fast and easy way to meet these CR criterias let's take a look at some of the advantages that pass phases have over common passwords past phrases are simpler to remember than just a random assortment of symbols and characters it's easier to comprehend a line from your favorite song or a quotation than a short but difficult password passwords are reasonably easy for humans and robots to guess or crack online thieves have also Advanced and created Cutting Edge hacking tools to crack even the most complex passwords passphrases are nearly hard to crack since most efficient password cracking programs fail at approximately 10 characters as a result even the most sophisticated cracking tool will be unable to guess brute force or pre-compute these passwords complies with password setting rules with ease are passphrases the usage of punctuation and upper and lower case password satisfy the password complexity criteria most operating systems and apps support passw phases phases of up to 127 characters are permitted on all major operating systems including Windows Linux and Mac as a result for optimal protection you can use lengthier pass phrases but when creating a strong password the major problem people come across is remembering these passwords or the pass phrases this is where you can find a use for a password manager when you establish accounts or change passwords password man managers generate new strong passwords and they keep all of them in one place protected by a single strong master password if you maintain your master password the manager will retain everything else including your username and pass phrases and fill them in for you whenever you sign on to a website or app on your computer or phone there is no good memory needed for this this implies that everyone may use the most recent suggestions for strong passwords such as extended phrases symbols grammar and capitalization password managers enable consumers to write a single master password and automatically feel each website with their own unique set of credentials and not just passwords credit card information may be stored securely with several password managers some others make multiactor authentication or use a second test such as answering a question once the correct password is input which is a simple and effective solution to verify legitimate login inputs among the global players and password managers services like bit Warden keas and Ashlin have been running for years now and a very worthy recommendations if you want to get started with password management now that we understand what is hacking let's take a look at some points to know whether our system is already hacked or not the first point regarding how to check whether a system is hacked or not can be cases where the system security is Switched Off by unknown means and it is not visible to the user this is one of the most primary checkpoint to know if our system is hacked or not next point to check whether a system is hacked or not would be frequent antivirus software failures which are due to the interference from hacking attempts performed by a professional hacker or a cyber criminal then we also face problems regarding systems reaction speed which is affected due to the execution of unknown applications in the background of the system which also affects the hardware resources in the device next we also face problems regarding passwords which are no longer working or are changed without a user's Intervention which might indicate that there was some unknown hacking activity that took place in our account let's take a look at some more points regarding the topic there are often cases when the systems cursor move on its own and perform tasks indicating that the system is being used by someone else using an illegal hacking method there are also cases when we often see files and folders being created in the storage disk on the system which is unknown to us to better understand the points regarding how to identify whether our system is hacked or not let's take a look then let's start with the first point if we want to check whether our system is hacked or not the first point would be to choose the settings option and using privacy and security and moving on to the Windows security this option that is available on our system allows us to see various protection applications that are available on the system if we see any problem regarding any one of them for example opon browser control in my system it says there's a problem with it which might be due to hacking attempts that was done on my system now let's take a look at the other option how we can check whether our system is hacked or not that would be checking the antivirus software that is installed in our system if you face problems regarding that this might be the issue according to my antivirus software it says my computer is at risk this might be due to the interference from a cyber criminal or a hacker while using different illegal softwares during its hacking attempt then there are also cases where we see there are unknown programs being executed in the background of our system which we can take a look using the task manager software using the task manager we can take a look at each and every application that is being executed in the system and see the origin if we find any unknown program or application we can assume that it might be due to a hacking attempt moving on if we want to check further whether our system is hacked or not we can check for files or folders that are being created unknown to us for example this unknown folder which contains some security details that are unknown to me this might be also due to a hacking attempt by a hacker or a cyber criminal then there are also cases when the system's cursor move on its own and perform task that are not initiated by us and performs copying of different folders or data from one file to other this is due to a hacking attempt that was done on a system and the hacker has taken control of a system then there are also cases regarding login issues or password problem for example if I want to access into my account and there's a problem with the password it might be due to the attempt of hacking into my account by a professional hacker seems like there's a problem with the username which means there was a hacking attempt by a professional hacker we can further check hacking attempts by accessing our web browser and checking whether there's some extra add-ons or unknown add-ons that wasn't installed by us this might also indicate a hacking attempt on the system now that we are clear about how to check whether a system is hacked or not let's take a look at some of the counter measure against hacking let's begin the first point regarding how to avoid hacking is do regular manual Security checks and keep the system security upd ated using certified antivirus softwares is a basic counter measure against hacking attempts and if possible visit only secure websites for surfing on the Internet or use VPN or other Internet Security applications to mask your systems Network to avoid any hacking attempts for the device then we have avoid clicking on random web popups and ads to avoid Hackers from getting into a system and accessing a device data and lastly use strong passwords or complex passwords for your login details applying these counter measures we can avoid hacking to a certain extent the concept of instant messaging crossed into the mainstream in the 1990s allowing friends acquaintances colleagues and like-minded thinkers from all over the world to connect in real time since then instant messaging has evolutionized how we communicate and today over a billion people are signed up for at least one messaging app the present instant messaging experience is seamless and it intuitively integrates features like video photos voice e-commerce and gaming with plain old messaging among these apps WhatsApp has comfortably found its place among the most popular messaging platforms like everyone associated with the internet a matter of security is never far away considering the huge user base of this messaging app hackers are always on the lookout for compromised accounts to grab today we are going to cover some of the ways we can protect our WhatsApp account from falling into malicious hands we start by learning about the importance of security when it comes to WhatsApp and instant messaging apps in general next we cover some of the most important steps that should be followed in order to protect our WhatsApp accounts from hackers finally we learn what we should do when a WhatsApp account gets compromised let's start by learning why we need to focus on the safety of WhatsApp in the year of 2020 the big news was about Amazon CEO Jeff Bezos and his phone being haed by Saudi Arabia a report coming from the guardian suggested that bezos's phone was hacked via a video file sent on WhatsApp the report said that BOS mobile phone was hacked by Saudi Arabian prince in the year 2018 and gigabytes worth of data was stolen from the device while there are some issues being raised about the report with states with the medium to high confidence that Jeff bizo phone was hacked it does raise a security fear for regular users after all if the phone of one of the world's most powerful men can be hacked the same can happen to any one of us as well when it comes to regular users we exchange messages with our loved ones regarding a paradigm of topics the information which may seem trivial initially can later function as ammunition for a campaign regarding identity theft basic information like preferred Banks occasional dining places can go a long way in Social Engineering attacks further increasing the need for secure messaging habits WhatsApp uses endtoend encryption to protect all communication on its platform these encryption keys not only make it impossible to decrypt messages but they also prevent third parties and even WhatsApp from accessing messages or calls but not entirely although n2n encryption makes WhatsApp more secure than other communication apps no app is 100% safe to use like any application or digital device WhatsApp is often targeted by Bad actors it also has access to your contacts and tracks where and how long you use it putting your privacy and personal information at risk we all have access to our cell phones so it's no surprise that sms2 factor authentication is one of the most widespread types of MFA available you don't need any apps or digital keys and it's not tied to a specific ecosystem unfortunately it's also not a secure multiactor authentication method the nature of SMS itself opens up your organization to a host of risk hackers may have many ways to leverage SMS to find a way into your accounts and network be it via spoofed SIM cards or message hijacking WhatsApp TFA using SMS isn't a foolproof solution now that we understand the variety of reasons why WhatsApp needs extra security let's go through some of the ways we can achieve this it is more than probable that one fine day you might receive a WhatsApp message or even an SMS that reads that your order is delayed please check its data here or your account is locked and please unlock it here or even some tempting messages like win free 3G and movie tickets here some of them may sound intimidating and some of them may be lucrative but they all have one purpose to trick you into clicking that link and once you do that it's already over it will install malware on your phone and you won't have a clue about it only when you start noticing that your phone bills are abnormally high or your bank account has been used without your permission the realization will Dawn upon you that something is wrong with your phone but by then it may be too late WhatsApp in itself provides various privacy options to users the messaging platform provides users with option to choose who they want to share their profile photo status and other details with it's a good idea to change the settings to contacts only this means only phone numbers that are saved on your smartphone will be able to see your profile photo status phone number and autod delete status as well make sure you enable the option to lck the screen every time WhatsApp is closed this will ensure no one else but you can open your WhatsApp account just head to the settings menu privacy and select the screen lock option you will then need to register your fingerprint after the process is completed you will have to scan your fingerprint every time you open the WhatsApp app this adds an extra layer of security the two-step verification works as an extra layer of security and helps WhatsApp users to protect their otps and documents shared through WhatsApp it's very easy to set up a PIN to activate a two-step verification users have to enter it periodically once it is activated WhatsApp will sometimes keep asking users to enter this six-digit passcode users cannot disable this without disabling the twostep verification feature alog together in case users do not provide WhatsApp with an email ID and want to disable twostep verification then the number will be permitted to reverifying messages upon reverifying we often have the tendency to log into WhatsApp web at the office and then leave the account open on the desktop this habit can actually create problems for you someone else sitting on the same PC can access all your chats without you even realizing it it's a good practice to log out from WhatsApp web before leaving the office it just takes a few seconds to login Again by just scanning the code and you're done all WhatsApp users should ensure that the chats are ENT to end encrypted to verify that a chat is end to endend encrypted open the chat tap on the name of the contact to open the contact info screen and then tap encryption to view the QR code and a 60 digigit number WhatsApp andn encrypt deson ensures that only you and your contact can read the messages that are being exchanged and nobody in between not even WhatsApp with the necessary guidelines out of the way let us go to the recommended course of action should our WhatsApp accounts be compromised the first and most important thing that you need to do is report the issue to the WhatsApp support team for assistance make sure that you reach out to the support team through its help test and Report the hacking attempt WhatsApp helps Center will take the shortest time to resolve your issue via email or within the app itself this will help you to take prompt legal action against the hackers if you can't access your email call the support team in some cases the support will deactivate your WhatsApp account and request you to reactivate within 30 days if you don't want it to be deleted completely when someone compromises your WhatsApp account they can now send messages to your contact stating that the company sent your verification code and gain access to the account that's why one of the first things you'll want to do is send a message to your friends and family letting them know that you've lost access to your account this action prevents further exploitation of your account and others another reason you'll want to let your contacts know you have no access to your WhatsApp account is that they may fish for personal information from your banking number to your email address hackers will cleverly attempt to gain as much access to your personal information as possible WhatsApp web is an extension of WhatsApp message messenger over the web that facilitates easy synchronization of our smartphone and personal computer this is the biggest security threat that hackers can easily exploit to get into your personal data over WhatsApp therefore it is highly recommended that you use this WhatsApp feature carefully once you notice that your what messenger has been hacked go to your WhatsApp web and tap or click on the log out from all computers option this will deactivate all the web extensions of your account under unfortunate circumstance where the account recovery doesn't seem likely you can always ask WhatsApp support to delete your account permanently while far from the ideal solution it can act as a failsafe option if you want to protect your personal data at any cost possible you can always open a new account later with the security issues mitigated it's no secret that the majority of our internet usage at the risk of being hacked be it via unsafe messaging applications or misconfigured operating systems to counteract this void of digital secur penetration testing has become the norm when it comes to vulnerability assessment K Linux is an operating system that has become a welln weapon in this fight against hackers a Linux distribution that is made specifically for penetration testers K Linux has layers of features that we will be covering in today's lesson let's take a look at the topics to be covered in this video we start by learning about Ki Linux and a basic explanation of its purpose we take a look at the history history of K Linux from the story of its origin to its current day exploits next we learn a few distinct features of Kali that make it an attractive choice for penetration testers worldwide finally we take a look at the multiple ways we can install K Linux to start a journey in the world of penetration testing let's start by learning about K Linux in general K Linux which is formerly known as backtrack Linux is an open- source Linux distribution aimed at Advanced penetration testing and security auditing it contains several hundred tools that are targeted towards various information security tasks such as penetration testing security research computer forensics and reverse engineering color Linux is a multiple platform solution accessible and freely available to Information Security Professionals and hobbyists among all the Linux distributions K Linux takes its roots from the Debian operating system Debian has been a highly dependable and stable distribution for many years providing a similarly strong Foundation to the Kali desktop while the operating system is capable of practically modifying every single part of our installation the networking components of Kali become disabled by default this is done to prevent any external factors from affecting the installation procedure which may pose a risk in critical environments apart from boosting security it allows a deeper element of control to the most enthusiastic of users we did not get K Linux since the first day how did it come into existence let's take a look at some of its history K Linux is based on years of knowledge and experience in building penetration testing and operating systems during all these project lifelines there have been only a few different developers as the team has always been small the first project was called wopex which stands for white hat npix as can be inferred from the name it was based on the noix operating system as its underlying OS opics had releases ranging from version 2.0 to 2.7 this made way for the next project which was known as wax or the long hand being white hat slacks the name change was because the base OS was changed from noix to slacks wax started at version 3 as a ND it carrying on from warix there was a similar OS being produced at the same time auditor security collection often being shorted to just auditor which was once again using KNIX its efforts were combined with wax to produce backtrack backtrack was based on slackware from version one to version 3 but switched to uban to later on with version four to version 5 using the experience gained from all of this K Linux came after backtrack in 2013 Ki started off using Debian stable as the engine under the hood before moving to Debian testing when Ki Linux became a rolling operating system now that we understand the history and the purpose of Ki Linux let us learn a little more about its distinct features the latest version of Kali comes with more than 600 penetration tools pre-installed after reviewing every tool that was included in backtrack developers have eliminated a great number of tools that either simply did not work or which duplicated other tools that provided the same or similar functionality the Kali Linux team is made up of a small group of individuals who are the only ones trusted to commit packages and interact with the depositories all of which is done using multiple secure protocols restricting access of critical code bases to external asset greatly reduces the risk of source contamination which can cause K Linux users worldwide a great deal of damage as a direct victim of cyber crime although penetration tools tend to be written in English the developers have ensured that Khali includes true multilingual support allowing more users to operate in their native language and locate the tools they need for the job the more comfortable a user feels with the intricacies of the operating system the easier it is to maintain a stronghold over the configuration and the device in general since arm-based single board systems like the Raspberry Pi are becoming more and more prevalent and inexpensive the development team knew that Khali's armm support would need to be as robust as they could manage with fully working installations K Linux is available on a wide range of armm devices and has armm repositories integrated with the mainline distributions so the tools for armm are updated in conjunction with the rest of the distribution all this information is necessary for users to determine if Kal Linux is the correct choice for them if it is what are the ways that they can go forward with this installation and start the penetration testing Journey the first way to use scal Linux is by launching the distribution in the live USB mode this can be achieved by downloading the installer image file or the ISO file from the K Linux website and flashing it to a USB drive with a capacity of at least 8 GB some people don't need to save their data permanently and a live USB is the perfect solution for such cases after the iso image is flashed the thumb drive can be used to boot a fully working installation of the operating system with the cavar that any changes made to the OS in this mode are not written permanently some cases allow persistent usage in live USBS but those require further configuration than normal situations but what if the user wants to store data permanently in the installed OS the best and the most reliable way to ensure this is a full-fledged hard disk installation this will ensure the complete usage of the system's Hardware capabilities and will take into account the up dates and the configurations being made to the OS this method is supposed to override any pre-existing operating system installed on the computer be it windows or any other variant of Linux the next alternative route for installing K Linux would be to use virtualization software such as VMware or virtual box the software will be installed as a separate application on an already existing OS and K Linux can be run as an operating system in the same computer as a window the hardw requirements will be completely customizable starting with the allotted Ram to the virtual hard disk capacity the usage of both a host and guest operating system like K Linux allows users a safe environment to learn while not putting the systems at risk if you want to learn more about how one can go forward with this method we have a dedicated video where Ki Linux is being installed on VMware while running on a Windows 10 operating system you can find the link in the description box to get started with your very own virtual machine the final way to install K Linux is by using a dual boot system to put it in simple words the K Linux OS will not be overriding any pre-installed operating system on a machine but will be installed alongside it when a computer boots up the user will get a choice to boot into either of these operating systems many people prefer to keep both the windows and K Linux installed so the distribution of work and recreational activities is also allotted effectively it gives users a safety valve should their custom Linux installation run into any bugs that cannot be fixed from within the operating system now for the convenience of explanation we're going to install K Linux today on a virtual machine software known as VMware VMware is able to run multiple operating systems on a single host machine which in our case is a Windows 10 system to get started with K Linux installation we have to go to the website to download an image file we go to get Kali and as you can see there are multiple platforms on which this operating system can be inverted as per our requirement we're going to go with the virtual machine section as you can see it is already recommended by the developers this is the download button which will download a 64-bit ISO file we can download 32-bit but that is more necessary for hard metal machines or if you're going to use it for older devices which not support 64-bit operating systems yet after clicking on the download button you can see we have a wi archive which will have the ISO files for now we have downloaded the ISO file and it is already present with me so we can start working on the VMware side of things once the ISO file is downloaded we open up VMware Workstation go to file and we create a new virtual machine in these two options it is highly recommended to go with the typical setup rather than the custom one the custom is much more advanced and requires much more information from the user which is beneficial for developers and people who are well versed with virtualization software but for 90% of the cases typical setup will be enough here we can select the third option which will be I will install the operating system later in some operating systems we can use the ISO file here directly and VMR will install it for us but right now in the case of K Linux the third option is always the safest K Linux is a Linux distribution so we can select Linux over here and the version as you can see here it have multiple versions such as the multiple kernels every distribution has a a pent distribution for example K Linux has Debian and there are other distributions which are based or for from some parent distribution kinus is based of Debian so we can go with the highest version of Debian which is the Debian 10. X 64bit go on next we can write any such name we can write K Linux so that it'll be easier to recognize the virtual machine among this list of virtual machine instances the location can be any location you decide to put by default this should be the documents folder but anywhere you put it will hold up all the information R of the operating system all the files you download all the configurations you store everything will be stored in this particular location that you provide when we go next we are asked about the dis capacity this dis capacity will be all the storage that will be provided to your virtual machine of K Linux think of your Windows device if you have a 1 TB of hard drive you have the entirety of the hard disk to store data on how much data you give here you can only store up to that amount of data not to mention some amount of capacity will be taken up by the operating system itself to store its programs and applications for now we can give around let's say 15 GB of information or if it recommended size for Dean is 20 you can just go ahead at 20 it depends all on the user case if you're going to use it extensively you can even go as high as 50 or 60gb if you have plans to download many more applications and perform multiple different tests another option we get over here is storing virtual diss as a single file or storing them into multiple files as we already know this virtual machine run entirely on VMware sometimes when transferring these virtual machine instances let's say from a personal computer to a work computer we're going to need to copy up the entire folder that we had mentioned before over here instead all virtual machines have a portability feature now this portability feature is possible for all scenarios except it is much easier if the split the virtual dis into multiple files now even if this makes porting virtual machines easier from either system to system or software to software let's say if you want to switch from VMware to Virtual box or vice versa the performance takes a small hit it's not huge but it's recommended to go with storing the virtual is as a single file if you have no purposes of ever moving the virtual machine even if you do it's not a complete stop that it cannot be ported it's just easier when using multiple files but in order to get the best performance out of the virtual machine we can store it as a single file over here this is a summary of all the changes that we made and all the configurations that have been settled until now now at this point of time we have not provided the ISO file yet which is the installation file for the K Linux that we downloaded from this website as of right now we have only configured the settings of the virtual machine so we can press on finish and we have K Linux in the list now to make the changes further we press on edit virtual machine settings the memory is supposed to give the ram of the virtual machine so devices with ram of 8 GB or below that giving high amount of ram will cause performance issues and the host system if the memory has some amount of free storage left let's say on idle storage my Windows machine takes about 2 GB so I have 6 GB of memory to provide although if you provide all of the 6gb it'll be much more difficult for the host system to run everything properly so for this instance we can keep it as 2GB of memory for the virtual machine instance similarly we can use the number of processors and we can customize it according to our liking let's say if we want to use One processor but we want to use two different cores we can select them as well hard disk is preset up as the SCSI hard disk and it does not need to be changed for the installation of this operating system at all CD ID DVD this is where the installation file comes you can think of the ISO file that we downloaded as a pen drive or a USB thumb drive which is necessary to install an operating system to provide this we're going to select use ISO image file you're going to click on browse go and go to downloads and select the IMO file over here select open and we can see it is already loaded up next in the network adapter it is recommended to use natat this helps the virtual machine to draw the internet from the host machine settings if your host machine is connected to the internet then the virtual machine is connected as well there are some other options such as host only or custom segments or land segments but those are not necessary for installation rest of them are pretty standard which do not need any extra configuration and can be left as it is press okay and now we can power on this virtual machine in this this screen we can choose how we want to proceed with the installation we have a start installer option over here so we're going to press enter on that we going to wait for the things to load from the ISO file um the first step in the installation is choosing the language of the operating system for this we can go with English AS stand stand this is a location this will be used for setting up the time and some of the internal settings which depend entirely on the location of the user so for this we're going to go with India configuring the keyboard it's always recommended to go with the American English first many people make a mistake of going with the Indian keyboard if it is possible and it provides a lot of issues later on so it's always preferred to go with the American English and if later we see some necessity of another keyboard dialect that is NE required we can install it later but for now we should always stick with American English as a basic at this point it's going to load the installation components from the ISO file it is a big file of 3.6 GB so it has a lot of components that need to be put into the virtual machine which can also be used to detect Hardware once the hardware and the network configuration is done by the ISO file we want to write a host name for the system this host name can be anything which is used to recognize this device on a local network or a land cable let's say if we use the name Kali domain name you we can skip it for now it's not necessary as search for the installation this is the full name for the user let's say we can provide the name as simply learn as a full name next we're going to set up a username this username is going to be necessary to identify the user from its root accounts and the subsequent below accounts for now we can give it as something as simply one to three now we have to choose a password for the user now remember since this is the first user that is being added onto this newly installed operating system it needs to be a password for the administrator we can use whichever password we like over here and use the same password below and press on continue at this point it's