0% found this document useful (0 votes)

46 views

Cyber Security and Networking Questions (2)

Uploaded by

Smyla Lucia

Available Formats

Download as PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

46 views

Cyber Security and Networking Questions (2)

Uploaded by

Smyla Lucia

Available Formats

Download as PDF, TXT or read online on Scribd

You are on page 1/ 866

CYBER SECURITY AND NETWORKING

What is Cyber Security?

Cyber Security is the technique of protecting your systems, digital
devices, networks, and all of the data stored in the devices from cyber
attacks. By acquiring knowledge of cyber attacks and cyber security we can
secure and defend ourselves from various cyber attacks like phishing and
DDoS attacks. It uses tools like firewalls and antivirus software to protect
your devices from hackers and malware.

Encryption is the technique that helps to keep your personal

information private, you can only read it. Cybersecurity also teaches you how
to spot tricks like phishing, where bad guys try to steal your info by
pretending to be someone you trust. In short, cybersecurity keeps your online
world safe and secure.

Types of Computer Networks

A computer network is a cluster of computers over a shared communication

path that works to share resources from one computer to another, provided
by or located on the network nodes. In this article, we will discuss computer
networks and their types.

What is a Computer Network?

A computer network is a system that connects many independent computers
to share information (data) and resources. The integration of computers and
other different devices allows users to communicate more easily. A computer
network is a collection of two or more computer systems that are linked
together. A network connection can be established using either cable or
wireless media. Hardware and software are used to connect computers and
tools in any network.

Uses of Computer Networks

● Communicating using email, video, instant messaging, etc.
● Sharing devices such as printers, scanners, etc.
● Sharing files.
● Sharing software and operating programs on remote systems.
● Allowing network users to easily access and maintain information.

Types of Computer Networks

There are mainly five types of Computer Networks

1. Personal Area Network (PAN)

2. Local Area Network (LAN)
3. Campus Area Network (CAN)
4. Metropolitan Area Network (MAN)
5. Wide Area Network (WAN)

Types of Computer Networks

1. Personal Area Network (PAN)

PAN is the most basic type of computer network. It is a type of network
designed to connect devices within a short range, typically around one
person. It allows your personal devices, like smartphones, tablets, laptops,
and wearables, to communicate and share data with each other. PAN offers a
network range of 1 to 100 metres from person to device providing
communication. Its transmission speed is very high with very easy
maintenance and very low cost. This uses Bluetooth, IrDA, and Zigbee as
technology. Examples of PAN are USB, computer, phone, tablet, printer, PDA,
etc.

Personal Area Network (PAN)

Types of PAN

● Wireless Personal Area Networks: Wireless Personal Area

Networks are created by simply utilising wireless technologies such
as WiFi and Bluetooth. It is a low-range network.
● Wired Personal Area Network: A wired personal area network is
constructed using a USB.
Advantages of PAN

● PAN is relatively flexible and provides high efficiency for short

network ranges.
● It needs easy setup and relatively low cost.
● It does not require frequent installations and maintenance
● It is easy and portable.
● Needs fewer technical skills to use.

Disadvantages of PAN

● Low network coverage area/range.

● Limited to relatively low data rates.
● Devices are not compatible with each other.
● Inbuilt WPAN devices are a little bit costly.

Applications of PAN

● Home and Offices

● Organizations and the Business sector
● Medical and Hospital
● School and College Education
● Military and Defense

2. Local Area Network (LAN)

LAN is the most frequently used network. A LAN is a computer network that
connects computers through a common communication path, contained
within a limited area, that is, locally. A LAN encompasses two or more
computers connected over a server. The two important technologies involved
in this network are Ethernet and Wi-fi. It ranges up to 2km & transmission
speed is very high with easy maintenance and low cost. Examples of LAN are
networking in a home, school, library, laboratory, college, office, etc.

Local Area Network (LAN)

Advantages of a LAN

● Privacy: LAN is a private network, thus no outside regulatory body

controls it, giving it privacy.
● High Speed: LAN offers a much higher speed(around 100 mbps)
and data transfer rate comparatively to WAN.
● Supports different transmission mediums: LAN support a variety
of communications transmission medium such as an Ethernet cable
(thin cable, thick cable, and twisted pair), fiber and wireless
transmission.
● Inexpensive and Simple: A LAN usually has low cost, installation,
expansion and maintenance and LAN installation is relatively easy
to use, good scalability.

Disadvantages of LAN

● The initial setup costs of installing Local Area Networks is high

because there is special software required to make a server.
● Communication devices like an ethernet cable, switches, hubs,
routers, cables are costly.
● LAN administrator can see and check personal data files as well as
Internet history of each and every LAN user. Hence, the privacy of
the users are violated
● LANs are restricted in size and cover only a limited area
● Since all the data is stored in a single server computer, if it can be
accessed by an unauthorized user, can cause a serious data security
threat.

3. Campus Area Network (CAN)

CAN is bigger than a LAN but smaller than a MAN. This is a type of computer
network that is usually used in places like a school or colleges. This network
covers a limited geographical area that is, it spreads across several buildings
within the campus. CAN mainly use Ethernet technology with a range from
1km to 5km. Its transmission speed is very high with a moderate
maintenance cost and moderate cost. Examples of CAN are networks that
cover schools, colleges, buildings, etc.
Campus Area Network (CAN)

Advantages of CAN

● Speed: Communication within a CAN takes place over Local Area

Network (LAN) so data transfer rate between systems is little bit
fast than Internet.
● Security: Network administrators of campus take care of network by
continuous monitoring, tracking and limiting access. To protect
network from unauthorized access firewall is placed between
network and internet.
● Cost effective: With a little effort and maintenance, network works
well by providing fast data transfer rate with multi-departmental
network access. It can be enabled wirelessly, where wiring and
cabling costs can be managed. So to work with in a campus using
CAN is cost-effective in view of performance

4. Metropolitan Area Network (MAN)

A MAN is larger than a LAN but smaller than a WAN. This is the type of
computer network that connects computers over a geographical distance
through a shared communication path over a city, town, or metropolitan area.
This network mainly uses FDDI, CDDI, and ATM as the technology with a
range from 5km to 50km. Its transmission speed is average. It is difficult to
maintain and it comes with a high cost. Examples of MAN are networking in
towns, cities, a single large city, a large area within multiple buildings, etc.

Metropolitan Area Network (MAN)

Advantages of MAN

● MAN offers high-speed connectivity in which the speed ranges from

10-100 Mbps.
● The security level in MAN is high and strict as compared to WAN.
● It support to transmit data in both directions concurrently because of
dual bus architecture.
● MAN can serve multiple users at a time with the same high-speed
internet to all the users.
● MAN allows for centralized management and control of the
network, making it easier to monitor and manage network resources
and security.

Disadvantages of MAN

● The architecture of MAN is quite complicated hence, it is hard to

design and maintain.
● This network is highly expensive because it required the high cost to
set up fiber optics.
● It provides less fault tolerance.
● The Data transfer rate in MAN is low when compare to LANs.

5. Wide Area Network (WAN)

WAN is a type of computer network that connects computers over a large
geographical distance through a shared communication path. It is not
restrained to a single location but extends over many locations. WAN can
also be defined as a group of local area networks that communicate with
each other with a range above 50km. Here we use Leased-Line & Dial-up
technology. Its transmission speed is very low and it comes with very high
maintenance and very high cost. The most common example of WAN is the
Internet.
Wide Area Network (WAN)

Advantages of WAN

● It covers large geographical area which enhances the reach of

organisation to transmit data quickly and cheaply.
● The data can be stored in centralised manner because of remote
access to data provided by WAN.
● The travel charges that are needed to cover the geographical area of
work can be minimised.
● WAN enables a user or organisation to connect with the world very
easily and allows to exchange data and do business at global level.

Disadvantages of WAN
● Traffic congestion in Wide Area Network is very high.
● The fault tolerance ability of WAN is very less.
● Noise and error are present in large amount due to multiple
connection point.
● The data transfer rate is slow in comparison to LAN because of
large distances and high number of connected system within the
network.

Comparison between Different Computer Networks

Parameters PAN LAN CAN MAN WAN

Personal Campus Metropolita

Local Area Wide Area
Full Name Area Area n Area
Network Network
Network Network Network

Bluetooth, Ethernet & FDDI, CDDi. Leased Line,

Technology Ethernet
IrDA,Zigbee Wifi ATM Dial-Up

Range 1-100 m Upto 2km 1 – 5 km 5-50 km Above 50 km

Transmission
Very High Very High High Average Low
Speed

Private or Private or
Ownership Private Private Private
Public Public

Maintenance Very Easy Easy Moderate Difficult Very Difficult

Cost Very Low Low Moderate High Very High

Other Types of Computer Networks

● Wireless Local Area Network (WLAN)
● Storage Area Network (SAN)
● System-Area Network (SAN)
● Passive Optical Local Area Network (POLAN)
● Enterprise Private Network (EPN)
● Virtual Private Network (VPN)
● Home Area Network (HAN)

1. Wireless Local Area Network (WLAN)

WLAN is a type of computer network that acts as a local area network but
makes use of wireless network technology like Wi-Fi. This network doesn’t
allow devices to communicate over physical cables like in LAN but allows
devices to communicate wirelessly. The most common example of WLAN is
Wi-Fi.

Wireless Local Area Network (WLAN)

There are several computer networks available; more information is provided

below.

2. Storage Area Network (SAN)

SAN is a type of computer network that is high-speed and connects groups
of storage devices to several servers. This network does not depend on LAN
or WAN. Instead, a SAN moves the storage resources from the network to its
high-powered network. A SAN provides access to block-level data storage.
Examples of SAN are a network of disks accessed by a network of servers.

Storage Area Network (SAN)

3. Passive Optical Local Area Network (POLAN)

A POLAN is a type of computer network that is an alternative to a LAN.

POLAN uses optical splitters to split an optical signal from a single strand of
single-mode optical fiber to multiple signals to distribute users and devices.
In short, POLAN is a point to multipoint LAN architecture.
Passive Optical Local Area Network (POLAN)

4. Enterprise Private Network (EPN)

EPN is a type of computer network mostly used by businesses that want a

secure connection over various locations to share computer resources.

Enterprise Private Network (EPN)

5. Virtual Private Network (VPN)

A VPN is a type of computer network that extends a private network across
the internet and lets the user send and receive data as if they were connected
to a private network even though they are not. Through a virtual
point-to-point connection users can access a private network remotely. VPN
protects you from malicious sources by operating as a medium that gives you
a protected network connection.

Virtual Private Network (VPN)

6. Home Area Network (HAN)

Many of the houses might have more than a computer. To interconnect those
computers and with other peripheral devices, a network should be
established similar to the local area network (LAN) within that home. Such a
type of network that allows a user to interconnect multiple computers and
other digital devices within the home is referred to as Home Area Network
(HAN). HAN encourages sharing of resources, files, and programs within the
network. It supports both wired and wireless communication.

Home Area Network (HAN)

Top 10 Web Application Security Risks

OWASP Top Ten — Open Web Application Security Project

There are three new categories, four categories with naming and scoping
changes, and some consolidation in the Top 10 for 2021.
● A01:2021-Broken Access Control moves up from the fifth position; 94%
of applications were tested for some form of broken access control.
The 34 Common Weakness Enumerations (CWEs) mapped to Broken
Access Control had more occurrences in applications than any other
category.
● A02:2021-Cryptographic Failures shifts up one position to #2,
previously known as Sensitive Data Exposure, which was a broad
symptom rather than a root cause. The renewed focus here is on
failures related to cryptography which often leads to sensitive data
exposure or system compromise.
● A03:2021-Injection slides down to the third position. 94% of the
applications were tested for some form of injection, and the 33 CWEs
mapped into this category have the second most occurrences in
applications. Cross-site Scripting is now part of this category in this
edition.
● A04:2021-Insecure Design is a new category for 2021, with a focus on
risks related to design flaws. If we genuinely want to “move left” as an
industry, it calls for more use of threat modeling, secure design patterns
and principles, and reference architectures.
● A05:2021-Security Misconfiguration moves up from #6 in the previous
edition; 90% of applications were tested for some form of
misconfiguration. With more shifts into highly configurable software, it’s
not surprising to see this category move up. The former category for
XML External Entities (XXE) is now part of this category.
● A06:2021-Vulnerable and Outdated Components was previously titled
Using Components with Known Vulnerabilities and is #2 in the Top 10
community survey, but also had enough data to make the Top 10 via
data analysis. This category moves up from #9 in 2017 and is a known
issue that we struggle to test and assess risk. It is the only category not
to have any Common Vulnerability and Exposures (CVEs) mapped to the
included CWEs, so a default exploit and impact weights of 5.0 are
factored into their scores.
● A07:2021-Identification and Authentication Failures was previously
Broken Authentication and is sliding down from the second position,
and now includes CWEs that are more related to identification failures.
This category is still an integral part of the Top 10, but the increased
availability of standardised frameworks seems to be helping.
● A08:2021-Software and Data Integrity Failures is a new category for
2021, focusing on making assumptions related to software updates,
critical data, and CI/CD pipelines without verifying integrity. One of the
highest weighted impacts from Common Vulnerability and
Exposures/Common Vulnerability Scoring System (CVE/CVSS) data
mapped to the 10 CWEs in this category. Insecure Deserialization from
2017 is now a part of this larger category.
● A09:2021-Security Logging and Monitoring Failures was previously
Insufficient Logging & Monitoring and is added from the industry survey
(#3), moving up from #10 previously. This category is expanded to
include more types of failures, is challenging to test for, and isn’t well
represented in the CVE/CVSS data. However, failures in this category
can directly impact visibility, incident alerting, and forensics.
● A10:2021-Server-Side Request Forgery is added from the Top 10
community survey (#1). The data shows a relatively low incidence rate
with above average testing coverage, along with above-average ratings
for Exploit and Impact potential. This category represents the scenario
where the security community members are telling us this is important,
even though it’s not illustrated in the data at this time.

Internetwork
An internet network is defined as two or more computer network LANs,
WANs, or computer network segments that are connected by devices and
configured with a local addressing system. The method is known as
internetworking. There are two types of Internetwork.

● Intranet: An internal network within an organisation that enables

employees to share data, collaborate, and access resources.
Intranets are not accessible to the public and use private IP
addresses.
● Extranet: Extranets extend the intranet to authorisedsw external
users, such as business partners or clients. They provide controlled
access to specific resources while maintaining security.

Advantages of Computer Network

● Central Storage of Data: Files are stored on a central storage
database which helps to easily access and available to everyone.
● Connectivity: A single connection can be routed to connect multiple
computing devices.
● Sharing of Files: Files and data can be easily shared among
multiple devices which helps in easily communicating among the
organisation.
● Security through Authorization: Computer Networking provides
additional security and protection of information in the system.
Disadvantages of Computer Network
● Virus and Malware: A virus is a program that can infect other
programs by modifying them. Viruses and Malware can corrupt the
whole network.
● High Cost of Setup: The initial setup of Computer Networking is
expensive because it consists of a lot of wires and cables along with
the device.
● loss of Information: In case of a System Failure, might lead to some
loss of data.
● Management of Network: Management of a Network is somehow
complex for a person, it requires training for its proper use.

Conclusion
In conclusion, computer networks are essential components that connect
various computer devices in order to efficiently share data and resources.
PAN, LAN, CAN, MAN, and WAN networks serve a wide range of
applications and purposes, each with its own set of advantages and
drawbacks. Understanding these networks and their applications improves
connectivity, data exchange, and resource utilization in a variety of
applications from personal use to global communications.

Frequently Asked Questions on Types of Computer

Network – FAQs

What are the types of service in CN?

● Internet and cloud connectivity.

● Branch office and campus connectivity.
● Private data center services.
● Secure cloud-connectivity services.
● Virtual network services.

What are the types of channel in CN?

● Simplex
● Half-Duplex
● Full-Duplex

What is WAN-as-a-service?

One type of cloud-based WAN model is WAN-as-a-service.

WAN-as-a-service options are intended to take the place of legacy WAN
arrangements, which are hard to scale up, rely on hardware, and require
communication protocols like multiprotocol label switching (MPLS).

Structure and Types of IP Address

IP addresses are an important part of the Internet. They are made up of a
series of numbers or alphanumeric characters that help to identify devices on
a network. Almost every device we use is connected to the Internet, whether
a smartphone, computer, or smart home device. For these devices to
communicate with each other, they need a unique identifier, known as an IP
address.

In this article, we will discuss the IP addressing structure and types, such as
IPv4 and IPv6. We will understand how the different addresses work and
what is so special about them in Internet communications.

What is an IP Address?
An IP address represents an Internet Protocol address. A unique address that
identifies the device over the network. It is almost like a set of rules
governing the structure of data sent over the Internet or through a local
network. An IP address helps the Internet to distinguish between different
routers, computers, and websites. It serves as a specific machine identifier in
a specific network and helps to improve visual communication between
source and destination.

IP addresses play a crucial role in the transfer of data across networks, such
as the Internet. However, they themselves do not transfer data. Instead, they
function as unique identifiers that enable devices to locate and communicate
with each other in a network.
IP address is divided into two parts: X1. X2. X3. X4
1. [X1. X2. X3] is the Network ID
2. [X4] is the Host ID

Example IP Address: 192.168.1.15

Here’s how the parts are divided based on your format:

1. Network ID: 192.168.1 (This corresponds to [X1.X2.X3])

2. Host ID: 15 (This corresponds to [X4])

1. Network ID: The left-hand IP address part identifies the specific

network where the device is located. In a normal home network,
where the device has an IP address of 192.168.1.32, the 192.168.1
part of the address will be the network ID. Filling in the last part
that is not zero is customary, so the device’s network ID is
192.168.1.0.
2. Hosting ID: The host ID is part of the IP address that was not taken
by the network ID. Identifies a specific device (in the TCP / IP world,
we call devices “host”) in that network. Continuing with our example
of the IP address 192.168.1.32, the host ID will be 32- the unique
host ID on the 192.168.1.0 network.

The version of The IP Address

Currently, there are 2 versions of IP addresses in use i.e IPV4 and IPV6

1. IPV4 (Internet Protocol Version 4): It is the first version of the

Internet Protocol address. The address size of IPV4 is a 32-bit
number. In this version, Internet Protocol Security (IPSec) for
network security is optional. It has 4,294,967,296 addresses, but we
are still seeing a shortage in network addresses as the use of
network and virtual devices is increasing rapidly.
2. IPV6 (Internet Protocol Version 6): It is the recent version of the
Internet Protocol address. The address size of IPV6 is 128-bit.
Internet Protocol Security (IPSec) with respect to network security is
mandatory. It allows 3.4 x 10^38 unique IP addresses which seems
to be more than sufficient to support trillions of internet devices
present now or coming in future.

Types of IP Addresses
There are 4 types of IP Addresses- Public, Private, Fixed, and Dynamic.
Among them, public and private addresses are derived from their local
network location, which should be used within the network while public IP is
used offline.

● Public IP address: A public IP address is an Internet Protocol

address, encrypted by various servers/devices. That’s when you
connect these devices with your internet connection. This is the
same IP address we show on our homepage. So why the second
page, well, not all people speak the IP language. We want to make
it as easy as possible for everyone to get the information they need.
Some even call this their external IP address. A public Internet
Protocol address is an Internet Protocol address accessed over the
Internet. Like the postal address used to deliver mail to your home,
the public Internet Protocol address is a different international
Internet Protocol address assigned to a computer device. The web
server, email server, and any server device that has direct access to
the Internet are those who will enter the public Internet Protocol
address. Internet Address Protocol is unique worldwide and is only
supplied with a unique device.
● Private IP address: Everything that connects to your Internet
network has a private IP address. This includes computers,
smartphones, tablets and Bluetooth-enabled devices such as
speakers, printers, or smart TVs. With the growth in IoT devices, the
number of private IP addresses we have at home is also increasing.
Routers need a way to identify these problems separately, and most
things need a way to know each other. Therefore, routers generate
private IP addresses that are unique identifiers for each device
that separates the network.

Types of IP Addresses

● Static IP Address: A static IP address is an invalid IP address.

Conversely, a dynamic IP address will be provided by the Dynamic
Host Configuration Protocol (DHCP) server, which can change. The
Static IP address does not change but can be changed as part of
normal network management. Static IP addresses are incompatible,
given once, and remain the same over the years. This type of IP also
helps you get more information about the device.
● Dynamic IP address: It means constant change. A dynamic IP
address changes from time to time and is not always the same. If
you have a live cable or DSL service, you may have a strong IP
address. Internet Service Providers provide customers with dynamic
IP addresses because they are too expensive. Instead of one
permanent IP address, your IP address is taken out of the address
pool and assigned to you. After a few days, weeks, or sometimes
even months, that number is returned to the lake and given a new
number. Most ISPs will not provide a static IP address to customers
who live there and when they do, they are usually more expensive.
Dynamic IP addresses are annoying, but with the right software, you
can navigate easily and for free.

Types of Website IP Address

Website IP address is of two types- Dedicated IP Address and Shared IP

Address. Let us discuss the two.

1. Dedicated IP address: A dedicated IP address is one that is unique

for each website. This address is not used by any other domain. A
dedicated IP address is beneficial in many ways. It provides
increased speed when the traffic load is high and brings in increased
security. But dedicated IPs are costly as compared to shared IPs.
2. Shared IP address: A shared IP address is one that is not unique. It
is shared between multiple domains. A shared IP address is enough
for most users because common configurations don’t require a
dedicated IP.

IP Address Classification Based on Operational Characteristics

According to operational characteristics, IP address is classified as follows:

1. Broadcast addressing: The term ‘Broadcast’ means to transmit

audio or video over a network. A broadcast packet is sent to all
users of a local network at once. They do not have to be explicitly
named as recipients. The users of a network can open the data
packets and then interpret the information, carry out the instructions
or discard it. This service is available in IPv4. The IP address
commonly used for broadcasting is 255.255.255.255
2. Unicast addressing: This address identifies a unique node on the
network. Unicast is nothing but one-to-one data transmission from
one point in the network to another. It is the most common form of
IP addressing. This method can be used for both sending and
receiving data. It is available in IPv4 and IPv6.
3. Multicast IP addresses: These IP addresses mainly help to establish
one-to-many communication. Multicast IP routing protocols are used
to distribute data to multiple recipients. The class D addresses
(224.0.0.0 to 239.255.255.255) define the multicast group.
4. Anycast addressing: In anycast addressing the data, a packet is not
transmitted to all the receivers on the network. When a data packet
is allocated to an anycast address, it is delivered to the closest
interface that has this anycast address.

Conclusion
IP addresses plays an important role in communicating with devices over the
internet and also enables the systems to communicate with each another.
Structure of IP addresses helps in identifying devices on a network.
Understanding the difference between categories of IP addresses, public,
private as well as static or dynamic, is important for most users of the
internet and the web. As technology advances, the role of IP addresses will
increase, and so it will be important to understand them so that internet
communication is not only effective but also secure.

Frequently Asked Questions on Structure and Types of

IP Address -FAQs
What do you mean by IP addressing? An Internet Protocol (IP) address is a
unique number given to every device that connects to the internet. It acts like
an address, helping devices find and talk to each other online.

What is ipconfig used for? ipconfig is a command-line tool used in some

computer systems. It shows the current network settings and can also update
or refresh things like your computer’s IP address and DNS settings.

What are the three 3 classes of IP address commonly used? 1.

Class A (10.0.0.0 to 10.255.255.255) –Class A has the largest range,
suitable for very large networks.

2. Class B (172.16.0.0 to 172.31.255.255) –Class B is designed for

medium-sized networks.

3. Class C (192.168.0.0 to 192.168.255.255) –Class C has the smallest

range, used for small networks.

Can someone detect my IP address? Hackers and others can often see
your IP address when you’re online. However, you can make sure that the IP
address they see isn’t traceable back to you most of the time. By using a
Virtual Private Network (VPN).

What is a MAC Address?

To communicate or transfer data from one computer to another, we
need an address. In computer networks, various types of addresses are
introduced; each works at a different layer. A MAC address, which stands for
Media Access Control Address, is a physical address that works at the Data
Link Layer. In this article, we will discuss addressing a DLL, which is the MAC
Address. So, go through the article if you are eager to learn what is MAC
address and its components.

What is MAC (Media Access Control) Address?

MAC Addresses are unique 48-bit hardware numbers of a computer that are
embedded into a network card (known as a Network Interface Card) during
manufacturing. The MAC Address is also known as the Physical Address of
a network device. In the IEEE 802 standard, the data link layer is divided into
two sublayers:

1. Logical Link Control (LLC) Sublayer

2. Media Access Control (MAC) Sublayer

The MAC address is used by the Media Access Control (MAC) sublayer of the
Data-Link Layer. MAC Address is worldwide unique since millions of network
devices exist and we need to uniquely identify each.

A MAC address uniquely identifies network interfaces. For more on

networking fundamentals and concepts like MAC addresses, the GATE CS
Self-Paced Course is a comprehensive guide.
Format of MAC Address
To understand what a MAC address is, it is very important that first you
understand the format of the MAC Address. So a MAC Address is a 12-digit
hexadecimal number (48-bit binary number), which is mostly represented by
Colon-Hexadecimal notation.

The First 6 digits (say 00:40:96) of the MAC Address identify the
manufacturer, called the OUI (Organisational Unique Identifier). IEEE
Registration Authority Committee assigns these MAC prefixes to its
registered vendors.

Here are some OUI of well-known manufacturers:

CC:46:D6 - Cisco
3C:5A:B4 - Google, Inc.
3C:D9:2B - Hewlett Packard
00:9A:CD - HUAWEI TECHNOLOGIES CO.,LTD

The rightmost six digits represent Network Interface Controller, which is

assigned by the manufacturer.

As discussed above, the MAC address is represented by Colon-Hexadecimal

notation. But this is just a conversion, not mandatory. MAC address can be
represented using any of the following formats:

Note: Colon-Hexadecimal notation is used by Linux OS and Period-separated

Hexadecimal notation is used by Cisco Systems.

Types of MAC Address

1. Unicast: A Unicast-addressed frame is only sent out to the interface
leading to a specific NIC. If the LSB (least significant bit) of the first octet of
an address is set to zero, the frame is meant to reach only one receiving NIC.
The MAC Address of the source machine is always Unicast.
2. Multicast: The multicast address allows the source to send a frame to a
group of devices. In Layer-2 (Ethernet) Multicast address, the LSB (least
significant bit) of the first octet of an address is set to one. IEEE has allocated
the address block 01-80-C2-xx-xx-xx (01-80-C2-00-00-00 to
01-80-C2-FF-FF-FF) for group addresses for use by standard protocols.
3. Broadcast: Similar to Network Layer, Broadcast is also possible on the
underlying layer( Data Link Layer). Ethernet frames with ones in all bits of
the destination address (FF-FF-FF-FF-FF-FF) are referred to as the broadcast
addresses. Frames that are destined with MAC address FF-FF-FF-FF-FF-FF
will reach every computer belonging to that LAN segment.
Reason to Have Both IP and MAC Addresses.
The reason for having both IP and MAC addresses lies in the way the Internet
works, specifically in the structure of the OSI Model. This model is a
conceptual framework that describes how data is sent and received over a
network. It’s divided into seven layers, each performing specific functions.

● Layer 2 uses MAC addresses and is responsible for packet delivery

from hop to hop .
● Layer 3 uses IP addresses and is responsible for packet delivery
from end to end.

Layer 2 (Data Link Layer) uses a MAC (Media Access Control)

address. These are unique identifiers assigned to network interfaces for
communications at the data link layer. The primary function of MAC
addresses is to manage how data is transported from one network node to
another on a direct, physical basis – this is also referred to as “hop to hop”
delivery.

On the other hand, Layer 3 ( Network Layer ) uses an IP (Internet

Protocol) address. These IP addresses are used to identify devices on a
network and to route traffic between networks. The IP addresses ensure that
the data from its original source reaches its final destination and it is also
called “end-to-end” delivery of data.

When a computer sends data, it first wraps it in an IP header, which

includes the source and destination IP addresses. This IP header, along with
the data, is then encapsulated in a MAC header, which includes the source
and destination MAC addresses for the current “hop” in the path.

As the data travels from one router to the next, the MAC address
header is stripped off and a new one is generated for the next hop. However,
the IP header, which was generated by the original computer, remains intact
until it reaches the final destination. This process illustrates how the IP
header manages the “end to end” delivery, while the MAC headers handle
the “hop to hop” delivery.

So, Both IP and MAC addresses are essential for the functioning of the
Internet. While MAC addresses facilitate the direct, physical transfer of data
between network nodes, IP addresses ensure that the data reaches its final
destination.

Why Should the MAC Address Be Unique in the LAN

Network?
Consider a LAN (Local Area Network) as a large gathering where
everyone is engaged in conversations. Now, let’s suppose that there are two
individuals at this gathering who coincidentally share the same name. This
scenario would inevitably create confusion, right? If someone calls out that
name, both individuals would respond, making it challenging to discern the
intended recipient of the message.

In a similar manner, within a network, each device possesses a distinct

identifier referred to as a MAC (Media Access Control) address. Think of it as
a unique name assigned to the device. When information is transmitted
across the network, it is directed to a specific MAC address, much like a letter
being addressed to a specific individual.

However, if multiple devices within the same network were to have

identical MAC addresses, it would result in confusion and disrupt the
network’s functioning. The network would struggle to ascertain which device
should receive the transmitted information. To prevent this confusion and
ensure the accurate delivery of information, it is vital for each device on a
network to possess a unique MAC address.

How Do I Find the MAC Address?

A MAC address is mostly used to configure a router for a network
device or during troubleshooting. The address of our computer device can be
easily checked with any operating device. All the Apple devices connected to
our home network contain a unique MAC address. Manufacturers may
identify a MAC address by other names, such as the physical address,
hardware ID, wireless ID, and Wi-Fi address.

Following are the steps which help to find MAC addresses for different OS

MAC address on Windows

Here is the Step-by-Step guide to finding MAC addresses on Windows.

Command:
ipconfig /all
Step 1 – Press Window Start or Click on Windows Key.

Step 2 – In the search box, type cmd, and the command prompt will get
open.
Step 3 – Click on cmd, the command prompt window will display,

Step 4 – In the command prompt type ipconfig/all command and then press
enter.
Step 5 – As you will scroll down, each physical address is the MAC address
of your device.

MAC Address on MacOS

Here is a step-by-step guide to finding MAC addresses on a Mac operating
system.

Command for MAC Address in MacOS:

TCP/IP Control Panel

Step 1 – Click on System Settings.

Step 2 – In the system settings, click on the MAC network option.

Step 3 – Then go to the advanced settings.

Step 4 – Here you find your MAC address.

MAC Address on Unix/Linux

Here is a step-by-step guide to finding MAC addresses on a Unix/Linux

operating system.

Command For MAC Address in Unix/Linux:

ifconfig -a
ip link list
ip address show

__mask-blockquote__index=1__

What is MAC Cloning?

Some ISPs use MAC addresses to assign an IP address to the gateway
device. When a device connects to the ISP, the DHCP server records the
MAC address and then assigns an IP address. Now the system will be
identified through the MAC address. When the device gets disconnected, it
loses the IP address.

If the user wants to reconnect, the DHCP server checks if the device is
connected before. If so, then the server tries to assign the same IP address (in
case the lease period has not expired). In case the user changed the router,
the user has to inform the ISP about the new MAC address because the new
MAC address is unknown to ISP, so the connection cannot be established.

Or the other option is Cloning, users can simply clone the registered MAC
address with ISP. Now the router keeps reporting the old MAC addresses to
ISP and there will be no connection issue.

Characteristics of MAC Address

The Media Access Control address (MAC address) is a unique identifier
assigned to most network adapters or network interface cards (NICs) by the
manufacturer for identification and use in the Media Access Control protocol
sub-layer.

An Ethernet MAC address is a 48-bit binary value expressed as 12

hexadecimal digits (4 bits per hexadecimal digit). MAC addresses are in a flat
structure and thus they are not routable on the Internet. Serial interfaces do
not use MAC addresses. It does NOT contain a network and host portion with
the address. It is used to deliver the frame to the destination device.

● MAC addresses are used in LAN (Local Area Network) environments

to identify devices and allow communication between them.
● MAC addresses are burned into the hardware of a network interface
card (NIC) and cannot be changed, except in some rare cases where
the manufacturer has provided a specific tool to do so.
● The first 3 bytes of a MAC address represent the manufacturer ID,
while the last 3 bytes represent a unique identifier assigned by the
manufacturer.
● MAC addresses are often used in conjunction with ARP (Address
Resolution Protocol) to resolve IP addresses to MAC addresses for
communication on a LAN.
● Some operating systems, such as Windows and Linux , allow you to
view the MAC address of your network adapter through a command
prompt or network settings.

Advantages of MAC Address

1. Uniqueness: Each MAC address is unique, which means that devices
on the network can be easily identified and managed.
2. Simplicity: MAC addresses are easy to configure and manage, and
do not require any additional network infrastructure.
3. Compatibility: MAC addresses are widely used and supported by a
variety of networking technologies and protocols, making them
compatible with many different systems.
4. Security: MAC addresses can be used to restrict access to a network
by only allowing devices with authorized MAC addresses to
connect.
5. Fault-tolerance: In case of hardware or software failure, a device
can be easily replaced without affecting the network, as long as the
new device has the same MAC address as the old one.
6. Multicasting: MAC addresses can be used for multicasting, allowing
a single packet to be sent to multiple devices at once.
7. Efficiency: MAC addresses allow for efficient communication on the
network, as they enable devices to quickly and easily identify and
communicate with each other.
8. Lower network overhead: MAC addresses reduce network
overhead by allowing devices to communicate directly with each
other without the need for additional routing or addressing.
9. Ease of troubleshooting: MAC addresses can be used to
troubleshoot network issues by identifying the source of problems
and tracking network activity.
10. Flexibility: MAC addresses can be used to support a variety of
network configurations and topologies, including peer-to-peer,
client-server, and hybrid models.

Disadvantages of MAC Address

1. Limited address space: MAC addresses are 48-bit numbers, which
means that there is a finite number of possible MAC addresses. This
can lead to address conflicts if multiple devices have the same MAC
address.
2. Spoofing: MAC addresses can be easily spoofed, allowing
unauthorised devices to gain access to the network.
3. Inefficiency: MAC addresses are not hierarchical, which can make it
difficult to efficiently manage large networks.
4. Static addressing: MAC addresses are typically assigned at the time
of manufacture and cannot be easily changed. This can be a
disadvantage in situations where devices need to be reconfigured or
replaced.
5. Limited scope: MAC addresses are only used for identifying devices
within a local network segment, and cannot be used to identify
devices outside of this segment.
6. Hardware-dependent: MAC addresses are tied to the network
interface card (NIC) of a device, which means that if the NIC fails or
is replaced, the MAC address also changes.
7. Lack of encryption: MAC addresses are sent in plain text, which can
make them vulnerable to interception and eavesdropping.
8. No inherent security: While MAC filtering can be used to restrict
access to a network, MAC addresses themselves do not provide any
inherent security features.
9. MAC address collisions: In rare cases, MAC addresses can collide,
which can cause network disruptions and make it difficult to identify
and manage devices on the network.

Network Topology
In Computer Networks, Network Topology is the arrangement of the
various elements of a communication network. Network Topology is a
topological structure of a network and may be depicted physically or
logically. In this article, we are going to discuss network topology and its
various types.

What is Network Topology?

Network topology refers to how devices in a computer network are
connected. Network Topology is the way that defines the structure, and how
these components are connected. Network Topology is divided into two
types:

● Physical Topology: Physical topology indicates the arrangement of

different elements of a network. It reflects the physical layout of
devices and cables to form a connected network.
● Logical Topology: Logical topology defines the path that data
packets take as they travel through the network independent of its
physical layout.

Basic Terminology Related to Network Topology

● Node: A node refers to any device or point in the network, such as
computers, servers, routers, or switches. These nodes are crucial for
transmitting and receiving data within the network.
● Link: A link signifies a physical or logical connection between two
nodes, allowing data to flow between them. Links can be wired
(Ethernet cables) or wireless (Wi-Fi).
● Topology: Topology is the arrangement or layout of nodes and links
in a network. It determines how devices are interconnected and how
data travels within the network.

Types of Network Topology

The arrangement of a network that comprises nodes and connecting lines via
sender and receiver is referred to as Network Topology. Below are various
network topologies that include:

1. Mesh Topology
In Mesh Topology, every node has a dedicated point-to-point link in every
other node. Such a network is called complete because, for any two devices,
there is a special link and non-redundant links cannot be added to the main
network.

● Suppose, the N number of devices are connected with each other in

a mesh topology, the total number of ports that are required by each
device is N-1. There are 5 devices connected to each other, hence
the total number of ports required by each device is 4. The total
number of ports required = N * (N-1).
● Suppose, N number of devices are connected with each other in a
mesh topology, then the total number of dedicated links required to
connect them is NC2 i.e. N(N-1)/2. In Figure 1, there are 5 devices
connected to each other, hence the total number of links required is
5*4/2 = 10.

Mesh Topology

There are two types of Mesh topologies:

● Full Mesh Topology : All the nodes within the network are
connected with each other If there are n number of nodes during a
network, each node will have an n-1 number of connections.
● Partial Mesh Topology : The partial mesh is more practical as
compared to the full mesh. In a partially connected mesh, all the
nodes aren’t necessary to be connected with one another during a
network.

Advantages of Mesh Topology

● Easy fault identification and isolation.

● Failure during a single device won’t break the network.
● There is no traffic problem as there is a dedicated point to point links
for every computer.
● It provides high privacy and security.
● Data transmission is more consistent because failure doesn’t disrupt
its processes.
● Adding new devices won’t disrupt data transmissions.
● This topology has robust features to beat any situation.
● A mesh doesn’t have a centralized authority.

Disadvantages of Mesh Topology

● Each node must have an interface for every other node.

● There is only a limited number of I/O ports in a computer.
● The cost to implement mesh topology is high
● There is a high risk of redundant connections.
● Maintenance needs are challenging with a mesh topology.

2. Star Topology
In a Star Topology, all the nodes (PCs, printers and peripherals) are
connected to the central server. It has a central connection point, like a hub or
switch. In star topology each device is connected with a central hub.
Star Topology

Advantages of Star Topology

● If N devices are connected to each other in a star topology, then the

number of cables required to connect them is N. So, it is easy to set
up.
● Each device requires only 1 port i.e. to connect to the hub, therefore
the total number of ports required is N.
● It is Robust. If one link fails only that link will affect and not other
than that.
● Easy to fault identification and fault isolation.
● Star topology is cost-effective as it uses inexpensive coaxial cable.

Disadvantages of Star Topology

● Star networks can require more cable length than a linear topology.
● More expensive cabling.
● Performance is based on the single concentrator i.e. hub.
3. Bus Topology
In bus topology, all stations are attached to the same cable. In the bus
network, messages are sent to both directions from a single point. In the bus
topology, signals are broadcast to all stations. Each computer checks the
address on the signal (data frame) as it passes along the bus. If the signal’s
address matches that of the computer, the computer processes the signal. If
the address doesn’t match, the computer takes no action and travels down
the bus.

Bus Topology

Advantages of Bus Topology

● If N devices are connected to each other in a bus topology, then the

number of cables required to connect them is 1, known as backbone
cable, and N drop lines are required.
● Coaxial or twisted pair cables are mainly used in bus-based
networks that support up to 10 Mbps.
● The cost of the cable is less compared to other topologies, but it is
used to build small networks.

Disadvantages of Bus Topology

● A bus topology is quite simpler, but still, it requires a lot of cabling.
● If the common cable fails, then the whole system will crash down.
● If the network traffic is heavy, it increases collisions in the network.
To avoid this, various protocols are used in the MAC layer known as
Pure Aloha, Slotted Aloha, CSMA/CD, etc.
● Adding new devices to the network would slow down networks.
● Security is very low.

4. Ring Topology
All the nodes in a Ring Topology are connected in a closed circle of cable.
Messages that are transmitted travel around the ring unit they are addressed
to, the signal being refreshed by each node. In a ring network, every device
has exactly two neighbours for communication purposes.

Ring Topology
The most common access method of ring topology is token passing.

● Token passing: It is a network access method in which a token is

passed from one node to another node.
● Token: It is a frame that circulates around the network.

Advantages of Ring Topology

● The data transmission is high-speed.

● The possibility of collision is minimum in this type of topology.
● Cheap to install and expand.
● It is less costly than a star topology.

Disadvantages of Ring Topology

● The failure of a single node in the network can cause the entire
network to fail.
● Troubleshooting is difficult in this topology.
● The addition of stations in between or the removal of stations can
disturb the whole topology.
● Less secure.

5. Tree Topology
In tree topology nodes are connected in a hierarchical structure to form a tree.
There is a root node in tree topology and the remaining nodes are considered
as child nodes, basically it is a combination of star and bus topology. The
central bus works as a communication pathway, and each star-configured
network represents a level in the tree. In tree topology, a hierarchy is formed
by the branching cable having no loops that connect the root with all other
nodes for communication.
Tree Topology

Advantages of Tree Topology

● Security is high in Tree Topology

● Tree Topology is more reliable
● Tree topology is more scalable
● It allows more devices to be attached to a single central hub thus it
decreases the distance that is travelled by the signal to come to the
devices.
● We can add new devices to the existing network.
● Error detection and error correction are very easy in a tree
topology.

Disadvantages of Tree Topology

● If the central hub gets fails the entire system fails.

● The cost is high because of the cabling.
● If new devices are added, it becomes difficult to reconfigure.

6. Hybrid Topology
Hybrid topology is the combination of two or more types of topology, they
arise from the integration of multiple network topologies that is why called
Hybrid Network Topology.

Hybrid Topology

Advantages of Hybrid Topology

● Hybrid Topology provides more flexibility than other topologies.

● Hybrid topology is more robust than the other.
● Hybrid Topology provides optimised performance

Disadvantage of Hybrid Topology

● It is challenging to design the architecture of the Hybrid Network.

● Hubs used in this topology are very expensive.
● The infrastructure cost is very high as a hybrid network requires a
lot of cabling and network devices.

7. Point to Point Topology

Point-to-Point Topology is a type of topology that works on the functionality
of the sender and receiver. It is the simplest communication between two
nodes, in which one is the sender and the other one is the receiver.
Point-to-Point provides high bandwidth.

Point to Point Topology

Advantages of Point to Point Topology

● P2P networks are highly efficient as they allow for direct

communication between two devices without any intermediate
devices or network components.
● P2P networks are relatively more secure than other topologies as
they do not rely on intermediate devices that can be compromised or
attacked.
● P2P networks are easy to configure and require minimal
management or administration.

Disadvantages of Point to Point Topology

● P2P networks are not scalable as adding new devices requires

establishing a separate link between each new device and the
existing network, which can be time-consuming and expensive.
● P2P networks can be difficult to maintain as each device has to be
managed separately.
● P2P networks do not provide redundancy, which can be a problem if
a link fails or a device goes offline. with a dedicated communication
connection between two systems.

8. Daisy Chain Topology

The daisy chain topology connects nodes along a chain of connections. Data
is transported from one node to the next until it reaches its intended
destination. There are two types of daisy chain network topologies: linear
daisy chains and ring daisy chains.

Daisy Chain

Advantages of Daisy Chain Topology

● Easy to create and maintain

● Less cable usage
● Cost-Effective

Disadvantages of Daisy Chain Topology

● It provide slow data transmission.

● Easy failure, particularly in linear daisy chain topologies
● Every nodes needs two transmitters and two receivers for
successful data transmission.

Conclusion
In conclusion, network topology defines the structured arrangement of
devices in a network, impacting data flow and connectivity. Key types include
Mesh, Star, Bus, Ring, Tree, Hybrid, Point-to-Point, and Daisy Chain
topologies. Selecting the appropriate topology depends on factors like
network size, scalability, cost, and reliability.

What is the OSI Model? – Layers of OSI Model

The OSI (Open Systems Interconnection) Model is a set of rules that explains
how different computer systems communicate over a network. The OSI
Model was developed by the International Organization for Standardization
(ISO). The OSI Model consists of 7 layers and each layer has specific
functions and responsibilities.

This layered approach makes it easier for different devices and technologies
to work together. OSI Model provides a clear structure for data transmission
and managing network issues. The OSI Model is widely used as a reference
to understand how network systems function.

In this article, we will discuss the OSI Model and each layer of the OSI Model
in detail. We will also discuss the flow of data in the OSI Model and how the
OSI Model is different from the TCP/IP Model.

How Data Flows in the OSI Model?

When we transfer information from one device to another, it travels through
7 layers of the OSI model. First data travels down through 7 layers from the
sender’s end and then climbs back 7 layers on the receiver’s end.

Data flows through the OSI model in a step-by-step process:

● Application Layer: Applications create the data.

● Presentation Layer: Data is formatted and encrypted.
● Session Layer: Connections are established and managed.
● Transport Layer: Data is broken into segments for reliable delivery.
● Network Layer: Segments are packaged into packets and routed.
● Data Link Layer: Packets are framed and sent to the next device.
● Physical Layer: Frames are converted into bits and transmitted
physically.
What is OSI Model | Real World Examples

OSI Model Explained | OSI Animation | Open System Interconnection M…

What is the OSI Model? – Layers of OSI Model

OSI Model
For those preparing for competitive exams like GATE, a strong
understanding of networking concepts, including the OSI model, is crucial. To
deepen your knowledge in this area and other key computer science topics,
consider enrolling in the GATE CS Self-Paced course . This course offers
comprehensive coverage of the syllabus, helping you build a solid foundation
for your exam preparation.

Layers of the OSI Model

There are 7 layers in the OSI Model and each layer has its specific role in
handling data. All the layers are mentioned below:

● Physical Layer
● Data Link Layer
● Network Layer
● Transport Layer
● Session Layer
● Presentation Layer
● Application Layer

Layer 1 – Physical Layer

The lowest layer of the OSI reference model is the Physical Layer. It is
responsible for the actual physical connection between the devices. The
physical layer contains information in the form of bits. Physical Layer is
responsible for transmitting individual bits from one node to the next. When
receiving data, this layer will get the signal received and convert it into 0s
and 1s and send them to the Data Link layer, which will put the frame back
together. Common physical layer devices are Hub, Repeater, Modem, and
Cables.
Physical Layer

Functions of the Physical Layer

● Bit Synchronisation: The physical layer provides the synchronization

of the bits by providing a clock. This clock controls both sender and
receiver thus providing synchronization at the bit level.
● Bit Rate Control: The Physical layer also defines the transmission
rate i.e. the number of bits sent per second.
● Physical Topologies: Physical layer specifies how the different
devices/nodes are arranged in a network i.e. bus topology, star
topology, or mesh topology.
● Transmission Mode: Physical layer also defines how the data flows
between the two connected devices. The various transmission
modes possible are Simplex, half-duplex and full-duplex.

Layer 2 – Data Link Layer (DLL)

The data link layer is responsible for the node-to-node delivery of the
message. The main function of this layer is to make sure data transfer is
error-free from one node to another, over the physical layer. When a packet
arrives in a network, it is the responsibility of the DLL to transmit it to the
Host using its MAC address. Packet in the Data Link layer is referred to as
Frame. Switches and Bridges are common Data Link Layer devices.
The Data Link Layer is divided into two sublayers:

● Logical Link Control (LLC)

● Media Access Control (MAC)

The packet received from the Network layer is further divided into frames
depending on the frame size of the NIC(Network Interface Card). DLL also
encapsulates Sender and Receiver’s MAC address in the header.

The Receiver’s MAC address is obtained by placing an ARP(Address

Resolution Protocol) request onto the wire asking “Who has that IP
address?” and the destination host will reply with its MAC address.

Functions of the Data Link Layer

● Framing: Framing is a function of the data link layer. It provides a

way for a sender to transmit a set of bits that are meaningful to the
receiver. This can be accomplished by attaching special bit patterns
to the beginning and end of the frame.
● Physical Addressing: After creating frames, the Data link layer adds
physical addresses (MAC addresses) of the sender and/or receiver in
the header of each frame.
● Error Control: The data link layer provides the mechanism of error
control in which it detects and retransmits damaged or lost frames.
● Flow Control: The data rate must be constant on both sides else the
data may get corrupted thus, flow control coordinates the amount of
data that can be sent before receiving an acknowledgment.
● Access Control: When a single communication channel is shared by
multiple devices, the MAC sub-layer of the data link layer helps to
determine which device has control over the channel at a given time.
Layer 3 – Network Layer
The network layer works for the transmission of data from one host to the
other located in different networks. It also takes care of packet routing i.e.
selection of the shortest path to transmit the packet, from the number of
routes available. The sender and receiver’s IP address are placed in the
header by the network layer. Segment in the Network layer is referred to as
Packet. Network layer is implemented by networking devices such as routers
and switches.

Functions of the Network Layer

● Routing: The network layer protocols determine which route is

suitable from source to destination. This function of the network
layer is known as routing.
● Logical Addressing: To identify each device inter-network uniquely,
the network layer defines an addressing scheme. The sender and
receiver’s IP addresses are placed in the header by the network
layer. Such an address distinguishes each device uniquely and
universally.

Layer 4 – Transport Layer

The transport layer provides services to the application layer and takes
services from the network layer. The data in the transport layer is referred to
as Segments. It is responsible for the end-to-end delivery of the complete
message. The transport layer also provides the acknowledgment of the
successful data transmission and re-transmits the data if an error is found.
Protocols used in Transport Layer are TCP, UDP NetBIOS, PPTP.
At the sender’s side, the transport layer receives the formatted data
from the upper layers, performs Segmentation, and also implements Flow
and error control to ensure proper data transmission. It also adds Source and
Destination port number in its header and forwards the segmented data to
the Network Layer.

● Generally, this destination port number is configured, either by

default or manually. For example, when a web application requests
a web server, it typically uses port number 80, because this is the
default port assigned to web applications. Many applications have
default ports assigned.

At the Receiver’s side, Transport Layer reads the port number from its header
and forwards the Data which it has received to the respective application. It
also performs sequencing and reassembling of the segmented data.

Functions of the Transport Layer

● Segmentation and Reassembly: This layer accepts the message

from the (session) layer, and breaks the message into smaller units.
Each of the segments produced has a header associated with it. The
transport layer at the destination station reassembles the message.
● Service Point Addressing: To deliver the message to the correct
process, the transport layer header includes a type of address called
service point address or port address. Thus by specifying this
address, the transport layer makes sure that the message is
delivered to the correct process.

Services Provided by Transport Layer

● Connection-Oriented Service
● Connectionless Service

Layer 5 – Session Layer

Session Layer in the OSI Model is responsible for the establishment of
connections, management of connections, and terminations of sessions
between two devices. It also provides authentication and security. Protocols
used in the Session Layer are NetBIOS, PPTP.

Functions of the Session Layer

● Session Establishment, Maintenance, and Termination: The layer

allows the two processes to establish, use, and terminate a
connection.
● Synchronisation: This layer allows a process to add checkpoints that
are considered synchronisation points in the data. These
synchronisation points help to identify the error so that the data is
re-synchronized properly, and ends of the messages are not cut
prematurely and data loss is avoided.
● Dialog Controller: The session layer allows two systems to start
communication with each other in half-duplex or full-duplex.

Example

Let us consider a scenario where a user wants to send a message through

some Messenger application running in their browser. The “Messenger” here
acts as the application layer which provides the user with an interface to
create the data. This message or so-called Data is compressed, optionally
encrypted (if the data is sensitive), and converted into bits (0’s and 1’s) so
that it can be transmitted.
Communication in Session Layer

Layer 6 – Presentation Layer

The presentation layer is also called the Translation layer. The data from the
application layer is extracted here and manipulated as per the required
format to transmit over the network. Protocols used in the Presentation Layer
are JPEG, MPEG, GIF, TLS/SSL, etc.

Functions of the Presentation Layer

● Translation: For example, ASCII to EBCDIC.

● Encryption/ Decryption: Data encryption translates the data into
another form or code. The encrypted data is known as the ciphertext
and the decrypted data is known as plain text. A key value is used
for encrypting as well as decrypting data.
● Compression: Reduces the number of bits that need to be
transmitted on the network.

Layer 7 – Application Layer

At the very top of the OSI Reference Model stack of layers, we find the
Application layer which is implemented by the network applications. These
applications produce the data to be transferred over the network. This layer
also serves as a window for the application services to access the network
and for displaying the received information to the user. Protocols used in the
Application layer are SMTP, FTP, DNS, etc.
Application Layer

Functions of the Application Layer

The main functions of the application layer are given below.

● Network Virtual Terminal(NVT): It allows a user to log on to a

remote host.
● File Transfer Access and Management(FTAM): This application
allows a user to access files in a remote host, retrieve files in a
remote host, and manage or control files from a remote computer.
● Mail Services: Provide email service.
● Directory Services: This application provides distributed database
sources and access for global information about various objects and
services.

How Data Flows in the OSI Model?

Data flows through the OSI model in a step-by-step process:

● Application Layer: Applications create the data.

Each layer adds specific information to ensure the data reaches its
destination correctly, and these steps are reversed upon arrival.

We can understand how data flows through the OSI Model with the help of
an example mentioned below.

Let us suppose, Person A sends an e-mail to his friend Person B.

Step 1: Person A interacts with email applications like Gmail, outlook, etc.
Writes his email to send. (This happens at Application Layer).

Step 2: At Presentation Layer, Mail application prepares for data transmission

like encrypting data and formatting it for transmission.

Step 3: At Session Layer, There is a connection established between the

sender and receiver on the internet.

Step 4: At Transport Layer, Email data is broken into smaller segments. It

adds sequence number and error-checking information to maintain the
reliability of the information.

Step 5: At Network Layer, Addressing of packets is done in order to find the

best route for transfer.

Step 6: At Data Link Layer, data packets are encapsulated into frames, then
MAC address is added for local devices and then it checks for error using
error detection.

Step 7: At Physical Layer, Frames are transmitted in the form of electrical/

optical signals over a physical network medium like ethernet cable or WiFi.

After the email reaches the receiver i.e. Person B, the process will reverse and
decrypt the e-mail content. At last, the email will be shown on Person B
email client.

Protocols Used in the OSI Layers

Protocol
Layer Working Protocols
Data Unit
Establishing Physical
1 – Physical USB, SONET/SDH,
Connections between Bits
Layer etc.
Devices.

2 – Data Link Node to Node Delivery of

Frames Ethernet, PPP, etc.
Layer Message.

Transmission of data
3 – Network from one host to another, IP, ICMP, IGMP, OSPF,
Packets
Layer located in different etc.
networks.

Take Service from Segments

4 – Transport Network Layer and (for TCP) or
TCP, UDP, SCTP, etc.
Layer provide it to the Datagrams
Application Layer. (for UDP)
Establishes Connection,
5 – Session Maintenance, Ensures NetBIOS, RPC, PPTP,
Data
Layer Authentication and etc.
Ensures security.

Data from the application

6 – layer is extracted and
TLS/SSL, MIME, JPEG,
Presentation manipulated in the Data
PNG, ASCII, etc.
Layer required format for
transmission.

Helps in identifying the

7 – Application FTP, SMTP, DNS,
client and synchronizing Data
Layer DHCP, etc.
communication.

Why Does The OSI Model Matter?

The OSI Model matters because it provides the user a clear structure of “how
the data moves in the network?”. As the OSI Model consists of 7 layers, each
layer has its specific role, and due to which it helps in understanding,
identifying and solving the complex network problems easily by focusing on
one of the layers not the entire network.

As the modern Internet does not prefer the OSI Model, but still, the OSI
Model is still very helpful for solving network problems. It helps people
understand network concepts very easily.

Difference Between OSI and TCP/IP Model

OSI Model TCP/IP Model

OSI stands for Open Systems TCP/IP stands for Transmission

Interconnection. Control Protocol/Internet Protocol.

The OSI model has 7 layers. TCP/IP model consists of 4 layers.

Package delivery is guaranteed in Package delivery is not guaranteed

OSI Model. in the TCP/IP Model.
In the OSI model, Only layers 1,2
All layers of the TCP/IP model are
and 3 are necessary for data
needed for data transmission.
transmission.

Layers are integrated, some layers

Protocols at each layer are
are required by other layers of the
independent of the other layer.
TCP/IP model.

OSI Model is a conceptual Widely used in actual networks like

framework, less used in practical Internet and Communication
applications. Systems.
OSI vs TCP/IP

Advantages of OSI Model

The OSI Model defines the communication of a computing system into 7
different layers. Its advantages include:

● It divides network communication into 7 layers which makes it easier

to understand and troubleshoot.
● It standardises network communications, as each layer has fixed
functions and protocols.
● Diagnosing network problems is easier with the OSI model.
● It is easier to improve with advancements as each layer can get
updates separately.
Disadvantages of OSI Model
● The OSI Model has seven layers, which can be complicated and hard
to understand for beginners.
● In real-life networking, most systems use a simpler model called the
Internet protocol suite (TCP/IP), so the OSI Model is not always
directly applicable.
● Each layer in the OSI Model adds its own set of rules and
operations, which can make the process more time-consuming and
less efficient.
● The OSI Model is more of a theoretical framework, meaning it’s
great for understanding concepts but not always practical for
implementation.

Conclusion
In conclusion, the OSI (Open Systems Interconnection) model helps us
understand how data moves in networks. It consists of seven distinct layers:
Physical, Data Link, Network, Transport, Session, Presentation, and
Application. Each layer has specific responsibilities and interacts with the
layers directly above and below it. Since it is a conceptual model, the OSI
framework is still widely used to troubleshoot and understand networking
issues.

TCP and UDP in Transport Layer

Layer 3 or the Network layer uses IP or Internet Protocol which being a
connectionless protocol treats every packet individually and separately
leading to lack of reliability during a transmission. For example, when data is
sent from one host to another, each packet may take a different path even if it
belongs to the same session. This means the packets may/may not arrive in
the right order. Therefore, IP relies on the higher layer protocols to provide
reliability.

TCP (Transmission Control Protocol):

TCP is a layer 4 protocol which provides acknowledgement of the received
packets and is also reliable as it resends the lost packets. It is better than
UDP but due to these features it has an additional overhead. It is used by
application protocols like HTTP and FTP.

UDP (User Datagram Protocol):

UDP is also a layer 4 protocol but unlike TCP it doesn’t provide
acknowledgement of the sent packets. Therefore, it isn’t reliable and
depends on the higher layer protocols for the same. But on the other hand it
is simple, scalable and comes with lesser overhead as compared to TCP. It is
used in video and voice streaming.

TCP Vs UDP –

1. Session Multiplexing:
A single host with a single IP address is able to communicate with
multiple servers. While using TCP, first a connection must be
established between the server and the receiver and the connection
is closed when the transfer is completed. TCP also maintains
reliability while the transfer is taking place. UDP on the other hand
sends no acknowledgement of receiving the packets. Therefore, it
provides no reliability.

2. Segmentation:
Information sent is first broken into smaller chunks for transmission.
Maximum Transmission Unit or MTU of a Fast Ethernet is 1500
bytes whereas the theoretical value of TCP is 65495 bytes.
Therefore, data has to be broken into smaller chunks before being
sent to the lower layers. MSS or Maximum Segment Size should be
set small enough to avoid fragmentation. TCP supports MSS and
Path MTU discovery with which the sender and the receiver can
automatically determine the maximum transmission capability. UDP
doesn’t support this; therefore it depends on the higher layer
protocols for data segmentation.

3. Flow Control:
If the sender sends data faster than what the receiver can process
then the receiver will drop the data and then request for a
retransmission, leading to wastage of time and resources. TCP
provides end-to-end flow control which is realized using a sliding
window. The sliding window sends an acknowledgement from
receiver’s end regarding the data that the receiver can receive at a
time.
UDP doesn’t implement flow control and depends on the higher
layer protocols for the same.

4. Connection Oriented:
TCP is connection oriented, i.e., it creates a connection for the
transmission to take place, and once the transfer is over that
connection is terminated. UDP on the other hand is connectionless
just like IP (Internet Protocol).

5. Reliability:
TCP sends an acknowledgement when it receives a packet. It
requests a retransmission in case a packet is lost. UDP relies on the
higher layer protocols for the same.

6. Headers:
The size of TCP header is 20-bytes (16-bits for source port, 16-bits for the
destination port, 32-bits for seq number, 32-bits for ack number, 4-bits
header length)

The size of the UDP header is 8-bytes (16-bits for source port, 16-bits for
destination port, 16-bits for length, 16-bits for checksum); it’s significantly
smaller than the TCP header.

Both UDP and TCP header consists of 16-bit Source port(these are used for
identifying the port number of the source) fields and 16-bits destination port
(these are used for specifying the offered application) fields.

Differences between TCP and UDP

Transmission Control Protocol (TCP) and User Datagram Protocol (UDP) both
are protocols of the Transport Layer Protocols. TCP is a connection-oriented
protocol whereas UDP is a part of the Internet Protocol suite, referred to as
the UDP/IP suite. Unlike TCP, it is an unreliable and connectionless protocol.
In this article, we will discuss the differences between TCP and UDP.

What is the Transmission Control Protocol (TCP)?

TCP (Transmission Control Protocol) is one of the main protocols of the
Internet protocol suite. It lies between the Application and Network Layers
which are used in providing reliable delivery services. It is a
connection-oriented protocol for communications that helps in the exchange
of messages between different devices over a network. The Internet Protocol
(IP), which establishes the technique for sending data packets between
computers, works with TCP.

Grasping the differences between TCP and UDP is essential for excelling in
exams like GATE, where networking is a significant topic. To strengthen your
understanding and boost your exam preparation, consider enrolling in the
GATE CS Self-Paced Course. This course offers comprehensive coverage of
networking protocols, including in-depth explanations of TCP, UDP, and their
applications, ensuring you’re well-prepared for your exams.

Transmission Control Protocol

Features of TCP
● TCP keeps track of the segments being transmitted or received by
assigning numbers to every single one of them.
● Flow control limits the rate at which a sender transfers data. This is
done to ensure reliable delivery.
● TCP implements an error control mechanism for reliable data
transfer.
● TCP takes into account the level of congestion in the network.

Applications of TCP
● World Wide Web (WWW) : When you browse websites, TCP
ensures reliable data transfer between your browser and web
servers.
● Email : TCP is used for sending and receiving emails. Protocols like
SMTP (Simple Mail Transfer Protocol) handle email delivery across
servers.
● File Transfer Protocol (FTP) : FTP relies on TCP to transfer large files
securely. Whether you’re uploading or downloading files, TCP
ensures data integrity.
● Secure Shell (SSH) : SSH sessions, commonly used for remote
administration, rely on TCP for encrypted communication between
client and server.
● Streaming Media : Services like Netflix, YouTube, and Spotify use
TCP to stream videos and music. It ensures smooth playback by
managing data segments and retransmissions.

Advantages of TCP
● It is reliable for maintaining a connection between Sender and
Receiver.
● It is responsible for sending data in a particular sequence.
● Its operations are not dependent on Operating System .
● It allows and supports many routing protocols.
● It can reduce the speed of data based on the speed of the receiver.

Disadvantages of TCP
● It is slower than UDP and it takes more bandwidth.
● Slower upon starting of transfer of a file.
● Not suitable for LAN and PAN Networks.
● It does not have a multicast or broadcast category.
● It does not load the whole page if a single data of the page is
missing.

What is User Datagram Protocol (UDP)?

User Datagram Protocol (UDP) is a Transport Layer protocol. UDP is a part of
the Internet Protocol suite, referred to as the UDP/IP suite. Unlike TCP, it is an
unreliable and connectionless protocol. So, there is no need to establish a
connection before data transfer. The UDP helps to establish low-latency and
loss-tolerating connections establish over the network. The UDP enables
process-to-process communication.

User Datagram Protocol

Features of UDP
● Used for simple request-response communication when the size of
data is less and hence there is lesser concern about flow and error
control.
● It is a suitable protocol for multicasting as UDP supports packet
switching .
● UDP is used for some routing update protocols like RIP(Routing
Information Protocol) .
● Normally used for real-time applications which can not tolerate
uneven delays between sections of a received message.

Application of UDP
● Real-Time Multimedia Streaming : UDP is ideal for streaming audio
and video content. Its low-latency nature ensures smooth playback,
even if occasional data loss occurs.
● Online Gaming : Many online games rely on UDP for fast
communication between players.
● DNS (Domain Name System) Queries : When your device looks up
domain names (like converting “www.example.com” to an IP
address), UDP handles these requests efficiently .
● Network Monitoring : Tools that monitor network performance often
use UDP for lightweight, rapid data exchange.
● Multicasting : UDP supports packet switching, making it suitable for
multicasting scenarios where data needs to be sent to multiple
recipients simultaneously.
● Routing Update Protocols : Some routing protocols, like RIP
(Routing Information Protocol), utilize UDP for exchanging routing
information among routers.

Advantages of UDP
● It does not require any connection for sending or receiving data.
● Broadcast and Multicast are available in UDP.
● UDP can operate on a large range of networks.
● UDP has live and real-time data.
● UDP can deliver data if all the components of the data are not
complete.

Disadvantages of UDP
● We can not have any way to acknowledge the successful transfer of
data.
● UDP cannot have the mechanism to track the sequence of data.
● UDP is connectionless, and due to this, it is unreliable to transfer
data.
● In case of a Collision, UDP packets are dropped by Routers in
comparison to TCP.
● UDP can drop packets in case of detection of errors.

Which Protocol is Better: TCP or UDP?

The answer to this question is difficult because it totally depends on what
work we are doing and what type of data is being delivered. UDP is better in
the case of online gaming as it allows us to work lag-free. TCP is better if we
are transferring data like photos, videos, etc. because it ensures that data
must be correct has to be sent. In general, both TCP and UDP are useful in
the context of the work assigned by us. Both have advantages upon the
works we are performing, that’s why it is difficult to say, which one is better.
Difference Between TCP and UDP

Where TCP is Used?

● Sending Emails
● Transferring Files
● Web Browsing

Where UDP is Used?

● Gaming
● Video Streaming
● Online Video Chats

Differences between TCP and UDP

Transmission Control Protocol
Basis User Datagram Protocol (UDP)
(TCP)

TCP is a connection-oriented
protocol. Connection orientation UDP is the Datagram-oriented protocol.
means that the communicating This is because there is no overhead for
devices should establish a opening a connection, maintaining a
Type of Service connection before transmitting connection, or terminating a connection.
data and should close the UDP is efficient for broadcast and
connection after transmitting the multicast types of network transmission.
data.

TCP is reliable as it guarantees the

The delivery of data to the destination
Reliability delivery of data to the destination
cannot be guaranteed in UDP.
router.

Error checking UDP has only the basic error-checking

TCP provides extensive
mechanism mechanism using checksums.
error-checking mechanisms. It is
because it provides flow control
and acknowledgment of data.

Acknowledgme An acknowledgment segment is

No acknowledgment segment.
nt present.

Sequencing of data is a feature of

the Transmission Control Protocol There is no sequencing of data in UDP. If
Sequence (TCP). This means that packets the order is required, it has to be

arrive in order at the receiver. managed by the application layer.

TCP is comparatively slower than UDP is faster, simpler, and more efficient
Speed
UDP. than TCP.

There is no retransmission of lost

Retransmission of lost packets is
Retransmission packets in the User Datagram Protocol
possible in TCP, but not in UDP.
(UDP).
TCP has a (20-60) bytes variable
Header Length UDP has an 8 bytes fixed-length header.
length header.

Weight TCP is heavy-weight. UDP is lightweight.

Handshaking Uses handshakes such as SYN, It’s a connectionless protocol i.e. No

Techniques ACK, SYN-ACK handshake

Broadcasting TCP doesn’t support Broadcasting. UDP supports Broadcasting.

TCP is used by HTTP, HTTPs , FTP UDP is used by DNS , DHCP , TFTP,
Protocols
, SMTP and Telnet . SNMP , RIP , and VoIP .

The TCP connection is a byte

Stream Type UDP connection is a message stream.
stream.
Overhead Low but higher than UDP. Very low.

This protocol is primarily utilised in

This protocol is used in situations where
situations when a safe and
quick communication is necessary but
trustworthy communication
Applications where dependability is not a concern,
procedure is necessary, such as in
such as VoIP, game streaming, video,
email, on the web surfing, and in
and music streaming, etc.
military services.

Introduction to TELNET

TELNET stands for Teletype Network. It is a client/server application protocol

that provides access to virtual terminals of remote systems on local area
networks or the Internet. The local computer uses a telnet client program and
the remote computers use a telnet server program. In this article, we will
discuss every point about TELNET.

What is Telnet?
TELNET is a type of protocol that enables one computer to connect to the
local computer. It is used as a standard TCP/IP protocol for virtual terminal
service which is provided by ISO. The computer which starts the connection
is known as the local computer. The computer which is being connected to
i.e. which accepts the connection known as the remote computer. During
telnet operation, whatever is being performed on the remote computer will
be displayed by the local computer. Telnet operates on a client/server
principle.

History of TELNET
The Telnet protocol originated in the late 1960s, it was created to
provide remote terminal access and control over mainframes and
minicomputers. Initially, it was designed to be a simple and secure method of
connecting to a remote system. This protocol allowed users to access remote
computers using a terminal or command-line interface. Over time, Telnet’s
use has diminished due to security concerns, and alternatives like SSH are
now preferred for secure remote management

Logging in TELNET
The logging process can be further categorised into two parts:

● Local Login
● Remote Login

1. Local Login

Whenever a user logs into its local system, it is known as local login.
Local Login

The Procedure of Local Login

● Keystrokes are accepted by the terminal driver when the user types
at the terminal.
● Terminal Driver passes these characters to the OS.
● Now, the OS validates the combination of characters and opens the
required application.

2. Remote Login

Remote Login is a process in which users can log in to a remote site i.e.
computer and use services that are available on the remote computer. With
the help of remote login, a user is able to understand the result of
transferring the result of processing from the remote computer to the local
computer.

Remote Login in Logging

The Procedure of Remote Login

● When the user types something on the local computer, the local
operating system accepts the character.
● The local computer does not interpret the characters, it will send
them to the TELNET client.
● TELNET client transforms these characters to a universal character
set called Network Virtual Terminal (NVT) characters and it will
pass them to the local TCP/IP protocol Stack.
● Commands or text which are in the form of NVT, travel through the
Internet and it will arrive at the TCP/IP stack at the remote computer.
● Characters are then delivered to the operating system and later on
passed to the TELNET server.
● Then the TELNET server changes those characters to characters
that can be understandable by a remote computer.
● The remote operating system receives characters from a
pseudo-terminal driver, which is a piece of software that pretends
that characters are coming from a terminal.
● The operating system then passes the character to the appropriate
application program.

Network Virtual Terminal(NVT)

NVT (Network Virtual Terminal) is a virtual terminal in TELNET that has a
fundamental structure that is shared by many different types of real
terminals. NVT (Network Virtual Terminal) was created to make
communication viable between different types of terminals with different
operating systems.
Network Virtual Terminal(NVT) in Telnet

How TELNET Works?

