Scribd
Upload
9 views1 page

DES

DES

Uploaded by

deepak.21cse213
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
9 views1 page

DES

DES

Uploaded by

deepak.21cse213
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 1

A brute-force attack is a method used to gain unauthorized access by systematically trying all possible combinations of passwords or encryption keys

until the correct one is found. It’s like guessing a password by trying every possible option one by one. This method can be effective but is often
time-consuming, especially if strong passwords (long, complex, unique) are used.
To counter brute-force attacks, common protections include:
Account lockouts after several failed attempts.
CAPTCHAs to verify human input.
Using strong, complex passwords.
Modern attackers may use automated tools and powerful computers, making the attack faster, especially if the target uses weak or short passwords.

A dictionary attack is a type of brute-force attack where the attacker tries to guess the password by using a list of likely passwords (a "dictionary")
rather than trying every possible combination. The dictionary typically contains common passwords, phrases, and variations like:

Common passwords: "password123," "qwerty," "123456"


Leaked passwords from previous data breaches
Difference from Brute-Force Attack:
A brute-force attack tries all possible combinations.
A dictionary attack tries only specific, common passwords, making it faster but limited by the quality of the word list.
Defense Against Dictionary Attacks:
Use complex and unique passwords.
Enable multi-factor authentication (MFA).
Implement account lockouts after multiple failed attempts.

Confusion and diffusion are cryptographic principles used to make ciphers secure:
Confusion: It ensures the relationship between the plaintext and ciphertext is complex. The attacker should not be able to find any direct pattern or
connection between the input (plaintext) and the output (ciphertext). Achieved using substitutions in encryption (e.g., replacing characters or bits).
Diffusion: It spreads out the influence of each part of the plaintext over the ciphertext. A change in one bit of the plaintext should result in many
changes in the ciphertext. Achieved using permutations or mixing operations.

The main difference between HTTP and HTTPS is security:


HTTP (HyperText Transfer Protocol):
Transfers data between a web browser and server in plain text.
Not secure: Data can be easily intercepted by attackers (e.g., passwords, personal information).
URL starts with http://.
HTTPS (HyperText Transfer Protocol Secure):
Uses SSL/TLS encryption to secure data during transmission.
Encrypts the data, making it harder for attackers to intercept or read it.
URL starts with https://.
Provides authentication, data integrity, and confidentiality.

Web security refers to the measures and practices taken to protect websites, web applications, and online services from cyber threats and attacks.
It aims to prevent unauthorized access, data breaches, malware, and other malicious activities.
Key components of web security include:
Encryption (e.g., HTTPS) for secure data transmission.
Firewalls and intrusion detection systems to block unauthorized traffic.
Input validation to prevent attacks like SQL injection or cross-site scripting (XSS).
Authentication and access control to ensure only authorized users can access certain data or features.
Web security helps protect user data, maintain trust, and prevent disruptions in online services.

Virus: A virus is a malicious program that attaches itself to a legitimate file and spreads when the file is opened or executed. It can corrupt files,
steal data, or disrupt system performance.
Worms: Worms are self-replicating programs that spread across networks without user interaction. Unlike viruses, worms don’t need to attach to files;
they exploit network vulnerabilities.
Trojan Horse: A Trojan horse is a type of malware disguised as a legitimate program. When executed, it performs malicious actions, like stealing data
or creating a backdoor for attackers, without the user’s knowledge.

Phishing:
Phishing is a cyberattack where attackers impersonate a trusted entity (e.g., a bank or popular website) to trick users into revealing personal information
like passwords or
credit card details. It often occurs through fake emails, websites, or messages designed to look authentic.

3. Spoofing and Sniffing:


Spoofing: Spoofing involves an attacker impersonating another device or user by falsifying data, such as email headers or IP addresses, to deceive the victim.
Common types include
email spoofing and IP spoofing.
Sniffing: Sniffing is the practice of monitoring and capturing network traffic. Attackers use packet sniffers to intercept data sent over networks, which may include
sensitive information like passwords.

JavaScript: JavaScript is a popular programming language used to create interactive and dynamic content on web pages (e.g., forms, animations).
It runs directly in the browser and enhances user experience.
VBScript: VBScript (Visual Basic Script) is a scripting language developed by Microsoft, mainly used for server-side automation and creating dynamic
web content in Internet Explorer. It is now largely outdated.
JScript: JScript is Microsoft’s implementation of JavaScript. It is similar in syntax and function but was specifically designed for use with Microsoft’s Internet Explorer.

Applets: Applets are small Java programs embedded in web pages, designed to run in a web browser. They enhance web functionality but can pose security
risks if they execute malicious code.
ActiveX Controls: ActiveX controls are Microsoft components that add interactive features to web pages and applications (e.g., video players). They have access to
system resources, making them a potential security risk if exploited.

You might also like