going to detect on the components on which the operating system can be installed like here there are multiple options like the use entire dis use entire disc and set up lvm use entire disc and set up encrypted lvm for newcomers it is recommended to just use the first one since lvm encryption is something that you can learn afterwards when you're much more handson with the Linux operating system for now we're going to use the use entire dis guided installation and press on continue when we set up the virtual machine on VMware we had set up a dis capacity that we gave up prose 20gb that is the hard disk which is being discovered here even though it is a virtual dis on VM it acts as a normal hard disk on which an operating system can be install so we select this one and press on continue here there is a multiple partition system all the operating systems that are installed have different components one is used for the keeping of the applications one for the files other forther RAM management and other things for newcomers it is always recommended to keep it in one part and we're going to select that and press on continue this is just an overview of the partition it's going to make as you can see it has a primary partition of 20.4 GB and a logical partition of 1 GB used for swap memory now these kind of naming can be confusing for people who are not well versed with Linux operating systems or in general virtualization but for now you can go ahead and press on continue as this will be fine you can press on finish partitioning and write changes to disk and continue it's just a confirmation page as you can see it's WR that scsi3 is our virtual hard disk of 20gb dis capacity write the changes to the disk we press yes and click on continue at this point the installation has started now this installation will take a while depending on the amount of ram provided the processors provided and how quickly the performance of the system is being hampered by the host machine on quicker systems this will be rather quick while on the smaller ones this will take a while since this is going to take some time to install as it is being run on a virtual machine with only 2GB of RAM we're going to speed up this part of the video so we don't have to waste any more time just watching the progress bar now that our core installation is completed it's asking us to configure a package manager the work of a package manager on Linux operating systems is similar to the Google Play Store on Android mobile devices and on the app store for the Apple devices it's an interface to install external applications which are not installed by default let's say for Google Chrome or any other browser which can be used to browse the internet at this point of time is ask us to select a network mirror we're going to select as yes and move forward with this next it's going to ask us for an HTTP proxy which we can leave it as blank and press it as continue forward at this point of time it's looking for updates to the Kali Linux installation this will fetch the new builds from the Kali server so the installation is always updated to the latest version now that the package manager is configured we have the GRUB boot loader the grub is used for selecting the operating system while booting up its core functionality is to allow the operating system to be loaded correctly without any faults so at this point of time if it ask install the GRUB boot loader to your primary dive we can select this as yes and press continue remember the installation was conducted on dev SDA so we're going to select installation of the ground loader on the same hard disk that we have configured we press this one and press continue so now the graub bootloader is being installed the graub is highly essential because it it shows the motherboard where to start the operating system from even if the operating system is installed correctly and all the files are in correct order the absence of a bootloader will not be be able to launch the OS properly as you can see the installation is finally complete so now we can press on continue and it's going to finalize the changes now you can see K Linux being booted up straight away it doesn't check for the ISO file anymore since the operating system is now installed onto the virtual hard the storage that we had configured before here we're going to enter our username and password that we had set up before and we have the coloru system booted up and this is your homepage we can see the installed applications over here which are being used for penetration testing by multiple security analyst worldwide all of these can pre-installed with K Linux and others can be installed using the AP package manager that we had configured we can see a full name over here and with this our installation of the K Linux is complete hey everyone it's no secret that the majority of our internet usage is at the risk of getting hacked be it via unsafe messaging applications or misconfigured operating systems to counteract this void of digital security penetration testing has become the norm when it comes to vulnerability assessment par security OS is an operating system that has become a well-known weapon in this fight against hackers a l distribution more cater towards penetration testers specifically parent security has layers of features that we will be covering in today's lesson let's take a look at the topics for this video we start by learning about what par security is and why it should be considered as a viable alternative next to K Linux of penetration testers next we take a look at the minimum system requirements necessary to obtain Optimum performance from an installation of par security moving on we learn about some unique features that make parad stand out among the multiple ethical hacking operating systems available on the market and finally we look at the multiple ways that par security OS can be installed be it on a single system or for portable media so let's start out by learning what parot security is parat is a Debian based Linux distribution with an emphasis on security privacy and development it is built on debian's testing branch and uses a custom Harden Linux kernel while being founded in 2013 par security contains several hundred tools targeted towards various information security tasks such as penetration testing security research computer forensics and reverse engineering it has become a multi-platform solution accessible and freely available to Information Security Professionals and hobbies it features a distinct forens six mode that does not Mount any of the system hard diss or partitions and has no influence on the host system making it more stealy than regular mode this mode is used on the host system when there is a need for executing forensic procedures in software development a rolling release is a paradigm in which software upgrades are rolled out constantly rather than in batches of versions this ensures that the software is constantly up to date rolling release distribution such as parro security OS follows the same concept providing the most recently kernel and software versions as they become available on the market with the basic introduction to the operating system out of the way let us have a look at the bare minimum system requirements necessary to be able to run this operating system first up we got a CPU requirement which states that a 1 GHz dual core CPU is the absolute minimum in order to use bar OS while multiple core systems will provide more Optimum performance a small beginner has been included a very distinct thing to be noted is that the operating system can be installed on all variance of chipsets be it 32-bit 64-bit and the newly popular armm portfolio of devices unlike K Linux which requires some amount of graphical acceleration needed to display the operating system correctly paratos has no such requirements and can be used with the leanest of machines taking into account the ram issue a minimum of 256 MB to 512 MB free Ram provides the optimum usage scenarios even when the OS is installed on a hard drive storage media it should theoretically occupy around 8 GB of information which may extend up to 16 GB depending on the tools being installed out of the box when it comes to booting options we have the option of going with the Legacy BIOS settings or with the more modern ufi settings these are just some of the requirements for the installation of par security OS to understand this process more vividly and to learn how visualization can help install an OS in our existing computer please follow the link to a parate security installation video linked right above let's understand what some of the things that make parot security unique among all the other penetration testing operating systems along with all the giant catalog of scripts parent security has its own custom hardened Linux kernel which has been modified explicitly to provide as much security and resistance to hackers as possible as a first line of defense the configurations in the operating system act as a second Gateway taking care of militia's requests and dropping them off this is particularly beneficial since should there be a scenario where the latest Linux kernel is causing some particular issue the parat development team will most likely iron it out first before passing it on as an update the custom Harden kernel wasn't reasoning enough parent security developers managed to install more hacking tools and scrip scripts to ensure a smooth transition for the Gali Linux users all the tools you found in Gali are present in parto and then a few extra ones for good measure this has been achieved while keeping roughly the same size of the installation file between both operating systems however it's not all productivity points for parro OS they provide a choice between two different desktop environments the made desktop which comes pre-installed by default n KDE for those unfamiliar with Linux ter mology you can think of desktop environments as the main UI for a Linux system being highly modular in nature one can use K Linux or parat while adding another DT of environment which they find appealing while Kali has only a single option parat has managed to provide two optimized bills with made desktop and KD desktop readymade on the website one of the primary advantages of parat os over Kali is that it's relatively lightweight this implies that it takes frequently less disk space and computing power to function properly with as little as 320 MB of ram required in reality parat OS is also designed to operate successfully of a USB stick but Kali leux does not work well from a USB stick and is generally installed in a virtual machine parat can be seen as more of a niche distribution if you're searching for something lighter than K Linux there are multiple ways to go about with this installation many people prefer to install it directly onto a hard disk where the parro security OS will override whichever data the hard disk already has now this is beneficial if you want to preserve your data for the longterm but this might pose some trouble to people who do not have a spare hard disk or do not want to lose their current installation of Windows operating system another way to use par security is by using the live boot but whatever changes you make to the live boot operating system those changes are removed the moment we restart or shut down the system a very good common ground between both these installations is virtualization using virtualization software like VMware or virtual box we can install parad security on our systems while simultaneously saving our data and having the convenience of a host machine such as a Windows operating system in case things go wrong to start the installation we first need to get a ISO file for the parat security operating system this can be found on the current website parats sec.org once we enter the website move into the download section and select the get security Edition over here par security OS has multiple desktop environments to you to choose from these desktop environments serves as a different user interface for the user for example right now we have the M desktop and the KDE desktop as you can see from the screenshots both of these look quite different while having a similar look and feel to them for our example let's go with a M desktop we have two options either we can go with the direct download or we can get the torrent file for this example if you press on the download button and our download will start I have already downloaded this file but the ISO file provided over here will serve as an installation it will have around 4 and2 GB of space it will be used to install this operating system in v mware once the file is downloaded we can close this and open VMware Workstation VMware can also be used as a player version or the Workstation version if you have much more familiarity with using virtual box of virtualization application we can use that as well once the VMware is open we click on file and select a new virtual machine for the first time installation we're going to go with the typical and recommended installation procedure instead of an advanced one if you have already installed multiple virtual machine oses going with the advanced option will give you much more control over the hardware customization but for now we're going to stick with the typical option moving on it will ask us for a source to where to install the operating system from since we're going to use a live ISO first we're going to select the third option which will be I will install the operating system later and press next as we already know parent security is a deban derivative so When selecting the guest operating system type we're going to go with Linux and in the selection we're going to choose whichever the highest version of Debian is along with the 64-bit OS we're going to click on next we're going to name our virtual machine let's say par security OS we're going to select the location where we want to save the the virtual machine this will have all the hard disk of the operating system installation we're going to click on next for the disk size we're going to specify how much of the current memory are we going to allocate this is the hard disk memory of the operating system installation whatever changes we make in the operating system whatever applications we install on the virtual instance will all be stored in this amount of memory while it is recommended to go with at least 15 GB of storage you can go as high as as possible and we're going to select the recommended 20gb as written when given the choice of storing the virtual dis as a single or multiple files many people want to keep their virtual instance in a way so that it helps them stay portable people change systems and sometimes they want to swap their instances between the work and their personal computer if there is no portability in mind storing the virtual dis as a single file gives the best performance and should be the recommended goto when install in for the first time we click on next here and it's going to give us a summary of the settings we have already settled till now we're going to press on finish and there we go we have our installation First Step completed here on out we're going to click on edit virtual machine settings here we're going to have a look at some of the requirements that the parot security OS will need it is known to be a memory lightweight operating system but just to have the most Optimum performance we're going to provide around 2 GB of RAM from our host system which is a Windows 10 machine when it comes to the processors I'm going to increase it to two and the number of goes to two as well so giving out a total four processor CES to the operating system now this depends on what are your computer rig and how much resources you can justify so these need to be customized according to the system at hand hardest size has already been set at 20gb and the rest of them are pretty standard and we can go on one thing that we need to make sure is selecting the CD DVD IDE here we have to use a ISO image file over here previously it should be used physical drive and at Auto detect we're going to use a use ISO image file over here we're going to click on browse we're going to go to where we have downloaded the ISO file which is over here and select it press okay here and we can now power on this virtual machine at this point of time there are two options we can go with the try install option using the graphical user interface or we can go using the terminal mode to get a better user experience we're going to go with the try install mode specifically present and it's going to start the live boot ISO meanwhile vmw has an prompt over here where it will try to install some VMware tools on it while this is not mandatory it is much more recommended to install these tools so that you can get some additional features like drag and drop with the host system and many more things for now we're going to close this prompt as you can see this is the live boot ISO of the parro security operating system currently it's running the mat desktop as we have downloaded in the website the live boot ISO is necessary to get a good feel of the operating system there are many good l D that have this live boot option so that you can give a try of the operating system before installing it permanently once you into the live board we can start up with the installation using the shortcut as you can see install parot going to double click it and this is the calamaras installer choose your languages American English and press next you can select your time zone according to your location and we can go next at this point of time you have to choose the correct keyboard now what many people go get confused is choosing their own language keyboard what people must keep in mind is what keyboard the laptop provides most of the systems that come pre-build provide the English US keyboard so whatever keyboard you choose make sure to type here and test that all the buttons including the superscript and the subscript buttons are working correctly before moving forward with this step once you settled on the keyboard that you need to install can go ahead here it will ask you to select storage device and the only option you're going to get is the amount of hard disk storage you have given in the virtual machine settings we have already provided 20gb of storage we're going to choose that and we're going to erase this disk manual partitioning can be useful when you're going to install parad security on an operating system or on a hard disk where it is already including a Windows OS for now we're going to select erase disk and press next we're going to give our full name Let It Be simply learn you can give the name of the computer and this is the username which we will use to login this is your root password that we going to give over here the root password of this C Linux will act as the administrative access and it will be necessary for making changes to the system or installing and updating software enter the password and repeat it over here you have the option to login automatically without asking for the password but for security purposes it is it is recommended to keep this disabled click on next this is another summary of the installation that we're going to move forward with have a look that whatever changes we have made is according to your requirements and once everything is checked we can press on install click on install now and we're going to let it complete the work as you can see the installation of parro security is now completed we're going to make sure that we have the restart Now button over here disabled I'm going to click on done we're going to shut down this live boot ISO going to click on menu turn off the device and shut down we're not restarting straight away because if you remember correctly in the virtual machine instance settings we had given it an ISO file please remove the live medium and press enter to continue we can just press enter to continue and it's going to shut down now to move on we're going to click on edit virtual machine settings going to CD DVD and we're going to use physical drive now we're going to remove it from the iso image file because the installation has already been completed and we don't want to use the same ISO file again and again by using physical drive over here it's going to detect the 20gb hard disk that we have already provided and installation is done on it going to press okay and we're going to power on this virtual machine for testing make sure this you click e s over here this is the grub menu at this we get different choices for example which NVIDIA drivers off or with some other Advanced options more often than not we're going to choose the first option and press enter if you remember clearly we did not get the option of try install or a terminal run just like we did in the live boot ISO since this is running straight from the 20gb hard drive storage it's going to start the OS directly now with the login screen you can see our username over here as we provided in the installation we're going to enter our root password and press enter and this is a currently working desktop of the par security operating system we can open the terminal over here and we're going to try a root password and installation to install any software we're going to use the keyword Pudo APD install and Neo fetch we're going to use the root password that we use to log in going to press y for yes this is just an additional step that we're doing to check that the installation is done correctly with the correct amount of Hardware requirements that we had provided now that we have installed neof fetch we can write the command new Fetch and this is going to give us some information about our installation you can see the OS name as parro OS 4.11 it's running on a VMware host it's the kernel versions and some of the other information like the number of packages installed the current shell version resolution of the BMW instance that we are running the desktop environment which is made as we had downloaded once and some other things you can see the memory is supposed to be 1951 MB which is supposed to equal around 2 GB of RAM usage that we had provided K Linux and parat Os are two popular penetration testing distributions while these operating systems each have unique offerings the overall Choice can differ between Personnel thanks to the various tools and Hardware specifications today we will look at both these distributions and settle on the perfect choice for each type of user let's go through the agenda for this video we will learn about K Linux and pirate security Os from scratch while understanding their primary selling points as a Linux distribution catered towards penetration testers next we know about some features of these operating systems that stand out of their package finally we directly compare K Linux and Par security OS thereby making a clear-cut conclusion on which OS is perfect on a per requirement basis so let's start by learning about K Linux from a ground level K Linux which is formerly known as backtrack Linux is an open- Source Linux distribution aimed at Advanced penetration testing and security auditing it contains several hundred tools targeted towards various information security tasks such as penetration testing security research computer forensics and reverse engineering K Linux is a multiplatform solution accessible and freely available to Information Security Professionals and hobbyists among all the Linux distributions K Linux takes its roots from the Debian operating system Debian has been a highly dependable and a stable distribution for many years providing a similarly strong Foundation to the K Linux desktop while the operating system can practically modify every single part of our installation the networking components of K Linux come disabled by default this is done to prevent any external factors from affecting the installation procedure which may pose a risk in critical environments apart from boosting security it allows a more profound element of security control to the most enthusiastic of users now let's take a look at par security operating system paret security OS is a Debian based Linux distribution with an emphasis on security privacy and development it is built on the demian's testing branch and uses a custom Harden Linux kernel par security contains several hundred tools targeted towards tasks such as penetration testing computer forensics reverse engineering and security research it is seen as a generally lightweight distribution that can work under rigorous hardware and software specifications it features a distinct forensics mode that does not Mount any of the systems hard discs or partitions and has no influence on the host system making it much more stealthy than its regular occurrence this mode is used on the host system to execute forensic procedures a rolling release is a paradig in which software upgrades are rolled out constantly rather than in batches of versions and software development this ensures that the software is constantly up to date a rolling release distribution such as parot security OS follows the same concept it provides the most recent Linux kernel and software versions as soon as they become available with a basic introduction to the operating systems out of the way let us take a look at the unique features of both K Linux and parat security OS the latest version of K Linux comes with more than 600 penetration tools pre-installed after reviewing every tool included in backtrack developers have eliminated a significant number of tools that either simply did not work or duplicated other tools that provided the same and similar functionality the K Linux team comprises a small group of individuals who are the only ones trusted to commit packages and interact with the repositories all of which is done using multiple secure protocols restricting access of critical code bases to external assets dramatically reduces the risk of source contamination which can cause SC Linux users worldwide a great deal of damage as a direct victim of cyber crime although penetration tools tend to be written in English the developers have ensured that Kali includes proper multilingual support allowing more users to operate in the native language and locate the tools they need for their job the more comfortable a user feels with the intricacies of the operating system the easier it is to maintain a stronghold over the configuration and the device in general since arm-based single board systems like the Raspberry Pi are becoming more prevalent and inexpensive the development team knew that Khali's armm support would need to be as robust as they could manage with fully working installations Ki Linux is available on a wide range of armm devices and has armm repositories integrated with the mainline distribution so the tools for armm are updated in conjunction with the rest of the distribution let's take a look at some of the features of parat security operating system now along with the giant catalog of scripts parro security OS has its own hardened Linux kernel modified explicitly to provide as much security and resistance to hackers as possible in the first line of defense the configurations in the operating system act as the second Gateway taking care of malicious requests and dropping them off this is particularly beneficial since should there be a scenario where the latex Linux kernel is causing some particular issue the paratos development team will most likely iron it out first before passing it on as an update if the custom hardal kernel wasn't recent enough parent security developers managed to install more hacking tools and scripts to ensure a smooth transition for the Kali Linux users all the tools you find in Kali are present in parent to us and a few extra ones for good measure and this has been achieved while keeping roughly the same operating system size between both of them however it's not all productivity points for pirate OS they provide a choice between two different desktop environments mate which comes pre-installed by default and KDE for those unfamiliar with Linux terminology you can think of desktop environments as the main UI for a distribution being highly modular in nature one can use parent security OS while adding another desktop environment that they find appealing while K Linux has only a single opt option par security has provided two optimized bills with M desktop and KD desktop one of the primary advantages of parro os over Kali Linux is that it's relatively lightweight this implies that it takes significantly less disk space and computing power to function correctly with as little as 320 MB of ram required in reality paratto is designed to operate successfully off a USB stick but K Linux does not work work well from a USB Thrive and is generally installed in a virtual machine paratos is more of a niche distribution if you're searching for something lighter than K Linux features are great but what about Performance Real World metrics let us compare both these operating systems directly with respect to their Hardware specifications and usability in the end we can decide on what distribution is fit for each type of user for our first point of comparison let's take a look at the ram required for Optimum performance of the operating system which is highly essential when trying to crack hashes or something of similar nature RAM usage is a very important facet while khux demands at least 1 GB of RAM par security can operate optimally with a minimum of 320 MB of RAM for correctly displaying graphical elements K Linux requires GPU based acceleration while this is not the case with parent security OS which doesn't require any graphical acceleration needed from the user side once these operating systems are installed on VMware using the live boot isos they take up a minimum amount of hard dis storage both of these operating systems have a recommended dis storage of minimum of 20 GB in K Linux and a minimum of 15 GB in parro security so they can install all the tools necessary in the ISO file when it comes to the category and the selection of tools K Linux has always been the first in securing every single tool available for hackers in the penetration testing industry parro Security on the other hand has managed to take it up a notch while specializing in Wireless pen testing par security makes it a point that all the tools that K Linux provides has been included in the iso while simultaneously adding some extra tools that many users will have to install from third party sources in K Linux being a decade old penetration testing distribution K Linux has formed up a very big Community with strong support signature par Security on the other hand is still growing and it is garnering much more interest among veteran penetration testers and ethical hackers a primary drawback of K Linux is the extensive Hardware requirement to perform optimally it requires higher memory than parro security it also needs graphical acceleration while demanding more virtual hard disk Storage parro security on the other hand was initially designed to run off a USB drive directly thereby requiring very minimal requirements from a hardware perspective like just 320 m of RAM and no graphical acceleration needed this means parro security is much more feasible for people who are not able to devot massive resources to either their virtual machine or on their laptop hard disk directly with the comparison down between both of these operating systems let's take a look at the type of users both of these are catered to one can go with K Linux if they want the extensive Community Support offered by its users if they want to go with a trusted development team that have been working on this distribution since many years if they have a powerful system which can run K Linux optimally without having to bottleneck performance and if they are comfortable with a semi-professional environment which may or may not be very useful for new beginners one can decide to go with par security if they want to go with a very lightweight and lean distribution that can run pretty much on all systems it also has a lot of tools PR inst and some of them are not even present on G Linux it is much more suitable for underpowered DS where users do not have a lot of Hardware resources to provide to the operating system and thereby it is much more feasible for people with underpower laptops or no graphical acceleration compared to K Linux parent Securities desktop environment is also relatively easier to use for new beginners for people who are just getting into ethical hacking par security does a relatively better job of introducing them to the operating system and to the various toools without having to dump them into the entire intricacies with ethical hacking and penetration testing becoming mainstream in corporate environments trained personnel and relevant equipment are in high demand