● Client-Server Interaction
○ The Telnet client initiates the connection by sending requests
to the Telnet server.
○ Once the connection is established, the client can send
commands to the server.
○ The server processes these commands and responds
accordingly.
● Character Flow
○ When the user types on the local computer, the local operating
system accepts the characters.
○ The Telnet client transforms these characters into a universal
character set called Network Virtual Terminal (NVT)
characters.
○ These NVT characters travel through the Internet to the remote
computer via the local TCP/IP protocol stack.
○ The remote Telnet server converts these characters into a
format understandable by the remote computer.
○ The remote operating system receives the characters from a
pseudo-terminal driver and passes them to the appropriate
application program3.
● Network Virtual Terminal (NVT)
○ NVT is a virtual terminal in Telnet that provides a common
structure shared by different types of real terminals.
○ It ensures communication compatibility between various
terminals with different operating systems.

TELNET Commands
Commands of Telnet are identified by a prefix character, Interpret As
Command (IAC) with code 255. IAC is followed by command and option
codes. The basic format of the command is as shown in the following figure :

TELNET Command Format

Following are some of the important TELNET commands:

Character Decimal Binary Meaning

1. Offering to enable.

2. Accepting a request to
WILL 251 11111011
enable.

1. Rejecting a request to
enable.

2. Offering to disable.
WON’T 252 11111100
3. Accepting a request to
disable.
1. Approving a request to
enable.

DO 253 11111101`
2. Requesting to enable.

1. Disapproving a request to
enable.

2. Approving an offer to
DON’T 254 11111110 disable.

3. Requesting to disable.

Following are some common options used with the telnet:

Code Option Meaning

0 Binary It interprets as 8-bit binary transmission.

It will echo the data that is received on one

1 Echo
side to the other side.

Suppress go
3 It will suppress go ahead signal after data.
ahead

5 Status It will request the status of TELNET.

6 Timing mark It defines the timing marks.

8 Line width It specifies the line width.

9 Page size It specifies the number of lines on a page.

24 Terminal type It set the terminal type.

Terminal
32 It set the terminal speed.
speed

34 Line mode It will change to the line mode.

Uses of TELNET
● Remote Administration and Management
● Network Diagnostics
● Understanding Command-Line Interfaces
● Accessing Bulletin Board Systems (BBS)
● Automation and Scripting

Advantages of TELNET
● It provides remote access to someone’s computer system.
● Telnet allows the user for more access with fewer problems in data
transmission.
● Telnet saves a lot of time.
● The oldest system can be connected to a newer system with telnet
having different operating systems.

Disadvantages of TELNET
● As it is somehow complex, it becomes difficult for beginners to
understand.
● Data is sent here in the form of plain text, that’s why it is not so
secured.
● Some capabilities are disabled because of not proper interlinking of
the remote and local devices.

Modes of Operation
● Default Mode: If no other modes are invoked then this mode is used.
Echoing is performed in this mode by the client. In this mode, the
user types a character and the client echoes the character on the
screen but it does not send it until the whole line is completed.
● Character Mode: Each character typed in this mode is sent by the
client to the server. A server in this type of mode normally echoes
characters back to be displayed on the client’s screen.
● Line Mode: Line editing like echoing, character erasing, etc. is done
from the client side. The client will send the whole line to the server.

Conclusion
Telnet is a client/server application protocol that allows remote access to
virtual terminals via local area networks or the internet. Telnet’s use has
decreased due to security concerns, with protocols such as SSH chosen for
safe remote management. Telnet is still useful for remote administration,
network diagnostics, instructional purposes, and interacting with legacy
systems.

What are SSH Keys?

The SSH (Secure Shell) is an access credential that is used in the SSH
Protocol. In other words, it is a cryptographic network protocol that is used
for transferring encrypted data over the network. The port number of SSH is
22. It allows users to connect with the server, without having to remember or
enter a password for each system. It always comes in key pairs:

● Public key – Everyone can see it, no need to protect it. (for
encryption function).
● Private key – Stays in computer, must be protected. (for decryption
function).

Key pairs can be of the following types:

● User Key – If the public key and private key remain with the user.
● Host Key – If the public key and private key are on a remote system.
● Session key – Used when a large amount of data is to be
transmitted.

What is the Secure Shell Key ?

Secure Shell or SSH, is a protocol that allows you to connect securely to
another computer over an unsecured network. It developed in 1995. SSH
was designed to replace older methods like Telnet, which transmitted data in
plain text.
Imagine a system administrator working from home who needs to manage a
remote server at a company data centre. Without SSH, they would have to
worry about their login credentials being intercepted, leaving the server
vulnerable to hackers. Instead of it after using SSH, the administrator
establishes a secure connection that encrypts all data sent over the internet.
They can now log in with their username and a private key, allowing them to
safely execute commands on the server, transfer files, and make necessary
updates, all of these without the risk of spying eyes watching their actions.
This secure access is essential for maintaining the integrity of sensitive
information of the company. SSH (Secure Shell) is an access credential that is
used in the SSH Protocol. In other words, it is a cryptographic network
protocol that is used for transferring encrypted data over the network.

Features of SSH
● Encryption: Encrypted data is exchanged between the server and
client, which ensures confidentiality and prevents unauthorised
attacks on the system.
● Authentication: For authentication, SSH uses public and private key
pairs which provide more security than traditional password
authentication.
● Data Integrity: SSH provides Data Integrity of the message
exchanged during the communication.
● Tunnelling: Through SSH we can create secure tunnels for
forwarding network connections over encrypted channels.

SSH Functions
There are multiple functions performed by SSH Function, here below are
some functions:
● SSH provides high security as it encrypts all messages of
communication between client and server.
● SSH provides confidentiality.
● SSH allows remote login, hence is a better alternative to TELNET.
● SSH provides a secure File Transfer Protocol, which means we can
transfer files over the Internet securely.
● SSH supports tunnelling which provides more secure connection
communication.

SSH Protocol
To provide security between a client and a server the SSH protocol uses
encryption. All user authentication and file transfers are encrypted to protect
the network against attacks.

SSH Protocol

Techniques Used in SSH

There are majorly three major techniques used in SSH, which are
● Symmetric Cryptography: In Symmetric key cryptography the same
key used for encrypting and decrypting the message, a unique
single shared key is kept between the sender and receiver. For ex:
DES (Data Encryption Standard) and AES (Advanced Encryption
Standard).

Symmetric Cryptography

● Asymmetric Cryptography: In Asymmetric key cryptography the key

used for encrypting is different from the key used for decrypting the
message. For ex: RSA (Rivest–Shamir–Adleman) and Digital
Signature Algorithm.
Asymmetric Cryptography

● Hashing: Hashing is a procedure used in cryptography which

converts variable length string to a fixed length string, this fixed
length value is called hash value which is generated by hash
function.

Hashing
Commands in SSH
There are multiple commands supported by SSH protocol, you can tap on the
link if you want to know commands in SSH.

How does generally WorkThe general asymmetric?

For performing encryption and decryption it uses asymmetric cipher. There

are many encryption methods:
rsa, dsa, ed25519 etc.

The general procedure is:

● Public keys from the local computers (system) are passed to the
server which is to be accessed.
● The server then identifies if the public key is registered.
● If so, the server then creates a new secret key and encrypts it with
the public key which was sent to it via local computer.
● This encrypted code is sent to the local computer.
● This data is unlocked by the private key of the system and is sent to
the server.
● The server after receiving this data verifies the local computer.
● SSH creates a route and all the encrypted data is transferred
through it with no security issues.

SSH is key-based authentication that is not prone to brute-force attack. It is

more convenient and secure than login IDs and passwords (which can be
stolen in the middle). There is no exposure of valid credentials, if a server has
been compromised.

Generating an SSH key pair

Open your command prompt

type : ssh-keygen
Press enter
It will ask you for a location. Press Enter for default
location.
If it's already there, press 'y' to overwrite.
You may enter a passphrase as you like, press enter.

An example of generating an SSH Key pair in the latest version of Windows

10 is given below:

Generating SSH keys on Windows, Linux, generally which and Mac:

OMAC OsX and Linux : terminal (build in)
OWindows :- PuTTY

Conclusion
SSH keys are a necessary component for securing connections between your
computer and remote servers. By using a pair of cryptographic keys, one
public and one private you can authenticate yourself without sending
passwords over the network, making your connections much safer. This
method not only simplifies the login process but also enhances security by
protecting sensitive data from potential threats. Understanding how SSH
keys work is crucial for anyone looking to manage servers or transfer files
securely over the internet. With the growing importance of cybersecurity,
utilising SSH keys is a simple yet effective way to secure your online
activities.

Frequently Asked Question on SSH (Secure Shell)

-FAQ’s
How does SSH provide security?
It disintegrates the data that travels over the network via encryption. All that
a receiving party would discover is something like static, meaningless
random data that requires decryption.

What is the default port number of SSH?

The default port number of SSH is 22.

Distinguish between SSH1 and SSH2?

SSH2 employs host keys for system authentication, SSH1 encrypts distinct
portions of the packets and uses both server and host keys. SSH2 uses a
different networking technology than SSH1, and it is a total redesign of the
protocol. SSH2 is also more secure.
What is port forwarding in SSH?

The method of sending data over an encrypted secure shell connection

between a local and remote server is called SSH port forwarding, or SSH
tunnelling

Difference between SSH and Telnet

SSH and Telnet are two protocols commonly used to log on remotely and
perform configuration and management tasks on devices that are connected
via a network. Although both types of wireless networks differ slightly in
general function, they have more differences in the aspects of the security
features and operations. Due to the strong security measures implemented in
its protocols, SSH is the most popular in modern networking.

Telnet is much older than SSH and is currently considered outdated as it

does not encrypt the data transmitted between the user and the system and
is therefore prone to security-related threats. Knowing the distinctions
between SSH and Telnet is mainly important to avoid confusion and make
the right decision when it comes to framing the network.

SSH or Secure SHell

SSH or Secure SHell is now the only major protocol to access network
devices and servers over the internet. SSH was developed by SSH
Communications Security Ltd., it is a program to log into another computer
over a network, execute commands in a remote machine, and move files from
one machine to another.

● It provides strong authentication and secure communications over

insecure channels.
● SSH runs on port 22 by default. However, it can be easily changed.
SSH is a very secure protocol because it shares and sends the
information in encrypted form which provides confidentiality and
security of the data over an unsecured network such as the internet.
● Once the data for communication is encrypted using SSH, it is
extremely difficult to decrypt and read that data, so our passwords
also become secure to travel on a public network.
● SSH also uses a public key for the authentication of users accessing
a server and it is a great practice providing us extreme security. SSH
is mostly used in all popular operating systems like Unix, Solaris,
Red Hat Linux, CentOS, Ubuntu etc.
● SSH protects a network from attacks such as IP spoofing, IP source
routing, and DNS spoofing. An attacker who has managed to take
over a network can only force SSH to disconnect. He or she cannot
play back the traffic or hijack the connection when encryption is
enabled.
● When using ssh’s login (instead of rlogin) the entire login session,
including the transmission of password, is encrypted. Therefore it is
almost impossible for an outsider to collect passwords.

Installation of the OpenSSH client and server applications is simpler.

To install it on your Ubuntu system, use this command at a terminal prompt:

$sudo apt-get update
$sudo apt install openssh-client

To install the OpenSSH server application, and related support files, use this
command at a terminal prompt:
$sudo apt-get update
$sudo apt install openssh-server

And that’s pretty much it! Simple no?

Telnet
Telnet is the joint abbreviation of Telecommunications and Networks and it is
a networking protocol best known for the UNIX platform. Telnet uses port 23
and it was designed specifically for local area networks.

● Telnet is famous for being the original Internet when the Net first launched
in 1969 and was built to be a form of remote control to manage mainframe
computers from distant terminals. In those original days of large mainframe
computers, telnet enabled research students and professors to ‘log in’ to the
university mainframe from any terminal in the building.
● This remote login saved researchers hours of walking each semester. While
telnet pales in comparison to modern networking technology, it was
revolutionary in 1969, and telnet helped pave the way for the eventual
World Wide Web in 1989. While telnet technology is very old, it is still in
some use today by purists.
● Telnet is not a secure communication protocol because it does not use any
security mechanism and transfers the data over network/internet in a
plain-text form including the passwords and so any one can sniff the
packets to get that important information.
● There are no authentication policies & data encryption techniques used in
telnet causing huge security threats that is why telnet is no longer used for
accessing network devices and servers over public networks.

On Ubuntu(a famous and my personal favourite linux distro.) We can install

the telnet server with following commands:
$sudo apt-get install xinetd telnetd

The service should be fired-up automatically once the installation is done.

Your may also check the service status if required using:
$sudo /etc/init.d/xinetd status
To Telnet an IP:
$telnet serverip

If you would like to change its ports, you’ll need to edit /etc/services with the
line:
$telnet 23/tcp

Once changed, restart to apply the changes with:

$sudo /etc/init.d/xinetd restart

Right now it might looking like some tedious and wacky terminal commands
but if you try to run them once on your terminal, trust me you’ll find it
extremely easy!

Just like SSH, Telnet is also apparently just a dull and boring terminal screen
but with some unimaginable features.

Feature SSH (Secure Shell) Telnet (Telecommunication Network)

SSH encrypts the data

transmitted, ensuring Telnet transmits data in plain text, making it vulnerable t
Security
confidentiality and eavesdropping and man-in-the-middle attacks.
integrity.
SSH uses strong
authentication methods Telnet uses basic authentication methods, often witho
Authentication
like password-based or encryption, making it insecure.
key-based authentication.

Default Port 22 23

Data is encrypted,
Data providing secure
No encryption, data is transmitted in plain text.
Encryption communication over the
network.

Commonly used for

secure remote Typically used for remote management of devices but is no
Usage
administration of network largely obsolete due to security risks.
devices and systems.

Telnet is an older protocol that provides unencrypte

Protocol SSH is a protocol that
communication over a network.
provides secure,
encrypted channels over
an unsecured network.

SSH supports file transfer

using SCP (Secure Copy)
File Transfer Telnet does not natively support file transfer.
or SFTP (Secure File
Transfer Protocol).

Operating Widely supported across

Supported on many systems but is now deprecated an
System various operating systems
replaced by more secure alternatives.
Support (Unix, Linux, Windows).

Differences Between SSH and Telnet Lastly, there are some

SSH clients, the software that you can use to set up a connection with the
SSH server available for all the major operating systems and tablet operating
systems.

● Mac OS X & Linux: built-in, available in Terminal

● Windows: PuTTY, others
● Android: JuiceSSH, others
● iOS: Prompt, others

If you want to connect your Windows PC with a Linux PC then you need
software called ‘PuTTY’.

After installation it’ll look a lot like this:

Conclusion
SSH and Telnet are both used to manage the devices remotely but
there is a huge difference in terms of providing security to the network. SSH
is recommended in present day networking since it has relatively high
encryption and authentication aspects hence enhancing the security of the
network. Although Telnet is easier to use and more easy to implement, it is
deemed insecure for most of the applications and has not been in use as
widely as its replacement protocols. To achieve proper evaluation of the
protocols it is vital to comprehend their strengths and weaknesses to ensure
that their best fit in meeting the required networking functionality is
employed.

Difference Between SSH and Telnet -FAQs

Why is SSH more secure than Telnet? SSH has security measures of
encrypting all the text passed within the client and the server, including
passwords, and Telnet sends all the commands and responses in a plain text
that is easily intercepted.

Can I use Telnet for secure communications? Due to the incapability of

Telnet to encrypt data transferred, it is not suggested to be used for secure
communications since this data can simply be snooped.

Is SSH compatible with Telnet? SSH client is not compatible with Telnet,
however there are certain clients available in the SSH that could mimic the
Telnet in order to connect to the Telnet enabled only servers. But, this does
not bring encryption or security to the link into play.

When should I use Telnet instead of SSH? Telnet may be used in reliable
and secure networks where the encryption is not essential or use it in
diagnostic of old models systems where SSH is unavailable. Yet again,
however, SSH is usually preferable to RSH.

What are Ports in Networking?

Whenever any application in one computer sends data to another application

of a different computer then it sends using IP Address and MAC Address but
how does our computer know that this data is for a specific application and
this data is sent by any specific application? There comes the concept of Port.

For instance, imagine your MAC Address or IP Address as the PIN code of the
nearest Post Office and your house address as a Port. Whenever any parcel
is sent to you it gets received by the nearest post office and then it is
identified by your address where to deliver that parcel. Similarly in a
computer data is first received using their IP or MAC address then it is
delivered to the application whose port number is with the data packets.
Port is a logical address of a 16-bit unsigned integer that is allotted to every
application on the computer that uses the internet to send or receive
data.Now every time any application sends any data, it is identified by the
port on which the application sent that data and the data is to be transferred
to the receiver application according to its port. We often call port as port
number.

In the OSI Model ports are used in the Transport layer. In the headers of
Transport layer protocols like TCP and UDP, we have a section to define
port(port number). The network layer has to do nothing with ports, their
protocols only care about IP Addresses.

Ports are assigned by computer i.e. operating system to different

applications. Ports help computers to differentiate between incoming and
outgoing traffic. Since the port is a 16-bit unsigned number it ranges from 0
to 65535.

Types of Ports
Ports are further divided into three categories:

● Well Known Port

● Registered port
● Dynamic Port

Well Known Port

● It is from the range 0 to 1023

● It is reserved for common and specifically used service
● It is used by some widely adopted protocols and services like
HTTP(port 80), FTP(port 21), DNS(Port 53), SSH(port 22), etc…..
Registered Port

● It is from range 1024 to 49151

● These are used by applications or services that are not as common
● But it is used by those applications or services which require its
specific port
● Organisations can ask IANA(Internet Assigned Number Authority)
for any specific port number within this range

Dynamic Port

● It is from range 49152 to 65535

● It is also known as Ephemeral or Private Port
● It is used for those connections that are temporary or short-lived
● It is not registered or assigned and can be used by any process

Importance of Ports
Ports have many significance. Some of them are-

● Identification of service- Different applications/services that work on

the same device can be differentiated by their port numbers. For
example, HTTP(Port number 80) and SMTP(port number 25) in the
same computer uses different port number to ensure their data goes
to the correct service
● Efficient Data Routing- When a network device receives data from
different places it uses port numbers to efficiently route those data
packets to the respective application
● Block traffic from specific applications/services- When we have to
block incoming or outgoing traffic from a specific application/service
then we need to install a firewall and specify the port number of
that application/service. We block traffic from/to some specific
applications/services when we find any potential threats from those
applications/services
● Scalability of services- Many services can run simultaneously on the
same device and can be differentiated using their port number. This
helps the device to scale and support many services at the same
time.

Some Popular Port Numbers

Port Number Used By

80 HTTP(HyperText Transfer Protocol)

23 Telnet

25 SMTP(Simple Mail Transfer Protocol)

53 DNS(Domain Name System)

7 Echo

20/21 FTP(File Transfer Protocol)

69 TFTP(Trivial File Transfer Protocol)

HTTPS(Hyper Text Transfer Protocol

443
Secure)

22 SSH(Secure Shell)

110 POP3(Post Office Protocol version 3)

DHCP(Dynamic Host Configuration
67/68
Protocol0

123 NTP(Network Time Protocol)

143 IMAP(Internet Messaging Access Protocol)

1433 Microsoft SQL

3306 MySQL

5432 PostgreSQL

27017 MongoDB
Some common/Popular port numbers that are used by those
applications/services which are frequently used by us-FAQs on Ports in
Networking

Q.1: What is Port? Port is a logical address of a 16-bit unsigned integer

that is allotted to every application on the computer that uses the internet to
send or receive data. It ranges from 0 to 65535.

Q.2: What is the Socket Address? Socket Address is the combination of IP

Address and Port Number. It is used in communication between two different
applications/services.

Q. 3: Why is Port Number used? Port Number or Port is used to uniquely

identify any application/services running on the same

Dynamic Host Configuration Protocol (DHCP)

Dynamic Host Configuration Protocol is a network protocol used to
automate the process of assigning IP addresses and other network
configuration parameters to devices (such as computers, smartphones, and
printers) on a network. Instead of manually configuring each device with an
IP address, DHCP allows devices to connect to a network and receive all
necessary network information, like IP address, subnet mask, default
gateway, and DNS server addresses, automatically from a DHCP server.

This makes it easier to manage and maintain large networks, ensuring

devices can communicate effectively without conflicts in their network
settings. DHCP plays a crucial role in modern networks by simplifying the
process of connecting devices and managing network resources efficiently.
What is DHCP?
DHCP stands for Dynamic Host Configuration Protocol. It is the critical
feature on which the users of an enterprise network communicate. DHCP
helps enterprises to smoothly manage the allocation of IP addresses to the
end-user clients’ devices such as desktops, laptops, cellphones, etc. is an
application layer protocol that is used to provide:
Subnet Mask (Option 1 - e.g., 255.255.255.0)
Router Address (Option 3 - e.g., 192.168.1.1)
DNS Address (Option 6 - e.g., 8.8.8.8)
Vendor Class Identifier (Option 43 - e.g.,
'unifi' = 192.168.1.9 ##where unifi = controller)

DHCP is based on a client-server model and based on discovery, offer,

request, and ACK. DHCP simplifies network configuration by dynamically
assigning IP addresses.

Why Do We Use DHCP?

DHCP helps in managing the entire process automatically and
centrally. DHCP helps in maintaining a unique IP Address for a host using the
server. DHCP servers maintain information on TCP/IP configuration and
provide configuration of address to DHCP-enabled clients in the form of a
lease offer.

Components of DHCP
The main components of DHCP include:

● DHCP Server: DHCP Server is a server that holds IP Addresses and other
information related to configuration.
● DHCP Client: It is a device that receives configuration information from the
server. It can be a mobile, laptop, computer, or any other electronic device
that requires a connection.
● DHCP Relay: DHCP relays basically work as a communication channel
between DHCP Client and Server.
● IP Address Pool: It is the pool or container of IP Addresses possessed by the
DHCP Server. It has a range of addresses that can be allocated to devices.
● Subnets: Subnets are smaller portions of the IP network partitioned to keep
networks under control.
● Lease: It is simply the time that how long the information received from the
server is valid, in case of expiration of the lease, the tenant must have to
re-assign the lease.
● DNS Servers: DHCP servers can also provide DNS (Domain Name System)
server information to DHCP clients, allowing them to resolve domain names
to IP addresses.
● Default Gateway: DHCP servers can also provide information about the
default gateway, which is the device that packets are sent to when the
destination is outside the local network.
● Options: DHCP servers can provide additional configuration options to
clients, such as the subnet mask, domain name, and time server information.
● Renewal: DHCP clients can request to renew their lease before it expires to
ensure that they continue to have a valid IP address and configuration
information.
● Failover: DHCP servers can be configured for failover, where two servers
work together to provide redundancy and ensure that clients can always
obtain an IP address and configuration information, even if one server goes
down.
● Dynamic Updates: DHCP servers can also be configured to dynamically
update DNS records with the IP address of DHCP clients, allowing for easier
management of network resources.
● Audit Logging: DHCP servers can keep audit logs of all DHCP transactions,
providing administrators with visibility into which devices are using which IP
addresses and when leases are being assigned or renewed.

DHCP Packet Format

● Hardware Length: This is an 8-bit field defining the length of the
physical address in bytes. e.g for Ethernet the value is 6.
● Hop count: This is an 8-bit field defining the maximum number of
hops the packet can travel.
● Transaction ID: This is a 4-byte field carrying an integer. The
transaction identification is set by the client and is used to match a
reply with the request. The server returns the same value in its
reply.
● Number of Seconds: This is a 16-bit field that indicates the number
of seconds elapsed since the time the client started to boot.
● Flag: This is a 16-bit field in which only the leftmost bit is used and
the rest of the bit should be set to os. A leftmost bit specifies a
forced broadcast reply from the server. If the reply were to be
unicast to the client, the destination. IP address of the IP packet is
the address assigned to the client.
● Client IP Address: This is a 4-byte field that contains the client IP
address . If the client does not have this information this field has a
value of 0.
● Your IP Address: This is a 4-byte field that contains the client IP
address. It is filled by the server at the request of the client.
● Server IP Address: This is a 4-byte field containing the server IP
address. It is filled by the server in a reply message.
● Gateway IP Address: This is a 4-byte field containing the IP address
of a router. IT is filled by the server in a reply message.
● Client Hardware Address: This is the physical address of the client
.Although the server can retrieve this address from the frame sent
by the client it is more efficient if the address is supplied explicit by
the client in the request message.
● Server Name: This is a 64-byte field that is optionally filled by the
server in a reply packet. It contains a null-terminated string
consisting of the domain name of the server. If the server does not
want to fill this filed with data, the server must fill it with all 0s.
● Boot Filename: This is a 128-byte field that can be optionally filled
by the server in a reply packet. It contains a null- terminated string
consisting of the full pathname of the boot file. The client can use
this path to retrieve other booting information. If the server does not
want to fill this field with data, the server must fill it with all 0s.
● Options: This is a 64-byte field with a dual purpose. IT can carry
either additional information or some specific vendor information.
The field is used only in a reply message. The server uses a number,
called a magic cookie, in the format of an IP address with the value
of 99.130.83.99. When the client finishes reading the message, it
looks for this magic cookie. If present the next 60 bytes are options.

Working of DHCP
DHCP works on the Application layer of the UDP Protocol. The main
task of DHCP is to dynamically assign IP Addresses to the Clients and
allocate information on TCP/IP configuration to Clients. For more, you can
refer to the Article Working of DHCP.

The DHCP port number for the server is 67 and for the client is 68. It is a
client-server protocol that uses UDP services. An IP address is assigned from
a pool of addresses. In DHCP, the client and the server exchange mainly 4
DHCP messages in order to make a connection, also called the DORA
process, but there are 8 DHCP messages in the process.
Working of DHCP

The 8 DHCP Messages

1. DHCP Discover Message: This is the first message generated in the
communication process between the server and the client. This message is
generated by the Client host in order to discover if there is any DHCP
server/servers present in a network or not. This message is broadcasted to all
devices present in a network to find the DHCP server. This message is 342 or
576 bytes long.
DHCP Discover Message

As shown in the figure, the source MAC address (client PC) is

08002B2EAF2A, the destination MAC address(server) is FFFFFFFFFFFF, the
source IP address is 0.0.0.0(because the PC has had no IP address till now)
and the destination IP address is 255.255.255.255 (IP address used for
broadcasting). As they discover a message is broadcast to find out the DHCP
server or servers in the network therefore broadcast IP address and MAC
address is used.

2. DHCP Offers A Message: The server will respond to the host in this
message specifying the unleashed IP address and other TCP configuration
information. This message is broadcasted by the server. The size of the
message is 342 bytes. If there is more than one DHCP server present in the
network then the client host will accept the first DHCP OFFER message it
receives. Also, a server ID is specified in the packet in order to identify the
server.

DHCP Offer Message

Now, for the offer message, the source IP address is 172.16.32.12

(server’s IP address in the example), the destination IP address is
255.255.255.255 (broadcast IP address), the source MAC address is
00AA00123456, the destination MAC address is 00:11:22:33:44:55 (client’s
MAC address). Here, the offer message is broadcast by the DHCP server
therefore destination IP address is the broadcast IP address and destination
MAC address is 00:11:22:33:44:55 (client’s MAC address)and the source IP
address is the server IP address and the MAC address is the server MAC
address.
Also, the server has provided the offered IP address 192.16.32.51 and a
lease time of 72 hours(after this time the entry of the host will be erased
from the server automatically). Also, the client identifier is the PC MAC
address (08002B2EAF2A) for all the messages.

3. DHCP Request Message: When a client receives an offer message, it

responds by broadcasting a DHCP request message. The client will produce
a gratuitous ARP in order to find if there is any other host present in the
network with the same IP address. If there is no reply from another host, then
there is no host with the same TCP configuration in the network and the
message is broadcasted to the server showing the acceptance of the IP
address. A Client ID is also added to this message.

DHCP Request Message

Now, the request message is broadcast by the client PC therefore source IP
address is 0.0.0.0(as the client has no IP right now) and destination IP
address is 255.255.255.255 (the broadcast IP address) and the source MAC
address is 08002B2EAF2A (PC MAC address) and destination MAC address
is FFFFFFFFFFFF.

Note – This message is broadcast after the ARP request broadcast by the PC
to find out whether any other host is not using that offered IP. If there is no
reply, then the client host broadcasts the DHCP request message for the
server showing the acceptance of the IP address and Other TCP/IP
Configuration.

4. DHCP Acknowledgement Message: In response to the request message

received, the server will make an entry with a specified client ID and bind the
IP address offered with lease time. Now, the client will have the IP address
provided by the server.
Now the server will make an entry of the client host with the offered IP
address and lease time. This IP address will not be provided by the server to
any other host. The destination MAC address is 00:11:22:33:44:55 (client’s
MAC address) and the destination IP address is 255.255.255.255 and the
source IP address is 172.16.32.12 and the source MAC address is
00AA00123456 (server MAC address).

5. DHCP Negative Acknowledgment Message: Whenever a DHCP server

receives a request for an IP address that is invalid according to the scopes
that are configured, it sends a DHCP Nak message to the client. Eg-when the
server has no IP address unused or the pool is empty, then this message is
sent by the server to the client.

6. DHCP Decline: If the DHCP client determines the offered configuration

parameters are different or invalid, it sends a DHCP decline message to the
server. When there is a reply to the gratuitous ARP by any host to the client,
the client sends a DHCP decline message to the server showing the offered
IP address is already in use.

7. DHCP Release: A DHCP client sends a DHCP release packet to the server
to release the IP address and cancel any remaining lease time.

8. DHCP Inform: If a client address has obtained an IP address manually then

the client uses DHCP information to obtain other local configuration
parameters, such as domain name. In reply to the DHCP inform message, the
DHCP server generates a DHCP ack message with a local configuration
suitable for the client without allocating a new IP address. This DHCP ack
message is unicast to the client.

Note – All the messages can be unicast also by the DHCP relay agent if the
server is present in a different network.

Security Considerations for Using DHCP

To make sure your DHCP servers are safe, consider these DHCP security
issues:

● Limited IP Addresses : A DHCP server can only offer a set number

of IP addresses. This means attackers could flood the server with
requests, causing essential devices to lose their connection.
● Fake DHCP Servers : Attackers might set up fake DHCP servers to
give out fake IP addresses to devices on your network.
● DNS Access : When users get an IP address from DHCP, they also
get DNS server details. This could potentially allow them to access
more data than they should. It’s important to restrict network
access, use firewalls, and secure connections with VPNs to protect
against this.

Protection Against DHCP Starvation Attack

A DHCP starvation attack happens when a hacker floods a DHCP server with
requests for IP addresses. This overwhelms the server, making it unable to
assign addresses to legitimate users. The hacker can then block access for
authorized users and potentially set up a fake DHCP server to intercept and
manipulate network traffic, which could lead to a man-in-the-middle attack.

Reasons Why Enterprises Must Automate DHCP?

Automating your DHCP system is crucial for businesses because it reduces
the time and effort your IT team spends on manual tasks. For instance,
DHCP-related issues like printers not connecting or subnets not working with
the main network can be avoided automatically.

Automated DHCP also allows your operations to grow smoothly. Instead of

hiring more staff to handle tasks that automation can manage, your team can
focus on other important areas of business growth.
Advantages
● Centralized management of IP addresses.
● Centralized and automated TCP/IP configuration .
● Ease of adding new clients to a network.
● Reuse of IP addresses reduces the total number of IP addresses that
are required.
● The efficient handling of IP address changes for clients that must be
updated frequently, such as those for portable devices that move to
different locations on a wireless network.
● Simple reconfiguration of the IP address space on the DHCP server
without needing to reconfigure each client.
● The DHCP protocol gives the network administrator a method to
configure the network from a centralized area.
● With the help of DHCP, easy handling of new users and the reuse of
IP addresses can be achieved.

Disadvantages
● IP conflict can occur.
● The problem with DHCP is that clients accept any server.
Accordingly, when another server is in the vicinity, the client may
connect with this server, and this server may possibly send invalid
data to the client.
● The client is not able to access the network in absence of a DHCP
Server.
● The name of the machine will not be changed in a case when a new
IP Address is assigned.

Conclusion
In conclusion, DHCP is a technology that simplifies network setup by
automatically assigning IP addresses and network configurations to devices.
While DHCP offers convenience, it’s important to manage its security
carefully. Issues such as IP address exhaustion, and potential data access
through DNS settings highlight the need for robust security measures like
firewalls and VPNs to protect networks from unauthorized access and
disruptions. DHCP remains essential for efficiently managing network
connections while ensuring security against potential risks.

Simple Mail Transfer Protocol (SMTP)

Simple Mail Transfer mechanism (SMTP) is a mechanism for exchanging
email messages between servers. It is an essential component of the email
communication process and operates at the application layer of the TCP/IP
protocol stack. SMTP is a protocol for transmitting and receiving email
messages. In this article, we are going to discuss every point about SMTP.

What is a Simple Mail Transfer Protocol?

SMTP is an application layer protocol. The client who wants to send the mail
opens a TCP connection to the SMTP server and then sends the mail across
the connection. The SMTP server is an always-on listening mode. As soon as
it listens for a TCP connection from any client, the SMTP process initiates a
connection through port 25. After successfully establishing a TCP connection
the client process sends the mail instantly.
SMTP

SMTP Protocol
The SMTP model is of two types:

● End-to-End Method
● Store-and-Forward Method

The end-to-end model is used to communicate between different

organisations whereas the store and forward method is used within an
organisation. An SMTP client who wants to send the mail will contact the
destination’s host SMTP directly, to send the mail to the destination. The
SMTP server will keep the mail to itself until it is successfully copied to the
receiver’s SMTP.
The client SMTP is the one that initiates the session so let us call it the
client-SMTP and the server SMTP is the one that responds to the session
request so let us call it receiver-SMTP. The client-SMTP will start the session
and the receiver SMTP will respond to the request.
Model of SMTP System
In the SMTP model the user deals with the user agent (UA), for example,
Microsoft Outlook, Netscape, Mozilla, etc. To exchange the mail using TCP,
MTA is used. The user sending the mail doesn’t have to deal with MTA as it is
the responsibility of the system admin to set up a local MTA. The MTA
maintains a small queue of mail so that it can schedule repeat delivery of
mail in case the receiver is not available. The MTA delivers the mail to the
mailboxes and the information can later be downloaded by the user agents.

SMTP Model

Components of SMTP
● Mail User Agent (MUA): It is a computer application that helps you
in sending and retrieving mail. It is responsible for creating email
messages for transfer to the mail transfer agent(MTA).
● Mail Submission Agent (MSA): It is a computer program that
receives mail from a Mail User Agent(MUA) and interacts with the
Mail Transfer Agent(MTA) for the transfer of the mail.
● Mail Transfer Agent (MTA): It is software that has the work to
transfer mail from one system to another with the help of SMTP.
● Mail Delivery Agent (MDA): A mail Delivery agent or Local Delivery
Agent is basically a system that helps in the delivery of mail to the
local system.

How does SMTP Work?

● Communication between the sender and the receiver: The sender’s
user agent prepares the message and sends it to the MTA. The
MTA’s responsibility is to transfer the mail across the network to the
receiver’s MTA. To send mail, a system must have a client MTA, and
to receive mail, a system must have a server MTA.
● Sending Emails: Mail is sent by a series of request and response
messages between the client and the server. The message which is
sent across consists of a header and a body. A null line is used to
terminate the mail header and everything after the null line is
considered the body of the message, which is a sequence of ASCII
characters. The message body contains the actual information read
by the receipt.
● Receiving Emails: The user agent on the server-side checks the
mailboxes at a particular time of intervals. If any information is
received, it informs the user about the mail. When the user tries to
read the mail it displays a list of emails with a short description of
each mail in the mailbox. By selecting any of the mail users can view
its contents on the terminal.
Working of SMTP

What is an SMTP Envelope?

● Purpose
○ The SMTP envelope contains information that guides
email delivery between servers.
○ It is distinct from the email headers and body and is
not visible to the email recipient.
● Contents of the SMTP Envelope
○ Sender Address: Specifies where the email
originates.
○ Recipient Addresses: Indicates where the email
should be delivered.
○ Routing Information: Helps servers determine the
path for email delivery.
● Comparison to Regular Mail
○ Think of the SMTP envelope as the address on a
physical envelope for regular mail.
○ Just like an envelope guides postal delivery, the
SMTP envelope directs email servers on where to
send the email.

What are SMTP Commands?

S.No. Keywor Command form Description Usage

It provides the
HELO<SP><dom identification of
1. HELO Mandatory
ain><CRLF> the sender i.e.
the host name.

MAIL<SP>FROM
It specifies the
:
2. MAIL originator of Mandatory
<reverse-path><
the mail.
CRLF>
RCPT<SP>TO : It specifies the
3. RCPT <forward-path> recipient of Mandatory
<CRLF> mail.

It specifies the
4. DATA DATA<CRLF> beginning of Mandatory
the mail.

It closes the
5. QUIT QUIT<CRLF> TCP Mandatory
connection.

It aborts the
current mail
Highly
transaction but
6. RSET RSET<CRLF> recommende
the TCP
d
connection
remains open.
It is use to
Highly
VRFY<SP><strin confirm or
7. VRFY recommende
g><CRLF> verify the user
d
name.

Highly
8. NOOP NOOP<CRLF> No operation recommende
d

It reverses the
9. TURN TURN<CRLF> role of sender Seldom used
and receiver.

It specifies the
EXPN<SP><strin
10. EXPN mailing list to Seldom used
g><CRLF>
be expanded.

HELP<SP><strin
11. HELP It send some Seldom used
g><CRLF>
specific
documentation
to the system.

SEND<SP>FRO
M: It send mail to
12. SEND Seldom used
<reverse-path>< the terminal.
CRLF>

It send mail to
SOML<SP>FRO
the terminal if
M:
13. SOML possible; Seldom used
<reverse-path><
otherwise to
CRLF>
mailbox.

SAML<SP>FRO
It send mail to
M:
14. SAML the terminal Seldom used
<reverse-path><
and mailbox.
CRLF>

What port does SMTP use?

The Simple Mail Transfer Protocol (SMTP) commonly uses port 587 for
secure transmission via TLS. While port 465 was previously supported by
many providers, it is no longer an accepted standard. Additionally, port 25 is
mainly used for SMTP relay, not for SMTP submission. Although port 2525 is
not an official SMTP port, it can serve as a good alternative

Difference Between SMTP and Extended SMTP

SMTP Extended SMTP

Users were not verified in SMTP

In Extended SMTP, authentication
as a result of massive-scale scam
of the sender is done.
emails being sent.

We cannot attach a Multimedia

We can directly attach Multimedia
file in SMTP directly without the
FIle in ESMTP.
help of MMIE.

We cannot reduce the size of the We can reduce the size of the email
email in SMTP. in Extended SMTP.
The main identification feature for
SMTP clients open transmission ESMTP clients is to open a
with the command HELO. transmission with the command
EHLO (Extended HELLO).

Advantages of SMTP
● If necessary, the users can have a dedicated server.
● It allows for bulk mailing.
● Low cost and wide coverage area.
● Offer choices for email tracking.
● Reliable and prompt email delivery.

Disadvantages of SMTP
● SMTP’s common port can be blocked by several firewalls.
● SMTP security is a bigger problem.
● Its simplicity restricts how useful it can be.
● Just 7-bit ASCII characters can be used.
● If a message is longer than a certain length, SMTP servers may
reject the entire message.
● Delivering your message will typically involve additional
back-and-forth processing between servers, which will delay
sending and raise the likelihood that it won’t be sent.

SMTP vs POP vs IMAP

SMTP POP IMAP

Stands for Internet

Stands for Simple mail Stands for Post
Message Access
transfer protocol Office Protocol.
Protocol.

Used for Used for retrieving

Used for sending mail.
retrieving mail. mail.

it is push protocol. it is pull protocol. it is pull protocol.

It work between sender’s It work between

It works between
mail server to receiver’s receiver and
receiver and
mail server and sender receiver’s mail
receiver’s mail server.
and sender’s mail server. server.
It download all It store all mail on
It does not store mail on
the mail when it server and download
server it just send the
connected to when it get request
mail.
internet. to download.

Works on TCP port Works on TCP Works on TCP port

number 25. port number 110. number 143.

Connection oriented Connection Connection oriented

protocol. oriented protocol. protocol.

It has persistence TCP It has persistence It has persistence

connection. TCP connection. TCP connection.

Stateless protocol. Stateful protocol. Stateful protocol.

It is in band
It is in band protocol. It is in band protocol.
protocol.

Used at receiver
Not used at receiver side. Used at receiver side.
side.

Conclusion
SMTP is a fundamental part of email communication that allows messages to
be reliably transmitted between email servers. Despite its drawbacks, such
as security problems and the possibility of spam, SMTP is still widely used
due to its simplicity, efficiency, and broad support across various email
systems. Enhancements such as encryption and authentication may solve
some of its security issues, making it an appropriate choice for email delivery
in a variety of applications.

Frequently Asked Questions on SMTP – FAQs

What is the default port for SMTP?

The default port for Simple mail Transfer Protocol is port 25.

What is SMTP Relay? SMTP Relay can be basically defined as the process
of transferring emails from one server to another server.
Describe some common issues in SMTP Email Delivery.

Some common issues that appeared in SMTP Email Delivery is Blocked

Ports, Authrntication Problem, etc.

Internet Control Message Protocol (ICMP)

Internet Control Message Protocol is known as ICMP. The protocol is at the

network layer. It is mostly utilised on network equipment like routers and is
utilised for error handling at the network layer. Since there are various kinds
of network layer faults, ICMP can be utilised to report and troubleshoot these
errors.

Since IP does not have an inbuilt mechanism for sending error and control
messages. It depends on Internet Control Message Protocol(ICMP) to provide
error control. In this article, we are going to discuss ICMP in detail along with
their uses, messages, etc.

What is ICMP?
ICMP is used for reporting errors and management queries. It is a
supporting protocol and is used by network devices like routers for sending
error messages and operations information. For example, the requested
service is not available or a host or router could not be reached.

Since the IP protocol lacks an error-reporting or error-correcting

mechanism, information is communicated via a message. For instance, when
a message is sent to its intended recipient, it may be intercepted along the
route from the sender. The sender may believe that the communication has
reached its destination if no one reports the problem. If a middleman reports
the mistake, ICMP helps in notifying the sender about the issue. For example,
if a message can’t reach its destination, if there’s network congestion, or if
packets are lost, ICMP sends back feedback about these issues. This
feedback is essential for diagnosing and fixing network problems, making
sure that communication can be adjusted or rerouted to keep everything
running smoothly.

Uses of ICMP
ICMP is used for error reporting if two devices connect over the internet and
some error occurs, So, the router sends an ICMP error message to the source
informing about the error. For Example, whenever a device sends any
message which is large enough for the receiver, in that case, the receiver will
drop the message and reply to the ICMP message to the source.

Another important use of ICMP protocol is used to perform network

diagnosis by making use of traceroute and ping utility.

Traceroute: Traceroute utility is used to know the route between two devices
connected over the internet. It routes the journey from one router to another,
and a traceroute is performed to check network issues before data transfer.

Ping: Ping is a simple kind of traceroute known as the echo-request

message, it is used to measure the time taken by data to reach the
destination and return to the source, these replies are known as echo-replies
messages.

How Does ICMP Work?

ICMP is the primary and important protocol of the IP suite, but ICMP isn’t
associated with any transport layer protocol (TCP or UDP) as it doesn’t need
to establish a connection with the destination device before sending any
message as it is a connectionless protocol.

The working of ICMP is just contrasting with TCP, as TCP is a

connection-oriented protocol whereas ICMP is a connectionless protocol.
Whenever a connection is established before the message sending, both
devices must be ready through a TCP Handshake.

ICMP packets are transmitted in the form of datagrams that contain an IP

header with ICMP data. ICMP datagram is similar to a packet, which is an
independent data entity.

ICMP Packet Format

ICMP header comes after IPv4 and IPv6 packet header.

ICMPv4 Packet Format

In the ICMP packet format, the first 32 bits of the packet contain three fields:

Type (8-bit): The initial 8-bit of the packet is for message type, it provides a
brief description of the message so that receiving network would know what
kind of message it is receiving and how to respond to it. Some common
message types are as follows:

● Type 0 – Echo reply

● Type 3 – Destination unreachable
● Type 5 – Redirect Message
● Type 8 – Echo Request
● Type 11 – Time Exceeded
● Type 12 – Parameter problem
Code (8-bit): Code is the next 8 bits of the ICMP packet format, this field
carries some additional information about the error message and type.

Checksum (16-bit): Last 16 bits are for the checksum field in the ICMP
packet header. The checksum is used to check the number of bits of the
complete message and enable the ICMP tool to ensure that complete data is
delivered.

The next 32 bits of the ICMP Header are Extended Header which has the
work of pointing out the problem in IP Message. Byte locations are identified
by the pointer which causes the problem message and receiving device looks
here for pointing to the problem.

The last part of the ICMP packet is Data or Payload of variable length. The
bytes included in IPv4 are 576 bytes and in IPv6, 1280 bytes.

ICMP in DDoS Attacks

In Distributed DOS (DDoS) attacks, attackers provide so much extra traffic to
the target, so that it cannot provide service to users. There are so many ways
through which an attacker executes these attacks, which are described
below.

Ping of Death Attack

Whenever an attacker sends a ping, whose size is greater than the maximum
allowable size, oversized packets are broken into smaller parts. When the
sender re-assembles it, the size exceeds the limit which causes a buffer
overflow and makes the machine freeze. This is simply called a Ping of Death
Attack. Newer devices have protection from this attack, but older devices did
not have protection from this attack.

ICMP Flood Attack

Whenever the sender sends so many pings that the device on whom the
target is done is unable to handle the echo request. This type of attack is
called an ICMP Flood Attack. This attack is also called a ping flood attack. It
stops the target computer’s resources and causes a denial of service for the
target computer.

Smurf Attack

Smurf Attack is a type of attack in which the attacker sends an ICMP packet
with a spoofed source IP address. These type of attacks generally works on
older devices like the ping of death attack.

Types of ICMP Messages

Type Code Description

0 – Echo Reply 0 Echo reply

Destination network
0
unreachable
3 – Destination
Unreachable
Destination host
1
unreachable

Destination protocol
2
unreachable

Destination port
3
unreachable

Fragmentation is
4 needed and the DF flag
set

5 Source route failed

Redirect the datagram
0
for the network

Redirect datagram for

1
the host

5 – Redirect Message

Redirect the datagram

2 for the Type of Service
and Network

Redirect datagram for

3
the Service and Host

8 – Echo Request 0 Echo request

9 – Router
0
Advertisement
Use to discover the
addresses of
operational routers

10 – Router Solicitation 0

Time to live exceeded in

0
transit

11 – Time Exceeded

Fragment reassembly
1
time exceeded.

The pointer indicates an

0
error.

12 – Parameter
Problem

1 Missing required option

2 Bad length

Used for time

13 – Timestamp 0
synchronization

Reply to Timestamp
14 – Timestamp Reply 0
message

Source Quench Message

A source quench message is a request to decrease the traffic rate for

messages sent to the host destination) or we can say when receiving host
detects that the rate of sending packets (traffic rate) to it is too fast it sends
the source quench message to the source to slow the pace down so that no
packet can be lost.
Source Quench Message

ICMP will take the source IP from the discarded packet and inform the source
by sending a source quench message. The source will reduce the speed of
transmission so that router will be free from congestion.

Source Quench Message with Reduced Speed

When the congestion router is far away from the source the ICMP will send a
hop-by-hop source quench message so that every router will reduce the
speed of transmission.

Parameter Problem
Whenever packets come to the router then the calculated header checksum
should be equal to the received header checksum then only the packet is
accepted by the router.

Parameter Problem

If there is a mismatch packet will be dropped by the router.

ICMP will take the source IP from the discarded packet and inform the source
by sending a parameter problem message.

Time Exceeded Message

A notification with the subject line “Time Exceeded” is typically generated by

routers or gateways. You need to know what an IP header is in a packet in
order to comprehend this ICMP message in its entirety. The IP protocol
structure is covered in great detail in the section on IP Protocol, which is
freely available to our readers.

Destination Unreachable

The destination is unreachable and is generated by the host or its inbound

gateway to inform the client that the destination is unreachable for some
reason.
Destination Un-reachable

There is no necessary condition that only the router gives the ICMP error
message time the destination host sends an ICMP error message when any
type of failure (link failure, hardware failure, port failure, etc) happens in the
network.

Redirection Message

Redirect requests data packets are sent on an alternate route. The message
informs a host to update its routing information (to send packets on an
alternate route).

Example: If the host tries to send data through a router R1 and R1 sends
data on a router R2 and there is a direct way from the host to R2. Then R1
will send a redirect message to inform the host that there is the best way to
the destination directly through R2 available. The host then sends data
packets for the destination directly to R2.
The router R2 will send the original datagram to the intended destination.
But if the datagram contains routing information then this message will not
be sent even if a better route is available as redirects should only be sent by
gateways and should not be sent by Internet hosts.
Redirection Message

Whenever a packet is forwarded in the wrong direction later it is re-directed

in a current direction then ICMP will send a re-directed message.

For more, you can refer to Types of ICMP (Internet Control Message Protocol)
Messages.

Advantages of ICMP
● Network devices use ICMP to send error messages, and
administrators can use the Ping and Tracert commands to debug the
network.
● These alerts are used by administrators to identify issues with
network connectivity.
● A prime example is when a destination or gateway host notifies the
source host via an ICMP message if there is a problem or a change
in network connectivity that needs to be reported. Examples include
when a destination host or networking becomes unavailable, when
a packet is lost during transmission, etc.
● Furthermore, network performance and connection monitoring tools
commonly employ ICMP to identify the existence of issues that the
network team has to resolve.
● One quick and simple method to test connections and find the
source is to use the ICMP protocol, which consists of queries and
answers.

Disadvantages of ICMP
● If the router drops a packet, it may be due to an error; but, because
to the way the IP (internet protocol) is designed, there is no way for
the sender to be notified of this problem.
● Assume, while a data packet is being transmitted over the internet,
that its lifetime is over and that the value of the time to live field has
dropped to zero. In this case, the data packet is destroyed.
● Although devices frequently need to interact with one another, there
isn’t a standard method for them to do so in Internet Protocol. For
instance, the host needs to verify the destination’s vital signs to see
if it is still operational before transmitting data.

What is a Domain Name System(DNS)?

A Domain Name System (DNS) is a critical component of the Internet
infrastructure that plays a fundamental role in connecting users to websites,
services, and resources across the World Wide Web. It is essentially the
“phone book” of the internet, translating user-friendly domain names (like
www.example.com) into numerical IP addresses (such as 192.0.2.1) that
computers and network devices use to locate one another on the internet.
DNS (Domain Name System)

History of DNS
The development of the DNS can be traced back to the early days of
the internet, when it was a relatively small and tightly connected network
called ARPANET. In the early 1980s, ARPANET introduced a centrally
managed file called the “hosts.txt” file that mapped hostnames to IP
addresses. As the internet grew rapidly, this approach became
unmanageable.

In 1983, Paul Mockapetris and Jon Postel introduced the DNS as we know it
today through RFC 882 and RFC 883, providing a distributed and hierarchical
system for domain name resolution. This innovation paved the way for the
scalable and efficient DNS architecture that underpins the modern internet.

Different Types of DNS Servers

The DNS is organised hierarchically, with a structured naming system
to ensure that domain names are unique and globally resolvable. The key
components of the DNS system include:
● Domain Name: A domain name is a human-readable label that represents
a specific location or resource on the internet. Domain names are
structured as a hierarchy, with levels separated by dots (periods). For
example, “[www.example.com](http://www.example.com/)” has three
parts: “www” (subdomain), “example” (second-level domain), and “com”
(top-level domain)
● Top-Level Domain (TLD): TLDs are the highest level in the DNS hierarchy
and represent categories of domain names. Common examples include
“.com,” “.org,” “.net,” and country-code TLDs like “.uk” (United Kingdom)
and “.jp” (Japan). ICANN (Internet Corporation for Assigned Names and
Numbers) manages the assignment of TLDs.
● Domain Name Registrar: Registrars are organisations accredited by
ICANN to sell domain name registrations. They allow individuals and
organisations to reserve and manage domain names within specific TLDs.
● Authoritative Name Server: These are DNS servers that store and
manage the DNS records for a specific domain. For example,
“[ns1.example.com](http://ns1.example.com/)” might be the authoritative
name server for the “[example.com](http://example.com/)” domain.
● Recursive Resolver: These are DNS servers operated by internet service
providers (ISPs) or third-party DNS service providers. They are
responsible for receiving DNS queries from client devices and recursively
resolving domain names by querying authoritative name servers.
● Root Name Servers: At the top of the DNS hierarchy are 13 root name
servers maintained by various organisations worldwide. These servers
hold information about the TLDs and provide crucial pointers to
authoritative name servers for each TLD.
● Caching DNS Servers: These are typically provided by internet service
providers (ISPs) or used by individuals and organisations. Caching DNS
servers temporarily store DNS records they’ve recently looked up. When
a user queries a domain, these servers check their cache first before
querying authoritative DNS servers, which helps reduce DNS query load
● Forwading DNS Servers: These servers are configured to forward
DNS queries to other DNS servers instead of resolving themselves.
For example, an organization might use a forwarding DNS server to
send all DNS queries to their ISP’s DNS servers
● Load Balancing DNS Servers: These servers distribute DNS queries
across multiple IP addresses or server instances to balance traffic
load and improve the availability and performance of services.

DNS Server

Explanation of the entire process presented in the above

diagram

1. From user computer do a DNS query to ISP’s recursive DNS server:

When a user enters a domain name (e.g., www.example.com) into a web
browser, their computer sends a DNS query to their Internet Service
Provider’s (ISP) recursive DNS server. The recursive DNS server is
responsible for handling DNS queries on behalf of the user and tries to
resolve the domain name.

2. Do a DNS query to Root DNS server:

If the recursive DNS server doesn’t have the IP address for the requested
domain in its cache, it starts the resolution process by querying the root DNS
server.The root DNS server is the top-level server in the DNS hierarchy, and
it contains information about the authoritative DNS servers for top-level
domains (TLDs), such as “.com,” “.org,” “.net,” etc.

3. Ask .com server to ISP’s recursive DNS server:

The root DNS server responds to the recursive DNS server’s query with a
referral to the authoritative DNS server for the “.com” TLD.The recursive DNS
server then queries the “.com” TLD DNS server for the IP address of the
domain in question.

4. DNS query to Top Level domain DNS server “.com”:

The “.com” TLD DNS server, in response to the query from the recursive DNS
server, provides a referral to the authoritative DNS server responsible for the
specific domain, in this case, “example.com.”

5. Ask DYN server to ISP’s recursive DNS server:

The recursive DNS server queries the authoritative DNS server for
“example.com.” The authoritative DNS server for “example.com” is often a
Dynamic DNS (DYN) server that contains the specific DNS records for the
domain, such as A records (for IP addresses), MX records (for mail servers),
etc.

6. DNS query to Authoritative DYN DNS Server:

The authoritative DYN DNS server receives the query and looks up the
requested DNS record, such as the A record for “www.example.com.”

7. Authoritative response to ISP’s recursive DNS server:

The authoritative DYN DNS server responds to the recursive DNS server with
the requested DNS record, which includes the IP address associated with
“www.example.com.”

8. Response to user computer:

Finally, the recursive DNS server sends the IP address it received from the
authoritative DYN DNS server back to the user’s computer. The user’s
computer can then use this IP address to establish a connection to the web
server hosting “www.example.com.”

In summary, the DNS resolution process involves multiple steps, with

queries progressing from the user’s computer to the ISP’s recursive DNS
server, through the root and TLD DNS servers, and finally to the authoritative
DNS server for the specific domain, before returning the IP address to the
user’s computer for further communication. This process ensures that users
can access websites and services using human-readable domain names.
DNS Resolution Process
The DNS resolution process occurs in several steps when a user or device
attempts to access a website or resource by its domain name:

● Local DNS Cache: The client device (e.g., a computer or smartphone)

first checks its local DNS cache to see if it has recently resolved the
domain name. If the information is not cached or has expired, it
proceeds to the next step.
● Recursive Query: The client sends a DNS query to a recursive
resolver, typically provided by the ISP. The recursive resolver is
responsible for finding the IP address associated with the requested
domain name.
● Root Server Query: If the recursive resolver does not have the
requested information in its cache, it queries one of the 13 root
name servers. The root server responds with a referral to the
appropriate TLD name server based on the TLD of the requested
domain.
● TLD Server Query: The recursive resolver queries the TLD name
server for the domain. For example, if the request was for
“[www.example.com](http://www.example.com/),” the resolver
queries the “.com” TLD server. The TLD server responds with a
referral to the authoritative name server for
“[example.com](http://example.com/).”
● Authoritative Server Query: The recursive resolver queries the
authoritative name server for the specific domain, which holds the
most up-to-date IP address information for the domain.
● Response to Client: The authoritative name server sends the IP
address back to the recursive resolver, which, in turn, returns the
information to the client device. The client’s DNS cache is updated
with the resolved IP address for future use.
● Accessing the Resource: With the IP address obtained from DNS
resolution, the client device can establish a network connection to
the server hosting the resource (e.g., a website server).

Importance of DNS
DNS is a fundamental component of the internet for several reasons:

● Human-Readable Addresses: DNS allows users to access websites

and services using easy-to-remember domain names instead of
having to remember numerical IP addresses. This enhances
user-friendliness and accessibility.
● Scalability: DNS is designed to handle the immense growth of the
internet. Its hierarchical structure and distributed nature ensure
efficient and scalable domain name resolution.
● Load Balancing: DNS can be used to distribute traffic across
multiple servers by associating a domain name with multiple IP
addresses. This load balancing enhances the reliability and
performance of websites and services.
● Redundancy and Failover: DNS can be configured to provide
redundancy and failover capabilities. If one server or data centre
becomes unavailable, DNS can direct traffic to alternative resources.
● Global Reach: DNS is a global system, enabling users from
anywhere in the world to access websites and services by their
domain names. It plays a crucial role in making the internet truly
global.
● Security: DNS plays a role in security through techniques like
DNSSEC (DNS Security Extensions), which helps prevent DNS
spoofing and man-in-the-middle attacks.

Challenges and Vulnerabilities

While DNS is a robust system, it is not without its challenges and
vulnerabilities:

● DNS Cache Poisoning: Attackers may attempt to manipulate DNS

caches to redirect users to malicious websites. DNSSEC helps
mitigate this risk.
● DDoS Attacks: Distributed Denial of Service (DDoS) attacks can
target DNS infrastructure, causing service outages. DNS providers
must implement robust mitigation measures.
● Privacy Concerns: DNS queries can reveal user browsing habits.
Encrypted DNS protocols like DNS over HTTPS (DoH) and DNS over
TLS (DoT) aim to address privacy concerns.
● DNS Hijacking: Attackers may compromise DNS settings on routers
or devices to redirect traffic to malicious servers.
● DNS Amplification: DNS servers can be unwittingly used in DDoS
attacks as amplifiers, responding to small queries with large
responses.

The Future of DNS

The DNS landscape is continuously evolving to address emerging challenges
and improve its performance. Some notable developments include:

● DNS over HTTPS (DoH) and DNS over TLS (DoT): These protocols
encrypt DNS traffic, enhancing user privacy and security.
● DNSSEC Adoption: Wider adoption of DNSSEC helps prevent DNS
cache poisoning and enhances the trustworthiness of DNS
responses.
● IPv6 Transition: As IPv6 adoption grows, DNS plays a critical role in
mapping IPv6 addresses to domain names.
● Edge Computing: DNS is integral to the emerging field of edge
computing, where low-latency access to resources is crucial.
● Blockchain and Decentralization: Some initiatives explore
blockchain-based DNS systems to increase resilience and reduce
centralization.
● Zero Trust Networking: DNS is a foundational component of
zero-trust networking models that enhance security by
authenticating and authorizing every network request.

Conclusion

The Domain Name System (DNS) is the unsung hero of the internet, silently
working behind the scenes to make the web accessible and user-friendly. It
has a rich history, a complex yet elegant structure, and immense importance
in today’s digital age. Despite its challenges and vulnerabilities, DNS
continues to evolve to meet the changing needs and demands of the internet,
ensuring that users can access the vast array of online resources with ease
and confidence. As the internet continues to grow and evolve, so too will the
Domain Name System, adapting to new technologies and security threats
while remaining a cornerstone of online communication and connectivity.

ARP Protocol

ARP (Address Resolution Protocol) is an important protocol that plays

an important role in the networking world. When working with your network
systems, this protocol helps to identify specified network devices and find
their addresses. Its main purpose is to duly transport data packets over the
network, allowing them to move between devices connected to your heritage
network.
In this article, we will give you information about the introductory
principles of ARP protocol, how it works, and its significance. We’ll also tell
you why ARP is important and how it can be used in your networking
systems. Through this article, you’ll gain deep knowledge of ARP protocol
and make your place in the world of networking.

What is the ARP Protocol?

ARP stands for “Address Resolution Protocol”. It is a network protocol used
to determine the MAC address (hardware address) from any IP address.

In other words, ARP is used to mapping the IP Address into MAC Address.
When one device wants to communicate with another device in a LAN (local
area network) network, the ARP protocol is used.

This protocol is used when a device wants to communicate with another

device over a local area network or ethernet.

ARP is a network layer protocol. This is a very important protocol in the

TCP/IP protocol suite. Although it was developed in the early 80s, it was
defined in RFC 826 in 1982. ARP is implemented with important
technologies like IPv4, X.25, frame relay, and ATM.

ARP protocol finds the MAC address based on IP address. IP address is used
to communicate with any device at the application layer. But to communicate
with a device at the data link layer or to send data to it, a MAC address is
required.

When data is sent to a local host, the data travels between networks via IP
address. But to reach that host in LAN, it needs the MAC address of that
host. In this situation the address resolution protocol plays an important role.

Important ARP Terms

● ARP Cache :- After receiving the MAC address, ARP passes it to the
sender where it is stored in a table for future reference. And this is
called ARP Cache which is later used to obtain the MAC address.
● ARP Cache Timeout :- This is the time in which the MAC address
can remain in the ARP Cache.
● ARP request :- Broadcasting a packet over the network to verify
whether we have arrived at the destination MAC address.
● ARP response/reply :- It is a MAC address response that the sender
receives from the receiver which helps in further communication of
data.

Types of ARP
There are four types of ARP protocol they are as follows:-

1. Proxy ARP
2. Gratuitous ARP
3. Reverse ARP
4. Inverse ARP

1. Proxy ARP

This is a technique through which proxy ARP in a network can answer ARP
queries of IP addresses that are not in that network. That is, if we understand
it in simple language, the Proxy server can also respond to queries of
IP-addresses of other networks.

Through this we can fool the other person because instead of the MAC
address of the destination device, the MAC address of the proxy server is
used and the other person does not even know.

2. Gratuitous ARP
This is an arp request of a host, which we use to check duplicate
ip-addresses. And we can also use it to update the arp table of other devices.
That is, through this we can check whether the host is using its original
IP-address, or is using a duplicate IP-address.

This is a very important ARP. Which proves to be very helpful in protecting

us from the wrong person, and by using it we can check the ip-address.

3. Reverse ARP

This is also a networking protocol, which we can use through a client

computer. That is, it is used to obtain information about one’s own network
from the computer network. That is, if understood in simple language, it is a
TCP/IP protocol which we use to obtain information about the IP address of
the computer server.

That is, to know the IP address of our computer server, we use Reverse ARP,
which works under a networking protocol.

4. Inverse ARP (InARP)

Inverse ARP, it is the opposite of ARP, that is, we use it to know the IP
address of our device through MAC Address, that is, it is such a networking
technology, through this we convert MAC Address into IP address. Can
translate. It is mainly used in ATM machines.

How ARP Protocol Works?

Below is a Working flow diagram of ARP Protocol
ARP Protocol

Below is the working of address resolution protocol is being explained in

some steps :-

● When a sender wants to communicate with a receiver, the sender

first checks its ARP cache. Sender checks whether the receiver’s
MAC address is already present in the ARP cache or not?
● If the receiver’s MAC address is already present in the ARP cache,
the sender will communicate with the receiver using that MAC
address.
● If the MAC address of the receiver device is not already present in
the ARP cache, then in such a situation an ARP request message is
prepared by the sender device.This message contains the MAC
address of the sender, IP address of the sender and IP address of
the receiver. The field containing the MAC address of the receiver is
left blank because it is being searched.
● Sender device broadcasts this ARP request message in the LAN.
Because this is a broadcast message, every device connected to the
LAN receives this message.
● All devices match the receiver IP address of this request message
with their own IP address. Devices whose IP address does not
match drop this request message.
● The device whose IP address matches the receiver IP address of this
request message receives this message and prepares an ARP reply
message. This is a unicast message which is sent only to the sender.
● In ARP reply message, the sender’s IP address and MAC address
are used to send the reply message. Besides, in this message the
receiver also sends its IP address and MAC address.
● As soon as the sender device receives this ARP reply message, it
updates its ARP cache with the new information (Receiver’s MAC
address). Now the MAC address of the receiver is present in the
ARP cache of the sender. The sender can send and receive data
without any problem.

Message Format of ARP Protocol

Messages are sent to find the MAC address through ARP(address resolution
protocol). These messages are broadcast to all the devices in the LAN. The
format of this message is being shown in the diagram below :
Message format of ARP

All the fields given in ARP message format are being explained in detail
below:-

● Hardware Type: The size of this field is 2 bytes. This field defines
what type of Hardware is used to transmit the message. The most
common Hardware type is Ethernet. The value of Ethernet is 1.
● Protocol Type: This field tells which protocol has been used to
transmit the message. substantially the value of this field is 2048
which indicates IPv4.
● Hardware Address Length: It shows the length of the tackle address
in bytes. The size of the Ethernet MAC address is 6 bytes.
● Protocol Address Length: It shows the size of the IP address in
bytes. The size of the IP address is 4 bytes.
● OP law: This field tells the type of message. If the value of this field
is 1 also it’s a request message and if the value of this field is 2 also
it’s a reply message.
● Sender Hardware Address: This field contains the MAC address of
the device transferring the message.
● Sender Protocol Address: This field contains the IP address of the
device transferring the message.
● Target Hardware Address: This field is empty in the request
message. This field contains the MAC address of the entering
device.
● Target Protocol Address: This field contains the IP address of the
entering device.

Advantages of ARP Protocol

There are many Advantages of the ARP protocol but below we have told you
about some important advantages.

● By using this protocol we can easily find out the MAC Address of
the device.
● There is no need to configure the end nodes at all to extract the
MAC address through this protocol.
● Through this protocol we can easily translate IP addresses into MAC
Addresses.
● There are four main types of this protocol. Which we can use in
different ways, and they prove to be very helpful.

FAQs On ARP Protocol

Q.1: What’s ARP protocol?

Answer:
The ARP protocol is a network dispatches(communication) protocol that
establishes a mapping between IP addresses and MAC addresses. This
allows one device to know the MAC address of another device when it wants
to communicate with the other device. The ARP protocol works on a Local
area network( LAN).

Q.2: What’s ARP Cache?

ARP Cache is a table in a device’s memory where the mapping of IP

addresses and their corresponding MAC addresses is stored. This device can
rapidly find out the MAC address for communication, without which ARP
requests don’t have to be transferred every time. The entry in ARP Cache
remains valid for a limited time and is refreshed from time to time.

Q.3: What’s ARP Poisoning and what are its consequences?

ARP Poisoning is a cyber attack methodology where an attacker can change

the MAC address mapping of other biases by transferring fake ARP packets
in the network. With this the attacker can block network congestion and
steal sensitive information. This affects network security and network head
(directors) must remain watchful to help(prevent) similar damage.

What is Time-To-Live (TTL)?

Time-to-live in networking refers to the time limit imposed on the data
packet to be in-network before being discarded. It is an 8-bit binary value set
in the header of Internet Protocol (IP) by the sending host. The purpose of a
TTL is to prevent data packets from being circulated forever in the network.
The maximum TTL value is 255. The value of TTL can be set from 1 to 255
by the administrators.

The usage of TTL in computing applications lies in the performance

improvement and management of data caching. It also finds its use in
Content Delivery Network (CDN) caching and Domain Name System (DNS)
caching.

The default time-to-live (TTL) values for Windows and Linux are:
● Windows: Typically 126–128
● Linux: Typically 62–64

How Time-To-Live (TTL) Works?

The number of hops a packet travels before being discarded by a network is
known as the time to live (TTL) or hop limit. The maximum range for packets
is indicated by TTL values.

● The sending host sets the initial TTL value as an eight-binary digit
field in the packet header.
● The datagram’s TTL field is set by the sender and reduced by each
router along the path to its destination.
● The router reduces the TTL value by at least one while forwarding
IP packets.
● When the packet TTL value hits 0, the router discards it and sends
an ICMP message back to the originating host.
● This system ensures that a packet moving via the network is
dropped after a set amount of time, rather than looping indefinitely.
Working of TTL

Thus, using the TTL value there is a restriction on the duration for which the
data exists on the network. Furthermore, it also helps to find out the period
of data for which it has been on the network and how long it will be on the
network.

Example of TTL
In the scenario below, Host A wishes to interact with Host B using a ping
packet. Host A uses a TTL of 255 in the ping and transmits it to Router A, its
gateway. When Router A notices that the packet is going for a layer 3 i.e.
Network layer, it hops to Router B, reduces the TTL by 255 – 1 = 254, and
delivers it to Router B. Router B and Router C decrement the TTL in the same
way. Router B decrements TTL in a packet from 254 to 253 and Router C
decrements the TTL from 253 to 252. The ping packet TTL is decreased to
252 when it reaches Host B.

TTL Example

Whenever TTL reaches the value of zero, TTL=0 then the packet is discarded
by the router, and the Time Exceeded Error message is sent to the originating
host.

Time-To-Live (TTL) in DNS

DNS TTL refers to the time taken by DNS for caching a record. In other
words, the duration for which a DNS record is to be kept or the time it takes
for a DNS record to be returned from the cache is referred to as time-to-live.
It is a numerical value set in a DNS record on the domain’s authoritative
domain name server.

It specifies the number of seconds for which a cache server can provide the
record’s cached value. When the set time has elapsed since the previous
refresh, the caching server will contact the authoritative server to obtain the
current and possibly updated value for the record.

Time-To-Live (TTL) in HTTP

TTL is measured in seconds and is set by HTTP headers such as the
Cache-Control header. If the value is set to “Cache-Control: max-age=60”
then it implies refreshing a given resource every 60 seconds before the time
to live is surpassed. The setting “max-age=0,” implies that the resource
should not be cached at all.