the right software framework can be the Tipping Point in a hacking Campaign which deals with intricate Hardware one such tool that has become a main state for decades is nmap when comes to scanning machines for open ports and services nmap has always been the first choice for hackers being lightweight and open source nmap has strong Community backing and receives regular updates let's take a look at the topics to be covered today we start by learning about the different phases in ethical hacking and where nmap is most valuable to ethical hackers we learn the basics of handmap and its purpose during a penetration testing campaign next we take a look at the top level up approach of nmap as a scanning tool and how it conducts these scans on host machines moving on we covered the multiple modes and types of scans that can be performed using nmap on unsuspecting users we also look at some Alternatives that users can prefer if nmap is not something they are comfortable with while a live demonstration of the powers of nmap will help in shedding light on the topics being taught today let us first understand where and why and map is essential there are essentially five phases in ethical hacking the reconnaissance phase is the first phase of the penetration test here the security researcher collects information about the target it can be done actively or passively or both it helps security firms gather information about the target system Network components active machines Etc this activity can be performed by using the information publicly available and by using different tools the scanning phase is more tool oriented rather than being performed manually the tester runs one or more scanner tools to gather more information about the Target by using various scanners such as war dialers port scanners Network mappers and vulnerability scanners the penetration tester collects as many vulner abilities which help in turn to attack a Target in a more sophisticated manner in the gaining access phase the penetration tester tries to establish a connection with the Target and exploit the vulnerabilities found in the previous phas the exploitation may be a buffer overflow attack denial of service attack session hijacking and many more basically the penetration tester extracts information and sensitive data from the servers by gaining access with different tools in the maintaining access phase the penetration tester tries to create a back door for himself it helps him to identify hidden vulnerabilities in the system while allowing him to come back to the system to retrieve more data further on in the clearing tax phase the tester tries to remove all logs and Footprints which might help the administrator identify his presence this helps the tester to think like a hacker and perform corrective actions to mitigate those activities nmap is most beneficial in the early stages of ethical hacking where a hacker must figure the possible entry point to a system it is necessary to know this before running the necessary exploits thus allowing the hackers to leverage any insecure openings and breach the device so the reconnaissance and the scanning phase are the points where nmap finds the most use let us now understand what nmap is from a Layman's perspective nmap which stands for network mapper is a free and open source utility for network discovery and security auditing many systems and network administrators also find it useful for tasks such as Network inventory managing service upgrade schedules and monitoring host and service up time the program is most commonly used via a command line interface and is available for many different operating systems such as Linux free PSD and gento it is most beneficial in the early stages of ethical hacking where a hacker must figure the possible entry point to a system before running the necessary exploits nmap was developed for Enterprise scale networks and can scan through thousands of connected devices however in recent years nmap is being increasingly used by smaller companies as well nmap uses raw IP packets in novel ways to determine what hostes are available on the network what services these host are offering what operating systems they are running what type of packet filters and firewalls are in use and dozens of other characteristics it was designed to rapidly scan large networks but works fine against single host as well the rise of the iot in particular now means that networks used by these companies have become more complex and therefore harder to secure since every application that connects to a network needs to do so via a port the wrong port or server configuration can in a can of worms that leads to a thorough breach of the system the recent emergence of iot Bot Nets like meai has also simulated interest in an map not least because of its ability to interrogate devices connected via the UPnP protocol but also to highlight any devices that may be malicious now that we understand what nmap is let us take a look at the workflow of how an ethical hacker uses this tool in penetration testing at a practical level nmap is used to provide detailed real-time information on your networks and other devices connected to them we have the hacker running nmap on a system with a victim machine running a standard installation of the operating system be it Windows Mac OS or Linux the nmap interface will send specially crafted package to generate some reply from the victim machine the victim machine in return will send some information back to the nmap host with replying some of the services and host that are being run on the computers nmap allows the Network admins to find which devices are running discover some open ports and other services this in turn help discover the vulnerabilities and the possible entry points for hackers to breach into we are now aware of how nmap works on a basic level but there are many varieties of cans that users can run on local machines let's take a look at some of them the Ping sweep is a simple type of nmap scan where it pings to all the available IP addresses to check which IPS respond to icmp protocol if the users need to know only the number of IP addresses and not many details the Ping sweep is very useful it's fast and hence the results to be known are fetched very easily the SN scan is the most useful type of end map scan which does work very quietly it sends an SN packet via the TCP protocol or the transfer control protocol to all the intended ports if an acknowledgement pack is received to the system it is sure that a port is open there no response means that the port is either closed or not available here the acknowledgement pack is not sent back to the system assuming that the connection is not valid the scan is not shown in most of the scan logs and hence it is safe to use SN scan to identify the open ports the TCP connect scan is similar to SN scan in many aspects as it uses the TCP layer to send packets and is passed to all the ports here the difference is that the full connection is done by setting the acknowledgement back itss back the logs can easily find the TCP scan and need more power from the machines to do the work but it is more accurate if all the accesses related to the OS are available to the user it is better to do a TCP scan than an SN scan as all the low-level and highle accesses are required for the scan the network is also loaded more and hence users must be careful about overloading the system and the networks the idle scan is really used to check whether any malicious attacks are planned on any particular Network users need not control the external host but an IP address and a port should be given to the same all of requirements are taken from the scanner itself the RPC scans or remote procedure calls are done by hackers to make the system vulnerable to virus attacks it is thus necessary to know whether our systems answer such calls and make our system open to malware RPC scan is done to check this by finding the ports open with with certain commands being run by RPC the windows scan is a simple scan where the application scans the acknowledgement packets received from the ports once the SN packets are sent if there are any abnormalities in the AK packets received the scan reports the same and helps in recognizing which ports are functioning in a different manner the bound scan is used to check the security in the file transfer protocol layer FTP layers mostly do not accept any packets and once it is rejected from the FTP layers there are chances that it might be sent to an internal layer so that it can access the internal machines bounce can check this loophole by doing exactly the same process and identifies whether our FTP layer is open to vulnerability or not the F scan is similar to SN scan where the system that sends the packets receives the response back and it will be mostly be a tcpf packet if the system sends an RSD packet it is a false alarm and users need not be worried about the same the null scan is useful for other systems than Windows where the systems can easily identify what kind of packets they have received and respond back with either TCP packets are null responses null scans are not useful for Windows as they may not always produce the desired results when it comes to looking at Alternatives there's a wide range of free network monitoring utilities as well as free open source vulnerability scanners available to network administrators and security Auditors what makes nmap stand out as a tool it and network security managers need to know is its flexibility and power there are some alternatives to nmap but most of them are focused on providing specific Niche functionality than the average system administrator does need frequently M scan for instance is much faster than nmap but provides less detail in reality however nmap provides all the functionality and speed that the average user requires especially when used along with other similar tools like netcat which can be used to manage and control Network traffic and zenmap which provides a graphical user interface for nmap but as an allrounder solution to network scanning nobody can go wrong with nmap as their tool of choice let's now take a tour of nmap based on all the things we have covered today in this live demonstration we start by learning on how to install nmap on a fresh operating system that doesn't come pre-installed with the tool we also cover the different types of scans that can be run on local machines along with checking multiple inference an ethical hacker can gather based on the scan output of an nmap screen finally we run scans on vulnerable machines to get an idea of how to proceed with the outputs We Gather using this tool if getting your learning started is half the battle what if you could do that for free visit scaleup by simply learn click on the link in the description to know more the first step in our demonstration is installing nmap now it depends heavily on what Linux distribution you're going to use used to perform ethical hacking right now I'm using parot security operating system if you're not aware of what parot security is or even what K Linux is we highly suggest that you check out the videos of those two operating systems on our YouTube channel so that you can get a fair idea of what they serve now if you are using any of these two operating systems nmap should come pre-installed by default to check if nmap is pre-installed or not you can just press on applications over here here go to the pen testing section go to this information gathering Tab and you should be able to see nmap right here now let's say you do not have nmap pre-installed maybe you're using a Linux distribution like Ubuntu or Linux Min or something that is based on depan operating systems one thing you have to make sure that nmap should be in the distribution repository once you check that or even if you do not know if it is present you can just this command should be Pudo which is to give root permissions for installation a AP is the package manager of all Linux distributions that are based on Debian that goes for Debian stable ubu Linux Min K Linux par security and anything of that nature AP is the package manager which handles the installation and removal of applications in these specific operating systems once you here just write install and end map press enter and it's going to ask you for the root password that you said when you install the operating system in the first place enter your root password and press enter again as you can see it's saying that nmap is already installed the newest version since I'm running parro security operating system now should you be running this operating system or even K Linux you should receive a similar message and the installation is already done if you are using some other distribution let's say even black o Arch Linux or Manjaro anything like that the installation steps will be slightly different this pseudo AP install nmap command is for distributions that are derived from Dean and ubu if you want to install in Arch Linux based distributions you have to use their package manager which is known as pamac but that is for a different step and if you want to get an ethical hacking the best way to start is by learning either K Linux or par security now that the installation is done we're going to learn how to use nmap one of the most basic functions of nmap is to identify active hosts on the network we can do this by using a ping scan the ping scan identifies all of the IP addresses that are currently online without sending any packets to these hosts now to run the ping scan we're going to tr and map the flag we're going to mention over here is sp now these flags are the different traits of the N map scan depending on what flag we use we can send different kinds of requests to the host that we are scanning now before moving forward with this let me open another terminal over here and check the IP address we're going to write the command if config and find the Subnet in which this system is present as you can see the IP address is 192.168 72131 now this operating system is being run on a virtual machine software known as VMware the VMware in itself is running on a Windows 10 operating system considering they are now a part of the local network this IP address is of parro security and the Windows operating system which is the host system in my scenario will fall in this particular subnet so to run our scan we're going to Target 192.168 72.1 -24 this command then returns a list of hosts on your network and the total number of assigned IP addresses this is going to be capital P yeah if you spot any host or IP addresses on that list that you cannot account for you can then run further commands to investigate them further as of right now you can see the machine that is the parro security this IP address can be detected in the subnet the 192.168 72.1 is my local Windows machine that is running VMware software and ultimately this virtual machine the 72.2 is the DHCP server that hosts the internet connection of the parro security this we can ignore for now now the Windows machine that we have over here let's run some tests on that going to clear our terminal and we can close this actually when scanning hosts nmap commands can use server names ipv4 addresses or IPv6 addresses a basic nmap command will produce information about the given host to run a basic port scan we can just use n map along with the IP now as you remember the IP is 192.168 72.1 this is the IP of my local Windows 10 machine as you can see it shows the ports that are open and the particular servers that these ports are running now we can also have a detection of the operating system now mind you this is not 100% correct and the reliability depends on the installation and what kind of fingerprinting measures are available now since this does TCP IP fingerprinting it needs some extra permissions the flag that we going to use is nmap minus o along with the same IP address like I said since this a TCP IP finger printing it requires root privileges now to provide root privileges we're just going going to add the N map and Pudo keyword going to repeat the same command that we wrote above as you can see it has successfully detected that I am running Microsoft Windows 10 with this Mac address it has also shown the correct build number of the Windows 10 system that I am using this is useful for troubleshooting scanning for few vulnerabilities or even locating some services that need to be updated now to get the necessary information about these services for example what versions they are using we have a command known as SV which stand for service version we use the same IP address and press enter now as you can see the scan is complete and if you can check the results of the scan above here we don't see any version number for the services here we can actually check what version they are running now this becomes helpful when we are trying to find specific versions to exploit for example if VM a workstation 16 1.2 had some particular vulnerability we can exploit it by checking this command apart from the host scanning Port scanning is one of the most basic utilities there are few ways that this command can be customized as well for example I've already checked that the 443 command is open but I have found out after running this lengthy scan let's say I only want to check if command if the port 443 is open and map I'm going to use the flag of minus P which stands for port and give 443 as an argument here using the same IP address and you can see it says it's open but we already knew it is open let's say there was something else uh if let's say we're going to scan if the Apache web server port is open which usually runs on 80 obviously since I'm not running an Apache web server it says it's closed now we can combine these two commands by running both BS simultaneously to do that we can just put a comma and complete the rest similarly expected 0 is closed and 443 is open another feature of n map for Port scanning is showing of ranges now ranges can be beneficial when you're we're trying to see up to a certain limit for example n map minus P we're going to check what ports are open between 1 100 to let's say 2,000 this acts as the range everything else is the same and it checks all ports in the range of 100 to 2,000 whatever port is open in between that range it can be mentioned over here we're going to clear the scen now another flag that can be used with n map is the SS command this runs a steal scan which is a little harder to detect if you're the it admin of the system that is being scanned the results will more or less be the same although this will need elevated root privileges two .1 as you can see this is more or less similar to a port scan it just adds an extra mac address as well for good measure but like I said it's more about the stealth the normal scans usually are easier to detect when the logs are being checked style scans are relatively tougher to check on much more intricate systems this takes longer as well now that we're done with post scanning let's look at a vulnerable machine the system that is scanning right now is the my own personal system with everything is pretty locked down as much as it can be there is an attack box running in the cloud the IP address of which is over here now to be able to get into this network we need to connect to their personal network using a VPN so what I'm going to do is switch to a different workspace over here I'm going to open a terminal and if you can see over here there is a hack test. ovpn file I'm going to connect to their VPN network using this ovpn file and once we get the initialization sequence completed message we know that the connection has been established like we discussed this is the vulnerable device IP we're going to copy this and we're going to try to Ping this let's open a new terminal we're going to try to Ping this and check if we are able to reach this machine and as you can see we're getting a reply back which means we are now part of the local network where the vulnerable machine is is present let's run a service scan map with the respective versions We ran the similar scan on my local machine where we were able to detect what version each service was running what we're going to do over here is by checking what kind of services are open on the machine running on the cloud we're going to decide what we are going to do next and we're going to see if in map alone can point us to a Direction Where We can get G access to the machine as you can see the scan is now completed and we have some of the ports that are being opened over here and what kind of service they are running now like we discussed this is the first stage or sometimes even the second stage of ethical hacking what we can infer from here is what are the Serv that are being run now these two ports 139 and 445 are actually Windows SM SMP server ports which are above the windows Samba server now every service has a particular put attached to it that will be consistent whichever machine you may use Apache server will always run on Port 80 SM SMB servers will function on these two ports now SMB servers have had a vulnerability known as the Eternal blue exploit which was pretty well known as of right now from the scan results we are not able to detect if this machine has the similar vulnerability or not but since it has the SMB server open it's worth a shot that we try that exploit on this machine now to start the exploit on this we're going to open another terminal over here and we're going to use Metasploit for trying the exploit there we're going to write pseudo msf console msf console is the keyword first launching the Metasploit console enter the root password and wait for met plit to launch other than the ports we can also see that it has checked the host name of the system and the operating system as well now that the metas SP is open we're going to launch the exploit now before launching we're going to have to check what exploits are there for the Eternal blue vulnerability we're going to write use exploit blue and we're going to check what kind of results we are getting over here as you can see serial number n exploit Windows SMB ms7 010 Eternal blue it was first disclosed in 2017 and SMB remote kernel pool corruption let's say we're going to use this particular exploit now all of this may be confusing if you're not aware of Metasploit but remember this is the next stage of ethical hacking which comes into the gaining access part we're going to use exploit number n as we found above to use exploit number nine we're going to set a payload which is our malicious code that will run on the victim machine now we're going to check some options as you can see it has by default pointed it to the 445 Port since that is the port where SMB server can be accessed from the parameter that's missing over here is our host the r host is the IP address of the vulnerable machine basically the machine in which we want to attack now I'm going to use the set command to set the IP address now if we check we now have a victim IP address set another another parameter that we can change is the lhost this is basically the IP address of our own system where we are going to gain access now if you have remember we had connected using a VPN so we're going to be assigned a new IP according to the VPN so if you write if config and check this one t0 is the VPN adapter this is our IP address that we have been assigned in the server in the the network where the vulnerable machine is present so we're going to copy this IP address we going to move over this workspace and we're going to set lhost with that IP address with that our options are set now we're going to run exploit and it's going to check if samb server vulnerability is present as you can see it has written that the target is vulner able to this particular exploit it's going to send the malicious code and the malicious code is set in the payload that you sent above and we now have the shell command of the Windows machine as you can see C Windows system 32 to be sure that this is in fact this Windows machine that is being used we're going to write ip config which is a Windows only shell command as you can see this is the IP address that was assigned to the victim victim machine now while the major part of this process was done on Metasploit we would not have reached the stage had we not found out that the 139 and 445 ports are open which basically pointed us that we can Dy the Eternal blue exploit of the windows samb servers similarly all the scans that we run serve as a preface to the actual stages or the actual hacking stages of the campaigns this SV command was necessary because we could check what are the exact services that are being running in some cases if if it appach server is being run there are particular versions which have particular exploits those exploits will not work on other versions so we're going to have to check what particular version is being run and accordingly apply the exploit that can be done in the metlo or you can run some other tool but what exact exploit we have to run and which vulnerability we have to Target that is where nmap comes to help with the world moving towards the next generation of computer hardware the software side of things still has a lot left to be discovered with the majority of laptops coming with Windows pre-installed many users are devoid of the Linux operating system experience which is more resource friendly than the mainstream operating systems it can be attributed to the difficulty people used to face when installing a new operating system like Linux in the old days however a lot of these issues are fixed nowadays thanks to the big names like Debian and ubu who have been instrumental in making Linux based operating systems as user friendly as possible but which one of them is better for you let's take a look at the topics to be covered today as we answer the this question for you we start by learning about the operating systems from a Layman's perspective and uncovering the basic offerings of both entities next we cover the unique features of both Ubuntu and Debian and how they stack up against each other and other industry counterparts moving on we take a look at some pointers before installing each of these operating systems and the respective download links finally We compare the contrasting features of both Ubuntu and Debian and infer the kind of users each OS Gaters to so let's start by learning about Ubuntu and Debian in general Ubuntu is an open source free Linux distribution it is an operating system for cloud computing in accordance with support with open stack Ubunto is developed by the canonical community and it is freely available also canonical limited is sponsor responsible for the funding of Ubuntu basically Ubuntu is released every 6 months free support is available for 9 months after every release and long-term support which are the LTS is released every 2 years the first release of Ubuntu was in October 2004 you must have heard about uban 2 no matter what it is the most popular Linux distribution overall not just limited to servers but also the most popular choice for Linux desktops it's easy to use offers a good experience and comes pre-installed with essential tools to get a head start of course Ubuntu managed to simplify the Linux experience years back and that is the reason why it is still so popular even with several impressive Linux distributions available right now every new release is more polished and comes loaded with new features and improvements thanks to its huge user base a number of software vendors have made the applications compatible with one two while the catalog may not be as extensive as Windows the options are still well curated more importantly the advantage of Linux based operating systems is the ability to use free and open-source alternatives to Major proprietary software by lacking some Polish and overall features set most alternatives are enough to get the job done for majority of the users the never-ending Community Support also helps in troubleshooting should things go wrong at any point in time the default desktop environment in ubo is gnome or a Unity the unity is a modern desktop environment with a powerful Search tool for finding all your applications and documents with its base setup as gome it integrates well with common applications such as audio players video players and social media there are a few other desktop environments for OB 2 as well with unity as its Flagship environment Dean on the other hand is a free operating system for your computer which started in 1996 and is maintained by global contributors if the operating system a set of basic programs and utilities that make your computer run its core is the kernel the kernel is the most fundamental program on the computer Debian uses the Linux kernel a completely free piece of software which is started by Linus stals and supported by thousands of programmers worldwide a large part of the basic tools that fill out the operating system come from the gnu project and those rules are free as well Debian is the mother of Linux distributions beginners always wonder why this not so good-looking drro is so popular inside the Linux developers Community especially when there are a lot of modern distributions that are easy to use and have beautiful UI later on they found out the power of Debian after using a bunch of distributions from other developers you'll be surprised to know that almost all other popular consumer level dros are based on Debian even ubu it is so stable and featur Rich that the developers find it easy to build their drr based on Debian rather than building get from scratch Debian is run and maintained on its GitHub repository thanks to contributions from developers worldwide the major decisions are taken up on the repository issues tab leading to CommunityWide feedback and a holistic approach to open source development of the Debian operating system thanks to this variety of personnel the source code of Debian comprises around 70 different programming and scripting languages Debian supports all kinds of graphical environments ranging from Full feature desktop environments to lighter Alternatives and IMA minimalist window managers you wanto ships with unity desktop by default where the package manager can install the gome environment if needed while also including cinnamon lxd xfc KDE and mate on the other hand Debian gives you the choice of choosing which desktop environment you want from the get go by providing ISO files for each desktop environment individually now that we understand where both these operating systems stand let us take a look at some of the best features offered by each of these distributions ubu is the closest thing to a household name among desktop Linux distributions it is a great distribution to start with and it's even a great distribution to keep using after you're more experienced if you're happy with it it is user friendly in a lot of ways it provides a simple desktop has an easy installer and provides a checkbox during the installation process that will automatically install Flash plugins and various codecs that you will need for multimedia support there's an additional drivers tool that will detect closed Source or propriety drivers that might be necessary to get all your Hardware working and easily install them for you ubu is produced by canonical and their friends it is run as an open project to enable others with diverse ideas to benefit from all the work the developers do to deliver the world's best open platform still canonical is responsible for delivering six monthly Milestone releases and regular LTS releases for Enterprise production use Enterprises can count on canonical to support secure and manage Ubunto infrastructure and devices with more than 500 employees in over 39 countries the company underpins the critical infrastructure for thousands of businesses and millions of obuntu users around the world Unity desktop was originally developed by canonical and introduced earlier for Netbook computers with uban 2 10.10 then it went on to be the default desktop environment for uban 2 eventually it has been dropped by canonical and replaced by gome however it has made a comeback after uban to 18.04 while being completely stable the HUD and Global menu hold up just fine with major applications such as Li office Thunderbird and other web browsers that means that the unity desktop works as it is supposed to while making you more more productive while some desktop environments have a steep learning curve Unity is very intuitive for new users in spite of deviating from the traditional start menu format that the windows users are generally accustomed to the calamaras installer is a framework by design it is very customizable in order to satisfy a wide variety of needs and use cases calamaras aims to be easy usable beautiful pragmatic and more importantly distribution a notic calamaras includes an advanced partitioning feature as well which supports for both manual and automated partitioning operations it is the first installer with an automated replace partition option which makes it easy to reuse a partition over and over for distribution testing coming to Debian it is a community distribution through and through it's governed by a board of elected developers it has its own internal structure and laws and just about everyone working on it is a volunteer making it completely Community Driven it is maintained and developed by programmers and developers all around the world this form of development ensures continuity if one of the developers decides to stop working on the project another developer might come in and take place and keep the project going on it is completely free of centralized control and this is also one of the reasons for an undecided stable release cycle Debian Sid is the permanently unstable development version of Debian it is where the latest versions of programs are being considered for inclusion in the deban release cycle are uploaded and tested because it has no official installed media and the few net boot images that are built often don't work even people who are willing to risk using a development version may have trouble installing it however it Still Remains the best place to test new features that have not yet made their way onto the stable Branch Debian has only free and open- Source software in it repositories this is mostly ample for our users except for users who use Hardware that only has proprietary drivers these repositories work well in most cases it is possible to add other repos as well that have propriety software if that is the requirement Debian Standard Version is very stable as software and libraries in it go through rigorous testing the stability makes Debian a perfect server OS and it's also the same reason why average user shy away from using Debian as their primary OS on desktop the this is also one of the reasons why many developers use Dean as a base for their derivative one of which is also Ubuntu now that we are aware of each distribution's unique features let's take a look at how we can go ahead and install these operating systems and where we can get the downloadable images when it comes to uban 2 ubu has dropped the support for 32-bit systems currently it supports only 64-bit devices and armm devices installation is easy with the calaris framework coming into ISO pred default and the latest ISO can be downloaded from the link being shown on the screen right now in the case of dbn the support for multiple range of devices is still present that can also include 32-bit systems and other smaller devices which are not modern even though it does not use the calaris installer even downloading the ISO file can be a bit hectic for newer users considering this is a distribution aimed at developers and intermediate users finding the right link can be difficult because of which we have mention the link on the screen below where you can get the latest ISO depending on which desktop environment you choose to go with with the installation out of the way let's take a direct comparison of the features between both ubu and Debian Debian is a community-driven open source Linux distribution and is primarily aimed to be robust capable and most importantly free on the other hand Ubuntu is also and free on open source like Debian but it's backed up and developed by a canonical which is a corporate company Debian and uban 2 are both fundamentally fast regarding performance as Dean comes bare minimum and is not bundled or prepacked with additional software and features it makes it super fast and lightweight at least when compared with uban 2 directly both ubu and Debian use the same AP software packaging management system but provide a different software repository Debian is more like promoting freedom of choosing free software thus it does not include any proprietary software by default you can always install the paid versions but you have to enable it manually Urn to focuses on usability including all the software including free paid open source closed Source Etc Ubunto also introduced a universal package management system called Snap it will be used across dros and thus prevent more drro based software fragmentations as the dean drro does not contain any proprietary blobs there might be some problems with drivers and firmware that means Dean lacks some of the essential proprietary firmware by default but the users can enable the repository and install it manually like other page software on the other hand ub2 does not care how much whether it's paid free open source or clone source so it includes as many drivers and firmware as possible Ubuntu also lets you install and configure the necessary drivers in firmware automatically during installation or afterward if you are a gamer then you will probably be concerned with the latest software drivers and Hardware support while Debian can potentially provide that it is likely that you might end up breaking your installation as mentioned before UB to support certain proprietory packages as well which often consist of graphic drivers which are essential to gaming deban Focus focuses on the open source aspect of the software hence it can be a well-known fact that with Gamers Ubunto and some other distributions like pop have been working much better regarding both software and Hardware support regarding the audience they cater to both Ubuntu and Dean have their pros and cons Ubuntu is a very good distribution for amateur users with little to no experience and if they want to have the latest versions of packages and applications at all times on their systems it is also for users who do not want a lot of customizability in spite of unity being very customized a desktop environment it is also perfect for users with newer Hardware since it comes updated with all the latest graphical devices and their respective drivers Debian on the other hand is Catered towards a little bit of experienced users who can fix some minor bugs on their own or with minimal Community Support it also is for users who want to support an open source approach rather than operating system which is devoid of any contribution from other end and is primarily backed by a corporation it also doesn't favor gaming since it does not guarantee compatibility with all the newest graphic cards or even Wi-Fi cards in some cases however due to the low memory overhead Debian is very useful for people who are looking to run home servers or even corporate environments where running servers on deban will provide much more use data protection is of Paramount importance in today's world the vast amount of data flow between corporations and consumer needs to be secured considering that they entrusted with a lot of belief a company can spend millions of dollars on the most secure servers but it takes a single hacker to ruin all the Goodwill between the organizations to prevent these malicious attacks many automated security systems have been developed but none of them have been as used as IDs platforms which are also known as intrusion detection systems welcome to this introductory lesson on intrusion detection systems so let's go through the topics that we are going to cover today we start with a basic definition of ideas from a Layman's perspective then moving on we cover the multiple types of intruders that seek to access confidential information without any authorization next we cover the basic ways to detect intrusion signatures from the perspective of a network administrator we then take a look at the different types of ideas systems that can be used in corporate environments today a small explanation of the two types of protection is then followed by an introduction to some of the most well-known IDs tools on the market so let's get started with what is an IDs an intrusion detection system is an app or device that monitors inbound and outward Network traffic continuously analyzing for activity changes and patterns and alerts and administrator when it detects unusual behavior an administrator then reviews alarms and take action to remove the threat for example an IDs might inspect the data carried by Network traffic to see if it contains node malware or other malicious content if it detects this type of threat it sends an alert to your security team so they can investigate and remediate it once your team receives the alert they must act quickly to prevent an attack from taking over the system to ensure that the IDS doesn't slow down Network performance the solutions often use a switched Port analyzer or a text access port to analyze a copy of of the inline data traffic so that they do not meddle with the actual traffic however they do not block threat once they enter the network as intrusion prevention systems do regardless of whether you set up a physical device or an IDs program the system can recognize attack patterns with network packets monitor user Behavior identify abnormal network activity or ensure user and system activity do not go against security policies the main goal of an ideas is to detect the anomalies before the hackers complete the objective once the system detects a threat the IT team is informed and the information is passed on given the requirement for understanding context an Enterprise has to be ready to make any ideas fit its own unique needs expert advised what this means is that an IDs cannot be a one-size fits-all configuration to operate accurately and effectively and this requires a Savvy idas analyst to tailor the ideas for the interest and needs of a given site and knowledgeable trains system analyst ask SC the trick with ideas is that you have to know what the attack is to be able to identify it the ideas has always had the patient zero problem you have to have found someone who got sick and died before you can identify it it can usually go for two types of protection active protection and passive in a passive system the ideas detects a potential security breach logs the information and signals an alert in a reactive system or an active system the idas responds to the suspicious activity by logging off a user or by reprogramming the firewall to block Network traffic from the suspected malicious source so now that we understand what an IDs is let us go through the different types of intruders IDs platforms must be aware of to understand the type of intruders let us go through a scenario we have the servers which are protected by the IDS Platforms in place so let's say a hacker tries to breach the system from outside the organization this can be done using multiple attacks like dos attacks injection attacks Etc the category of individuals that are not authorized to use a system but still exploit users privacy and confidential information using different techniques are known as masqueraders a masor is an intruder that is an outsider who does not have direct access to the system and aims to attack unethically by stealing data or information however there is another Intruder who is theoretically harder to detect and approve than a a masquerader these are the people within the organization who want to weaken the security defenses be for corporate Espionage or to Aid other masqueraders the category of individuals that are authorized to use a system but misuse the granted access and privilege these are individuals that take undue advantage of the permissions and give access to them and this category of intruders are known as Mis Feer Mis feers are people that are insiders and have direct access to the system which they aim to attack unethically by stealing data or information let us now go through some of the ways the IDS platforms can detect intrusion before it is too late intrusion detection systems primarily use two key methods one is signature based intrusion and the anomaly based intrusion signature-based intuition detection is designed to detect possible threats by comparing the given Network traffic and log data to existing attack patterns these patterns are called sequences and could include bite sequence which is also known as malicious instruction sequences signature based detection enables you to accurately detect and identify possible loan attacks anomal based intrusion detection is the opposite it's designed to pinpoint unknown attacks such as new malware and adapt to them on the Fly using machine learning machine learning techniques enable an intrusion detection system to create baselines of trustworthy activity which is known as a trust model then compare new behaviors to verify trust models false alarms can occur when using an anomaly based ideas since previously unknown yet legitimate Network traffic could be falsely identified as malicious activity now if you combine both of those you have the hybrid intrusion detection they use signature based and anomaly based intrusion detection to increase the scope of your ideas this enables you to identify as many threats as possible a comprehensive intrusion detection system can understand the evasion technique cyber criminals use to trick an ideas to thinking there isn't an attack taking place these techniques could include fragmentation low bandwidth attack patent change devation and many more we can now take a look at the type of protection offered by IDs platforms there are a couple of phase that can be set up so let's go through each method the first is a network-based ideas the sensors are deployed at strategic points within the network such as within the DMZ or at the networks parameter the sensor can monitor individual packets of inbound and outbound traffic two and from all devices on the network it analyzes them for malicious activity and depending on the network architecture and amount of traffic involved multiple instances of network based ideas may be necessary the second category is host based intrusion detection systems or HIDs an agent runs on all servers endpoints and devices in the network that have access to both the internet and the internal Network intrusions identified by analyzing operating specific activities like the modification of the file system registry or Access Control list and the monitoring system application logs as well the augment network based idea systems by detecting animalis traffic which originate within the organization or from the host that is being monitored for example a host infected with malware that is attempting to spread it to other internal host is an issue that a network based ideas could potentially failed to detect the third variant is a cloud-based intrusion detection system because of the internet facing nature of the cloud on premises IDE Solutions are not necessarily optimized for monitoring for example network based sensors need to be deployed within the cloud at an environments Network perimeter and yet a cloud service provider may or may not have a way to facilitate this cloud-based servers use purpose-built cloud sensors that use cloud service provider application programming interface or cloud service provider apis to get as much visibility as POS possible into your Cloud environment now that we understand the different types of ideas deployment tactics let us go through some tools that excel in this field offering top-of-the-line implementations in a corporate and consumer environment the first tool being covered is the solar wind security event manager the solar wind security event manager is designed to integrate real-time log data from across your infrastructure enabling it to act both as a network based idea system and a host based idea system the solution can let you discover all kinds of malicious attacks and help you protect your network from H it is also designed to enact both signature based and Anam based intrusion detection by comparing sequences of network traffic against a set of customizable rules next we have the macafee life Safe macae Life safe is an intrusion detection system designed to bring a real-time threat awareness to your physical and virtual networks it uses signature-based intuition prevention and an based intrusion detection along with emultion techniques to spot and identify malicious activity maafe is also built to correlate threat activity with application usage which can further prevent network issues stemming from cyber attacks next we have bluma blumera is a security information and event management platform built to enact thread detection and responses across your cloud and on premises environments it is designed to continuously monitor your it infrastructure for suspicious activi and misconfigurations both of which could result in data leaks and compliance breaches it enables you to respond to an attack in progress and stop malicious actors in their tracks monitoring usage of corporate data and access to privilege information had been a daunting task before the Advent of IM am encompassing numerous apis single sign on Frameworks and data handling policies I am has established itself as a key component of every it department but how does it enforce these rules and who are the key benefactors of these policies what about the advantages of these Frameworks and the workflow of these systems we are here today to answer these questions let's take a look at some of the topics to be covered today we start by learning about IM am that is identity and access management from a surface level so as to put a clear idea of what it is next we cover the general workflow and process of how I am works moving on we cover some of the tools that find their place in an IM am framework and are crucial components finally we go through some of the advantages of the I am learning what makes them a lucrative deal for organizations so let's get started by learning about am from a surface level perspective identity and access management or am is a set of processes policies and tools for defining and managing the roles and access privileges of individual Network entities to a variety of cloud and on premise applications the users can include customers Partners employees devices like computers smartphones routers Etc the core objective of IM systems is one digital identity per individual or item once the digital identity has been established it must be maintained modified and monitored throughout each users or devices access life cycle access and user are two vital IM Concepts access refers to the actions permitted to be done by a user like view create or change a file users could be employees Partners suppliers contractors or even customers furthermore employees can be further segmented based on their roles IM systems are designed to perform three key tasks identify authenticate and authorize meaning that only the right person should have access to computers Hardware software apps any it resources Etc for the entry of new users or the changing of the roles of existing users the list of access privileges must be up to date all the time IM functions usually fall under it departments or section that handle cyber security and data management now that we understand the importance of IM am in today's cyber security sphere let us understand the process of this framework we have multiple components that Aid this process let's start by going through each of them individually principal is an entity that can per perform actions on an awsc Source or any Cloud management system a user a role or an application can be a principle it's always the principal who raises a concern to access or modify data on servers serving as the first point of contact in the IM workflow authentication is the process of confirming the identity of the principal trying to access the product the principal must provide s credentials or required keys for authentication this step can be further enhanced by multiple authentication factors and Googs among other things once the identity is confirmed the principal has the ability to view the data behind the wall of security and take the necessary steps when it comes to requests a principal then sense a request to the cloud management system specifying the action and which resource should perform it in this step the user can ask to modify delete edit or affect other users in this particular bucket of organization by changing ing the data or the information when it comes to authorization it carries out the rest of an organization identity and access management processes once the user has been authenticated users are granted authorizations according to their role at an organization the practice is referred to as role based access control or rbac authorizations determine a roles resources and level of access in the network these items may include systems applications file shares printers and more for example an accounting department employee who regularly works with payroll software must be authorized to do such if authentication resembles a passport these are the things your digital identity can access with it while authentication is fully straightforward authorizations and their management are far more challenging authorizations consist of complex set of rules and policies and groups which are permitted explicitly configured per user account with the working of IM Frameworks out of the way let's cover some of the tools that these systems work on SSO is an IM tool that enables a user to log into one an organization's properties and automatically be logged into a designed set of other properties for example when you log into Google you're automatically logged into your Gmail and your YouTube accounts similarly for users single sign on reduces friction since they don't have to keep track of different credentials for every application for organizations SSO helps in collecting valuable insights about user behavior and preferences since it attacks them as they move from wi application to another connected by one single login next is multiactor authentication or MFA implementing multiactor authentication is crucial to protect the organization's data from malicious intrusions and virtually every IM platform offers some form of MFA however it's equally crucial to customize MFA with the appropriate level of security for example in business to Consumer scenarios you need to consider ux and try not to create unnecessary friction for users who don't want to be subjected to heightened scrutiny every time they log in for Workforce you may want a more stringent MFA since the consequences of an unauthorized party gaining access to your private Network can be so devastating a modern IM solution will allow you to implement MFA only when it's needed this can be accomplished to setup authentication or adaptive authen authentication in which users only trigger MFA if they're trying to access sensitive data or their behavior is flagged as risky in the past few years identity has become the preferred Gateway for hackers to break into systems Brute Force attacks credential stuffing attacks and even highly targeted fishing campaigns are all attempts by hackers to break in through a company's front door which is the login box the multiple ways IM systems can help detect and mitigate these malicious attacks IM Solutions detect attacks where monitoring signals such as the velocity of traffic detection of login patterns that differ from a user's routine use of a breached password use of devices and IP addresses with a poor reputation among other things these are some of the most widely used tools when it comes to IM Frameworks but why do we go through setting up so many tools and firewalls let's go through some of the advantages of using IM systems in both corporate and consumer environments IM solution helps identify and mitigates security risks you can use IM to identify policy violations or remove inappropriate access privileges without having to search through multiple distributed systems you can also leverage IM IM to ensure that security measures are in place to meet Regulatory and auditing requirements IM IM provides a common platform for Access and identity management information you can apply the same security policies across all the operating systems and devices used by the organization the IM framework can help you enforce policy is related to user authentication Privileges and validation and attend to the privilege crep problems I am simplifies signup and user management processes for application owners end users and system administrators it makes it simple to provide and manage access and promotes user satisfaction IM Services can also lower operating costs using Federated identity Services means you no longer need local identities for external users this makes application Administration easier cloud-based IM Services can reduce the need to buy and maintain on premise infrastructure so importance of a cyber security certification first and foremost when I see a certification I look at it from three different aspects the first is the training itself which allows me to gain the knowledge which allows me to understand the aspects of security or whatever the certification is there for the second aspect is the exam itself how do I need to prepare myself for the exam and how do I need to approach the exam how do I need to ensure that I pass in my first attempt and the third aspect is the certification itself which allows me to be eligible to apply for a particular job rule so obtaining a cyber security certification ensures or shows uh to the organization that you're applying to that you do have that pre prerequisite knowledge and you should be shortlisted for an interview the knowledge that you have gained during the training will help you when you attend that interview and when you attempt to answer the questions asked to you so these certifications are designed for a specific rule uh for example a forensic investigation certificate will teach you how to investigate a crime scene forensically a digital crime scene for a matter of fact a certified ethical hacking course will teach you about penetration testing so it is you who's going to decide which certification you require and then attempt get certified on it of course a fresher with a cyber security certification will have better employment opportunities because they can showcase their knowledge with the certification that they already have even professionals who want to enhance their careers can get into managerial or Advanced certifications to improve on their knowledge and get promoted in their job profiles so cyber security cred uh certifications can be classified in three different aspects the first one being the foundational level then the managerial level and the advanced level uh in the previous video we just had a small overview here we are going to discuss about what the certification covers how the exams are conducted and uh the price points for each and every exam so let's start with the foundational SE certifications we start off with CCNA which is the basic certification for networking so the CCNA routing and switching certification basically it helps you build your networking career you will join an organization as a networking engineer where you can help the organization establish the routing uh the pathing of how data packets will travel across the network this certification covers all the basic concepts that you require to understand networking the basic requirements for this certification are that the candidate must have a bachelor degree but apart from that there are no other prerequisites so it's just that you need a bachelor's degree and then you can apply uh you can study for this you can undergo a training and then you can attempt the exam uh the certification provider obviously is Cisco so the knowledge that is limited to this training and certification is for Cisco devices only the exam fees for this certification is approximately $325 the exam when it is conducted uh it has around 50 to 60 odd questions which need to be answered in 90 minutes the type of questions that you going to get is multiple choice questions where you have a question and four answers and you have to choose the correct answers among those Dragon drop where you have to click on an object and drag it to its appropriate Place probably a architectural diagram and you have to let's say pick on a router and place it into a particular uh position if you place it correctly you answer the answer the question correctly otherwise it's wrong and a simulator where you where there could be a configuration you need to configure it in a particular Manner and then check whether the configuration is correct or not the pass Mark is around 800 to 850 out of a possible th000 marks so each question will have a different weightage depending on the depth of the question depending on the difficult level of the question or the difficulty level of the question which uh would then count towards your marks and if you score 800 to 850 that's when you clear the exam the job roles as we have discussed over here would be more more on the network administrator side or a network engineer side depending on the level of experience experience that you have the salaries that are expected from this job roles in the US are around $55,000 to $90,000 annually the next one is the comcha certification called Security Plus comcha is also a global certification Authority for uh infosec courses so this certification teaches candidates on how to secure applications networks and devices it focuses on Hands-On practical skills in the field of network security I have trained people on this certification myself so uh I know this certification is quite Hands-On it deals with the concepts to the core it helps you understand the concepts and then in the Practical Hands-On demo uh you need to execute the Practical yourself so that uh you can gain that knowledge the recommended level for a candidate to attempt this training would be at least around 2 years of experience in the it sector in addition if you have already been certified for Network plus certification from comia which is the Baseline networking certification this is also a preferred way to go for this certification as said comcha is theer certificate provider and the exam fees for this certification is $339 the exam is quite simple 90 questions in 90 minutes that's 1 minute per question it sounds like a lot of time but believe me the questions can be a little bit confusing can be a little bit lengthy so you will require all those 90 minutes to answer those questions especially when they're tricky and they're technical in nature the questions would be multiple choice and performance-based the pass Mark for this exam is around 750 points out of a possible 900 the job profiles for this kind of a certification is when you want to apply for a security analyst position or a security Engineers position where you're going to analyze some data to understand and figure out what problems are ongoing in the organization uh the average annual salary of this uh person would be around $72,000 then comes the c or the certified ethical hacker training from EC Council now this is a very well-known course and also uh EC council is a global certifying Authority will accepted across a lot of countries uh this is an offensive certification so here you're basically trying to become a penetration tester you're taught how to hack you're taught how to attack a particular organization from ethical hacker perspective so the job profiles that you'll be looking here are of a pentester where you go into an organization you test their security controls or you test their devices find out flaw flaws within them and then provide recommendations of how to plug those flaws or mitigate those flaws and improve the security of that organization it is recommended that you have 2 years of experience at least in networking or security for these uh to attempt this kind of trainings and certifications again a basic understanding of networking maybe a little bit of applications operating systems would be necessary uh before attempting this certification the certification provider is EC Council and the exam fees for this certification is $500 so the exam here would be 125 questions which needs to be attempted in 4 hours and you will only get multiple choice questions in here now for CH there are two exams one is the multiple choice questions and the second is a practical exam where uh you need to solve some given problems to you in a IAB scenario and if you are able to solve them properly you then get certified for CH practical the cut off varies from 65 to 85% depending on the questions that you have answered and the weightage associated with each and every question as said the job roles would be as a penetration tester or security engineer and your salaries would start from around $90,000 annually then comes the CND or the certified Network Defender also from EC Council now this is more on the network defense side so here again the job rules would be where you uh where there's a network that you have and you're going to try to secure the network and the communications that are going to travel over the network so you need to be a network