Time to live field has a direct impact on page load time (cached data loads
faster) and content freshness on your site (i.e., data cached for too long can
become stale).

TTLs should be configured as follows to ensure that your visitors only see the
most recent version of your website:

● For static content like images, documents, etc., a longer TTL value is
set as they rarely get updated.
● For dynamic content such as HTML files, it is difficult to set TTL
values. To exemplify, the comment section of a website frequently
changes and its refresh time cannot be predicted at all if a user is
permitted to modify the existing posts also then caching is not a
recommended practice.

What is Time-To-Live (TTL) exceeded?

IP packets delivering web HTTP traffic over TCP (Transmission Control
Protocol) that have travelled too many network hops are referred to as TTL
exceeded. When this situation arises then each router Each router reduces
the TTL field of IP packets sent over the network until it reaches 0. The router
then drops the IP packet and sends an ICMP packet with a TTL exceeded
error code to the sending host.

Application of Time-To-Live (TTL)

The TTL value is used in the network utilities such as ping, traceroute, and
pathping.

● The ping command is used to test the reachability of the destination

computer. In other words, it verifies whether the communication can
take place between the source and destination computer or a
networked device. It works by sending ICMP Echo request messages
to the target computer and then waiting for the response. The
execution of the ping command gives two important pieces of
information: how many responses are returned and how long it
takes for them to return.

ping command
● The tracert/traceroute command is used to trace the path between
two devices. There are multiple routers in the path using which
connection is established. So, it will provide the names or IP
Addresses of routers existing in the path of two connecting devices.

tracert command

● In Internet Protocol (IP) multicast, TTL may have control over the
packet forwarding scope or range.
○ 0 is restricted to the same host
○ 1 is restricted to the same subnet
○ 32 is restricted to the same site
○ 64 is restricted to the same region
○ 128 is restricted to the same continent
○ 255 is unrestricted
● TTL is also employed in caching for Content Delivery Networks
(CDNs). TTLs are used herein for specifying the duration of serving
cached information until a new copy is downloaded from an origin
server. A CDN can offer updated content without requests
propagating back to the origin server if the time between origin
server pulls is properly adjusted. This accumulative effect enables a
CDN to efficiently offer information closer to a user while minimizing
the amount of bandwidth required at the origin.

● TTL is also employed in caching for Domain Name Systems (DNS).

TTL is a numerical value that refers to the duration used herein by
the DNS Cache server for serving a DNS record before contacting
the authoritative server to get a new copy.

Time Limit or Hop Limit in TTL?

In IPv6, it is known as hop limit and in IPv4, it is known as TTL. The Hop field
is the same as the TTL field in IPv4.

The hop count function is necessary for network operation. It prevents

networks from collapsing as a result of packets looping indefinitely.
Transport protocols like TCP use the time limit function to ensure that data is
transferred reliably.

Even if the elapsed time was significantly less than a second, every router
that handles a packet must reduce the TTL by at least one. In this
perspective, Time-to-Live serves as a hop counter. So, it puts a limit on how
far a datagram can propagate via the Internet.
When a packet is forwarded, the TTL must be reduced by at least one. It may
decrease the TTL by one for each second it retains a packet for longer than
one second. Time-to-Live is used as a time counter in this manner.

Common TTL Values

Normally, the TTL value is 86400 seconds or 24 hours. MX and CNAME
records, on the other hand, can have a longer TTL because they are expected
to change infrequently. It is recommended that you set TTL to 1 hour if your
service is vital (3600 seconds). Shorter TTLs can put a strain on an
authoritative name server, but they can be advantageous when changing the
address of key services like web servers or MX records. As a result, DNS
administrators often reduce TTLs before moving services to avoid
interruptions.

Additional Uses of TTL

● TTL is used in IoT networks to manage the lifespan of the messages
to stop outdated messages from circulating in the network.
● TTL is used to prevent routing loops in routing protocols by using
hop count limit which ensures that the information does not
propagate indefinitely.
● It helps manage the network load in P2P network and prevents the
requests from propagating endlessly.
● TTL is used to manage the duration of VPN sessions by terminating
the connection after a predetermined time.
● It provides a set time limit for validation of transactions in
blockchain.

Conclusion
In conclusion, we learn that TTL is concept that sets a time limit in a network
to ensure that data packets are do not circulate indefinitely which helps in
improving network performance, managing data caching and enhancing
security of the network. It helps in managing and optimizing network traffic. It
plays a important role in routing protocols, IoT, mobile network, and various
other applications.

Frequently Asked Questions on Time-To-Live – FAQs

Which of the following fields of an header is/are always modified by any
router before it forwards the packet?

Time to Live (TTL) and Header Checksum field is always updated

How does TTL contribute to network performance?

TTL helps in maintaining better network performance by limiting the lifespan

of data packets to reduces unnecessary traffic, managing cache duration.

How does TTL affect DNS caching?

In DNS caching, TTL specifies the amount of time a DNS record should be
kept in the cache before querying the authoritative server for an updated
record. It helps in maintaining the accuracy and authenticity of DNS data.

What happens if the value of TTL becomes zero?

The TTL value becomes zero when the packet is discarded by the router, and
a Time Exceeded message is sent back to the original host.

What is a Network Switch and How Does it Work?

The Switch is a network device that is used to segment the networks
into different subnetworks called subnets or LAN segments. It is responsible
for filtering and forwarding the packets between LAN segments based on
MAC address.

Switches have many ports, and when data arrives at any port, the destination
address is examined first and some checks are also done and then it is
processed to the devices. Different types of communication are supported
here like unicast, multicast, and broadcast communication.

Features of Network Switches

● It operates in the Data Link Layer in the OSI Model.
● It performs error checking before forwarding data.
● It transfers the data only to the device that has been addressed.
● It operates in full duplex mode.
● It allocates each LAN segment to a limited bandwidth.
● It uses Unicast (one-to-one), multicast (one-to-many), and
broadcast (one-to-all) transmission modes.
● Packet-switching techniques are used to transfer data packets from
source to destination.
● Switches have a more significant number of ports.

Why Are Network Switches Valuable?

Switches are one of the most important things for transferring information
between different endpoints. Some of the benefits are mentioned below.

● Switches have full-duplex communication which helps in making

effective use of bandwidth.
● Switches help to provide a wired connection to printers, IoT devices,
wireless points, and many more devices.
● IoT Devices send data through Network Switches that help in
making smarter surroundings with the help of Artificial Intelligence.
● Network Devices are made with the help of Switches that carry a
large number of traffic in telecommunication.

Types of Switches
Switches are mainly classified into the following types that are mentioned
below.

● Virtual Switches: Virtual Switches are the switches that are inside
Virtual Machine hosting environments.
● Routing Switches: These are the switches that are used to connect
LANs.They also have the work of performing functions in the
Network Layer of the OSI Model.
● Unmanaged Switches: Unmanaged Switches are the devices that
are used to enable Ethernet devices that help in automatic data
passing. These are generally used for home networks and small
businesses. In case of the requirement of more switches, we just add
more switches by plug and play method.
● Managed Switches: Managed Switches are switches having more
complex networks. SNMP (Simple Network Management Protocol)
can be used for configuring managed switches. These types of
switches are mostly used in large networks having complex
architecture. They provide better security levels and precision
control but they are more costly than Unmanaged switches.
● LAN Switches: LAN (Local Area Network) Switches are also called
ethernet switches or data switches. LAN switches always try to
avoid overlapping of data packets in the network just by allocating
bandwidth in such a manner.
● PoE Switches: Power over Ethernet(PoE) are the switches used in
Gigabit Ethernets. PoE help in combining data and power
transmission over the same cable so that it helps in receiving data
and electricity over the same line.
● Smart Switches: Smart Switches are switches having some extra
controls on data transmissions but also have extra limitations over
managed Switches. They are also called partially managed
switches.
● Stackable Switches: Stackable switches are connected through a
backplane to combine two logical switches into a single switch.
● Modular Switches: These types of switches help in accommodating
two or more cards. Modular switches help in providing better
flexibility.

What is a Layer 2 Switch?

A Layer 2 switch operates at Layer 2 of OSI model, which is the Data Link
Layer. The switch forwards data packets depending on the devices’ MAC
(Media Access Control) addresses that are in its network. Most commonly
they are found in Local Area Networks (LAN) where their main purpose
includes providing different collision domains while reducing congestion
within that network .To enable delivery of this data to specific destination
layer II switches find out appropriate port for these packets on MAC basis.

What is a Layer 3 Switch?

A Layer 3 Switch is identical to an ordinary switch in its operation with a
router at the same time, working at both data link layer (Layer 2) and
network layer (Layer 3) under the Open Systems Interconnection model.
Layer 3 switches can route packets between diverse subnets or VLANs
(virtual LANs) with the application of IP addresses, similar to the manner in
which networking devices called routers handle them. Hence they are
suitable for big-sized networks necessitating fast switching together with
routing abilities.

What is an Unmanaged Switch?

A basic, plug-and-play network device called unmanaged switch permits
automatic communication between Ethernet devices. Where the network
design is uncomplicated and there is no need for intricate settings,
unmanaged switches are mostly found in home networks or small
businesses. They do not include any configuration choices or advanced
functions thus they are convenient to install and use.

What is a Managed Switch?

A managed switch has more sophisticated functionalities and elevated
authority on network configurations as opposed to an unmanaged one. They
let the net admins set up, manage and observe their net working so as to
enhance its effectiveness and safeguard it against possible hacks or any
other form of interference. Managed switches also provide remote alterations
through SNMP (Simplified Network Management Protocol). Other different
protocols such as VLANs, QoS (Quality of Service), and redundancy
alternatives are supported by such switches too.

How Does a Network Switch Works?

When the source wants to send the data packet to the destination, the
packet first enters the switch and the switch reads its header and finds the
MAC address of the destination to identify the device then it sends the packet
out through the appropriate ports that lead to the destination devices.

Switch establishes a temporary connection between the source and

destination for communication and terminates the connection once the
conversation is done. Also, it offers full bandwidth to network traffic going to
and from a device simultaneously to reduce collision.

How Does a Network Switch Works?

Switching Techniques
Switching techniques are used to decide the best route for data transmission
between source and destination. These are classified into three categories :

● Circuit Switching
● Message Switching
● Packet Switching

How To Set Up a Network Switch?

There are different kinds of switches that work according to the tasks
defined. For a small network LAN, or for a home network, a network switch is
used by plugging into a port of the router. Below mentioned are the steps
which are used in setting up network switches.

Step 1: Switch has to be bought as per the requirement of the network.

Step 2: The switch port has to be connected directly to the router using the
cable. Generally, if there is an uplink port present in the switch, the wire
should be connected to that port, if the uplink power is not present, then the
wire has to be connected to any port of the router.

Step 3: After proper connection, the IP addresses of devices are configured.

Difference Between Network Switch and Router

Network Switch Router

The router is primarily a
Network Switch works on Layer 2 of the
device of Layer 3 of the OSI
OSI Model.
Model.

The resource is shared among multiple Data is moved between two

devices with the help of a single LAN or more computers with the
using a network switch. help of a router.

Network switches uses data frames. Routers use data packets.

Switches only work in a Wired network Router works with both

connection. wired and wifi networks.

Switches use MAC Addresses for

Routers use IP Addresses for
transferring data to the proper
the same work.
destination.

Uses of Network Switches

Network Switches are an important part of Network communication. Some of
the use cases are mentioned below.

● Network switches help provide automatic link connections that

remove time-consuming settings and provide easy access to
network devices.
● Switches provide a better, more secure, reliable network having
more control over data.
● Generally, switches work in full duplex mode, which helps in
continuous data transmission and that improves better connectivity.
● As MAC Address is used for the devices connected to it, that helps
in the delivery of messages to only the required destination, not
everywhere.
● Network Switches work for home networks or local networks where
streaming works are performed regularly.

Difference between Network Switch and Hub

Network Switch Hub

Network Switch is a device of layer 2 Hub is a physical device of

of the OSI Model. Layer 1 of the OSI Model.
Network Switch is a little more Hub is a simple device as
complex than a Hub. compared to Network Switch.

Network Switch easily manages data

Communication Collisions
in and out, hence less communication
usually happen in a Hub.
collision.

The main task of Hub is to

Network Switches transfer data
connect all nodes of the
together by connecting devices.
network.

Switches prevent collision with the Hubs cannot help in

help of Ethernet frames. preventing collisions.

Advantages of Switches
● Prevents traffic overloading in a network by segmenting the
network into smaller subnets.
● Increases the bandwidth of the network.
● Less frame collision as the switch creates the collision domain for
each connection.
Disadvantages of Switches
● It can not stop traffic destined for a different LAN segment from
traveling to all other LAN segments.
● Switches are more expensive.

Conclusion
In contemporary networking, it is essential to use network switches because
of efficient information flow between machines on Local Area Network.
Depending on the needs of a certain organization with varying networking
requirements, they can select among different types of switches ranging from
simple non-managed types to sophisticated managed types. When talking
about the role of networking and the need for layers 2 and 3 switches, one
cannot ignore their importance as far as connection separation as well as
routing is concerned. Also, there are other features like Power over Ethernet
(PoE) and modularity that give more flexibility in case an application requires
something specific.

Frequently Asked Questions on Network Switch – FAQs

What is the difference between a Layer 2 and a Layer 3 switch?

A Layer 2 switch operates at the Data Link Layer and forwards data based on
MAC addresses, while a Layer 3 switch operates at both the Data Link Layer
and the Network Layer, using IP addresses to route data between different
subnets or VLANs.
Can I use an unmanaged switch in a large network?

While unmanaged switches are easy to use, they lack advanced features and
control, making them unsuitable for large or complex networks. Managed
switches are recommended for such environments.

What are the advantages of using a managed switch?

Managed switches offer greater control over network traffic, improved

security, and advanced features such as VLANs and QoS, making them ideal
for larger, more complex networks.

How does a Layer 3 switch differ from a router?

While both Layer 3 switches and routers perform routing functions, Layer 3
switches combine high-speed switching with routing capabilities, often used
within LANs for inter-VLAN routing. Routers are typically used to connect
different networks or for WAN connections.

What is the purpose of PoE (Power over Ethernet) switches?

PoE switches provide both power and data over a single Ethernet cable,
simplifying the installation of devices like IP cameras, wireless access points,
and VoIP phones without the need for separate power supplies.

Introduction of a Router
Network devices are physical devices that allow hardware on a
computer network to communicate and interact with one another. For
example Repeater, Hub, Bridge, Switch, Routers, Gateway, Router, and NIC,
etc.

What is a Router?
A Router is a networking device that forwards data packets between
computer networks. One or more packet-switched networks or subnetworks
can be connected using a router. By sending data packets to their intended IP
addresses, it manages traffic between different networks and permits several
devices to share an Internet connection.

Let us understand this by a very general example, suppose you search for
www.google.com in your web browser then this will be a request that will be
sent from your system to Google's server to serve that webpage, now your
request which is nothing but a stream of packets don't just go to the google`s
server straight away they go through a series of networking devices known
as a router which accepts this packets and forwards them to correct path and
hence it reaches to the destination server. A router has several interfaces by
which it can connect to several host systems. Routers are the devices that are
operated on the Network Layer of the OSI Model, these are the most
common devices used in networking.

Router
How Does Router Work?
● A router determines a packet’s future path by examining the
destination IP address of the header and comparing it to the routing
database. The list of routing tables outlines how to send the data to
a specific network location. They use a set of rules to determine the
most effective way to transmit the data to the specified IP address.
● To enable communication between other devices and the internet,
routers utilise a modem, such as a cable, fibre, or DSL modem. Most
routers include many ports that can connect a variety of devices to
the internet simultaneously. In order to decide where to deliver data
and where traffic is coming from, it needs routing tables.
● A routing table primarily specifies the router’s default path. As a
result, it might not determine the optimum path to forward the data
for a particular packet. For instance, the office router directs all
networks to its internet service provider through a single default
channel.
● Static and dynamic tables come in two varieties in the router. The
dynamic routing tables are automatically updated by dynamic
routers based on network activity, whereas the static routing tables
are configured manually.
Router
Network

Types of Router
There are several types of routers. Some of them are mentioned below:

1. Broadband Routers: These are one of the important kinds of routers.

It is used to do different types of things. it is used to connect
computers or it is also used to connect to the internet.
2. Wireless routers: These routers are used to create a wireless signal
in your office or home.
3. Wired Routers: Wired Router is used to connects multiple wired
devices using a Ethernet cable, It takes the transmission data from
the modem and distribute it to a further network, it is widely used in
schools and small offices.
4. Edge Routers: As the name indicates, these are located at the edges
usually connected to an Internet Service Provider, and distribute
packets across multiple packets.
5. Core Routers: Core routers distribute packets within the same
network. The main task is to carry heavy data transfers.
6. Virtual Router: They are implemented using a software on the
virtual machine , and they are more flexible and scalable.
7. Portable Routers: They are used to create private Wi-Fi and hence
designed for easy portability.

Functions of Router
The router performs below major functions:

1. Forwarding: The router receives the packets from its input ports,
checks its header, performs some basic functions like checking
checksum, and then looks up to the routing table to find the
appropriate output port to dump the packets onto, and forwards the
packets onto that output port.
2. Routing: Routing is the process by which the router ascertains what
is the best path for the packet to reach the destination, It maintains a
routing table that is made using different algorithms by the router
only.
3. Network Address Translation (NAT): Routers use NAT to translate
between different IP address ranges. This allows devices on a
private network to access the internet using a single public IP
address.
4. Security: Routers can be configured with firewalls and other security
features to protect the network from unauthorized access, malware,
and other threats.
5. Quality of Service (QoS): Routers can prioritize network traffic based
on the type of data being transmitted. This ensures that critical
applications and services receive adequate bandwidth and are not
affected by lower-priority traffic.
6. Virtual Private Network (VPN) connectivity: Routers can be
configured to allow remote users to connect securely to the network
using a VPN.
7. Bandwidth management: Routers can be used to manage network
bandwidth by controlling the amount of data that is allowed to flow
through the network. This can prevent network congestion and
ensure that critical applications and services receive adequate
bandwidth.
8. Monitoring and diagnostics: Routers can be configured to monitor
network traffic and provide diagnostics information in the event of
network failures or other issues. This allows network administrators
to quickly identify and resolve problems.

Architecture of Router
A generic router consists of the following components:

1. Input Port: This is the interface by which packets are admitted into
the router, it performs several key functions as terminating the
physical link at the router, this is done by the leftmost part in the
below diagram, and the middle part does the work of interoperating
with the link-layer like decapsulation, in the last part of the input
port the forwarding table is looked up and is used to determine the
appropriate output port based on the destination address.
2. Switching Fabric: This is the heart of the Router, It connects the
input ports with the output ports. It is kind of a network inside a
networking device. The switching fabric can be implemented in
several ways some of the prominent ones are:
● Switching via memory: In this, we have a processor which
copies the packet from input ports and sends it to the
appropriate output port. It works as a traditional CPU with
input and output ports acting as input and output devices.
● Switching via bus: In this implementation, we have a bus
that connects all the input ports to all the output ports. On
receiving a packet and determining which output port it
must be delivered to, the input port puts a particular token
on the packet and transfers it to the bus. All output ports
can see the packets but they will be delivered to the output
port whose token has been put in, the token is then
scraped off by that output port and the packet is forwarded
● Switching via interconnection network: This is a more
sophisticated network, here instead of a single bus we use
a 2N bus to connect n input ports to n output ports.
3. Output Port: This is the segment from which packets are transmitted
out of the router. The output port looks at its queuing buffers (when
more than one packets have to be transmitted through the same
output port queuing buffers are formed) and takes packets, does link
layer functions, and finally transmits the packets to an outgoing link.
4. Routing Processor: It executes the routing protocols, and it works
like a traditional CPU. It employs various routing algorithms like the
link-state algorithm, distance-vector algorithm, etc. to prepare the
forwarding table, which is looked up to determine the route and the
output port.
Architecture of Router

Security Challenges in Router

There are several challenges faced by the router, due to which an
unauthorized access is taken by another party. Here below are some security
challenges in router:

1. Vulnerability Exploits

Firmware is automatically installed on all hardware-based routers to assist

the operation of the router. Like any other programme, router firmware
frequently has flaws that hackers could use against it. Vendors of routers
usually release updates to fix these flaws. Router firmware needs to be
updated on a frequent basis as a result. Attackers have the ability to monitor
traffic on unpatched routers and utilise them as part of a botnet.

2. DDoS Attacks

Distributed Denial-Of-Service (DDoS) attacks against network infrastructure

frequently target both large and small organisations. Network outages can
be caused by unmitigated network layer DDoS attacks, which can overload
routers or bring them down. Using Cloudflare Magic Transit is one way to
defend networks and routers against DDoS attacks of this nature.

3. Administration Credentials

To carry out administration tasks, a set of admin credentials is included with

every router. The default values for these credentials are “admin” for the
username and “admin” for the password. As soon as possible, change the
username and password to something more secure since, if they are not
changed, attackers can use them to remotely take over the router. They are
aware of the typical default values for these credentials.

Advantages of Router
● Easier Connection: Sharing a single network connection among
numerous machines is the main advantage of router. This enables
numerous people to connect to the internet, boosting total
productivity. In addition, routers have connections between various
media and network designs.
● Security: Undoubtedly, installing a router is the first step in securing
a network connection. Because using a modem to connect directly to
the internet exposes your computer to several security risks. So that
the environment is somewhat secure, routers can be utilized as an
intermediary between two networks. While not a firewall or
antivirus replacement.
● NAT Usage: Routers use Network Address Translation (NAT) to map
multiple private IP addresses into one public IP address. This allows
for a better Internet connection and information flow between all
devices connected to the network.
● Supports Dynamic Routing: The router employs dynamic routing
strategies to aid in network communication. The internet work’s
optimum path is chosen through dynamic routing. Additionally, it
creates collision and broadcast domains. Overall, this can lessen
network traffic.
● Filtering of Packets: Switching between packets and filtering
packets are two more router services. A collection of filtering rules
are used by routers to filter the network. The packets are either
allowed or passed through.

Disadvantages of Router
● Slower: Routers analyze multiple layers of information, from the
physical layer to the network layer, which slows down connections.
The same issue can also be encountered when multiple devices are
connected to these network devices, causing “connection waiting”.
● High Cost: They are more expensive than some other tools for
systems administration. This includes security, extension, and the
focal point. As a result, routers are typically not the greatest option
for issues.
● Need for configuration: The router must be properly configured to
work properly. In general, the more complex the intended use, the
more configuration is required. This requires professional
installation, which can add to the cost of buying a router.
● Quality Issues: The time transitions are not always accurate. Even
yet, some modern devices use the 2.4GHz band, which is frequently
deactivated. These kinds of separations are frequently possible for
those who live in apartments and condominiums.
● Bandwidth shortages: Dynamic routing techniques used by routers
to support connections tend to cause network overhead, consuming
a lot of bandwidth. This leads to a bandwidth shortage that
significantly slows down the internet connection between
connected devices.
Applications of Router
There are several applications of router because nowadays routers are widely
used in most of the networking communication for better communication:

● Hardware equipment, such as servers from BSC, MGW, IN, SGSN,

and other remote location networks, is connected to these networks
via routers.
● It is utilised in both wired and wireless communication since it
supports a high speed of data transmission due to its utilisation of
STM connections for connectivity.
● Routers are frequently used by internet service providers to transfer
data, such as audio, video, image, and email, from one location to
another. Additionally, it can transmit data globally by utilising the
destination’s IP address.
● Routers provide access control. It can be set up so that some users
can access all of the data while others can access just a subset of it.

Routing Protocol
The router can recognise other routers on the network and decide on a
dynamic basis where to deliver all network messages through the routing
protocol. Several protocols exist, some of which are listed below:

● Open Shortest Path First: As packets travel across several networks,

it is utilised to determine the optimal path for them to take in order
to arrive at their destination.
● Border Gateway Protocol (BGP): It facilitates information sharing
between edge routers to control internet packet routing. For routers,
it offers network stability. It can easily switch to another network
connection to transfer the packets.
● Interior Gateway Routing Protocol (IGRP) : IGRP outlines the
protocol for exchanging routing data between gateways inside the
separate networks. The routing information can then be used by the
other network protocols to decide how data packets should be
routed.
● Enhanced Interior Gateway Routing Protocol (EIGRP): This protocol
requests a router to route its neighbours if it cannot find a path to a
destination from the routing tables. The neighbours then forward
the request to further neighbours until a router finds the path.
● Exterior Gateway Protocol (EGP): It is also frequently used for the
communication of routing table data between internet hosts.

You can also refer to the article Difference between Router and Modem.

Frequently Asked Question on Introduction of a Router –

FAQs

How is the Router different from Wi-Fi?

A router is not just for Wi-Fi, even though it can broadcast a wireless signal
(Wi-Fi) to connected and enabled devices. In addition, routers provide wired
connectivity to the Internet. Once the router has established a hardwired or
Ethernet connection to the Internet, it can then translate that connection into
Wi-Fi signal that multiple devices can pick up.

What is difference between Modem and Router?

A modem, often known as an ISP, is a device that links your home network to
your internet service provider. A router is a device that enables all of your
wired and wireless devices to access the internet simultaneously and to
communicate with one another.

Can a router have two IP addresses?

Your router has several IP addresses on its own. In addition to the router’s
internal IP, which serves as your LAN default gateway, it also contains
additional private IP addresses for each device and a private “management”
IP address.

What is an SSID?
SSID stands for “Service Set Identifier”. SSIDs allow users to locate and join
the wireless network that the router broadcasts.

Difference Between Router and Switch

In the sector of networking, routers, and switches are essential devices that
play an important role in facilitating conversation inside and between
networks. Both devices are crucial for the green and steady transfer of data,
but they serve exceptional functions and operate at unique layers of the
network structure. Both routers and Switch are the connecting devices in
networking. A router is employed to settle on the littlest path for a packet to
achieve its destination.

What is a Router?
The router is a networking device that works at the network layer i.e., a third
layer of the ISO-OSI model, and is the multiport device. It establishes a
simple connection between the networks to provide the data flow between
the networks. Router transfers data in the form of packets is used in LAN as
well as MAN.

It works on network layer 3 and is used in LANs, MANs, and WANs. It stores
IP addresses and maintains addresses on its own.

Working of Router
● Many networked devices, including PCs, tablets, printers, and other
items, can be connected to the internet and formed into a network
by using a router in a house or workplace.
● In order to facilitate communication between these devices and the
internet, a router first links the modem to other devices.
● Data packets with specified IP addresses are routed and transmitted
by routers across networks or within networks.
● It accomplishes this by assigning a local IP address to every device
connected to the internet; this guarantees the proper destination,
preventing data from getting lost in the network.
● Once the optimal and fastest path has been determined, data
packets are sent from that path to the networked devices.

Types of Router

1. Wireless Routers

● Since they don’t require wires or cables to connect to networking

equipment, wireless routers are the most widely used routers in
homes and companies.
● With the ID and password, only authorised users can access the
network, ensuring a secure connection.
● Any n users within the designated range can access the internet by
using a wireless router.

2. Wired Routers

● It needs a wire or cable, as the name implies, in order to connect to

the network devices.
● These routers are mostly used to connect PCs to Ethernet cables in
small companies or schools.
● It also features a Wi-Fi access point, and VoIP (Voice-over-Internet
Protocol) technology allows a mobile phone to be linked to it.

Advantages of Router

● The majority of networking devices can connect to wireless routers

at any time without having to worry about a tangle of wires.
● It may establish a connection using any of the several network
architectures, including Ethernet, WLAN, and Wi-fi.
● It offers password-protected, extremely secure network access.
● It makes use of the collision function to lessen network traffic.
● With the use of intelligence and the routing table, it delivers data
packets to the right place via the most efficient path.
What is a Switch?
It is a point-to-point communication device. Basically, it is a kind of bridge
that provides better connections. It is a kind of device that sets up and stops
the connections according to the requirements needed at that time. It comes
up with many features such as flooding, filtering, and frame transmission.

Working of Switch

● As far as we are aware, every networking device has a distinct

Media Access Control (MAC) address.
● An IP packet is sent from one device or computer to another by
means of a switch, which encapsulates the IP packet with a frame
and its source and destination MAC addresses.
● The frame is stripped when it arrives to the target device, which
then receives the IP packets and can only connect to the device that
matches the destination MAC address that was entered.

Types of Switches

1. Managed Switches

Because we can simply design managed switches to meet our network

perfectly, they offer additional capabilities and are more flexible than
unmanaged switches. They are also more secure. As a result, we will be able
to exert more control, better safeguard our network, and enhance the quality
of service provided to network users.

2. Unmanaged Switch

Basic connection is the primary usage for the unmanaged switches. These
are typically found in small networks or locations where a modest number of
additional ports are needed, like a conference room, a lab, or a residence.
Plugging in is all that is necessary for unmanaged switches to function; no
configuration is needed.

Advantages of Switch

● It increases the network’s available bandwidth.

● It might have a direct connection to the devices or workstations.
● improves the network’s performance.
● Switches reduce frame collisions in networks because they help
each network’s collision domain to develop.
● It assists in lessening the strain on specific hosts, such PCs

The main objective of router is to connect various networks simultaneously

and it works in the network layer, whereas the main objective of switch is to
connect various devices simultaneously and it works in the data link layer.

Let us see the difference between router and switch:

Router Switch

The main objective of router While the main objective of

is to connect various switch is to connect various
networks simultaneously. devices simultaneously.

While it works in data link

It works in network layer.
layer.

Router is used by LAN as While switch is used by

well as MAN. only LAN.
Through the router, data is While through switch data
sent in the form of packets. is sent in the form of frame.

While there is no collision

There is less collision taking
taking place in full duplex
place in the router.
switch.

Router is compatible with While it is not compatible

NAT. with NAT.

Router is a relatively much Switch is an expensive

more expensive device than device than hub. but
switch. cheaper than router.

maximum speed for

wireless is 1-10 Mbps and Maximum speed is 10Mbps
maximum speed for wired to 100Mbps.
connections is 100 Mbps.
Router needs at least two Switch needs at least single
networks to connect. network is to connect.

The types of routing are: The types of switching are:

Adaptive and Non-adaptive Circuit, Packet, and
routing. Message Switching.

Frequently Asked Question on Router and Switch – FAQs

What is router?

Router is a networking device which works at the network layer i.e., third
layer of the ISO-OSI model and are the multiport devices. It establish a
simple connection between the networks in order to provide the data flow
between the networks
What is Switch?

It is a point-to-point communication device. Basically, it is a kind of bridge

that provides better connections. It is a kind of device that sets up and stops
the connections according to the requirements needed at that time.

How does a router differ from a modem?

The router distributes the signal to the network’s devices, and the modem is
in charge of sending and receiving signals from the ISP. The modem is
connected to the router, which is connected to every device on the network,
in a standard home network configuration.
Can a router act as a firewall?

YES, Wi-Fi routers serve as simple hardware firewalls, and preinstalled on

Windows and iOS devices is rudimentary firewall software.

Can a switch connect to a router?

The possibility of seamless networking is unlocked by joining a switch and

router, allowing numerous devices to connect to the internet and easily
communicate with one another.

What is Ping?
Last Updated : 09 Apr, 2024

A ping is a basic Internet command that allows a user to test and verify
whether a given destination IP address exists and can accept requests in
computer network administration. Ping is also used for diagnosis to confirm
that the computer the user tries to reach is operational. Ping can be used
with any operating system (OS) that supports networking, including the
majority of embedded network administration software.

What is Ping?
Ping (Packet Internet Groper) is a method for determining communication
latency between two networks or ping is a method of determining the time it
takes for data to travel between two devices or across a network. As
communication latency decreases, communication effectiveness improves. A
low ping time is critical in situations where the timely delivery of data is more
important than the quantity and quality of the desired information.

How Does Ping Work?

Ping sends an Internet Control Message Protocol (ICMP) Echo Request to a
network interface and then waits for a response. When the ping command is
executed, a ping signal is delivered to the provided address. When the target
host receives the echo request, it answers with an echo reply packet. This
method has two distinct purposes: calculating round-trip time (RTT) or
latency and ensuring that the target host is available. RTT is a measure of the
time it takes to receive a response. Measured in milliseconds (ms), the
process begins when a browser submits a request to a server and concludes
when the server responds. RTT is an important performance figure for online
applications.
Ping

How To Get The Ping Value Of Any Site Corresponding

To Your Server?
● The ping value represents the strength of a connection between two
computers or a network. You can check the ping of any website that
corresponds to your computer using a command prompt for
Windows or a terminal for Mac.
● Simply type the “ping<space>website name” into the command
prompt or terminal to have your system send some data packets to
that specific website and then acknowledge you with the value of
ping that is occurring within your system and that specific website.
● As you can see in the image below. I entered “> ping youtube.com”,
then my system sent and received four packets of data from
YouTube to determine the minimum, maximum, and average ping
values, which are 20ms, 22ms, and 21ms, respectively.

● So, if an online game streamer has two network options, one with
10ms of ping and 10mbps internet speed, and the other with
100ms of ping and 500mbps internet speed, the gamer will
obviously choose the first because he or she wants to interact with
the audience in real-time. However, if a person wants to watch
YouTube videos and download them, he or she will obviously select
the second option in order to speed up the download process.

How to use ping in troubleshooting?

Echo requests and echo responses are the standard for troubleshooting ICMP
messages. Ping is built into almost every operating system with network
support for troubleshooting. However, the specific implementation differs
slightly between businesses. Ping is the foundation of typical network
troubleshooting. Typing 216.58.200.174, for example, will ping an IP
address. If the ping is successful, it indicates that the system is operational
and that the two machines can communicate with one another. If the ping is
successful but the response time is excessively long, this suggests network
congestion, routing, or speed problems. Even unsuccessful pings provide
useful troubleshooting information. When it comes to network speed tests,
ping is standard procedure.

What is Ping Spoofing?

In network security, ping spoofing occurs when attackers provide incorrect
data to a server. When this occurs, the fake data duplicates the real data
packets, and is sent to the server. The receiver receives fake data and
responds to the data packet using a third-party user rather than the original
sender. On the receiver side, the server may receive unwanted data from a
different address. This helps hide the real third-party user’s address. This is
known as ping spoofing.

Frequently Asked Question on Ping – FAQs

What is Ping on a Speed Test?

The word “speed” is also used to test and measure how quickly a data signal
travels from one place to another, such as a computer or a website. Ping is
also used to troubleshoot, test connectivity, and calculate response time.

What is Ping in Gaming?

Ping is also helpful in online gaming. It measures how long it takes for a
signal to go from a computer to a server.

What is Ping in Discord?

In Discord, a chat and video program common among gamers, a ping is a
notice received on a smartphone or personal computer. When someone
sends a ping, it appears on the phone screen or on the desktop program.

How ping commands work?

Answer: Ping is a network utility Command which helps
to measure the round-trip time for messages sent to that
host, and tests whether another computer or device on a
network can be reached. In its operations, it makes use of
Internet Control Message Protocol (ICMP) to send “echo
request” packets aiming at hosts likewise listening for
“echo reply” packets.

How Ping Command Works?

1. ICMP Echo Request: As you run ping command with an IP address in
mind or domain name, the ICMP ‘echo request’ packets are sent by
your computer to the target host.
2. ICMP Echo Reply: After requesting, ping waits for the ICMP ‘echo
reply’ packets from the target host.
3. Time Measurement: Compute time taken by echo response from
intended target host. Helps in calculate the Round Trip Time (RTT).
This is more often represented as latency between your PC and
target host.
4. Show Result: Each packet sent is displayed by ping command
indicating how long it took to get back a reply and whether any got
lost. The packet loss rate might also be given as well as average,
minimum and maximum RTTs.
5. Timeout: If a packet takes too long to be replied to or is lost, it will
be marked as a timeout or lost packet.

On your operating system you can adjust ping command by adding some
options that will help you specify things like the number of packets that must
be sent, packet’s size, timeout duration and many others.

Traceroute Command in Linux with Examples

Last Updated : 01 Jul, 2024

In networking, understanding the path that data packets take from one point
to another is crucial for diagnosing and troubleshooting connectivity issues.
One of the most valuable tools for this purpose is the traceroute command in
Linux. Traceroute is a command-line tool used in Linux or other operating
systems to track the path that data takes from your computer to a specified
destination, such as a website.

When you enter the traceroute a command followed by a destination

address shows you each “hop” that the data packet makes along its journey.
This includes the different servers or devices it passes through, and how long
each step takes. In this article, we will delve into the intricacies of the
traceroute command, exploring its functionality, and options, and providing
comprehensive examples to illustrate its usage.

What is Traceroute?
The `traceroute` command is a network diagnostic tool used to trace the
route taken by packets from a source to a destination over an IP network. It
provides valuable insights into the network path, including the number of
hops (routers) between the source and destination, and the round-trip time
(RTT) for each hop.

Basic Syntax of Traceroute

The basic syntax of the `traceroute` the command is as follows:
traceroute [options] destination

Options: Various options can be used to customize the behavior of the

traceroute command, allowing users to specify parameters such as the
maximum number of hops, the number of probes per hop, and the timeout for
each probe.

How To Run a Traceroute?

For Mac or Linux

● Open Terminal on your computer.

● Type “traceroute [hostname]” (replace “[hostname]” with the
website or address you want to trace).
● Press Enter.

For Windows

● Go to the Start menu.

● Select Run.
● Type in “cmd” and then click “OK.” Command Prompt will open.
● Type in “tracert [hostname]” and press enter.

What is the Difference Between Ping and Traceroute?

The main difference between ping and traceroute is:

● Ping checks if a server is reachable and shows how long it takes to

send and receive data.
● Traceroute shows the exact path data takes to reach the server,
listing each stop (router) along the way and how long each stop
takes.

Troubleshooting With Traceroute

What Factors Impact Hop Times?

The physical distance between your computer and its destination affects how
long each hop takes. The further away it is, the longer the hop time. This is
important to remember when fixing network issues. Also, the type of
connection matters. Computers with faster connections, like Gigabit Ethernet
(GE), usually have quicker hop times than those with slower connections.

Additionally, how the data is delivered can make a difference. For example, if
data goes through a wireless router shared with several devices, it can be
slower than if it’s sent through a dedicated connection like Ethernet or
fiber-optic.

When Does High Latency Matter?

High latency is important when data needs to arrive quickly to work properly.
For example, sending still images isn’t affected much by latency. But for
Voice over Internet Protocol (VoIP) calls or videoconferences, high latency can
greatly impact the quality and experience.

Understanding Traceroute Output

When executed, the traceroute command provides a detailed output that
reveals the path taken by packets to reach the destination. Each line in the
output represents a hop along the route, displaying the IP address of the
router, its hostname (if available), and the round-trip time (RTT) for the
probe.

Options Available in Traceroute

Option Description

-4 Use IPv4

-6 Use IPv6

-F Do not fragment packet

-f first_ttl Start from the first TTL hop

-g gate Route the packet through gate

-m max_ttl Set the max number of hops

-n Do not resolve IP addresses to domain names

-p port Set the destination port

-q nqueries Set the number of probes per each hop

packetlen The full packet length

–help Display help messages and exit

Traceroute Command in Linux With Examples

1. Basic Traceroute Usage

To perform a basic traceroute operation to a destination, simply execute the
following command:
traceroute google.com

This command traces the route to the google.com domain, displaying the IP
addresses and round-trip times for each hop along the path.

2. Using IPv4 With Traceroute

The -4 option allows users to specify the use of IPv4 when performing a
traceroute operation. This is particularly useful when troubleshooting
connectivity or network issues related to IPv4 addresses.

Syntax:
traceroute -4 google.com

Explanation: By using the `-4` option, traceroute exclusively employs IPv4

addresses to trace the route to the destination `google.com`

3. Using IPv6 With Traceroute

Conversely, the `-6` option instructs traceroute to use IPv6 addresses for the
traceroute operation. This option is essential when dealing with networks
that primarily utilize IPv6 addressing.

Syntax:
traceroute -6 google.com

Explanation: By specifying the `-6` option, traceroute utilizes IPv6 addresses

to trace the route to the destination `google.com`.

4. Do Not Fragment Packet

The `-F` option prevents packet fragmentation during the traceroute
operation. This can be beneficial when troubleshooting network connectivity
issues related to packet fragmentation.
Syntax:
traceroute -F google.com

Explanation: By using the `-F` option, traceroute ensures that packets are not
fragmented during the traceroute process to the destination `google.com`.

5. Starting From a Specific TTL (Time To Live)

The `-f` option allows users to specify the starting TTL (Time To Live) value
for the traceroute operation. This option is helpful when you want to start
tracing the route from a specific hop rather than the default starting point.

Syntax:
traceroute -f 10 google.com

Explanation: By providing the `-f` option followed by the TTL value (e.g.,
10), traceroute initiates the traceroute operation from the specified hop to the
destination `google.com`.

6. Routing the Packet Through a Gate

The -g option enables users to route the packet through a specific gateway
during the traceroute operation. This is useful for directing traffic through a
specific network path for diagnostic purposes.

Syntax:
traceroute -g 192.168.43.45 google.com

Explanation: By using the `-g` option followed by the gateway IP address,

traceroute routes the packet through the specified gateway to reach the
destination `google.com`.

7. Setting Maximum Number of Hops

The -m option allows users to set the maximum number of hops for the
packet to reach the destination. By default, the maximum Timt to Live (TTL)
value is set to 30.

Syntax:
traceroute -m 5 google.com
Explanation: By specifying the `-m` option followed by the desired TTL value
(e.g., 5), traceroute limits the traceroute operation to a maximum of 5 hops to
the destination `google.com`.

8. Disabling IP Address Resolution

The `-n` option instructs traceroute not to resolve IP addresses to their
corresponding domain names. This can speed up the traceroute operation by
skipping the Domain Name Server (DNS) resolution process.

Syntax:
traceroute -n google.com

Explanation: By using the `-n` option, traceroute displays IP addresses

instead of resolving them to domain names during the traceroute operation
to the destination `google.com`.

9. Setting Destination Port

The -p option allows users to specify the destination port to use during the
traceroute operation. By default, the destination port is set to 33434. Syntax:
traceroute -p 20292 google.com
Explanation: By providing the `-p` option followed by the desired port
number (e.g., 20292), traceroute uses the specified port for the traceroute
operation to the destination `google.com`.

10. Setting Number of Probes per Hop

The -q option enables users to set the number of probes sent to each hop
during the traceroute operation. By default, three probes are sent per hop.

Syntax:
traceroute -q 1 google.com
Explanation: By using the `-q` option followed by the desired number of
probes (e.g., 1), traceroute sends the specified number of probes per hop
during the traceroute operation to the destination `google.com`.

11. Setting Packet Length

Users can specify the full packet length using the `packetlen` option. By
default, traceroute uses 60-byte packets.

Syntax:
traceroute google.com 100

Explanation: By providing the packet length value (e.g., 100), traceroute

utilizes packets with the specified length during the traceroute operation to
the destination `google.com`.

12. Displaying Help Messages

The --help option displays help messages and exits, providing users with
information about the usage and available options of the traceroute
command.

Syntax:
traceroute --help
displaying help of traceroute

Explanation: By executing the `traceroute --help` command, traceroute

displays help messages that detail the usage and available options of the
traceroute command.

Conclusion
The traceroute command in Linux offers a wide range of options for tracing
the route of packets to a destination. By understanding these options and
their syntax, users can effectively diagnose network connectivity issues and
troubleshoot routing problems. Whether it’s specifying Internet Protocol
versions, controlling packet behavior, or customizing the traceroute operation,
the traceroute command provides comprehensive functionality for network
analysis and troubleshooting.

Frequently Asked Questions on Traceroute – FAQs

What does traceroute do?

A traceroute works by sending special messages called Internet Control

Message Protocol (ICMP) packets. Each router that helps pass the data along
receives these packets. These messages help check if the routers are working
properly and can successfully transfer the data.

Are traceroute and tracert the same?

Traceroute and tracert do the same thing. The only difference is that you use
the command “traceroute” on Mac and Linux systems, and “tracert” on a
Windows system.

What information does Traceroute provide?

Traceroute provides a list of all the routers (hops) your data passes through
to reach its destination, along with the time it takes for each hop.
Can Traceroute be used on any operating system?

Yes, Traceroute can be used on most operating systems. The command is

traceroute on Mac and Linux, and tracert on Windows.

What are Gateways in Computer Network?

Last Updated : 20 Mar, 2024

A gateway is a network node or device that connects two networks that use
different transmission protocols. Gateways play an important role in
connecting two networks. It works as the entry-exit point for a network
because all traffic that passes across the networks must pass through the
gateway.

What is Gateway?
A gateway is a connecting point of any network that helps it to connect with
different networks. The gateway monitors and controls all the incoming and
outgoing traffic of the network. Suppose there are two different networks
and they want to communicate with each other, so they need to set up a path
between them. Now that path will be made between gateways of those
different networks. Gateways are also known as protocol converters because
they help to convert protocol supported by traffic of the different networks
into that are supported by this network. Because of that, it makes smooth
communication between two different networks.

How does Gateway Work?

Gateway has a simple working methodology of five steps:

● Step 1: It gets data from the network

● Step 2: It intercepts and analyzes the received data.
● Step 3: It routes the data to the destination address.
● Step 4: It converts the received data to make that compatible with
the receiver network.
● Step 5: It sends the final data inside the network.

Gateway
Actually what happens on the gateway after receiving a data packet is that
they check header information that is present in the data packet. After that, it
validates the destination IP address and searches for any error. If it gets no
error then it makes that data packet compatible for the new network by
converting protocols or other stuff.

Functionality of Gateways
There are various functionalities that are supported by any gateway:

● LAN to WAN connections- It can connect a group of personal

computers i.e. LAN(Local Area Network) to the Internet i.e.
WAN(Wide Area Network).
● Controls incoming and outgoing data– It is located on the boundary
of any network, so it controls incoming and outgoing data packets
from/to any network.
● Works as a Protocol Converter- It makes sure that the data packet
from another network is compatible with this network. So it
converts their protocols into supported protocols and other stuff of
the data packets before it enters into the network.
● Information Collector- It collects data from different sections of the
network to make a better diagnosis of any data packets. In this
process, it collects information.
● Routing of data packets- It is responsible for routing data packets to
different networks because it knows about the routing path of
different networks that are in communication with its network.

Different Types of Gateways

Gateways can be classified into multiple categories on different bases like on
the basis of the direction of flow of data, functionality, etc…

On the Basis of the Direction of the Flow of Data

● Unidirectional Gateways: Unidirectional Gateway allows the flow of
data in only one direction. It means the changes that occurred in the
source can be copied to the destination but the changes that
occurred in the destination can’t be copied to the source.
● Bidirectional Gateways: Bidirectional Gateways allow the flow of
data in both directions. It means changes that occurred in the source
can be copied to the destination and changes that occurred in the
destination can be copied to the source.

Based on Functionality

● Email Security Gateway: It scans email for any type of malicious

content before allowing it to enter the network.
● Cloud Storage Gateway: It helps in data transfer between the cloud
and the nodes of the network. It converts different API requests into
that form which can be understandable by cloud platforms.
● Network Gateway: This is the most popular type of gateway, it acts
as an interface between two different networks using different
protocols.
● Internet-To-Orbit Gateway (I2O): Project HERMES and Global
Educational Network for Satellite Operations (GENSO) are two
well-known I2O gateways that connect devices on the Internet to
satellites and spacecraft orbiting the earth.
● IoT Gateway: Before delivering sensor data to the cloud network,
IoT gateways assimilate it from Internet of Things (IoT) devices in
the field and translate it between sensor protocols. They link user
applications, cloud networks, and IoT devices.
● VoIP Trunk Gateway: By using a VoIP (voice over Internet Protocol)
network, it makes data transmission between POTS (plain old
telephone service) devices like landlines and fax machines easier.
Advantages of Gateways
● It helps in connecting two different networks.
● It filters and does not allow anything that can harm the network.
● It helps by doing protocol conversion.
● It provides security from external attacks.

Disadvantages of Gateways
● Its implementation is difficult and costly.
● It is hard to manage.
● It causes time delay because the conversion of data according to the
network takes time.
● Failure of the gateway can cause the failure of connection with other
networks.

Can a Router be a Gateway?

Yes a router can work as a network gateway. A router can govern the path
that information takes in and out. This is achieved by using built-in headers
and routing tables, which specify where each packet of data should be
transmitted. These packets include your emails, transactions, online activities,
and other information. In this way, we can consider the Router to be a
Gateway.

Difference between Gateways and Router

Gateways Router
A gateway is a device that is used Route is a device that
for communication between receives, analyzes, and
networks having different sets of forwards the data packets to
protocols. other networks.

Gateway connects two different It routes the data packets via

networks. the same networks.

Gateway does not support Router supports the dynamic

dynamic routing. routing.

The main function of a router

The main function of a gateway is
is routing the traffic from one
protocol translation.
network to another network.
It is hosted on dedicated
It is hosted on only the
applications, physical servers, or
dedicated applications.
virtual applications.

The gateway is also called a The router is also called a

gateway router, proxy server, and wireless router and an
voice gateway. Internet router.

Frequently Asked Questions on Gateways – FAQs

How do two different networks having different protocols communicate

with each other?

They can communicate using gateways because it does protocol conversion

of the data packet of different network to make that compatible with this
network.
Gateways mainly operate on which layer in the OSI model?

Gateways can operates upto layer 5 of the OSI model.

What is a bad gateway error?

A bad gateway error message like 502 Bad Gateway, shows something is
not right with a website’s server communication. You can refresh the web
browser, open a new browser session, or remove your browser’s cache to fix
the error.

What is a default gateway?

We can say a hardware point is a default gateway which provides access to
communicate one device network with another devices network for.

Introduction To Subnetting

Subnetting is the process of dividing a large network into smaller networks

called as “subnets.” Subnets provides each group of devices have thier own
space to communicate, that ultimately helps network to work easily. This also
boosts security and makes it easier to manage the network, as each subnet
can be monitored and controlled separately. In this article, we will discuss
about Subnetting in detail.

What is a Subnet?
A subnet is like a smaller group within a large network. It is a way to split a
large network into smaller networks so that devices present in one network
can transmits data more easily. For example, in a company, different
departments can each have their own subnet, keeping their data traffic
separate from others. Subnet makes the network faster and easier to manage
and also improves the security of the network.

Why Subnetting Necessary?

● Subnetting helps in organizing the network in an efficient way which
helps in expanding the technology for large firms and companies.
● Subnetting is used for specific staffing structures to reduce traffic
and maintain order and efficiency.
● Subnetting divides domains of the broadcast so that traffic is routed
efficiently, which helps in improving network performance.
● Subnetting is used to increase network security.

Different Parts of IP Address

An IP address is made up of different parts, each serving a specific purpose in
identifying a device on a network. In an IPv4 address, there are four parts,
called “octets,” which are separated by dots (e.g., 192.168.1.1). Here’s what
each part represents:

● Network Portion: The first few sections (octets) of an IP address

identify the network that the device belongs to. This part of the IP
address is common among all devices on the same network,
allowing them to communicate with each other and share resources.
● Host Portion: The remaining sections of the IP address specify the
individual device, or “host,” within that network. This part makes
each device unique within the network, allowing the router to
distinguish between different devices.

The 32-bit IP address is divided into sub-classes. These are given below:

● Class A: The network ID is 8 bits long and the host ID is 24 bits

long.
● Class B: The network ID is 16 bits long and the host ID is 16 bits
long.
● Class C: The network ID is 24 bits long and the host ID is 8 bits
long.

For more details, refer to Classfull IP Addressing.

How Does Subnetting Work?

The working of subnets starts in such a way that firstly it divides the subnets
into smaller subnets. For communicating between subnets, routers are used.
Each subnet allows its linked devices to communicate with each other.
Subnetting for a network should be done in such a way that it does not affect
the network bits.

In class C the first 3 octets are network bits so it remains as it is.

● For Subnet-1: The first bit which is chosen from the host id part is
zero and the range will be from (193.1.2.00000000 till you get all
1’s in the host ID part i.e, 193.1.2.01111111) except for the first bit
which is chosen zero for subnet id part.

Thus, the range of subnet 1 is: 193.1.2.0 to 193.1.2.127

Subnet id of Subnet-1 is : 193.1.2.0
The direct Broadcast id of Subnet-1 is: 193.1.2.127
The total number of hosts possible is: 126 (Out of 128,
2 id's are used for Subnet id & Direct Broadcast id)
The subnet mask of Subnet- 1 is: 255.255.255.128

● For Subnet-2: The first bit chosen from the host id part is one and
the range will be from (193.1.2.100000000 till you get all 1’s in the
host ID part i.e, 193.1.2.11111111).

Thus, the range of subnet-2 is: 193.1.2.128 to 193.1.2.255

Subnet id of Subnet-2 is : 193.1.2.128
The direct Broadcast id of Subnet-2 is: 193.1.2.255
The total number of hosts possible is: 126 (Out of 128,
2 id's are used for Subnet id & Direct Broadcast id)
The subnet mask of Subnet- 2 is: 255.255.255.128
The best way to find out the subnet mask of a subnet
is to set the fixed bit of host-id to 1 and the rest to 0.
Finally, after using the subnetting the total number of usable hosts is reduced
from 254 to 252.

Note:

1. To divide a network into four (2 2 ) parts you need to choose two bits
from the host id part for each subnet i.e, (00, 01, 10, 11).
2. To divide a network into eight (2 3 ) parts you need to choose three
bits from the host id part for each subnet i.e, (000, 001, 010, 011,
100, 101, 110, 111) and so on.
3. We can say that if the total number of subnets in a network
increases the total number of usable hosts decreases.

The network can be divided into two parts: To divide a network into two
parts, you need to choose one bit for each Subnet from the host ID part.

In the above diagram, there are two Subnets.

Note: It is a class C IP so, there are 24 bits in the network id part and 8 bits in
the host id part.
Example 1: An organization is assigned a class C network address of
201.35.2.0. It uses a netmask of 255.255.255.192 to divide this into
sub-networks. Which of the following is/are valid host IP addresses?

1. 201.35.2.129
2. 201.35.2.191
3. 201.35.2.255
4. Both (A) and (C)

Solution:
Converting the last octet of the
netmask into the binary form: 255.255.255.11000000
Converting the last octet of option 1
into the binary form: 201.35.2.10000001
Converting the last octet of option 2
into the binary form: 201.35.2.10111111
Converting the last octet of option 3
into the binary form: 201.35.2.11111111

From the above, we see that Options 2 and 3 are not valid host IP addresses
(as they are broadcast addresses of a subnetwork), and OPTION 1 is not a
broadcast address and it can be assigned to a host IP.

Example 2: An organization has a class C network address of

201.32.64.0. It uses a subnet mask of 255.255.255.248. Which of the
following is NOT a valid broadcast address for any subnetworks?

1. 201.32.64.135
2. 201.32.64.240
3. 201.32.64.207
4. 201.32.64.231

Solution:
Converting the last octet of the netmask
into the binary form: 255.255.255.11111000
Converting the last octet of option 1
into the binary form: 201.32.64.10000111
Converting the last octet of option 2
into the binary form: 201.32.64.11110000
Converting the last octet of option 3
into the binary form: 201.32.64.11001111
Converting the last octet of option 4
into the binary form: 201.32.64.11100111

From the above, we can see that in OPTION 1, 3, and 4, all the host bits are 1
and give the valid broadcast address of subnetworks.

and OPTION 2, the last three bits of the Host address are not 1 therefore it’s
not a valid broadcast address.

What is a Subnet Mask?

A subnet mask is a 32-bit number used in IP addressing to separate the
network portion of an IP address from the host portion. It helps computers
and devices determine which part of an IP address refers to the network they
are present, and which part refers to their specific location or address within
that network.

Advantages of Subnetting
● It provides security to one network from another network. eg) In an
Organisation, the code of the Developer department must not be
accessed by another department.
● It may be possible that a particular subnet might need higher
network priority than others. For example, a Sales department
needs to host webcasts or video conferences.
● In the case of Small networks, maintenance is easy.

Disadvantages of Subnetting
● In the case of a single network, only three steps are required to
reach a Process i.e Source Host to Destination Network, Destination
Network to Destination Host, and then Destination Host to Process.
● In the case of a Single Network only two IP addresses are wasted to
represent Network Id and Broadcast address but in the case of
Subnetting two IP addresses are wasted for each Subnet.
● The cost of the overall Network also increases. Subnetting requires
internal routers, Switches, Hubs, Bridges, etc. which are very costly.

Conclusion
Subnetting is an important part of managing computer networks. It allows us
to break a large network into smaller, more manageable parts called subnets.
This makes it easier to organize and use IP addresses efficiently. By using
subnetting, we can reduce unnecessary traffic on the network and improve its
performance.

What is VPN and How It Works?

Last Updated : 09 Aug, 2024

VPN is a mechanism of employing encryption, authentication, and integrity

protection so that we can use a public network as if it is a private network. It
offers a high amount of security and allows users to remotely access private
networks. In this article, we will cover every point about virtual private
networks.

What is a VPN?
A virtual private network (VPN) is a technology that creates a safe and
encrypted connection over a less secure network, such as the Internet. A
Virtual Private Network is a way to extend a private network using a public
network such as the Internet. The name only suggests that it is a “Virtual
Private Network”, i.e. user can be part of a local network sitting at a remote
location. It makes use of tuneling protocols to establish a secure connection.

History of VPNs
ARPANET introduced the idea of connecting distant computers in the 1960s.
The foundation for current internet connectivity was established by ensuring
the development of protocols like TCP/IP in the 1980s. Particular VPN
technologies first appeared in the 1990s in response to the growing concerns
about online privacy and security.

Need for VPN

It could easily be said that VPNs are a necessity since privacy, security, and
free internet access should be everybody’s right. First, they establish secure
access to the corporate networks for remote users; then, they secure the data
during the transmission and, finally, they help users to avoid geo-blocking
and censorship. VPNs are highly useful for protecting data on open Wi-Fi, for
privacy, and preventing one’s ISP from throttling one’s internet connection.
How Does a VPN Work?
Let us understand VPN with an example think of a situation where the
corporate office of a bank is situated in Washington, USA. This office has a
local network consisting of say 100 computers. Suppose other branches of
the bank are in Mumbai, India, and Tokyo, Japan. The traditional method of
establishing a secure connection between the head office and the branch was
to have a leased line between the branches and head office which was a very
costly as well as troublesome job. VPN lets us effectively overcome this
issue.

The situation is described below

● All 100 hundred computers of the corporate office in Washington

are connected to the VPN server(which is a well-configured server
containing a public IP address and a switch to connect all computers
present in the local network i.e. in the US head office).
● The person sitting in the Mumbai office connects to The VPN server
using a dial-up window and the VPN server returns an IP address
that belongs to the series of IP addresses belonging to a local
network of the corporate office.
● Thus person from the Mumbai branch becomes local to the head
office and information can be shared securely over the public
internet.
● So this is the intuitive way of extending the local network even
across the geographical borders of the country.

VPN is well Exploited all Across the Globe

We will explain to you with an example. Suppose we are using smartphones
regularly. Spotify Swedish music app that is not active in India But we are
making full use of it sitting in India. So how ?? VPN can be used to
camouflage our geolocation.

● Suppose the IP address is 101.22.23.3 which belongs to India.

Now we typed “What is my IP address”? Amazingly the IP address changed

to 45.79.66.125 which belongs to the USA And since Spotify works well in
the US, we can use it now being in India (virtually in the USA). Is not that
good? obviously, it is very useful.
● VPN also ensures security by providing an encrypted tunnel
between the client and the VPN server.
● VPN is used to bypass many blocked sites.
● VPN facilitates Anonymous browsing by hiding your IP address.
● Also, the most appropriate Search engine optimization (SEO) is done
by analyzing the data from VPN providers which provide
country-wise statics of browsing a particular product.
● VPNs encrypt your internet traffic, safeguarding your online
activities from potential eavesdropping and cyber threats, thereby
enhancing your privacy and data protection.

Characteristics of VPN
● Encryption: VPNs employ several encryption standards to maintain
the confidentiality of the transmitted data and, even if intercepted,
can’t be understood.
● Anonymity: Thus, VPN effectively hides the users IP address, thus
offering anonymity and making tracking by websites or other third
parties impossible.
● Remote Access: VPNs provide the means for secure remote
connection to business’ networks thus fostering employee
productivity through remote working.
● Geo-Spoofing: The user can also change the IP address to another
country using the VPN hence breaking the regional restrictions of
some sites.
● Data Integrity: VPNs make sure that the data communicated in the
network in the exact form and not manipulated in any way.

Types of VPN
There are several types of VPN and these are vary from specific requirement
in computer network. Some of the VPN are as follows:

● Remote Access VPN

● Site to Site VPN
● Cloud VPN
● Mobile VPN
● SSL VPN

For more details you can refer Types of VPN published article.

VPN Protocols
● OpenVPN: A cryptographic protocol that prioritises security is called
OpenVPN. OpenVPN is compatible protocol that provides a variety
of setup choices.
● Point-To-Point Tunneling Protocol(PPTP): PPTP is not utilized
because there are many other secure choices with higher and more
advanced encryption that protect data.
● WireGuard: Wireguard is a good choice that indicates capability in
terms of performance.
● Secure Socket Tunneling Protocol(SSTP): SSTP is developed for
Windows users by Microsoft. It is not widely used due to the lack of
connectivity.
● Layer 2 Tunneling Protocol(L2TP) It connects a user to the VPN
server but lacks encryption hence it is frequently used with IPSec to
offer connection, encryption, and security simultaneously.

Why Should Use VPN?

● For Unlimited Streaming: Love streaming your favourite shows and
sports games? A VPN is your ultimate companion for unlocking
streaming services.
● For elevating your Gaming Experience: Unleash your gaming
potential with the added layer of security and convenience provided
by a VPN. Defend yourself against vengeful competitors aiming to
disrupt your gameplay while improving your ping for smoother,
lag-free sessions. Additionally, gain access to exclusive games that
may be restricted in your region, opening up a world of endless
gaming possibilities.
● For Anonymous Torrenting: When it comes to downloading
copyrighted content through torrenting, it’s essential to keep your IP
address hidden. A VPN can mask your identity and avoid potential
exposure, ensuring a safe and private torrenting experience.
● For supercharging your Internet Speed: Are you tired of your Internet
speed slowing down when downloading large files? Your Internet
Service Provider (ISP) might be intentionally throttling your
bandwidth. Thankfully, a VPN can rescue you by keeping your online
activities anonymous, effectively preventing ISP throttling. Say
goodbye to sluggish connections and embrace blazing-fast speeds.
● Securing Public Wi-Fi: VPNs are essential for maintaining security
when using public Wi-Fi networks, such as those in coffee shops,
airports, or hotels. These networks are often vulnerable to
cyberattacks, and using a VPN encrypts your internet connection,
protecting your data from potential hackers and eavesdroppers
when you connect to untrusted Wi-Fi hotspots.

Tunnelling Protocols for VPN

● OpenVPN: An open source protocol with very good security and the
ability to set up the functionality to use. Secure Sockets Layer /
Transport Layer Security is for the key exchange; it can go through
firewalls and network address translators (NATs).
● Point-To-Point Tunneling Protocol (PPTP): Another outdated VPN
protocol is PPTP as it is one of the oldest VPN protocols that are
quite easy to configure but provides the weaker security than most
contemporary VPN protocols.
● WireGuard: A relatively new protocol that has been widely
recommended because of its relative ease of use and high
performance. It incorporates modern techniques of encryption and it
is perhaps easier to implement and to audit.
● Secure Socket Tunnelling Protocol (SSTP): SSTP is a Microsoft
developed protocol; it is compatible with the Windows operating
systems and uses SSL/TLS for encryption which is rather secure.
● Layer 2 Tunnelling Protocol (L2TP): L2TP is frequently combined
with IPsec for encryption; however, L2TP does not have encryption
integrated into it but does build a secure tunnel for data.

Authentication Mechanisms in VPN

● Pre-Shared Key (PSK): Is a secret key that is used for authenticating
the two parties, that is, the client and the VPN server. It is easy to
integrate but is also considered insecure when not administered
properly.
● Digital Certificates: Based on certificates given by a reliable
certificate authority, it is effective in identifying the identity of users
and devices with a sense of security.
● Username and Password: Usually known in user authentication in
which users submit their credentials for them to access the VPNs.
This method is sometimes supported by other security measures
such as MFA (multi-factor authentication).
● Two-Factor Authentication (2FA): Provides another level of
protection by including a second factor of identification in the
manner of a number received via one’s cellular telephone along with
a user identification and password.

Security Concerns in VPN

● Data Leakage: VPNs also can some time not hide IP address and
thus cause leakages of data collected. This can happen via DNS
leaks or when the VPN connection is severed prematurely or when
switches between servers.
● Weak Encryption: Even the security of a VPN can be affected by
weak encryption standards as well as outdated encryption
algorithms. In this case, it is essential to implement sound
encryption/decryption methods.
● Trust in VPN Providers: VPN provider can only guarantee that they
will secure the user’s data and refrain from abusing it if the user
themselves trusts their service provider. Some providers may keep
records of the use of the resource by a user and this can infringe on
the privacy of a consumer.
● Man-in-the-Middle Attacks (MitM): If VPN setting is not safe, the
attacker gets the chance to intervene and modify information
exchanged between client and server.
● Performance Trade-offs: VPN security often affects internet
connection since the encryption and routing through VPN servers
cause slower connection. For security and performance are always
equally important for the choice of the measures.

Are VPNs legal or illegal?

Using a VPN is legal in most countries, The legality of using a VPN service
depends on the country and its geopolitical relations with another country as
well. A reliable and secure VPN is always legal if you do not intend to use it
for any illegal activities like committing fraud online, cyber theft, or in some
countries downloading copyrighted content. China has decided to block all
VPNs (Virtual private network) by next year, as per the report of Bloomberg.
Many Chinese Internet users use VPNs to privately access websites that are
blocked under China’s so-called “great firewall”. This is done to avoid any
information leakage to rival countries and to tighten the information security.

What to Look for When Choosing a VPN?

● Be sure the VPN has appropriate speed, a lot of providers have
trouble keeping up with Netflix viewing or downloading.
● Read both user and expert evaluations to gain a good idea of how
well the VPN operates.
● Select a VPN provider that provides shared IP addresses.
● More servers translate into faster browsing because there will be
less traffic on each one.

Benefits of VPN
● When you use VPN it is possible to switch IP.
● The internet connection is safe and encrypted with VPN
● Sharing files is confidential and secure.
● Your privacy is protected when using the internet.
● There is no longer a bandwidth restriction.
● It facilitates cost savings for internet shopping.

Limitations of VPN
● VPN may decrease your internet speed.
● Premium VPNs are not cheap.
● VPN usage may be banned in some nations.]

Conclusion
In conclusion, a VPN (Virtual Private Network) is a powerful tool that
enhances your online privacy and security by encrypting your internet
connection and masking your IP address. Whether you’re accessing public
Wi-Fi, wanting to browse the web more securely, or bypassing geographical
restrictions, a VPN offers a layer of protection that keeps your data safe. As
the digital landscape continues to evolve, understanding and using a VPN
can be an essential step in safeguarding your online presence.

Virtual LAN (VLAN)

Virtual LAN (VLAN) is a concept in which we can divide the devices logically
on layer 2 (data link layer). Generally, layer 3 devices divide the broadcast
domain but the broadcast domain can be divided by switches using the
concept of VLAN.

A broadcast domain is a network segment in which if a device broadcast a

packet then all the devices in the same broadcast domain will receive it. The
devices in the same broadcast domain will receive all the broadcast packets
but it is limited to switches only as routers don’t forward out the broadcast
packet. To forward out the packets to different VLAN (from one VLAN to
another) or broadcast domains, inter Vlan routing is needed. Through VLAN,
different small-size sub-networks are created which are comparatively easy
to handle.

VLAN ranges:
● VLAN 0, 4095: These are reserved VLAN which cannot be seen or
used.
● VLAN 1: It is the default VLAN of switches. By default, all switch
ports are in VLAN. This VLAN can’t be deleted or edit but can be
used.
● VLAN 2-1001: This is a normal VLAN range. We can create, edit
and delete these VLAN.
● VLAN 1002-1005: These are CISCO defaults for fddi and token
rings. These VLAN can’t be deleted.
● Vlan 1006-4094: This is the extended range of Vlan.

Configuration –
We can simply create VLANs by simply assigning the vlan-id and Vlan name.
#switch1(config)#vlan 2
#switch1(config-vlan)#vlan accounts

Here, 2 is the Vlan I’d and accounts is the Vlan name. Now, we assign Vlan to
the switch ports.e.g-
Switch(config)#int fa0/0
Switch(config-if)#switchport mode access
Switch(config-if)#switchport access Vlan 2

Also, switchport range can be assigned to required vlans.

Switch(config)#int range fa0/0-2
Switch(config-if)#switchport mode access
Switch(config-if) #switchport access Vlan 2

By this, switchport fa0/0, fa0/1, fa0-2 will be assigned Vlan 2.

Example –
Assigning IP address 192.168.1.1/24, 192.168.1.2/24 and 192.168.2.1/24 to
the PC’s. Now, we will create Vlan 2 and 3 on switch.
Switch(config)#vlan 2
Switch(config)#vlan 3

We have made VLANs but the most important part is to assign switch ports
to the VLANs.
Switch(config)#int fa0/0
Switch(config-if)#switchport mode access
Switch(config-if) #switchport access Vlan 2

Switch(config)#int fa0/1
Switch(config-if)#switchport mode access
Switch(config-if) #switchport access Vlan 3

Switch(config)#int fa0/2
Switch(config-if)#switchport mode access
Switch(config-if) #switchport access Vlan 2
As seen, we have assigned Vlan 2 to fa0/0, fa0/2, and Vlan 3 to fa0/1.

VLANs offer several features and benefits, including:

● Improved network security: VLANs can be used to separate network

traffic and limit access to specific network resources. This improves
security by preventing unauthorized access to sensitive data and
network resources.
● Better network performance: By segregating network traffic into
smaller logical networks, VLANs can reduce the amount of
broadcast traffic and improve network performance.
● Simplified network management: VLANs allow network
administrators to group devices together logically, rather than
physically, which can simplify network management tasks such as
configuration, troubleshooting, and maintenance.
● Flexibility: VLANs can be configured dynamically, allowing network
administrators to quickly and easily adjust network configurations as
needed.
● Cost savings: VLANs can help reduce hardware costs by allowing
multiple virtual networks to share a single physical network
infrastructure.
● Scalability: VLANs can be used to segment a network into smaller,
more manageable groups as the network grows in size and
complexity.