administrator network security engineer or uh in a similar profile to understand how networks work and then you're going to attempt to secure those net n works the certificate provider again is EC Council and the certification is placed a little bit below C so it becomes Network defense then C where you're going to become a penetration Tester the exam fees for this certification is $350 the exam the exam is of 100 questions to be answered in 4 hours again it's just a multiple choice questions so you get a question with four options you answer the correct one and you move on to the next question the pass percentage again varies from 60 to 85% depending on the questions answered and the weightage of that question job rules to be applied Network defense technician CND analyst or a security analyst from a network perspective salaries would range from $65,000 to $75,000 per anom then comes the forening investigator course which is exactly what it is digital forensic investigator this will help you understand how computers work where data is stored and how you can retrieve that data to investigate a crime that has uh taken place so the candidate must have at least years of experience in the information security sector they need a good understanding of how networks work how computers work how operating systems work how they store data the location where that data is stored how databases work how those databases store those data and so on so forth this certification is s after mainly in the law enforcement areas but there are a few corporates that offer forensic investigation as a service especially when a corporate gets compromised and they want to uh conduct their own investigations the certification provider for this is also AC Council and the exam fees are $500 this is an advanced level certification so uh understanding of applications networks and operating systems is a must before you attend this the exam is quite similar 150 questions in 4 hours again it's just a multiple choice question exam the cut off again is from 60% to 85% depending on the questions and the weightage of each and every question job rules it security specialist network security pro the the job roles foreign sake investigators law enforcement agencies security Specialists homeland security jobs and your salaries would be around $888,000 and above all right now let's talk about the managerial level certifications kit stands for control objectives for information and related Technologies it's a certification that will give a candidate an in-depth knowledge of the framework which kit is all about and the framework helps you manage and govern Enterprise it environments now this is Advanced certification so around 8 years of manager experience is suggested before you attempt the kobit 5 certification to understand all the aspects and to help you implement the framework properly the certification certificate provider is isaka the exam fees are around $175 now this is a small exam 50 questions but in 40 minutes so you really have to be on your toes you have to know the knowledge there's a very limited time to think and you have to be fast in your answers the past percentage is 50 % the job roles associated with this certification would be to uh when you apply for a information security manager or as a security consultant or a cyber security manager and your roles and responsibilities would be to govern the uh it space that the organization owns so all the servers desktops the network the data flows the databases everything and how it needs to be managed and how it needs to be governed in a secure manner annual salaries would be around $100,000 plus then the cism also called as sism it stands for certified information security manager and as the name suggests it's a security manager certification it helps the candidate in understanding the relationship between business goals and information security so now you're going into the space where you're not only technical in nature but you also have to understand the business needs the goals of the business and you have to align the information security of your infrastructure along with the business needs and the business goals so it it is your inputs that are going to go to the management to see if the infrastructure is aligned to the business goals or if the infrastructure or the business goals need any fine-tuning around 5 years of work experience is recommended in the information security field for attempting the cism out of the 5 years the candidate must have a background as an information security manager for 3 years so you have some experience as a manager uh you have implemented those things yourselves which will give you a better understanding and then you attempt the Sear notification again providing by isaka and the exam fees for isaka members is $575 for non-members it is $760 the exam is where you have to answer 150 questions in 4 hours uh quite a bit of time but questions are going to be uh scenario based questions where they're going to give you a lot of scenarios you have to think about it and you have to give the most probable and the correct answer for that particular scenario the pass Mark is 450 out of 800 your job profiles would be either a risk manager or a risk consultant analyzing the business requirements to the infrastructure security that uh that you have and to identify if there any risks associated with the infrastructure highlight those risks and then put in security controls and manage those controls in a way where security is mitigated your average salaries would be around $88,000 and above then the cesa or the cisa the certified Information Systems auditor certification it not only looks into security but it also looks into auditing and controls uh in Information Systems this is a highly reputed certificate and you gain a better understanding of governance regulations and auditing your information landscape again a minimum of 5 years of work work experience in the field of Information Systems auditing control or security is necessary now here the question would be what's the difference security is where your technical in nature you have done let's say a vulnerability assessment or a penetration test you have implemented firewalls you have archit detected security controls are all about the security controls that you're going to implement like firewalls idss ipss data loss prevention systems uh maybe even uh UTM and whatnot so experience in architecting or implementing those controls in an effective manner mitigating your security or your your vulnerabilities that you have identified in the organization and auditing would basically mean about looking at compliance to ensure that that everything is in place you're compliant with let's say ISO 2701 guidelines or the policies that you have created yourself and everything is working in order so it's more of a checklist where you're going to just check everything is in place and you're conforming to standards this certification is also provided by isaka and the exam fees for isaka members are $575 whereas non isaka members will have to pay $760 for the certification 150 questions again in 4 hours multiple choice questions scenario based so you have to really understand the real world scenarios of where what controls and what audit mechanisms should be in place pass Mark is 450 out of 800 your job roles would be mainly becoming an auditor or a senior auditor a director for information security information audit manager or a Information Technology consultant where you provide Intelligence on how the company should Implement their infrastructure average salaries would be 103,000 and about then comes the crisc also called as crisk uh certified in risk and information systems control certification helps the candidate design and maintain Information Systems controls for an organization this is one of the most sought after certifications as far as risk management is concerned in Europe and in us if you have this kind of certifications you automatically qualify for a risk manager or a security risk manager or a information security consultant kind of a role you should have a minimum of three years of experience in in the field of is controls that means information security controls you should have knowledge about Fireballs you should know about how to mitigate risks how to identify risks in the first place risk analysis risk management and after which you're going to implement security controls to mitigate that risk or bring it to acceptable levels at this point in time you will also be responsible to create policies revolving those risks and how you want to calculate those risk and treat those risks in their lifetime certificate provider again is isaka $575 for isaka members $760 for non isaka members for the exam fees a similar question 150 questions to be answered in 4 hours multiple choice based on performances so they may give you a scenario where you have to perform a risk analysis and provide a report and a solution based on your findings again the pass Mark is 450 out of 800 the job profiles Associated as discussed earlier are the it risk management professionals where going to identify risks treat those risks calculate analyze maybe do a business impact analysis to a certain how the organization is going to be affected and then you will also be looking at compliances as far as these job roles are concerned average annual salary would be 119,000 and above moving on to advanced level certification now this is where we come across a cissp or the cisp certification certified information system security professional this is the gold standard of all certifications if you have this certificate you can basically be assured of a job in the IT world now just to qualify you'll have to have 5 years of experience in the information uh security field there are eight domains that are specified by cissp and you have to prove that you have knowledge and you have work experience of around 5 years in at least two of those domains if you do not have those kind of experiences you can still attempt the exam but you become an associate of ISC Square which means that you've get six years to accompl the 5 years of uh experience requirement for this certification before taking up the CIS certification it is suggested that the candidate clears all the intermediate level certifications not all but some of them in fact I've seen people do the other way around they qualify for cissp they give the exam once your cissp the cisa or CM CIS or cism exams are way easier to crack but you need to have that kind of experience I have seen people with 15 years of experience and more fail at this certification in the first first attempt the certificate provided is IC Square the exam fees is $699 like I said this certification is most sought after the gold standard in fact there is hardly any other certifications after this that you might want to do the questions now the exam has changed if it is the English version that you're giving it's 150 questions to be answered in 3 hours if it is the non-english exam that you're attempting then it is 250 questions in 6 hours it's a marathon and if you're opting for the 6 hour exam you need to plan it really well it sounds really easy but the questions are quite tough they're scenario based and the answers are quite confusing as well you would get multiple choice questions you would get drag and drop and you might get simulators as well uh the pass Mark is 700 out of 1,000 but each question has a different weightage so uh it depends on which questions are asked of you and which questions you've answered correctly the job rules associated with this certification would be anything and everything in information security at the managerial level and above so information security manager risk manager system uh information system security officer the ceso role the ciso Chief Information Security Officer any role that you might think of as a risk from a risk compliance strategy could be achievable after this kind of a certification the average annual salary is $108,000 for this certification technology has become more intertwined with our daily lives hence it is no surprise that the need for skill cyber Security Professionals is on the rise cyber security is a lucrative field and there is a dir of skilled cyber Security Experts therefore currently a career in cyber security is something you should consider if you're looking for an interesting job role on that note hey everyone welcome to yet another exciting video by simply learn which will take you through the top 10 highest paying cyber security jobs for 2022 but before we begin if you're new here and haven't subscribed already make sure to hit the Subscribe button and the bell icon on for interesting Tech videos every day so let's get started at number 10 we have the job role of a cyber security analyst cyber security analysts are professionals who keep a constant check on any threat and monitor the company's Network for potential vulnerabilities they react swiftly to restore protection if compromised they identify and correct flaws uncovered in the company's applications programs Security Systems computer networks and more cyber security analysts even recommend ways to improve the business's overall security and communicate the specific measures to be taken they compile ongoing safety reports document security issues and measures taken to resolve them now let's have a look at the salary of a cyber security analyst according to glor a cyber security analyst in the United States earns about $80,000 us per anim and in India you can earn nearly 6 lakh rupes annually next on a list we have the job role of a network engineer a network engineer is a person who understands the structure and network Essentials of the entire organization at a macro level they design and maintain any network that supports the company's life cycle and growth opportunities Network Engineers take charge of the configuration and installation of network devices and services they also collaborate with the security team team and ensure network security through the implementation of tools and procedures in line with them they monitor Network performance and ensure reliability and availability according to glassor a network engineer in the US earns over 85,000 us per anom and in India the average salary is 4 lakhs annually moving on the next job role on our list is that of an ethical hacker ethical hackers are Network Security Consultants who identify and exploit system vulnerabilities just like how a hacker would do they are also known as wh hat hackers they scan the network and systems for vulnerabilities before a black hat hacker would ethical hackers probe and test the network using various penetration tools and software additionally they also design new penetration tools and document the test results according to pay scale in the US a certified ethical hacker earns around $96,000 on an ual average basis and in India they make around 5 lakh rupees per anom moving to our next job role we have malware analyst a malware analyst analyzes malicious software that includes BS worms and Trojans to understand the nature of their threat a malware analyst has a dual mentality by being both Forward Thinking and reverse thinking moving on to the responsibilities of a malware analyst firstly they use tools and expert level knowledge to help decide what kind of of malware they are dissembling and if they have encountered this particular kind of malware before you will use Dynamic malware analysis tools to achieve insight into software attacks secondly they also uncover hidden indicators of compromise that should be blocked and keep an organization software updated to protect against the latest malware threats according to glasto in the US a malware analyst can earn about $997,000 and the average salary for a malware and list is around 5 lakh rupees in India up next we have another very interesting job role that is information security analyst an information security analyst is an expert who plans implements upgrades and scrutinizes security protocols to safeguard an organization's computer networks and information these professionals play a vital role in the public private and nonprofit business sectors because they Shield a company sens itive and fundamental information they use data encryption firewalls and other relevant security tools and applications to cover and protect transfers of secret digital information information security analysts perform risk assessments Audits and tests to ensure the proper functioning of data processing activities and security measures as per glass door the national average salary of an information security analyst is around $99,000 per per anom in the states and as per indeed.com in India you can earn nearly 7 lakh rupees per anom let's have a look at the next highest paying cyber security jobs that is cyber security engineer a cyber security engineer helps to design and Implement methodologies to secure the organization's cyber space they also help in testing and monitoring systems frequently to make sure that all of the systems are up to date and work perfectly to defend the information they troubleshoot security and network problems and ensure that the organization's data and infrastructure are protected by enabling the appropriate security controls cyber security Engineers also conduct tests and scans to identify any vulnerabilities in the network and system talking about the salary in the United States a cyber security engineer earns over $101,000 per anim as per pay scale the average salary for a cyber security engineer in India is nearly 7 lakh rupees moving on to the next job role we have senior security consultant a senior security consultant protects their client Network through regular situational assessments senior Security Consultants are required to carry out an assessment of security networks to sport a systems vulnerabilities strengths and weaknesses following which they guide different it teams in strengthening their security by helping them pick the right Solutions like new techniques or tools they also create preventive measures against future cyber attacks according to indeed the average annual salary of a senior security consultant in the states is around $104,000 and in India it is nearly 12 lakh rupees next we have the role of an application security engineer application security Engineers work with product managers and developers to plan and Implement security releases in order to understand any vulnerabilities Within products they carry out threat modeling tests Dynamic tests and Security reviews following this they optimize a given product's efficacy they ensure that every step of the software development life cycle follows best security practices they also help in testing the application against security risks before release according to glassor in the US an application security engineer earns around $110,000 on an annual average basis and in India they make around 9 lakh rupees perom moving on to our next job role we have security architect a security architect researches and plans the security elements for their firms they formulate company procedures and user guides they designed robust security structures at that are capable of preventing malware attacks additionally they also approve the installation of VPN routers and firewalls according to glassor a security architect in the US makes a handsome sum of $150,000 a year on an average and in India they make around 20 lakh rupees per anom and finally at number one on our list we have the role of a chief information security officer ciso cisos are senior level officers in an organization their duty is to ensure the safety of the information they develop Implement and maintain information security and risk management programs additionally they also interact with stakeholders and regularly brief them with information security concerns according to glasto the average annual salary of a chief information security officer in the states is a whopping $195,000 and in India it is 19 lakh rupees per anom so those were the top 10 highest paying cyber security jobs for 2022 now let's have a look at the companies hiring cyber Security Professionals here we have deoy net app KPMG Bosch HP Samsung CGI and GE to name a few in this series we are going to discuss about the interview questions that will be asked to candidates uh in the cyber security field we are going to look at multiple options over here and we're going to discuss various fields in which this questions will be asked in this video we are going to look at 10 different questions on networking then we'll have 10 more questions on software and programming another 10 questions on operating systems and applications 10 questions on cyber attacks and then the finally 10 questions on cryptography so we're going to discuss over 50 odd questions each in this different fields which will help you crack your interviews as far as cyber security is concerned let's start off with networking questions let's start off with question one what is the OSI model explain the different layers of the OSI model OSI largely is a theoretical model uh utilized to understand networking and how data packets are created and how they are being processed by a computer this is normally used by the tcpip the transmission control protocol over Internet Protocol so software suite so OSI is known as the open systems interconnection model it is a reference model that describes how applications are going to interact via the computer network there are seven different layers that we need to understand they are as follows so in this diagram there are these seven different layers we start off from the bottom first is the physical layer the data link layer Network layer transport layer session layer presentation and application when uh such a question is asked in in an interview it is not only that we identify these seven layers explaining what the OSI model is in the first place we then try to identify these seven layers and we give a brief description about each and every layer if there are any additional questions they will come after uh this basic question so let's start off with the physical layer this is the lowest layer of the OSI model now this is where any and every physicality of your computer comes into the picture so it could be an uh Network interface card it could be an RJ45 or a CAT 5 cable anything that allows data to be transmitted physically from your machine to another machine next comes the data link layer so on the data link layer as far as networking is concerned we just need to understand that data packet is encoded decoded into bits at this layer this is also the layer that deals with Mac addressing so the physical address of every network interface card which is the MAC address which is utilized to route data package over the network this is where the MAC address resides on the data link layer the next layer is the network layer here datagrams are transferred from one to another the function of this layer are routing and logical addressing the moment we talk about routing and logical addressing IP addresses come into the picture IP version 4 IP version 6 so Network layer will deal with IP addressing and the routing of those packets then comes the transport layer this is the layer responsible for end to endend connections that automatically signifies that this is where TCP and UDP will be working TCP stands for transmission control protocol UDP for user datagram protocol TCP is a connection oriented protocol whereas UDP is a connection L protocol these two Protocols are utilized to establish connectivity between two machines TCP is a more reliable method of connectivity because there are a lot of packets that are sent across to verify that the data has been sent data has been received and so on so forth whereas UDP is a connection L protocol where data is just dumped without verifying whether the receiver actually receives that data or not so in a nutshell on the transport layer TCP and UDP make their appearance and this is where that functionality lies then comes the session lay this controls signals between the computer it establish maintains and terminates connections between processors so in the transport layer we talked about TC and UDP UDP being a connection L protocol where data is just transmitted without verifying whether the receiver received that data or not whereas TCP we studied is more of a reliable protocol thus there are different packets signals that will be sent across to verify that data has been transmitted it has been received properly and then the next uh segment of that data is being sent so those control signals are established using the session layer so the three handshake of TCP the acknowledgement packets and uh those kind of packets will be taken taken care of on the session layer of the OSI model then comes the presentation layer the presentation layer is responsible to translate data into the application layer format so the formatting right MIM or encoding that is being utilized the udf8 character set that we utilize for presentation encryption mechanic Ms all of these work on the presentation layer and finally comes the application layer where the application itself uses a particular protocol so that the other uh machine on the receiving end the application on that machine will be able to understand what the communication was about right so in a nutshell if if I start from up top the application layer will deal with any of the data that the application uh is generating so maybe an user input you're logging in you're typing the username password all that data will be constructed let's say into an HTTP or https format that's where application layer comes into the picture then the formatting of which into utf8 uh and the encryption of which would be done at the presentation layer then the transport layer and the session layer would kick in to establish a TCP session do the three-way handshake establish that connectivity IP addressing would be done on the network layer Mac addressing will be done on the data link layer and when everything is ready on the physical layer the packet will be sent out at the receiving end the packet will be received on the physical layer and then all these layers will be reversed and finally at the application layer the data would be presented to the application who would then execute it and showcase it on the screen of the recipient so this is the way you want to explain this question you want to be very concise precise about what you're explaining you don't want to go into too hypothetical scenarios you don't want to delete Al with the layers you just want to give the basic functionality want to demonstrate that you understand what the OSI layer is how the computer functions and you want to move on from there if the interviewer has any further followup questions they will ask those specific questions so that's question one moving on to the question two question two is Define unicasting multicasting and broadcasting now this is a question which can be very lengthy but again most of your interview questions are designed that way it's basically to understand how much conceptually you are aware about these technology so you have to be very concise don't go uh rattling about technology too much but in a concise manner just try to explain what these things is so when data is being transmitted over a network it can be trans transmitted either in one of these particular manners it can either be a unicost multicast or a broadcast so what is unicost you unicast is when a message is sent from a single user to a single receiver so one to one right so uh one machine talking to another machine and nobody else so also known as Point too Communications one point to another point if you have to send information to multiple receivers then you will have to send it using multicast right so this is where your multicast networking comes into the picture so in our case let's assume it's a network where there are there's a Class C Network approximately 255 odd machines and Within These there are two machines that want to talk to each other if they want to talk between each other it would be a point to-point communication where they will utilize unicast where only these two machines will have visibility of that conversation and the other machines will not even realize that this conversation is taking place if one machine wants to talk to multiple machines then the multicast comes into the picture as the name suggests in this mode of communication data is sent from one or more more sources to multiple destinations multicast uses the internet group management protocol also known as the igmp protocol to identify groups so under this igmp protocol various groups are created where machines uh are subscribed to those particular groups and whenever a message needs to be sent through those groups it will be identified by the igmp protocol and then that particular message will be sent to those mult multiple machines that are members of those particular groups and then comes the broadcast the third method is known as the broadcast as it says it is going to broadcast to all so this is one to all that is communication between a single user and it is going to be sent to all the machines in that particular Network right so the three ways unicast is one to one multicast is one to many and broadcast is one to all then question number three what is DNS DNS stands for domain name system it is like the internet's phone book that is responsible for mapping the domain name into its corresponding IP address and let me give you an example over here whenever we go and open up let's say a browser a Google Chrome browser we type in www.google.com and then we press enter and magically Google comes in front of us the website rather now how does the computer know who Google is because as far as we are concerned humans understand Google and words like that computers don't computers deal with binary zeros and ones right and as far as Internet is concerned they will only deal with IP addresses and Mac addresses so how does a computer know how to find google.com and where is it located so the moment we type in in the browser window in the address bar google.com and press enter a DNS query is generated automatically by the browser where a package is sent to our DNS servers asking what the IP address is so in short DNS resolves domain names to their corresponding IP addresses there is a DNS server which will have this index a database of all the domains associated with their IP addresses if one particular DNS server does not have that information that you're looking for it may query another DNS server who may have that particular response so the first is when you type in domain name it gets resolved with the DNS it identifies the IP address corresponding to that particular domain name and thus allows the computer to route that packet to the particular server where that domain name resides so in this scenario if you look at the screen on the local PC you have typed in cyers security.com there is a DNS resolution that a query that goes to the DNS server what is the IP of cyers security.com the DNS server looks it up in its particular database if it has the corresponding IP address it will then respond back the IP address is 17217 2521 after which the packet is sent off to cyers security.com moving on to the question number four what is a firewall now this is a very good question and normally a very basic answer that I've ever heard is that a firewall is a hardware and a software firewall but that's the functionality of a firewall that is what how you can install a firewall but there are different types of Fire firewalls and there is a specific functionality that a firewall is created for right so firewall is either a hardware or software but its responsibility is for blocking either incoming or outgoing traffic from the internet to your computer they secure a network so essentially the firewall will allow a connection to happen or disallow a connection to happen it won't go beyond that that's the basic functionality of a firewall okay so based on the configurations that you have done based on the rules that you have created on a firewall it will then based on those rules identify whether some traffic is allowed in that Network or some traffic is to be blocked from entering that Network so as the screen shows the firewall rules will analyze whether the traffic is good if yes it will allow if the traffic is bad it will block the traffic and not allow that connection from happening in the first place now there are few common types of firewalls that also need to be included in the answer to this question and the first one is a packet filtering firewall these are the most common types that you will come across which analyze packets and let them pass through only if they match an established security rule set now here people do get confused when we say that we analyze packets people think that these firewalls will analyze the contents of that packet which is not correct when the definition for a packet filtering firewall says that these firewalls analyze packets it means that they're only analyzing the the source and destination IP addresses port numbers and the protocols that are mentioned in those packets these firewalls do not have the capability of D packet inspection or DPI as it is known if that capability comes into the picture you're basically looking at an intrusion detection system or intrusion prevention system in today's world called as a NextGen firewall okay so a packet filtering firewall essentially will only analyze data packets for its source and destination IP addresses port numbers and the protocol that is being utilized it will then map that information to the rules that are there on the firewall and based on those rules it will either allow that connection to happen or disallow that connection from happening the second type of is a proxy firewall these firewalls filter Network traffic at the application Level So when you say application Level they work at the layer seven of the OSI model packet filtering firewalls since we have mentioned that they work on IP addressing and port numbers will work on the network layer of the OSI model also on the transport layer because they also look at protocols proxy firewalls will work at layer 7 which is the uh application layer of the OSI model and we'll deal with application Level protocol such as HTTP https FTP SMTP and so on so forth and the third one is a stateful multi-layer app inspection firewall uh these filter packet at the network transport and application layers so they basically do the job of the the first and the second type of firewalls the packets are compared to known uh trusted packets but now the first question is if there is a stateful multi-layer inspection firewall why do we have type one and type two firewalls like packet filtering and pro proxy firewalls that is because that is how the firewalls have evolved we started off with the packet filtering then we added functionality to it and so on so forth so if a question comes what is a firewall you start off with the option saying it is a hardware or software this is the responsibility the functionality of a firewall is to allow good traffic and disallow bad traffic based on the rules that have been configured on the firewall and then you got basically three types of firewalls packet filtering proxy and stateful multilayer and just include a brief description of each of these firewalls if getting your learning started is half the battle what if you could do that for free visit scale up by simply learn click on the link in the description to know more then moving on to question number five what is a VPN VPN is also called a virtual private Network it is a connection between a VPN server and a VPN client so it basically creates a encrypted tunel between the client and the VPN server which is then utilized to secure the connections that you're making with the internet so as you can see in the diagram the user has a VPN client installed on the machine the VPN client then creates an encrypted tunnel to the VPN server and through this tunnel encrypted data is transmitted which can then be processed by the VPN server uh sent to the internet information can received can be received back by the VPN server the VPN server will encrypt that data back and send it back to the user so if there's a man in the middle attack that is happening or a hacker trying to EES drop on the communication mechanism they will not be able to do so because of the encrypted tunnel it is very difficult to decrypt this or hack through this encrypted tunnel the it is possible but it is very difficult to achieve that moving on to question number six what are the advantages of distributed processing now before we go into advantages of distributed processing we first have to understand what is distributed processing so it is a term which describes various computer systems that use more than one processor to run an application here multiple computers across different locations share the same processor the advantages of Distributing processes are as as follows but before we go into the advantages distributed computing is basically where multiple machines will pull their resources together to run a singular application so an application that has multiple resources and can scale up and scale down as and when required the advantages are that it can be very uh very useful in data recovery for example raid where your striping data on various hard disks it is reliable it is cheaper lower cost can be achieved and it is easy to expand because of the scalability factor that we just talked about if there is loss of data in one computer it can then be recovered by another interconnected computer and one of the examples would be blockchain in today's world right what is blockchain that this data is uh created live and stored on a connection of computer so if one of the computers goes offline the other computers in that network will still have that data and the the blockchain will still function without any issues the second point a glitch in one machine does not affect the processing as there will be multiple other machines like we discussed in the blockchain several cost-effective mini computers are used instead of costly or Mainframe machine so instead of having a server bank I can have multiple machines connect interconnected together and they can function in that particular blockchain or for that particular distributed processing mechanism depending on the amount of data processing more computers can be attached to the network thus you can increase the number of computers that can be a part of that blockchain or you can reduce them as and when necessary moving on to question number seven what is tcpip tcpip or transmission control protocol over Internet Protocol is a set of communication protocols that are used to interconnect networking devices on the internet this protocol defines how data should be transmitted over the Internet by providing endtoend Communications so essentially if you want networking to be established on your machine you will need tcpip without TC T CP IP there will be no work groups there will be no domains basically your interconnectivity will go for it TOS tcpip is a software that once installed on your machine will then interact with the hardware which is your network interface cards and then your switches wires cables and all those through protocols that have been already preconfigured in it so within the tcpip suite of softwares you will have all the protocols all the functionality of the OSI layer and each and every protocol that works on each and every layer will be predefined and pre-configured to work in a particular manner the Internet Protocol is all about routing each individual packet to make sure it reaches its destination so with the TCP you're talking about the protocols that will allow you to format the data and generate it so that you can communicate it over the network the IP will then deal with the routing of those packets so that the packet can be routed to the correct computer and be received by the recipient so the tcpip model is the compressed version of the OS ass the seven layers will get converted into four layers the network access layer internet layer transport layer and application layer going on to question 8 what do you mean by ip config and if config both of these are commands the first one on a Windows machine the second one on a Linux machine so ip config is known as the Internet Protocol configuration this is a command that is used on the command line interface of Microsoft Windows to view all the adapters and the configuration of each and every adapters for their network interfaces so as you can see on the right hand side in the command prompt screen if uh once you type in the IP config command on the C prompt and press enter it will give you a list of all the adapters that are there so you can see wireless land adapter local area connection the media is disconnected it doesn't exist at the bottom you'll see the Wi-Fi connection wireless landan adapter and it can give you the IP version 6 IP address IP version 4 address the subnet mask and the default gateway so this is the configuration that allows the machine to know on what network it is on what is the default gateway for communicating to the internet what is the subnet mask so how many computers may exist in that particular Network and what is the IP address of that specific computer so that it can communicate across the network as well if config is the same thing on a Linux Mac or Unix operating system so the command will also give you the list of interfaces and the configuration of each and every interface it is used to configure control the TCP IP network interface parameters from the command line interface it allows you to see the IP address of these network interfaces so here you can see uh the wlp1 19s the IP address being 192 168 43215 subnet Mark being 255.255.255.0 with the broadcast being 192168 43255 question 9 what is the difference between a domain and a work group this can be a very interesting question and can be a very lengthy question at the same time a work group is nothing but a decentralized network where you have interconnected multiple machines together and each machine acts in its own individual capacity thinks of itself as a server right so a decentralized network you every user manages the resources individually on their PC so local users on their own PCS managing uh the network share is what can be shared from that particular machine what data should be shared should not be shared to whom it can be shared with and so on so forth it is good if you got a small network uh a few machines alog together uh and you want them to interact with minimal management effort right so each computer each user will decide what they want to allow other users to see on that particular Network and all of them would be connected over a land a local area network either a wireless or a wired one so if you look at your home Wi-Fi right now that is one of the best examples of having a work group The Domain on the other hand is a centralized Network model so in a corporate environment whenever you go there and you got a domain based username and password which when entered onto a particular machine gives you access to the entire network or whatever applications and whatever resources have been allocated to you that is where the domain comes in so it it also uses a single sign on mechanism for all the resources that are that are to be made available to you for you whereas in a work group you're a local user only meant for that particular computer right so coming back to the domain it is an administrator who's going to manage the entire domain and all of the resources connected to the domain the resources could be switches routers servers data stores applications web servers Mail Exchange servers and so on so forth so all of these are administered by an administrator through the domain it is the most reliable and the optimum solution for a large Network where multiple users are going to interconnect and share that data amongst each others right the computer can be connected to any network that means you can be on the internet and through the internet using a VPN you can connect to your corporate Network authenticate in and get access to whatever sources you are allowed to access whereas in a work group you have to be a part of that Network to access that particular network if you change your location you go and connect to another Wi-Fi you will lose access to your previous Wi-Fi then the last question for the networking uh section what is data encapsulation in networking data encapsulation refers to the process of adding headers and trailers to the data the data link layer binds each packet into a frame that contains the hardware address of the source and the destination computer so in this example when you're talking about data encapsulation we have talked about how data that has been created by the application layer would have a header and a trailer that will give the various informations of where that data needs to be sent so the hardware address which is the MAC address comes into the picture and gets added to the header and the IP addresses port numbers and all of those things would then be added to this uh trailers as well so that the data can be then routed to the intended recipient of that particular communication with this we end the first 10 questions in networking and in this video we are going to look at software and programming so we're going to look at the first 10 questions first question being how do you keep computer secure now this is going to be a very generic question so you want to put your best foot forward and you want to identify the most common methodologies on how you can keep a computer secure so when we talk about computers the first thing that you want to talk about is authentication mechanisms where you want multiactor authentication or two-way authentication to ensure that your accounts are keep secured now if you look at using passwords depending on how passwords are being stored by the application uh password attacks can be possible either a Brute Force attack or a dictionary base attack uh or even password guessing attacks are possible to mitigate those kind of attacks you we need multiactor authentication to ensure that accounts are secure now even if we are using multiactor authentication we also want to look at secure passwords which means that the password is complex enough to withstand most of the common attacks and and a Brute Force attack or a dictionary attack is just not possible so we want to randomize our passwords we want to create a complexity where a password meets standards such as uh meet has at least one lowercase one uppercase character has numerics and special characters and his randomize is not based on a dictionary word doesn't contain usernames email addresses phone numbers or anything that is personal to that particular user third key keep regular updates which means that there will be patches that will be released for the application for the software that you're utilizing download the patches install them on a regular basis to ensure that you are secured against the most recent attacks that have been identified install a good antivirus could be a Internet Security Suite which will have an antivirus intrusion detection system a firewall uh and will help you protect yourself against Ransom wees malwares and any script based attacks also have a specialized firewall on your system could be a host based firewall or a network based firewall to ensure that uh attacks are kept at a minimum and you have your network definitions in place to allow or dis allow connections from happening to your devices have anti- fishing softwares installed as well to ensure that you are not getting any spam mails even if you do you're able to identify that and not fall pre or victim to those spam males fishing attacks are generic where they are directed towards individuals uh and they pray on the gullibility of that particular individual so our Nigerian frauds or the lotteries that we win on a regular basis of hundreds of million dollars uh those messages the emails that we receive they are all fishing emails where uh they're basically prone to victimize the user and then Rob them of money or uh install some malware or do some other malicious activity if you want to enhance encryption about data that you have stored on your devices or on your uh or that is accessed by your software or being transmitted by your software use encryption encrypt your data whether it is at rest whether it is in motion or whether it is at Ed thus reducing data leakage and data loss uh possibilities and finally and the foremost secure your DNS DNS is the domain name server which is utilized by computers to resolve domain names to IP addresses if a DNS poisoning attack is possible where your DNS settings have been modified by an attacker and you redirected to a malicious DNS server that server is going to redirect you to another malicious application which may have a malware or a malicious software as a payload also you don't want people to know your DNS servers and the queries that you're making so you want to use secure DNS or uh DNS overation https to encrypt your DNS queries as well so in a nutshell if you follow these eight steps your devices your computers your applications are going to be as secure as possible the next question discuss security related aspects between C C++ and Java now this is an open-ended question it depends on which level you're giving an interview on but you're looking at it from a fresher perspective or a less experienced perspective and thus these are some of the aspects that we want to look at and the comparisons between cc++ and Java so the five aspects that we looking at are Pointers code translations storage allocation inheritance and overall Security based on cc++ and Java so when we say pointers we are looking at how we going to uh uh we using pointers and uh stacks and heaps to point to functions and how we exit those functions and how those functions are then recalled into the next function so C supports pointers it is most secure C++ also supports Point pointers but it is a little bit less secure than C Java it is not supported T access is given to memory allocation and thus it is the least secure as far as pointers are concerned when we look at code translations C is able to compile but it is not secure same with cc++ but in Java it is an interpreted language and it is abstracted and secured in storage allocation in CV use Mal loock and uh klock memory allocation uh Which is less secure because it does not have internal checks on verifying what memory is allocated and the user input that is being compiled or that is being input to that memory right thus this can allow buffer overflow errors uh to creep in because of the uh non-verification of the input data so it is the least secure in cc++ it uses new and delete options and it's comparatively secure but Java uses a garbage collector and thus is the most secure as far as storage allocation is concerned when we talk about inheritance the most secure is cc++ C has no inheritance so it's not secure in C++ it is supported does it is the most secure whereas in Java there is multi- inheritance that is not supported and is comparatively secure overall the most secure out of all these based on these five aspects is Java the least secure is C and the mid level is C++ moving on to question 13 what are the different sources of malware now malware stands for malicious software right malware is basically a software that poses as a legitimate software but has a payload of Aion virus pyware key logger or some malicious software that is going going to have a negative impact on security of your particular device so the question here is what are the different sources of malware we want to identify the most common sources through which malware infect end user devices in today's world and it can start with popup ads so most of the websites if you're visiting untrusted sites if you're being redirected to sites that you don't know about there'll be a lot of popups coming your way where it says you're the 1 millionth visitor to this site please click here to download your gift or it will say uh congratulations on winning a particular product for visiting this page and so on so forth there are some instances where you can see a banner which is flashing at you on top of the page and says that there are eight uh infections that have been identified on your computer click here to download an antivirus to clean the infections so all of these popups are there as a social engineering attack as a fishing attack to make gullible people click on those links and download those malwares now the software that is posing as a security software itself can be a malicious software which is going to install a Trojan or a wirus or a bot on your machine compromising the security of that machine the second is removable media USBS and humans have a fascination with USBS so if you find a USB lying around it's a free USB you get excited about it and you want to take it home you want to plug in into a machine and see what's on the USB worst case scenario you format it and you got a free USB to utilize higher the capacity the better but that is one of the most easiest way people use malwares to uh to be deployed on unsuspecting users if there is a USB lying around why would why would somebody want to forget a USB it's most likely planted over there as a social engineering attack so that a gullible person is going to pick it up plug it into their device if if the device is not secured enough it is going to install the malware right uh then documents and executable files this is where your viruses and uh all those creps in so let's say you're surfing on the internet you're looking for a software uh and you find the software on a particular website you do not verify the trust worthiness of that site and you just download and install that software now that software could be malware as well thus if you're surfing on the internet you're downloading files from different locations you have to research the website you have to research the source to ensure that it is trustworthy and only then are you going to download and execute those files does internet downloads as well and when we say internet downloads it's not just untrustworthy sites we go to torrent uh we go to uh the dark web or the Deep Web and we searching for other softwares especially uh those who are researching security right we always want we are always on the lookout of new softwares and we always on those forums which which may not be so much trustworthy and we just download those files and start installing them that is a very bad scenario right so you have to be very careful what you're downloading from the internet your antiviruses your uh anti-fishing uh mechanisms your threat intelligence mechanisms uh have those uh mechanisms installed and you want to verify where your downloads are coming from then your network connections if it is a P2P connection it is a local area network connection or a metrop an area network you have to verify whom which devices are connected to your machines and you have to validate those connections before you want to trust those devices uh and before you connect to them if you are on a public Wi-Fi you probably don't want to connect to a public Wi-Fi in the first place then comes email attachments there are so many attachments that come across in today's world most of them in a zip format or a RAR format uh some of them come as document files where there are macros hidden within them macros are scripts that are recognized by Microsoft Office files right and then finally there are these malicious advertisements that we find online right uh Let It Be Facebook let it be WhatsApp let it be uh any social media platform that you go or even your search engines their job is to display ads their job is not to verify whether the ad is legit or not it is for us as consumers to be care careful and validate that ad and verify whether it is a genuine ad or not so just don't start clicking on uh any of the ad trusting uh the platform that you're on be uh be sure that you are investigating that ad so these are the most common sources of malware and the end user will always get infected by one of these mechanisms moving on to question 14 how does email work now this is a very uh can be a complex question uh but we have to keep it as simple as possible and we have to identify that there are uh two servers where both of them either using SMTP where which is the simple message transfer protocol where uh in this scenario John wants to send an email thus they've got an email client installed on their machine which is connected to the male Exchange Server which has a DNS server which Maps the routing and uh which maps The Exchange Server and inboxes so when John composes that message and clicks on send John should be connected to a Mail Exchange Server where the email is sent through that particular person's inbox so John's inbox will then uh be validated and that email will then be sent through the DNS server uh through the internet and will be received by the recipient mail server so at this point in time John also requires the recipient's email address so in this case this is Jack so Jack something.com would be uh the email address so when John is composing uh the two field will have Jack's email address the from field will have John's email address the subject field will have uh whatever they want to convey as a message the message body will have the message itself and then when uh John clicks on send it will go to their Exchange Server The Exchange Server will then validate the Inbox and ID didn't ify where that inbox is located for Jack and then through the internet it will be sent to Thea uh to the mail server of Jack the mail server will then identify the proper inbox that it that that email needs to be sent to and it will store that email in that particular inbox when Jack opens their computer and accesses their inbox this email from John will be already waiting for them and they can respond to it the same way John had sent that email if getting your learning started is half the battle what if you could do that for free visit scaleup by simply learn click on the link in the description to know more moving on to question 15 what are the types of threats a company can face right and this is where your threat modeling comes into the picture so you're looking at softwares you're looking at operating systems and the company comes and asks you uh what are the threats that are most likely that a company will face so on a broader scale the threats that a company will always face would be classified as natural threats man-made threats technical threats and a supply system threat so a natural threat would be an act of God which is outside the control of human beings could be storms or any natural occurrences like volcanos uh thunderstorms flooding earthquakes fire and so on so forth so anything that is natural so it depends on the geographic location that you're in and what kind of climate that area faces and you need to identify the immediate threats and prepare for them so if it is flooding that you're looking at uh and you want to look at an office uh uh and the possibility of the office getting flooded is real you probably want to uh take office at a higher floor so that the threat of flooding is minimized for fire we always have a fire drill where we practice our fire mechanism so that we can evacuate all humans as soon as possible and then worry about the technicalities of it under any circumstances under any threats humans will always have the first priority and then everything else comes in man-made threats are where man themselves are a problem so strikes lockouts hackers theft uh War rioting all of those are man-made threats uh which we ourselves cannot be in control of but we need to plan for them and we need to have uh a business continuity plan or a disaster recovery plan for any of these threats that have been identified then come the technical threats technical could be software bugs operating system bugs application bugs that uh that come with the applications that we have or a hardware failure where a server crashes a hard dis crashes maybe uh the processor stops working the motherboard stops working Ram gets corrupted uh any of the technical aspects stopping uh stop functioning does creating a break in the business can come under technical right so uh anything to do with computers let's say a server failing or a patch that is not installed on a particular software those would come under technical threats and then the supply system the supply system are your environmental threats which dep depend on your supply chain fa uh failures what is a supply chain for office to function there are a lot of dependencies that office goes through right there are a lot of other vendors that suppose that support and provide critical infrastructure non-critical infrastructure for the office to function for first and foremost electricity without electricity nothing is going to be powered on and you're not going to be able to function so if there is an electricity service provider and if there's an electric outage that's that comes under Supply system so that's a supply chain failure where the vendor that provides electricity to you you has failed in providing that particular service and now you need a business continuity or a disaster recovery plan so you probably have an inverter or you already have a power generator plant that is going to generate your own power and Supply it to your system right there could be short circuits because of fluctuation in the electricity uh maybe the internet service provider fails and your internet caches so you have a backup line for the internet from a different vendor right and so on so forth Maybe your Hardware vendors who are supplying you servers desktops laptops and whatnot they fail because they they are facing a strike or they go bankrupt and suddenly you can no longer purchase Hardware from your vendor because they no longer are in business so that's a supply chain failure so any of these Systems Failing would also come under threats so under a broad category these are the first four threads that you need to identify and then you can elaborate by providing more scenarios based on the experiences that you have had towards each and every of these threats so natural threat where you may have had experience where there would have been let's say a flooding uh or any natural disaster which caused a problem for the continuity of your particular business so identify each and every example for each of these threats and provide that as an example in the interview what is blackbox and white box testing so when you are testing a software or you're testing your infrastructure there are two different tests that you can conduct the first one is a black box the second one is a white box in a blackbox test there is no knowledge that is shared with the tester so let's say you're a ethical hacker and you have been awarded a contract by an organization to test their current application that they have developed now they're not going to give you any information they're not going to tell you what the application is they just probably give you an IP address and a port number where the application is hosted and now you have to fire in your own queries and try to figure out what the application is is try to gather information see what uh what information can be gathered in the first place and based on that you're going to figure out your way identify vulnerabilities and see if any of those vulnerabilities can lead to an security incident so without any knowledge zero knowledge of the it infrastructure or the source code that's a blackbox attack or a blackbox test a white box test on the other hand is where full knowledge of the it infrastructure or the source code is shared so the ethical hack has complete knowledge and based on the knowledge they are then going to test out the system to see if there are any flaws that they can identify right so why would these two audits be important because the first one a blackbox audit emulates the attack of a Outsider a external hacker sitting outside the organization trying to figure their way in whereas a white box attack can emulate the attack of an Insider so a disgruntled employee within that organization misusing their access controls or the access rights to make uh unvalidated profits right so somebody who's corrupt who has been bribed who wants to sell out company Secrets based uh so they're going to try to find out Vol abilities try to steal data and try to sell it on the uh gray market right so a white box would emulate a internal attack a black box would emulate an external attack moving on to question 17 what is use case testing now use case testing is a functional test and it is also a blackbox test right what is a functional test it tests the functionality of a particular software once it has been created why is it a blackbox test because the user doesn't know what the functionality is they just want to find out each and every scenario and try to see what that scenario generates as a response they are not sure whether that is the appropriate response that should be generated or not they're just trying to find out the response that is going to be generated after they fire off a query so this technique is used by testers to get the test scenarios to exercise the whole system from start to finish so let's say it's a login mechanism for an application right now a user at this point in time the tester since it's a blackbox testing will know that it is a login mechanism they will not know the details of what logging mechanisms