Some of the key features of VLANs include:

● VLAN tagging: VLAN tagging is a way to identify and distinguish

VLAN traffic from other network traffic. This is typically done by
adding a VLAN tag to the Ethernet frame header.
● VLAN membership: VLAN membership determines which devices
are assigned to which VLANs. Devices can be assigned to VLANs
based on port, MAC address, or other criteria.
● VLAN trunking: VLAN trunking allows multiple VLANs to be carried
over a single physical link. This is typically done using a protocol
such as IEEE 802.1Q.
● VLAN management: VLAN management involves configuring and
managing VLANs, including assigning devices to VLANs, configuring
VLAN tags, and configuring VLAN trunking.

Types of connections in VLAN –

There are three ways to connect devices on a VLAN, the type of connections
are based on the connected devices i.e. whether they are VLAN-aware(A
device that understands VLAN formats and VLAN membership) or
VLAN-unaware(A device that doesn’t understand VLAN format and VLAN
membership).

1. Trunk Link –
All connected devices to a trunk link must be VLAN-aware. All
frames on this should have a special header attached to it called
tagged frames.
2. Access link –
It connects VLAN-unaware devices to a VLAN-aware bridge. All
frames on the access link must be untagged.
3. Hybrid link –
It is a combination of the Trunk link and Access link. Here both
VLAN-unaware and VLAN-aware devices are attached and it can
have both tagged and untagged frames.

Advantages –
● Performance –
The network traffic is full of broadcast and multicast. VLAN reduces
the need to send such traffic to unnecessary destinations. e.g.-If the
traffic is intended for 2 users but as 10 devices are present in the
same broadcast domain, therefore, all will receive the traffic i.e.
wastage of bandwidth but if we make VLANs, then the broadcast or
multicast packet will go to the intended users only.
● Formation of virtual groups –
As there are different departments in every organization namely
sales, finance etc., VLANs can be very useful in order to group the
devices logically according to their departments.
● Security –
In the same network, sensitive data can be broadcast which can be
accessed by the outsider but by creating VLAN, we can control
broadcast domains, set up firewalls, restrict access. Also, VLANs can
be used to inform the network manager of an intrusion. Hence,
VLANs greatly enhance network security.
● Flexibility –
VLAN provide flexibility to add, remove the number of host we
want.
● Cost reduction –
VLANs can be used to create broadcast domains which eliminate
the need for expensive routers.
By using Vlan, the number of small size broadcast domain can be
increased which are easy to handle as compared to a bigger
broadcast domain.

Disadvantages of VLAN

1. Complexity: VLANs can be complex to configure and manage,

particularly in large or dynamic cloud computing environments.
2. Limited scalability: VLANs are limited by the number of available
VLAN IDs, which can be a constraint in larger cloud computing
environments.
3. Limited security: VLANs do not provide complete security and can
be compromised by malicious actors who are able to gain access to
the network.
4. Limited interoperability: VLANs may not be fully compatible with all
types of network devices and protocols, which can limit their
usefulness in cloud computing environments.
5. Limited mobility: VLANs may not support the movement of devices
or users between different network segments, which can limit their
usefulness in mobile or remote cloud computing environments.
6. Cost: Implementing and maintaining VLANs can be costly, especially
if specialized hardware or software is required.
7. Limited visibility: VLANs can make it more difficult to monitor and
troubleshoot network issues, as traffic is isolated in different
segments.

Real-Time Applications of VLAN

Virtual LANs (VLANs) are widely used in cloud computing environments to

improve network performance and security. Here are a few examples of
real-time applications of VLANs:

1. Voice over IP (VoIP) : VLANs can be used to isolate voice traffic from
data traffic, which improves the quality of VoIP calls and reduces the
risk of network congestion.
2. Video Conferencing : VLANs can be used to prioritize video traffic
and ensure that it receives the bandwidth and resources it needs for
high-quality video conferencing.
3. Remote Access : VLANs can be used to provide secure remote
access to cloud-based applications and resources, by isolating
remote users from the rest of the network.
4. Cloud Backup and Recovery : VLANs can be used to isolate backup
and recovery traffic, which reduces the risk of network congestion
and improves the performance of backup and recovery operations.
5. Gaming : VLANs can be used to prioritize gaming traffic, which
ensures that gamers receive the bandwidth and resources they need
for a smooth gaming experience.
6. IoT : VLANs can be used to isolate Internet of Things (IoT) devices
from the rest of the network, which improves security and reduces
the risk of network congestion.

What is VPN and How It Works?

Last Updated : 09 Aug, 2024

VPN is a mechanism of employing encryption, authentication, and integrity

Need for VPN

How Does a VPN Work?

Let us understand VPN with an example think of a situation where the
corporate office of a bank is situated in Washington, USA. This office has a
local network consisting of say 100 computers. Suppose other branches of
the bank are in Mumbai, India, and Tokyo, Japan. The traditional method of
establishing a secure connection between the head office and the branch was
to have a leased line between the branches and head office which was a very
costly as well as troublesome job. VPN lets us effectively overcome this
issue.

The situation is described below

● All 100 hundred computers of the corporate office in Washington
are connected to the VPN server(which is a well-configured server
containing a public IP address and a switch to connect all computers
present in the local network i.e. in the US head office).
● The person sitting in the Mumbai office connects to The VPN server
using a dial-up window and the VPN server returns an IP address
that belongs to the series of IP addresses belonging to a local
network of the corporate office.
● Thus person from the Mumbai branch becomes local to the head
office and information can be shared securely over the public
internet.
● So this is the intuitive way of extending the local network even
across the geographical borders of the country.

VPN is well Exploited all Across the Globe

We will explain to you with an example. Suppose we are using smartphones

regularly. Spotify Swedish music app that is not active in India But we are
making full use of it sitting in India. So how ?? VPN can be used to
camouflage our geolocation.

● Suppose the IP address is 101.22.23.3 which belongs to India.

That’s why our device is not able to access the Spotify music app.
● But the magic began when we used the Psiphon app which is an
Android app used to change the device IP address to the IP address
of the location we want(say US where Spotify works seamlessly).
● The IP address is changed using VPN technology. Basically what
happens is that your device will connect to a VPN server of the
respective country that you have entered in your location textbox of
the Psiphon app and now you will inherit a new IP from this server.
Now we typed “What is my IP address”? Amazingly the IP address changed
to 45.79.66.125 which belongs to the USA And since Spotify works well in
the US, we can use it now being in India (virtually in the USA). Is not that
good? obviously, it is very useful.
● VPN also ensures security by providing an encrypted tunnel
between the client and the VPN server.
● VPN is used to bypass many blocked sites.
● VPN facilitates Anonymous browsing by hiding your IP address.
● Also, the most appropriate Search engine optimization (SEO) is done
by analyzing the data from VPN providers which provide
country-wise statics of browsing a particular product.
● VPNs encrypt your internet traffic, safeguarding your online
activities from potential eavesdropping and cyber threats, thereby
enhancing your privacy and data protection.

Types of VPN
There are several types of VPN and these are vary from specific requirement
in computer network. Some of the VPN are as follows:

● Remote Access VPN

● Site to Site VPN
● Cloud VPN
● Mobile VPN
● SSL VPN

For more details you can refer Types of VPN published article.

Why Should Use VPN?

● For Unlimited Streaming: Love streaming your favourite shows and
sports games? A VPN is your ultimate companion for unlocking
streaming services.
● For elevating your Gaming Experience: Unleash your gaming
potential with the added layer of security and convenience provided
by a VPN. Defend yourself against vengeful competitors aiming to
disrupt your gameplay while improving your ping for smoother,
lag-free sessions. Additionally, gain access to exclusive games that
may be restricted in your region, opening up a world of endless
gaming possibilities.
● For Anonymous Torrenting: When it comes to downloading
copyrighted content through torrenting, it’s essential to keep your IP
address hidden. A VPN can mask your identity and avoid potential
exposure, ensuring a safe and private torrenting experience.
● For supercharging your Internet Speed: Are you tired of your
Internet speed slowing down when downloading large files? Your
Internet Service Provider (ISP) might be intentionally throttling your
bandwidth. Thankfully, a VPN can rescue you by keeping your online
activities anonymous, effectively preventing ISP throttling. Say
goodbye to sluggish connections and embrace blazing-fast speeds.
● Securing Public Wi-Fi: VPNs are essential for maintaining security
when using public Wi-Fi networks, such as those in coffee shops,
airports, or hotels. These networks are often vulnerable to
cyberattacks, and using a VPN encrypts your internet connection,
protecting your data from potential hackers and eavesdroppers
when you connect to untrusted Wi-Fi hotspots.

Tunnelling Protocols for VPN

Authentication Mechanisms in VPN

Security Concerns in VPN

Are VPNs legal or illegal?

What to Look for When Choosing a VPN?

Limitations of VPN
● VPN may decrease your internet speed.
● Premium VPNs are not cheap.
● VPN usage may be banned in some nations.]

Difference Between HTTP and HTTPS

HTTPS is just HTTP with encryption. The primary distinction between these
two names is that HTTPS is more secure than HTTP since it uses TLS (SSL)
encryption for all HTTP requests and answers, even the standard ones. In
this article, we are going to discuss what is HTTP and HTTPS and their
advantages and disadvantages in brief. Here Below is a detailed discussion
on HTTP and HTTPS.

HyperText Transfer Protocol (HTTP)

● HyperText Transfer Protocol (HTTP) is a protocol using which
hypertext is transferred over the Web.
● Due to its simplicity, HTTP has been the most widely used protocol
for data transfer over the Web but the data (i.e. hypertext)
exchanged using HTTP isn’t as secure as we would like it to be.
● In fact, hyper-text exchanged using HTTP goes as plain text i.e.
anyone between the browser and server can read it relatively easily
if one intercepts this exchange of data.
● The acronym for Hypertext Transfer Protocol is HTTP.
● The web server delivers the desired data to the user in the form of
web pages when the user initiates an HTTP request through their
browser. Above the TCP layer lies an application layer protocol
called HTTP. It has given web browsers and servers certain
standard principles that they can use to talk to one another.
● Because each transaction on the HTTP protocol is carried out
independently of the others and without reference to the history, the
connection between the web browser and the server ends after the
transaction is finished. This makes HTTP a stateless protocol.

Advantages of HTTP

● Because there are fewer connections running at once, it delivers

reduced CPU and memory utilization.
● It allows requests and answers to be pipelined via HTTP.
● Because there are fewer TCP connections, it provides less network
congestion.
● During the first stage of connection establishment, handshakes are
exchanged. Because there is no handshaking, it provides lower
latency for subsequent requests.
● Without terminating the TCP connection, it reports problems.

Disadvantages of HTTP

● It is applicable to point-to-point connections.

● It isn’t mobile-friendly.
● It is not capable of being pushed.
● It uses far too many words.
● It doesn’t provide trustworthy exchange (in the absence of retry
mechanism).
● When the client receives all the data it requires, the connection is
not terminated. Therefore, the server won’t be accessible during this
time.
HTTP vs HTTPS

Hypertext Transfer Protocol Secure (HTTPS)

● Hypertext Transfer Protocol Secure (HTTPS) is an extended version
of the Hypertext Transfer Protocol (HTTP). It is used for secure
communication.
● In HTTPS, the communication protocol is encrypted using Transport
Layer Security.
● HTTPS stands for Hypertext Transfer Protocol Secure.
● While HTTPS guarantees data security, the HTTP protocol does not
provide data security.
● As a result, HTTPS can be defined as a secure variant of the HTTP
protocol. Data can be transferred using this protocol in an encrypted
format.
● In most cases, the HTTPS protocol must be used while entering
bank account information.
● The HTTPS protocol is mostly utilised in situations when entering
login credentials is necessary. Modern browsers like Chrome
distinguish between the HTTP and HTTPS protocols based on
distinct markings.
● HTTPS employs an encryption mechanism called Secure Sockets
Layer (SSL), also known as Transport Layer Security, to enable
encryption.

Advantages of HTTPS

● Provides in-transit data security.

● Shields your website from data breaches, phishing, and MITM
attacks.
● Increases the visitors’ trust to your website.
● Eliminates the “NOT Secure” alerts.
● Assist you in raising your website’s ranking.

Disadvantages of HTTPS

● When switching to HTTPS, an SSL certificate needs to be bought.

Even though website hosts often give SSL certificates, these should
be renewed annually by paying a charge.
● Encrypting and decrypting data across HTTPS connections requires
a lot of computation.
● There will be issues with caching some information over HTTPS.
Public caching of those that previously took place won’t happen
again.
● Certain proxy servers and firewalls prevent users from accessing
HTTPS websites. Both deliberate and inadvertent actions might
result from this.
● If there are configuration issues, HTTP will be used by your website
to obtain files rather than HTTPS.

Difference Between HTTP and HTTPS

HTTP HTTPS

HTTP stands for HyperText HTTPS for HyperText

Transfer Protocol. Transfer Protocol Secure.

In HTTP, URL begins with In HTTPs, URL starts with

“http://”. “https://”.

HTTP uses port number 80 HTTPs uses 443 port

for communication. number for communication.

HTTP is considered to be HTTPs is considered as

unsecure. secure.
HTTP works at Application HTTPS works at Transport
Layer. Layer.

In HTTP, Encryption is Encryption is present in

absent. HTTPS.

HTTP does not require any HTTPS needs SSL

certificates. Certificates.

HTTP does not improve HTTPS helps to improve

search ranking search ranking

HTTP faster than HTTPS HTTPS slower than HTTP

HTTP does not use data

While HTTPS will have the
hashtags to secure data.
data before sending it and
return it to its original state
on the receiver side.

In HTTP Data is transfer in In HTTPS Data transfer in

plaintext. ciphertext.

HTTP Should be avoided. HTTPS Should be preferred.

Search engines do not Improved reputation of the

favour the insecure website. website in search engine.

HTTPS Requires SSL/TLS

HTTP Does not require
implementation with
SSL/TLS or Certificates
Certificates.

In HTTPS Users are

In HTTP Users ar worried
confident about the security
about their data.
of their data.
Frequently Asked Question on HTTP and HTTPS – FAQs

What is HTTP?

1. HyperText Transfer Protocol (HTTP) is a protocol using which

hypertext is transferred over the Web.

2. Due to its simplicity, HTTP has been the most widely used protocol
for data transfer over the Web but the data (i.e. hypertext)
exchanged using HTTP isn’t as secure as we would like it to be.

What is HTTPS?
Hypertext Transfer Protocol Secure (HTTPS) is an extended version of the
Hypertext Transfer Protocol (HTTP). It is used for secure communication.
HTTPS, the communication protocol is encrypted using Transport Layer
Security.

HTTPS is more secured then HTTP?

HTTPS is just HTTP with verification and encryption. The use of TLS (SSL) by
HTTPS to encrypt and digitally sign standard HTTP requests and answers is
the only distinction between the two protocols.

What are the port numbers of HTTP and HTTPS?

The default port number of HTTP is 80 and the default port number of
HTTPS is 443.
How do I switch from HTTP to HTTPS for my website?

You cannot manually switch between HTTP and HTTPS. All you have to do is
enter the destination’s address, and the website will decide which mode to
use.

Encryption, Its Algorithms And Its Future

Last Updated : 27 Feb, 2024

Encryption is very important in today’s world, it is the process of transforming

plaintext into ciphertext to maintain data security, and it is a crucial tool used
in modern cyber security. It secures sensitive data by rendering it unreadable
to unauthorized events, making sure of confidentiality, integrity, and
authenticity.

What is Encryption?
Encryption in cryptography is a process by which plain text or a piece of
information is converted into cipher text or text that can only be decoded by
the receiver for whom the information was intended. The algorithm used for
the encryption process is known as cipher. It helps to protect consumer
information, emails, and other sensitive data from unauthorized access as
well as secures communication networks. Presently there are many options
to choose from and find the most secure algorithm that meets our
requirements.

Types of Encryption

There are two methods or types through which encryption take place, these
below are two types of encryption:

● Symmetric Key Encryption

● Asymmetric Key Encryption

Features of Encryption
● Confidentiality: Information can only be accessed by the person for
whom it is intended and no other person except him can access it.
● Integrity: Information cannot be modified in storage or transition
between sender and intended receiver without any addition to
information being detected.
● Non-repudiation: The creator/sender of information cannot deny his
intention to send information at later stage.
● Authentication: The identities of sender and receiver are confirmed.
As well as you can detect the origination of information is confirmed.

Encryption Algorithms
To secure information, you can employ a variety of data encryption
algorithms. The algorithms differ in terms of how accurately they safeguard
data as well as how complex they are. Some of the more popular algorithms
that have been in use over the years are listed below:

1. AES(Advance Encryption Standard)

Advance Encryption Standard also abbreviated as AES, is a symmetric block

cipher which is chosen by United States government to protect significant
information and is used to encrypt sensitive data of hardware and software.
AES has three 128-bit fixed block ciphers of keys having sizes 128, 192 and
256 bits. Key sizes are unlimited but block size is maximum 256 bits.The AES
design is based on a substitution-permutation network (SPN) and does not
use the Data Encryption Standard (DES) Feistel network.

2. RSA ( Rivest, Shamir and Adleman)

RSA is an asymmetric key algorithm which is named after its creators Rivest,
Shamir and Adleman. The algorithm is based on the fact that the factors of
large composite number is difficult: when the integers are prime, this method
is known as Prime Factorization. It is generator of public key and private key.
Using public key we convert plain text to cipher text and private key is used
for converting cipher text to plain text. Public key is accessible by everyone
whereas Private Key is kept secret. Public Key and Private Key are kept
different.Thus making it more secure algorithm for data security.

3. Triple DES

Triple DES is a block cipher algorithm that was created to replace its older
version Data Encryption Standard(DES). In 1956 it was found out that 56
key-bit of DES was not enough to prevent brute force attack, so Triple DES
was discovered with the purpose of enlarging the key space without any
requirement to change algorithm. It has a key length of 168 bits three 56-bit
DES keys but due to meet-in-middle-attack the effective security is only
provided for only 112 bits. However Triple DES suffers from slow
performance in software. Triple DES is well suited for hardware
implementation. But presently Triple DES is largely replaced by AES
(Advance Encryption Standard).

4. Twofish

Twofish algorithm is successor of blowfish algorithm. It was designed by

Bruce Schneier, John Kesley, Dough Whiting, David Wagner, Chris Hall and
Niels Ferguson. It uses block ciphering It uses a single key of length 256 bits
and is said to be efficient both for software that runs in smaller processors
such as those in smart cards and for embedding in hardware .It allows
implementers to trade off encryption speed, key setup time, and code size to
balance performance.

5. Blowfish

Blowfish was created to solve the DES algorithm’s problem. The algorithm is
freely usable by everyone and has been released into the public domain. The
technique uses a 64-bit block size, and the length of the key can range from
32 to 448 bits. It is the best permutation technique for cipher-related
encryption and operates on the Feistel structure using a 16-bit round cipher.
The information in the Blowfish algorithm is encrypted and decrypted using a
single key.

Advantages of Encryption
● Data encryption keeps the data isolated from the security of the
device on which it is stored.
● Encryption improves the security of our information.
● When the data is encrypted, it can only decrypt by the person
having key.

Disadvantages of Encryption
● If the password or key is lost, the user will be unable to open the
encrypted file.
● Although data encryption is a useful data security strategy, it
requires a lot of resources, including time, data processing, and the
use of many encryption and decryption techniques.

Future of Encryption
With advancement in technology it becomes more easier to encrypt data,
with neural networks it becomes easier to keep data safe. Neural Networks
of Google Brain have worked out to create encryption, without teaching
specifics of encryption algorithm. Data Scientist and Cryptographers are
finding out ways to prevent brute force attack on encryption algorithms to
avoid any unauthorized access to sensitive data.

Conclusion
Data protection is a function of encryption, and algorithm refers to a set of
guidelines or remarks that must be followed to throughout the encryption
process. The encryption functions, procedures, and keys utilised all contribute
to the system’s effectiveness. Using a public or private key, the recipient may
transform the coded text or unreadable format back to plain text.

Frequently Asked Question on Encryption

Which encryption method is more secure?

Most people believe that AES is resistant to all types of attacks except brute
force attacks. Still, a lot of internet security experts think that AES will
become the industry standard for private-sector data encryption in the future.

Why is encryption needed?

Encryption helps to protect private data, sensitive information, and can

improve the security of communication between client and servers.

Which encryption is fastest?

Symmetric encryption is much faster then asymmetric encryption.

What is Hashing?
Last Updated : 26 Feb, 2024

Hashing refers to the process of generating a fixed-size output from an input

of variable size using the mathematical formulas known as hash functions.
This technique determines an index or location for the storage of an item in a
data structure.
Need for Hash data structure
The amount of data on the internet is growing exponentially every day,
making it difficult to store it all effectively. In day-to-day programming, this
amount of data might not be that big, but still, it needs to be stored,
accessed, and processed easily and efficiently. A very common data structure
that is used for such a purpose is the Array data structure.

Now the question arises if Array was already there, what was the need for a
new data structure! The answer to this is in the word “efficiency“. Though
storing in Array takes O(1) time, searching in it takes at least O(log n) time.
This time appears to be small, but for a large data set, it can cause a lot of
problems and this, in turn, makes the Array data structure inefficient.

So now we are looking for a data structure that can store the data and search
in it in constant time, i.e. in O(1) time. This is how Hashing data structure
came into play. With the introduction of the Hash data structure, it is now
possible to easily store data in constant time and retrieve them in constant
time as well.

Components of Hashing
There are majorly three components of hashing:

1. Key: A Key can be anything string or integer which is fed as input in

the hash function the technique that determines an index or location
for storage of an item in a data structure.
2. Hash Function: The hash function receives the input key and returns
the index of an element in an array called a hash table. The index is
known as the hash index.
3. Hash Table: Hash table is a data structure that maps keys to values
using a special function called a hash function. Hash stores the data
in an associative manner in an array where each data value has its
own unique index.
Components of Hashing

What is Collision?
The hashing process generates a small number for a big key, so there is a
possibility that two keys could produce the same value. The situation where
the newly inserted key maps to an already occupied, and it must be handled
using some collision handling technology.
Collision in Hashing

Advantages of Hashing in Data Structures

● Key-value support: Hashing is ideal for implementing key-value data
structures.
● Fast data retrieval: Hashing allows for quick access to elements with
constant-time complexity.
● Efficiency: Insertion, deletion, and searching operations are highly
efficient.
● Memory usage reduction: Hashing requires less memory as it
allocates a fixed space for storing elements.
● Scalability: Hashing performs well with large data sets, maintaining
constant access time.
● Security and encryption: Hashing is essential for secure data storage
and integrity verification.
Hash Functions in System Security
Last Updated : 21 Mar, 2023

Hash Function is a function that has a huge role in making a System Secure
as it converts normal data given to it as an irregular value of fixed length. We
can imagine it to be a Shaker in our homes.
When we put data into this function it outputs an irregular value. The
Irregular value it outputs is known as “Hash Value”.Hash Values are simply
numbers but are often written in Hexadecimal. Computers manage values as
Binary. The hash value is also data and is often managed in Binary.

A hash function is basically performing some calculations in the computer.

Data values that are its output are of fixed length. Length always varies
according to the hash function. Value doesn’t vary even if there is a large or
small value.
If given the same input, two hash functions will invariably produce the same
output. Even if input data entered differs by a single bit, huge change in their
output values. Even if input data entered differs huge, there is a very minimal
chance that the hash values produced will be identical. If they are equal it is
known as “Hash Collision”.
Converting Hash Codes to their original value is an impossible task to
perform. This is the main difference between Encryption as Hash Function.
Features of hash functions in system security:

One-way function: Hash functions are designed to be one-way functions,

meaning that it is easy to compute the hash value for a given input, but
difficult to compute the input for a given hash value. This property makes
hash functions useful for verifying the integrity of data, as any changes to the
data will result in a different hash value.

Deterministic: Hash functions are deterministic, meaning that given the same
input, the output will always be the same. This makes hash functions useful
for verifying the authenticity of data, as any changes to the data will result in
a different hash value.

Fixed-size output: Hash functions produce a fixed-size output, regardless of

the size of the input. This property makes hash functions useful for storing
and transmitting data, as the hash value can be stored or transmitted more
efficiently than the original data.
Collision resistance: Hash functions should be designed to be collision
resistant, meaning that it is difficult to find two different inputs that produce
the same hash value. This property ensures that attackers cannot create a
false message that has the same hash value as a legitimate message.

Non-reversible: Hash functions are non-reversible, meaning that it is difficult

or impossible to reverse the process of generating a hash value to recover the
original input. This property makes hash functions useful for storing
passwords or other sensitive information, as the original input cannot be
recovered from the hash value.

Advantages:

Data integrity: Hash functions are useful for ensuring the integrity of data, as
any changes to the data will result in a different hash value. This property
makes hash functions a valuable tool for detecting data tampering or
corruption.

Message authentication: Hash functions are useful for verifying the

authenticity of messages, as any changes to the message will result in a
different hash value. This property makes hash functions a valuable tool for
verifying the source of a message and detecting message tampering.

Password storage: Hash functions are useful for storing passwords in a

secure manner. Hashing the password ensures that the original password
cannot be recovered from the hash value, making it more difficult for
attackers to access user accounts.

Fast computation: Hash functions are designed to be fast to compute, making

them useful for a variety of applications where efficiency is important.

Disadvantages:
Collision attacks: Hash functions are vulnerable to collision attacks, where an
attacker tries to find two different inputs that produce the same hash value.
This can compromise the security of hash-based protocols, such as digital
signatures or message authentication codes.

Rainbow table attacks: Hash functions are vulnerable to rainbow table

attacks, where an attacker precomputes a table of hash values and their
corresponding inputs, making it easier to crack password hashes.

Hash function weaknesses: Some hash functions have known weaknesses,

such as the MD5 hash function, which is vulnerable to collision attacks. It is
important to choose a hash function that is secure for the intended
application.

Limited input size: Hash functions produce a fixed-size output, regardless of

the size of the input. This can lead to collisions if the input size is larger than
the hash function output size.

Introduction of Firewall in Computer Network

Last Updated : 28 Jun, 2024

In the world of computer networks, a firewall acts like a security guard. Its job
is to watch over the flow of information between your computer or network
and the internet. It’s designed to block unauthorized access while allowing
safe data to pass through.

Essentially, a firewall helps keep your digital world safe from unwanted
visitors and potential threats, making it an essential part of today’s connected
environment. It monitors both incoming and outgoing traffic using a
predefined set of security to detect and prevent threats.
What is Firewall?
A firewall is a network security device, either hardware or software-based,
which monitors all incoming and outgoing traffic and based on a defined set
of security rules accepts, rejects, or drops that specific traffic.

● Accept: allow the traffic

● Reject: block the traffic but reply with an “unreachable error”
● Drop: block the traffic with no reply

A firewall is a type of network security device that filters incoming and

outgoing network traffic with security policies that have previously been set
up inside an organization. A firewall is essentially the wall that separates a
private internal network from the open Internet at its very basic level.
History and Need For Firewall
Before Firewalls, network security was performed by Access Control Lists
(ACLs) residing on routers. ACLs are rules that determine whether network
access should be granted or denied to specific IP address. But ACLs cannot
determine the nature of the packet it is blocking. Also, ACL alone does not
have the capacity to keep threats out of the network. Hence, the Firewall was
introduced. Connectivity to the Internet is no longer optional for
organizations. However, accessing the Internet provides benefits to the
organization; it also enables the outside world to interact with the internal
network of the organization. This creates a threat to the organization. In order
to secure the internal network from unauthorized traffic, we need a Firewall.

Working of Firewall
Firewall match the network traffic against the rule set defined in its table.
Once the rule is matched, associate action is applied to the network traffic.
For example, Rules are defined as any employee from Human Resources
department cannot access the data from code server and at the same time
another rule is defined like system administrator can access the data from
both Human Resource and technical department. Rules can be defined on the
firewall based on the necessity and security policies of the organization. From
the perspective of a server, network traffic can be either outgoing or
incoming.

Firewall maintains a distinct set of rules for both the cases. Mostly the
outgoing traffic, originated from the server itself, allowed to pass. Still,
setting a rule on outgoing traffic is always better in order to achieve more
security and prevent unwanted communication. Incoming traffic is treated
differently. Most traffic which reaches on the firewall is one of these three
major Transport Layer protocols- TCP, UDP or ICMP. All these types have a
source address and destination address. Also, TCP and UDP have port
numbers. ICMP uses type code instead of port number which identifies
purpose of that packet.

Default policy: It is very difficult to explicitly cover every possible rule on the
firewall. For this reason, the firewall must always have a default policy.
Default policy only consists of action (accept, reject or drop). Suppose no rule
is defined about SSH connection to the server on the firewall. So, it will
follow the default policy. If the default policy on the firewall is set to accept,
then any computer outside of your office can establish an SSH connection to
the server. Therefore, setting default policy as drop (or reject) is always a
good practice.

Types of Firewall
Firewalls can be categorized based on their generation.

1. Packet Filtering Firewall

Packet filtering firewall is used to control network access by monitoring

outgoing and incoming packets and allowing them to pass or stop based on
source and destination IP address, protocols, and ports. It analyses traffic at
the transport protocol layer (but mainly uses first 3 layers). Packet firewalls
treat each packet in isolation. They have no ability to tell whether a packet is
part of an existing stream of traffic. Only It can allow or deny the packets
based on unique packet headers. Packet filtering firewall maintains a filtering
table that decides whether the packet will be forwarded or discarded. From
the given filtering table, the packets will be filtered according to the
following rules:
● Incoming packets from network 192.168.21.0 are blocked.
● Incoming packets destined for the internal TELNET server (port 23)
are blocked.
● Incoming packets destined for host 192.168.21.3 are blocked.
● All well-known services to the network 192.168.21.0 are allowed.

2. Stateful Inspection Firewall

Stateful firewalls (performs Stateful Packet Inspection) are able to determine

the connection state of packet, unlike Packet filtering firewall, which makes it
more efficient. It keeps track of the state of networks connection travelling
across it, such as TCP streams. So the filtering decisions would not only be
based on defined rules, but also on packet’s history in the state table.
3. Software Firewall

A software firewall is any firewall that is set up locally or on a cloud server.

When it comes to controlling the inflow and outflow of data packets and
limiting the number of networks that can be linked to a single device, they
may be the most advantageous. But the problem with software firewall is
they are time-consuming.

4. Hardware Firewall

They also go by the name “firewalls based on physical appliances.” It

guarantees that the malicious data is halted before it reaches the network
endpoint that is in danger.

5. Application Layer Firewall

Application layer firewall can inspect and filter the packets on any OSI layer,
up to the application layer. It has the ability to block specific content, also
recognize when certain application and protocols (like HTTP, FTP) are being
misused. In other words, Application layer firewalls are hosts that run proxy
servers. A proxy firewall prevents the direct connection between either side
of the firewall, each packet has to pass through the proxy.

6. Next Generation Firewalls (NGFW)

NGFW consists of Deep Packet Inspection, Application Inspection, SSL/SSH

inspection and many functionalities to protect the network from these
modern threats.

7. Proxy Service Firewall

This kind of firewall filters communications at the application layer, and
protects the network. A proxy firewall acts as a gateway between two
networks for a particular application.

8. Circuit Level Gateway Firewall

This works as the Sessions layer of the OSI Model’s . This allows for the
simultaneous setup of two Transmission Control Protocol (TCP) connections.
It can effortlessly allow data packets to flow without using quite a lot of
computing power. These firewalls are ineffective because they do not inspect
data packets; if malware is found in a data packet, they will permit it to pass
provided that TCP connections are established properly.

Functions of Firewall
● Every piece of data that enters or leaves a computer network must
go via the firewall.
● If the data packets are safely routed via the firewall, all of the
important data remains intact.
● A firewall logs each data packet that passes through it, enabling the
user to keep track of all network activities.
● Since the data is stored safely inside the data packets, it cannot be
altered.
● Every attempt for access to our operating system is examined by our
firewall, which also blocks traffic from unidentified or undesired
sources.

Who Invented Firewalls?

The firewall keeps changing and getting better because different people have
been working on it since the late 1980s to the mid-90s. Each person added
new parts and improved versions of the firewall before it became what we
use in modern times. This means the firewall is always evolving to become
more effective and secure.

Jeff Mogul, Paul Vixie, and Brian Reid

In the late 1980s, Mogul, Reid, and Vixie worked at Digital Equipment Corp
(DEC) on packet-filtering technology. This tech became important for future
firewalls. They started the idea of checking external connections before they
reach computers on an internal network. Some people think this packet filter
was the first firewall, but it was really a part of the technology that later
became true firewall systems.

Kshitiji Nigam, William Cheswick, David Presotto, Steven Bellovin, and

Janardan Sharma

In the late 1980s to early 1990s, researchers at AT&T Bell Labs worked on a
new type of firewall called the circuit-level gateway. Unlike earlier methods,
this firewall didn’t need to reauthorize connections for each data packet but
instead vetted and allowed ongoing connections. From 1989 to 1990,
Presotto, Sharma, and Nigam developed this technology, and in 1991,
Cheswick and Bellovin continued to advance firewall technology based on
their work.

Marcus Ranum

From 1991 to 1992, Ranum introduced security proxies at DEC, which

became a crucial part of the first application-layer firewall product. Known as
the Secure External Access Link (SEAL) product, it was based on earlier work
by Reid, Vixie, and Mogul at DEC. SEAL marked the first commercially
available firewall, pioneering the way for enhanced network security through
application-level protection.

Gil Shwed and Nir Zuk

From 1993 to 1994, at Check Point, Gil Shwed and developer Nir Zuk made
major contributions to creating the first widely-used and easy-to-use firewall
product called Firewall-1. Gil Shwed pioneered stateful inspection
technology, filing a U.S. patent in 1993. Following this, Nir Zuk developed a
user-friendly graphical interface for Firewall-1 in 1994. These innovations
were pivotal in making firewalls accessible and popular among businesses
and homes, shaping their adoption for years to come.

Importance of Firewalls
So, what does a firewall do and why is it important? Without protection,
networks are vulnerable to any traffic trying to access your systems, whether
it’s harmful or not. That’s why it’s crucial to check all network traffic.

When you connect personal computers to other IT systems or the internet, it

opens up many benefits like collaboration, resource sharing, and creativity.
But it also exposes your network and devices to risks like hacking, identity
theft, malware, and online fraud.

Once a malicious person finds your network, they can easily access and
threaten it, especially with constant internet connections.

Using a firewall is essential for proactive protection against these risks. It

helps users shield their networks from the worst dangers.

What Does Firewall Security Do?

A firewall serves as a security barrier for a network, narrowing the attack
surface to a single point of contact. Instead of every device on a network
being exposed to the internet, all traffic must first go through the firewall.
This way, the firewall can filter and block non-permitted traffic, whether it’s
coming in or going out. Additionally, firewalls help create a record of
attempted connections, improving security awareness.

What Can Firewalls Protect Against?

● Infiltration by Malicious Actors: Firewalls can block suspicious

connections, preventing eavesdropping and advanced persistent
threats (APTs).
● Parental Controls: Parents can use firewalls to block their children
from accessing explicit web content.
● Workplace Web Browsing Restrictions: Employers can restrict
employees from using the company network to access certain
services and websites, like social media.
● Nationally Controlled Intranet: Governments can block access to
certain web content and services that conflict with national policies
or values.

By allowing network owners to set specific rules, firewalls offer customizable

protection for various scenarios, enhancing overall network security.

Advantages of Using Firewall

● Protection From Unauthorized Access: Firewalls can be set up to
restrict incoming traffic from particular IP addresses or networks,
preventing hackers or other malicious actors from easily accessing a
network or system. Protection from unwanted access.
● Prevention of Malware and Other Threats: Malware and other threat
prevention: Firewalls can be set up to block traffic linked to known
malware or other security concerns, assisting in the defense against
these kinds of attacks.
● Control of Network Access: By limiting access to specified
individuals or groups for particular servers or applications, firewalls
can be used to restrict access to particular network resources or
services.
● Monitoring of Network Activity: Firewalls can be set up to record
and keep track of all network activity.
● Regulation Compliance: Many industries are bound by rules that
demand the usage of firewalls or other security measures.
● Network Segmentation: By using firewalls to split up a bigger
network into smaller subnets, the attack surface is reduced and the
security level is raised.

Disadvantages of Using Firewall

● Complexity: Setting up and keeping up a firewall can be
time-consuming and difficult, especially for bigger networks or
companies with a wide variety of users and devices.
● Limited Visibility: Firewalls may not be able to identify or stop
security risks that operate at other levels, such as the application or
endpoint level, because they can only observe and manage traffic at
the network level.
● False Sense of Security: Some businesses may place an excessive
amount of reliance on their firewall and disregard other crucial
security measures like endpoint security or intrusion detection
systems.
● Limited adaptability: Because firewalls are frequently rule-based,
they might not be able to respond to fresh security threats.
● Performance Impact: Network performance can be significantly
impacted by firewalls, particularly if they are set up to analyze or
manage a lot of traffic.
● Limited Scalability: Because firewalls are only able to secure one
network, businesses that have several networks must deploy many
firewalls, which can be expensive.
● Limited VPN support: Some firewalls might not allow complex VPN
features like split tunneling, which could restrict the experience of a
remote worker.
● Cost: Purchasing many devices or add-on features for a firewall
system can be expensive, especially for businesses.

Conclusion
In conclusion, firewalls play a crucial role in safeguarding computers and
networks. By monitoring and controlling incoming and outgoing data, they
help prevent unauthorized access and protect against cyber threats. Using a
firewall is a smart way to enhance security and ensure a safer online
experience for users and organizations alike.

Important Question on Firewall

Question: A packet filtering firewall can [ISRO CS 2013]

(A) Deny certain users from accessing a service

(B) Block worms and viruses from entering the network

(C) Disallow some files from being accessed through FTP

(D) Block some hosts from accessing the network

Answer: Option (D)

For more details you can refer ISRO | ISRO CS 2013 | Question 44 published
quiz.

Frequently Asked Questions on Firewall – FAQs

Can Network Speeds Be Slowed Down by a Firewall?

Yes, Network speeds can be slowed down by a firewall.

How do firewall stop traffic?

The firewall acts as a constant filter, analyzing incoming data and blocking
anything that appears suspicious from entering your network to protect
system.

Can Firewalls Stop Worms?

Yes, Installing a firewall helps prevent worms and malicious software from
infecting a computer in addition to blocking unwanted traffic.

What is Cyber Security? Types and Importance

Last Updated : 13 Jun, 2024

Cyber Security is the body of technologies, processes, and practices designed

to protect networks, devices, programs, and data from attack, theft, damage,
modification, or unauthorized access. This includes using special programs to
check for harmful software and learning how to recognize and avoid online
scams. By practicing good cybersecurity, you can ensure your data stays
private and your online experiences are secure. It’s also known as Information
Security (INFOSEC), Information Assurance (IA), or System Security.

What is Cyber Security?

Cyber Security is the technique of protecting your systems, digital devices,
networks, and all of the data stored in the devices from cyber attacks. By
acquiring knowledge of cyber attacks and cyber security we can secure and
defend ourselves from various cyber attacks like phishing and DDoS attacks.
It uses tools like firewalls and antivirus software to protect your devices from
hackers and malware.

Encryption is the technique that helps to keep your personal information

private, you can only read it. Cybersecurity also teaches you how to spot
tricks like phishing, where bad guys try to steal your info by pretending to be
someone you trust. In short, cybersecurity keeps your online world safe and
secure.

What is Cybersecurity all about?

Cyber Security is important because the government, corporations, and
medical organizations, collect military, financial, process, and store
unprecedented amounts of data on a computer and other properties like
personal information, and this private information exposure could have
negative consequences.

Cyber Security proper began in 1972 with a research project on ARPANET

(The Advanced Research Projects Agency Network), a precursor to the
internet. ARPANET developed protocols for remote computer networking.
Example – If we shop from any online shopping website and share
information like email ID, address, and credit card details as well as save on
that website to enable a faster and hassle-free shopping experience, then
the required information is stored on a server one day we receive an email
which state that the eligibility for a special discount voucher from XXXXX
(hacker use famous website Name like Flipkart, Amazon, etc.) website to
receive the coupon code, and we will be asked to fill the details then we will
use saved card account credentials. Then our data will be shared because we
think it was just an account for the verification step, and then they can wipe a
substantial amount of money from our account.

That is why cybersecurity provides services as a Security Gateway to make

information more Secure; in today’s time, hackers are advanced. We can’t
surely say whether the data stored in my Devices is safe from outside threats.
With Cybercrime increasing rapidly, it’s crucial to have cybersecurity in place
in our personal life and our Business.

Different Types of Cybersecurity

1. Network Security

Focuses on securing computer networks from unauthorized access, data

breaches, and other network-based threats. It involves technologies such as
Firewalls, Intrusion detection systems (IDS), Virtual private networks (VPNs),
and Network segmentation.

● Guard your internal network against outside threats with increased

network security.
● Sometimes we used to utilize free Wi-Fi in public areas such as
cafes, Malls, etc. With this activity, 3rd Party starts tracking your
Phone over the internet. If you are using any payment gateway, then
your bank account can be Empty.
● So, avoid using Free Network because Free Network Doesn’t
support Securities.

2. Application Security
Concerned with securing software applications and preventing vulnerabilities
that could be exploited by attackers. It involves secure coding practices,
regular software updates and patches, and application-level firewalls.

● Most of the Apps that we use on our cell phones are Secured and
work under the rules and regulations of the Google Play Store.
● There are 3.553 million applications in Google Play, Apple App
Store has 1.642 million, and Amazon App Store has 483 million
available for users to download. When we have other choices, this
does not mean that all apps are safe.
● Many of the apps pretend to be safe, but after taking all information
from us, the app shares the user information with the 3rd-party.
● The app must be installed from a trustworthy platform, not from
some 3rd party website in the form of an APK (Android Application
Package).

3. Information or Data Security

Focuses on protecting sensitive information from unauthorized access,

disclosure, alteration, or destruction. It includes Encryption, Access controls,
Data classification, and Data loss prevention (DLP) measures.

● Incident response refers to the process of detecting, analyzing, and

responding to security incidents promptly.
● Promoting security awareness among users is essential for
maintaining information security. It involves educating individuals
about common security risks, best practices for handling sensitive
information, and how to identify and respond to potential threats
like phishing attacks or social engineering attempts.
● Encryption is the process of converting information into an
unreadable format (ciphertext) to protect it from unauthorized
access.

4. Cloud Security

It involves securing data, applications, and infrastructure hosted on cloud

platforms, and ensuring appropriate access controls, data protection, and
compliance. It uses various cloud service providers such as AWS, Azure,
Google Cloud, etc., to ensure security against multiple threats.

● Cloud-based data storage has become a popular option over the

last decade. It enhances privacy and saves data on the cloud,
making it accessible from any device with proper authentication.
● These platforms are free to some extent if we want to save more
data than we have to pay.
● AWS is also a new Technique that helps to run your business over
the internet and provides security to your data

5. Mobile Security

It involves securing the organizational and personal data stored on mobile

devices such as cell phones, tablets, and other similar devices against various
malicious threats. These threats are Unauthorized access, Device loss or
Theft, Malware, etc.

● Mobile is a very common device for day-to-day work. Everything we

access and do is from a mobile phone. Ex- Online class, Personal
Calls, Online Banking, UPI Payments, etc.
● Regularly backing up mobile device data is important to prevent
data loss in case of theft, damage, or device failure.
● Mobile devices often connect to various networks, including public
Wi-Fi, which can pose security risks. It is important to use secure
networks whenever possible, such as encrypted Wi-Fi networks or
cellular data connections.

6. Endpoint Security

Refers to securing individual devices such as computers, laptops,

smartphones, and IoT devices. It includes antivirus software, intrusion
prevention systems (IPS), device encryption, and regular software updates.

● Antivirus and Anti-malware software that scans and detects

malicious software, such as Viruses, Worms, Trojans, and
Ransomware. These tools identify and eliminate or quarantine
malicious files, protecting the endpoint and the network from
potential harm.
● Firewalls are essential components of endpoint security. They
monitor and control incoming and outgoing network traffic, filtering
out potentially malicious data packets.
● Keeping software and operating systems up to date with the latest
security patches and updates is crucial for endpoint security.

5. Critical Infrastructure Security

● All of the physical and virtual resources, systems, and networks that
are necessary for a society’s economics, security, or any combination
of the above to run smoothly are referred to as critical infrastructure.
Food and agricultural industries, as well as transportation systems,
comprise critical infrastructure.
● The infrastructure that is considered important might vary
depending on a country’s particular demands, resources, and level
of development, even though crucial infrastructure is comparable
across all nations due to basic living requirements.
● Industrial control systems (ICS), such as supervisory control and
data acquisition (SCADA) systems, which are used to automate
industrial operations in critical infrastructure industries, are
frequently included in critical infrastructure. SCADA and other
industrial control system attacks are very concerning. They can
seriously undermine critical infrastructure, including transportation,
the supply of oil and gas, electrical grids, water distribution, and
wastewater collection.
● Due to the links and interdependence between infrastructure
systems and sectors, the failure or blackout of one or more functions
could have an immediate, detrimental effect on several sectors.

6. Internet of Things (IoT) Security

● Devices frequently run on old software, leaving them vulnerable to

recently identified security vulnerabilities. This is generally the
result of connectivity problems or the requirement for end users to
manually download updates from a C&C center.
● Manufacturers frequently ship Internet of Things (IoT) devices (such
as home routers) with easily crackable passwords, which may have
been left in place by suppliers and end users. These devices are
easy targets for attackers using automated scripts for mass
exploitation when they are left exposed to remote access.
● APIs are frequently the subject of threats such as Man in the Middle
(MITM), code injections (such as SQLI), and distributed denial of
service (DDoS) attacks since they serve as a gateway to a C&C
center. You can read more about the effects of attacks that target
APIs here.
Why is cybersecurity Important?
Cybersecurity is essential for protecting our digital assets, including sensitive
personal and financial information, intellectual property, and critical
infrastructure. Cyberattacks can have serious consequences, including
financial loss, reputational damage, and even physical harm.

Cyber security is vital in any organization, no matter how big or small the
organization is. Due to increasing technology and increasing software across
various sectors like government, education, hospitals, etc., information is
becoming digital through wireless communication networks.
The importance of cyber security is to secure the data of various
organizations like email, yahoo, etc., which have extremely sensitive
information that can cause damage to both us and our reputation. Attackers
target small and large companies and obtain their essential documents and
information.

Cybersecurity has become increasingly important in today’s interconnected

world. As more and more data is stored and transmitted electronically, the
risk of cyber-attacks has also increased. Cybersecurity is the practice of
protecting computer systems, networks, and data from theft, damage, or
unauthorized access.

Cybersecurity Trends in 2024

1. Rise of AI and Machine Learning: More cybersecurity tools are using
artificial intelligence (AI) and machine learning to detect and respond to
threats faster than humans can. These technologies can analyze patterns and
predict potential attacks, making them a valuable asset in protecting
sensitive data.

2. Increase in Ransomware Attacks: Ransomware, where hackers lock you

out of your data until you pay a ransom, is becoming more common.
Companies and individuals alike need to back up their data regularly and
invest in security measures to avoid falling victim to these attacks.

3. Cloud Security: As more businesses move their data to the cloud, ensuring
this data is secure is a top priority. This includes using strong authentication
methods and regularly updating security protocols to protect against
breaches.

4. Internet of Things (IoT) Vulnerabilities: With more devices connected to

the internet, like smart home gadgets and wearable tech, there’s an
increased risk of cyberattacks. Ensuring these devices have updated security
features is crucial.

5. Zero Trust Security: This approach assumes that threats could come from
inside or outside the network, so it constantly verifies and monitors all access
requests. It’s becoming a standard practice to ensure a higher level of
security.

6. Cybersecurity Skills Gap: There is a growing need for skilled cybersecurity

professionals. As cyber threats become more sophisticated, the demand for
experts who can protect against these threats is higher than ever.

7. Regulatory Compliance: New regulations are being introduced worldwide

to protect personal data. Companies must stay informed about these laws to
ensure they comply and avoid hefty fines.

What are the Benefits of Cyber Security?

Protecting Sensitive Data

With the increase in digitalization, data is becoming more and more valuable.
Cybersecurity helps protect sensitive data such as personal information,
financial data, and intellectual property from unauthorized access and theft.

Prevention of Cyber Attacks

Cyber attacks, such as Malware infections, Ransomware, Phishing, and
Distributed Denial of Service (DDoS) attacks, can cause significant
disruptions to businesses and individuals. Effective cybersecurity measures
help prevent these attacks, reducing the risk of data breaches, financial
losses, and operational disruptions.

Safeguarding Critical Infrastructure

Critical infrastructure, including power grids, transportation systems,

healthcare systems, and communication networks, heavily relies on
interconnected computer systems. Protecting these systems from cyber
threats is crucial to ensure the smooth functioning of essential services and
prevent potential disruptions that could impact public safety and national
security.

Maintaining Business Continuity

Cyber attacks can cause significant disruption to businesses, resulting in lost

revenue, damage to reputation, and in some cases, even shutting down the
business. Cybersecurity helps ensure business continuity by preventing or
minimizing the impact of cyber attacks.

Compliance with Regulations

Many industries are subject to strict regulations that require organizations to

protect sensitive data. Failure to comply with these regulations can result in
significant fines and legal action. Cybersecurity helps ensure compliance with
regulations such as HIPAA, GDPR, and PCI DSS.

Protecting National Security

Cyber attacks can be used to compromise national security by targeting

critical infrastructure, government systems, and military installations.
Cybersecurity is critical for protecting national security and preventing cyber
warfare.
Preserving Privacy

In an era where personal information is increasingly collected, stored, and

shared digitally, cybersecurity is crucial for preserving privacy. Protecting
personal data from unauthorized access, surveillance, and misuse helps
maintain individuals’ privacy rights and fosters trust in digital services.

The Evolution of the Cybersecurity Threat Landscape

1. Phishing: This type of attack involves manipulating and tricking individuals
into providing sensitive information, such as passwords or credit card
numbers, through fake emails or websites. Phishing attacks have become
common and more sophisticated, posing a significant threat to both
individuals and businesses.

2. Ransomware: A major threat in recent years is ransomware, where

criminals lock your files and demand a ransom amount to unlock them. These
attacks have become more common and can target anyone from individuals
to large organizations.

3. Malware: Malicious software, or malware, is designed to damage or disrupt

computers and networks. It includes viruses, trojans, and spyware, and can
be used to steal data, monitor user activity, or gain control of systems.

4. Advanced Persistent Threats (APTs): These are long-term targeted attacks

often conducted by state-sponsored groups. APTs aim to steal data or
disrupt operations over an extended period, often remaining undetected for
months.

5.IoT Vulnerabilities: With more devices connected to the internet, like smart
home gadgets and wearable devices, there are new opportunities for cyber
attacks. Many of these devices lack strong security, which makies them easy
targets for hackers.
6.Cloud Security: As more data is stored in the cloud, ensuring its security
has become a top priority. Hackers are constantly trying to find ways to
access this data, making cloud security a critical area of focus.

How to Protect Yourself from Cyber Threats

There are several steps you can take to protect yourself from cyber threats,
including:

● Use strong passwords: Use unique and complex passwords for all
of your accounts, and consider using a password manager to store
and manage your passwords.
● Keep your software up to date: Keep your operating system,
software applications, and security software up to date with the
latest security patches and updates.
● Enable two-factor authentication: Enable two-factor authentication
on all of your accounts to add an extra layer of security.
● Be aware of suspicious emails: Be cautious of unsolicited emails,
particularly those that ask for personal or financial information or
contain suspicious links or attachments.
● Educate yourself: Stay informed about the latest cybersecurity
threats and best practices by reading cybersecurity blogs and
attending cybersecurity training programs.

Challenges of Cybersecurity
● Constantly Evolving Threat Landscape: Cyber threats are constantly
evolving, and attackers are becoming increasingly sophisticated.
This makes it challenging for cybersecurity professionals to keep up
with the latest threats and implement effective measures to protect
against them.
● Lack of Skilled Professionals: There is a shortage of skilled
cybersecurity professionals, which makes it difficult for organizations
to find and hire qualified staff to manage their cybersecurity
programs.
● Limited Budgets: Cybersecurity can be expensive, and many
organizations have limited budgets to allocate toward cybersecurity
initiatives. This can result in a lack of resources and infrastructure to
effectively protect against cyber threats.
● Insider Threats: Insider threats can be just as damaging as external
threats. Employees or contractors who have access to sensitive
information can intentionally or unintentionally compromise data
security.
● Complexity of Technology: With the rise of cloud computing, IoT,
and other technologies, the complexity of IT infrastructure has
increased significantly. This complexity makes it challenging to
identify and address vulnerabilities and implement effective
cybersecurity measures.

Strategies for Addressing Cybersecurity Challenges

● Comprehensive Risk Assessment: A comprehensive risk assessment
can help organizations identify potential vulnerabilities and prioritize
cybersecurity initiatives based on their impact and likelihood.
● Cybersecurity Training and Awareness: Cybersecurity training and
awareness programs can help employees understand the risks and
best practices for protecting against cyber threats.
● Collaboration and Information Sharing: Collaboration and
information sharing between organizations, industries, and
government agencies can help improve cybersecurity strategies and
response to cyber threats.
● Cybersecurity Automation: Cybersecurity automation can help
organizations identify and respond to threats in real time, reducing
the risk of data breaches and other cyber attacks.
● Continuous Monitoring: Continuous monitoring of IT infrastructure
and data can help identify potential threats and vulnerabilities,
allowing for proactive measures to be taken to prevent attacks.

Conclusion
Cybersecurity is an essential part of our digital lives, protecting our personal
and professional assets from cyber threats. By understanding the types of
cyber threats, taking proactive steps to protect yourself, and staying informed
about the latest best practices, you can help ensure the safety and security of
your digital assets.

What is Cyber Security, Types and Importance -FAQs

What are the seven layers of cybersecurity?

● Mission-Critical Assets
● Data Security
● Endpoint Security
● Application Security
● Network Securit
● Perimeter Security
● The Human Layer
What are the 6 stages of cyber attack?

The 6 stages of the cyber attack lifecycle are reconnaissance, weaponization

& delivery, exploitation, installation, and command & control.

What are the basics of cybersecurity?

Use passwords for all your laptops, tablets, and smartphones. Never leave
these devices unattended in public places. Encrypt any devices and storage
that hold sensitive personal information. This includes laptops, tablets,
smartphones, USB drives, backup tapes, and cloud storage.
What is an IP Address?
Last Updated : 05 Sep, 2023

All the computers of the world on the Internet network communicate with
each other with underground or underwater cables or wirelessly. If I want to
download a file from the internet or load a web page or literally do anything
related to the internet, my computer must have an address so that other
computers can find and locate mine in order to deliver that particular file or
webpage that I am requesting. In technical terms, that address is called IP
Address or Internet Protocol Address.

Let us understand it with another example, like if someone wants to send

you a mail then he/she must have your home address. Similarly, your
computer too needs an address so that other computers on the internet can
communicate with each other without the confusion of delivering information
to someone else’s computer. And that is why each computer in this world has
a unique IP Address. Or in other words, an IP address is a unique address
that is used to identify computers or nodes on the internet. This address is
just a string of numbers written in a certain format. It is generally expressed
in a set of numbers for example 192.155.12.1. Here each number in the set is
from 0 to 255 range. Or we can say that a full IP address ranges from 0.0.0.0
to 255.255.255.255. And these IP addresses are assigned by IANA(known
as Internet Corporation For Internet Assigned Numbers Authority).

But what is Internet protocol? This is just a set of rules that makes the
internet work. You are able to read this article because your computer or
phone has a unique address where the page that you requested (to read this
article from GeeksforGeeks) has been delivered successfully.

Working of IP addresses
The working of IP addresses is similar to other languages. It can also use
some set of rules to send information. Using these protocols we can easily
send, and receive data or files to the connected devices. There are several
steps behind the scenes. Let us look at them

● Your device directly requests your Internet Service Provider which

then grants your device access to the web.
● And an IP Address is assigned to your device from the given range
available.
● Your internet activity goes through your service provider, and they
route it back to you, using your IP address.
● Your IP address can change. For example, turning your router on or
off can change your IP Address.
● When you are out from your home location your home IP address
doesn’t accompany you. It changes as you change the network of
your device.

Types of IP Address

IP Address is of two types:

1. IPv4: Internet Protocol version 4. It consists of 4 numbers separated by the

dots. Each number can be from 0-255 in decimal numbers. But computers do
not understand decimal numbers, they instead change them to binary
numbers which are only 0 and 1. Therefore, in binary, this (0-255) range can
be written as (00000000 – 11111111). Since each number N can be
represented by a group of 8-digit binary digits. So, a whole IPv4 binary
address can be represented by 32-bits of binary digits. In IPv4, a unique
sequence of bits is assigned to a computer, so a total of (2^32) devices
approximately = 4,294,967,296 can be assigned with IPv4.

IPv4 can be written as:

189.123.123.90

Classes of IPv4 Address: There are around 4.3 billion IPv4 addresses and
managing all those addresses without any scheme is next to impossible.
Let’s understand it with a simple example. If you have to find a word from a
language dictionary, how long will it take? Usually, you will take less than 5
minutes to find that word. You are able to do this because words in the
dictionary are organized in alphabetical order. If you have to find out the
same word from a dictionary that doesn’t use any sequence or order to
organize the words, it will take an eternity to find the word. If a dictionary
with one billion words without order can be so disastrous, then you can
imagine the pain behind finding an address from 4.3 billion addresses. For
easier management and assignment IP addresses are organized in numeric
order and divided into the following 5 classes :

Address
IP Class Maximum number of networks
Range
Class
1-126 126 (27-2)
A

Class
128-191 16384
B

Class
192-223 2097152
C

Class
224-239 Reserve for multitasking
D

Class Reserved for Research and

240-254
E development

The 0.0.0.0 is a Non-routable address is that indicates an invalid, or

inapplicable end-user address.

A loopback address is a distinct reserved IP address range that starts from

127.0.0.0 ends at 127.255.255.255 though 127.255.255.255 is the
broadcast address for 127.0.0.0/8. The loopback addresses are built into the
IP domain system, enabling devices to transmit and receive the data packets.
The loopback address 127.0.0.1 is generally known as localhost.

2. IPv6: But, there is a problem with the IPv4 address. With IPv4, we can
connect only the above number of 4 billion devices uniquely, and apparently,
there are much more devices in the world to be connected to the internet. So,
gradually we are making our way to IPv6 Address which is a 128-bit IP
address. In human-friendly form, IPv6 is written as a group of 8 hexadecimal
numbers separated with colons(:). But in the computer-friendly form, it can
be written as 128 bits of 0s and 1s. Since, a unique sequence of binary digits
is given to computers, smartphones, and other devices to be connected to the
internet. So, via IPv6 a total of (2^128) devices can be assigned with unique
addresses which are actually more than enough for upcoming future
generations.

IPv6 can be written as:

2011:0bd9:75c5:0000:0000:6b3e:0170:8394

Classification of IP Address

An IP address is classified into the following types:

1. Public IP Address: This address is available publicly and it is assigned by
your network provider to your router, which further divides it to your devices.
Public IP Addresses are of two types,

● Dynamic IP Address: When you connect a smartphone or computer

to the internet, your Internet Service Provider provides you an IP
Address from the range of available IP Addresses. Now, your device
has an IP Address and you can simply connect your device to the
Internet and send and receive data to and from your device. The very
next time when you try to connect to the internet with the same
device, your provider provides you with different IP Addresses to the
same device and also from the same available range. Since IP
Address keeps on changing every time when you connect to the
internet, it is called a Dynamic IP Address.
● Static IP Address: Static address never changes. They serve as a
permanent internet address. These are used by DNS servers. What
are DNS servers? Actually, these are computers that help you to
open a website on your computer. Static IP Address provides
information such as device is located on which continent, which
country, which city, and which Internet Service Provider provides
internet connection to that particular device. Once, we know who is
the ISP, we can trace the location of the device connected to the
internet. Static IP Addresses provide less security than Dynamic IP
Addresses because they are easier to track.

2. Private IP Address: This is an internal address of your device which are not
routed to the internet and no exchange of data can take place between a
private address and the internet.

3. Shared IP addresses: Many websites use shared IP addresses where the

traffic is not huge and very much controllable, they decide to rent it to other
similar websites so to make it cost-friendly. Several companies and email
sending servers use the same IP address (within a single mail server) to cut
down the cost so that they could save for the time the server is idle.

4. Dedicated IP addresses: A dedicated IP Address is an address used by a

single company or an individual which gives them certain benefits using a
private Secure Sockets Layer (SSL) certificate which is not in the case of a
shared IP address. It allows to access the website or log in via File Transfer
Protocol (FTP) by IP address instead of its domain name. It increases the
performance of the website when the traffic is high. It also protects from a
shared IP address that is black-listed due to spam.

Lookup IP addresses

To know your public IP, you can simply search “What is my IP?” on google.
Other websites will show you equivalent information: they will see your
public IP address because, by visiting the location, your router has made an
invitation/request and thus revealed the information. the location IP location
goes further by showing the name of your Internet Service Provider and your
current city.

Finding your device’s private IP Address depends on the OS or platform you

are using.

● On Windows: Click Start and type “cmd” in the search box and run
the command prompt. In the black command prompt dialog box
type “ipconfig” and press enter. You will be able to see your IP
Address there.
● On Mac: Go to system preferences and select Network, you will be
able to see the information regarding your network which includes
your IP Address.

IP address security threats

Each IP address is associated with virtual ports in a computer that acts as a
doorway that allows web applications or websites to send and receive data
or information on your device. If after the connection is terminated the ports
remain open somehow, might allow hackers to get into your device. Once, a
hacker gets access to your device remotely through various tools and viruses,
they would be able to access all your stored files and data and your
computer hardware as well, which includes your webcam, mic, speaker, and
all your browsing history, your emails and saved passwords. These are some
serious threats from which we need to be extra careful.

Various online activities can reveal your IP address from playing games or
accepting bad cookies from a trap website or commenting on a website or
forum. Once, they have your IP, there are websites that help them get a
decent idea of your location. They can further use social media websites to
track your online presence and cross verify everything that they got from
these sites and use your information for their benefits or can sell these data
collected on the dark web which can further exploit you.

The worst which I have seen in my friend’s pc got infected while he was
installing an application that he downloaded from a pirated website. The
moment he hit install, a number of command prompt boxes started
appearing, tens of commands started running and after a while, it was back
to normal. Some malware was installed in the process. After a few days,
someone was trying to log in to his social media account and other accounts
using his computer as a host pc (his own IP address) but his computer was
idle. The hacker was using his pc and his network, i.e., his IP address to do
some serious stuff. He formatted his computer then and there, secured all his
emails and other accounts, and changed all the passwords and all the
security measures that had to be taken.

Cybercriminals use different techniques to get hands-on with your IP address

and know your location, get into your network and hack into your computers.
For instance, they will find you through Skype which uses IP addresses to
speak. If you are using these apps, it’s important to notice that your IP
address might be vulnerable. Attackers can use the various tools, where they
will find your IP address. Some of the threats are: Online stalking,
downloading illegal content using your IP address, tracking your location,
directly attacking your network, and hacking into your device.

Protect and hide IP address

To secure and hide your IP address from unwanted people always remember
the following points:

● Use a proxy server.

● Use a virtual private network (VPN) when using public Wi-Fi, you
are traveling, working remotely, or just want some privacy.
● Change privacy settings on instant messaging applications.
● Create unique passwords.
● Beware of phishing emails and malicious content.
● Use a good and paid antivirus application and keep it up to date.
● When you are using public wifi in a cafe or station or anywhere, you
must hide your IP address by using VPN. Getting your IP from public
wifi is just a cakewalk for these hackers and they are very good at
stealing all your information while using your computer’s address.
There are different phishing techniques in which they email you, call
you, and SMS you about giving vital information about you. They
give links to vicious websites which are pre-rigged. The moment you
open these websites, they steal all your device’s information
revealing all the information about you and your device which are to
be kept private. These leaks help the hackers to exploit your device
and install or download some spyware and malware on your device.
But using a good anti-virus gives you web security as well, which
will prevent those websites to launch and warn you about the
information being passed to these websites.
● It is also not recommended to use torrent or pirated websites which
are a threat to your online identity and can compromise your device
or emails or any other information about you.

Difference between Private and Public IP

addresses
IP Address or Internet Protocol Address is a type of address that is required
to communicate one computer with another computer for exchanging
information, file, webpage, etc. In this article, we will see the classification of
IP Addresses and the differences between Public and Private IP Addresses.
Before proceeding with that, let’s see what is an IP Address with an example.

If someone wants to send a particular file or a mail to you from his/her

computer, then an address is required to communicate with you without the
confusion of delivering that information to any other computer, that’s why an
address is required and that address is called an IP Address. IP Address is
unique for each computer.

Classification of IP Address
An IP Address is basically classified into two types:

● Private IP Address
● Public IP Address

What is a Private IP Address?

The Private IP Address of a system is the IP address that is used to
communicate within the same network. Using private IP data or information
can be sent or received within the same network. The router basically assigns
these types of addresses to the device. Unique private IP Addresses are
provided to each and every device that is present on the network. These
things make Private IP Addresses more secure than Public IP Addresses.

Can we trace Private IP Address?

Yes, we can trace Private IP Addresses, but this happens only by using other
devices on the local network. Devices that are connected to the local network
has private IP Address and this can only be visible to the devices that are
connected within that network. But it can’t be seen online as it happens in
public IP Addresses.

What is a Public IP Address?

The Public IP Address of a system is the IP address that is used to
communicate outside the network. A public IP address is basically assigned
by the ISP (Internet Service Provider).

Public IP Address is basically of two types:

● Dynamic IP Address: Dynamic IP Addresses are addresses that

change over time. After establishing a connection of a smartphone
or computer with the Internet, ISP provides an IP Address to the
device, these random addresses are called Dynamic IP Address.
● Static IP Address: Static Addresses are those addresses that do not
change with time. These are stated as permanent internet
addresses. Mostly these are used by the DNS (Domain Name
System) Servers.

Can we trace Public IP Address?

Yes, Public IP Addresses can be traced back to the Internet Service Provider
that can easily trace the geographical location. This might reveal the location
very easily to advertisers, hackers, etc. For using the Internet anonymously,
you can easily hide your IP Address by using different ways like VPN, Tor
Browser, etc. But among different ways, VPN is the fastest and most secure
way of using the Internet.
Difference Between Private and Public IP Addresses

Difference Between Private and Public IP Addresses

Private IP Address Public IP Address

The scope of Private IP is local. The scope of Public IP is global.

It is used to communicate within the It is used to communicate outside

network. the network.

Private IP addresses of the systems

Public IP may differ in a uniform
connected in a network differ in a
or non-uniform manner.
uniform manner.

It works only on LAN. It is used to get internet service.

It is used to load the network

It is controlled by ISP.
operating system.
It is available free of cost. It is not free of cost.

Public IP can be known by

Private IP can be known by entering
searching “what is my ip” on
“ipconfig” on the command prompt.
Google.

Range:

Range: Besides private IP

10.0.0.0 – 10.255.255.255, addresses, the rest are public.
172.16.0.0 – 172.31.255.255,

192.168.0.0 – 192.168.255.255

Example: 192.168.1.10 Example: 17.5.7.8

Public IP uses a numeric code

Private IP uses numeric code that is
that is unique and cannot be
not unique and can be used again
used by other
The public IP address has no
Private IP addresses are secure security and is subjected to
attack

Private IP addresses require NAT to Public IP does not require a

communicate with devices network translation

Frequently Asked Questions

1. Whether a device can have both Public and Private IP Addresses at a

time?

Answer:

Yes, a device can have both Public and Private IP Addresses at a single time.
This usually happens when Network Address Translation connects the local
network to the Internet.
2. Can we access the Internet with our Private IP Address?

Answer:

Yes, we can access the Internet with our Private IP Address. Router having
both private and public IP Addresses connection, becomes an intermediate in
connecting or accessing Internet.

3. Differentiate between Private vs Local vs Internal IP Addresses.

Answer:

As like public IP Address and external IP Address can be interchanged,

similarly in that way private and internal IP Address can be interchanged and
a private IP Address is also called as Local IP Address.
4. How does a Public IP Address differ from an external IP Address?

Answer:

Public IP Address and External IP Address are similar terms. This helps you
in connecting to the Internet from inside to outside your network.

5. What is the range of Private IP Addresses?

Answer:

The range of Private IP Addresses is defined by Internet Assigned Numbers

Authority (IANA) and it never appears on the Internet. The range can be
associated under:

● Class A: 10.0.0.0 – 10.255.255.255

● Class B: 172.16.0.0 – 172.31.255.255
● Class C: 192.168.0.0 – 192.168.255.255

6. What is the range of Public IP Addresses?

Answer:

Public IP Addresses can be any number except those that are reserved for
private IPs. But the main thing is that it must be unique.

What is Routing?
Last Updated : 16 Aug, 2024

The process of choosing a path across one or more networks is known as

Network Routing. Nowadays, individuals are more connected on the internet
and hence, the need to use Routing Communication is essential.

Routing chooses the routes along which Internet Protocol (IP) packets get
from their source to their destination in packet-switching networks. This
article will discuss the details of the Routing Process along with its different
types and working principles.

What is a Router?
Routers are specialized pieces of network hardware that make these
judgments about Internet routing. It is a networking device that forwards
data packets between computer networks. Also, it helps to direct traffic
based on the destination IP address. It ensures that data reaches its intended
destination.

As the router connects different networks, it manages data traffic between

them. The Router operates at Layer 3 (the network layer) of the OSI Model. It
is also responsible for determining the best path for data to travel from one
network to another.

What is Routing?
Routing refers to the process of directing a data packet from one node to
another. It is an autonomous process handled by the network devices to
direct a data packet to its intended destination. Note that, the node here
refers to a network device called – ‘Router‘.

Routing is a crucial mechanism that transmits data from one location to

another across a network (Network type could be any like LAN, WAN, or
MAN). The process of routing involves making various routing decisions to
ensure reliable & efficient delivery of the data packet by finding the shortest
path using various routing metrics which we will be discussing in this article.

Routing of a data packet is done by analyzing the destination IP Address of

the packet. Look at the below image:
Routing of packets

● The Source Node (Sender) sends the data packet on the network,
embedding the IP in the header of the data packet.
● The nearest router receives the data packet, and based on some
metrics, further routes the data packet to other routers.
● Step 2 occurs recursively till the data packet reaches its intended
destination.

Note: There are limits to how many hop counts a packet can do if it is
exceeded, the packet is considered to be lost.

What are Different Types of Routing?

Routing is typically of 3 types, each serving its purpose and offering different
functionalities.
Types of Routing

1. Static Routing

Static routing is also called as “non-adaptive routing”. In this, routing

configuration is done manually by the network administrator. Let’s say for
example, we have 5 different routes to transmit data from one node to
another, so the network administrator will have to manually enter the routing
information by assessing all the routes.

● A network administrator has full control over the network, routing

the data packets to their concerned destinations
● Routers will route packets to the destination configured manually by
the network administrator.
● Although this type of routing gives fine-grained control over the
routes, it may not be suitable for large-scale enterprise networks.

2. Dynamic Routing

Dynamic Routing is another type of routing in which routing is an

autonomous procedure without any human intervention. Packets are
transmitted over a network using various shortest-path algorithms and
pre-determined metrics. This type of routing is majorly preferred in modern
networks as it offers more flexibility and versatile functionality.

● It is also known as adaptive routing.

● In this, the router adds new routes to the routing table based on any
changes made in the topology of the network.
● The autonomous procedure of routing helps in automating every
routing operation from adding to removing a route upon updates or
any changes made to the network.

3. Default Routing

Default Routing is a routing technique in which a router is configured to

transmit packets to a default route that is, a gateway or next-hop device if no
specific path is defined or found. It is commonly used when the network has a
single exit point. The IP Router has the following address as the default
route: 0.0.0.0/0.

What is the Working Principle of Routing?

Routing works by finding the shortest path from the source node to the
destination node across a network. Here’s the step-by-step working of
routing:

Step 1: Communication initiation

The first step that typically happens is, one node (client or server) initiates a
communication across a network using HTTP protocols.

Step 2: Data Packets

The source device now breaks a big chunk of information into small data
packets for reliable and efficient transmission. This process is called
de-assembling and encapsulating the data payload. Then each data packet is
labeled with the destination node’s IP address.

Step 3: Routing Table

The Routing table is a logical data structure used to store the IP addresses
and relevant information regarding the nearest routers. The source node then
looks up the IP addresses of all the nodes that can transmit the packet to its
destination selects the shortest path using the shortest path algorithm and
then routes accordingly.

The Routing Table is stored in a router, a network device that determines the
shortest path and routes the data packet.

Step 4: Hopping procedure

In the procedure or routing, the data packet will undergo many hops across
various nodes in a network till it reaches its final destination node. Hop count
is defined as the number of nodes required to traverse through to finally
reach the intended destination node.

This hopping procedure has certain criteria defined for every data packet,
there’s a limited number of hops a packet can take if the packet exceeds that,
then it’s considered to be lost and is retransmitted.

Step 5: Reaching the destination node

Once all the data packets reach their intended destination node, they
re-assemble and transform into complete information that was sent by the
sender (source node). The receiver will perform various error-checking
mechanisms to verify the authenticity of the data packets.

Overall, the data packet will be transmitted over the least hop-count path as
well as the path on which there is less traffic to prevent packet loss.

Working of Routing

In the above image, we have 3 major components

● Sender
● Receiver
● Routers

The shortest path is highlighted in red, the path with the least hop count. As
we can see, there are multiple paths from source to node but if all the
appropriate metrics are satisfied, the data packets will be transmitted
through the shortest path (highlighted in red).

What are the Main Routing Protocols?

● RIP (Routing Information Protocol): It is a distance-vector protocol
that uses hop count as a metric.
● OSPF (Open Shortest Path First): OSPF is a link-state protocol that
finds the shortest path using the Dijkstra algorithm.
● EIGRP (Enhanced Interior Gateway Routing Protocol): It is a hybrid
protocol that combines features of distance-vector and link-state.
● BGP (Border Gateway Protocol): It is a path-vector protocol that is
used for routing between different autonomous systems on the
internet.
● IS-IS (Intermediate System to Intermediate System): It is a link-state
protocol that is primarily used in large networks like ISPs.

What are Different Routing Metrics?

The purpose of routing protocols is to learn about all the available paths to
route data packets, build routing tables, and make routing decisions based on
specified metrics. There are two primary types of routing protocols rest of
them ideate from these two only.

1. Distance Vector Routing

In this type of routing protocol, all the nodes that are a part of the network
advertise their routing table to their adjacent nodes (nodes that are directly
connected) at regular intervals. With each router getting updated at regular
intervals, it may take time for all the nodes to have the same accurate
network view.

● Uses fixed length sub-net, not suitable for scaling.

● Algorithm used: Bellman Ford Algorithm to find the shortest path.

2. Link State Routing

Link State Routing is another type of dynamic routing protocol in which
routes advertise their updated routing tables only when some new updates
are added. This results in the effective use of bandwidth. All the routers keep
exchanging information dynamically regarding different links such as cost
and hop count to find the best possible path.

● Uses a variable length subnet mask, which is scalable and uses

addressing more effectively.
● The algorithm used: Dijkstra’s Algorithm to find the shortest path.

Let’s look at the metrics used to measure the cost of travel from one node to
another:-

1. Hop Count: Hop count refers to the number of nodes a data packet
has to traverse to reach its intended destination. Transmitting from
one node to another node counts as 1 – hop count. The goal is to
minimize the hop count and find the shortest path.
2. Bandwidth Consumption: Bandwidth is the ability of a network to
transmit data typically measured in Kbps (Kilobits per second),
Mbps (Megabits per second), or Gbps (Gigabits per second). The
bandwidth depends on several factors such as – the volume of data,
traffic on a network, network speed, etc. Routing decision is made in
a way to ensure efficient bandwidth consumption.
3. Delay: Delay is the time it takes for a data packet to travel from the
source node to its destination node. There are different types of
delay such as – propagation delay, transmission delay, and queuing
delay.
4. Load: Load refers to the network traffic on a certain path in the
context of routing. A data packet will be routed to the path with a
lesser load so that it reaches its destination in the specified time.
5. Reliability: Reliability refers to the assured delivery of the data
packet to its intended destination although there are certain other
factors, the data packet is routed in such a way that it reaches its
destination. The stability and availability of the link in the network
are looked over before routing the data packet from a specific path.

What are the Advantages of Routing?

● Overall routing can be done in various ways its important to know
the requirements and use the one that fits right for our specific
needs, hence automated routing is typically preferred as the routing
of packets is done by the algorithms defined and the manually
configurable routing can give us a fine-grained control over the
network.
● Routing is a highly scalable operation for transmitting data that is, in
a large-scale enterprise network it becomes crucial to manage
information related to all the nodes that may be sharing sensitive
and confidential information regarding the organization.
● Load Balancing is also one of the crucial aspects taken care of by
routing data packets off the routes that are generally busy as
sending data through those routes will only put our data at risk of
getting lost.

What are the Disadvantages of Routing?

Every type of routing comes with some pros and cons here are some of the
disadvantages for specific types of routing :

● Static Routing: This type of routing is appropriate only for smaller

networks where the network administrator has an accurate view of
the network & good knowledge of topology else it might raise some
security concerns and complex configuration issues.
● Dynamic Routing: Everything is done automatically by the
algorithms, providing less control over the network that may not be
suitable for every kind of network. It is also computationally
expensive and consumes more bandwidth.
● Default Routing: The path on which the packets are to be
transmitted by default is configurable but can be a complex
procedure if not defined clearly.

Conclusion
Routing is a fundamental concept in computer science that allows every
network device across the world to share data across the internet. Here, the
shortest path is selected by the routing algorithms when routing a data
packet. So, the Routing Algorithms select the shortest path based on metrics
like – hop count, delay, bandwidth, etc.

What is Routing – FAQs

What are routing examples?

Traffic in a road system is an example of routing, in which driver picks a

selected path that reduces their travel time.

How does a router work?

Routes examine the IP in the header of every data packet received and if it
belongs to it then it keeps the data packet else it re-routes it to another
router based on some metrics.

What is a Default Gateway?

The default gateway is simply a router or another network device that allows
the host to connect with other networks outside its local network. It is a
crucial component of internetwork communication.

Intrusion Detection System (IDS)

An Intrusion Detection System (IDS) is a security tool that monitors a
computer network or systems for malicious activities or policy violations. It
helps detect unauthorized access, potential threats, and abnormal activities
by analyzing traffic and alerting administrators to take action. An IDS is
crucial for maintaining network security and protecting sensitive data from
cyber-attacks.
An Intrusion Detection System (IDS) maintains network traffic looks for
unusual activity and sends alerts when it occurs. The main duties of an
Intrusion Detection System (IDS) are anomaly detection and reporting,
however, certain Intrusion Detection Systems can take action when malicious
activity or unusual traffic is discovered. In this article, we will discuss every
point about the Intrusion Detection System.

What is an Intrusion Detection System?

A system called an intrusion detection system (IDS) observes network traffic
for malicious transactions and sends immediate alerts when it is observed. It
is software that checks a network or system for malicious activities or policy
violations. Each illegal activity or violation is often recorded either centrally
using an SIEM system or notified to an administration. IDS monitors a
network or system for malicious activity and protects a computer network
from unauthorized access from users, including perhaps insiders. The
intrusion detector learning task is to build a predictive model (i.e. a classifier)
capable of distinguishing between ‘bad connections’ (intrusion/attacks) and
‘good (normal) connections’.

Working of Intrusion Detection System(IDS)

● An IDS (Intrusion Detection System) monitors the traffic on a
computer network to detect any suspicious activity.
● It analyzes the data flowing through the network to look for patterns
and signs of abnormal behavior.
● The IDS compares the network activity to a set of predefined rules
and patterns to identify any activity that might indicate an attack or
intrusion.
● If the IDS detects something that matches one of these rules or
patterns, it sends an alert to the system administrator.
● The system administrator can then investigate the alert and take
action to prevent any damage or further intrusion.

Classification of Intrusion Detection System(IDS)

Intrusion Detection System are classified into 5 types:

● Network Intrusion Detection System (NIDS): Network intrusion

detection systems (NIDS) are set up at a planned point within the
network to examine traffic from all devices on the network. It
performs an observation of passing traffic on the entire subnet and
matches the traffic that is passed on the subnets to the collection of
known attacks. Once an attack is identified or abnormal behavior is
observed, the alert can be sent to the administrator. An example of
a NIDS is installing it on the subnet where firewalls are located in
order to see if someone is trying to crack the firewall.
● Host Intrusion Detection System (HIDS): Host intrusion detection
systems (HIDS) run on independent hosts or devices on the
network. A HIDS monitors the incoming and outgoing packets from
the device only and will alert the administrator if suspicious or
malicious activity is detected. It takes a snapshot of existing system
files and compares it with the previous snapshot. If the analytical
system files were edited or deleted, an alert is sent to the
administrator to investigate. An example of HIDS usage can be seen
on mission-critical machines, which are not expected to change their
layout.
Intrusion Detection System (IDS)

● Protocol-Based Intrusion Detection System (PIDS): Protocol-based

intrusion detection system (PIDS) comprises a system or agent that
would consistently reside at the front end of a server, controlling
and interpreting the protocol between a user/device and the server.
It is trying to secure the web server by regularly monitoring the
HTTPS protocol stream and accepting the related HTTP protocol. As
HTTPS is unencrypted and before instantly entering its web
presentation layer then this system would need to reside in this
interface, between to use the HTTPS.
● Application Protocol-Based Intrusion Detection System (APIDS): An
application Protocol-based Intrusion Detection System (APIDS) is a
system or agent that generally resides within a group of servers. It
identifies the intrusions by monitoring and interpreting the
communication on application-specific protocols. For example, this
would monitor the SQL protocol explicitly to the middleware as it
transacts with the database in the web server.
● Hybrid Intrusion Detection System: Hybrid intrusion detection
system is made by the combination of two or more approaches to
the intrusion detection system. In the hybrid intrusion detection
system, the host agent or system data is combined with network
information to develop a complete view of the network system. The
hybrid intrusion detection system is more effective in comparison to
the other intrusion detection system. Prelude is an example of
Hybrid IDS.

What is an Intrusion in Cybersecurity?

Understanding Intrusion Intrusion is when an attacker gets unauthorized
access to a device, network, or system. Cyber criminals use advanced
techniques to sneak into organizations without being detected. Common
methods include:
● Address Spoofing: Hiding the source of an attack by using fake,
misconfigured, or unsecured proxy servers, making it hard to identify
the attacker.
● Fragmentation: Sending data in small pieces to slip past detection
systems.
● Pattern Evasion: Changing attack methods to avoid detection by IDS
systems that look for specific patterns.
● Coordinated Attack: Using multiple attackers or ports to scan a
network, confusing the IDS and making it hard to see what is
happening.

Intrusion Detection System Evasion Techniques

● Fragmentation: Dividing the packet into smaller packet called
fragment and the process is known as fragmentation. This makes it
impossible to identify an intrusion because there can’t be a malware
signature.
● Packet Encoding: Encoding packets using methods like Base64 or
hexadecimal can hide malicious content from signature-based IDS.
● Traffic Obfuscation: By making message more complicated to
interpret, obfuscation can be utilised to hide an attack and avoid
detection.
● Encryption: Several security features, such as data integrity,
confidentiality, and data privacy, are provided by encryption.
Unfortunately, security features are used by malware developers to
hide attacks and avoid detection.

Benefits of IDS
● Detects Malicious Activity: IDS can detect any suspicious activities
and alert the system administrator before any significant damage is
done.
● Improves Network Performance: IDS can identify any performance
issues on the network, which can be addressed to improve network
performance.
● Compliance Requirements: IDS can help in meeting compliance
requirements by monitoring network activity and generating reports.
● Provides Insights: IDS generates valuable insights into network
traffic, which can be used to identify any weaknesses and improve
network security.

Detection Method of IDS

● Signature-Based Method: Signature-based IDS detects the attacks
on the basis of the specific patterns such as the number of bytes or
a number of 1s or the number of 0s in the network traffic. It also
detects on the basis of the already known malicious instruction
sequence that is used by the malware. The detected patterns in the
IDS are known as signatures. Signature-based IDS can easily detect
the attacks whose pattern (signature) already exists in the system
but it is quite difficult to detect new malware attacks as their pattern
(signature) is not known.
● Anomaly-Based Method: Anomaly-based IDS was introduced to
detect unknown malware attacks as new malware is developed
rapidly. In anomaly-based IDS there is the use of machine learning
to create a trustful activity model and anything coming is compared
with that model and it is declared suspicious if it is not found in the
model. The machine learning-based method has a
better-generalized property in comparison to signature-based IDS
as these models can be trained according to the applications and
hardware configurations.

Comparison of IDS with Firewalls

IDS and firewall both are related to network security but an IDS differs from
a firewall as a firewall looks outwardly for intrusions in order to stop them
from happening. Firewalls restrict access between networks to prevent
intrusion and if an attack is from inside the network it doesn’t signal. An IDS
describes a suspected intrusion once it has happened and then signals an
alarm.

Why Are Intrusion Detection Systems (IDS) Important?

An Intrusion Detection System (IDS) adds extra protection to your
cybersecurity setup, making it very important. It works with your other
security tools to catch threats that get past your main defenses. So, if your
main system misses something, the IDS will alert you to the threat.

Placement of IDS
● The most optimal and common position for an IDS to be placed is
behind the firewall. Although this position varies considering the
network. The ‘behind-the-firewall’ placement allows the IDS with
high visibility of incoming network traffic and will not receive traffic
between users and network. The edge of the network point
provides the network the possibility of connecting to the extranet.
● In cases, where the IDS is positioned beyond a network’s firewall, it
would be to defend against noise from internet or defend against
attacks such as port scans and network mapper.An IDS in this
position would monitor layers 4 through 7 of the OSI model and
would use Signature-based detection method. Showing the number
of attemepted breacheds instead of actual breaches that made it
through the firewall is better as it reduces the amount of false
positives. It also takes less time to discover successful attacks
against network.
● An advanced IDS incorporated with a firewall can be used to
intercept complex attacks entering the network. Features of
advanced IDS include multiple security contexts in the routing level
and bridging mode. All of this in turn potentially reduces cost and
operational complexity.
● Another choice for IDS placement is within the network. This choice
reveals attacks or suspicious activity within the network. Not
acknowledging security inside a network is detrimental as it may
allow users to bring about security risk, or allow an attacker who
has broken into the system to roam around freely.

Advantages
● Early Threat Detection: IDS identifies potential threats early,
allowing for quicker response to prevent damage.
● Enhanced Security: It adds an extra layer of security, complementing
other cybersecurity measures to provide comprehensive protection.
● Network Monitoring: Continuously monitors network traffic for
unusual activities, ensuring constant vigilance.
● Detailed Alerts: Provides detailed alerts and logs about suspicious
activities, helping IT teams investigate and respond effectively.

Disadvantages
● False Alarms: IDS can generate false positives, alerting on harmless
activities and causing unnecessary concern.
● Resource Intensive: It can use a lot of system resources, potentially
slowing down network performance.
● Requires Maintenance: Regular updates and tuning are needed to
keep the IDS effective, which can be time-consuming.
● Doesn’t Prevent Attacks: IDS detects and alerts but doesn’t stop
attacks, so additional measures are still needed.
● Complex to Manage: Setting up and managing an IDS can be
complex and may require specialized knowledge.

Conclusion
Intrusion Detection System (IDS) is a powerful tool that can help businesses
in detecting and prevent unauthorized access to their network. By analyzing
network traffic patterns, IDS can identify any suspicious activities and alert
the system administrator. IDS can be a valuable addition to any organization’s
security infrastructure, providing insights and improving network
performance.

Frequently Asked Questions on Intrusion Detection

System – FAQs

Difference between IDS and IPS?

When IDS detects intrusion it only alerts network administration while

Intrusion Prevention System(IPS) blocks the malicious packets before it
reaches to destination.
What are the key challenges of IDS implementation?

False positives and False Negatives are IDSs’ primary drawbacks. False
positives add to the noise that can seriously impair an intrusion detection
system’s (IDS) efficiency, while a false negative occurs when an IDS misses
an intrusion and consider it valid.

Can IDS detect insider threats?

Yes Intrusion Detection System can detect threats.

What is the role of machine learning in IDS?

By using Machine Learning, one can achieve a high detection rate and a low
false alarm rate.

Intrusion Prevention System (IPS)

Intrusion Prevention System is also known as Intrusion Detection and
Prevention System. It is a network security application that monitors network
or system activities for malicious activity. Major functions of intrusion
prevention systems are to identify malicious activity, collect information about
this activity, report it and attempt to block or stop it.

Intrusion prevention systems are contemplated as augmentation of Intrusion

Detection Systems (IDS) because both IPS and IDS operate network traffic
and system activities for malicious activity.

IPS typically record information related to observed events, notify security

administrators of important observed events and produce reports. Many IPS
can also respond to a detected threat by attempting to prevent it from
succeeding. They use various response techniques, which involve the IPS
stopping the attack itself, changing the security environment or changing the
attack’s content.

How Does an IPS Work?

An IPS works by analyzing network traffic in real-time and comparing it

against known attack patterns and signatures. When the system detects
suspicious traffic, it blocks it from entering the network.

Types of IPS

There are two main types of IPS:

1. Network-Based IPS: A Network-Based IPS is installed at the

network perimeter and monitors all traffic that enters and exits the
network.
2. Host-Based IPS: A Host-Based IPS is installed on individual hosts
and monitors the traffic that goes in and out of that host.

Why Do You Need an IPS?

An IPS is an essential tool for network security. Here are some reasons why:

● Protection Against Known and Unknown Threats: An IPS can block

known threats and also detect and block unknown threats that
haven’t been seen before.
● Real-Time Protection: An IPS can detect and block malicious traffic
in real-time, preventing attacks from doing any damage.
● Compliance Requirements: Many industries have regulations that
require the use of an IPS to protect sensitive information and
prevent data breaches.
● Cost-Effective: An IPS is a cost-effective way to protect your
network compared to the cost of dealing with the aftermath of a
security breach.
● Increased Network Visibility: An IPS provides increased network
visibility, allowing you to see what’s happening on your network and
identify potential security risks.
Classification of Intrusion Prevention System (IPS):
Intrusion Prevention System (IPS) is classified into 4 types:

1. Network-based intrusion prevention system (NIPS):

It monitors the entire network for suspicious traffic by analyzing
protocol activity.

2. Wireless intrusion prevention system (WIPS):

It monitors a wireless network for suspicious traffic by analyzing
wireless networking protocols.

3. Network behavior analysis (NBA):

It examines network traffic to identify threats that generate unusual
traffic flows, such as distributed denial of service attacks, specific
forms of malware and policy violations.

4. Host-based intrusion prevention system (HIPS):

It is an inbuilt software package which operates a single host for
doubtful activity by scanning events that occur within that host.

Comparison of Intrusion Prevention System (IPS) Technologies:

The Table below indicates various kinds of IPS Technologies:
IPS Types of
Scope
Technology Malicious Activity
per Sensor Strengths
Type Detected

Multiple
network
Network, subnets Only IDPS which can
Network-Ba transport, and analyze the widest
sed application TCP/IP range of application
and
layer activity protocols;
groups of
hosts

Wireless protocol
Multiple
activity;
WLANs
unauthorized
and
wireless Only IDPS able to
Wireless predict wireless
groups of protocol activity
local area
wireless
networks (WLAN)
clients
in use
Typically more
effective than the
others at
Network,
Multiple
transport, and
network
application TCP/IP identifying
subnets
layer activity reconnaissance
NBA scanning and
and
that causes
groups of
anomalous DoS attacks, and at
hosts
network flows reconstructing major

malware infections

Host application Can analyze activity

and operating that
system (OS)
activity; network,
transport, Individual was transferred in
Host-Based end-to-end
host

and application
TCP/IP layer encrypted

activity communications

Detection Method of Intrusion Prevention System (IPS):

1. Signature-based detection:
Signature-based IDS operates packets in the network and compares
with pre-built and preordained attack patterns known as signatures.

2. Statistical anomaly-based detection:

Anomaly based IDS monitors network traffic and compares it
against an established baseline. The baseline will identify what is
normal for that network and what protocols are used. However, It
may raise a false alarm if the baselines are not intelligently
configured.

3. Stateful protocol analysis detection:

This IDS method recognizes divergence of protocols stated by
comparing observed events with pre-built profiles of generally
accepted definitions of not harmful activity.

Comparison of IPS with IDS:

The main difference between Intrusion Prevention System (IPS) with
Intrusion Detection Systems (IDS) are:

1. Intrusion prevention systems are placed in-line and are able to

actively prevent or block intrusions that are detected.
2. IPS can take such actions as sending an alarm, dropping detected
malicious packets, resetting a connection or blocking traffic from the
offending IP address.
3. IPS also can correct cyclic redundancy check (CRC) errors,
defragment packet streams, mitigate TCP sequencing issues and
clean up unwanted transport and network layer options.

Conclusion:
An Intrusion Prevention System (IPS) is a crucial component of any network
security strategy. It monitors network traffic in real-time, compares it against
known attack patterns and signatures, and blocks any malicious activity or
traffic that violates network policies. An IPS is an essential tool for protecting
against known and unknown threats, complying with industry regulations,
and increasing network visibility. Consider implementing an IPS to protect
your network and prevent security breaches.

Intrusion Detection Systems (IDS) vs Intrusion

Prevention Systems (IPS)
Last Updated : 04 Jul, 2024

It is difficult to make Internet use secure in current situation, people are the
among the most important aspect. The two kinds of network security
instruments that are applied to protect against cyber threat dangers are
Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS)
thus forming a comprehensive scheme of cyber safeguards. a key point is to
admire IPS and IDS difference because they are the core of safeguarding
procedures against cyber threats.

Primary Terminologies
● Intrusion Detection System (IDS): Software that passively detects
network traffic patterns, reports them to be suspicious, and inserts
an administrative alert without killing the threat.
● Intrusion Prevention System (IPS): Another security measure that
detect events in real-time and blocks suspicious traffic from entering
the network before it leads to system abuse.
● Network Traffic: The data transfer referring for devices on a network,
this implies message, file transfer, and requests.
● Anomalies: A suspicious kind of network activity, unusual or
irregular from traffic patterns, that may be a result of security
concern.
● Cyber Threats: On the other hand, the success in establishing
network security can be attributed to the multidimensional nature of
security vulnerabilities, including viruses, malware and unauthorized
activities, intended for the networks.

Intrusion Detection System (IDS)

Intrusion Detection System (IDS) is a hardware or software tool that watches
network or system resources for unauthorized activities like illegal activity
and policy violations. It functions by conduct passive scanning on the
incoming network traffic and then compares it with the configured signatures
or behavior pattern to highlight an any inconsistencies that may indicate a
security breach. IDS generates alerts or records to inform admins but does
not take any active measures to prevent the threats from happening.

Example: IDS does detection of traffic increases in the networks, during the
non-burst times, and informs the administrators to see if this is a bad security
attack.

Intrusion Prevention System (IPS)

An additional layer of security called Intrusion Prevention System (IPS) which
is more advanced than IDS by detecting and preventing malicious activities
immediately is also a security measure. The functioning of Intrusion
Prevention System (IPS) is based on the interception of the network traffic as
it is flowing through the system, comparison of the known threats signatures
with the abnormal activity, and the quick response to the threats by either
blocking or neutralizing them before they can cause any harm to the network
or systems. In contrast, IDS only warns, whiles IPS actively blocks malicious
payloads.

Example: The IPS (Intrusion Prevention System) checking the signature in

real-time will not let malware with the single signature for the whole
network.

Conclusion
Briefly, Intrusion Detection Systems (IDS) do nothing other than detect and
warn administrators about any abnormal network activity while Intrusion
Prevention System (IPS) work in real-time and automatically stop malicious
traffic. While IDS provides alert however it doesn’t resolve the issue, IPS
takes proactive stance to mitigate the security breach. Whether it is an IDS or
IPS or both is a factor of the risk tolerance, budget and the need for
immediate threat response. These systems being complementary roles of a
comprehensive cybersecurity plan.

Intrusion Detection Systems (IDS) vs Intrusion Prevention

Systems (IPS) - FAQs

What is the main difference between IDS and IPS?

IDS is reactive as it identifies threats and alerts them without blocking them
while IPS is very proactive because it blocks malicious traffic in real-time.

Will an IDS impact network performance?

IDS can have an effect on performance by actively blocking threats as these
processes will take resources for analysis and blocking.

Can an IPS prevent all cyber threats?

However, IPS can block a part of the threats and protect against already
known entities, but it must be noticed that IPS cannot catch zero day and
advanced threats all the time.

Is it necessary to deploy both IDS and IPS?

It will depend on the organization’s requirements. Some will experience the

greatest benefit if they have both, which is total protection, while others will
just choose one based on their assessment of risk.

What are the key considerations when choosing between IDS and IPS?

Components comprise the organizations risk tolerance, funds, network

complexity and the need for immediate threat response.

Netstat command in Linux

Last Updated : 17 Jul, 2024

The netstat command is like a special tool in Linux that helps you understand
and check things about how your computer connects to the internet. It can
tell you about the connections your computer is making, the paths it uses to
send information, and even some technical details like how many packets of
data are being sent or received. In simple terms, it’s like a window that shows
you what’s happening with your computer and the internet. This article will
help you learn how to use netstat, exploring different ways to get specific
information and giving you a better idea of what’s going on behind the
scenes.

Overview of Netstat Command in Linux

`netstat` stands for network statistics. It allows users to display
network-related information and diagnose various networking issues. The
command has several options that can be combined to retrieve specific
details.

Basic Syntax of `netstat`Command in Linux

Below is the general syntax of the netstat command:

netstat [options]

Let’s explore some of the most commonly used options along with examples:

Some Practical Examples of netstat Commands in Linux:

1) Show Both Listening and Non-listening Sockets Using netstat

Command in Linux

-a -all : Show both listening and non-listening sockets. With the –interfaces
option, show interfaces that are not up.
netstat -a | more
2) List All TCP Ports Using netstat Command in Linux

This command specifically lists all TCP ports, giving you information about
the TCP connections your system is engaged in.
netstat -at
3) List All UDP Ports Using netstat Command in Linux

Similar to the previous example, this command focuses on UDP ports,

revealing details about UDP connections.
netstat -au
4) List Only Listening Ports Using netstat Command in Linux

By using this option, you can see only the ports that are actively listening for
incoming connections
netstat -l

To list only the listening ports.

5) List Only Listening TCP Ports Using netstat Command in Linux

Narrowing it down further, this command specifically lists the TCP ports that
are in a listening state.
netstat -lt

To list only the listening tcp ports.

6) List Only Listening UDP Ports Using netstat Command in Linux

Similarly, this command focuses on displaying only the UDP ports that are
actively listening.
netstat -lu

To list only the listening udp ports.

7) List Only Listening UNIX Ports Using netstat Command in Linux

For those working with UNIX systems, this option shows only the UNIX ports
that are in a listening state.
netstat -lx

To list only the listening UNIX ports.

8) List Statistics for All Ports Using netstat Command in Linux

This command provides statistical information for all ports, offering insights
into network activity.
netstat -s

To list the statistics for all ports.

9) List Statistics for TCP Ports Using netstat Command in Linux

For a more specific breakdown, this command displays statistics exclusively

for TCP ports.
netstat -st
To list the statistics for TCP ports.

10) List Statistics for UDP Ports Using netstat Command in Linux

Similarly, this command focuses on the statistical information related to UDP

ports.
netstat -su
List the statistics for UDP ports.

11) Display PID and Program Names Using netstat Command in Linux

This option enriches the output by displaying Process ID (PID) and program
names associated with network connections.
netstat -pt

To display the PID and program names.

12) Print Netstat Information Continuously Using netstat Command in

Linux

Executing this command continuously prints netstat information, updating at

regular intervals to provide real-time insights.
netstat -c
To print the netstat information continuously.

13) Get Non-supportive Address Families Using netstat Command in

Linux

To identify non-supportive address families on the system, use this command

for a detailed overview.
netstat --verbose
To get the non-supportive address families in the system.

At the end, we have something like this.

14) Get Kernel Routing Information Using netstat Command in Linux

This command retrieves kernel routing information, displaying destination

addresses, gateways, and interface details.
netstat -r

To get the kernel routing information.

15) Get Port on Which a Program is Running Using netstat Command in
Linux

To find the port on which a specific program, in this case, SSH, is running, use
this command.
netstat -ap | grep ssh

To get the port on which a program is running.

16) Identify Process Using a Particular Port Using netstat Command in
Linux

This command helps identify the process associated with a given port, such
as port 80 in this example.
netstat -an | grep ':80'

To get the process which is using the given port.

17) Get List of Network Interfaces Using netstat Command in Linux

Use this command to obtain a list of network interfaces, providing details

about each interface’s activities.
netstat -i

To get the list of network interfaces.

Display Extended Information on Interfaces Using netstat Command in
Linux

For extended information on interfaces, similar to the output of the ifconfig

command, use this option to gain comprehensive insights.
netstat -ie

To display extended information on the interfaces

Netstat command in Linux – FAQs

What is the netstat command in Linux used for?

The netstat command in Linux is a powerful networking tool used to display

a variety of information related to network connections, routing tables,
interface statistics, and more. It helps users diagnose network issues and
gain insights into the current state of network activities on a system.

How do I view all active connections using netstat?

To view all active connections using netstat, you can use the following
command:

netstat -a

This command displays both listening and non-listening sockets, providing a

comprehensive list of active network connections.
Can netstat show the processes associated with network connections?

Yes, netstat can show the processes associated with network connections. By
using the `-p` option, you can include the Process ID (PID) and program
names in the output. For example:

netstat -p

This command will display the processes along with their PIDs that are using
network resources.
How do I monitor network activity in real-time with netstat?

To monitor network activity in real-time using netstat, you can use the `-c`
option. This option continuously updates the netstat information at regular
intervals.

For example:

netstat -c

Executing this command will provide ongoing updates on network statistics.

What is the difference between netstat and ss command in Linux?

The netstat and ss commands in Linux both provide information about

network connections, but they differ in terms of features and efficiency. ss is
considered a more modern and efficient replacement for netstat. It provides
faster output, supports more filters, and is generally recommended for users
who want a more streamlined and up-to-date tool for viewing network
statistics. However, netstat remains widely used and available on many
systems.

How to show listening network ports with netstat in Linux?

To display listening network ports using netstat in Linux, you can use the
following command:

netstat -tuln

Here’s what each option means:

● -t: Show TCP connections.

● -u: Show UDP connections.
● -l: Display only listening sockets.
● -n: Show numerical addresses instead of resolving them to
hostnames.
This command will provide a list of all listening TCP and UDP ports along
with their respective numerical addresses

How to display all network connections with netstat in Linux?

To show all network connections using netstat in Linux, you can use the
following command:

netstat -a

Here’s the breakdown of the options:

● -a: Display all sockets, including listening and non-listening sockets.

This command will show a comprehensive list of all established connections,

listening sockets, and other network-related information. Additionally, you
can use the -n option to display numerical addresses instead of resolving
them to hostnames:

netstat -an

These commands will help you monitor and analyze network connections on
your Linux system.
Conclusion
In this article we discussed the netstat command in Linux which is like a
special tool that helps you see how your computer connects to the internet.
It’s like a window showing you information about connections, data paths,
and technical details. This article covers practical examples of netstat
commands, from displaying active connections to listing specific types of
ports and getting detailed statistics. Whether you’re a beginner or more
advanced, netstat offers versatile options. Common questions are answered,
making it clear what netstat does and how it differs from other commands
like ss in Linux. This knowledge helps users diagnose network issues and
understand their system’s internet activities better.

Linux Commands
Last Updated : 12 Mar, 2024

Linux is an operating system that is similar to Unix. In Linux, all commands

are executed in a terminal that is provided by the system. This terminal is
similar to the command prompt in Windows. It’s important to note that
Linux/Unix commands are case-sensitive. A Linux command can be a
program or a set of instructions that are entered by the user in the terminal
interface to execute various operations on the Linux Operating System. These
commands are an effective way to interact with the Linux Operating System
and provide a wide range of features, such as managing files and directories,
networking, process management, and user administration.

Today, the Linux kernel and other operating systems that are similar to Unix
share well over 100 Unix commands. For experienced users, Linux
Commands will be highly Customized and offer advanced functionality. All
the Linux/Unix commands are run in the terminal provided by the Linux
system.

A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | Q | R |
S | T | U | V | W | X | Y | Z

Commands Description

Used to check whether the calling program has access to a specified file. I
access
to check whether a file exists or not
Used to turn on or turn off the process for accounting or change info
accton
accounting file

aclocal Used to automatically generate aclocal.m4 files from configure.in

acpi Used to display the battery status and other ACPI information

Tests whether ACPI (Advanced Configuration and Power Interface) sub

acpi_available
available or not

It provides intelligent power management on a system and is used to

acpid
user-space programs about the ACPI events

addr2line Used to convert addresses into file names and line numbers

It is a Linux version of getty, which is a Unix program running on a host co

agetty
manages physical or virtual terminals to allow multi-user acce
Instructs the shell to replace one string with another string while exec
alias
commands

It is a command-line mixer for ALSA(Advanced Linux Sound Architecture

amixer
driver

It is a command-line audio player for ALSA(Advanced Linux Sound Arc

aplay
sound card drivers.

Used to play standard MIDI(Musical Instrument Digital Interface) files, by

aplaymidi
content of a MIDI file to an ALSA(Advanced Linux Sound Architecture)

It helps the user when they don’t remember the exact command but kn
apropos
keywords related to the command that define its uses or function

apt Provides a high-level CLI (Command Line Interface) for the package ma
system and is intended as an interface for the end user which enables so
better suited for interactive usage by default compared to more specialize
like apt-cache and apt-get

apt-get It is a command-line tool which helps in handling packages in Li

Opens up a highly built-in interface to interact with the package mana

aptitude
machine

ar Used to create, modify and extract the files from the archives

arch Used to print the computer architecture

It manipulates the System’s ARP cache. It also allows a complete dump

arp
cache

aspell Used as a spell checker in Linux

atd It is a job scheduler daemon that runs jobs scheduled for later exe

Used to remove the specified jobs. To remove a job, its job number is pa
atrm
command

atq It displays the list of pending jobs which are scheduled by the u

autoconf Used in Linux to generate configuration scripts

Used to create a template file of C “#define” or any other template he

autoheader
configure to use

Used for automatically generating Makefile.in files compliant with the set
automake
Standards

autoreconf Used to create automatically buildable source code for Unix-like sy

autoupdate Used to update configure.in file in our Linux system to a newer Aut

awk It is a scripting language used for manipulating data and generating

banner Used to print the ASCII character string in large letter to standard outp

basenam It strips directory information and suffixes from file names i.e. it prints the file nam
e any leading directory components removed

Used to read commands from standard input or a specified file and execute them w
batch
load levels permit i.e. when the load average drops below 1.5

bc Used for command line calculator

bg Used to place foreground jobs in background

A mail notification system for unix that notifies the user at the command line whe
biff
arrives and tells from whom it is

bind Used to set Readline key bindings and variables

bison It is basically a parser generator similar to yacc

break Used to terminate the execution of for loop, while loop and until loop

builtin Used to run a shell builtin, passing it arguments(args), and also to get the ex

bzcmp Used to invoke the cmp utility on bzip2 compressed files

bzdiff Used to compare the bzip2 compressed files

bzgrep Used to search for a pattern or an expression but inside a bzip2-compresse

bzip2 Used to compress and decompress the files

bzless It does not have to read the entire input file before starting, so with a large file, it st

bzmore Used as a filter for CRT viewing of bzip2 compressed files, which are saved with

Used to see the calendar of a specific month or a whole year. By default, it show
cal
month’s calendar as output
case It is the best alternative when we had to use multiple if/elif on a single var

Reads data from file and gives their content as output. It helps us to create, view,
cat
files

cc It is used to compile the C language codes and create executables

ccrypt It is a command line tool for encryption and decryption of data

cd Known as change directory command. It is used to change current working d

cfdisk It displays or manipulates the disk partition table by providing a text-based “graph

chage Used to view and change the user password expiry information
chattr It is a file system command which is used for changing the attributes of a file in

chfn It allows you to change a user’s name and other details easily. chfn stands for Ch

chgrp Used to change the group ownership of a file or directory

chkconfi
Used to list all available services and view or update their run level settin
g

chmod Used to change the access mode of a file

chown Used to change the file Owner or group

chpassw
Used to change password for multiple users at a time
d

chroot Used to change the root directory

chrt Used for manipulating the real-time attributes of a process

chsh Used to change the user’s login shell(currently login shell)

chvt Used to switch between the different TTY (TeleTYpewriter) terminals avai

Used to display a CRC(Cyclic Redundancy Check) value, the byte size of the file and
cksum
the file to standard output
clear Used to clear the terminal screen

Used to compare the two files byte by byte and helps you to find out whether the
cmp
identical or not

It is used to filter out reverse line feeds. The col utility simply reads from the stand
col
writes to standard output

colcrt Used to format the text processor output so that it can be viewed on Cathode Ray

colrm Removes selected columns from a file

column Used to display the contents of a file in columns

Compares two sorted files line by line and write to standard output; the lines that
comm
and the lines that are unique

compres Used to reduce the file size. After compression, the file will be available with an
s extension

continue Used to skip the current iteration in for, while and until loop

cp Used to copy files or group of files or directory

cpio stands for “copy in, copy out“. It is used for processing the archive files like *.
cpio
This command can copy files to and from archives

cpp It is automatically used by C compiler to transform your program before com

A software utility, offered by Linux-like operating system which automates the sche
cron
a predetermined time

A list of commands that you want to run on a regular schedule, and also the na
crontab
command used to manage that list

csplit Used to split any file into many parts as required by the user

ctags It allows quick access across the files (For example quickly seeing definition of a

It is a type of scheduler for CUPS (Common Unit Printing System). It implements

cupsd
system on the basis of the Internet Printing Protocol

curl A tool to transfer data to or from a server, using any of the supported prot
cut For cutting out the sections from each line of files and writing the result to stand

Used to store the history of a file. Whenever a file gets corrupted or anything goes
cvs
help us to go back to the previous version and restore our file

date Used to display the system date and time. It is also used to set date and time o

Used to evaluate arithmetic expressions. It evaluates expressions in the form

dc
expression

It is a command-line utility for Unix and Unix-like operating systems whose prim
dd
is to convert and copy files
declare Used to declare shell variables and functions, set their attributes and display

Used to generate a list of dependency description of kernel modules and its ass
depmod
files

df Used to display information related to file systems about total space and avai

diff Used to display the differences in the files by comparing the files line b

diff3 Used to compare the three files line by line

dir Used to list the contents of a directory

Used to remove the trailing forward slahes “/” from the NAME and prints the
dirname
portion

dirs Used to display the list of currently remembered directories

disable Used to stop the printers or classes

dmesg Used to examine the kernel ring buffer and print the message buffer of k

Used when the user wants to retrieve system’s hardware related informatio
dmidecode
Processor, RAM(DIMMs), BIOS detail, etc. of Linux system in a readable

domainnam
Used to return the Network Information System (NIS) domain name of th
e
dos2unix Converts a DOS text file to UNIX format

dosfsck Diagnoses MS-DOS file system for problems and attempts to repair th

Used to retrieve information or statistics form components of the system such

dstat
connections, IO devices, or CPU, etc.

Used to track the files and directories which are consuming excessive amount
du
hard disk drive

dump Used to backup the filesystem to some storage device

Used to print the super block and blocks group information for the filesystem
dumpe2fs
device
dumpkeys Used for the dump keyboard translation tables

echo Used to display line of text/string that are passed as an argument

Used for launching the ed text editor which is a line-based text editor with a minim
ed which makes it less complex for working on text files i.e creating, editing, displa
manipulating files

It treats the pattern as an extended regular expression and prints out the lines that
egrep
pattern

It allows ejecting a removable media (typically a CD-ROM, floppy disk, tape, or JAZ
eject
using the software
It is a editor having simple user interface. Also, there is no insert mode in this editor.
emacs
editing mode.

enable Used to start the printers or classes

Used to either print environment variables. It is also used to run a utility or command
env
environment

eval Built-in command used to execute arguments as a shell command

ex It is a text editor in Linux which is also termed as the line editor mode of the vi

exec Used to execute a command from the bash itself

exit Used to exit the shell where it is currently running

expan Allows you to convert tabs into spaces in a file and when no file is specified it reads f
d input

This command or scripting language works with scripts that expect user inputs. It au
expect
task by providing inputs

It is bash shell BUILTINS commands, which means it is part of the shell. It marks an
export
variables to be exported to child-processes

expr It evaluates a given expression and displays its corresponding output

Used to print the prime factors of the given numbers, either given from command lin
factor
standard input

fc Used to list, edit or re-execute the commands previously entered into an interac

fc-cach It scans the font directories and build font cache for applications which use fontconfig
e handling

It is used to list the available fonts and font styles. Using the format option, the list o
fc-list
be filtered and sorted out

Format disk is a dialog-driven command in Linux used for creating and manipulating
fdisk
table

fg Used to put a background job in foreground

fgrep Used to search for the fixed-character strings in a file

Used to determine the type of a file. .file type may be of human-readable(e.g. ‘ASCII
file
type(e.g. ‘text/plain; charset=us-ascii’)

find Used to find files and directories and perform subsequent operations on th

finger It is a user information lookup command which gives details of all the users log

fmt Works as a formatter for simplifying and optimizing text files

fold It wraps each line in an input file to fit a specified width and prints it to the stand

for Used to repeatedly execute a set of command for every element present in t
Displays the total amount of free space available along with the amount of memo
free
swap memory in the system, and also the buffers used by the kernel

Fun Used to draw various type of patterns on the terminal

functio
Used to create functions or methods
n

Used for preprocessing, compilation, assembly and linking of source code to ge

g++
executable file

gawk Used for pattern scanning and processing language

GNU Compiler Collections is used to compile mainly C and C++ language. It can al
gcc
compile Objective C and Objective C++

gdb GNU Debugger tool helps to debug the programs written in C, C++, Ada, For

getent Used to get the entries in a number of important text files called databa

gpasswd Used to administer the /etc/group and /etc/gshadow

Searches a file for a particular pattern of characters, and displays all lines that c
grep
pattern

groupadd Used to create a new user group

groupdel Used to delete a existing group

groupmo
Used to modify or change the existing group on Linux system
d

Groups are the collection of users. Groups make it easy to manage users with the
groups
and access privileges

It verifies the integrity of the groups information. It checks that all entries in /etc
grpck
/etc/gshadow have the proper format and contain valid data

It is used to convert to shadow groups. The grpconv command creates a gshado

grpconv
group and an optionally existing gshadow

This command invokes Ghostscript, which is an interpreter of Adobe Systems Po

gs
Portable Document Format(PDF) languages
gunzip Used to compress or expand a file or a list of files in Linux

Used to compress executable files and also used to automatically uncompress an

gzexe
files

gzip This command compresses files. Each single file is compressed into a sing

Used to instruct the hardware to stop all the CPU functions. Basically, it reboots
halt
system.

hash Used to maintain a hash table of recently executed programs

Used to get statistics about the hard disk, alter writing intervals, acoustic mana
hdparm
DMA settings

Head Prints the top N number of data of the given input

help Displays information about shell built-in commands

Used to filter and display the specified files, or standard input in a human reada
hexdump
format

history Used to view the previously executed command

host Used for DNS (Domain Name System) lookup operations

hostid Used to displays the Host’s ID in hexadecimal format

Used to obtain the DNS(Domain Name System) name and set the system’s ho
hostname
NIS(Network Information System) domain name.

hostnamect
Provides a proper API used to control Linux system hostname and change its rel
l

It is a command line utility that allows the user to interactively monitor the sys
htop
resources or server’s processes in real time

hwclock Utility for accessing the hardware clock, also called Real Time Clock (R
iconv Used to convert some text in one encoding into another encoding

Used to find out user and group names and numeric ID’s (UID or group ID) of the
id
or any other user in the server

if Used to execute commands based on conditions

ifconfig Used to configure the kernel-resident network interfaces.

It is a network analyzing tool used by system administrators to view the bandw

iftop
stats

ifup It basically brings the network interface up, allowing it to transmit and rece
Used for capturing a screenshot for any of the active pages we have and it gives
import
an image file

Reads documentation in the info format. It will give detailed information for a com
info
compared with the main page

insmod Used to insert modules into the kernel

install Used to copy files and set attributes

iostat Used for monitoring system input/output statistics for devices and partit

Used to display and monitor the disk IO usage details and even gets a table of
iotop
utilization by the process
ip Used for performing several network administration tasks

Used to remove some IPC(Inter-Process Communication) resources. It eliminat

ipcrm
objects and their associated data structure form the system

Shows information on the inter-process communication facilities for which the ca

ipcs
has read access

Used to set up and maintain tables for the Netfilter firewall for IPv4, included i
iptables
kernel

iptables-s It will save the current iptables rules in a user specified file, that can be used lat
ave user wants

Used to display the parameters, and the wireless statistics which are extrac
iwconfig
/proc/net/wireless
It is a command line utility for joining lines of two files based on a key field presen
join
the files

journalctl Used to view systemd, kernel and journal logs

Used to terminate processes manually. kill command sends a signal to a process which t
kill
the process

last Used to display the list of all the users logged in and out since the file /var/log/wtmp

less Used to read contents of text file one page(one screen) per time
let Used to evaluate arithmetic expressions on shell variables

ln Used to create links between files

locat
Used to find the files by name
e

look Shows the lines beginning with a given string

Used to display details about block devices and these block devices(Except ram disk)
lsblk
those files that represent devices connected to the pc.

Used to generate the detailed information of the system’s hardware configuration from
lshw
in the /proc directory
lsmo
Used to display the status of modules in the Linux kernel. It results in a list of loade
d

lsof Provides a list of files that are opened

lsusb Used to display the information about USB buses and the devices connected to

This command in Linux prints the mail queue i.e the list of messages that are there
mailq
queue

man Used to display the user manual of any command that we can run on the ter
md5su
To verify data integrity using MD5 (Message Digest Algorithm 5)
m

mkdir Allows the user to create directories. This command can create multiple directori

modinf
Used to display the information about a Linux Kernel module
o

Used to view the text files in the command prompt, displaying one screen at a time i
more
is large (For example log files)

mount Used to mount the filesystem found on a device to big tree structure(Linux filesystem

mpstat Used to report processor related statistics.

mv Used to move one or more files or directories from one place to another in file syste

nc(netcat
It is one of the powerful networking tool, security tool or network monitorin
)

Displays various network related information such as network connections, rout

netstat
interface statistics, masquerade connections, multicast memberships, e

Used for controlling NetworkManager. nmcli command can also be used to displ
nmcli
device status, create, edit, activate/deactivate, and delete network connect

It is a network administration tool for querying the Domain Name System (DNS
nslookup
domain name or IP address mapping or any other specific DNS record
o Used to convert the content of input in different formats with octal format as the default
d format

passwd Used to change the user account passwords

Used to join files horizontally (parallel merging) by outputting lines consisting of lin
paste
file specified, separated by tab as delimiter, to the standard output

pidof Used to find out the process IDs of a specific running program

ping Used to check the network connectivity between host and server/host
It is a user information lookup command which gives details of all the users logge
pinky
finger, in the pinky, you may trim the information of your interest.

Used to display the memory map of a process. A memory map indicates how mem
pmap
out

powerof
Sends an ACPI signal which instructs the system to power down
f

printf Used to display the given string, number or any other format specifier on the termi

Used to list the currently running processes and their PIDs along with some other
ps
depends on different options

pwd It prints the path of the working directory, starting from the root
ranlib Used to generate index to archive

rcp Used to copy files from one computer to another computer

read Reads up the total number of bytes from the specified file descriptor into the

readelf Used to get information of ELF(Executable and Linkable Format) Files

readlink Used to print resolved symbolic links or canonical file names

reboot Instructs the system to restart or reboot

rename Used to rename the named files according to the regular expression perle
Used to initialize the terminal. This is useful once a program dies leaving a term
reset
abnormal state

restore Used for restoring files from a backup created using dump

return Used to exit from a shell function.

rev Used to reverse the lines characterwise

Used to remove objects such as files, directories, symbolic links and so on from the fi
rm
UNIX

rmdir Used to remove empty directories from the filesystem in Linux

rmmod Used to remove a module from the kernel

route Used when you want to work with the IP/kernel routing table

It is a software utility for Unix-Like systems that efficiently sync files and directories
rsync
hosts or machines

Used to monitor Linux system’s resources like CPU usage, Memory utilization,
sar
consumption, etc.

scp Used to copy file(s) between servers in a secure way.

screen Provides the ability to launch and use multiple shell sessions from a single ss
script Used to make typescript or record all the terminal activities

scriptrepla Used to replay a typescript/terminal_activity stored in the log file that was reco
y script command

Used to compare two files and then writes the results to standard output in a s
sdiff
format

Used for finding, filtering, text substitution, replacement and text manipulations
sed
deletion search etc.

select Used to create a numbered menu from which a user can select an opt

seq Used to generate numbers from FIRST to LAST in steps of INCREMEN

setsid Used to run a program in a new session

shift Shifts/moves the command line arguments to one position left.

prints to standard output either the scan codes or the key code or the `ascii’ cod
showkey
pressed

shred Used in order to delete a file completely from hard disk

shutdown Used to shutdown the system in a safe way

sleep Used to create a dummy job. A dummy job helps in delaying the execu
Used to read and execute the content of a file(generally set of commands), pa
source
argument in the current shell script

sort Used to sort a file, arranging the records in a particular order

split Used to split large files into smaller files

ssh Protocol used to securely connect to a remote server/system

strace It is one of the most powerful process monitoring, diagnostic, instructional too

stty Used to change and print terminal line settings

sudo Used as a prefix of some command that only superuser are allowed to
sum Used to find checksum and count the blocks in a file

sync Used to synchronize cached writes to persistent storage

systemctl Used to examine and control the state of “systemd” system and service m

tac Used to concatenate and print files in reverse

Tail Prints the last N number of data of the given input

tar Used to create Archive and extract the Archive files

tee Reads the standard input and writes it to both the standard output and one or

Used to execute a command and prints a summary of real-time, user CPU time and
time
time spent by executing a command when it terminates

top Provides a dynamic real-time view of the running system

touch Used to create, change and modify timestamps of a file

tr It is a command line utility for translating or deleting characters

tracepath Used to traces path to destination discovering MTU along this path
tracerout
Prints the route that a packet takes to reach the host
e

Tree A recursive directory listing program that produces a depth-indented listing

It displays the information related to terminal. It basically prints the file name of
tty
connected to standard input

type Used to describe how its argument would be translated if used as comma

uname Displays the information about the system

unexpan
Converts each spaces into tabs writing the produced output to the standard
d

uniq It is a command line utility that reports or filters out the repeated lines in a

unix2dos Converts a Unix text file to DOS format

Used to execute a set of commands as long as the final command in the ‘until’ Com
until
exit status which is not zero

Uptime Used to find out how long the system is active (running)

useradd Used to add user accounts to your system

usermod Used to change the properties of a user in Linux through the command l

usernam
It provides a set of commands to fetch username and its configurations from the
e

users Used to show the user names of users currently logged in to the current h

userdel Used to delete a user account and related files

vi It is the default editor that comes with the UNIX operating system is called visua

It is a performance monitoring command of the system as it gives the information abo

vmstat
memory, paging, block IO, disk and CPU scheduling
Used by system administrators in order to monitor network parameters such as ba
vnstat
consumption or maybe some traffic flowing in or out

w Used to show who is logged on and what they are doing

Displays a message, or the contents of a file, or otherwise its standard input, on the
wall
all currently logged in users

watch Used to execute a program periodically, showing output in fullscreen

Used to find out number of lines, word count, byte and characters count in the files sp
wc
file arguments
Used to download files from the server even when the user has not logged on to the
Wget
can work in background without hindering the current process

whatis Used to get a one-line manual page descriptions

Used to locate the executable file associated with the given command by searching
which
environment variable

while Used to repeatedly execute a set of command as long as the COMMAND retur

who Used to get information about currently logged in user on to system

whoami Displays the username of the current user when this command is invoke
write Allows a user to communicate with other users, by copying lines from one user’s term

Used to build and execute commands from standard input. It converts input rece
xargs
standard input into arguments of a command

xdg-open Used to open a file or URL in the user’s preferred application

Used to print a continuous output stream of given STRING. If STRING is not mentioned
yes
prints ‘y’
zdiff Used to invoke the diff program on files compressed via gzip

Used to print the current time in the specified zone or you can say prints the current
zdump
zonename named on the command line

zgrep Used to search out expressions from a given a file even if it is compressed

It is a compression and file packaging utility for Unix. Each file is stored in single .zip {.
zip
file with the extension .zip

● Basic Linux Commands for day to day life

● Daily life Linux Commands
● Basic Shell Commands in Linux
● Difference between grep and fgrep command
● Running previous command with sudo
● Linux | Nmon
● Run commands as root with sudo
● Custom commands for linux terminal
● Implementation of ls | wc command
● Linux man page entries | different types
● Commands in Unix when things go wrong
● Soft and Hard links in Unix/Linux
● Regular Expression in grep
● Essential Linux/Unix Commands
● Important Linux Commands (leave, diff, cal, ncal, locate and ln)
● Practical applications of ‘ls’ command in Linux
● Network configuration and trouble shooting commands in Linux
● mindepth and maxdepth in Linux find() command for limiting search
to a specific directory
● How to Access All Users in Linux Using Different Commands?
● How to Build Your Own Commands in Linux?
● SetUID, SetGID, and Sticky Bits in Linux File Permissions

Ethical Hacking | Footprinting

Footprinting means gathering information about a target system that can be
used to execute a successful cyber attack. To get this information, a hacker
might use various methods with variant tools. This information is the first
road for the hacker to crack a system. There are two types of footprinting as
following below.

● Active Footprinting: Active footprinting means performing

footprinting by getting in direct touch with the target machine.
● Passive Footprinting: Passive footprinting means collecting
information about a system located at a remote distance from the
attacker.
Different kinds of information that can be gathered from Footprinting are as
follows:

● The operating system of the target machine

● Firewall
● IP address
● Network map
● Security configurations of the target machine
● Email id, password
● Server configurations
● URLs
● VPN

Sources are as follows:

● Social Media: Most people have the tendency to release most of

their information online. Hackers use this sensitive information as a
big deal. They may create a fake account for looking real to be
added as friends or to follow someone’s account for grabbing their
information.

● JOB websites: Organizations share some confidential data on many

JOB websites like monsterindia.com. For example, a company
posted on a website: “Job Opening for Lighttpd 2.0 Server
Administrator”. From this, information can be gathered that an
organization uses the Lighttpd web server of version 2.0.

● Google: Search engines such as Google have the ability to perform

more powerful searches than one can think and one had gone
through. It can be used by hackers and attackers to do something
that has been termed Google hacking. Basic search techniques
combined with advanced operators can do great damage. Server
operators exist like “inurl:”,”allinurl:”,”filetype:”, etc.
For example, devices connected to the Internet can be found. A
search string such as inurl: “ViewerFrame?Mode=” will find public
web cameras. “The “link:” search operator that Google used to have,
has been turned off by now (2017)”.
Google can be used to uncover many pieces of sensitive information
that shouldn’t be revealed. A term even exists for the people who
blindly post this information on the internet, they are called “Google
Dorks”.

● Social Engineering: There are various techniques that fall in this

category. A few of them are:

● Eavesdropping: The attacker tries to record the personal

conversation of the target victim with someone that’s being held
over communication mediums like the Telephone.
● Shoulder Surfing: In this technique, Attacker tries to catch the
personal information like email id, password, etc; of the victim by
looking over the victim’s shoulder while the same is
entering(typing/writing) his/her personal details for some work.

● Archive.org: The Archived version refers to the older version of the

website which existed a time before and many features of the
website have been changed. archive.org is a website that collects
snapshots of all the websites at a regular interval of time. This site
can be used to get some information that does not exist now but
existed before on the site.
● An Organization’s Website: It’s the best place to begin for an
attacker. If an attacker wants to look for open-source information,
which is information freely provided to clients, customers, or the
general public then simply the best option is: “ORGANISATION’s
WEBSITE”.

● Using Neo Trace: NeoTrace is a powerful tool for getting path

information. The graphical display displays the route between you
and the remote site, including all intermediate nodes and their
information. NeoTrace is a well-known GUI route tracer program.
Along with a graphical route, it also displays information on each
node such as IP address, contact information, and location.

● Who is: This is a website that serves a good purpose for Hackers.
Through this website information about the domain name, email-id,
domain owner, etc; a website can be traced. Basically, this serves as
a way for Website Footprinting.

Advantages:

● Footprinting allows Hackers to gather the basic security

configurations of a target machine along with network route and
data flow.
● Once the attacker finds the vulnerabilities he/she focuses on a
specific area of the target machine.
● It allows the hacker to identify as to which attack is handier to hack
the target system.

Counter Measures:

● Avoid posting confidential data on social media websites.

● Avoid accepting unwanted friend requests on social media
platforms.
● Promotion of education on various hacking tricks.
● Usage of footprinting techniques for identifying and removing
sensitive information from social media platforms.
● Proper configuration of web servers to avoid loss of information
about system configuration.

Types of Footprinting in Ethical Hacking

Last Updated : 12 Aug, 2024

The Footprinting is a way for the computer security experts to find the weak
spots in systems. The Hackers also use footprinting to learn about the
security of systems they want to attack. In this below article we are going to
talk about what footprinting means in ethical hacking. We will also look at
the tools used and from where this information is coming from and how it is
used in the ethical hacking and the different types of footprinting.

Footprinting helps both the good hackers (ethical hackers) and the bad
hackers (Blackhat Hackers) to get the important information. This information
is useful for testing the websites or understanding how an organization
protects its computer systems. The data collected through the footprinting is
very important for hackers, including those who use their skills to help make
systems safer.

What is Footprinting in Ethical Hacking?

The Footprinting in ethical hacking is when the good hackers use safe and
legal ways to find the weak spots in the computer systems. They look for the
things like the open doors in the system that bad hackers could use to get in.
By finding these weak spots, ethical hackers can help make the system safer.
Even though there’s always a risk of attacks, knowing where the problems
are can help stop many of them.

Types of Footprinting
1. Active Footprinting
2. Passive Footprinting

Active Footprinting

This involves gathering information about the target with direct interaction. In
this type of footprinting, the target may recognize the ongoing information
gathering process, as we only interact with the target network.

Passive Footprinting

This involves gathering information about the target without direct

interaction. It is a type of footprinting gathering that is mainly useful when
there is a requirement that the information-gathering activities are not to be
detected by the target is not sent to the target organization from a host or
from anonymous hosts or services over the Internet. We can just gather the
documented and put away data about the target utilizing web crawlers,
social networking websites, etc.

Types of Information Collected through Footprinting

When hackers do footprinting, they try to gather many different kinds of
information about a computer system or network. This information helps
them understand how the system works and where its weak spots might be.
Here’s a list of the main things hackers often look for.
1. IP Addresses
2. Whois Records
3. Types of Programs used
4. Firewall
5. How the Security is set up
6. Domain Names
7. Network Numbers
8. How the System checks who can use it
9. E-Mail addresses and Passwords

Each of these pieces of information can tell the hacker something important
about the system they’re looking at. For example, knowing the IP addresses
can help them find where the computers are on the internet, while knowing
about the firewall can tell them what kind of protection the system has.

Tools for Footprinting

Google Hacking

This is not about hacking Google itself. It’s about using Google search in a
clever way to find important information. Hackers use special search words
to find things that most people can’t find easily. This can help them learn
about an organization’s computers.

Who is Lookup

This tool helps hackers find basic information about websites. They can learn
things like Who owns the website and Where the website is located and
Other important details about the organization.

To use Who is Lookup:

1. Go to http://whois.domaintools.com/ in your web browser
2. Enter the website name or the IP address you want to learn about
3. Click ‘Search’
4. You’ll see information about the website

Social Engineering

The Social Engineering is a way of tricking the people to get the information.
It works like The hacker learns about the person they want to trick and then
they use what they know to make the person trust them and then they trick
the person into giving away the secret information.

NeoTrace

Neotrace is a computer program that shows information about networks. It

can tell hackers things like IP addresses and Where computers are located
and Information about the network’s parts. Hackers use these tools to learn
as much as they can learn about the systems that they want to attack.

Importance of Footprinting in Ethical Hacking

Identification of Vulnerabilities

When an ethical hacker uses footprinting, they can find weak spots in a
system. This means they might be able to get into the system, just like a bad
hacker would. Once inside, they can see which parts of the system are not
well protected. They can find open ports, which are like open doors that
hackers could use. They can also spot other weak points that bad hackers
might try to use. This helps them figure out what kinds of attacks could hurt
the system.
Knowledge of Security Framework

Footprinting helps ethical hackers learn a lot about how a system is

protected. They can see how the security is set up which tells them how the
system tries to keep the hackers out. They can also check if there is a firewall
which is like the guard that watches what goes in and out of the system. All
this information shows how well the system can stop the attacks. It is like
getting the map of all the defenses a system has.

Prediction of Attack type

By doing the footprinting ethical hackers can make the good guesses about
what kinds of attacks might work on the system. They look at all the weak
spots they found and think about how the bad hacker might try to use them.
They also look at how the system is protected and think about the ways to
get past those defenses. This helps them figure out which parts of the
system are most likely to be attacked. After Knowing this they can help make
those ports stronger before the real attack happens.

Conclusion
In this article we learned about the footprinting and how it works and why it
is important in the ethical hacking. Good hackers use it to protect systems but
everyone should take the steps to protect their own data too. This can
include using the VPNs removing important info from the internet and being
careful about what we share online. Remember any information on the
internet could be used by the hackers. Footprinting methods are always
changing so ethical hackers need to keep learning to stay ahead of the bad
hackers. By understanding the footprinting we can all help to keep our
systems and data safer.
Frequently Asked Questions on Types of Footprinting –
FAQ’s

Is footprinting only used by bad hackers?

No the footprinting is used by both good and bad hackers. Good hackers
called the ethical hackers use footprinting to find weak spots in the systems
so they can be fixed. They do this to help make computer systems safer.

How can I protect myself from footprinting?

You can protect yourself by being careful about what information you put
online. Use strong passwords and don’t share the personal details on public
websites and keep your computers security updated. Also be careful about
clicking on the strange links or downloading the files from the unknown
sources.

domainname Command in Linux With Examples

Last Updated : 10 Oct, 2024

domainname command in Linux is used to return the Network Information

System (NIS) domain name of the host. You can use hostname -d command
as well to get the host domainname. If the domain name is not set up in your
host then the response will be “none”.

In networking terminology, the domain name is the mapping of IP with the

name. Domain names are registered in the DNS server in case of a local
network. If the DNS server is not present you can put the entry in the
“/etc/hosts” file to map the IP address with the domain name.

Syntax
domainname [options]

Key Options for the domainname Command

1. domainname -h

Displays the help menu with all available options and syntax for the
command. This is helpful for beginners who want to explore what the
domainname command can do.
domainname -h
2. domainname -a or –alias

It is used to display the alias name. Returns blank line if alias name is not set
up.
domainname -a

3. domainname -A or –all-fqdns
It is used to display all the fully qualified domain names (FQDN).
domainname -A

4. domainname -b or –boot

Sets the default domain name if none is available. This option is useful for
configuring domain names during the boot process.
domainname -b allinone

In the below example, you can see initially ‘none’ domainname was returned
but after setting up command returns the new name.

5. domainname -s or –short

Displays the short version of the hostname (without the domain name).
domainname -s

6. domainname -I or –all-ip-addresses

Used to displays all IP addresses assigned to the host, use ip -a command to

check IP addresses.
domainname -I
7. domainname -i or –ip-address

Shows all IP addresses assigned to the host. You can use ip -a as an

alternative to check IP addresses.
domainname -i

8. domainname -y or –yp or –nis

Displays the Network Information System (NIS) domain name.

domainname -y

In this example you can see, the displayed domain name is the same as we
set up using -b option.

Other Useful Options

Option Description Command

-d or Displays the domain name of the DNS

domainname -d
--domain (Domain Name System).
Displays the long hostname, also
-f or
known as the Fully Qualified Domain
--fqdn or domainname -f
Name (FQDN). This includes both the
--long
hostname and the domain name.

Reads the hostname or NIS domain

-F or name from a specified file. Useful for domainname -F
--file automated scripts that require fetching /path/to/file
the domain name from a file.

Conclusion
The domainname command in Linux is a crucial tool for managing network
domain settings. If you’re troubleshooting network issues or configuring
domain names for hosts, domainname helps you view and modify the NIS
domain names easily. Its wide range of options, including displaying IP
addresses, setting default domain names, and listing FQDNs, makes it
versatile and essential for system administrators managing Linux systems in
networked environments.

Nslookup Command in Linux – FAQs

What is nslookup command used for?

The `nslookup` command is a network administration tool used for querying
the Domain Name System (DNS) to obtain domain name or IP address
mapping information. It’s commonly used to troubleshoot DNS-related
issues, check DNS records, and diagnose network problems.

How do I use nslookup to find the IP address of a domain?

To find the IP address associated with a domain using `nslookup`, simply

type `nslookup domain_name` in your terminal or command prompt,
replacing “domain_name” with the actual domain you want to look up. The
command will return the corresponding IP address(es) for that domain.

What are the common options or parameters used with nslookup?

Some common options or parameters used with `nslookup` include:

● -query=type: Specify the type of DNS record to query (e.g., A, MX,
NS).
● -server=server: Specify the DNS server to use for the query.
● -timeout=seconds: Set the timeout for the query.
● -debug: Enable debug mode to display detailed information.
● -help or ?: Display a help message with available options.

Why do I sometimes get “Non-authoritative answer” in nslookup results?

When `nslookup` returns a “Non-authoritative answer,” it means the DNS

server queried is not the primary authoritative server for the domain in
question. Instead, it obtained the information from a cached or secondary
server. This is common in recursive DNS setups where servers cache
responses for performance reasons.

What should I do if nslookup fails to resolve a domain name?

If `nslookup` fails to resolve a domain name, there are several steps you can
take to troubleshoot the issue:

● Check your internet connection and ensure DNS servers are

reachable.
● Verify the domain name spelling and try again.
● Check your DNS server settings or try querying a different DNS
server.
● Look for any firewall or network configuration issues that might be
blocking DNS queries.
● Consider using other tools like dig or host for additional
troubleshooting.

Conclusion
In this article we have discussed the `nslookup` command which is a variable
tool for querying the DNS server and obtaining information about domain
name or IP address mapping. We have studied that it is very useful for
troubleshooting DNS-related issues. We have also discussed options like
-type=a, -type=any, -type=mx, -type=ns, -type=ptr, and -type=soa. Overall,
we can say that by using nslookup information, administrators can gain
insights into the DNS infrastructure and resolve DNS-related problems
efficiently.

SubDomainizer – Subdomain finder in Kali Linux

Last Updated : 06 Jun, 2021

SubDomainizer is a free and open-source tool available on GitHub. This tool

is free means you can download and use this tool for free of cost.
SubDomainizer is used for reconnaissance of subdomains. SubDomainizer is
used for SubDomainizer of the target.

This tool is used to find subdomains from a website/web-applications.

Usually, what happens that it becomes very difficult for a security researcher
to find subdomains from an HTTPS website or web application. This tool
helps to get subdomains of all HTTPS websites.

SubDomainizer tool is written in python, you must have python installed into
your Kali Linux in order to use this tool. This tool comes with an awesome
user interface. The user interface of the tool is very similar to Metasploitable1
and metsploitable2 which makes it very easy to run and use.
SubDomainizer

Features and uses of SubDomainizer:

● SubDomainizer is a free and open-source tool available on GitHub.

● SubDomainizer is written in a Python language. You must have
python installed in your kali Linux machine
● SubDomainizer tool is used for reconnaissance of subdomains of
websites/webapplication.
● SubDomainizer tool is used for information gathering.
● SubDomainizer tool is used to find subdomains of the target.

Installation and step by step tutorial of SubDomainizer:

Step1:

To install the tool,first move to desktop and then install the tool using the
following commands.
cd Desktop

git clone https://github.com/nsonaniya2010/SubDomainizer.git

Step 2:

The tool has been downloaded onto your machine now. Now move to the
directory of the tool and use the following command to install the
requirements.
cd SubDomainizer

pip3 install -r requirements.txt

Now all the installation process has been done into your Kali Linux machine.
Now we will see the examples of using the tool.

Example 1:

Use the SubDomainizer tool to find the subdomains of website

www.Facebook.com.
Use the following command to run the tool or to find all the subdomains of
you target:-

python3 SubDomainizer.py -u http://www.facebook.com

Example 2 :

Use the SubDomainizer tool to find the subdomains of website

www.geeksforgeeks.org.

Use the following command to run the tool or to find all the subdomains of
your target.
python3 SubDomainizer.py -u https://www.geeksforgeeks.org

We get these subdomains.

Example 3 :

Use the SubDomainizer tool to find the subdomains of website

www.instagram.com

Use this command to run the tool or to find all the subdomains of your target.

python3 SubDomainizer.py -u http://www.instagram.com

You can see we got all the subdomains by using the SubDomainizer tool. This
is how you can also find all the subdomains of your target using
SubDomainizer tool.