are being utilized so they wouldn't know whether uh input validation is done they wouldn't know whether output encoding is done they wouldn't know how the the CGI calls are being made they will not know how the uh queries are handled at the server side and how the database is going to treat that particular query so they have no idea whether the SQL injection attacks are possible and so on so forth so for them with whatever input they're going to try to insert for that login mechanism that's a functional blackbox test the functionality mean whether the login mechanism works and based on the type of inputs that they're going to put in whether it creates an unwarranted output whether they can bypass the mechanism or they can hack into the system because of some of the flaws that were left behind right another example here is a software made for users to use for documentation the testers will test all the cases that the user can do so can the user view a document can they add new documents can they edit documents and can they delete documents so this functionality will depend upon the access controls that have been granted to a particular user so for this particular user the tester at this point in time they would not know whether they are an administrative user or they are a regular user they'll just try to do all of these and then write the responses saying I was able to view I was able to add I was able to edit and I was able to delete now the result will be then sent to a manager the manager will look at the results and then based on the actual access controls that were supposed to be there for this particular user then we'll try to identify whether this is an acceptable case or whether there were any flaws within this case moving on to question 18 what is static and dynamic testing now this is again in application testing static testing is done in an early stage of development life cycle now software development life cycles there are multiple of those what are these life cycles there are different stages in which a application is uh created and provided to the customer so your first stage would be determining the scope of the application determining the hardware requirements for that application then creating a flowchart for that application a functional chart for that application and then maybe start coding then an architect comes in test the code verifies the code then the testing phase comes in then the security testing phase comes in and then the user acceptance testing comes in but in every stage at the very earliest of All Stage a static test will always be started to see whatever code has been developed whatever uh scope has been developed whether that scope is going to be correct or or not this will include walkthroughs and code review what is a walkth through a walkth through is going through documents that have been generated and trying to find faults in the documented Journey that has been that has been created so far so let's say somebody has created a workflow or a flowchart for a program how the functions are going to be called and how they're going to be executed so a walk through would be where uh all these responsible people will walk through that particular flowchart and find out any flaws within that and then Rectify them if there is any code that has already been written this code will be reviewed manually and any flaws within that code would then be identified static testing will always be 100% accurate in a very short amount of time because it is immediate uh you have created it and then the expert is going to test it to see whether everything is fine or not right it is all about prevention mechanism so since you're doing it at the exemption itself if you find any flaw it gets immediately repaired so this is about preventing vol ities from creeping into that application at a later point in time whereas Dynamic on the other side is done at the end of the development life cycle so you have generated the application everything is ready now you want to do Dynamic testing includes functional and non-functional testing functional testing is where the application itself is being tested the functions to see that all the parameters that are given to the application are functioning properly non-functional testing would be where security parameters uh administrative parameters all of them are being very right this is where your test case scenarios come in and uh you're going to test each and every scenario by generating inputs and analyzing the output that the application is going to give you Dynamic testing is all about cure so here you're going to identify vulnerabilities report them to the management and the management is then going to figure out a way of patching those vulnerability so that they can be mitigated moving on to the next question what are the test levels in software testing so as far as software testing is concerned there are four test levels module testing integration testing system testing and the final one is acceptance testing so in the testing phase of your development life cycle the first thing is a module test you're going to check your routines your sub routines your sub programs procedures that have been written in a program so all your functions all your uh mechanisms for that application are going to be tested when you go into integration testing the software may have been integrated with multiple softwares there may be different API calls coming in maybe a third party software on which you're uh depending upon to supply for information so all of these integration of various softwares various apis are tested to ensure that they're functioning properly and there are no flaws errors or mistakes left behind in the integration of all of these softwares then the system testing is where the entire system so including the hardware including the software right it starts from the installation so now the software is complete we know which Hardware we are going to support for it we start by installing the software and see whether the installation is going to be completed properly if there are any errors in the installation process itself then once it is installed the performance of that particular application the uh WR speeds the read speeds on the hard disk uh the transaction speeds that the application is capable of the network dependencies that the application may have all of those would come under system testing and then the acceptance testing which is basically a quality assurance exercise that the application meets the client's requirements so the client in the first stage would have given the scope of what needs to be achieved in the acceptance testing you're verifying that that scope has been met and the client requirements have been met and you can assure the client about the functionality and the performance of that particular application coming to the last question in this uh software programs what are the valuable steps to resolve issues while testing so in the previous scenarios where we have started testing now if you find out a when you execute a particular use case and then you find out a flaw what would be the steps that you would utilize to address those particular flaws in those tests the first step will always be record then you're going to report it and then you're going to introduce a Control process for it so when you say record you're going to create logs and you're going to try to resolve all the problems that have happened now when you say resolve you're not going to recorde the application but you're going to test the system again and again to ensure that whatever is being recorded is accurate and all the logs all the error mechanisms all the dumps all of those that have been generated due to this particular log due this particular error are being captured so that they can be reported to the higher level managers so the next step is once you have once you have accumulated all these logs and Records you're going to report them to the higher level managers who are then going to investigate it and go back to the developers trying to figure out the best way to mitigate those particular flaws so the report writing needs also also needs to be accurate uh it needs to be to the point uh it needs to detail what the problem was it will document all the steps that there were that you took all the inputs that you put in and it will also record all the errors and it will also record all the mechanisms that were utilized and the uh errors that were generated and that report will be given to the higher level managers who can then forward it to the developers who based on those reports can dra start their troubleshooting and then the control mechanism comes in you're going to uh Define the issue management process so this process needs to work in a particular manner where you're doing a test you're recording whatever is happening you're creating a report of of it you're sending it to the management the management will then take those reports study them take it to the developers the developers will test based on their criterias they might interact with the testers at that point in time to identify particular flaws and then they might want to recorde that application or develop a patch which once installed will mitigate that particular flaw and then it can come back to the testing phase again where you can repeat those tests and validate that the flaw is no longer existent so these are the three steps that would be uh utilized for testing purposes and that brings us to the first 10 questions on the software platform in the next video we'll be looking at operating systems and applications the first question is on virtual memory what exactly is virtual memory for a computer we have two types of memory we first is the primary memory which is your random access memory which is also known as a volatile memory and the secondary memory is your hard disk where your data is permanently but for a computer when it has let's say a 4GB memory or a ram as in this scenario on your screen it is going to replicate that and is going to create another 4GB of virtual memory on the hard disk and it is going to use it in tandem along with the ram so if the ram is insufficient the processor is going to utilize the 4GB of the virtual memory that is created on the hard disk and it is going to swap data from the ram to the hard disk this can also be known as a page file or a swap file the next question is what are different scheduling algorithms now the context for this question is you're talking about a Prof a processor and you're talking about how processes are going to be fed to the processor and how the processor is going to treat these processes so the first is first come first serve so the process which requests the CPU first gets the CPU allocation first now whenever there are processes that are being run by different applications they make request for some CPU time now in first come first serve the first service or the first process that is going to request some processing time will get that much allocated to them they will run through the process first and then the next and the next and so on so forth the second one is the shortest job first this is the process where the shortest execution time for that process is calculated and that process is selected first for the CPU then there is priority scheduling the schulist selects the tasks to work as per priority so there would be some tasks that are marked with high priority some would be normal and some would be low So based on this high normal or low priority uh all the processes will be classified high priority will be dealt with uh first then the normal and then the least priority the fourth option is multiple level cues where processes are assigned to a queue based on the specific property like process priority the size of of memory Etc so it will be classified based on the attributes given to that particular process and uh multiple cues will be created and then based on the attributes the processes will be uh processed by the CPU then shortest remaining time the process will be allocated to the task Which is closest to its completion so or you look at it this way the process that will take the least time to complete its processing would be chosen first and then the round robin method where each process comes in turn gets an equal share of time so if there are 10 processes each process will be allocated a certain amount of time after which the next process will be processed and so on so forth and it will continue in a round robin fashion till all the processes get executed so in short six different scheduling algorithms depending on how you uh how the operating system deals with it the next question is what are the steps involved in hacking a server or a network so this is more of ethical hacking question you're looking at devices and for uh and the interviewer asks you uh what kind of steps are involved what are the activities that you would do in hacking a server or a network now there are no specific steps that you would Define because every hack is going to be unique but it has a hack can be classified into five different steps which are quite generic right so the first step will always always be the recognizance step also known as information gathering phase also known as footprinting or fingerprinting uh depending on what exactly you're doing but in this phase the attacker gathers all the evidence all the information that is possible about the targets that they want to attack so here you're trying to get to know the victim so you can launch specific attacks towards them you want to identify what operating system they utilizing what IP addresses Mac addresses the versions of the operating systems and applications the patch levels find out vulnerabilities find out whatever information is possible find out the information about the uh person who's using those computers so you can launch social engineering attacks and so on so forth so the first step is all about gathering enough information based on which you can launch further attacks once you have that information comes the second phase which is known as the scanning phase this is more of a technical phase so you have uh in the first step you have got your IP addresses domain names maybe even Network maps and you have identified which devices are available now in the scanning phase you're going to identify live devices and then you're going to scan them for open ports processes protocols Services you're going to identify vulnerabilities you're going to enumerate them to identify more information from them thus at this point in time you will have identified a certain set of vulnerabilities or a certain set of security loopholes that you can misuse once you have identified those you're going to the next step which is the gaining access table in this you're actually going to execute your attacks based on the V abilities that you have found and you're either going to gain access to that particular system by installing aosion or destroy the system by installing a virus or install a spyware or a key logger whatever you wanted to achieve so in the gaining access phase you would have based on the knowledge that you have gained in the first and the second phase you're going to launch your attacks and you're going to try to gain access to that particular device then the next step is where you're going to maintain that access now that you have hacked into that device it is not necessary that you will always be able to get access to that device uh suppose you have cracked the password of that particular user and the user changes that password after a few days your attack is worthless so what you're going to do here is you're going to maintain your access so this is where it is assumed that you want repeated access to that device and thus you're going to install a key logger or a trojen or some mechanism which will still allow you to get access to that device without the knowledge or the authorization of that particular user and finally the last step is where you're going to cover Your Tracks so whatever activity that you have done so far will have created logs and will have created information based on which the victim will come to know that they have been compromised and may be able to trace that activity back to you so to prevent the user or the victim from realizing that they have been hacked and to prevent them to discover who has hacked them you want to cover your tracks by deleting logs and any references that point to that particular activity you're going to hide the files that you have created so you have installed a droan or a key logger these will create files and directories you're going to hide them so that they are not discovered you're going to hide processes that have been created you have going to try to hide all the activity that he have done so that to conceal the actual attack and preventing the user from realizing that they have been compromised so these are the five steps that will be involved in hacking a server Network application or any Computing device you'll come across the next question refers to what are the various sniffing tools now this is a network based attack where you're trying to capture data packets that that are being transmitted over the network and then you're going to analyze them to see if you can capture any sensitive information like usernames passwords Bank details or anything of that sort now these tools would also depend on which operating system you're utilizing for example MSN sniffer would work on Microsoft uh operating systems eer cab would be based on Linux and so on so forth so on the screen you'll see six different sniffing tools that work on different operating systems wire shockk is uh something that is common both on Windows and Linux uh it is used to analyze Network in details it is the defacto tool that you will come across in most of your ethical hacking trainings in most of your organizations when they want to do uh data captures now data capturing or packet capturing is not only done by hackers to gather more information but is also a known troubleshooting technique used by administrators and network administrators to analyze any issues that may be going on in the network right so the first to you see on the screen is wies shockk like we stated is available for Windows Linux uh as well then there is TCP dump which uh again has the same capability of wire shockk but is a command line version whereas wi shark also has a GUI a graphical user interface TCP dump is available on Linux MSN sniffer it's a very old tool uh when we had MSN Messengers uh MSN Messenger is no longer there but Microsoft does or did have a Microsoft message analyzer Tool uh which they have stopped development since 2015 uh but that's another tool that is specific for Microsoft operating systems from Microsoft that can be installed to gather more information then you got eer cap which is a tool to launch man inth the middle attacks data capturing and is is essentially a Linux command line based tool then D sniff is another password and network capturing tool which can help you capture data packets prominent ly a Linux uh tool same with eer this is a graphical tool which will allow you to uh capture data data traffics and map protocols and identify which IP addresses have been communicating with what essentially all of the tools have similar functionality except that uh some have additional functionality like launching man in the middle attacks or uh capturing or having specific filters that will help you identify and troubleshoot some network issues that you may be facing moving on to the next question what is an operating system now this is a very difficult question to answer because uh we normally when we want to answer this question we start off with the functionality of an operating system right uh we try to describe what Windows does or what Linux does or what Mac OS does and then we trying to figure out what an operating system is in the first place but an operating system essentially as the slide says is a software program that provides a platform for computer hardware to communicate and operate with the computer software so it is basically an enabler for human interaction with the hardware that you have if you take the operating system out of the question it's just some Hardware which cannot interact with you but essentially when you have operating system like Microsoft Windows or Linux or Mac you're ENT essentially installing an instruction set on that particular device which will allow you to interact and manipulate the hardware to do what whatever you want that Hardware to do right essentially uh when we talk about uh drivers for your various devices like a driver for your Lan card or for your sound card or for your graphics card which allows you to tweak these cards uh for functionality right it allows us input and output functions uh for example the basic example you open up Microsoft Office Products like Microsoft world or Excel and you get a GUI on the screen uh which you can interact with you got a keyboard and you type on that keyboard and the computer knows what you're typing and reflects those actions on the screen by showcasing it on that particular uh Excel file or a word file so how does the computer know what to do or what you're exactly intending to do at this point in time it is all the operating system that is providing you all these Services analyzing what your inputs are and then based uh on the programming it is going to execute that and show it to you on the screen right some of the most common commonly used operating system are Microsoft Windows you have them in desktop as well as server variants Unix Linux again Linux has desktop and uh servers you got UB 2 in Linux red hat and so on so forth and then you got Mac OS uh for uh Apple related components the next question what is the difference between micro kernel and macro kernel now the first thing we need to know is what is a kernel kernel is the heart of the operating system that allows that input and output to happen it allows those drivers to be set up so that the hardware can interact with the software and we can then instruct the uh software and the hardware both to function in a particular manner so there are two types of kernels micro kernels and a micro kernel micro kernel is something that we normally use micro kernels are for uh operating systems that use processes directly handled by the processor the micro kernel is very small in size uh micr kernel is large because it basically is the entire image of the operating system the execution for a micr kernel is slow the microc kernel is going to be faster because it is more evolved there's a lot of programming involved extendability micr kernels are easy to extend micro macro kernels are hard to extend as far as security is concerned if a micro kernel crashes it takes everything down with it the entire operating system is going to crash but in case of a micr kernel it is only that particular process that is going to get affected micr kernel there is a lot of coding involved macr kernel less coding is involved examples of micr kernels would be Symbian OSS most popularly used on Yer phones nokas if you remember those uh qnx and so on so forth macro kernels your Linux or BSD operating systems essentially use macro kernals next question what are the different types of operating systems so as you can see on the screen five types of operating systems batched OS distributed operating systems time sharing multi-program and real time what are batched operating systems the computer operator places the jobs coming from input devices into batches so consider this not from a desktop perspective but from a server perspective where these devices are used by organizations to compute and to crunch some processors that is going to make some business sense out of it so when there are multiple processes coming in multiple jobs that are going to be scheduled a batched OS is going to place these jobs in batches and they're going to Crunch those uh based on the uh inputs that have been given by these operators distributed OSS where there are multiple computers which are interconnected and are communicating through networks so in a corporate environment you don't use one single computer to do everything you got a Data Center and the data center will have a cluster of servers where they're going to share some resources to Crunch one particular task right so that's where your distributed OSS come into the picture then you have time sharing OSS where you are renting some time so time sharing OS minimizes the response time example in today's world Cloud right uh you go onto the cloud you have a virtual service over there uh you schedule something you schedule a job over there it is uh uh it is executed and for that time being that operating system Services your particular request and provides you that particular job any application that you see online that is executed for example Facebook from a consumer's perspective uh could be a time shared experience then multiprogrammed OS the operating system uses CPU scheduling to separate jobs so you're scheduling the CPU to complete certain jobs in this particular Manner and in realtime OS the operating system gives maximum time to credit IAL operations so it identifies uh the priority of these operations it knows the high priority items the medium low priority items and based on that it is going to execute these critical operations and get the job done moving on to the next question what is the difference between logical address space and physical address space now when you're looking at address spaces this is where applications come into the picture and when you execute an application it is going to create a particular address in the memory where it is going to create a buffer to store its own information so that it can be provided to the processor processed and then can be returned back to the application as an output right so as far as definitions are concerned a logical address is generated during running of an application or a program a physical address is a physical address or a physical location on the memory module itself right visibility you can view a logical address because it is program rammed into a computer so if I'm looking at C C++ and I'm using maloc or memory allocation uh that's where the logical address is going to be created where a buffer is going to be created for that program and whatever the user input is going to be it's going to be stored in that buffer but whereas physical address is concerned this logical address will be created on a physical store or a physical memory module which will have its own addressing mechanism thus you you can see the memory mod module but you cannot see the specific address on that particular memory module but as far as a uh a logical address is concerned while you're programming or you're debugging the application it will show you the logical address that has been created the start point and the end point of The Logical address that has been created for that particular program it it can be shown in a debugging environment right address space logical and physical address is physical like just case it's the memory module itself you can access only the physical address on that particular memory because logical addresses can be viewed but you cannot access them physically uh generation uh The Logical addresses are generated by the CPU uh during the processing time whereas physical addresses are generated or computed by the memory management unit or the mmu that you have on your computers and as far as logical addresses they will always they are variable whereas the physical address is always going to be constant looking at the next question what is the difference between logical address space and physical address space so moving on from the previous question to this The Logical address is address created by the CPU for the processes that need to be addressed and that need be stored as a buffer in the uh physical memory whereas the physical memory itself is going to be a address that is going to be there on the physical part of that memory which is uh which is going to be assigned to it by the mmu then the next question discusses uh shell shells so what shells are used in Linux now what is a shell shell is the command line interface that we utilize on a Linux machine so the terminal window as we call it is a shell and there are different variations of a shell based on what lineu operating systems you're using the desktop operating systems that you use uh or the server operating systems in real in today's world that you're going to use normally will always have a bash shell which is the first shell that you see on the screen known as a bone again shell it is a default for Linux distribution so as far as end consumers regular consumers are concerned it is always going to be a bash shell a bone again shell that you're going to utilize for scripting and to execute regular commands but when it comes to high level programming or it uh comes to specialization tasks then you got the rest of these uh shells that you can utilize for example the ksh known as a con shell is used for high level programming which supports associative areay and buil-in op the CSH or the C shell uh has different functionality like spelling Collections and job controls the zsh or the Z shell provides unique features like file generation startup files and fish friendly interactive shell which provides features like Auto suggestions and configuration so all of these have different functionalities depending on what uh usage that you have for that particular shell the most common shell like I stated is the bash shell that you'll always come across in your deskt stop Linux operating systems then looking at the next question what are the process States in Linux now what is a process process is basically a service that is running for a particular application for that application to function right uh this process is going to direct user input to the processor process it uh get that output back to the application execute it and then show it onto the graphical user interface for the user so in Linux there are five states for a process first is the ready phas now in ready in this state the process is created and it is ready to run so it is waiting uh it is waiting for input it's ready uh the application is executed the running is when the process has being executed itself blocked or weight is when user input is being looked upon so it's waiting for user input so that it can do the processing completed or terminated it has completed its execution or was terminated by the operating system for some reason or the other so this is where things have uh the processing has been completed and then last St state is zombie where the process is terminated but the process table still holds the information or maybe it is waiting for the kill request before it gets terminated so these are the five states for a Linux process to be in and that brings us to the 10 questions in the operating system and application space in the next video we'll be looking at 10 more questions on cyber attacks interview questions BAS based on cyber attacks let's start off with the first one the first question is what is SQL injection SQL stands for structured query language which is a language that is used by most of your databases or your relational databases uh the the variations of your database would be MySQL Microsoft SQL Oracle SQL you'll have IBM databases all of these databases utilize the structured query languages to interact with the applications now all of these databases have their own syntax so you'll have to study most of these databases based on which applications and which databases you want to provide security for but as the name suggests SQL injection varability or a structured query language injection vulnerability is where a user can maliciously inject a SQL input or a SQL statement in a query and send it to the database and aoker response response out of it so this varability is not specifically to the database it uh the viability lies more in the application and the coding of that application so when the application receives a query which it needs to be forwarded to the SQL uh database we need to configure at the application Level of what queries are allowed and what queries are not allowed so there are different various aspects of how to manage a SQL injection varability but the basic flaw lies in the application where uh invalidated input is accepted and sent forward to the database where the database might confuse it into an executable statement and thus create a response that was not warranted there are various types of SQL injections uh as shown on the screen inband SQL injection where you can look at an error based or a union based injection a blind SQL injection where it is either Boolean based or a Time based attack and then outof bound SQL injection essentially you're looking at databases and