Unlock the power of Linux with our Online Linux Course with Certification!
Whether a beginner or an experienced professional, this course is designed
to help you master Linux, the backbone of modern computing. Dive into
comprehensive modules covering everything from basic commands to
advanced system administration. With hands-on projects and real-world
examples, you'll gain the skills to manage Linux environments efficiently and
confidently. Plus, earn a certification that showcases your expertise to
potential employers.

Difference between Black Box and White and

Grey Box Testing
Last Updated : 25 Sep, 2024

1. Black Box Testing :

Black box testing is a type of software testing in which the functionality of
the software is not known. The testing is done without the internal
knowledge of the products. It is also called Functional testing. Black-box
testing focuses on software’s external attributes and behavior. This type of
testing looks at an application’s software’s expected behavior from the user’s
point of view.

2. White Box Testing :

White-box testing or glass-box testing is a software testing technique that
tests the software by using the knowledge of internal data structures,
physical logic flow, and architecture at the level of source code. This testing
works by looking at testing from the developer’s point of view. This testing is
also known as glass box testing, clear box testing, structural testing, or
non-functional testing.
3. Gray Box Testing :
Gray Box Testing is a combination of the Black Box Testing technique and the
White Box Testing technique in software testing. The gray-box testing
involves inputs and outputs of a program for the testing purpose but test
design is tested by using the information about the code. Gray-box testing is
well suited for web application testing because it factors in a high-level
design environment and the inter-operability conditions.

Explore the Complete Guide to Software Testing to master the different

testing approaches and enhance your software quality. Dive into Black Box
Testing, White Box Testing, and Gray Box Testing to understand their unique
perspectives and applications. Whether you’re looking to assess software
externally, through internal structures, or a combination of both, our guide
provides comprehensive insights to elevate your testing strategies.

Let’s see the tabular differences between them.

S.
N Black Box Testing Gray Box Testing White Box Testing
o.

This testing has Low This testing has a medium This testing has high-lev
1.
granularity. level of granularity. granularity.
It is done by end-users
It is done by end-users and
(called user acceptance It is generally done by test
2. also by the tester and
testing) and also by testers and developers.
developers.
and developers.

Here, the Internal code of t

Here, Internals are not Here, Internals relevant to
3. application and database
required to be known. the testing are known.
known.

It is likely to be less
Most exhaustive among a
4. exhaustive than the other It is kind of in-between.
three.
two.

It is based on requirements,
It provides better
and test cases on the
variety/depth in test cases It can exercise code with
5. functional specifications, as
on account of high-level relevant variety of data.
the internals are not
knowledge of the internals.
known.
If used algorithm testing is
If algorithm testing is not If algorithm testing is, it i
6. also not suited best for
suited best for that. suited best for that.
that.

It is suited for functional or

It is suited for functional or
7. business domain testing It is used for all.
business testing.
deeply.

Herein, we have a better

This testing involves
variety of inputs and the
validating the outputs for It involves structural testing
ability to extract test
8. given inputs, the enables logic coverage,
results from the database
application being tested as decisions, etc. within the co
for comparison with
a black-box technique.
expected results.

This is also called Glass-b

This is also called testing, Clear-box testing
Opaque-box testing, This is also called Design-based testing,
9.
Closed-box testing, translucent box testing Logic-based testing, Struct
input-output testing, testing, and Code-based
Data-driven testing, testing.
Behavioral, Functional
testing

Black-box test design Gray box test design

techniques- techniques-
White-box test design
techniques-
● Decision table ● Matrix testing
10 testing ● Regression
. ● Control flow testin
● All-pairs testing testing
● Data flow testing
● Equivalence ● Pattern testing
● Branch testing
partitioning ● Orthogonal Array
● Error guessing Testing

Gray Box testing does not

Black Box testing provides White Box testing does n
11 provide resilience and
resilience and security provide resilience and secu
. security against viral
against viral attacks. against viral attacks.
attacks.

Want to learn Software Testing and Automation to help give a kickstart to

your career? Any student or professional looking to excel in Quality
Assurance should enroll in our course, Complete Guide to Software Testing
and Automation, only on GeeksforGeeks. Get hands-on learning experience
with the latest testing methodologies, automation tools, and industry best
practices through practical projects and real-life scenarios. Whether you are
a beginner or just looking to build on existing skills, this course will give you
the competence necessary to ensure the quality and reliability of software
products. Ready to be a Pro in Software Testing? Enroll now and Take Your
Career to a Whole New Level!

How to Display Current Working Directory in Linux

| pwd Command
Last Updated : 17 Jul, 2024

The ‘pwd,’ which stands for “print working directory.” In this article, we will
delve into the ‘pwd’ command, exploring its functionality, usage, and various
examples. It prints the path of the working directory, starting from the root.
pwd is shell built-in command(pwd) or an actual binary(/bin/pwd). $PWD is
an environment variable that stores the path of the current directory. This
command has two flags.

Table of Content

● Syntax of `pwd` command in Linux

● Flags For Specific behavior in `pwd` command in Linux.
● How to Display the Current Working Directory in Linux

Syntax of `pwd` command in Linux

The basic syntax of the ‘pwd’ command is
pwd [OPTIONS]
This command doesn’t have any arguments or options, but it can accept flags
for specific behavior.

Flags For Specific behavior in `pwd` command in Linux.

● The “-L” flag resolves symbolic links and prints the path of the
target directory.
● The default behavior of the shell built-in “pwd” is equivalent to
using “pwd -L”.
● Mention the “-P” flag, which displays the actual path without
resolving symbolic links.
● The default behavior of the binary “/bin/pwd” is the same as using
“pwd -P”

pwd -L: Prints the symbolic path.

pwd -P: Prints the actual path.

How to Display the Current Working Directory in Linux

1. Displaying the Current Working Directory Using Built-in pwd (pwd):

To print the current working directory, simply enter:

Display the Current Working Directory

The output will be the absolute path of your current location in the file
system.

In the given example the directory /home/shital/logs/ is a symbolic link for a

target directory /var/logs/

2. Displaying the Current Working Directory Using Binary pwd (/bin/pwd):

Display the Current Working Directory

The default behavior of Built-in pwd is the same as pwd -L. Using “pwd -L”
to obtain the symbolic path of a directory containing a symbolic link.
The default behavior of /bin/pwd is the same as pwd -P. Utilizing “pwd -P” to
display the actual path, ignoring symbolic links.

3. The $PWD Environment variable.

The $PWD environment variable is a dynamic variable that stores the path of
the current working directory. It holds the same value as ‘pwd -L’ –
representing the symbolic path.

$PWD

Executing this command prints the symbolic path stored in the $PWD
environment variable

How to Display Current Working Directory in Linux | pwd

Command – FAQs

How do I print the current working directory in Linux using the ‘pwd’
command?
You can print the current working directory in Linux by simply entering the
‘pwd’ command in the terminal and pressing Enter. This will display the
absolute path of your current location in the file system.

What is the difference between ‘pwd’ and ‘/bin/pwd’ in Linux?

The ‘pwd’ command and ‘/bin/pwd’ binary both serve the purpose of printing
the current working directory. However, the default behavior differs: ‘pwd’
behaves as if the ‘-L’ option is used, while ‘/bin/pwd’ behaves like ‘pwd -P’,
displaying the actual path and ignoring symbolic links.

Can I redirect the output of ‘pwd’ to a file in Linux?

Yes, you can redirect the output of the ‘pwd’ command to a file by using the
following command:
pwd > filename.txt

This will write the absolute path of the current working directory to the
specified file

How can I store the current working directory in a variable for use in a
Linux script?

You can store the current working directory in a variable in a Linux script by
using the following syntax:

current_directory=$(pwd)
echo "The current working directory is: $current_directory"

This captures the output of ‘pwd’ in the variable ‘current_directory’ for later
use in your script.

What is the significance of the $PWD environment variable in Linux?

The $PWD environment variable in Linux holds the symbolic path of the
current working directory. It provides a dynamic way to access and utilize the
current directory path in scripts or commands. The value of $PWD is
equivalent to the output of ‘pwd -L’.

Conclusion
In this article we discussed the ‘pwd’ command in Linux, which helps you find
where you are in your computer’s folders or we can say “how to print the
current working directory “. It can show you the real folder path (‘pwd -P’) or
the symbolic one (‘pwd -L’). The $PWD thing does the same as ‘pwd -L’ and
is handy for scripts. Remember, ‘/bin/pwd’ shows the actual path. The FAQs
answered common questions, like how to use ‘pwd’ or save a folder path in a
script.

Difference Between Threat, Vulnerability and

Risk in Computer Network
Last Updated : 26 Jul, 2024

Learning about the fundament concepts of Threat, Vulnerability, and Risk

enables us to take better precautions against digital frauds and dangers. The
number of cybercrimes that have been rising in this digital era shows how the
aspects of our lives move online. In this article, we’ll learn about Threats,
Vulnerability, and Risk as well as look at the differences and how they relate
to each other.

What is Threat?
A cyber threat is a malicious act that seeks to steal or damage data or
discompose the digital network or system. Threats can also be defined as the
possibility of a successful cyber attack to get access to the sensitive data of a
system unethically. Examples of threats include computer viruses, Denial of
Service (DoS) attacks, data breaches, and even sometimes dishonest
employees.

Types of Threat
Threats could be of three types, which are as follows:

1. Intentional- Malware, phishing, and accessing someone’s account

illegally, etc. are examples of intentional threats.
2. Unintentional- Unintentional threats are considered human errors,
for example, forgetting to update the firewall or the anti-virus could
make the system more vulnerable.
3. Natural- Natural disasters can also damage the data, they are
known as natural threats.

What is Vulnerability?
In cybersecurity, a vulnerability is a flaw in a system’s design, security
procedures, internal controls, etc., that can be exploited by cybercriminals. In
some very rare cases, cyber vulnerabilities are created as a result of
cyberattacks, not because of network misconfigurations. Even it can be
caused if any employee anyhow downloads a virus or a social engineering
attack.

Types of Vulnerability
Vulnerabilities could be of many types, based on different criteria, some of
them are:

1. Network- Network vulnerability is caused when there are some

flaws in the network’s hardware or software.
2. Operating system- When an operating system designer designs an
operating system with a policy that grants every program/user to
have full access to the computer, it allows viruses and malware to
make changes on behalf of the administrator.
3. Human- Users’ negligence can cause vulnerabilities in the system.
4. Process- Specific process control can also cause vulnerabilities in
the system.
What is Risk?
Cyber risk is a potential consequence of the loss or damage of assets or data
caused by a cyber threat. Risk can never be completely removed, but it can be
managed to a level that satisfies an organization’s tolerance for risk. So, our
target is not to have a risk-free system, but to keep the risk as low as
possible.
Cyber risks can be defined with this simple formula- Risk = Threat +
Vulnerability. Cyber risks are generally determined by examining the threat
actor and type of vulnerabilities that the system has.

Types of Risks
There are two types of cyber risks, which are as follows:

1. External- External cyber risks are those which come from outside an
organization, such as cyberattacks, phishing, ransomware, DDoS attacks, etc.

2. Internal- Internal cyber risks come from insiders. These insiders could have
malicious intent or are just not be properly trained.

Real World Examples of Threat, Vulnerability and Risk in

Computer Network

Threats

1. The WannaCry Ransomware Attack in 2017 used flaws in Microsoft

Windows by encrypting data and demand ransom payments from
users.
2. Phishing Attacks, is the attack where the attacker uses email to
tricks users into disclosing their personal information that leads to
data breaches or financial loss.
3. A malicious code was inserted into SolarWinds Orion software by
the hackers that made it’s supply chain security vulnerable.

Vulnerabilities

1. A bug in the OpenSSL cryptographic package allowed attackers to

access sensitive data from different sites using this package.
2. In 2018, critical vulnerabilities was found in modern processors
permitted unauthorized access to data stored in memory.
3. A multiple zero-day vulnerabilities, together referred as
ProxyLogon, allowed attackers to inject malware in Microsoft
Exchange Server, which made it possible for the hackers to access
email accounts.

Risks

1. Target’s network, had some flaws which was exploited by external

attackers in 2013, allowing the attacker to steal credit card
information of millions of customers.
2. Due to a bug in Equifax’s web application, sensitive private
information of 147 million people was exposed.
3. In 2022, attackers obtained access to Okta’s internal system that
highlighted the vulnerability in it’s identity management system.

Difference Between Threat, Vulnerability, and Risk

Threat Vulnerability Risk

Take advantage of Known as the weakness
vulnerabilities in the in hardware, software, or The potential for loss or
system and have the designs, which might destruction of data is
potential to steal and allow cyber threats to caused by cyber threats.
damage data. happen.

Generally, can’t be
Can be controlled Can be controlled
controlled

It may or may not be

Generally, unintentional Always intentional
intentional.

Reducing data transfers,

Vulnerability downloading files from

Can be blocked by management is a reliable sources,

managing the process of identifying updating the software

vulnerabilities the problems, then regularly, hiring a

categorizing them, professional
prioritizing them, and cybersecurity team to
resolving the monitor data, developing
an incident management
vulnerabilities in that plan, etc. help to lower
order down the possibility of
cyber risks

Can be detected by
identifying mysterious
Can be detected by
Can be detected by emails, suspicious
penetration testing
anti-virus software and pop-ups, observing
hardware and many
threat detection logs unusual password
vulnerability scanners
activities, a slower than
normal network, etc

Conclusion
Despite having different meanings, the terms threat, vulnerability, and risk
are often used together. Threats are possibility of something negative to
happen, vulnerabilities are flaws that can be used against you, and risks are
the possible outcomes of these exploits. Understanding the difference
between them helps us in better risk prediction, reduces cyber threats,
improve system’s security and protect user sensitive private data.

Difference Between Threat, Vulnerability and Risk in

Computer Network – FAQs

How does regularly updating systems software help in reducing

vulnerabilities?
Software must be updated regularly as it helps in reducing vulnerabilities by
patching identified flaws and improving the overall security of the system.

What is the relationship between threat, vulnerabilities and risk?

Vulnerability x Threat = Risk

A single vulnerability multiplied by the number of possible threats gives an

estimate of the risk involved. This formula highlights the importance of both
identifying and controlling vulnerabilities and threats in order to correctly
evaluate and reduce risks.
What are some common examples of cybersecurity threats?

Common examples of cybersecurity threats are malware, phishing attacks,

ransomware, and Denial of Service (DoS) attacks.

Security Testing Tools – Software Testing

Last Updated : 30 Sep, 2024

Security testing tools are essential for identifying and addressing

vulnerabilities in applications, systems, and networks before they can be
exploited by malicious attackers. These tools play a crucial role in
safeguarding sensitive data, ensuring compliance, and maintaining trust with
users. In modern software testing, leveraging the right security testing tools
is key to delivering secure, reliable applications.

Whether you’re dealing with web applications, databases, or open-source

components, security testing ensures that potential threats are identified and
resolved early in the development process.

Table of Content
● What are Security Testing Tools?
● Security Testing Tools
● Advantages of Security Testing Tools
● Dis-advantages of Security Testing Tools
● Importance of Security Testing Tools
● Comparison Criteria of Security Testing Tools
● Security Testing Tools Key Features
● Conclusion
● Frequently Asked Questions on Security Testing Tools

What are Security Testing Tools?

Security testing tools encompass a variety of software applications and
utilities designed to evaluate the security posture of software systems. These
tools are essential components of software security testing, helping to
identify vulnerabilities, assess risks, and ensure robust security measures
within applications. They simulate various attack scenarios and analyze
software components for weaknesses that could potentially be exploited by
malicious actors.

Security Testing Tools

The following are some of the Security testing tools:
Security-testing-tools

1. Sqlmap

Sqlmap is an open-source penetration testing tool that automates the

process of detecting and exploiting SQL injection flaws. It supports different
database systems like MySQL, PostgreSQL, and Oracle.

Pros Cons
Requires deep understanding of SQL
Highly automated
injection

Wide database
Limited reporting capabilities
support

Customizable No GUI for ease of use

2. Burp Suite

Burp Suite is a widely used web application security testing tool. It provides
penetration testers and security professionals with a range of features like
web vulnerability scanning, penetration testing automation, and more.

Pros Cons

Comprehensive web vulnerability Expensive for the professional

detection version
Steep learning curve for advanced
Intuitive user interface
features

Resource-intensive during deep

Highly customizable
scans

3. Dynamic Application Security Testing (DAST)

DAST tools help to analyze web applications for security vulnerabilities by

simulating external attacks while the application is running.

Pros Cons

Detects runtime vulnerabilities False positives may occur

Supports continuous security Requires constant

testing maintenance
No need for source code access May not identify logic flaws

4. OWASP ZAP

OWASP ZAP (Zed Attack Proxy) is an open-source security testing tool

widely used for web application security. It allows easy testing for
vulnerabilities such as SQL injection, cross-site scripting (XSS), and other
common web application issues.

Pros Cons

GUI can be overwhelming for

Free and open-source
beginners

Frequent updates and community Limited advanced reporting

support capabilities
Easy integration with CI/CD Can be slow with large
pipelines applications

5. Black Duck Software Composition Analysis

Black Duck helps identify vulnerabilities in open-source software by

managing open-source risk. It scans and tracks software components to
ensure they are safe from security vulnerabilities.

Pros Cons

Excellent open-source component

Costly for small teams
scanning

Setup complexity for large

Effective vulnerability identification
projects
Limited customization of
Comprehensive reports
reports

6. SonarQube

SonarQube is a continuous inspection tool that helps in detecting bugs and

security vulnerabilities in code. It supports many languages like Java,
JavaScript, and Python.

Pros Cons

Extensive language support Requires high computational resources

Integrates well with CI/CD Custom rules can be challenging to

tools configure

Helps in code quality

Some false positives in results
management
7. W3af

W3af is an open-source web application security scanner that helps identify

over 200 types of vulnerabilities such as SQL injection, cross-site scripting
(XSS), and file inclusion vulnerabilities.

Pros Cons

Extensive vulnerability
Limited plugin support
database

Requires manual configuration for large

Open-source and free
applications

Good community support No frequent updates

8. Zed Attack Proxy (OWASP ZAP)

ZAP is one of the world’s most popular free security tools and is actively
maintained by a dedicated international team of volunteers.
Pros Cons

Free to use Lacks advanced reporting

Great for both beginners and Can have performance issues with
professionals large applications

Limited automated scanning

Regular updates
capabilities

9. Acunetix Ltd.

Acunetix is a web vulnerability scanner that detects vulnerabilities like SQL

injection, XSS, and other exploitable weaknesses in websites. It offers both
automated and manual penetration testing options.

Pros Cons
Comprehensive scanning
High license cost
features

Not as customizable as some other

Simple to use
tools

Good reporting Can be resource-intensive

10. Metasploit

Metasploit is a leading penetration testing tool that allows for rapid

exploitation of security vulnerabilities. It supports various platforms and
automates many tasks associated with penetration testing.

Pros Cons

Comprehensive exploit Steep learning curve for

library beginners
Can be time-consuming to
Highly customizable
configure

Excellent community
Not beginner-friendly
support

Advantages of Security Testing Tools

Here are the advantages of Security Testing Tools:

1. Early Vulnerability Detection: They help in identifying security

vulnerabilities early in the development process.
2. Automated Testing: Automates the testing process, saving time and
effort.
3. Comprehensive Coverage: Provides comprehensive coverage of
security flaws and weaknesses.
4. Enhanced Security Posture: Improves overall security posture by
identifying and fixing vulnerabilities.
5. Cost-Effective: Reduces the cost associated with manual security
testing.
6. Continuous Monitoring: Enables continuous monitoring and testing
of applications.
7. Regulatory Compliance: Helps in achieving regulatory compliance
by addressing security requirements.

Dis-advantages of Security Testing Tools

Here are the Dis-advantages of Security Testing Tools:

● Complexity: Some security testing tools can be complex to set up

and use, requiring specialized knowledge and training.
● False Positives: Tools may sometimes report vulnerabilities that are
not actually exploitable or relevant, leading to wasted time and
effort.
● False Negatives: Conversely, tools may miss certain vulnerabilities,
giving a false sense of security.
● Performance Overhead: Running intensive security tests can impact
the performance of the system under test, affecting its availability.
● Cost: Some commercial security testing tools can be expensive,
making them inaccessible for smaller organizations or projects.
● Limited Scope: Depending on the tool, it may only specialize in
certain types of vulnerabilities or platforms, limiting its overall
effectiveness.

Importance of Security Testing Tools

1. Determining Vulnerabilities: Tools for security testing assist in
locating holes and flaws in systems and software. They can
automatically scan code, configurations, and network settings to find
possible security flaws that an attacker could exploit.
2. Early Security Flaw Detection: It is more economical to find security
problems early in the development process and fix them later. By
enabling developers to find and fix vulnerabilities early in the
development cycle, security testing tools lower the likelihood of
security breaches in the actual production environment.
3. Steady Observation: Through the help of continuous monitoring of
systems and applications, security testing tools enable organizations
to identify potential new vulnerabilities as they arise. This is
necessary to keep the infrastructure robust and safe.
4. Risk Reduction: Testing tools help to reduce risk by finding and
fixing security flaws in systems. By identifying and addressing
high-risk areas first, organizations may lessen the chance of security
incidents that could lead to data breaches, monetary losses or
reputational harm.

Comparison Criteria of Security Testing Tools

Here are the key comparison criteria for security testing tools:

1. Vulnerability Coverage: Assess the types of vulnerabilities each tool

can detect, such as SQL injection, XSS, CSRF, etc. Some tools
specialize in specific types of vulnerabilities while others offer
broader coverage.
2. Automation: Evaluate the level of automation each tool provides.
Automated tools can scan and detect vulnerabilities without
extensive manual intervention, saving time and effort.
3. Accuracy: Consider the accuracy of the tool in detecting
vulnerabilities. Tools with high accuracy minimize false positives
(incorrectly identifying vulnerabilities) and false negatives (missing
real vulnerabilities).
4. Ease of Use: Assess the user interface and overall usability of the
tool. User-friendly interfaces and clear documentation make it easier
for testers to operate and interpret results.
5. Integration: Check if the tool integrates with other software
development tools and platforms such as IDEs, CI/CD pipelines,
issue trackers, etc. Integration facilitates seamless workflow and
enhances productivity.
6. Scalability: Evaluate how well the tool scales with the size and
complexity of the application being tested. Scalable tools can
handle large applications and complex environments effectively.

Security Testing Tools Key Features

● Vulnerability Detection: Tools should detect a wide range of
vulnerabilities such as SQL injection, XSS (Cross-Site Scripting),
CSRF (Cross-Site Request Forgery), authentication flaws, etc.
● Automated Scanning: Ability to automatically scan applications for
vulnerabilities without extensive manual intervention.
● Manual Testing Capabilities: Support for manual testing to simulate
real-world attack scenarios and verify vulnerabilities.
● Integration: Ability to integrate with development environments,
CI/CD pipelines, issue trackers, and other tools to streamline the
security testing process.
● Customizable Reports: Generate detailed and customizable reports
that include identified vulnerabilities, severity levels, and
recommendations for remediation.
● Support for Different Platforms and Languages: Capability to test
applications developed in various programming languages and
deployed on different platforms (web, mobile, APIs, etc.).

Conclusion
In conclusion, incorporating security testing tools into your software testing
strategy is vital for mitigating risks and protecting your applications from
security breaches. From open-source tools like OWASP ZAP to
enterprise-grade solutions like Acunetix, each tool brings unique advantages
suited for different testing needs.
By using these tools effectively, you can ensure that your applications are not
only functional but also secure from potential threats, providing confidence to
both users and stakeholders.

What is vulnerability management?

Vulnerability management is the process of identifying, assessing,

remediating and mitigating security vulnerabilities in software and computer
systems. It's a critical part of managing cybersecurity risk in IT environments:
Vulnerabilities that aren't found and fixed can expose an organization to
damaging cyber attacks and data breaches.

A typical vulnerability management process involves continuously scanning IT

assets for vulnerabilities, evaluating the risks of ones that are found, and
addressing the vulnerabilities in a prioritized order based on risk severity. The
goals of vulnerability management include reducing attack surfaces, improving
an organization's security posture, meeting regulatory compliance
requirements and minimizing business risks.

Vulnerability management isn't the same thing as patch management. They

do overlap, but there are differences between the two processes. Vulnerability
management takes a big-picture view to identify vulnerabilities and then
resolve them across IT systems, while patch management provides a tactical
fix for known bugs and security holes in software through the installation of
patches typically issued by software vendors. Many practitioners view patch
management as a part of vulnerability management.

Vulnerability management also differs from risk management, though they

again are related to one another. While vulnerability management focuses on
finding and fixing technical security gaps, risk management is a broader
initiative for dealing with potential cybersecurity threats and various other
types of issues that pose a risk to business operations.

This article is part of

The ultimate guide to cybersecurity planning for businesses

Which also includes:

Top 8 in-demand cybersecurity jobs for 2024 and beyond
Top 7 enterprise cybersecurity challenges in 2024
How to develop a cybersecurity strategy: Step-by-step guide

This explains how vulnerability management differs from patch management.

Why vulnerability management is important for
organizations

Security vulnerabilities occur in applications, endpoint devices, servers,

networks and cloud services. Malicious attackers are constantly looking for
potential security gaps in IT systems. Finding an exploitable vulnerability
makes it easier for an attacker to get into systems, access corporate data and
disrupt business operations.

As a result, effective vulnerability management is essential to proactively

secure increasingly complex IT environments. No organization is immune
from attack -- even the smallest ones can benefit from a vulnerability
management program. For larger organizations with more systems and
applications in place, a single vulnerability could be a pathway to an
enterprise-wide attack.

In various industries, including healthcare, financial services, retail and

e-commerce, regulatory compliance measures require organizations to have
vulnerability management initiatives in place. For example, vulnerability
management practices are mandated by government and industry regulations
such as the Health Insurance Portability and Accountability Act, the
Gramm-Leach-Bliley Act and the Payment Card Industry Data Security
Standard. They're also required for compliance with ISO 27001, an
information security management standard developed by the International
Organization for Standardization and formally known as ISO/IEC 27001:2022.

How does vulnerability management work?

Vulnerability management isn't a single task -- it's a multistep process that is
conducted by IT security teams on an ongoing basis. In addition to
vulnerability scanning that probes IT systems for missing patches,
misconfigurations, unprotected sensitive data and other issues, it often
includes penetration testing -- or pen testing for short -- that attempts to
exploit vulnerabilities in systems to measure their risk level for an actual
attack.

Using the results of scans and pen tests, vulnerability assessments are done
to evaluate potential threats. As part of an assessment, information about
identified vulnerabilities can be fed into a threat intelligence platform and
scored based on potential impact and exploitability. For example, a missing
patch that could enable attackers to do remote code execution in a system
would likely be deemed a high risk.

Security teams then prioritize and remediate the detected issues through
various actions, depending on the nature of the vulnerabilities. In the case of
the missing patch, an organization's security team generates a remediation
workflow ticket for the IT operations staff that's responsible for the affected
systems. After IT ops installs the patch, the security team commonly runs a
scan to confirm that the vulnerability was patched properly.

Throughout the vulnerability management process, the status of vulnerabilities

is tracked against remediation goals and service-level agreements, giving an
organization's security leaders and business executives real-time visibility into
cybersecurity risk reduction and compliance efforts.

What is Vulnerability Assessment?

Last Updated : 20 Aug, 2024

Living in a world with more and more complex threats posted by

cybercriminals, it is imperative that you shield your networks. A vulnerability
scanning is done to understand areas that are prone to an attack by the
invader before they exploit the system. The above measures not only protect
data and guard against data leakage but also help meet security
requirements and strengthen risk management. In this article, we’ll look at
what vulnerability assessment is, why it is important, and how it stands from
penetration testing. We will also outline how the assessment is conducted,
the provided tool, and key advantages and disadvantages.

What is a Vulnerability Assessment?

A vulnerability assessment is a procedure that is employed in an information
system to determine and rate potential risks. It seeks to identify
vulnerabilities that can be leveraged by an attacker to compromise the
system and to employ tools and techniques that ensure that data
confidentiality, integrity, and availability are achieved. This systematic review
assists organizations in identifying security issues like cross-site scripting
(XSS) and SQL injection before they can be leveraged.

Importance of Vulnerability Assessments

Vulnerability assessments are very important in the protection of information
systems and data. They help by:

● Preventing Data Breaches: Directing single and exclusive attention

to every risk in line with time and noticing the recurrent threats so
as to treat them before they bring about expensive security
invasions.
● Ensuring Regulatory Compliance: Conformity to the laws and
evasion of the law.
● Managing Risks: Risk priority and risk control to improve the general
shareholder’s risk evaluation.
● Enhancing Security Posture: Periodic evaluations enhance security
by making provisions of security to cater for emerging threats.
● Cost-Effective Security: This solution lowers the expensive costs
associated with security incidents that occur when the
vulnerabilities are not tended to as soon as they are identified.
Types of Vulnerability Assessments
● Host Vulnerability Assessment: Conducts analysis on the servers
and host systems so as to expose and contain backend attacks.
● Database Vulnerability Assessment: Provides for the prevention of
unauthorized access of data within the database in terms of
confidentiality, integrity and availability.
● Network Vulnerability Assessment: Evaluates the security of
networks with the aim of attainable protection against oncoming
and existing network complexity.
● Application Scan Vulnerability Assessment: Scans application code
for application level vulnerabilities in frontend and backend
auto-mated tools.

Vulnerability Assessments vs Penetration Tests

Vulnerability
Parameter Penetration tests
assessments

Identification and Real world attacks are

Objective evaluation of potential simulated to exploit
vulnerabilities vulnerabilities
Usage of manual
Ethical hackers are involved
Methodolog techniques and
who attempt to exploit
y automated systems to
vulnerabilities
scan systems

Target specific
Various aspects of the
Scope vulnerabilities and attack
system are covered
vectors

Conducted regularly as
Less frequent and is
Frequency part of an ongoing
performed when needed
strategy

Gives a broader Gives deeper insight into

Focus perspective of potential the impact of exploiting
issues vulnerabilities
Proactive approach which Reactive approach which
Approach helps prevent potential assess the effectiveness of
issues existing security measures

How Does a Vulnerability Assessment Work?

● Planning and Scoping: Identify the parameters, aims and objectives
and target system of the assessment.
● Discovery: Collect general information about the system: hosts,
ports, and software, etc. Collect it with using specialized software
and through manual assessment.
● Scanning: Make a scan to each host in order to detect open ports,
mistakes or problems in configurations.
● Analysis: Analyze scan information to identify imperatives and
determine their potential vulnerability.
● Reporting: Record exploits, their consequences and rank
suggestions for insurance.
● Remediation: Apply remedies, modify settings and work on the
fortification of the architecture.
● Follow-Up: Ensure fix and verify that fix is correct & look for new
vulnerability.

How Does Vulnerability Assessment Help?

It helps any organization safeguard itself from cyber attacks by identifying
the loopholes in advance. Here are some threats that we can prevent if we
use vulnerability assessment.

● Injection attacks like XSS and SQL injection

● Authentication faults that lead to unidentified access to important
data
● Insecure settings and weak defaults

The Process of Vulnerability Assessment

The process of Vulnerability Assessment is divided into four stages. Let us
discuss them one by one.

● Testing or Vulnerability Identification: All the aspects of a system

like networks, servers, and databases are checked for possible
threats, weaknesses, and vulnerabilities. The goal of this step is to
get a list of all the possible loopholes in the security of the system.
The testing is done through machines as well as manually and all
parameters are kept in mind while doing so.
● Analysis: From the first step, we get a list of vulnerabilities. Then, it
is time that these are analyzed in detail. The goal of this analysis is
to identify where things went wrong so that rectification can be
done easily. This step aims at finding the root cause of
vulnerabilities.
● Risk Assessment: When there are many vulnerabilities, it becomes
important to classify them on the basis of risks they might cause.
The main objective of this step is to prioritize vulnerabilities on the
basis of data and systems they might affect. It also gauges the
severity of attacks and the damage they can cause.
● Rectification: Once if have a clear layout of the risks, their root cause,
and their severity, we can start making corrections in the system.
The fourth step aims at closing the gaps in security by introducing
new security tools and measures.

Tools for Vulnerability Assessment

Manually testing an application for possible vulnerabilities might be a tedious
job. There are some tools that can automatically scan the system for
vulnerabilities. A few such tools include:

● Simulation tools that test web applications.

● Scanners that test network services and protocols.
● Network scanners that identify malicious packets and defects in IP
addresses.

Advantages of Vulnerability Assessment

● Detect the weakness of your system before any data breach occurs.
● A list of all possible vulnerabilities for each device present in the
system.
● Record of security for future assessments.

Disadvantages of Vulnerability Assessment

● Some advanced vulnerabilities might not be detected.
● Assessment tools might not give exact results.

Conclusion
This article helps one to understand that vulnerabilities assessment play an
important role of establishing the areas that can be exploited within your
information systems. In this way you will avoid information leaks, solve the
problems with non-compliance to regulations, and in general improve the
protection. The integration of other security measures alongside assessments
guarantees the organization against cyber threats.

Explain Nessus tool in security testing

Last Updated : 11 Jan, 2024

Nessus is a widely used vulnerability scanning tool in the field of cyber

security and security testing. Nessus is a platform developed by Tenable that
scans for security vulnerabilities in devices, applications, operating systems,
cloud services, and other network resources. It is a remote security scanning
tool, which scans a computer and raises an alert if it discovers any
vulnerabilities that malicious hackers could use to gain access to any
computer, that you have connected with any network. It does this by running
over 1200 checks on a given computer, to see if any of these attacks could be
used to break into the computer or otherwise harm it.

History of Nessus
Originally, it was launched as an open-source tool in 1998, but its enterprise
edition became a commercial product in 2005. It was developed in 1998 by
Renaud Deraison as an open-source project, Nessus gained popularity for
vulnerability scanning. It was acquired by Tenable in 2005, and it transitioned
to a partially closed-source model, evolving with features like compliance
scanning. Tenable introduced “Nessus Essentials” in 2017 and Tenable.io, a
cloud platform leveraging Nessus. In 2023, Nessus remains a trusted tool for
organizations globally, reflecting its commitment to adaptability and
effectiveness in addressing cybersecurity challenges.

Who uses this tool?

If you are an administrator in charge of any computer or a group of computers
connected to the internet, it is a great tool to help keep the domains free of
the easy vulnerabilities that hackers and viruses, commonly look to exploit.
Some of the people who use this tool are security professionals, IT admins,
system and security admins, and software developers.
Nessus is used by a diverse range of organizations and professionals across
different industries for vulnerability management and security assessments.

● Enterprise Organizations: Large enterprises use Nessus to conduct

regular vulnerability scans on their networks, servers, and
applications. This includes industries such as finance, healthcare,
manufacturing, and telecommunications.
● IT Security Teams: In-house IT security teams within organizations
use Nessus as a tool to identify and remediate vulnerabilities in their
infrastructure. This includes systems administrators, security
analysts, and IT managers.
● Cloud Service Providers: Organizations that provide cloud services
and infrastructure use Nessus to assess the security of their cloud
environments, ensuring that customer data and applications are
protected.
● Security Consultants and Service Providers: Security consulting
firms and managed security service providers leverage Nessus to
offer vulnerability assessment services to their clients. This includes
performing security audits, risk assessments, and compliance
checks.

Why Nessus?
As we know many organizations and individuals use the Nessus tool for
vulnerability assessments and for finding security weaknesses. There are
multiple features that make a good choice for organizations and individuals.

● Vulnerability scanning: Nessus scans servers for known

vulnerabilities. For example, detecting outdated Software versions
that may be suspectable to exploits.
● Credential-based scanning: Authenticated scans with login
credentials provide Nessus deeper access, enhancing the accuracy
of vulnerability detection.
● Web Application scanning: It identifies the vulnerabilities in web
applications such as SQL injection or XSS flaws.
● Malware detection: Nessus identifies the potential malware
indicators by analyzing the system files and configuration.

Types of Nessus Scans:

Nessus supports various types of scans to address different aspects of
security assessments. Here are some common types of scans in Nessus:

● Network Scans: It identifies vulnerabilities in network devices,

servers and infrastructure. Example: scanning a range of IP
addresses to identify open ports, services and potential
vulnerabilities on networked devices.
● Web Application Scans: It focuses on identifying vulnerabilities in
web applications and services. Example: examining a website for
common web application vulnerabilities such as SQL injection,
cross-site scripting (XSS) and security misconfigurations.
● Credential Scans: It uses provided credentials to perform
authenticated scans for a more in-depth assessment. Example:
logging into a server using valid credentials to assess the system
from an internal perspective, identifying vulnerabilities that may not
be visible externally.
● Patch Management Scans: Nessus searches for vulnerable software
fixes and out-of-date versions that could be used by hackers. It
assists companies in making sure that their systems have the most
recent security fixes installed.
● Web-based Application Scans: Web applications can be scanned by
Nessus for common security flaws like SQL injection, cross-site
scripting (XSS) and other vulnerabilities that could compromise the
application’s security.
● Mobile Device Scans: The purpose of this kind of scan is to assess
the safety status of mobile devices, such as tablets and
smartphones. It looks for setup errors and security holes that
hackers aiming for mobile platforms might exploit.

Benefits of Nessus Scans:

Some major benefits are as follows:

1. Time cost & Efficiency: Automated scanning reduces the manual

effort required for routine vulnerability assessments.
2. Detailed Reporting: Customized reports generated by Nessus assist
in communicating secure posture to stakeholders and management.
3. Cloud security: Nessus extends it’s scanning capabilities to assess
the security of a cloud based infrastructure, ensuring a consistent
security posture across all environments.
4. Setting Risk Priorities: Nessus helps organizations prioritize
corrective efforts by classifying vulnerabilities according to their
severity. This aids in concentrating efforts on solving pressing
problems that are most dangerous for the company.
5. Adaptable Scanning Procedures: Users can design and modify
scanning policies in Nessus according to their own needs. This
adaptability guarantees that scans comply with the particular
security requirements and guidelines of the company.

Limitations of Nessus Scans:

While Nessus is a powerful and widely-used vulnerability scanning tool, it
does have some limitations. Here are a few key considerations:

1. Scanning Interruptions: Some network configurations or security

measures may interrupt Nessus scans, leading to incomplete results.
Firewalls, network congestion or rate limiting can impact the
scanning process.
2. Credential Management: Authenticated scans, which provide more
detailed results, require proper credentials. Managing and securing
these credentials can be challenging, particularly in large and
dynamic environments.
3. False Positives and Negatives: Nessus may produce false positives,
incorrectly identifying a vulnerability that doesn’t exist or false
negatives, missing actual vulnerabilities. Human verification is often
required to validate scan results.
4. No Real-Time Monitoring: Nessus is not designed for real-time
monitoring. It is a point-in-time scanner and continuous monitoring
capabilities are limited. Other tools may be required for continuous
security monitoring.

What is the Common Vulnerability Scoring

System (CVSS)?

Last updated: October 25, 2024

Courtney GoodmanProduct Marketer

Contents

1. How does CVSS Scoring Work?

2. How is a CVSS score calculated?
3. History of the CVSS
4. CVSS vs. CVE
5. CVSS Limitations
6. Frequently Asked Questions
7. Recommended Resources

The Common Vulnerability Scoring System (CVSS) is a standardized

framework for measuring information systems’ severity of security flaws. It
assigns each vulnerability a score between 0 and 10, with higher scores
meaning more severe issues. This system helps organizations decide which
security threats need attention first based on their potential impact.

How does CVSS Scoring Work?

CVSS scoring assigns a number from 0 to 10 based on three main factors:

Base, Temporal, and Environmental metrics. The Base score shows the
inherent characteristics of a vulnerability. The Temporal score considers how
those characteristics may change over time. The Environmental score
evaluates how the vulnerability could affect a specific environment.
CVSS Qualitative
Score Rating

0.0 None

0.1 – 3.9 Low

4.0 – 6.9 Medium

7.0 – 8.9 High

9.0 – 10.0 Critical

A score of 0 means the vulnerability has minimal severity, while a score of 10

represents the most severe issues. This scoring helps organizations prioritize
their responses to different security threats.

How is a CVSS score calculated?

A CVSS score is based on three sets of metrics: Base, Temporal, and

Environmental. Each of these has its own scoring elements.
CVSS Score Metrics

CVSS Base Metrics

The Base Metrics are the core components used to determine how severe a
security vulnerability is. They focus on the vulnerability’s characteristics,
regardless of whether it has been exploited or mitigated. These metrics
include Exploitability, Scope, and Impact.

Exploitability: This metric assesses how easily a vulnerability is exploited. It is

broken down into four sub-components:
● Attack Vector: Measures how an attack can be executed, with higher
scores for remote attacks versus those requiring physical access.
● Attack Complexity: Evaluate the difficulty of executing the attack, with
lower scores for easier vulnerabilities to exploit.
● Privileges Required: This indicator indicates the level of access needed
to exploit the vulnerability, with higher scores for attacks requiring fewer
privileges.
● User Interaction: Considers whether the attacker needs to involve a
user in the exploit, with autonomous attacks scoring higher.

Scope: This metric assesses whether the vulnerability can affect other
components beyond the initial target. The score will be higher if the
vulnerability can propagate, such as compromising an entire system through a
single application flaw.

Impact: This metric evaluates the potential consequences of a successful

exploit, focusing on three areas:

● Confidentiality: Measures the extent of data exposure.

● Integrity: Assesses the ability of the attacker to modify data.
● Availability: Evaluate the potential disruption to system access and
functionality.
While CVSS-based Base Metrics provide a crucial starting point for
understanding a vulnerability’s severity, they have limitations. They do not
account for Temporal Metrics, which change over time, or Environmental
Metrics, which reflect an organization’s specific context, such as existing
security controls and asset criticality.

Organizations must consider these additional factors to fully assess and

prioritize vulnerabilities, which can significantly alter the perceived risk and
required response.

CVSS Temporal Metrics

CVSS Temporal Metrics evaluate the changing nature of a vulnerability over

time. These metrics assess a vulnerability’s current exploitability and the
availability of remediating controls, such as patches. Key subcomponents of
Temporal Metrics include:

● Exploit Code Maturity: A vulnerability is less threatening until a method

to exploit it becomes available. As exploit code matures and becomes
more widespread, its associated score increases, reflecting the
heightened risk.
● Remediation Level: A vulnerability may not initially have a patch or
workaround. As temporary fixes or official patches are released, the
vulnerability score decreases, indicating reduced risk.
● Report Confidence: This measures how well a vulnerability is validated,
ensuring it is both real and exploitable—higher confidence results in a
higher score.

CVSS Environmental Metrics

CVSS Environmental Metrics allow organizations to adjust the Base CVSS

score based on their specific Security Requirements and modifications of
Base Metrics.

● Security Requirements: These metrics consider the criticality of the

affected asset. Mission-critical systems, like a database containing all
customer data, receive higher scores than less critical assets, such as a
non-privileged user’s workstation.
● Modified Base Metrics: Organizations can modify Base CVSS Metrics
based on existing mitigations. For instance, “air gapping” a
server—disconnecting it from external networks—lowers the Attack
Vector score since remote exploitation is no longer possible.
By considering both Temporal and Environmental Metrics, organizations can
achieve a more tailored and accurate assessment of a vulnerability’s actual
risk to their specific environment.

History of the CVSS

CVSS has been crucial to assessing vulnerabilities since 2003/2004 when it

was introduced by the National Infrastructure Advisory Council (NIAC). Since
2005, it’s been managed by the Forum of Incident Response and Security
Teams (FIRST). The latest version, CVSS v4.0, was released in 2023 to
improve scoring accuracy and address user feedback.

Guide

Stop Sabotaging Your Cybersecurity

Avoid the 11 common vulnerability management pitfalls

Get the Guide

Despite its importance, CVSS has faced criticism. Some argue it
oversimplifies the complex nature of vulnerabilities, especially in earlier
versions. Even with improvements in v4.0, the system can still overwhelm
security teams with high-severity vulnerabilities that may not be the most
urgent.

Organizations now complement CVSS with additional metrics and systems,

such as the Exploit Prediction Scoring System (EPSS) and Risk-Based
Vulnerability Management (RBVM). EPSS predicts the likelihood of exploiting
a vulnerability, while RBVM considers business impact, asset criticality, and
existing security controls. These methods offer a more tailored approach to
vulnerability prioritization.

CVSS vs. CVE

The main difference between CVSS and CVE lies in their roles. CVE
(Common Vulnerability Enumeration) gives unique identifiers to specific
security vulnerabilities, making them easier to track. CVSS (Common
Vulnerability Scoring System) provides a score that shows how severe each
CVE is. For example, the Heartbleed vulnerability (CVE-2014-0160) has a
CVSS score 7.5, indicating high severity.
CVSS Limitations

The Common Vulnerability Scoring System (CVSS) has several limitations

that organizations need to consider:

● Limited Context: CVSS scores don’t account for the specific risks to
your organization. They tell you if a vulnerability is dangerous, but not if
it’s dangerous to you.
○ Example: Suppose two organizations—a financial institution and a
small retail store—face the same vulnerability. CVSS might rate it
as severe, but for the retailer, the risk might be minimal due to
fewer sensitive assets, whereas for the financial institution, it
could be critical due to the high value of their data.
● Subjectivity: CVSS scores can vary depending on the context, leading
to inconsistencies.
○ Example: A vulnerability in a widely used software might receive a
high CVSS score based on its potential impact. However, the risk
might be lower if a company has strong security operation
controls. Yet, another organization with weaker controls might find
the same vulnerability far more threatening, leading to different
assessments.
● Limited Scope: CVSS doesn’t fully consider the importance of specific
assets or existing controls.
○ Example: CVSS might score a vulnerability in an out-of-date
software as low because it’s not internet-facing. However, if that
software version is critical to a company’s operations, the low
score underestimates the risk, missing the asset’s importance.
● Complexity: The system requires a deep understanding of scoring
factors. Understanding how to calculate and interpret CVSS scores
requires familiarity with several factors, such as attack vectors,
complexity, and impact.
○ Example: This complexity can lead to misinterpretations or misuse
of scores for organizations without dedicated security expertise.
● Potential for Oversights: Relying solely on CVSS scores can lead to
missed opportunities to address the most pressing threats.
○ Example: If an organization relies solely on CVSS scores, it might
overlook threats that don’t score highly but are significant in their
specific context—like vulnerabilities in internal systems that an
insider could exploit.
● Organizations should adopt a risk-based vulnerability management
approach incorporating CVSS Base Scores and Temporal and
Environmental factors to address these limitations. This tailored
approach requires understanding the organization’s risks, including
business criticality, existing controls, and the current threat landscape.

About CWE
Common Weakness Enumeration (CWE™) is a
community-developed list of common software and hardware
weaknesses. A “weakness” is a condition in a software, firmware,
hardware, or service component that, under certain circumstances,
could contribute to the introduction of vulnerabilities. The CWE List
and associated classification taxonomy identify and describe
weaknesses in terms of CWEs.

Knowing the weaknesses that result in vulnerabilities means

software developers, hardware designers, and security architects
can eliminate them before deployment, when it is much easier and
cheaper to do so.

CWE List

The CWE List is updated three to four times per year to add new
and update existing weakness information. Before being published
on the CWE website, weaknesses are developed in the CWE Content
Development Repository (CDR) on GitHub.com. The CDR provides
visibility into the CWE working queue and a platform for CWE
community partners to collaborate on content development.

Using the CWE List

The CWE List is fully searchable and may be viewed or downloaded

in its entirety. There is also a the CWE REST API to make CWE
content available to community applications and websites in a more
convenient way.

Weaknesses can be browsed within “Views” related to specific

contexts or domains. The Software Development view organizes
items by concepts that are frequently used or encountered during
software development. The Hardware Design view organizes
weaknesses around concepts that are frequently used or
encountered in hardware design, and Research Concepts facilitates
weakness type research by organizing items by behaviors.

Other views provide insight for a certain domain or use cases, such
as weaknesses introduced during design or implementation;
weaknesses with indirect security impacts; those in software written
in C, C++, Java, and PHP; in mobile applications; and many more.
Another useful feature is the external mappings of CWE content to
related resources including the annual CWE Top 25; OWASP Top
Ten; Seven Pernicious Kingdoms; Software Fault Pattern Clusters;
and SEI CERT Coding Standards for C, Java, and Perl.

All of these unique viewpoints into CWE content enable you to

quickly leverage CWE for your own specific needs. CWE List content
is also free to incorporate into research, educational materials,
processes, and tools, per the terms of use.

CWE Community

CWE Program partners are organizations from across government,

industry, and academia. The CWE Program operates several working
groups (WGs) and special interest groups (SIGs), all of which are
public forums for discussing and working collaboratively to drive
CWE Program adoption and increase CWE Program coverage.

Community members can actively participate in the CWE Program

by:

● Joining the conversation about weaknesses and

vulnerabilities on our CWE Research Discussion List
● Joining one of the CWE Program’s working groups or special
interest groups
● Submitting content suggestions for the CWE List
● Engaging with the CWE Program and the community to help
promote CWE on social media, including CWE on the
X-Twitter, LinkedIn, YouTube, Medium, Mastodon, etc.
● Adopting CWE-Compatible products and services
● Advocating the expansion and active use of CWE, CWE Top
Hardware, CWE Top KEV, and the CWE Top 25 by the
community
●

What is CVE in cybersecurity?

Common Vulnerabilities and Exposures is what CVE stands for in the world of hacking.
People can use it to find and keep track of known flaws in hardware and software.
These weaknesses are security holes that have been made public and could let an
attacker get into a computer system without permission or do other bad things as well.
As well as a standard description, each CVE entry gives a unique vulnerability a
standard name.

The main purpose of the CVE system is to make it easy for groups to share information
about holes and risks in security and work together to fix these problems. According to
the CVE identifiers, it is easier to find vulnerabilities quickly and correctly, talk about
them, and take steps to lessen their effects.

Many security experts, researchers, and IT companies use the CVE system to keep
track of vulnerabilities and handle the risks that come with them. It is an important part
of the bigger ecosystem of cybersecurity tools and methods, which also includes patch
management, security alerts, and vulnerability management.
The Cybersecurity and Infrastructure Security Agency (CISA) of the U.S. Department of
Homeland Security pays the MITRE Corporation to keep the CVE List up to date. This
list is part of a bigger project called the CVE Program, whose goal is to find, describe,
and organize publicly known security holes.

Understanding CVE Severity:

A Common Vulnerability and Exposure (CVE) can help you figure out how bad a
problem is. Here are some important things to keep in mind:

● How simple is it to take advantage of?

● It's important to know how easy it would be for a hacker to take advantage of the
weakness. It's a bigger worry if it's easy to take advantage of.What kind of harm
could happen?
● Think about what might happen if the hacker can take advantage of the
weakness. The CVE is more important when the possible outcomes are
terrible.How often does weakness happen?
● More people are affected by the CVE if it is found in a lot of systems or
software.Is it possible to fix it?

Check to see if there is a patch or other way to fix the problem. It's best to highlight a
CVE that doesn't have a fix yet.
These things will help you figure out which CVEs to fix first. If the CVE is very bad, you
might even have to delay the release of software or make big changes to make it safer.

Dealing with CVEs) often means using a variety of security tools, each playing a unique
role. Here's a simplified outline of some key tools and what they do:
Tools and Approaches Available To Address and Fix CVEs
As you use different security tools to fix a CVE, it can feel like you're juggling a lot of
tasks. These tools can often help you see things more clearly and more broadly. When
they work together, it can be easier to handle them. Let's look at the available tools.
Each one is made to help with a different part of fixing a CVE. This will help you
understand what needs to be done without being too busy.

Configuration Management Database (CMDB): Think of this as a giant digital filing

cabinet for your company. It stores information about all your tech stuff – like computers,
software, and even the connections between them. It's great for keeping track of what
you have, but it's not the best for finding network issues or problems with connections.

Cloud Security Tools: These are specialized tools for keeping your cloud info safe. They
include:

1. Cloud Access Security Broker (CASB):

It's like a digital bouncer, checking everyone and everything that tries to access your
cloud info. It's good at stopping unauthorized access, malware, and other sneaky stuff,
but it won't help much with things that aren't in the cloud.

2. Cloud Security Posture Management (CSPM):

This tool is like a security advisor for your cloud setup. It helps find and fix risks in the
cloud, but it can't watch the actual data moving in and out in real-time.

3. Cloud Workload Protection Platform (CWPP):

Think of this as a protector for your cloud data, helping protect both cloud and
on-premises data. However, it's not great at dealing with app-level security or the core
cloud infrastructure.

4. Cloud-Native Application Protection Platform (CNAPP):

This is a more advanced tool mixing CSPM and CWPP features. It works well for finding
problems in public clouds, but it has some flaws.

The Identity and Access Management (IAM) tool controls who can see what information
based on the level of security danger. It's like a high-tech guard guard. It quickly fixes
problems with access, but it's not meant to find new assets or deal with a lot of reports.

Internet of Things (IoT) Security Solutions:

These solutions are made to keep smart devices safe as more of them connect to the
internet. They're good at finding these things, but not so good at fixing any problems
they might have.

Security Information and Event Management (SIEM):

This is like a command center that gathers security information from different sources,
looks for strange behavior, and sets off alarms or takes other actions. It can let you
know about problems, but it can't fix the weaknesses themselves.

Network Access Control (NAC):

This tool checks and evaluates every device that tries to join your network, like a
security guard at the front door. It works great for finding new devices, but not so well for
keeping track of links that are already there or fixing security holes.

Because each of these tools has its own pros and cons, using more than one of them
together often gives you a fuller picture and more power over your security.

Conclusion
As we wrap up our look at CVE in cybersecurity, it's important to remember that threats
are still out there. In this area, these threats are always changing. The year 2023 has
shown how important CVEs are of late. They have important effects on safety.

Because of a certain flaw, people from far away could make admin accounts without
being verified. They were able to get into Confluence servers, which was very bad for
network security. Patches and strong security steps need to be put in place right away.
To protect against these weaknesses, these steps are very important. The fact that
CISA, FBI, and MS-ISAC are working together makes this urgency even clearer. They
worked together to make people more aware of these problems and give advice on how
to fix them.

It is important to stay informed and take the initiative when putting security steps in
place. These steps are very important to keep you safe from new cyber dangers. With
SafeAeon you can seek adequate assistance for an implication to your digital system.
It's becoming more and more important to understand and fix these weaknesses. It is
very important for keeping digital systems and networks safe and secure.

Methodology followed by the Hackers

Last Updated : 02 Jul, 2021

Overview :
In popular media, the term “hacker” refers to someone who uses bugs and
exploits to get into someone else’s security, or who uses his technical
knowledge to behave productively or maliciously. Hackers are computer
specialists who are knowledgeable in both hardware and software. A hacker is
a computer enthusiast who is proficient in a programming language, as well
as security and network administration. He is the type of person who enjoys
learning new technologies and computer system intricacies in order to
improve his capabilities and talents.

Different types of methodologies :

Here, we will discuss the Different types of methodologies as follows.
1. Reconnaissance –
Reconnaissance is the process of gathering information about the
target system. Finding vulnerabilities in the computer system, or the
methods that are left vulnerable is part of the process. If the hacker is
able to get access to the system, he or she will continue the hacking
procedure. The hacker has a lot of knowledge at the end of the
reconnaissance phase, which he can use to build a promising attack
on the target system.

2. Scanning –
Before launching an attack, the hacker wants to determine whether
the system is operational, which apps are in use, and what versions
of those programs are in use. Scanning entails looking for all open
and closed ports in order to locate a backdoor into the system. It
entails getting the target’s IP address, user accounts, and other
information. The information acquired during the reconnaissance
phase is utilized to inspect the network using tools such as dialers
and port scanners. N-map is a popular, powerful, and freely available
scanning tool.

3. Gaining Control –
The information obtained in the previous two phases is utilized to
enter and take control of the target system over the network or
physically in this phase of the hacking method. This stage is often
referred to as “Owning the System.”

4. Maintaining Access –
After acquiring access to the system in the previous stage, the
hacker keeps the access for future attacks and makes changes to
the system so that no other security personnel or hacker can acquire
access to the compromised system. The attacked system is referred
to as the “Zombie System” in this case.

5. Log Clearing –
It is the method of erasing any remaining log files or other sorts of
evidence on the hacked system that could lead to the hacker’s
capture. Penetration testing is one of the instruments in ethical
hacking approaches that can be used to catch a hacker.

Cyber Security – Types of Enumeration

Last Updated : 26 Aug, 2024

Enumeration is fundamentally checking. An attacker sets up a functioning

associated with the objective host. The weaknesses are then tallied and
evaluated. It is done mostly to look for assaults and dangers to the objective
framework. Enumeration is utilized to gather usernames, hostname, IP
addresses, passwords, arrangements, and so on. At the point when a
functioning connection with the objective host is set up, hackers oversee the
objective framework. They at that point take private data and information.
Now and again, aggressors have additionally been discovered changing the
setup of the objective frameworks. How the connection is set up to the host
decides the information or data the attacker will have the option to get to.

What is Enumeration?
Enumeration is the process of scanning a target system, network, or
application and collecting information on it while in the process. This step is
critical in the reconnaissance phase of ethical hacking or penetration testing
where the aim is to find out some of the weaknesses within the target.
Enumeration includes asking the system questions to get information such as
usernames, machine names, shares, services, and other assets. The
information that can be collected during the enumeration phase can be
utilized by an attacker to understand the structure and security of the
targeted system so that the attacker would understand what comes next.

Types Of Enumeration
In this section, we will be discussing the various types of Enumerations.

1. NetBIOS(Network Basic Input Output System) Enumeration

● NetBIOS name is an exceptional 16 ASCII character string used to
distinguish the organization gadgets over TCP/IP, 15 characters are
utilized for the gadget name and the sixteenth character is saved for
the administration or name record type.
● Programmers utilize the NetBIOS enumeration to get a rundown of
PCs that have a place with a specific domain, a rundown of offers on
the individual hosts in the organization, and strategies and
passwords.
● NetBIOS name goal isn’t supported by Microsoft for Internet
Protocol Version 6.
● The initial phase in specifying a Windows framework is to exploit
the NetBIOS API. It was initially an Application Programming
Interface(API) for custom programming to get to LAN assets.
Windows utilizes NetBIOS for document and printer sharing.
● A hacker who finds a Windows OS with port 139 open, can verify
what assets can be gotten to or seen on the far off framework. In
any case, to count the NetBIOS names, the distant framework
probably empowered document and printer sharing. This sort of
enumeration may empower the programmer to peruse or keep in
touch with the distant PC framework, contingent upon the
accessibility of offers, or dispatch a DoS.
● NetBIOS name list:

Name NetBIOS Code Type

<host
<00> UNIQUE
name>

<domain> <00> GROUP

<host
<03> UNIQUE
name>

<username> <03> UNIQUE

<host
<20> UNIQUE
name>

<domain> <1D> GROUP

<domain> <1B> UNIQUE

● Nbtstat Utility: In Windows, it shows NetBIOS over TCP/IP (NetBT)

convention insights, NetBIOS name tables for both the
neighborhood and distant PCs, and the NetBIOS name reserve. This
utility allows a resuscitate of the NetBIOS name cache and the
names selected with Windows Internet Name Service. The sentence
structure for Nbtstat:

nbtstat [-a RemoteName] [-A IPAddress] [-c] [-n] [-r] [-R] [-RR]
[-s] [-S] [Interval]

The table appeared beneath shows different Nbtstat boundaries:

Parameters

-a RemoteName

-A IPAddress
-c

-n

-r

-RR

-s

-S

Interval
2. SNMP(Simple Network Management Protocol) Enumeration:

● SNMP enumeration is a cycle of specifying client records and

gadgets on an objective framework utilizing SNMP. SNMP
comprises a manager and a specialist. Specialists are inserted on
each organization gadget, and the trough is introduced on a different
PC.
● SNMP holds two passwords to get to and design the SNMP
specialist from the administration station. Read Community String is
public of course, permits review of gadget/framework setup.
Read/Write people group string is private of course, permits far off
altering of arrangement.
● Hackers utilize these default network strings to remove data about a
gadget. Hackers list SNMP to remove data about organization
assets, for example, has, switches, gadgets, shares, and so on, and
network data, for example, ARP tables, directing tables, traffic, and
so forth.
● SNMP utilizes dispersed engineering containing SNMP agents,
managers, and a few related parts. Orders related with SNMP
include: GetRequest, GetNextRequest, GetResponse, SetRequest,
Trap.

Given below is the communication between the SNMP agent and manager:
● SNMP Enumeration tools are utilized to examine a solitary IP
address or a scope of IP addresses of SNMP empowered
organization gadgets to screen, analyze, and investigate security
dangers. Instances of this sort of instruments incorporate
NetScanTolls Pro, SoftPerfect Network Scanner, SNMP Informant,
and so forth

3. LDAP Enumeration:
● Lightweight Directory Access Protocol is an Internet Protocol for
getting to dispersed registry administrations.
● Registry administrations may give any coordinated arrangement of
records, regularly in a hierarchical and sensible structure, for
example, a corporate email index.
● A customer starts an LDAP meeting by associating with a Directory
System Agent on TCP port 389 and afterward sends an activity
solicitation to the DSA.
● Data is sent between the customer and the worker utilizing Basic
Encoding Rules.
● Programmer inquiries LDAP administration to assemble information
such as substantial usernames, addresses, division subtleties, and
so on that can be additionally used to perform assaults.
● There are numerous LDAP enumeration apparatuses that entrance
the registry postings inside Active Directory or other catalog
administrations. Utilizing these devices, assailants can identify data,
for example, substantial usernames, addresses, division subtleties,
and so forth from various LDAP workers.
● Examples of these kinds of tools include LDAP Admin Tool, Active
Directory Explorer, LDAP Admin, etc.

4. NTP Enumeration:

● Network Time Protocol is intended to synchronize clocks of

arranged PCs.
● It utilizes UDP port 123 as its essential method for correspondence.
● NTP can check time to inside 10 milliseconds (1/100 seconds) over
the public web.
● It can accomplish correctness of 200 microseconds or better in a
neighborhood under ideal conditions.
● Executives regularly disregard the NTP worker regarding security.
Be that as it may, whenever questioned appropriately, it can give
important organization data to the programmers.
● Hackers inquiries NTP workers to assemble significant data, for
example, a list of hosts associated with NTP workers, Clients’ IP
addresses in an organization, their framework names and Oss, and
Internal IPs can likewise be gotten if NTP worker is in the
demilitarized zone.
● NTP enumeration tools are utilized to screen the working of SNTP
and NTP workers present in the organization and furthermore help
in the configuration and confirmation of availability from the time
customer to the NTP workers.

5. SMTP Enumeration:

● Mail frameworks ordinarily use SMTP with POP3 and IMAP that
empowers clients to spare the messages in the worker letter drop
and download them once in a while from the mainframe.
● SMTP utilizes Mail Exchange (MX) workers to coordinate the mail
through DNS. It runs on TCP port 25.
● SMTP provides 3 built-in commands: VRFY, EXPN, RCPT TO.
● These servers respond differently to the commands for valid and
invalid users from which we can determine valid users on SMTP
servers.
● Hackers can legitimately associate with SMTP through telnet brief
and gather a rundown of substantial clients on the mainframe.
● Hackers can perform SMTP enumeration using command-line
utilities such as telnet, netcat, etc., or by using tools such as
Metasploit, Nmap, NetScanTools Pro, etc.
6. DNS Enumeration using Zone Transfer:

● It is a cycle for finding the DNS worker and the records of an

objective organization.
● A hacker can accumulate significant organization data, for example,
DNS worker names, hostname, machine names, usernames, IPs, and
so forth of the objectives.
● In DNS Zone Transfer enumeration, a hacker tries to retrieve a copy
of the entire zone file for a domain from the DNS server.
● In order to execute a zone transfer, the hacker sends a zone transfer
request to the DNS server pretending to be a client, the DNS then
sends a portion of its database as a zone to you. This zone may
contain a ton of data about the DNS zone organization.

7. IPsec Enumeration:

● IPsec utilizes ESP (Encapsulation Security Payload), AH

(Authentication Header), and IKE (Internet Key Exchange) to make
sure about the correspondence between virtual private organization
(VPN) end focuses.
● Most IPsec-based VPNs use the Internet Security Association and
Key Management Protocol, a piece of IKE, to establish, arrange,
alter, and erase Security Associations and cryptographic keys in a
VPN climate.
● A straightforward checking for ISAKMP at the UDP port 500 can
demonstrate the presence of a VPN passage.
● Hackers can research further utilizing an apparatus, for example,
IKE-output to identify the delicate information including encryption
and hashing calculation, authentication type, key conveyance
calculation, and so forth.
8. VoIP(Voice over IP) Enumeration:

● VoIP uses the SIP (Session Initiation Protocol) protocol to enable

voice and video calls over an IP network.
● SIP administration by and large uses UDP/TCP ports 2000, 2001,
5050, 5061.
● VoIP enumeration provides sensitive information such as VoIP
gateway/servers, IP-PBX systems, client software, and user
extensions.
● This information can be used to launch various VoIP attacks such as
DoS, Session Hijacking, Caller ID spoofing, Eavesdropping,
Spamming over Internet Telephony, VoIP phishing, etc.

9. RPC Enumeration:

● Remote Procedure Call permits customers and workers to impart in

disseminated customer/worker programs.
● Counting RPC endpoints empower aggressors to recognize any
weak administrations on these administration ports.
● In networks ensured by firewalls and other security establishments,
this portmapper is regularly sifted. Along these lines, hackers filter
high port reaches to recognize RPC administrations that are
available to coordinate an assault.

10. Unix/Linux User Enumeration:

● One of the most vital steps for conducting an enumeration is to

perform this kind of enumeration. This provides a list of users along
with details like username, hostname, start date and time of each
session, etc.
● We can use command-line utilities to perform Linux user
enumeration like users, rwho, finger, etc.

11. SMB Enumeration:

● SMB list is significant expertise for any pen-tester. Prior to figuring

out how to count SMB, we should initially realize what SMB is. SMB
represents server message block.
● It’s a convention for sharing assets like records, printers, by and
large, any asset which should be retrievable or made accessible by
the server. It fundamentally runs on port 445 or port 139 relying
upon the server.
● It is quite accessible in windows, so windows clients don’t have to
arrange anything extra as such other than essential set up. In Linux
in any case, it is somewhat extraordinary. To make it work for Linux,
you have to introduce a samba server since Linux locally doesn’t
utilize SMB convention.
● Clearly, some kind of confirmation will be set up like a username
and secret word, and just certain assets made shareable. So dislike
everybody can get to everything, a solid confirmation.
● The main evident defect is utilizing default certifications or
effectively guessable and sometimes even no verification for access
of significant assets of the server. Administrators should make a
point to utilize solid passwords for clients who need to get to assets
utilizing SMB. The subsequent blemish is the samba server. Samba
servers are infamous for being hugely vulnerable.

Mitigation Of Different Types Of Enumeration

There are several countermeasures which can be taken into account for the
mitigation of several kinds of enumeration:
1. NetBIOS Enumeration:

● Disable SMB and NetBIOS.

● Use a network firewall.
● Prefer Windows firewall/ software firewalls.
● Disable sharing.

2. SNMP Enumeration:

● Eliminate the specialist or shut off the SNMP administration.

● In the event that stopping SNMP isn’t a choice, at that point change
the default network string names.
● Move up to SNMP3, which encodes passwords and messages.
● Actualize the Group Policy security alternative.

3. LDAP Enumeration:

● Utilize SSL technology to encrypt the traffic.

● Select a username unique in relation to your email address and
empower account lockout.

4. NTP Enumeration:

● Configure MD5 Layer.

● Configure NTP Authentication.
● Upgrade NTP version.

5. SMTP Enumeration:

● Ignore email messages to unknown recipients.

● Disable open relay feature.
● Breaking point the number of acknowledged associations from a
source to forestall brute force exploits.
● Not to include sensitive mail server and localhost information in mail
responses.

6. DNS Enumeration Using Zone Transfer:

● Incapacitate the DNS Zone moves to the untrusted hosts.

● Make sure that the private hosts and their IP addresses are not
published in DNS zone files of the public DNS server.
● Use premium DNS regulation services that hide sensitive
information such as host information from the public.
● Utilize standard organization administrator contacts for DNS
enlistment to maintain a strategic distance from social designing
assaults.
● Avoid publishing Private IP address information into the zone file.
● Disable Zone Transfer for untrusted hosts.
● Hide Sensitive information from public hosts.

7. IPsec Enumeration:

● Preshared keys utilized with both fundamental and forceful mode

IKE key trade components are available to sniffing and disconnected
savage power granulating assaults to bargain the shared mystery.
You should utilize advanced testaments or two-factor validation
components to refute these dangers.
● Pre-shared keys and forceful mode IKE uphold is a catastrophe
waiting to happen. On the off chance that you should uphold
forceful mode IKE, utilize advanced declarations for verification.
● Forcefully firewall and channel traffic coursing through VPN
encrypted tunnel so that, in case of a trade-off, network access is
restricted. This point is particularly significant while giving versatile
clients network access, instead of branch workplaces.
● Where conceivable, limit inbound IPsec security relationship to
explicit IP addresses. This guarantees that regardless of whether an
aggressor bargains a preshared key, she can only with significant
effort access the VPN.

8. VoIP (Voice over IP) Enumeration:

● This hack can be smothered by actualizing SIPS (SIP over TLS) and
confirming SIP queries and reactions (which can incorporate
uprightness insurance).
● The utilization of SIPS and the verification of reactions can stifle
many related hacks including eavesdropping and message or client
pantomime.
● The utilization of digest confirmation joined with the utilization of
TLS between SIP telephones and SIP intermediaries can give a
station through which clients can safely validate inside their SIP
domain.
● Voicemail messages can be changed over to message records and
parsed by ordinary spam channels. This can just shield clients from
SPIT voicemails.

9. RPC Enumeration:

● Try not to run rexd, users, or rwalld RPC administrations, since they
are of negligible utilization and give aggressors both valuable data
and direct admittance to your hosts.
● In high-security conditions, don’t offer any RPC administrations to
the public Internet. Because of the unpredictability of these
administrations, almost certainly, zero-day misuse contents will be
accessible to assailants before fixed data is delivered.
● To limit the danger of inner or confided in hacks against vital RPC
administrations, (for example, NFS segments, including statd, lockd,
and mountd), introduce the most recent seller security patches.
● Forcefully channel egress traffic, where conceivable, to guarantee
that regardless of whether an assault against an RPC administration
is effective, an associate back shell can’t be brought forth to the
hacker.

10. Unix/Linux User Enumeration:

● Keep the kernel fixed and refreshed.

● Never run any service as root except if truly required, particularly the
web, information base, and record mainframes.
● SUID digit ought not to be set to any program which lets you
getaway to the shell.
● You should never set SUID cycle on any record
supervisor/compiler/mediator as an aggressor can undoubtedly
peruse/overwrite any documents present on the framework.
● Try not to give sudo rights to any program which lets you break to
the shell.