you're looking at application security where you want to encourage secure coding practices so in unvalidated input is mitigated then the next question is what is spoofing now in spoofing you're basically assuming the identity of another person so here the attacker pretends to be some other person or an organization and sends you an email that appears to be a legitimate email it looks almost genuine it has been constructed to replicate what a genuine email would have been and it is very difficult to spot a fake one there are different ways to identify whether an email is genuine or not but that's for a different video moving on to the next question what is a distributed denial of service attack or a Dos attack now generally a denial of service attack is an attack where legitimate users are prevented access to the resources that they legit timately can access right so for example if it is a bandwidth based attack the attacker consumes the bandwidth of the network in such a way that there is no more bandwidth left for legitimate users to access the network now a single device may not be able to generate that much amount of uh traffic to consume the bandwidth of a youth server thus the attacker will construct a botnet and through that botnet they will launch a distributed denal service attack to the Target victim right so a botnet uh there are two terms that we want to look at over here the first term is a bot and the second one being the botn net itself bot is a software that once installed on a victims machine allows the hacker to uh send remote commands to that machine that will make it do generate some activity once we have enough machines uh on which such Bots have been implemented the collection of these machines would be known as a botnet so an attacker would then instruct this entire botnet to start generating data traffic to be T to be sent to the targeted Network or to the targeted server which will then bog down the server thus crashing it and preventing users from accessing that particular resource the next question is how to avoid ARP poisoning or ARP now first let's understand what ARP is ARP stands for address resolution protocol which is a protocol used by computers to communicate over the network once your computer boots up it starts a discovery process of identifying its neighbors so if I'm in a particular subnet my machine will proactively send out ARP request and address resolution protocol to find out which other machines are within the same network and which are live once it sends out a query a live machine will respond to that query along with its Mac address this information is then stored in what is known as a ARP table or an ARP table on the machine's cache so whenever my machine now wants to send out a packet to this particular machine it will go to the ARP table it will identify the IP address and the associated Mac address it will print that onto the data packet as a destination uh IP and destination Mac and send that packet across to the switch the switch will then identify by the MAC address send the packet to the relevant machine that is connected to that particular switch now to confuse this switch into sending it to a different machine R poisoning attack is created this attack is generally launched to create a man in the- Middle attack now to prevent this AR poisoning from happening in the first place there are three different aspects that we can utilize first we can use packet filtering which will filter filter out and block packets that have the same Source address data so you have identified some malicious IP addresses and you want to block out some IP addresses so you're using a packet filter firewall where you have instructed the firewall to filter out certain packets originating from particular range of IP addresses this firewall and this technique will then block those kind of packets coming in second keeping away from trust relationships organizations will develop protocols that do not depend on trust relationships and thus you want to keep this protocol away from there once you have created a trust relationship uh these machines should not be sending out ARP request to other machines in the first place since uh the trust relation has has been defined and these machines know whom to communicate with such kind of protocols should then be disabled or you can use ARP spoofing software so there are some there are softwares out there that will look for ARP spoofing and prevent that from happening in the first place so if somebody has sent out a spoofed ARP packet that packet will be picked up by this software and it will be mitigated of network visualizers like glass wire antiviruses like sof force uh they have inbuilt capabilities of identifying uh op Ops spoofing attacks and mitigate them in the first place in the next question we're going to discuss what is ransomware now ransomware is a type of malware that blocks victims to access person files and demands Ransom to regain access there are three categories before we go into the categories let's just revisit what ransomware is let's start with the word malware malware is a malicious software that poses as a legitimate software but has a payload that will have a security impact on your machine so in this instance uh viruses Trojans all of these can be classified under malw so can Ransom w a troan is a software that will give you backd door access to a to a particular device a virus will do some destructive activity on that device a ransomware will basically encrypt the data of that particular user from on that particular machine thus rendering that that data inaccessible to the users themselves and in turn will'll demand a ransom to provide access to that particular data so the three types of ransomwares the first one is scareware which uses social social engineering to cause anxiety or the perception of a threat to manipulate users into buying unwanted software so this prays on the gullibility of humans where you can see a popup appearing on your screen which can scare you into believing that you may have been attacked or there is a virus on your machine and then instructs you to download a particular software to mitigate that particular virus now the malware will be in this software that you will be downloading and then a ransomware will be installed and your data will be encrypted screen lockers uh where locking users computers by preventing them from logging in and displaying an official looking message you will see a screen saver once you boot up which prevents you from accessing the login page so it will not allow you to log into your own machine but it will give you a warning that your data has been encrypted and you need to connect to a particular email address and send bit send Bitcoins over there uh to get a decryption key to access your own data and then the encrypting Ransom where displays a message demanding payment in return for the private asymmetric key which is needed to decrypt the symmetric keys for encrypted file so once your files have been encrypted you might just have a blank screen in front of you where you'll receive a warning message uh where it instructs you to pay up a ransom in Bitcoins or in some cryptocurrency to some particular digital ewallet which is not traceable and once you make that payment they will send you the decryption key and then you can access your data if getting learning started is half the battle what if you could do that for free visit scaleup by simply learn click on the link in the description to no more then talking about the next question what is the difference between an active and a passive Cyber attack now when we talk about cyber attacks Cyber attack is a activity that is caused by a malicious user who wants to try to get access or do some security incidents on the victim's devices so there are two ways that can happen it's either in an active manner or a passive manner in an active manner the Intruder attempts to disrupt a Network's normaly modifies data and tries to alter the systems resources so this is more active where the attacker will proactively uh try to destroy the network so that Communications fail or they might try to modify the data where're using a ransom where they can encrypt it or they might delete that data using a virus or steal that data using a Trojan or they might even alter the data so that it is no longer trustworthy whereas in a passive attack the Intruder intercepts data traveling through a network here the Intruder EES drop but does not modify the message so they're just listening in they're just observing what is going on they're not manipulating the data they're not stealing anything it's just that they are monitoring the activity that's going on then the next question what is a social engineering attack now social engineering attack is a people-based attack the victim here is the Human by itself the world also lies in the human it may be executed through a computer but end of the day the gabil is of the human so it is the art of manipulating people so that they end up giving up confidential information now we always read in the papers where somebody got manipulated their passwords got hacked and somebody's life savings got wiped out right because they shared the OTP with someone or they shared a the password with someone now creating a scenario where these people will fall prey to this attack and share this kind of personal information to unknown people that is where the social engineering attack comes in creating that scenario which will ensure that these people give out this confidential information now there are three categories in this attack well the first one is a fishing attack second is a spear fishing attack and a third is a veiling attack now fishing attack is basically a generic attack it is targeted To The World At Large whoever Falls prey to that attack will be a victim whereas a spear fishing attack is a targeted attack towards a specific individual or a group of individuals or towards an organization so there is a lot more research that goes into spear fishing where you analyze the victim you try to figure out what their vulnerabilities are and you tailor make or you customize the attack to that particular vulnerability once you have that attack you launch it against those people those people will then fall prey to this attack and a veiling attack is where you're attacking top level Executives so the SE level Executives of an organization politicians movie stars wealthy and powerful people uh so any of these people when they're attacked it will be known as a veiling attack next question what is man in the middle attack now this is something that we had touched base when we talked about ARP where the ARP poisoning attack needs to be executed to leverage a man in the middle attack now in the man in the middle attack the attacker attacking computer takes the IP address of the client unaware of this the server continues to communicate with the attacker now if you remember in a previous question we have also talked about spoofing so in this scenario uh attacker has spoofed their IP address to replicate themselves as a genuine client and now with that spoofing in mind they might either through a our poisoning attack or just because of the spoofed IP address become a man in the middle that means that they are now e dropping on the conversation between the actual client and the server by posing themselves as a server in this scenario the attacker is now a go between between the client and the server and can ear drop and can copy the data if they want they can modify the data as well so as as you can see on the screen the attacker becomes man in the middle which means that they are now eavesdropping on the conversation that is happening between the client and the server the next question who have blackhead hackers and white hackers the main thing is the differentiation between a blackhead hacker and a white head hacker now a blackhead hackers are skilled individuals who illegally hack into a system the motive behind such an attack is mostly for monetary gain these individuals are known also known as security crackers now if you look at your criminal hackers those who have malicious intent those who do hacking for the intent of personal gain or for the a matter of disruption the main thing that blackhead hackers lack is authorization they are not authorized to do the activity that they are about to do and they're going to get unauthorized access to devices or to data which is going to cause losses to the organization involved whereas on the other side a whad hacker are are also known as ethical hackers these are the individuals who discover vulnerabilities in a computer network and they help the organizations mitigate these vulnerabilities they help the organizations defend themselves from blackhead hackers so the main difference between these two types of hackers a blackhead and a white hat is the intent and the authorization so black hat hackers will have malicious intent they will try to personally gain from that attack from by finding out VAB abilities they also will not have authorization to conduct whatever activity they are doing whereas on the other side whad hackers will be hired by organizations they will be provide authorization for certain activity that the whad hacker can do to find out those vulnerabilities once those vulnerabilities have been find out found out by the whad hacker they will reported to the management and guide them in implementing security controls to mitigate those bilities the main difference between a blackhead and a white hat is the authorization and the intent the next question what are honey pots now honey pots are a very interesting device that can be introduced in a network uh these basically are decoy servers that are implemented in a network to attract the attention of a attacker it is there to lure an attacker uh into uh attacking that particular device thus creating a security blanket blanket for the rest of the devices so if an attacker has been able to bypass a firewall and is now trying to scan a particular Network when they Scan they will come across various devices that are there in the network they will then proceed to do avability scan on these devices the honey poot at that point in time will provide as an prove as an attraction to these attackers because it will demonstrate some vulnerabilities to the hacker which will divert their attention so these vulnerabilities are simulated on these devices these actually do not exist but the moment the attacker then starts interacting with the honey poot the Honeypot will identify that as a malicious traffic and will warm the warn the administrator about a possible attack that is going on the administrator will then investigate through the honey pod of what activi is going on and then reconfigure their security controls to block the attacker or mitigate the attack itself right so it is more of a decoy server uh that will showcase or simulate some vulnerabilities to an attacker thus to lure them and Safeguard the rest of the network these are the 10 questions for cyber security in the next video we'll be talking about cryptography the first question Define cryptography encryption and decryption now cryptography is used by Security Professionals to scramble data into non-readable format uh which is used in securing that information so it involves converting data from a readable format into a non-readable format and then reversing it back to rable format again for example the word computer is now scrambled into looking like a unreadable format now if you look at this word that it has been scrambled into it would be very difficult for a human to figure out what the actual word was now in this scenario we have taken an algorithm where we have made a shift of the alphabet where we have added two alphabets the current one so C + 2 becomes e o + 2 becomes q m + 2 becomes o so we have done a shift of two and thus the key over here for this algorithm is is the alphabet plus two so any person who figures that out will be able to unscramble this and convert this back into readable text the fact of scrambling a readable text Data into something that is unreadable by using a particular key is What cryptography is all about now as we discussed the decryption again is uh replacing the alphabet and taking it further back by two characters so e - 2 becomes c q - 2 becomes o o minus 2 becomes M and so on so forth so anybody who knows this key u the shift key anybody will able to decrypt this particular character so this depends on the user if I want to utilize alphabet + 5 then the spacing the shifting of that character will be the fifth character from that particular character and so on so forth the next question what is the difference between Cipher text and clear text Cipher text refers to the text which is encrypted and totally undesirable the message received after decryption is known as clear text this text is comprehensible so the word computer is clear text that means that it has not been treated to any cryptographic measures it is what it is intended to be however if the moment we encrypt it that means we scramble it into unreadable text by using any of the algorithms that we'll be looking at that text is known as a cipher text and without the key this becomes unreadable the clear text as discussed is the plain word that we have utilized we using the English language in this instance so the plain word computer is the clear text once we add the encryption layer to it uh we get the cipher text to it moving on to the next question what is a block Cipher this refers to the method of encrypting the plane message block by block the plane message is broken down into fixed size blocks and then in encrypted now a block Cipher is normally used for data that is stored so a data that is stored on a hard disk and we want to encrypt that data that is known as block encryption or a block Cipher so a block Cipher is an algorithm that will allow you to encrypt data that is stored onto a hard disk so in this example we've got uh plain text which is 64 bits in size and we have added a layer of encryption to it so plain text plus the key that we have studied in the previous questions and then The Scrambled data out of it which is unreadable and thus encrypted then the next question what is public key infrastructure now the public key infrastructure is a set of policies which secures the communication between a server and a client it uses two cryptographic keys public and private so the infrastructure itself is a set of policies people procedures and techniques which are standardized in nature and are globally accepted which allow us to use dig certificates to encrypt data and decrypt the data at the other end we use a symmetric encryption over here which means that we are Ed two keys one is a public key to encrypt and the private key to decrypt the other part of encryption is a symmetric encryption where the same key is used to encrypt and the same key is used to decrypt now in a public key infrastructure uh like I said we have standardized that so in in the standardizing part of it these are the various play players that have been defined in the public key infrastructure the first is this user or the sender in the scenario the one who requires this digital signature to digitally sign a particular transaction or a communication a registration Authority with whom they're going to register for that particular key the certification Authority who issues that key the verification Authority who validates the uh key itself and the recipient who's going to be the other party of that particular transaction so how is this utilized a sender or the user who requires this digital signature will request or apply for a digital signature with the registration Authority the registration Authority would validate the genuinity of the user so they might do some uh identity verification or uh proof of residence or something like that once they've identified the person and they have validated the information they will then send the request to the certification Authority stating that the sender has been validated and we can and the certification Authority can issue the digital certificate to the particular user they will send the public key to the sender which will be utilized by the sender for a further transactions so when the sender is going to sign some data and uh wants to send it across to the recipient they will use the public key to sign it and send it across the recipient will then validate with the verification authority to see if the data the sign data is correct or not now while the certification Authority sends the public key to the sender the certification Authority updates the private key with the verification Authority so whatever is signed by the uh sender uh received by the recipient and they want to validate it they will send it back to the verification Authority the verification Authority will validate using the private key once the private key is validated it will then send the okay signal back to the recipient does allowing the validation of that particular transaction if the signature is tampered with or is not the verification Authority is not able to validate the signature it will then send a denial message back to the recipient and the transaction will not go through so the pki enables trusted digital identities for people so the pki grants secure access to digital resources based on the infrastructure that has been created and the core of the pki is a certification Authority which ures that the trustworthiness of the Digital Data is ensured so going back to the previous slide these are the key players that have been standardized in the uh public key infrastructure the certification Authority is the authority that issues the digital certificates the validation Authority is the one who validates that uh digital certificate moving on what is RSA RSA is one of the first public key crypto systems that is used for secure data transmission it stands for revest Shamir and Adelman now these are the three people who have created this algorithm Ron reest ADI Shamir and Leonard Adelman who are the inventors of this technique it is a asymmetric cryptography algorithm which works on both public and private Keys hence the encryption key is public and the decryption key is kept private now as we have discussed earlier symmetric and asymmetric cryptography symmetric cryptography is where the same key is used to encrypt and decrypt whereas asymmetric cryptography is where there are two keys to encrypt and decrypt the algorithm what are the few alternatives to RSA now RSA is an algorithm that is used for encryption there are a lot of other algorithms that can be utilized uh to alter or to scramble data depending on your requirements so in the previous question we have studied and we have talked about what RSA is it stands for uh reverse Shamir and adma the three creators of that particular algorithm but there are a lot of alternatives to this algorithm them depending on how secure you want that data to be and some of them are listed here on your screen Duo security OCTA Google Authenticator and last pass last pass is a password manager so is Duo security Google Authenticator something that we all utilize it is an application that we can download and store on our mobile devices and we can set that up to authenticate ourselves with certain portals so it issues a unique ID to us which once utilized will allow us access to those particular portals OCTA is an identity manager where you have you have created different digital identities and you have assigned them certain permissions and based on your authentication mechanisms OCTA will allow or disallow access to those different applications or different portals as you have configured it so all four are authorization authentication mechanisms which can be used as alternatives to RSA if getting your learning started is half the battle what if you could do that for free visit scaleup by simply learn click on the link in the description to no more next question what are the prime objectives of modern cryptography and this is a very important question because we've we've so far looked at what cryptography is and what public infrastructure is but what is the achievement out of it why are we utilizing it and what do we want to uh gain out of it so the main and the prime objectives of modern cryptography are uh as follows mentioned on your screen the first one is confidentiality the second one is non- reputation third one is authenticity and the fourth one is integrity now if I go back to the first one confidentiality uh that is where I want to uh keep data confidential that means it will only be visible to the authorized users right so here I have created a list of people who have deemed as authorized users and have created a digital identity to them and have given given access controls to those people now that is how confidentiality is ensured so uh when we want to keep data confidential we create a list of users who we are going to allow access to certain resources and we are going to Define what access controls are to be utilized what access are allowed whether they got an administrative access or user level access and only those authorized users are going to be uh able to access this resources that is how we maintain confidentiality the next one is non-repudiation non- reputation is the prevention of denial of having being a part of a particular transaction so in the public key infrastructure that we discussed where a digital signature was utilized to sign a particular transaction and then sent to the recipient the sender would not be able to deny of having gen originated that transaction because it was using their digital certificate thus non- reputation comes into the picture uh one more example that we can have here is uh on our mobile phones when we use SMS short messaging service and we send a message to uh to another person the person when they receive a message the number is validated by the service operator and thus the sender cannot uh deny having sent that message the sender at the same time can have a delivery report sent to them uh from that the message was delivered to the inbox of the recipient and thus if the recipient denies having received that message that that delivery report becomes proof of having uh that message being delivered to their inbox thus both the parties cannot deny of have a of being a part of that particular transaction then comes the part of authenticity now in confidentiality we have created a digital identity assigned it to a particular person and we have given them digital signatures where they cannot deny having being a part of that transaction but authenticity is the part where they try to prove that they are who they claim to be so if I claiming a digital identity I have to prove that I am that person who I'm Who I'm trying to claim to be and an example to that is when we go to our gmail.com websites it first asks us what is our usern name our username is normally our email address which identifies the account that we are trying to access right so this account is confidential because it is only authorized for a particular person and once they identify themselves by identifying the email address that's when the authentication part comes into the picture where it asks for the password now it has never ever happened that we just go on to the gmail.com type in a password and then it figures out which account we are talking about so the first step is always the confidentiality part where we identify which account we are talking about and then we try to authenticate as the owner of that particular account by providing the appropriate password to that account if both of these match only then do we get access to that account and and we are able to make uh whatever transactions we want to make now when we are making those transactions non reputation comes into the place where all our activities also being logged so we have identified our account we have authenticated ourselves by providing the password so the proof is there that it is us who are trying to access it and then whatever activity we do send an email receive an email delete something attach something all of those activities are logged and stored as proof of what actions have been done so tomorrow if we deny having sent that email gmail can still prove to us through those logs that the that that activity was done by us and the fourth part is in Integrity which ensures that the data received and sent and re uh sent by the sender and received by the recipient has not been modified while in uh motion so the Integrity part is the trustworthiness of that data that that data has not been modified by any hacker or any other uh it and is still trustworthy so these are the four Prime objectives of modern cryptography once I have scrambled that data using my public uh signature it is only my private signature that is going to decrypt it right uh using these mechanisms I will be able to achieve all these four aspects of cryptography and security next question what is safer now safer stands for secure and fast encryption routine which is also a block Cipher as we have discussed pre previously block Cipher is a cipher that is used to encrypt data that is stored so it has a 64-bit block size and bite oriented algorithm uh saf as encryption and decryption procedures are highly secure this technology is widely used in applications like digital payment card so when you're using your a digital payment gateway to make transactions so you have you have gone onto an online portal you want to purchase a particular item and then it takes you to another payment Gateway where you have to fill in your credit card information sensitive information like your uh expiry dates CVV information and then the OTP or the password that you have created for your particular account now all of these need to be secured or highly secured based on pcss which is the payment card industry data security standard so these standards ensure that certain Protocols are utilized to attain that level of security safer is one of those block ciphers that is used under the digital payment Gateway infrastructure next question how does the public infrastructure public key infrastructure work now we have already discussed this in the previous diagrams uh we have identified the key players the certification Authority the registration Authority the end user who requires the digital certificate the validation Authority who's going to validate it and then the recipient the end user with whom the transaction is going to be uh conducted so so the first point here is uh the request for the digital certificate is sent to the registration Authority they validate it and then they okay to the certification Authority who then process the request and the digital certificate is issued to the person who has requested it so when the person wants to conduct that transaction they use that uh digital certificate to sign that transaction with the end user the end user validates that with the validation Authority and once validated the transaction goes through and now the last question what is the Blowfish algorithm it is a 64-bit symmetric encryption algorithm so this is an algorithm that uses the same key to encrypt and the same key to decrypt the same secret Keys used to encrypt and decrypt the messages here the operations are based on exclusive ORS and additions to on 32bit Words the key has a maximum length of 448 bits now this is a little bit technical uh you might not want to go this technical in an uh in an interview question you just need to identify what the algorithm is used for so whether it is is a symmetric algorithm which means it uses the same key or a asymmetric algorithm where it uses a public key to encrypt and a p private key to decrypt uh thus the Blowfish algorithm is just one more algorithm which uses symmetric encryption to encrypt and decrypt data algorithms that we have seen RSA and the others that we have discussed as far as the interview questions are concerned what we need to remember is uh which algorithms are symmetric which algorithms are asymmetric what do symmetric algorithm Ms do and what do unmetric asymmetric algorithms do and we also look at block ciphers and stream ciphers block ciphers are utilized to encrypt data that is stored stationary data data at rest and stream ciphers are utilized for data in motion while they're being streamed so SSL and TLS is another algorithm that comes into the picture when we looking at streaming data so that wraps up our full course on cyber security for 2023 we hope you had a lot to learn and will be on the lookout for for any suggestions or doubts in the comment section below so if you have any queries you know what to do thank you so much for tuning in today and happy [Music] learning hi there if you like this video subscribe to the simply learn YouTube channel and click here to watch similar videos to nerd up and get certified click here e e for