11. SMB Enumeration:

● Impair SMB convention on Web and DNS mainframes.

● Debilitate SMB convention web confronting mainframes.
● Handicap ports TCP 139 and TCP 445 utilized by the SMB
convention.
● Restrict anonymous access through the RestrictNull Access
parameter from the Windows Registry.
How Enumeration Gives an Attacker Access to Sensitive
Data?
Enumeration is a strong tool in the context of an adversary since the latter
gets the possibility to collect as many specific data as possible in relation to
the object under attack. Once a connection with the target host is
established, the attacker can extract sensitive data such as:

● Usernames and Passwords: Sometimes, through gaining knowledge

of the passwords and username, an attacker can easily penetrate
into several systems.
● Network Shares and Resources: Knowledge about shared folder,
files and devices is good news to the attacker as they can take
advantage of that or even gain further hold.
● Configuration Settings: Additional, one may discover
misconfigurations in security settings that gives the attackers,
potential points of entry.
● System Architecture Details: Getting to know the actual structure of
the used system allows the attacker to better adapt in his actions.

The Enumeration Step of Security Testing

In security testing especially in penetration testing enumeration is an
important phase that follows reconnaissance. In this phase, which often
involves whistle blowing, testers escalate their function and seek to obtain as
much information about the target system as they can. The end product is to
look for the blind spots that can be exploited by a malicious user in order to
compromise the system.

Key activities in the enumeration phase include:

● Identifying User Accounts: Finding legitimate usernames and if
possible, the passwords to go with them.
● Mapping Network Resources: Identifying hidden resources, services
and device on the network.
● Extracting Configuration Data: They involve collecting information
on the settings of the system, established security policies as well
as the security measures in place.
● Detecting Running Services: Gleaning service running and open
ports which are potential gateway for an attack.

Conclusion
Gathering is the identification of targets and giving valuable data about their
security state, which is a significant step in the evaluation of security. It is a
useful resource for ethical hackers and security personnel to monitor for likely
risks but at the same time is dangerous if employed by crooks. When
enumeration is used and understood well and efforts are made to prevent
unauthorized access to such information, then most systems cannot be
compromised. Proper configuration management and some security tests
such as penetration testing should be frequently done in order to secure such
vital resources.

Types of Enumeration -FAQs

What is the difference between reconnaissance and enumeration?

Scouting is the preliminary step in acquisition of information normally done
through observation and often without interference. Enumeration is, on the
other hand, a proactive action whereby the attacker interacts with the target
to gain more specific information such as username and network shares
among others.

What tools are commonly used for enumeration?

It involves in the use of various tools such as Nmap, Netcat, Enum4linux,

Nessus during the enumeration phase. These tools aids in determination of
open ports, running services, user accounts among other useful information
of the target system.

How can organizations defend against enumeration attacks?

enumeration attacks can be prevented by employing tough security
measures such as disabling of such services, using very complex passwords,
use of firewall and updated patching. Another solution is associated with the
reduction of the amount of information returned in the error messages as
well.

Is enumeration legal?

It is legal to enumerate when it is done in the course of security assessments

where the target organization has provided consent. This is legal but
enumeration without permission is prohibited and is considered as malicious
activity in the ordinary sense of the word.

Why is enumeration considered a high-risk activity in cybersecurity?

Enumeration is in fact classified as a high-risk procedure because it offers a
variety of information that may be used to attack the target. It becomes
disastrous if attackers get access to the usernames, passwords, and other
system configurations because the attackers can freeze the entire network or
system.

Advanced Persistent Threat ( APT) : Working,

Characteristics, Detection and Protection
Last Updated : 08 Jul, 2024

Advanced Persistent Threat (APT) is a prolonged and targeted cyberattack

where hackers gain unauthorized access to a network and remain undetected
for an extended period. Advanced Persistent Threat (APT) is like a stealthy
burglar who breaks into a house and stays hidden for a long time, carefully
stealing valuable items without being noticed.
These Advanced Persistent Threats (APT) are sophisticated, using stealthy
methods to avoid detection while continuously gathering sensitive information.
APTs often target high-value organizations, aiming to steal valuable data or
disrupt operations. Unlike common cyber-attacks APTs are patient and
methodical, making them especially dangerous and hard to eliminate. The
advanced techniques used in Advanced Persistent Threats (APT) make them
a significant threat in cybersecurity, requiring robust defense strategies to
protect against these persistent and evolving dangers.
In this article we will explore about Advanced persistent Threat (APT), their
working, characteristics along with the ways to detect them and protect
yourself form them
Advanced Persistent Threat

Table of Content
● What is an Advanced Persistent Threat ( APT)?
● Working of an Advanced Persistent Threat
● Characteristics of the Advanced Persistent Threat
● How to detect the Advanced Persistent Threat?
● How to be protected from Advanced Persistent threat?
● Some Famous Advanced Persistent Threat (APT) attacks

What is an Advanced Persistent Threat ( APT)?

APT is a highly skilled hacker or group of hackers who infiltrate a computer
system or network, often for political or financial reasons. In this method the
attacker/intruder gains access to the network and stays for a longer period of
time. The goal of the advanced persistent threat is to maintain access and to
get data as much as possible.
When the attackers are using the Advanced Persistent Threat, the targets are
chosen carefully, and they are properly researched. To execute the APT, the
attacker requires more resources.
This advanced persistent threat is not like any traditional cybersecurity threat,
they differ from that :
● They are more complicated.
● When the network gets infiltrated by the attacker, they stay for a
longer period of time to get data as much as possible.

The attacker may have accessed the network, but there is a high chance of
getting detected. So in order to maintain access for a longer period of time,
the hacker tends to use some advanced methods, rewriting malicious script
and other sophisticated techniques.

Note : Advanced Persistent Threat is difficult to identify. This is why

cybersecurity professionals always observe if there is any problem or if the
network has become the target of an APT attack.

Working of an Advanced Persistent Threat

These are steps that the attacker performs in Advanced Persistent
Threat(APT) to gain unauthorized access and maintain access on the network
which are as follows :
1. Gain access : The attackers can gain access through the network.
This is done through spear-phishing email or other methods where
the attacker’s main intention is to insert the malicious software into
the target network.
2. Broadening its access : When the access part is done by the
attacker, they start exploiting the malware. This exploiting of malware
makes the attacker move around without even getting detected.
3. Gaining more access : When the attacker has gained access to the
network, they may use some ways like password cracking to get the
administrative rights. This will allow the attacker to get more control
of the system and get access at a deeper level.
4. Move at will : When the attacker has breached all the system and got
the administrative rights they can move around.
5. Harvesting of data : When the attackers are in the system, they start
harvesting the data and store those data on their own system. They
can remain in the system for a longer period of time until they are
detected.

Characteristics of the Advanced Persistent Threat

The main focus of Advanced Persistent Threat (APT) cyber-attack is to gain
unauthorized access to a computer network and stay there undetected for a
long time.
1. Advanced Techniques : Advanced Persistent Threat (APTs) often use
sophisticated techniques such as social engineering, zero-day
exploits, and custom malware to gain access and maintain
persistence in a network.
2. Persistence : Advanced Persistent Threat (APTs) are designed to
remain undetected for long periods of time, allowing hackers to
maintain access and continue to steal data or perform other
malicious activities.
3. Targeted : Advanced Persistent Threat (APTs) are targeted attacks,
with attackers carefully selecting their targets based on their value
and potential for success.
4. Data Exfiltration : Advanced Persistent Threat (APTs) are designed
to steal sensitive data, which is then exfiltrated out of the targeted
network to the attacker’s system.

How to detect the Advanced Persistent Threat?

Detecting an Advanced Persistent Threat (APT) is an extensive task that
require carefully monitoring the system. Here are some simple steps to detect
an APT:
● Unusual Activity: Look for strange behavior on your computer or
network, like files being accessed at odd times or unusual data
transfers.
● System Slowdowns: Notice if your computer or network is slower
than usual, which could mean an APT is using resources secretly.
● Unknown Programs: Check for any unfamiliar programs or software
running on your devices that you didn’t install.
● Login Alerts: Set up alerts for unusual login attempts, especially from
unknown locations or at odd hours.
● Regular Scans: Use security software to regularly scan for and
identify any malicious activities or software.
● Monitor Changes: Keep an eye on changes to important files and
settings that you didn’t make, as these could be signs of tampering.

How to be protected from Advanced Persistent threat?

Protecting your system from an Advanced Persistent Threat (APT) is like
securing your home with strong locks and alarms. Here are some easy steps
to keep your computer safe:
● Use Strong Passwords: Create strong, unique passwords for each
account and change them often.
● Enable Two-Factor Authentication: Add extra security by using
two-factor authentication (2FA), which requires a second verification
step, like a text code.
● Keep Software Updated: Regularly update your operating system,
apps, and security software to fix weaknesses.
● Install Antivirus: Use good antivirus software to detect and block
threats.
● Use Firewalls: Set up firewalls to block unauthorized access to your
network.
● Back Up Data: Regularly back up important files to an external drive
or cloud storage to prevent data loss.
● Monitor Activity: Keep an eye on your network for any unusual
activity.
● Limit Access: Only give access to sensitive information to those who
need it and restrict administrative rights.
● Secure Remote Access: Use secure methods like VPNs when
accessing your network remotely.

Some Famous Advanced Persistent Threat (APT) attacks

● Stuxnet (2010): This attack targeted Iran’s nuclear facilities,
specifically the Natanz uranium enrichment plant, causing significant
damage to centrifuges. It is believed to have been a joint operation
by the United States and Israel.
● APT1 (2006-2013): A cyber-espionage group linked to the Chinese
military, which targeted over 141 companies worldwide across
various industries, stealing vast amounts of data and intellectual
property.
● Operation Aurora (2009): A series of cyber attacks originating from
China, targeting major corporations such as Google, Adobe, and
other high-profile firms to steal intellectual property and gain access
to internal networks.
● DarkHotel (2007-present): An ongoing campaign that targets
business executives staying at luxury hotels, using hotel Wi-Fi
networks to deliver malware and steal sensitive information.
● Operation Shady RAT (2006-2011): A widespread cyber-espionage
campaign that targeted more than 70 organizations, including
government agencies, corporations, and non-profits, stealing
sensitive data and intellectual property.
● APT28 (Fancy Bear, 2007-present): A Russian cyber-espionage
group known for targeting government, military, security
organizations, and media, including interference in the 2016 US
presidential election.
● Operation Night Dragon (2009-2011): A series of cyber attacks
targeting global oil, energy, and petrochemical companies, aimed at
stealing sensitive information and intellectual property. The attacks
were traced back to China.
● APT33 (2013-present): An Iranian cyber-espionage group that has
targeted aerospace, defense, and energy sectors, primarily in the
United States and Saudi Arabia, using sophisticated malware to steal
data and disrupt operations.

What is Malware? And its Types

Last Updated : 23 Jul, 2024

Malware is malicious software and refers to any software that is designed to

cause harm to computer systems, networks, or users. Malware can take many
forms. Individuals and organizations need to be aware of the different types of
malware and take steps to protect their systems, such as using antivirus
software, keeping software and systems up-to-date, and being cautious when
opening email attachments or downloading software from the internet.

What is Malware?
Malware is software that gets into the system without user consent to steal the
user’s private and confidential data, including bank details and passwords.
They also generate annoying pop-up ads and change system settings.
Malware includes computer viruses, worms, Trojan horses, ransomware,
spyware, and other malicious programs. Individuals and organizations need to
be aware of the different types of malware and take steps to protect their
systems, such as using antivirus software, keeping software and systems
up-to-date, and being cautious when opening email attachments or
downloading software from the internet.

What Does Malware Do?

Malware is designed to harm and exploit your computer or network. It can
steal sensitive information like passwords and credit card numbers, disrupt
your system’s operations, and even allow attackers to gain unauthorized
access to your device. Some types of malware, such as ransomware, encrypt
your files and demand payment to unlock them, while spyware monitors your
activities and sends the information back to the attacker. Additionally, malware
can spread to other devices on the same network, making it a significant
threat. Protecting your devices with up-to-date antivirus software and being
cautious about your open links and attachments can help mitigate these risks.

Why Do Cybercriminals Use Malware?

● Cybercriminals use malware, including all forms of malicious
software including viruses, for various purposes.
● Using deception to induce a victim to provide personal information for
identity theft
● Theft of customer credit card information or other financial
information
● Taking over several computers and using them to launch
denial-of-service attacks against other networks
● Using infected computers to mine for cryptocurrencies like bitcoin.

Types of Malware
● Viruses – A Virus is a malicious executable code attached to another
executable file. The virus spreads when an infected file is passed
from system to system. Viruses can be harmless or they can modify
or delete data. Opening a file can trigger a virus. Once a program
virus is active, it will infect other programs on the computer.
● Worms – Worms replicate themselves on the system, attaching
themselves to different files and looking for pathways between
computers, such as computer network that shares common file
storage areas. Worms usually slow down networks. A virus needs a
host program to run but worms can run by themselves. After a worm
affects a host, it is able to spread very quickly over the network.
● Trojan horse – A Trojan horse is malware that carries out malicious
operations under the appearance of a desired operation such as
playing an online game. A Trojan horse varies from a virus because
the Trojan binds itself to non-executable files, such as image files,
and audio files.
Types of Malware

● Ransomware – Ransomware grasps a computer system or the data

it contains until the victim makes a payment. Ransomware encrypts
data in the computer with a key that is unknown to the user. The user
has to pay a ransom (price) to the criminals to retrieve data. Once
the amount is paid the victim can resume using his/her system.
● Adware – It displays unwanted ads and pop-ups on the computer. It
comes along with software downloads and packages. It generates
revenue for the software distributer by displaying ads.
● Spyware – Its purpose is to steal private information from a computer
system for a third party. Spyware collects information and sends it to
the hacker.
● Logic Bombs – A logic bomb is a malicious program that uses a
trigger to activate the malicious code. The logic bomb remains
non-functioning until that trigger event happens. Once triggered, a
logic bomb implements a malicious code that causes harm to a
computer. Cybersecurity specialists recently discovered logic bombs
that attack and destroy the hardware components in a workstation or
server including the cooling fans, hard drives, and power supplies.
The logic bomb overdrives these devices until they overheat or fail.
● Rootkits – A rootkit modifies the OS to make a backdoor. Attackers
then use the backdoor to access the computer distantly. Most rootkits
take advantage of software vulnerabilities to modify system files.
● Backdoors – A backdoor bypasses the usual authentication used to
access a system. The purpose of the backdoor is to grant cyber
criminals future access to the system even if the organization fixes
the original vulnerability used to attack the system.
● Keyloggers – Keylogger records everything the user types on his/her
computer system to obtain passwords and other sensitive
information and send them to the source of the keylogging program.

How To Know If Our Devices Are Infected With Malware?

● Performing poorly on the computer by execution.
● When your web browser directs you to a website you didn’t intend to
visit, this is known as a browser redirect.
● Warnings about infections are frequently accompanied by offers to
buy a product to treat them.
● Having trouble starting or shutting down your computer.
● Persistent pop-up ads.

How To Protect From Malware?

● Update your operating system and software. Install updates as soon
as they become available because cybercriminals search for
vulnerabilities in out-of-date or outdated software.
● Never click on a popup’s link. Simply click the “X” in the message’s
upper corner to close it and leave the page that generated it.
● Don’t install too many apps on your devices. Install only the apps you
believe you will regularly use and need.
● Be cautious when using the internet.
● Do not click on unidentified links. If a link seems suspicious, avoid
clicking it whether it comes from an email, social networking site, or
text message.
● Choose the websites you visit wisely. Use a safe search plug-in and
try to stick to well-known and reputable websites to avoid any that
might be malicious without your knowledge.
● Emails requesting personal information should be avoided. Do not
click a link in an email that appears to be from your bank and asks
you to do so in order to access your account or reset your password.
Log in immediately at your online banking website.

How To Remove Malware?

A large number of security software programs are made to both find and stop
malware as well as to eliminate it from infected systems. An antimalware tool
that handles malware detection and removal is Malwarebytes. Malware can
be eliminated from Windows, macOS, Android, and iOS operating systems. A
user’s registry files, currently running programs, hard drives, and individual
files can all be scanned by Malwarebytes. Malware can then be quarantined
and removed if it is found. Users cannot, however, set automatic scanning
schedules like they can with some other tools.

Tools Used to Remove Malware

● Malwarebytes
● SUPERAntiSpyware
● Malicious Software Removal Tool (MSRT)
● Bitdefender Antivirus Free Edition
● Adaware Antivirus Free
● Avast Free Mac Security

Advantages of Detecting and Removing Malware

● Improved Security: By detecting and removing malware, individuals,
and organizations can improve the security of their systems and
reduce the risk of future infections.
● Prevent Data Loss: Malware can cause data loss, and by removing
it, individuals and organizations can protect their important files and
information.
● Protect Reputation: Malware can cause harm to a company’s
reputation, and by detecting and removing it, individuals and
organizations can protect their image and brand.
● Increased Productivity: Malware can slow down systems and make
them less efficient, and by removing it, individuals and organizations
can increase the productivity of their systems and employees.

Disadvantages of Detecting and Removing Malware

● Time-Consuming: The process of detecting and removing malware
can be time-consuming and require specialized tools and expertise.
● Cost: Antivirus software and other tools required to detect and
remove malware can be expensive for individuals and organizations.
● False Positives: Malware detection and removal tools can sometimes
result in false positives, causing unnecessary alarm and
inconvenience.
● Difficulty: Malware is constantly evolving, and the process of
detecting and removing it can be challenging and require specialized
knowledge and expertise.
● Risk of Data Loss: Some malware removal tools can cause
unintended harm, resulting in data loss or system instability.

What is a Threat?
Threats are actions carried out primarily by hackers or attackers with
malicious intent, to steal data, cause damage, or interfere with computer
systems. A threat can be anything that can take advantage of a vulnerability
to breach security and negatively alter, erase, or harm objects. A threat is any
potential danger that can harm your systems, data, or operations. In
cybersecurity, threats include activities like hacking, malware attacks, or data
breaches that aim to exploit vulnerabilities.

Recognizing and understanding these threats is crucial for implementing

effective security measures. By identifying potential threats, you can better
protect your sensitive information and maintain the integrity of your digital
assets. Effective threat management is key to maintaining a secure and
resilient cybersecurity posture.

What is Information Security?

Information security is the practice of protecting information by mitigating
information risks. It involves protecting information systems and the
information processed, stored, and transmitted by these systems from
unauthorized access, use, disclosure, disruption, modification, or destruction.
This includes the protection of personal information, financial information,
and sensitive or confidential information stored in both digital and physical
forms. Effective information security requires a comprehensive and
multi-disciplinary approach, involving people, processes, and technology.

Principles of Information Security

Information Security programs are built around 3 objectives, commonly
known as CIA – Confidentiality, Integrity, and Availability.

● Confidentiality – means information is not disclosed to unauthorized

individuals, entities and process. For example if we say I have a
password for my Gmail account but someone saw while I was doing
a login into Gmail account. In that case my password has been
compromised and Confidentiality has been breached.
● Integrity – means maintaining accuracy and completeness of data.
This means data cannot be edited in an unauthorized way. For
example if an employee leaves an organisation then in that case
data for that employee in all departments like accounts, should be
updated to reflect status to JOB LEFT so that data is complete and
accurate and in addition to this only authorized person should be
allowed to edit employee data.
● Availability – means information must be available when needed.
For example if one needs to access information of a particular
employee to check whether employee has outstanded the number
of leaves, in that case it requires collaboration from different
organizational teams like network operations, development
operations, incident response and policy/change management.
Denial of service attack is one of the factor that can hamper the
availability of information.

Common Information Security Threats

● Virus: They have the ability to replicate themselves by hooking them
to the program on the host computer like songs, videos etc and then
they travel all over the Internet. The Creeper Virus was first
detected on ARPANET. Examples include File Virus, Macro Virus,
Boot Sector Virus, Stealth Virus etc.
● Worms: Worms are also self-replicating in nature but they don’t
hook themselves to the program on host computer. Biggest
difference between virus and worms is that worms are
network-aware. They can easily travel from one computer to
another if network is available and on the target machine they will
not do much harm, they will, for example, consume hard disk space
thus slowing down the computer.
● Bots: Bots can be seen as advanced form of worms. They are
automated processes that are designed to interact over the internet
without the need for human interaction. They can be good or bad.
Malicious bot can infect one host and after infecting will create
connection to the central server which will provide commands to all
infected hosts attached to that network called Botnet.
● Adware: Adware is not exactly malicious but they do breach privacy
of the users. They display ads on a computer’s desktop or inside
individual programs. They come attached with free-to-use software,
thus main source of revenue for such developers. They monitor your
interests and display relevant ads. An attacker can embed malicious
code inside the software and adware can monitor your system
activities and can even compromise your machine.
● Spyware: It is a program or we can say software that monitors your
activities on computer and reveal collected information to an
interested party. Spyware are generally dropped by Trojans, viruses
or worms. Once dropped they install themselves and sits silently to
avoid detection. One of the most common example of spyware is
KEYLOGGER. The basic job of keylogger is to record user keystrokes
with timestamp. Thus capturing interesting information like
username, passwords, credit card details etc.
● Ransomware: Ransomware is type of malware that will either
encrypt your files or will lock your computer making it inaccessible
either partially or wholly. Then a screen will be displayed asking for
money i.e. ransom in exchange.
● Scareware: It masquerades as a tool to help fix your system but
when the software is executed it will infect your system or
completely destroy it. The software will display a message to
frighten you and force to take some action like pay them to fix your
system.
● Rootkits: Rootkits are designed to gain root access or we can say
administrative privileges in the user system. Once gained the root
access, the exploiter can do anything from stealing private files to
private data.
● Zombies – They work similar to Spyware. Infection mechanism is
same but they don’t spy and steal information rather they wait for
the command from hackers.

Information Security Solutions

● Data Security Solutions: These protect sensitive data from
unauthorized access. Examples include encryption, access controls,
and data loss prevention tools.
● Network Security: Focuses on securing communication channels and
devices within a network. Firewalls, intrusion detection systems, and
VPNs fall into this category.
● Endpoint Security: Protects individual devices (e.g., laptops,
smartphones) from threats. Antivirus software and device
management tools are common here.
● Cloud Security: Ensures data security in cloud environments.
Encryption, access controls, and monitoring play key roles.
● Identity and Access Management (IAM): Manages user access to
systems and data. IAM solutions include single sign-on (SSO) and
multi-factor authentication (MFA).
● Security Information and Event Management (SIEM): Security
Information and Event Management (SIEM) Collects and analyzes
security-related data to detect and respond to threats.
● Physical Security: Protects physical assets (e.g., servers, data
centers) through access controls, surveillance, and alarms.

Conclusion
In conclusion, information security is an important field that protects data and
systems against a wide range of risks such as viruses, worms, ransomware,
and more. Data, network, endpoint, cloud, application, identity, and physical
security measures must all be considered to provide effective security.
Organizations may protect their data’s confidentiality, integrity, and
availability by understanding and addressing these risks.

VIRUS Full Form

Last Updated : 17 Sep, 2024

The world is digitally evolving day by day. With the introduction of Artificial
Intelligence, Cloud Computing Systems tasks have become more automated
and we have become heavily dependent on digital data. But it is also
required to protect the information as they are susceptible to malware
attacks and hence the concept of Cybersecurity arises.

What is a Full Form of VIRUS?

Virus stands for Vital Information Resources Under Seize. A virus is a
malicious program or software whose aim is to harm or damage the data. It is
a type of malware that can be compared to any biological virus. Just as
biological viruses range in severity and type of infection, computer viruses
follow a similar trend. It can display annoying pop-up messages computer
system. Computer viruses need a host program. As we all know that virus is
a code so it writes the code on the host program. When the host program
gets executed, the infection starts. Viruses can replicate themselves using
the host program. The study of computer viruses can be traced back to 1949
when the first virus was developed in 1971, also known as the ‘Creeper
Program’.
Common Signs of Computer Viruses

There are some common signs of computer viruses:

● Pop-up ads from unidentified websites can appear if a computer has

been infected with viruses.
● System freezes or crashes are a common issue as viruses usually
damage the hard drives.
● The computer becomes slow all of a sudden.
● Viruses can delete or modify files.
● It can occurs the free disk space that is available on the computer.

Types of Viruses
There are different types of viruses:

● Boot sector virus: This virus affects the booting part of the computer.
Every time the computer boots the virus gets loaded and it infects
the floppy discs and other devices.
● Encrypted Virus: As the name suggests the program is in encrypted
format and hence it is difficult to detect. Before infecting, the virus is
decrypted so that it can execute itself.
● Email Virus: These types of viruses use emails as a medium to get
transferred. When the user clicks on the link or message, the virus
gets downloaded and it starts infecting the system.
● File Infector Virus: All of the computer’s executable files are
impacted by this virus. It can modify or delete the files.
● Polymorphic Virus: Polymorphic means many forms. This virus can
change into many forms and can infect it accordingly which makes it
very difficult to get detected.

Advantages of Computer Viruses

● Recognizing Security Vulnerabilities: The study of viruses aids in the
discovery and correction of vulnerabilities in networks and operating
systems.
● Fostering Innovation in Cybersecurity: The ongoing risk posed by
viruses serves as a catalyst for advancements in antivirus software
and system defences.
● Awareness and Education: People learn more about safe computing
techniques, like creating secure passwords and staying away from
dubious websites.
● Enhancing System Resilience: As a result of the ongoing threat
posed by viruses, companies and developers have been forced to
build stronger, more resilient systems, which has improved
cybersecurity infrastructure as a whole.
● Testing Network Defences: In cybersecurity training, simulated
viruses are occasionally used to assess an organization’s defences’
effectiveness and enhance incident response plans.

Disadvantages of Computer Viruses

● Data Loss: A virus has the ability to destroy or erase crucial files,
which results in a large loss of data.
● System Slowdowns: Viruses eat up system resources, slowing down
the operation of gadgets.
● Financial Costs: Downtime, maintenance, and lost data can cost
businesses money.
● Privacy Vulnerabilities: Certain viruses can pilfer personal data,
which can result in fraud or identity theft.
● Rapid Network Spread: Viruses can spread quickly once they’re
within a network, infecting several devices and causing serious
system damage or downtime.
● Damage to Reputation: For businesses, virus attacks can lead to loss
of customer trust and reputation damage, especially if sensitive
information is compromised.

How To Prevent Computer Virus?

Viruses can cause huge financial losses to organizations and can raise the
question of trust issues if not handled properly. Therefore it is necessary to
take precautions. Some of them are as follows:

● Antivirus: An antivirus is a software program that can detect viruses

or malicious programs. It can also remove viruses. Therefore it is
strongly recommended to use Antivirus.
● Update the software: Always update the software on a regular basis
as it can fix the security patches or other bugs available in the
software.
● Scan your files: Before downloading any File from the Internet, it is
advisable to scan the files as scan checks for embedded viruses.
● Do not click on unknown Links: Nowadays viruses are embedded in
websites as well. So always check the URLs or do not click on
suspicious links.
● Backup: Backup is the copying of files and folders to a secondary
location so that the users can have access to it in case if any attack
happens. Always keep a secondary backup of our personal
information.

Frequently Asked Questions on VIRUS Full Form -FAQs

What is the main purpose of a computer virus?

A virus’s primary goals are to corrupt data, interfere with a system’s normal
operation, and spread to other devices.

How can I protect my computer from viruses?

Using antivirus software, keeping your system updated on a regular basis,

staying away from dubious downloads and links, and exercising caution
while opening email attachments are all ways to safeguard your computer.

Can viruses spread without user intervention?

The majority of viruses demand human engagement in order to function, such
opening an email attachment or starting a program. Worms are one type of
malware that can spread automatically, though.

What should I do if my computer gets infected?

If your computer is compromised, turn off the internet right once, use
antivirus software to do a thorough system scan, and delete any
compromised data. In extreme circumstances, think about reformatting your
system or get expert assistance.

Are mobile devices vulnerable to viruses?

Yes, viruses can also infect smartphones and tablets, particularly if untrusted
sources are used to download programs or if security fixes are not installed
on the device.

What is a Rootkit?
Last Updated : 29 Jul, 2024

The term rootkit is derived from the words "root" and "kit." The phrases "root,"
"admin," "superuser," and "system admin" all refer to a user account with
power of administration in an operating system. Meanwhile, "kit" refers to a
collection of software tools. So, a rootkit is a collection of tools that grants
someone the most powerful capabilities in a system. Let's briefly discuss this.

What is a Rootkit?
A rootkit is a harmful software tool or program that allows a threat actor to
take remote control of and access to a computer or other system. While there
are actual applications for this kind of software, such as remote end-user
support, the majority of rootkits create a backdoor on victims' computers so
that harmful programs, such as viruses, ransomware, keylogger programs, or
other malware, can be introduced or the system can be used as a platform for
additional network security attacks. Rootkits commonly try to stop antivirus
and endpoint antimalware software from detecting harmful software.
Rootkits are available for purchase on the dark web. They can be used as a
social engineering technique that deceives users into granting permission for
the rootkits to be placed on their systems, or they can be installed as part of
scams. Once installed, the rootkits typically grant remote attackers admin
rights to the system. A rootkit grants the remote actor access to and control
over nearly every feature of the operating system (OS) once it is installed.
While most antimalware programs can now search for and remove rootkits
hidden within a system, older antivirus programmers sometimes have difficulty
identifying rootkits.
What Can a Rootkit Do?
Malicious software called a rootkit is created to covertly take over a computer
or network and get illegal access and control. To evade discovery, it has the
ability to change kernel functions, change system processes, and get around
security measures. Attackers may be able to monitor user activities, steal
confidential data, and run more malware with the help of rootkits. They are
especially difficult to find and eliminate as they have the ability to change
system settings in order to retain persistent access. Rootkits pose serious
security hazards because they threaten the integrity of operating systems and
applications by thoroughly embedding themselves into the system.

Rootkit Protection
● Antivirus and Anti-Malware Software: Use the most recent versions
of antivirus and anti-malware software to identify and get rid of
rootkits. Certain security tools include capabilities designed
specifically to identify rootkits.
● Regular System Updates: To fix security holes that rootkits may
exploit, make sure your operating system and apps are up to date.
● Behavior-Based Detection: Make use of software designed to keep
an eye on anomalous system activity, since this may point to the
existence of a rootkit.
● System Integrity Checks: To identify unauthorized modifications,
periodically confirm the accuracy of system files and settings.
● Least Privilege Principle: Limit user rights in accordance with the
least privilege principle to lessen the possible impact of a rootkit.

Well-Known Rootkit Examples

● Stuxnet: An advanced rootkit that manipulates industrial control
systems to undermine Iran's nuclear program.
● Alureon (TDSS): Known for its capacity to aviod detection and alter
system operations, Alureon (TDSS) is frequently utilized for financial
theft and the construction of botnets.
● Zeus: Mostly a banking Trojan, Zeus has the ability to conceal its
existence and keep control over compromised computers by utilizing
rootkit technology.
● Rootkit.Reveton: A rootkit for ransomware that poses as law
enforcement and demands ransom payments.
● Carberp: Known for its ability to steal data and operate stealthily, it
frequently targets financial data and uses rootkit tactics to evade
detection.

How Rootkits Work?

● Privilege Escalation: In order to obtain more privileges and a deep
degree of system control, rootkits frequently take use of security
holes or social engineering techniques.
● Installation: The rootkit installs itself and becomes deeply ingrained
in the system when access is obtained. To stay in control, it could
alter firmware, kernel modules, or system files.
● Hiding Techniques: Rootkits employ a number of strategies to evade
discovery. These include intercepting system calls to evade detection
by security software and concealing files, processes, or registry
entries.
● Persistence: Rootkits make sure they don't stop working when the
system restarts. They may change system settings to load at boot, or
they may install themselves in startup places.
● Nefarious Activities: They may carry out a number of malicious tasks,
such as data theft, user activity monitoring, and the introduction of
new viruses, when they have root access.

What Can be Compromised During a Rootkit Attack?

● System Integrity: Rootkits can alter or corrupt system files and
configurations, affecting the stability and reliability of the operating
system.
● Sensitive Data: Personal information, financial details, and
confidential documents can be stolen or manipulated by rootkits.
● User Privacy: Rootkits can monitor and record user activity, capturing
keystrokes, screenshots, or other private information.
● Network Security: They can create backdoors for remote access,
compromise network communications, or launch attacks on other
systems.
● System Performance: Rootkits may degrade system performance by
consuming resources or interfering with normal operations.

Symptoms of Rootkit Infection

● Performance Issues: Sluggish system performance, unexpected
slowdowns, or frequent crashes.
● Unusual Network Activity: Unexplained network traffic or connections
to unknown or suspicious IP addresses.
● System Instability: Frequent system errors, crashes, or unexpected
reboots.
● Altered Files: Unexpected changes to or disappearance of files, or
altered system configurations.
● Unrecognized Processes: Suspicious or unknown processes running
in the background, which may not be visible through standard task
managers.

Tips for Preventing a Rootkit Attack

● Keep Software Updated: Regularly update your operating system,
applications, and security software to patch vulnerabilities.
● Use Reliable Security Tools: Install and maintain reputable antivirus
and anti-malware software that includes rootkit detection capabilities.
● Enable Automatic Updates: Configure your system and applications
to automatically install updates and patches.
● Practice Safe Browsing: Avoid clicking on suspicious links,
downloading unknown files, or visiting untrusted websites.
● Implement Least Privilege: Use user accounts with minimal privileges
and avoid operating with administrative rights unless necessary.

How Rootkit Functions?

Rootkits are unable to spread on their own, thus they must infect systems
through covert techniques. When unaware consumers allow rootkit installer
programs to install on their systems, the rootkits install and remain hidden
until hackers activate them. Rootkits contain malicious software such as
banking credential stealers, password stealers, keyloggers, antivirus
disablers, and bots used in distributed denial-of-service attacks.
Rootkits are installed using the same common vectors as other malicious
software, such as email phishing campaigns, executable malicious files,
crafted malicious PDF or Microsoft Word documents, connecting to
compromised shared drives, or downloading rootkit-infected software from
risky websites.

Why are Rootkits so Dangerous?

● Rootkit viruses can spread using misleading threat vectors such as
faulty downloads, spam emails, and exploit kits. Some rootkits even
use Trojans such as Perkier malware to compromise a system's
security.
● They are stealthy With other types of malware, a deeply hidden
rootkit will not produce many symptoms. It may even avoid your
security software, making it difficult to fix. Some rootkits can only be
destroyed by formatting the storage disc and restarting the operating
system.
● They are eligible Rootkits, also referred to as the "Swiss Army Knives
of Malware" by some specialists because of their flexibility. Some
rootkit tools can steal login credentials and financial information,
disable security protocols, log keystrokes, and perform other
functions. Other rootkits allow a hacker to get backdoor access to a
machine and install more software. With the correct rootkit, a hacker
can convert a system into a bot and form a botnet to launch DDoS
(Distributed Denial-of-Service) assaults on websites.

Types of Rootkits

Bootloader rootkit
When you switch on a computer, the bootloader loads the operating system. A
bootloader rootkit infiltrates this mechanism, infecting your machine with
malware before the operating system is ready for use. Bootloader rootkits are
less of a threat currently, because of security mechanisms such as Secure
Boot.

Firmware rootkit

Firmware is a sort of software that gives basic control over the hardware it is
designed for. Firmware can be found on a wide range of equipment, including
mobile phones and washing machines. A firmware rootkit is difficult to detect
because it hides in firmware, where most cybersecurity tools do not look for
malware.

Kernel Rootkits

The kernel of your operating system functions similarly to the nervous system.
It's a key layer that helps with essential tasks. A kernel rootkit can be
disastrous since it targets a critical component of your computer and grants a
threat actor significant control over the system.

Memory rootkit

Memory rootkits live in your computer's RAM and can slow down your system
while doing malicious functions. You can usually erase a memory rootkit by
restarting your computer, as this clears all processes from your machine's
memory.

Application rootkit

An application rootkit may replace your ordinary files with rootkit code,
granting the rootkit creator access to your machine each time you execute the
infected files. However, this sort of malware is easier to detect because files
containing rootkits can act abnormally. In addition, your security tools have a
better chance of detecting them.

Examples of Rootkit Attacks

Phishing and social engineering attacks: Users who read spam emails and
unintentionally download malicious software put their PCs at risk of becoming
infected with rootkits. Rootkits also employ keyloggers to obtain user login
information. A rootkit, once installed, can allow hackers to access sensitive
user information and take control of computer operating systems.
Application rootkit attacks: Rootkits can install themselves on widely used
programs, such as word processing and spreadsheet programs. Hackers
employ application rootkits to acquire access to users' information every time
they open infected programs.
Network and Internet of Things (IoT) attacks: IoT devices and edge computing
present significant security risks since they lack the security protections that
other systems and centralized computers use. Hackers discover and attack
these flaws by adding rootkits through vulnerable points of entry. This allows a
rootkit to travel throughout a network, taking over PCs and workstations and
turning them into zombie machines under external control.
OS attacks: After getting into a system, a kernel mode rootkit can launch an
attack against the operating system. The assault may involve changing OS
functionality, decreasing system performance, and potentially accessing and
deleting data. Kernel mode rootkits often break down systems when a user
accidentally opens a malicious email or runs a download from an untrusted
source.
Credit card swipe and scan attacks: Criminals infected credit card swipers and
scanners with rootkits. The rootkits are designed to collect credit card
information and deliver it to servers controlled by hackers. To address this,
credit card companies have implemented chip-embedded cards, which are
more robust to attacks.

Popular Rootkit Examples

● Lane Davis and Steven Dake wrote the first known rootkit in the early
1990s.
● NTRootkit was one of the earliest malicious rootkits targeting the
Windows operating system.
● HackerDefender - this early Trojan modified/augmented the OS at
the lowest level of function calls.
● Machiavelli, the first rootkit for Mac OS X, was released in 2009. This
rootkit generates covert system calls and kernel threads.
● Greek wiretapping, In 2004/05, attackers built a rootkit that targeted
Ericsson's AXE PBX.
● Zeus, discovered in July 2007, is a Trojan horse that steals financial
information using man-in-the-browser keyboard tracking and form
capture.
● Stuxnet is the first known rootkit for industrial control systems.
● Flame is a computer malware that was found in 2012 that infects
machines using the Windows operating system. It can capture audio,
screenshots, keyboard activities, and network traffic.

Ransomware Explained: How It Works And How

To Prevent It
Last Updated : 01 Oct, 2024

Ransomware is a subcategory of malware that limits a computer system’s

access or encrypts files in exchange for payment. This can greatly affect both
people and enterprises and become a major reason for data loss, financial
and business risks, and damage to reputation. Ransomware attacks have
evolved in the last few years, so it is essential to know how ransomware is
developed, the various forms, and how organizations can stay safe from
them.

What is Ransomware?
Ransomware is a form of malicious software that prevents computer users
from accessing their data by encrypting it. Cybercriminals use it to ransom
money from individuals or organizations whose data they have hacked, and
they hold the data hostage until the ransom is paid. If the cybercriminals do
not pay the ransom within the specified time frame, the data may leak to the
public or be permanently damaged. One of the most serious issues that
businesses face is ransomware.

Businesses, individuals, and government organizations have all been victims

of ransomware attacks since the mid-2000s, with the recovery of their
systems costing large sums of money.

How Does a Computer Get Infected With Ransomware?

One of the most commonly used tactics is phishing. Attackers spread
malicious content using email, social media, advertisements, and website
pop-ups, among other methods. Let’s take some of these:

● Email Phishing: Cybercriminals use this approach to distribute

ransomware all the time. Emails are carefully constructed to mislead
the victim into clicking a link or opening an attachment. The
malicious file that attacks the system is contained in the link or
attachment, and when clicked, it will gain access to system files and
data. When malware infects a computer, it encrypts the files and, in
some circumstances, locks down the machine’s owner or users.
Other systems (computers and servers) connected to the network
will be infected with more sophisticated ransomware.
● Website Pop-ups: When you click on malicious pop-ups on random
websites, ransomware can infect your machine. Despite the fact that
not all website pop-ups are malicious, hackers use them to extort
money from their victims. Pop-ups from ransomware attackers often
prompt you to update a program on your computer or make you
believe that your system is infected with malware and that you need
to click a link to remove it.
● Remote Control Desktop: Remote Control Desktop was designed to
allow IT managers to access machines remotely for work purposes.
Despite the fact that it was set up with good intentions, hackers
have turned it into a money-making scheme. Port 3389 is used for
desktop control. Since port 3389 is open on many systems, hackers
can gain access to systems they identify as vulnerable. They will
gain access by trying to log in as administrators using brute-force
attacks. Cyber criminals will have full access to the computer and
will be able to encrypt any data as soon as they become an
administrator. Some cybercriminals go even further, disabling
endpoint protection or destroying Windows file backups.
● Drive-By Downloads: This method of compromising a user’s
machine occurs without the user’s knowledge- ransomware attacks
occur when a user visits a hacked website. The user does not need
to click on anything before the virus spreads. Drive-by downloads
on legal websites are commonly used by cybercriminals, especially
if the website is susceptible. On the other hand, other cybercriminals
create a website instead of breaking into one. When a visitor
accesses an actual website that has been infected with malware,
they will be redirected to another site that cybercriminals
completely control. Once the user’s PC is hacked, a ransom letter
will appear requesting money for system unblocking and file
decryption.

How to Stop Ransomware?

● Avoid Unverified Links: If you want to be safe, this is important.
Don’t open emails from unknown senders or those you haven’t
subscribed to. Also, stay away from unknown websites.
● Frequently Update Your Operating System and Software: Keeping
your operating system and software up to date can prevent
ransomware. If you update to the latest security fixes, you will
benefit from having them. This will result in cybercriminals having a
harder time finding vulnerable software.
● Make a System Backup: If your data is lost or compromised, having a
system backup can save you a lot of pain. Have it backed up both
locally and in the cloud. This is a simple way to ensure that
cybercriminals don’t get over your personal information. If your
machine is infected with a ransomware virus, the backup will allow
you to restore the system. Then, using your updated backup data,
you can fix it. Backing up your data in the cloud adds an extra layer
of security.
● Restrict Access To Your Data: This is accomplished by network
isolation, which is important in the face of various cyber threats.
Hackers are unable to gain easy access to data even when access is
restricted. In the case of a ransomware virus attack, an isolating
network protects the data.
● Disable vulnerable plug-ins: Hackers can easily damage your
system by using plug-ins like Flash. They can use them to infect
your machine and launch an attack. It exposes all your information
which can be used to extort money from you. Keeping your plug-ins
up to date is important to keep your system safe from virus attacks.
● File Extensions: From reputable sources, all documents/files must
have the appropriate viewable file extensions. It is important to keep
the system secure from downloading irrelevant documents from
unknown sources.
● In the Workplace, Ransomware Awareness: Most ransomware virus
attacks are caused by human errors. The answer is to ensure that
workers are aware of the problem and are adequately trained to
prevent and respond to it. Employees should be informed about the
many hacking tips available. They should be aware that clicking on
unfamiliar links or viewing harmful information can have serious
consequences. All links and attachments should be double-checked
and the source should be thoroughly checked before access.
Furthermore, ransomware virus attacks can take many different
forms. Phishing is only one of many types of attacks. Employees
working from home must be connected to the public or open Wi-Fi.
Hackers can easily gain access to these and launch attacks on your
machine.
● Create Strong Passwords: Weak passwords are very easy to crack.
When creating a password, don’t include information that’s easily
available, such as your date of birth. If you use the same password
for all your accounts, then hackers can gain access to your system.
Finally, when creating passwords, avoid using easily accessible
information. Some passwords contain information that can be easily
obtained through the victim’s social media accounts. These are
vulnerable, and even a novice hacker will be able to detect them in
no time. As a result, businesses and institutions must implement a
strong password policy to keep hackers out.

How Does Ransomware Work?

Ransomware operates more or less through a specific cycle before the
targeted user is fully aware that they have been diagnosed with a malware
infection.

Here’s a breakdown of the common stages:

● Infection: The primary attack vector is believed to occur through

phishing emails and other lures, links, drive-by downloads, and
compromised software. Targeted users install the ransomware into
their system without their knowledge.
● Execution: After installation of the malware, the program then
delivers a payload that circulates the system, searching for files of
value and then encrypting them with nearly uncrackable security
encryption.
● Encryption: Files are protected with the key known only by the
violator. The victims will receive a message or a warning that the
attackers want to get a ransom in exchange for the decryption key.
● Ransom Demand: The attacker shows the victim how the ransom is
to be paid, the usual from being anonymous form of currency being
bitcoins.
● Decryption (If Ransom Is Paid): If the victim agrees to pay, this sends
the decryption key to the attackers, but data retrievals may not be
recovered.

What Are the Different Types of Ransomware?

There are various types of ransomware, each with different tactics:

● Crypto Ransomware: This type infects files on the victims’ system

and then request for payment for the key that would decrypt the
files. It is widely employed by the attackers because of its high level
of encryption.
● Locker Ransomware: Unlike some other cyber threats that encrypt
files, locker ransomware leaves the user with no access to their
device or any of its functions, unless the ransom is paid.
● Scareware: Some of them pretend to have infected your PC and ask
you to pay to get the ‘problem’ solved, despite the fact there may
actually be no problem.
● Ransomware as a Service (RaaS): It is a business model adapted by
cyber criminals that allow outsourcing of ransomware to other cyber
criminals who are paid some commission on any extraction of
ransoms.
● Doxware (Extortionware): Criminals using their knowledge to extort
money from the victim by stating that they will expose a variety of
new information if the ransom is not met.

What Are the Effects of Ransomware on Businesses?

Ransomware can have devastating effects on businesses, including:

● Financial Loss: Of course, the actual payment of the ransom has a

cost, but businesses will also face costs on account of downtime,
lost production, and recovery.
● Data Loss: If such backup systems are not well established, then
businesses could lose such information forever.
● Reputation Damage: Consumers may also cease to believe in a
business who has been a victim of ransomware attack thus resulting
to a bad image.
● Legal Liabilities: As for the types of data, some companies may find
themselves sued or fined for the customers’ sensitive data leakage.
● Operational Disruptions: During an attack, business operations are
freezed therefore, projects take longer time to complete, and
business earnings are lost.

History of Ransomware and Famous Ransomware

Attacks
Ransomware has been around for over two decades, evolving in sophistication:
1. The AIDS Trojan (1989): It was one of the oldest ransomware malware
that sought to function by presenting a message that required users to pay
money in order to obtain a code that would unlock the files.

2. CryptoLocker (2013): One popular ransomware that emerged from spam

campaigns, and the more unique way, it demanded money in bitcoins.

3. WannaCry (2017): A coordinated ransomware attack across the world

which targeted more than 230000 computers in more than 150 countries. It
targeted a weakness in the Operating Systems of Microsoft, disrupting
operations of organizations such as the NHS in the United Kingdom.

4. Petya (2016 and 2017): Petya was unique because contrary to what
typical ransomware does, it encrypted all the hard drive files. Its variant,
NotPetya, was even more devastating and much of it is assumed to be state
sponsored.

How to Find Out When Ransomware is Attacking?

Early detection of ransomware attacks is key to minimizing damage:

1. Unusual File Activity: Any new extensions added at the end of the file
names, a huge number of files that do not exist before, or files that are locked
and encrypted, are signs of ransomware at work.

2. Slow System Performance: If applications become unresponsive, or more

specifically, if systems become gradually slower, ransomware may already be
active in the background.

3. Unexpected Ransom Demands: Having a ransom note displayed on your

screen is an obvious indicator and more often than not, you’re way past this
point.

4. Security Alerts: Firewalls or antivirus software or IDS may notify users of

certain activities on the system which may be a pointer to ransomware.
How to Stop a Ransomware Attack?
Preventing ransomware attacks requires proactive measures, including:

1. Regular Backups: Run the backups on a normal basis for important

information to another device, preferably off the network. This makes it
possible to regain the data without having to pay the hackers’ ransom.

2. Security Software: Employ up to date antivirus and anti malware to identify

and prevent ransomware from penetrating into your systems.

3. User Training: Inform work place workers on email phishing scams, links on
sites that seem suspicious to downloading software from unknown sources.

4. Patch Management: Never allow any software or system to be run without

installing necessary security patches and updates.

5. Network Segmentation: Segment networks to limit the spread of

ransomware if one section is compromised.

What is Botnet?
A Botnet is a group of internet-connected devices, such as personal
computers (PCs), servers, mobile devices, and Internet of Things (IoT)
devices, that have been infected and controlled by a common kind of
malware, typically without the owner's knowledge. Each machine controlled by
the bot-herder is referred to as a "bot." From a central point, the attacking
party may instruct every computer on its botnet to carry out a coordinated
illegal operation.

What is a Botnet?
A botnet is a network of hijacked computer devices that are used to conduct
various crimes and cyberattacks. Botnet assembly is often the infiltration step
of a multi-layer strategy. Bots are used to automate large-scale attacks
including data theft, server crashes, and virus spread. To delay their ability to
take advantage of the botnet, hackers usually take every precaution to make
sure the victims are unaware of the infection. To an organization's
cybersecurity Botnets create several threats. If an organization's systems are
detected with malware, they can be recruited into a botnet and used to launch
automated attacks on other systems.

How Botnet Works?

● The purpose of botnets is to enable hackers to launch more powerful
attacks more quickly and efficiently by expanding, automating, and
increasing their size.
● There is a limit to how much one hacker or even a small group of
hackers can do with their devices. However, with no expenditure and
effort, businesses can obtain several pieces of equipment to utilize
for enhanced operational efficiency.
● With the use of remote commands, a bot herder controls a group of
compromised devices. Following the compilation of the bots, a
herder utilizes command programming to direct their further
behaviors. The party taking command duties may have set up the
botnet or be operating it as a rental.
● Any malware-infected user device that has been taken over for
usage in the botnet is referred to as a bot.

What Are Botnets Used For?

● Email spam: Email spam is although is now regarded as an
opportunity for attack, spam botnets are among the greatest in size.
They are generally used to send out massive amounts of spam
communications, which frequently contain malware. The Cutwail
botnet, for example, may transmit up to 74 billion messages each
day. They are also used to disseminate bots and attract new
machines into the botnet.
● Financial breaches: This includes botnets developed expressly for
the direct theft of cash from businesses and credit card information.
Financial botnets, such as the Zeus botnet, have been responsible
for attacks involving millions of dollars taken directly from several
businesses in extremely short periods.
● Targeted incursions: Smaller botnets are meant to target certain
high-value systems within businesses, allowing attackers to enter
into the network. These breaches pose a significant threat to
enterprises because attackers target their most important assets,
such as financial data, research and development, intellectual
property, and consumer information.

How Do Hackers Control a Botnet?

● A single bot server powers centralized models. A version of this
paradigm includes additional servers designated as sub-herders, or
"proxies." In both centralized and proxy-based hierarchies, all
commands originate with the bot herder. Either structure exposes the
bot herder to discovery, making these older approaches less than
optimal.
● Decentralized approaches distribute the instruction duties across all
zombie computers. As long as the bot herder can communicate with
any of the zombie computers, they can transmit the orders to the
others. The peer-to-peer structure makes it much more difficult to
identify the bot herder party. P2P is becoming increasingly popular
due to its evident advantages over earlier centralized solutions.

Types of Botnet Attack

● Distributed Denial-of-Service (DDoS): A distributed denial-of-service
attack is a threatening attack that disrupts regular traffic to a certain
server or network by crushing the target or its surrounding
infrastructure.
● Domains: A compromised device can see websites or domains that
disseminate instructions. The owner of the botnet may occasionally
change the code.
● Phishing strategies: This is pretending to be trustworthy individuals
and organizations to defraud them of important information. Typically,
this comprises a large-scale spam campaign designed to steal user
account information such as banking logins or email passwords.
● Brute force attacks: Brute force attack is a hacking method that uses
tools designed to break into online accounts. Dictionary attacks and
credential stuffing are used to exploit weak user passwords and get
access to private information.

How to Protect Yourself From Botnet

● Keep a close eye on your network for any strange activity. Gaining a
deeper grasp of your normal traffic patterns and how everything
normally performs can make this much more successful.
● Since malware and viruses are always being developed, it is crucial
to keep your entire system updated to fend off botnet attacks.
● Many botnet attacks aim to take advantage of holes in applications or
software, many of which may have been patched or updated with
security upgrades.
● Investing in advanced botnet detection software is the best way to
defend your website and web server against botnet attacks.
● A strong internet security package can help protect your computer
from Trojans and other dangers. Make sure you get a solution that
covers all of your devices, including Android phones and tablets.

Difference between Worms and Virus

Last Updated : 21 Aug, 2024

In a computer, you are going to find two kinds of malicious elements that can
tamper with your computer data, disrupt, damage, or gain unauthorized
access to computer systems.

These two factors are known as the Worms and Viruses. These elements can
harm your computer significantly. However, there are many differences
present in their operation purposes.

What are Worms?

Worms are similar to a virus but it does not modify the program. It replicates
itself more and more to slow down the computer system. Worms can be
controlled by remote. The main objective of worms is to eat the system’s
resources. The WannaCry ransomware worm in 2000 exploits the Windows
Server Message Block (SMBv1) which is a resource-sharing protocol.

What are Viruses?

A Virus is a malicious executable code attached to another executable file
that can be harmless or can modify or delete data. When the computer
program runs attached with a virus it performs some action such as deleting
a file from the computer system. Viruses can’t be controlled by remote. The
ILOVEYOU virus spreads through email attachments.

Difference Between Worms and Viruses

Basis of
Worms Viruses
Comparison

A Worm is a form of A Virus is a malicious

malware that replicates executable code attached
Definition itself and can spread to to another executable file
different computers via a that can be harmless or can
Network. modify or delete data.
The main objective of
worms is to eat the
system’s resources. It
consumes system
The main objective of
resources such as
Objective viruses is to modify the
memory and bandwidth
information.
and makes the system
slow in speed to such an
extent that it stops
responding.

It doesn’t need a host to

It requires a host is needed
Host replicate from one
for spreading.
computer to another.

It is less harmful as
Harmful It is more harmful.
compared.

Worms can be detected Antivirus software is used

Detection and
and removed by the for protection against
Protection
Antivirus and firewall. viruses.
Worms can be controlled Viruses can’t be controlled
Controlled by
by remote. by remote.

Worms are executed via

Viruses are executed via
Execution weaknesses in the
executable files.
system.

Worms generally come

Viruses generally come
from the downloaded
Comes from from shared or
files or through a
downloaded files.
network connection.

1. Hampering computer 1. Pop-up windows linking

performance by slowing to malicious websites
down it
Symptoms
2. Hampering computer
2. Automatic opening performance by slowing
and running of programs down it
3. Sending of emails 3. After booting, starting of
without your knowledge unknown programs.

Boot sector viruses, Direct

Internet worms, Instant
Actionvirusess,
messaging worms, Email
Polymorphicvirusess,
worms, File sharing
Types Macro viruses,
worms, and Internet relay
Overwritevirusess, and File
chat (IRC) worms are
Infector viruses are
different types of worms.
different types of viruses

Examples of worms Examples of viruses

Examples include Morris worm, include Creeper, Blaster,
storm worm, etc. Slammer, etc.

It does not need human It needs human action to

Interface
action to replicate. replicate.
Its spreading speed is
Its spreading speed is
Speed slower as compared to
faster.
worms.

Conclusion
Worms and Viruses are both a threat to the computer system. In between
them, some can harm your computer with high capacity and in some cases, it
can tamper the computer with low capacity. Knowing the difference between
them will help to figure out which malicious element has harmed your device.

Difference Between Worms and Virus – FAQs

In between Worms and Virus, which needs a host to attack a system?

Worms and Viruses have a difference in the field of Host Needs. The Worms
don’t need any association with any host to infect any system. However, the
Virus needs to take the help of any host to complete the process.

Which is more dangerous Worms or Viruses?

In between the Worms and the Virus, it can be said that the Worms are less
dangerous than the virus. Because worms can only be executed through the
weakness in the system.

In between Worms and Viruses, which spreads faster?

In between the Worms and the Virus, the worms can be spread faster than
the virus. As the Worms don’t need any help from the host, they can easily
be spread compared with the Virus.

Phishing Attack

Phishing is a type of cybersecurity attack that attempts to obtain data that are
sensitive like Username, Password, and more. It attacks the user through
mail, text, or direct messages. Now the attachment sends by the attacker is
opened by the user because the user thinks that the email, text, messages
came from a trusted source. It is a type of Social Engineering Attack. For
Example, The user may find some messages like the lottery winner. When the
user clicks on the attachment the malicious code activates that can access
sensitive information details. Or if the user clicks on the link that was sent in
the attachment they may be redirected to a different website that will ask for
the login credentials of the bank.
Types of Phishing Attack :
1. Spear Phishing –
This attack is used to target any specific organization or an individual
for unauthorized access. These types of attacks are not initiated by
any random hacker, but these attacks are initiated by someone who
seeks information related to financial gain or some important
information. Just like the phishing attack spear-phishing also comes
from a trusted source. This type of attack is much successful. It is
considered to be one of the most successful methods as both of the
attacks(that is phishing and spear-phishing) is an online attack on
users.
2. Clone Phishing –
This attack is actually based on copying the email messages that
were sent from a trusted source. Now the hackers alter the
information by adding a link that redirects the user to a malicious or
fake website. Now, this is sent to a large number of users and the
person who initiated it watches who clicks on the attachment that
was sent as a mail. This spreads through the contacts of the user
who has clicked on the attachment.
3. Catphishing –
It is a type of social engineering attack that plays with the emotions
of a person and exploits them to gain money and information. They
target them through dating sites. It is a type of engineering threat.
4. Voice Phishing –
Some attacks require to direct the user through fake websites, but
some attacks do not require a fake website. This type of attack is
sometimes referred to as vishing. Someone who is using the method
of vishing, use modern caller id spoofing to convince the victim that
the call is from a trusted source. They also use IVR to make it difficult
for the legal authorities to trace, block, monitor. It is used to steal
credit card numbers or some confidential data of the user. This type
of phishing can cause more harm.
5. SMS phishing –
These attacks are used to make the user revealing account
information. This attack is also similar to the phishing attack used by
cybercriminals to steal credit card details or sensitive information, by
making it look like it came from a trusted organization.
Cybercriminals use text messages to get personal information by
trying to redirect them to a fake website. This fake website looks like
that it is an original website.

As android phones or smartphones are mostly used by the user,

cybercriminals use this opportunity to perform this type of attack. Because
they don’t have to go through the trouble of breaking firewalls and then
accessing the system of the user to steal data.
Symptoms of the phishing :
● It may request the user to share personal details like the login
credentials related to the bank and more.
● It redirects to a website if the user clicks on the link that was sent in
the email.
● If they are redirected to a website it may want some information
related to the credit card or banking details of the user.

Preventive measures of phishing :

● Do not try to open any suspicious email attachments.
● Do not try to open any link which may seem suspicious.
● Do not try to provide any sensitive information like personal
information or banking information via email, text, or messages.
● Always the user should have an antivirus to make sure the system is
affected by the system or not.
Are you a student in Computer Science or an employed professional looking
to take up the GATE 2025 Exam? Of course, you can get a good score in it
but to get the best score our GATE CS/IT 2025 - Self-Paced Course is
available on GeeksforGeeks to help you with its preparation. Get
comprehensive coverage of all topics of GATE, detailed explanations, and
practice questions for study. Study at your pace. Flexible and easy-to-follow
modules. Do well in GATE to enhance the prospects of your career. Enroll
now and let your journey to success begin!

Zero-day Exploit (Cyber Security Attack)

Last Updated : 09 Sep, 2024

A zero-day exploit is a form of attack whereby the attacker takes advantage

of an undiscovered hole in a software program, a piece of hardware, or
firmware. Nowadays advanced technological progress is embedded in
people’s lives and as a result, cyber security has become one of the biggest
issues in society for individuals, companies, and nations. Small and large
threats are regarded as quite dangerous and elusive in this domain. However,
the most significant threat is the zero-day exploit. A zero-day exploit
therefore means a cyber attack that happens in a system with a newly
discovered loophole in the system’s hardware, software, or firmware.

What is a Zero-Day Exploit?

Zero-day exploit is a type of cyber security attack that occurs on the same
day the software, hardware, or firmware flaw is detected by the
manufacturer. As it’s been zero days since the security flaw was last
exploited, the attack is termed a zero-day exploit or zero-day attack. This
kind of cyber-attack is considered dangerous because the developer has not
had the chance to fix the flaw yet. Zero-day exploits typically target large
organizations, government departments, firmware, hardware devices, IoT,
users having access to valuable business data, etc.

The Zero-Day Lifecycle

The lifecycle of a zero-day exploit involves several critical stages:

● Discovery: A hacker or a researcher discovers a bug in programming

code, in the design of installed products or applications, or in
firmware, which is not known by the installer.
● Exploitation: The attacker finds a way to utilize the weakness before
the vendor comes up with a way of fixing it.
● Attack: The exploit is activated, and depending on the vulnerability,
one may result in leakage of important information, freezing or
destruction of the operating system, or access to restricted areas.
● Disclosure: It becomes discovered or disclosed to the public or the
vendor, normally when the damage has already been made. It has
been done through ethical disclosure by the researchers or through
the fact that the attack has been identified in the first place.
● Patch and Update: In the case of the vendor the individual releases a
patch to counter the vulnerability thus preventing future users from
being exploited.

Why Threat Actors Seek Zero-Day Vulnerabilities

Threat actors, including cybercriminals and state-sponsored hackers, seek
zero-day vulnerabilities for several reasons:

● High Impact: As zero-day vulnerabilities can be wreak havoc before

a patch is released makes them very valuable to attackers.
● Stealth: Since the vulnerability is not recognized by the vendor, the
exploit can be performed unnoticed for the most part, and thus the
objectives of the attackers can be met without hindrance.
● Market Value: One can buy it on the dark web for quite a racket as
these elements offer the attackers a chance to get out of the way of
security barriers.
● Targeted Attacks: Zero-days are utilized in attacks against high
value targets as it is worth the effort including government bodies,
infrastructures, and big firms.

Working of Zero-Day Exploit

A software is developed and released without knowing the fact that it has a
security vulnerability. An attacker identifies or exploits this vulnerability
before the developers identifies or fixes the same. While still the
vulnerability is open and unpatched, exploiting the vulnerability, the hacker
attacks and compromises the software which can lead to data theft,
unauthorized access or crashing of the software itself. After the attacker
attacks the target, the public or developer identifies the attack and tries to
figure out the patch. The developer identifies the fix and releases the update
to safe guard its new user.

Zero-Day Exploit Detection

Probability of detecting zero day exploit is rare or in other words, the attack
leaves no opportunity for detection. But there are a few ways to identify the
existing known vulnerabilities.

1. Signature Based – In this method, the occurrence pattern of known

vulnerability can be detected with the help of pattern matching.
Even though this method cannot detect the malware code used for
zero-day exploit, it is capable of detecting known attacks like SQL
injection that may lead to zero-day vulnerability. While a developer
may not be able to detect zero-day attack, the system firewall may
be able to detect and protect against few known specific attack
types such as XSS , SQL injection, etc.
2. Statistical Techniques – By monitoring the normal activity, this
technique learns the normal behavior of the network. When the
system identifies any deviation from normal profile it will detect a
probability of vulnerability.
3. Behavior Based – The implementation of behavior based detection
typically depends on a ‘honeypot’. A honeypot is a security
mechanism that is developed to detect the presence of hackers or
hacking attempts.
4. Hybrid Techniques – This hybrid technique use the advantage of
statistical, behavioral and traditional signature based defense
mechanism. They are comparatively more effective as the
weaknesses of any single detection technique will not break the
security.

Zero-Day Exploit Prevention

As zero-day exploits cannot be easily discovered, prevention of the zero-day
exploit becomes difficult. There is hardly any ways to protect against
zero-day exploit as we don’t have any idea about its occurrence well in
advance. We can reduce the level of risk opting any of the following
strategies:

● Implementation of IP security protocol ( IPSec).

● Usage of virtual local area networks.
● Deployment of intrusion detection system (IDS) or intrusion
prevention system (IPS).
● Usage of network access control protocols.
● Usage of security schemes such as Wi-Fi Protected Access 2.
● Keeping all systems up to date.
● Performing periodic vulnerability scanning.
Example Cases of Zero-Day Exploits
Zero-day exploit refers to a security vulnerability that is unknown to the
software vendor or the public, allowing attackers to exploit it before it can be
patched. Here are some examples of zero-day exploits:

● Stuxnet: Stuxnet is a well-known example of a zero-day exploit that

was discovered in 2010. It was a sophisticated piece of malware
that was specifically designed to target industrial control systems,
particularly those used in Iranian nuclear facilities. Stuxnet exploited
several zero-day vulnerabilities in Windows and Siemens software
to gain access to the systems and cause physical damage.
● WannaCry: WannaCry is a ransomware attack that was first
discovered in 2017. It spread rapidly across the globe, infecting
hundreds of thousands of computers in over 150 countries. The
attackers exploited a zero-day vulnerability in Microsoft Windows to
infect the systems with the ransomware.
● Pegasus: Pegasus is a spyware developed by the Israeli company
NSO Group. It was used to target the mobile phones of journalists,
activists, and government officials in several countries. The attackers
used a zero-day vulnerability in Apple’s iOS to install the spyware
on the victims’ phones.
● Heartbleed: Heartbleed is a vulnerability in the OpenSSL
cryptographic software library that was discovered in 2014. It
allowed attackers to access sensitive information, including
passwords and encryption keys, from servers running the affected
software. The vulnerability was present in the software for over two
years before it was discovered.
● Dirty COW: Dirty COW is a vulnerability in the Linux operating
system kernel that was discovered in 2016. It allowed attackers to
gain root access to the system by exploiting a race condition in the
copy-on-write (COW) mechanism of the kernel. The vulnerability
affected millions of systems running the Linux operating system.
● Meltdown and Spectre: Meltdown and Spectre are two
vulnerabilities in modern computer processors that were discovered
in 2018. They allow attackers to access sensitive information,
including passwords and encryption keys, from the memory of other
running programs. The vulnerabilities affect almost all modern
computer processors, including those used in smartphones and
cloud servers.

Wireless Application Protocol

Last Updated : 28 Aug, 2023

The Wireless Application Protocol (WAP) is a set of communication protocols

and an application programming model based on the World Wide Web
(WWW). Its hierarchical structure is quite similar to the TCP/IP protocol stack
design.

What is Wireless Application Protocol (WAP)?

WAP stands for Wireless Application Protocol. It is a protocol designed for
micro-browsers and it enables access to the internet in mobile devices. It uses
the markup language WML (Wireless Markup Language and not HTML), WML
is defined as an XML 1.0 application. It enables the creation of web
applications for mobile devices. In 1998,
WAP Forum was founded by Ericson, Motorola, Nokia and Unwired Planet
whose aim was to standardize the various wireless technologies via protocols.
WAP protocol resulted from the joint efforts of the various members of WAP
Forum. In 2002, WAP forum was merged with various other forums in the
industry resulting in the formation of
Open Mobile Alliance (OMA)
WAP Model
The user opens the mini-browser in a mobile device. He selects a website that
he wants to view. The mobile device sends the URL encoded request via
network to a WAP gateway using WAP protocol.

The WAP gateway translates this WAP request into a conventional HTTP URL
request and sends it over the internet. The request reaches to a specified web
server and it processes the request just as it would have processed any other
request and sends the response back to the mobile device through WAP
gateway in WML file which can be seen in the micro-browser.

WAP Protocol stack

1. Application Layer: This layer contains the Wireless Application

Environment (WAE). It contains mobile device specifications and
content development programming languages like WML.
2. Session Layer: This layer contains Wireless Session Protocol (WSP).
It provides fast connection suspension and reconnection.
3. Transaction Layer: This layer contains Wireless Transaction Protocol
(WTP). It runs on top of UDP (User Datagram Protocol) and is a part
of TCP/IP and offers transaction support.
4. Security Layer: This layer contains Wireless Transport Layer Security
(WTLS). It offers data integrity, privacy and authentication.
5. Transport Layer: This layer contains Wireless Datagram Protocol. It
presents consistent data format to higher layers of WAP protocol
stack.
Why Use WAP?
The following advantages for wireless network operators, content producers,
and end users were put out by WAP when it was first introduced in 1999:
Operators of wireless networks and mobile phones: WAP was created with the
intention of enhancing already-existing wireless data services, such as
voicemail, and facilitating the creation of new mobile applications. Without
making any further infrastructure adjustments or phone modifications, these
applications might be created.
Content Provider: For third-party application developers, WAP opened up a
market for extra applications and mobile phone features. It was suggested
that developers use the WML programming language to write applications for
mobile devices.
End users: Access to online services like banking, entertainment, messaging,
and other information on mobile devices should be simple and safe for users
of mobile phones. WAP could also permit access.

Advantages of Wireless Application Protocol

The benefits of Wireless Application Protocol, or WAP, are listed below:
● WAP is a rapidly evolving technology.
● Wireless Application Protocol is an open source that is totally free of
cost.
● WAP can be used over multiple platforms.
● Neither it nor network standards are affected.
● Higher controlling possibilities are offered.
● It follows a model that is similar to the Internet.
● You can send and receive real-time data with WAP.
● WAP is supported by the majority of current mobile phones and
devices.

Disadvantages of Wireless Application Protocol

The following is a list of various Wireless Application Protocol, or WAP,
drawbacks:
● WAP connection speed is slow and number of connections are less.
● At some places it is very difficult to access the Internet, and also at
some places it is totally impossible.
● Less secure.
● WAP provides a small User interface (UI).

Wireless Application Protocol – FAQs

1. Why do we need WAP?

Internet access was only accessible from your computer until the release of
the first WAP devices. With WAP, you may now use your mobile phone to use
the Internet to interact with other people. large global communication and data
sharing are therefore expanded.

2. What is a Micro WAP Browser?

There is a WAP browser available as well, just like your personal internet
browser. Micro WAP Browser is the name of the browser used to access
websites using a WAP device. What makes it unique is that it uses less
hardware, memory, and CPU resources and presents the data in WML, a
constrained mark-up language.

3. What is WAP 2.0?

WAP 2.0, which was introduced in 2002, is only a combination of end-to-end

HTTP and XHTML. The gateway and custom protocol suite that were used to
communicate with have been removed.

How do I enable and disable my firewall?

Turning off the Windows firewall

● Select Start > Control Panel > System and Security > Windows Firewall.
...
● Select Turn Windows Firewall on or off. ...
● Select Turn off Windows Firewall (not recommended) for both Home or
work (private) network location settings and Public network location
settings, and then click OK.

Turning off the Windows firewall

1. Select Start > Control Panel > System and Security > Windows Firewall.
The Windows Firewall page opens, as shown in Figure 7.
Figure 7: Windows Firewall page

2. Select Turn Windows Firewall on or off.

The Customize Settings page opens, as shown in Figure 8.
Figure 8: Customize Settings page

3. Select Turn off Windows Firewall (not recommended) for both Home or work (private)
network location settings and Public network location settings, and then click OK.
Figure 9: Disabling the Windows firewall
What is Data Leakage?

In the realm of data science and machine learning, "data leakage" is a term
that denotes a critical problem that can severely impact the performance and
credibility of predictive models. Despite its significance, data leakage is often
misunderstood or overlooked, leading to erroneous conclusions and
unreliable outcomes.

What is Data Leakage?

This article delves into what data leakage is, explores its causes and
consequences, and guides how to prevent it.

Table of Content
● What is Data Leakage?
● Types of Data Leakage
● Causes of Data Leakage
● Consequences of Data Leakage
● How to Detect Data Leakage ?
● How to prevent Data Leakage?

What is Data Leakage?

Data Leakage occurs when information from outside the training dataset is
inadvertently used to create the model. This can lead to overly optimistic
performance metrics during model validation, as the model has had access to
information it wouldn't have in a real-world scenario. Essentially, data
leakage means that your model is learning from data it shouldn’t have access
to during training, which can cause it to perform exceptionally well during
testing but fail in practical applications.

Types of Data Leakage

Malicious Insiders

● Description: Individuals within an organization (such as employees,

contractors, or business partners) who have legitimate access to the
organization’s systems but misuse this access to intentionally harm
the organization.
● Examples:
○ Stealing sensitive company data and selling it to
competitors.
○ Disrupting operations by deleting critical data or
sabotaging systems.
○ Installing malware or exfiltrating data to cause
damage or benefit from the breach.
Physical Exposure

● Description: The risk that sensitive data or systems are exposed due
to physical vulnerabilities. This could happen when physical
safeguards like locks, security cameras, or access controls fail,
allowing unauthorized individuals to access critical assets.
● Examples:
○ Unauthorized access to a data center or server room.
○ Loss or theft of hardware devices containing
sensitive data, such as laptops, USB drives, or mobile
phones.
○ Physical tampering with systems or network
hardware to gain access or compromise security.

Electornic Communiucation

● Description: Refers to the exposure of sensitive data through

electronic mediums like email, messaging apps, or social media.
Malicious actors may exploit electronic communications to steal
information or distribute malware.
● Examples:
○ Phishing emails that trick users into revealing
sensitive information or login credentials.
○ Sharing confidential data over unencrypted or
insecure messaging platforms.
○ Sending sensitive files as email attachments without
proper encryption, making them vulnerable to
interception.

Acidental Leakage
● Description: Occurs when sensitive data is unintentionally exposed
or shared due to human error or system misconfigurations. Although
the intent isn’t malicious, accidental leakage can lead to severe data
breaches.
● Examples:
○ Misplacing confidential documents or sending
sensitive emails to the wrong recipient.
○ Sharing internal files or data publicly without
realizing it.
○ Accidentally uploading sensitive data to unsecured
cloud storage or shared drives.

Causes of Data Leakage

● Inadvertent Data Inclusion: This happens when features that would
not be available in real-time are included in the training data. For
example, if a model predicting credit default includes a feature like
"loan default date," it might perform well during training but poorly
in real-world scenarios where this information isn’t available.
● Temporal Leakage: This occurs when data from the future is used in
training, causing the model to have access to future information that
it wouldn’t normally have. This is particularly problematic in
time-series forecasting, where the order of data matters.
● Data Preparation Mistakes: Errors in data preparation, such as not
properly separating training and testing datasets, can lead to
leakage. For instance, if preprocessing steps are applied to the entire
dataset before splitting it, information from the test set might leak
into the training process.
● Feature Engineering Issues: When features are engineered based on
the entire dataset rather than just the training set, information from
the test set can inadvertently influence the training process.
● Data Aggregation: Aggregating data from multiple sources can lead
to leakage if future data or information from the test set is
inadvertently included.

Consequences of Data Leakage

● Overfitting: Models trained with leaked data may perform
exceptionally well on the test set but fail in real-world scenarios
because they have been exposed to information that would not be
available in practice.
● Misleading Metrics: Performance metrics such as accuracy, precision,
and recall can be misleading if data leakage is present, leading to an
overestimation of the model’s true effectiveness.
● Poor Generalization: A model suffering from data leakage often fails
to generalize well to new, unseen data, as it has been trained on
data that doesn’t accurately represent the real-world situation.
● Reduced Trust: When data leakage is discovered, it can erode trust
in the model and the data science process, potentially leading to a
loss of credibility and reliability.

How to Detect Data Leakage ?

Detecting data leakage can be tricky, but there are several techniques to
catch it:

● Feature importance analysis: If a particular feature seems overly

predictive, check whether it contains future information.
● Cross-validation: A well-conducted cross-validation with proper
data partitioning can reveal performance inconsistencies that
suggest data leakage.
● Manual feature inspection: Examine features and their relationship
with the target variable to see if any future information has been
included.

How to prevent Data Leakage?

● Proper Data Splitting: Ensure that the data is properly split into
training, validation, and test sets before any preprocessing or
feature engineering is performed. This helps prevent information
from the test set from influencing the model.
● Temporal Separation: For time-series data, maintain the
chronological order of events. Ensure that future data does not
inadvertently impact the training process by strictly separating
training data from future observations.
● Feature Selection: Carefully select features based on their relevance
and ensure that they do not contain information from the target
variable or the test set. Perform feature engineering and selection
using only the training data.
● Cross-Validation: Use techniques like cross-validation to assess
model performance. This helps in ensuring that the model is
validated on data it hasn’t seen during training.
● Data Preparation Protocols: Follow rigorous data preparation
protocols, ensuring that any data transformations are done within
the training set before applying to the test set.
● Regular Audits: Regularly audit data pipelines and model
development processes to identify potential sources of leakage and
correct them proactively.
Conclusion
Data leakage is a critical issue that can compromise the validity of machine
learning models and predictive analytics. By understanding its causes and
implementing robust prevention strategies, data scientists and analysts can
build more reliable and accurate models. Addressing data leakage requires
diligence in data handling and a thorough approach to model development,
but the effort pays off by ensuring that models perform well in real-world
scenarios and maintain their credibility.

Are you passionate about data and looking to make one giant leap into your
career? Our Data Science Course will help you change your game and, most
importantly, allow students, professionals, and working adults to tide over
into the data science immersion. Master state-of-the-art methodologies,
powerful tools, and industry best practices, hands-on projects, and
real-world applications. Become the executive head of industries related to
Data Analysis, Mac

Data Loss vs. Data Leaks: What's the

Difference?

Edward Kost

updated Sep 09, 2024

Download the PDF guide
Free trial
Contents

What is a Data Breach?

What is Data Loss?

What is a Data Leak?

What is Data Loss Prevention (DLP)?

What's the Difference Between Data Leaks and Data Breaches?

What Causes Data Leaks?

How to Prevent Data Leaks

How to Prevent Data Breaches

Strategies for Data Loss Prevention (DLP)

Data loss refers to the unwanted removal of sensitive information either due to an
information system error, or theft by cybercriminals. Data leaks are unauthorized
exposures of sensitive information through vulnerabilities on the digital landscape.

Data leaks are more complex to detect and remediate, they usually occur at the
interface of critical systems, both internally and throughout the vendor network.

In cybersecurity, the terms data leak, data breach, and data loss are often incorrectly
used interchangeably. Though their definitions slightly overlap, these terms refer to very
different events.

Before Data Loss Prevention (DLP) and data leak remediation solutions can be
discussed, this confusion should be cleared up with the correct definitions.
Whitepaper: Data Leak Detection

Know the difference between traditional and superior Digital Risk Protection Services.

Download Now

What is a Data Breach?

A data breach occurs when sensitive information is accessed by an unauthorized party
or stolen by cybercriminals.

Data breaches are, unfortunately, common occurrences that are also burdensome on
the economy. The global cost of data breaches in 2021 is expected to reach $6 trillion
annually. This amount has doubled from $3 trillion back in 2015.

What is Data Loss?

Data loss includes incidents where sensitive data is misplaced and cannot be retrieved
as well as instances of theft through cyberattacks or insider threats (a type of cyber
threat).

Because the latter description overlaps with the data breach definition, the difference
between these terms is usually misunderstood.

The average downtime cost during a data loss incident is almost $4,500/minute.
Whitepaper: Data Leak Detection

Know the difference between traditional and superior Digital Risk Protection Services.

Download Now

What is a Data Leak?

A data leak is the unintentional exposure of sensitive information either at rest or in
transit. This could occur on the internet or on physical devices such as hard drives and
laptops.

When sensitive data is stolen from either a data breach or a ransomware attack and
published on the dark web, these events are also classified as data leaks.

What is Data Loss Prevention (DLP)?

Data loss prevention (DLP) is a set of strategies that prevent sensitive data from being
transmitted beyond a set boundary limit. This effort can be achieved with data loss
prevention software or a security framework to control the flow of sensitive data
between end-users and internal resources.

Data loss prevention is not just a security best practice, because it concerns the
Personal Identifiable Information (PHI) of customers, it's enforced by different regulatory
standards such as HIPAA, PCI-DSS, the Data Protection Act, GDPR, and even the new
cybersecurity executive order signed by President Biden.
What's the Difference Between Data Leaks and Data
Breaches?
Data leaks are usually caused by organizations accidentally exposing sensitive data
through security vulnerabilities, Such incidents are not initiated by cyberattackers.

Data breaches, on the other hand, are usually the result of a cybercriminal's persistence
to compromise sensitive resources.

Data leaks could develop into data breaches. If a data leak is discovered by cyber
criminals it could provide them with the necessary intelligence to execute a successful
data breach.

This is why it's so important to shut data leaks down immediately.

Another differentiator between these two events is the confidence of public exposure.
When sensitive data is stolen in a data breach, it's usually dumped on the dark web
which is clear evidence that it has reached the masses.

Data leaks, on the other hand, can remain exposed for a long period of time without
knowing who accessed it and whether it was disclosed to the public.

UpGuard offers customers the support of expert analysts that constantly monitor the
dark web for data leak instances, removing anxiety over possible sensitive data
exposure on criminal forums.

What Causes Data Leaks?

The vast number of instances that could result in data leakage can be split into two
primary categories - overlooked vulnerabilities and human elements.

1. Overlooked Vulnerabilities

Data leaks most commonly occur accidentally, outside the monitoring boundaries of
typical information security programs.
These could be:

● Unpatched exposures
● Weak security policies
● Poorly configured firewalls
● Open-source vulnerabilities
● Poor vendor security postures as determing through a Third-Party Risk
Management program.

2. Human Elements

Humans are the weakest points of every cybersecurity architecture. With the correct
approach, any staff member can be tricked into leaking sensitive credentials to
cybercriminals,

This is usually achieved through phishing attacks, where a seemingly innocent email or
website infected with malicious links is presented to a victim. Upon interacting with
these links, staff members leak sensitive internal login information that could arm
cybercriminals for a devastating data breach.

Even if just an internal username is leaked to cybercriminals, this could still lead to a
data breach if supplemented with password guessing tactics like brute force tactics.

Data leaks are also caused by negligent behavior such as using weak passwords and
storing them in unsecure locations like a post-it note, on a mobile device, or a
public-facing online document.

3. Stolen Data Published on the Dark Web

When sensitive data is stolen from either a data breach or a ransomware attack and
published on the dark web, these events are also classified as data leaks.

How to Prevent Data Leaks

To prevent data leaks, solutions need to be tailored for each primary data leak category
- human elements and overlooked exposures.
How to Prevent Data Leaks Caused by Human Elements

To prevent staff from undermining security program investments, cyber that awareness
training should be implemented in the workplace to teach staff how to recognize
common cybercriminal tactics.

Each of the following common attack methods links to a post that can be used for
cybercrime awareness training:

● Phishing attacks
● Social Engineering Attacks
● DDoS attacks
● Ransomware attacks
● Malware attacks
● Clickjacking attacks

Intentional data leaks caused by insider threats are difficult to detect. To do this with a
high confidence of accuracy, behavioral analytics software powered by machine
learning is required. Such solutions detect potentially malicious activity against an
established baseline of safe behavior.

A more cost-effect approach is to only share sensitive information with those that
absolutely require it. This security framework is known as Privileged Access
Management (PAM).

How to Prevent Data Leaks Caused by Overlooked Vulnerabilities

To prevent such common data leaks, organizations should implement monitoring

solutions capable of securing the entire attack surface, both internal and external. This
will allow vulnerabilities that could leak sensitive data to be promptly detected and
remediated.

Monitoring solutions should, at the very least, track activity across sensitive networks
such as systems of records, data banks, privileged access accounts, and key
applications.
For the most comprehensive data leak security, this effort should be coupled with an
additional level of defense that detects and shuts down data leaks caused by digital
transformation.

Learn more about data leakage prevention.

How to Prevent Data Breaches

Data breaches can be prevented through the rapid detection and remediation of security
vulnerabilities exposing sensitive resources -both directly within the internal network,
and indirectly throughout the vendor network.

Intrusion detection solutions, such as Honeytokens can also be implemented to alert

unauthorized sensitive data access attempts. If coupled with a potent Incident
Response Plan (IRP), this effort could prevent data breach, data loss, and data leaks.

A cause of data breaches that isn't well known is overlooked software backdoors.
Backdoor access permits software providers to bypass security measures to push
necessary patch updates to end-users. This also allows instant remote access for
troubleshooting.

Sometimes these backdoors are accidentally left open by software providers, which
provides cybercriminals a gateway to instantly access sensitive resources without
having to contend with security barriers.

To prevent cybercriminals from nullifying your cybersecurity efforts all software

backdoors should be discovered and removed.

Learn how to detected and remove backdoors.

Strategies for Data Loss Prevention (DLP)

The most effective Data Loss Prevention methods address all modes of sensitive data
in servers and cloud storage - both at rest and in motion.
Updated antivirus software and correctly configured firewalls are basic expectations.
Beyond this, a DLP framework should be implemented.

The essential features of an effective DLP framework are listed below:

● Data Leak detection - Detected data leaks could indicate possible flaws in DLP
strategies.
● Endpoint Security - This is especially important in light of the proliferation of
remote work. Sophisticated endpoint agents can detect and control information
transfer between end-users, external parties and internal networks. Consider an
Endpoint Detection and Response (EDR) solution.
● Data Encryption - Both at motion and in rest
● Privileged Access Management (PAM) - Only end-users that absolutely require
access to sensitive resources should be given access to them. Privileged Access
control efforts should also be secured to prevent Privilege Escalation.

Prevent Data Leaks, Data Breaches, and Data Loss with UpGuard

UpGuard helps prevent data leaks, data breaches, and data losses with its two core
products: BreachSight and Vendor Risk. Manage attack surfaces, third-party risk, and
gain stronger visibility into your company's biggests risk and vulnerabilities using
UpGuard's award winning, industry-leading platform.

Brute Force Attack

A Brute force attack is a well known breaking technique, by certain records,
brute force attacks represented five percent of affirmed security ruptures. A
brute force attack includes ‘speculating’ username and passwords to increase
unapproved access to a framework. Brute force is a straightforward attack
strategy and has a high achievement rate.

A few attackers use applications and contents as brute force devices. These
instruments evaluate various secret word mixes to sidestep confirmation
forms. In different cases, attackers attempt to get to web applications via
scanning for the correct session ID. Attacker inspiration may incorporate
taking data, contaminating destinations with malware, or disturbing help.
While a few attackers still perform brute force attacks physically, today
practically all brute force attacks are performed by bots. Attackers have
arrangements of usually utilized accreditations, or genuine client
qualifications, got through security breaks or the dull web. Bots deliberately
attack sites and attempt these arrangements of accreditations, and advise the
attacker when they obtain entrance.

Types of Brute Force Attacks:

1. Dictionary attacks – surmises usernames or passwords utilizing a

dictionary of potential strings or phrases.
2. Rainbow table attacks – a rainbow table is a precomputed table for
turning around cryptographic hash capacities. It very well may be
utilized to figure a capacity up to a specific length comprising of a
constrained arrangement of characters.
3. Reverse brute force attack – utilizes a typical password or
assortment of passwords against numerous conceivable usernames.
Focuses on a network of clients for which the attackers have
recently acquired information.
4. Hybrid brute force attacks – begins from outer rationale to figure out
which password variety might be destined to succeed, and
afterward proceeds with the simple way to deal with attempt
numerous potential varieties.
5. Simple brute force attack – utilizes an efficient way to deal with
‘surmise’ that doesn’t depend on outside rationale.
6. Credential stuffing – utilizes beforehand known password-username
sets, attempting them against numerous sites. Adventures the way
that numerous clients have the equivalent username and password
across various frameworks.

How to Prevent Brute Force Password Hacking ?

To protect your organization from brute force password hacking, enforce the
use of strong passwords.
Passwords should:

● Never use information that can be found online (like names of family
members).
● Have as many characters as possible.
● Combine letters, numbers, and symbols.
● Avoid common patterns.
● Be different for each user account.
● Change your password periodically
● Use strong and long password
● Use multifactor authentication

TCP 3-Way Handshake Process

The TCP 3-Way Handshake is a fundamental process that establishes a

reliable connection between two devices over a TCP/IP network. It involves
three steps: SYN (Synchronize), SYN-ACK (Synchronize-Acknowledge), and
ACK (Acknowledge). During the handshake, the client and server exchange
initial sequence numbers and confirm the connection establishment. In this
article, we will discuss the TCP 3-Way Handshake Process.

What is the TCP 3-Way Handshake?

The TCP 3-Way Handshake is a fundamental process used in the
Transmission Control Protocol (TCP) to establish a reliable connection
between a client and a server before data transmission begins. This
handshake ensures that both parties are synchronized and ready for
communication.

TCP Segment Structure

A TCP segment consists of data bytes to be sent and a header that is added
to the data by TCP as shown:

The header of a TCP segment can range from 20-60 bytes. 40 bytes are for
options. If there are no options, a header is 20 bytes else it can be of upmost
60 bytes. Header fields:
● Source Port Address: A 16-bit field that holds the port address of
the application that is sending the data segment.
● Destination Port Address: A 16-bit field that holds the port address
of the application in the host that is receiving the data segment.
● Sequence Number: A 32-bit field that holds the sequence number ,
i.e, the byte number of the first byte that is sent in that particular
segment. It is used to reassemble the message at the receiving end
of the segments that are received out of order.
● Acknowledgement Number: A 32-bit field that holds the
acknowledgement number, i.e, the byte number that the receiver
expects to receive next. It is an acknowledgement for the previous
bytes being received successfully.
● Header Length (HLEN): This is a 4-bit field that indicates the length
of the TCP header by a number of 4-byte words in the header, i.e if
the header is 20 bytes(min length of TCP header ), then this field
will hold 5 (because 5 x 4 = 20) and the maximum length: 60 bytes,
then it’ll hold the value 15(because 15 x 4 = 60). Hence, the value of
this field is always between 5 and 15.
● Control flags: These are 6 1-bit control bits that control connection
establishment, connection termination, connection abortion, flow
control, mode of transfer etc. Their function is:
○ URG: Urgent pointer is valid
○ ACK: Acknowledgement number is valid( used in
case of cumulative acknowledgement)
○ PSH: Request for push
○ RST: Reset the connection
○ SYN: Synchronize sequence numbers
○ FIN: Terminate the connection
● Window size: This field tells the window size of the sending TCP in
bytes.
● Checksum: This field holds the checksum for error control . It is
mandatory in TCP as opposed to UDP.
● Urgent pointer: This field (valid only if the URG control flag is set) is
used to point to data that is urgently required that needs to reach
the receiving process at the earliest. The value of this field is added
to the sequence number to get the byte number of the last urgent
byte.

To master concepts like the TCP 3-Way Handshake and other critical
networking principles, consider enrolling in the GATE CS Self-Paced course .
This course offers a thorough understanding of key topics essential for GATE
preparation and a successful career in computer science. Get the knowledge
and skills you need with expert-led instruction.

TCP 3-way Handshake Process

The process of communication between devices over the internet happens
according to the current TCP/IP suite model(stripped-out version of OSI
reference model). The Application layer is a top pile of a stack of TCP/IP
models from where network-referenced applications like web browsers on
the client side establish a connection with the server. From the application
layer, the information is transferred to the transport layer where our topic
comes into the picture. The two important protocols of this layer are – TCP,
and UDP(User Datagram Protocol) out of which TCP is prevalent(since it
provides reliability for the connection established). However, you can find an
application of UDP in querying the DNS server to get the binary equivalent of
the Domain Name used for the website.
TCP provides reliable communication with something called Positive
Acknowledgement with Re-transmission(PAR) . The Protocol Data Unit(PDU)
of the transport layer is called a segment. Now a device using PAR resend
the data unit until it receives an acknowledgement. If the data unit received
at the receiver’s end is damaged(It checks the data with checksum
functionality of the transport layer that is used for Error Detection ), the
receiver discards the segment. So the sender has to resend the data unit for
which positive acknowledgement is not received. You can realize from the
above mechanism that three segments are exchanged between
sender(client) and receiver(server) for a reliable TCP connection to get
established. Let us delve into how this mechanism works
● Step 1 (SYN): In the first step, the client wants to establish a
connection with a server, so it sends a segment with
SYN(Synchronize Sequence Number) which informs the server that
the client is likely to start communication and with what sequence
number it starts segments with
● Step 2 (SYN + ACK): Server responds to the client request with
SYN-ACK signal bits set. Acknowledgement(ACK) signifies the
response of the segment it received and SYN signifies with what
sequence number it is likely to start the segments with
● Step 3 (ACK): In the final part client acknowledges the response of
the server and they both establish a reliable connection with which
they will start the actual data transfer

Question For Practice

Question: Consider a TCP client and a TCP server running on two different
machines. After completing the data transfer, the TCP client calls close to
terminate the connection and a FIN segment is sent to the TCP server.
Server-side TCP responds by sending an ACK which is received by the
client-side TCP. As per the TCP connection state diagram(RFC 793), in which
state does the client-side TCP connection wait for the FIN from the
server-side TCP? [GATE-CS-2017 (Set 1)]
(A) LAST-ACK
(B) TIME-WAIT
(C) FIN-WAIT-1
(D) FIN-WAIT-2

Explanation : (D) For detail solution visit the article. GATE PYQs

Conclusion
The TCP 3-Way Handshake is a critical mechanism for establishing a secure
connection between a client and a server over a TCP/IP network. It consists of
three important steps: the client initiates the connection by sending an SYN
packet, the server responds with a SYN-ACK message to acknowledge the
client’s request and synchronize sequence numbers, and the client sends an
ACK packet to complete the connection. This handshake ensures that both
sides are in sync and prepared for dependable data transmission, making it
an essential mechanism for stable and secure communication in TCP/IP
networks.
Frequently Asked Questions on TCP 3-Way Handshake
Process – FAQs

What is the purpose of the SYN flag in the TCP three-way handshake?

The SYN (Synchronize Sequence Number) flag is used in the initial step of
the handshake. It informs the server that the client wants to establish a
connection and specifies the sequence number for subsequent segments .

Why is a three-way handshake necessary in TCP/IP networks?

The three-way handshake ensures reliable communication by establishing a

connection between the client and server. It confirms that both parties are
ready for data transfer and synchronizes their sequence numbers.
How does the TCP three-way handshake affect network security?

The handshake helps prevent unauthorized connections. Without it,

malicious actors could potentially establish connections without proper
synchronization

What is Penetration Testing (Pen Testing)?

Last Updated: 23 Aug, 2024

C
content79qw

Penetration testing, or pen testing, is like hiring a friendly hacker to find and fix
security weaknesses in your computer systems before real attackers do.
Penetration Testing is a crucial cybersecurity practice aimed at identifying and
addressing vulnerabilities within an organization's systems and networks. . If
you're curious about how companies keep their digital information safe from
hackers, you've come to the right place. Penetration testing, often called "pen
testing" or "ethical hacking," is a method used to find weaknesses in a
computer system, network, or web application.
By simulating real-world cyberattacks, pen testing helps organizations
uncover security weaknesses before malicious actors can exploit them. This
proactive approach not only enhances the overall security posture but also
ensures compliance with industry regulations and standards. safeguarding
sensitive data and maintaining robust cybersecurity defenses.
The goal is to discover these vulnerabilities before the bad guys do, so they
can be fixed to prevent any unauthorized access or data breaches. This
process is essential for protecting sensitive data and ensuring a secure online
environment.
In this article, we will explore the different types of penetration testing,
including white box, black box, and gray box testing, and highlight their
importance in

Table of Content
● What is Penetration Testing?
● Types of Penetration Testing
● 1. Black Box Testing
● 2. White Box Testing
● 3. Gray Box Testing
● Stages of Pen Testing
● Pen testing is divided into 6 of the following stages:
● How to perform Penetration Testing?
● Significance of Penetration Testing
● 1. Risk Mitigation
● 2. Regulatory Compliance
● 3. Enhanced Incident Response
● Challenges in Penetration Testing
● 1. Scope Limitations
● 2. False Positives and Negatives
● 3. Ethical Dilemmas
● Penetration Testing: Evolving Trends
● 1. Automated Testing
● 2. Cloud Security Testing
● 3. Continuous Testing

What is Penetration Testing?

Penetration testing sometimes referred to as a "pen testing," uses simulated
cyberattacks to evaluate a system's security and find weaknesses. Experts in
ethical hacking and penetration testers use hacking instruments and methods
to find and responsibly fix security flaws. Pen testers are employed by
organizations to mimic attacks on their networks, assets, and applications.
Penetration Testing
This helps security teams find important security flaws and improve overall
security protocols. Although the terms "penetration testing" and "ethical
hacking" are sometimes used synonymously, ethical hacking is a more
comprehensive area of cybersecurity. It entails using hacking abilities for a
variety of objectives, such as enhancing network security and offering
services like risk assessment and malware analysis.
For complete understanding, check: Penetration Testing – Software
Engineering

Types of Penetration Testing

Penetration testing comes in many forms, each supplying unique data on
security flaws. Some of the most common types of penetration testing include:
● Black Box testing
● White box testing
● Graybox testing
Types of penetration testing
1. Black Box Testing
Black Box Testing requires testers to emulate the perspective of external
attackers with limited prior knowledge of the target system. By navigating
through minimal information, testers simulate real-world scenarios, uncovering
vulnerabilities that external threats may exploit.
Key Features:
● No prior knowledge of the system
● Simulates an external attack
● Focuses on finding vulnerabilities in exposed areas

Advantages:
● Identifies a wide range of vulnerabilities
● Provides a detailed understanding of the system
● Effective in finding complex vulnerabilities

Disadvantages:
● Time-consuming and resource-intensive
● Requires extensive knowledge and expertise

2. White Box Testing

White Box Testing offers testers complete access to the source code and
architecture of the system, allowing for an in-depth look. This makes it
possible to thoroughly examine internal structures and reveal potential
weaknesses that might not be visible from the outside.
Key Features:
● Complete access to system details
● Simulates an insider attack
● Thorough and in-depth testing

Advantages:
● Mimics real-world attack conditions
● Quick and cost-effective
● Useful for assessing external threats

Disadvantages:
● May miss internal vulnerabilities
● Less comprehensive compared to black box testing
● Relies heavily on the tester’s skill and experience

3. Gray Box Testing

Gray Box Testing strikes a balance between the two extremes. Testers have
partial knowledge of the system, simulating the access levels that a potential
attacker with some insider information like certain parts of the internal
structure or user credentials, might possess. This approach provides a
realistic assessment of security controls and vulnerabilities.
Key Features:
● Partial knowledge of the system
● Simulates an attack by a user with limited access
● Balanced approach between white box and black box testing

Advantages:
● Provides a realistic assessment of both internal and external threats
● More efficient than white box testing
● Identifies a wider range of vulnerabilities compared to black box
testing

Disadvantages:
● May still miss some internal or deeply embedded vulnerabilities
● Requires coordination to determine the appropriate level of access
for the tester

Testers have no prior knowledge of the system, simulating a

Black Box
real-world scenario where attackers have limited
Testing
information.

Testers have full knowledge of the system's architecture and

White Box
source code, allowing for a comprehensive evaluation of
Testing
internal structures and potential vulnerabilities.
Gray Box Testers have some knowledge of the system, striking a
Testing stability between the black box and white box approaches.

Difference between Black Box Vs White Vs Grey Box Testing

Stages of Pen Testing

Stages of Penetration Testing

Pen testing is divided into 6 of the following stages:
Reconnaissance and Planning: Testers gather information about the
target system from various sources like public and private data. They
look for vulnerabilities such as network components, open ports, and
operating system details.
Scanning: Testers use scanning tools to further explore the system and
find weaknesses. They look for vulnerabilities using tools like port
scanners and vulnerability scanners.
Obtaining Entry: Testers exploit vulnerabilities found in the previous
stages to connect with the target. They may use attacks like
denial-of-service (DoS), SQL injections, and cross-site scripting to
expose weaknesses.
Maintaining Access: Testers stay connected to the target system for as
long as possible, imitating an advanced persistent threat. They continue
exploiting vulnerabilities to steal data and cause damage.
Analysis: Testers analyze the results and create a report detailing the
exploited vulnerabilities, accessed data, and time connected to the
target.
Cleanup and Remediation: Testers remove all traces of their activities,
and organizations start fixing any security issues found during testing.
Also Check: Reconnaissance, Scanning.

How to perform Penetration Testing?

Penetration testing, or pen testing, is unique among cybersecurity methods
because it can be customized to fit any industry or organization. It adapts to
the organization's setup and preferences, using specific hacking techniques
and tools chosen by its IT team. This adaptable process follows six steps:
● Preparation: Organizations decide which vulnerabilities to assess,
dedicating resources to examine the system for possible
weaknesses. This step varies in complexity depending on whether a
previous audit has been done.
● Attack Plan: Before hiring ethical hackers, the IT department designs
a list of cyber attacks to be used in the test. They also define the
level of access the testers will have.
● Team Selection: The success of the test depends on the quality of
the testers. Ethical hackers are chosen based on their expertise, with
specialists assigned tasks according to their skills.
● Data Selection: Testers decide what kind of data they will attempt to
steal during the test. This choice influences the tools and techniques
used.
● Testing: Testers use various tools and techniques, such as Kali Linux
and Metasploit, to perform the test and identify vulnerabilities.
● Reporting: The results are documented in detail so that the
organization can incorporate the findings into their security protocols.
Reporting is a crucial step in the process.
Significance of Penetration Testing
Penetration testing plays a pivotal role in the realm of cybersecurity, serving
as a proactive and strategic approach to risk management. Its significance
can be delineated through several key aspects:
1. Risk Mitigation
Penetration testing is key in reducing risk. It helps find and fix weaknesses
earlier. Simulated cyberattacks give companies a look into the potential
system, network, and application issues. Risk Mitigation allows for focused
security steps, decreasing the chances of data leaks, money loss, and harm
to reputation.
● Proactive Defense Mechanism

An all-inclusive penetration testing system acts as a proactive guard.

Instead of responding to cyber threats post-incident, organizations can boost
their defenses based on test results. This strategy helps them stay ahead of
cyber enemies, adjusting and enhancing their security stance ready for
upcoming threats.
● Identifying Unknown Vulnerabilities

Penetration testing surpasses regular security procedures by uncovering

unknown risks. Automated tools and routine security checks may overlook
certain aspects, but the simulated nature of penetration testing allows testers
to think like attackers, identifying potential loopholes and vulnerabilities that
might not be apparent through conventional security assessments.
2. Regulatory Compliance
In numerous fields, sticking to serious data security rules is more than a great
idea. It's the law. Penetration testing supports firms to follow these rules. This
ensures that data security efforts aren't merely present.
They are strong and efficient. Regular tests show a firm's commitment to
keeping its info safe. It's about more than just meeting standards; it's about
surpassing them.
● Demonstrating Commitment to Security
Penetration testing is not just a to-do item. It shows a firm is set on keeping
a safe space. It tells regulators, customers, and stakeholders that they are on
guard to protect private data. When this commitment is openly shared, it
creates trust with clients, partners, and regulatory teams.
● Tailoring Tests to Regulatory Requirements

Penetration tests can be designed to meet the unique needs of each

industry's regulations. Whether it's healthcare, finance, or any other sector
with unique data protection mandates, organizations can customize their
penetration testing approach to effectively address the nuances of their
regulatory landscape.
3. Enhanced Incident Response
Penetration testing serves as a valuable tool in enhancing incident response
capabilities. Organizations can refine and optimize their incident response
plans by understanding potential attack vectors. This preparation ensures that
in the event of a security incident, the organization can respond promptly and
effectively, minimizing the impact of the breach on both operational continuity
and reputation.
● Real-World Simulation

The simulated nature of penetration testing provides a real-world simulation

of potential cyber threats. This not only allows organizations to identify
vulnerabilities but also provides an opportunity to test the effectiveness of their
incident response procedures in a controlled environment. The lessons
learned from these simulations contribute significantly to the organization's
ability to respond to real incidents.
● Continuous Improvement

Regularly incorporating the insights gained from penetration testing into

incident response plans facilitates a cycle of continuous improvement.
Organizations can update and optimize their response strategies based on
evolving threat landscapes and emerging vulnerabilities, ensuring that their
cybersecurity resilience is not static but continually adapting to new
challenges.
Challenges in Penetration Testing
Penetration testing faces challenges such as simulating realistic attack
scenarios and accurately replicating evolving cyber threats. Complexity in
identifying intricate vulnerabilities and ensuring comprehensive coverage can
pose difficulties.
Overcoming these challenges demands continuous innovation, skill
refinement, and staying abreast of the dynamic cybersecurity landscape to
deliver effective and thorough penetration testing results.
1. Scope Limitations
Defining the scope of a penetration test is a delicate balancing act. In
expanding on this challenge, organizations need to balance testing
comprehensively and considering resource constraints. More relaxed scopes
may result in overlooking critical vulnerabilities, while overly broad scopes
may lead to an efficient allocation of resources.
2. False Positives and Negatives
The issue of false positives and negatives in penetration testing is a nuanced
challenge. Further discussion can highlight the importance of skilled testers
who can distinguish between genuine vulnerabilities and false alarms. It also
underscores the need for ongoing communication between testers and
stakeholders to ensure a clear understanding of the results.
3. Ethical Dilemmas
Ethical considerations are paramount in penetration testing. Expanding on
this, it's crucial to emphasize the importance of obtaining proper authorization
and adhering to a robust code of ethics. Testers must operate within legal
boundaries and ensure that their activities do not unintentionally harm
systems or compromise sensitive data.

Penetration Testing: Evolving Trends

Evolving trends in penetration testing encompass increased automation for
efficiency, incorporation of artificial intelligence to simulate advanced cyber
threats, and a growing emphasis on continuous testing to adapt to dynamic
security landscapes.
These trends reflect the industry's commitment to staying ahead of evolving
cyber threats and enhancing overall cybersecurity measures. Some of the
most primary ones include:
1. Automated Testing
Technology strides have paved the way for automated tools for penetration
testing. These expedite the testing process, allowing tests to run more often.
But, it's vital to know that while automation makes some parts smoother,
human insight is essential. Humans interpret the results, understand
context-based weak spots, and suggest informed solutions.
2. Cloud Security Testing
Moving deeper into the cloud, companies are seeing the urgent necessity for
specific penetration testing for these systems. This rising shift demands cloud
security tests to handle challenges unique to virtual, distributed computing.
This includes checking cloud providers' security and checking the secure
setup of assets based in the cloud.
3. Continuous Testing
The traditional approach of periodic penetration testing is evolving towards
continuous testing models. Expanding on this, continuous testing enables
organizations to adapt to the dynamic threat landscape by identifying and
addressing vulnerabilities in real time. Automation plays a crucial role in
continuous testing, ensuring that security assessments are ongoing and that
any emerging vulnerabilities are promptly addressed.

Conclusion
Strong cybersecurity necessitates penetration testing, which allows
organizations to detect and address security flaws early on. In today's
ever-changing world of cyber threats, regular and comprehensive testing is
critical.

How to set up your firewall in 6 steps

Follow these simple best practices to confidently secure your network.

Watch overview (1:21)

Discover security solutions

Configuration Guide
Next Steps
Contact Cisco
You’ve graduated from setting up that new wireless router and are ready for your next
adventure: setting up a firewall. Gulp. We know, seems really intimidating. But breathe
easy, because we’ve broken it down to 6 simple steps that should help you on your way
to network-security nirvana. And off we go…

Step 1: Secure your firewall (Seems redundant, we know.)

Administrative access to your firewall should be limitedtoonly thoseyou trust. Tokeep
out any would-be attackers, make sure your firewall is secured by at least one of the
following configuration actions:

● Updateyour firewall to the latest vendor recommended firmware.

● Delete, disable, or renameany default user accounts, andchange all default
passwords. Make sure to use only complex and secure passwords.
● If multiple people will manage the firewall, create additional accounts with
limited privileges based on responsibilities. Never use shared user accounts.
Track who made what changes and why. Accountability promotes due
diligence in making changes.
● Limit where people can make changes from to reduce your attack surface, ie
changes can only be made from trusted subnets within your corporation.

Step 2: Architect firewall zones and IP addresses (No heavy lifting

required.)

To best protect your network’s assets, you should first identify them. Plan out a structure
where assets are grouped based on business and application need similar sensitivity
level and function, and combined into networks (or zones). Don’t take the easy way out
and make it all one flat network. Easy for you is easy for attackers!
All your servers that provide web-based services (ie.g. email, VPN) should be organized
into a dedicated zone that limits inbound traffic from the internet—often called a
demilitarized zone, or DMZ. Alternatively, servers that are not accessed directly from the
internet should be placed in internal server zones. These zones usually include
database servers, workstations, and any point of sale (POS) or voice over internet
protocol (VoIP) devices.

If you are using IP version 4, internal IP addresses should be used for all your internal
networks. Network address translation (NAT) must be configured to allow internal
devices to communicate on the internet when necessary.

After you have designed your network zone structure and established the corresponding
IP address scheme, you are ready to create your firewall zones and assign them to your
firewall interfaces or sub-interfaces. As you build out your network infrastructure,
switches that support virtual LANs (VLANs) should be used to maintain level-2
separation between the networks.

Step 3: Configure access control lists (It’s your party, invite who you want.)

Once network zones are established and assigned to interfaces, you will start with
creating firewall rules called access control lists, or ACLs. ACLs determine which traffic
needs permission to flow into and out of each zone. ACLs are the building blocks of who
can talk to what and block the rest. Applied to each firewall interface or sub-interface,
your ACLs should be made specific as possible to the exact source and/or destination
IP addresses and port numbers whenever possible. To filter out unapproved traffic,
create a “deny all” rule at the end of every ACL. Next, apply both inbound and outbound
ACLs to each interface. If possible, disable your firewall administration interfaces from
public access. Remember, be as detailed as possible in this phase; not only test out that
your applications are working as intended, but also make sure to test out what should
not be allowed. Make sure to look into the firewalls ability to control next generation
level flows; can it block traffic based on web categories? Can you turn on advanced
scanning of files? Does it contain some level of IPS functionality. You paid for these
advanced features, so don’t forget to take those "next steps"
Step 4: Configure your other firewall services and logging (Your non-vinyl
record collection.)

If desired, enable your firewall to act as a dynamic host configuration protocol (DHCP)
server, network time protocol (NTP) server, intrusion prevention system (IPS), etc.
Disable any services you don’t intend to use.

To fulfill PCI DSS (Payment Card Industry Data Security Standard) requirements,
configure your firewall to report to your logging server, and make sure that enough detail
is included to satisfy requirement 10.2 through 10.3 of the PCI DSS.

Step 5: Test your firewall configuration (Don’t worry, it’s an open-book test.)

First, verify that your firewall is blocking traffic that should be blocked according to your
ACL configurations. This should include both vulnerability scanning and penetration
testing. Be sure to keep a secure backup of your firewall configuration in case of any
failures. If everything checks out, your firewall is ready for production. TEST TEST
TEST the process of reverting back to a configuration. Before making any changes,
document and test your recovering procedure.

Step 6: Firewall management (All fires need stoking.)

Once your firewall is configured and running, you will need to maintain it so it functions
optimally. Be sure to update firmware, monitor logs, perform vulnerability scans, and
review your configuration rules every six months.

SSL encryption
Last Updated: 2024-01-04
The SSL protocol operates between the application layer and the TCP/IP layer. This
allows it to encrypt the data stream itself, which can then be transmitted securely, using
any of the application layer protocols.

Many different algorithms can be used for encrypting data, and for computing the
message authentication code. Some algorithms provide high levels of security but
require a large amount of computation for encryption and decryption. Other algorithms
are less secure but provide rapid encryption and decryption. The length of the key that
is used for encryption affects the level of security; the longer the key, the more secure
the data. SSL defines cipher suites to specify cryptographic algorithms that are used
during an SSL connection.

SSL Encryption techniques

SSL uses two encryption techniques:
Public key cryptography standard (PKCS), which encrypts and decrypts
certificates during the SSL handshake. Encryption keys are created in pairs, a
public key and its associated private key. Data encrypted with a given public key
can be decrypted only with the associated private key; this means that data is
readable by only the intended recipient. Data encrypted with a given private key
can be decrypted only with the associated public key; this means that
authentication data is assured to originate from the owner of the private key.
A mutually agreed symmetric encryption technique, such as DES (data
encryption standard), or triple DES, is used in the data transfer following the
handshake.

PKCS, as used by SSL, works briefly as follows:

1. When a certificate is created, an algorithm based on two random numbers is
used to create a private key and public key for the certificate owner. The private
and public keys which result are related to each other such that:
It is not feasible to deduce the value of the private key from the public key,
nor the public key from the private key
The private key is stored securely, and is not made known to anyone but
its owner. The public key can be made freely available to any user, with no
risk of compromising the security of the private key.
Information encrypted using the public key can be decrypted only with the
private key
Information can be encrypted by any user, and sent securely to the holder
of the private key. A third party cannot use the public key to read the
information.
Information encrypted using the private key can be decrypted only with the
public key
Only the holder of the private key can encrypt information that can be
decrypted with the public key. A third party cannot pose as the sender of
the information.

How to Secure a Live Server?

Last Updated : 09 Sep, 2024

Securing a live server is crucial to protect against unauthorized access and

potential threats. Implementing robust server security best practices ensures
that your server remains protected and operational. This guide will outline how
to secure a live server, covering essential steps such as server hardening
techniques, secure server configuration, and ongoing server vulnerability
management. By following these guidelines, you can effectively protect your
live server from potential attacks and breaches.

Table of Content
● How to Secure a Live Server?
○ Method 1: IP tables
○ Method 2: IPV6
● How to Secure a Live Server – FAQs

How to Secure a Live Server?

Method 1: IP tables

IP tables are command-line firewall utility that uses rules/policies to allow or

block traffic. First, check if your iptable configuration is clean.
sudo iptables -L
The above command lists all the current iptable rules. Use this command after
every addition to ensure that your configuration is clean.

if you find some issues in your configuration, you can use the following
command to flush the entire iptable and start over. With your iptable flushed,
your system is vulnerable to attacks. Make sure to secure it using an
alternative method.
sudo iptables -F

Inserting rules
Insert rules for the following purposes to secure the server.
● Inserting rule to allow loopback connections for localhost connection
to work.
● Inserting rule to allow incoming connection from the already
established connection.
● Rule to allow HTTP on port 80, HTTPS on 443, and SSH on 22.
Let’s add a rule to allow established connections to continue using the
command below and then you can check that the rule was added using the
same sudo iptables -L as before. To do this enter the following command in
the terminal.
sudo iptables -A INPUT -m conntrack --ctstate
ESTABLISHED,RELATED -j ACCEPT
sudo iptables -L

Default policy
You should make sure of the default policy to be configured as accepting
incoming connections. This ensures that you don’t get locked out of your
account. Then, add a rule to drop the incoming connections as last. This
ensures to drop of the connection if the packet doesn’t match the rules above
drop rule. Thus, ensures security from unwanted connections to the server.
Setting the default policy as ‘ACCEPT’
sudo iptables -P INPUT ACCEPT

Adding a rule to ‘DROP’

sudo iptables -A INPUT -j DROP

These commands execute successfully without returning any statement as

can be seen from the screenshot provided below.

Setting the iptables to be persistent

Before setting the rules permanently, testing it once would be good to ensure
that you’re able to log back in if you get logged out. Once, that is done you
can use the following command to make the rules permanent. This command
created a script that loads our configuration when the system reboots.
sudo apt-get install iptables-persistent
Now, whenever you need to add more roles to iptables-persistent, you need to
update the same using the following command.
sudo invoke-rc.d iptables-persistent save

Method 2: IPV6

The above rules are for IPV4 and adding rules for IPV6 differs a bit in the
command statement. The adoption of IPV6 is still not much compared to IPV4
and it could be exploited if left open. Therefore, let’s add a default policy to it
and make it permanent. You can follow the commands mentioned below,
sudo ip6tables -L
sudo ip6tables -P INPUT DROP
sudo invoke-rc.d iptables-persistent save

Commands for IPV6 only differ in the keyword ‘ip6tables’ w.r.t IPV4.
The server is up or not
We’ve allowed all important protocols to establish a connection to our servers.
But if you try to ping the server right now, it’ll drop because of the rule we
added at the last. Thus, we need to allow ICMP for the same. Also, we want
the drop rules to be the last rule defined. Thus, we need to add this rule above
the DROP rule. To achieve the same, you can follow the below commands.
To get the line number to all the rules
sudo iptables -L --line-numbers
sudo iptables -I INPUT [Drop_rule_line_number] -p icmp
--icmp-type echo-request -j ACCEPT

This rule will be added at line 1 and the DROP rule at 1 will be shifted down
Now it allows us to ping the server again.

Conclusion
Effective server security is key to maintaining a safe and reliable live server
environment. By adhering to server security best practices and utilizing live
server protection techniques, you can significantly reduce the risk of
vulnerabilities and attacks. Regularly updating your secure server setup and
monitoring for potential threats will ensure that your server remains secure
and functional over time. Embrace these strategies to uphold the integrity and
security of your live server

Protection of Servers
Last Updated : 13 Apr, 2023

Servers are the core of any high-performing facility. Servers are the key to
efficient and continuous operations. Servers are expensive. That’s why server
monitoring is critically important. Some methods of physical protection of
Servers are as follows:
● Hardware Monitoring: Hardware monitoring is found in large server
farms. A server farm is a facility that houses hundreds of servers for
organizations. Google has many server farms around the world to
provide optimal services. Even smaller companies are building local
server farms to house the growing number of servers need to
conduct business. Hardware monitoring systems are used to monitor
the health of these systems and to minimize server and application
downtime. Modern hardware monitoring systems use USB and
network ports to transmit the condition of CPU temperature, power
supply status, fan speed and temperature, memory status, disk
space, and network card status. Hardware monitoring systems help
to monitor many systems from a single terminal.
● HVAC: HVAC systems are critical to the safety of people and
information systems in the organization’s facilities. When planning
modern IT offices, these frameworks play a very important role in the
overall security. HVAC systems control the ambient environment and
must be planned for and operated along with other data center
components. Almost all physical computer hardware devices
accompany ecological necessities that incorporate worthy
temperature and stickiness ranges. Environmental requirements
appear in a product specifications document or in a physical planning
guide. It is critical to maintaining these environmental requirements
to prevent system failures and extend the life of IT systems.
Commercial HVAC systems and other building management systems
now connect to the Internet for remote monitoring and control.
Recent events have shown such systems (often called “smart
systems”) also raise big security implications.
● Power: A ceaseless supply of electrical power is critical in today’s
massive server facilities. Some standards in building effective
electrical supply systems are:
○ Two or more feeds coming from two or more
electrical substations.
○ Server rooms should be on a different power supply
from the rest of the building.
○ Backup power systems are also required.
● Access Control: Physical access control is necessary to prevent
unauthorized access to server rooms and IT equipment. Access
control systems can include biometric readers, keypads, and security
cameras. Access to the server room should be limited to authorized
personnel only, and a log of access should be maintained.
● Fire Suppression: Fire suppression systems are essential to protect
the servers and other IT equipment from fire damage. Common fire
suppression systems used in server rooms include water-based
systems, gas-based systems, and foam-based systems. These
systems should be installed and maintained by certified professionals
to ensure their effectiveness.
● Cable Management: Proper cable management is crucial to maintain
a safe and organized server room. Cables should be organized and
labeled to avoid confusion and ensure easy maintenance. Cable
trays and cable channels can be used to organize and manage
cables effectively.
● Physical Security: The server room should have proper physical
security measures in place, such as reinforced doors, security
alarms, and security personnel. These measures should be taken to
prevent unauthorized access, theft, and vandalism.
● Environmental Monitoring: Environmental monitoring systems are
used to monitor the temperature, humidity, and other environmental
factors in the server room. These systems can alert IT personnel if
any environmental factor falls outside the acceptable range, allowing
them to take corrective action before any damage is done.

Top 10 Cybersecurity Threats in 2024

Last Updated : 29 Feb, 2024

Due to the increase in multiple technologies, businesses are getting a lot of

advantages but to increase in technologies is also leading to the increase in a
number of cyber threats by various processes. Cyber threats can have major
impacts on businesses of all sizes including financial and reputational
damage. This impact can vary depending on the severity of the attacks.
Individuals and businesses should have knowledge about these cybersecurity
threats and how hackers misuse the information from several techniques.
Therefore in this article, comprehensive knowledge has been provided about
the Cybersecurity threats and the top 10 Cybersecurity threats in 2024.

What are Cybersecurity Threats?

Cybersecurity threats are actions carried out primarily by hackers or attackers
with malicious intent, with the goal of stealing data, causing damage, or
interfering with computer systems. The main categories of cyber threats are-
malware, injection attacks, social engineering, configuration mistakes, and so
on. Cybersecurity can be originated from multiple sources from hostile nation
states to individual hackers on contractors who abuse their privilege to
perform the harmful acts.

Check Out: CyberSecurity Tutorial

Top 10 Cybersecurity Threats in 2024
Multiple Cybersecurity threats are performed by hackers to harm the data of
an organization or business. Some of the most important cybersecurity threats
are mentioned below:

1. Phishing Attacks

Phishing Attacks are well-known cybersecurity threats that are targeted

through digital messages and are transmitted among people who have less
knowledge of clicking on an unknown link that can install any harmful data.
Phishing attacks are mainly performed by clicking on suspicious links. These
attacks enable the hackers to steal the user's login, personal financial
information, and credit card credentials.

2. Social Engineering

Social Engineering is one of the popular cybersecurity threats which is mostly

dependent on human errors rather than technical errors which makes these
attacks more dangerous. In 2023, social engineering strategies were the key
method for getting the employee's data and credentials. More than 75% of
targeted cyberattacks begin with an e-mail. Phishing is one of the well-known
causes of data breaches.

3. SQL Injections

SQL Injections is another famous cybersecurity threat which is a type of

code-based vulnerability that allows the attacker to read and also to access
personal data from the database. Therefore the attacker can use the sensitive
data from the database and further can use SQL queries to modify, update,
add, or delete the records in a database. This sensitive information may
include the company's data, user lists, or customer details.
4. Vulnerabilities in Cloud

Cloud vulnerabilities are increasing and are one of the popular cybersecurity
threats. The IBM reports confirm that cloud vulnerabilities have increased
150% in the past five years. Gartner cloud security is one of the
fastest-growing technologies in recent years. Verizon’s DBIR has found that
more than 90% of the 29000 breaches analyzed in the report were mainly
caused by website application breaches.

5. IoT Attacks

The Internet of Things(IoT) attacks is another famous cybersecurity threat that

mainly involves adding internet connectivity to a system of interrelated
computing devices, digital machines, and mechanical machines. It has been
observed that more than 70% of households consist of at least one
smartphone in their house which results in attacks on smart or Internet of
Things (IoT) devices with more than 1.5 billion breaches occurring between
January and June 2021. IoT connectivity has opened a world of vulnerabilities
for hackers and the average smart device is attacked within 5 minutes of
connecting to the internet.

6. Low Data Management

Data management is very important in businesses and it is not just keeping

the storage and organization's systems clean but it is also putting things in
place. The amount of data has been developed by the consumers which
doubles every four years but more than half of that new data is never used or
analyzed. Therefore piles of surplus data lead to confusion which leaves the
data vulnerable to cyber attacks. The breaches that are caused by data
handling mistakes can be as costly as higher-tech cybersecurity attacks.

7. DDos
Distributed denial of service attack(DDos) is another famous attack that is
done to disrupt the normal traffic of a targeted server or the network.
Therefore, DDoS attacks are generally carried out with the networks of
Internet-connected machines. These networks consist of the computers and
the other devices which are actually been infected with the malware by further
allowing them to be controlled by a hacker or attacker.

8. Ransomware

Ransomware is the type of malware that locks and encrypts a victim’s data,
systems, or files rendering them unusable until the attackers receive a ransom
payment. Between 2018 to 2020 the average ransom fee increased from
$5000 to $200000. The ransomware attacks also cost the companies in the
form of income lost while the hackers hold the systems access for ransom.
Therefore the average length of system downtime after a ransomware attack
is 21 days.

9. Mobile Device Attacks

Mobile device vulnerabilities have increased in remote works which led to an

uptick of companies implementing the bring your own device policies. Hence
the cybercriminals targeted mobile device management systems which were
designed to allow companies to manage the company devices in such a way
that it keeps corporate data secure. For example - During COVID-19 the use
of mobile devices has increased, hence not only the remote users depend on
the mobile but also the pandemic experts also encourage large-scale adoption
of mobile wallets and touchless payment technology in order to control the
germs transmission. Therefore a large population of users represents the
larger target for cybercriminals.

10. Third-Party Vulnerabilities

The third-party breach occurred at the beginning of 2021 when the hackers
leaked personal data from more than 214 million Instagram, LinkedIn, and
Facebook accounts. Hackers or attackers get around security systems by
hacking the less protected networks that belong to the third party that has
privileged access to the hacker's primary target. Therefore the hackers were
able to access the data by breaching third-party contractors known as
SocialArks that had been employed by the three companies and had
privileged access to their networks.

Port Scan in Ethical Hacking

Last Updated : 31 May, 2022

Port Scanning is the name of the technique used to identify available ports
and services on hosts on a network. Security engineers sometimes use it to
scan computers for vulnerabilities, and hackers also use it to target victims. It
can be used to send connection requests to target computers and then track
ports. Network scanners do not actually harm computers; instead, they make
requests that are similar to those sent by human users who visit websites or
connect to other computers using applications like Remote Desktop Protocol
(RDP) and Telnet. A port scan is performed by sending ICMP echo-request
packets with specific flags set in the packet headers that indicate the type of
message being transmitted: Type 8 indicates the request to be an echo-reply
packet with the source IP address as the responding host, while Type 0
indicates that no response is expected from the responding host.
Types of Port Scans:

To protect your network from port scans, it is essential to understand the

different types of port scans used by hackers.
● Vanilla: The scanner tries to connect to all 65,535 ports ) – The
scanner looks for open UDP ports
● Sweep: The scanner pings an identical port on over one computer to
envision which pc is active
● FTP Bounce: The scanner goes through an FTP server to mask the
source
● Stealth: The scanner locks scanned computer records Scan of port

Types of Ports:
● Open: The host replies and announces that it is listening and open
for queries. An undesired open port means that it is an attack path
for the network.
● Closed: The host responds but notices that no application is
listening. Hackers will scan again if it is opened.
● Filtered: The host does not respond to a request. This could mean
that the packet was dropped due to congestion or a firewall.

Tools Used in Port Scanning:

● Nmap
● Angry IP Scan
● Netcat
● Zenmap
● Advanced Port Scanner
● MASSCAN

Learn in a distraction-free environment with refined, high-quality content and

35+ expert-led tech courses to help you crack any interview. From
programming languages and DSA to web development and data science,
GeeksforGeeks Premium has you covered!

Port Scanning Attack

Last Updated : 08 Sep, 2022

Prerequisite: What is scanning attacks?

Cyber-Attackers use various different methods to carry out the execution of

Cyber-Attacks on the computer network, depending on the ease through
which the computer network can be attacked on its vulnerability. Each type of
Cyber-Attack is risky and harmful in nature. Awareness about cyber crimes is
very important for today’s young generation to prevent cyber crimes from
taking place and feel safe while using the internet / cyber technology.

Here, we will discuss one such very harmful Cyber-Attack Port Scanning
Attack.

Port Scan attack:

● A Port Scan attack is a dangerous type of Cyber-Attack revolving

around targeting open ports that are vulnerable to attack.
● A Port scan attack helps attackers to identify open points to enter
into a cyber network and attack the user.
● Ports are really significant as they help in tracking the traffic that
enters and leaves a computer network.
Packets and data that are transmitted over ports tell
Cyber-Attackers if the specific port can be vulnerable to attack.
● Port scanning attack helps identify of security mechanisms of the
network, including active firewalls and anti-viruses.
● In this attack, Cyber-Attackers look for open ports in the network,
which they then aim to capture to send and receive information.
● The detected open port is used by Cyber-Attackers to exploit
computer system vulnerabilities.
● The identification of open ports gives Cyber-Attackers direct access
to the target.
● Since the application listens to these ports, Cyber-Attackers take
advantage of this for getting access/ manipulating/deleting
confidential user information.
● Nmap, Netcat, and IP Scanning tools are used to scan ports for
vulnerability checks.

Aim and Consequences:

● Port scan attack is being used by attackers based on the services

and security of the cyber network.
● If proper security mechanisms including authentication methods are
not properly implemented, then they become a target attack point
for Cyber-Attackers.
● Cybercriminals make use of the vulnerable target security breaches
and open port information to get into the user/ organization systems.

Prevention:
The preventive ways for Port Scan attack are listed as follows :

● Secured Firewalls:
○ A firewall can be used to track the traffic of open
ports, including both incoming and outgoing traffic
from the network.
○ Identification of an open port is that the target post
involved here is bound to respond with packets,
which shows that the target host listens on the port.
● Strong Security Mechanisms:
○ Computer systems with strong security can protect
open ports from being exploited.
○ Security administrators should be well aware that
any harmful attack should not be allowed access to
computer open ports.

What does risk mean?

This is where vulnerabilities and threats intersect. At its core, risk refers to the
possible implication of the damage or loss of business assets and data.
While it’s impossible to eliminate risk in its entirety, you can manage it to a
level that aligns with your company’s tolerance. So don’t aim to achieve a
risk-free system, but one with the lowest risk possible.
Notably, cyber risk is a function of threats leveraging system vulnerabilities to
access and compromise or steal assets. It’s best summed up with this
formula:
Risk = Threat + Vulnerability

Understanding these distinct concepts can help you determine your

website’s overall safety. Of course, like cyber criminals, threats exist. But you’ll
have the lowest risk when you don’t have vulnerabilities.
How to manage your cybersecurity risk
Considering the impossibility of eliminating cyber threats, risk management
can be the most effective approach to enhancing your cybersecurity posture.
This is an ongoing routine practice where experts review your risk
environment to minimize the likelihood of specific threats.

Five Ways to Defend Against Network

Security Threats

How to Prevent Network Attacks

There are many different ways to defend against network-related threats. Here are five
of the most effective methods.

1. Install antivirus software.

One of the first lines of defense against malware and other viruses is to install antivirus
software on all devices connected to a network (Roach & Watts, 2021). Antivirus
software can detect and prevent malicious files from being installed on a system, and it
should be updated regularly to include the latest definitions.

2. Create strong passwords.

Another essential step in protecting a network is to create strong passwords. Passwords
should be at least eight characters long and include a mix of letters, numbers, and
symbols. They should also not be easy to guess—for instance, the user’s name or the
name of the company.

3. Enforce security policies.

A third way to reduce risk of attacks on a network is to enforce security policies.
Security policies can help ensure that all devices on a network are protected against
viruses and malware and that users are using strong passwords. These policies can
also restrict access to some network regions and limit user privileges.

4. Use firewalls.
Firewalls are another essential tool in defending networks against security threats. A
firewall can help prevent unauthorized access to a network by blocking incoming traffic
from untrusted sources. Additionally, firewalls can be configured to allow only certain
types of traffic, such as web traffic or email.

5. Monitor activity.
Finally, it’s important to monitor activity on the network. Tracking logs and other data
enables suspicious activity to be identified quickly, allowing security personnel to take
steps to investigate and mitigate potential threats.

Consequences of Network Breaches

Network security breaches can have severe consequences for businesses, including:
● Data loss. A network security breach can result in the loss of sensitive data,
such as customer information or financial records.
● Damage to reputation. A breach can also damage a company’s reputation and
make it difficult to regain the trust of customers and other stakeholders.
● Loss of revenue. In some cases, a network security breach can lead to a loss
of revenue as customers take their business elsewhere.
● Increased costs. Breaches can also lead to increased costs, such as hiring
new staff or upgrading security systems.
How to Prevent Man In the Middle Attack?
Last Updated : 05 Apr, 2024

In a web application, there are two things usually: the client and the server.
The third entity that remains unnoticed most of the time is the communication
channel. This channel can be a wired connection or a wireless connection.
There can be one or more servers in the way forwarding your request to the
destination server in the most efficient way possible. These are known as
Proxy servers.

What is a Man in the Middle Attack?

When there is an unwanted proxy in the network intercepting and modifying
the requests/responses, this proxy is called a Man in the middle or we can say
that Man In the Middle Attack poses a serious risk to online communication,
resulting in the stealing of private data, financial loss, and harm to reputation.
For example, suppose you are connected to a Wi-Fi network and doing a
transaction with your bank. An attacker is also connected to the same Wi-Fi.
The attacker does the following:
● The attacker sends the rogue ARP packets in the network that map
the IP address of the access point to the MAC address of the
attacker’s device.
● Each device connected in the network caches the entry contained in
the rogue packets.
● Your device uses ARP to send the packets destined for your bank’s
web server to the access point (which is the default gateway for the
network).
● The packets get sent to the attacker’s machine.
● Attackers can now read and modify the requests contained in the
packets before forwarding them.

This way the attacker is suitably situated between you and your bank’s server.
Every bit of sensitive data that you send to your server including your login
password, is visible to the attacker. ARP cache poisoning is one of the ways
to perform an MITM attack; other ways are –
● DNS spoofing.
● IP spoofing.
● Setting up a rogue Wi-Fi AP.
● SSL spoofing, etc.

The use of SSL can prevent these attacks from being successful. Since the
data is encrypted and only legitimate endpoints have the key to decrypt it, the
attacker can do very little from the data even if he gets access to it.
(SSL is only useful if it’s set up properly, there are ways to circumvent this
protection mechanism too, but they are very hard to carry out). Still, an
attacker can do a lot of damage if the web application with which the user has
been interacting does not utilize the use of something called the nonce. The
attacker can capture the encrypted request, for the entire session and then
carefully resend the requests used for logging in. This way the attacker will get
access to your account without knowing your password. Using nonce prevents
such “replay attacks”. A nonce is a unique number that is sent by the server to
the client before login. It is submitted with the username and password and is
invalidated after a single use.

Types of Man-in-the-Middle Attacks

● Rogue Access Point: Devices with wireless cards frequently try to
automatically connect to the access point with the strongest signal.
Attackers can set up their wireless access points and nearby devices
joining their domain.
● ARP Spoofing: ARP stands for Address Resolution Protocol. It
converts IP addresses to physical MAC (media access control)
addresses in a local area network. When a host needs to
communicate with a host with a specific IP address, it uses the ARP
cache to convert the IP address to a MAC address. If the address is
unknown, a request is sent for the MAC address of the device
associated with the IP address.
● DNS Spoofing: DNS resolves domain names to IP addresses in the
same way as ARP does on a local area network. In a DNS spoofing
attack, the attacker tries to inject faulty DNS cache information into a
host to visit another host using their domain name.
● Email phishing: A threatening attacker uses a false email to attempt
to get access to sensitive data. Phishing scams sometimes use
emails spoofing official sources, such as a corporate executive or a
bank representative, to get login credentials, account information,
and other information from consumers.
● Router spoofing: One of the most common man-in-the-middle attacks
is router spoofing, which occurs when an attacker with malicious
intent establishes a fake wifi network that replicates proper networks
in the area to mislead people into connecting. Once they do, the
attacker gains access to the data streaming from the user’s device.

Man-in-the-Middle Attack Techniques

● Sniffing: Packet sniffing is a man-in-the-middle attack in which an
attacker captures and analyses network communication. The
attacker can then examine and manipulate the data that is
transmitted between two devices.
● Packet Injection: An attacker may also use the device’s monitoring
mode to inject malicious packets into data communication streams.
The packets might mix in with real data transmission streams, giving
the impression that they are part of the conversation but are harmful.
Packet injection normally starts with sniffing to establish how and
when to create and deliver packets.
● SSL Stripping: SSL stripping is a form of man-in-the-middle attack in
which an attacker tries to degrade an encrypted HTTPS connection
to HTTP. The attacker can then view and alter the data being
transmitted between two devices.
● Eavesdropping: Eavesdropping is a type of man-in-the-middle attack
in which an attacker listens to an ongoing communication session
between two computers. The attacker can then view and alter the
data being transmitted between two devices.

How to Detect a Man-in-the-Middle Attack?

● Fake websites: Hackers use a man-in-the-middle attack to direct you
to a web page or site that they control. Because they only have
access to your internet connection and the traffic flowing from your
device, not the contents of your computer.
● Unusual Network Activity: A significant increase in network traffic
may indicate a man-in-the-middle (MIT) attack. unusual connections
or requests from unusual sources can indicate that an attacker is
trying to steal data packets.
● Suspicious certificates: If your browser displays a certificate warning,
it indicates that you are going to visit a website that has been
encrypted by a criminal as part of an MITM attack. You should not go
to the website.
● Unexpected Credential Requests: If a website or application requests
credentials that the user is unfamiliar with, this may indicate a
man-in-the-middle attack.
● Unusual Login Errors: If a user encounters login errors after entering
the correct credentials, it may indicate that an attacker is attempting
to steal data packets.
● Unexpected Pop-Ups: Unexpected pop-up windows or notifications
could indicate a man-in-the-middle attack.

How to prevent Man-in-the-Middle attacks?

● Always use trusted networks and devices to log in to sensitive
websites.
● Avoid connecting to a Wi-Fi that is open(unencrypted).
● Keeping networks secure from unwanted external access.
● In case you have to use a public computer, check its browser for the
presence of any rogue certificate and make sure that there aren’t
any. Check the hosts’ file too.
● When connected to a public network or using a public computer,
perform a traceroute to the website you want to access and see the
route taken by the packets for anything suspicious. For example,
packets going to an IP different from the IP whose last octet is 1 (the
IP of your gateway).

Key Concepts of Man in the Middle Attack

● The attackers intercept the conversation between the client and the
server to steal confidential data.
● The data transfers that take place during this attack remain
undetected.
● The attacker tries to perform this attack by using various tricks like
sending attachments links or duplicate websites.

Case Study of Man In the Middle Attack

● Case Study-1: The credit score company Equifax removed their apps
from Google and apple due to the data leaking. It has been found
that the app did not use HTTPS which allowed the attackers to get all
those data when the user was accessing their account.
● Case Study-2: There was a registrar company that was breached
and enabled the attacker to gain access to many certificates. These
certificates allowed the attacker to pose as an authentic website to
steal the data from the user, the authentic website in this case was
duplicated.
● Case Study-3: There was a bank that was targeted by the attacker.
The attacker sends an email to the customer that someone might
have attempted to log in to their bank account, and they need the
information from them to verify. The email that was sent to the
customer was a phishing attack. So the victim will click on the link
sent in the email, and they would be taken to a fake website. The
fake website will seem to be original. When the victim will enter the
details, it will be redirected to the original website. Now the attacker
got access to the victim’s account.

Users should be aware of

● Public Wi-Fi Network.
● Don’t access that Wi-Fi where the name of the Wi-Fi does not seem
to be right.

Conclusion
Man In the Middle Attack offer a serious risk to online communication,
resulting in the stealing of private data, financial loss, and harm to reputation.
To avoid MitM attacks, take precautions such as employing encryption,
checking SSL/TLS certificates, and staying away from insecure Wi-Fi
networks. You may lower your risk of being a victim of a Man In the Middle
Attack by remaining attentive and implementing best practices.

What is DDoS(Distributed Denial of Service)?

Last Updated : 04 Oct, 2024

Distributed Denial of Service (DDoS) is a type of DOS attack where multiple

systems, which are trojan infected, target a particular system which causes a
DoS attack.
A DDoS attack uses multiple servers and Internet connections to flood the
targeted resource. A DDoS attack is one of the most powerful weapons on the
cyber platform. When you come to know about a website being brought down,
it generally means it has become a victim of a DDoS attack. This means that
the hackers have attacked your website or PC by imposing heavy traffic.
Thus, crashing the website or computer due to overloading.
Example: In 2000, Michael Calce, a 15-year-old boy who used the online
name “Mafiaboy”, was behind one of the first DDoS attacks. He hacked into
the computer networks of various different universities. He used their servers
to operate a DDoS attack that brought down several websites such as eBay
and Yahoo. In 2016, Dyn was hit with a massive DDoS attack that took down
major websites and services such as Netflix, PayPal, Amazon, and GitHub.

DoS
DoS stands for Denial of Service. It is a type of attack on a service that
disrupts its normal function and prevents other users from accessing it. The
most common target for a DoS attack is an online service such as a website,
though attacks can also be launched against networks, machines, or even a
single program.

Difference between DoS and DDoS

Some of the common differences between DoS and DDoS are mentioned
below.
DoS DDoS

DoS Stands for Denial of DDoS Stands for Distributed Denial of

service attack. service attack.

In Dos attack single system In DDoS multiple systems attack the

targets the victim system. victim’s system.

Victim’s PC is loaded from

Victim PC is loaded from the packet of
the packet of data sent from
data sent from Multiple locations.
a single location.

Dos attack is slower as

A DDoS attack is faster than Dos Attack.
compared to DDoS.

It is difficult to block this attack as multiple

Can be blocked easily as
devices are sending packets and attacking
only one system is used.
from multiple locations.
In DOS Attack only a single
In a DDoS attack, The volumeBots are
device is used with DOS
used to attack at the same time.
Attack tools.

DOS Attacks are Easy to

DDOS Attacks are Difficult to trace.
trace.

Types of DOS Attacks are:

Types of DDOS Attacks are:

1. Buffer overflow attacks

1. Volumetric Attacks

2. Ping of Death or ICMP

2. Fragmentation Attacks
flood

3. Application Layer Attacks

3. Teardrop Attack

4. Protocol Attack.
4. Flooding Attack

Types of DDoS Attacks

There are various types of DDoS attacks mentioned below:
1. Volumetric Attacks: Volumetric Attacks are the most prevalent form of
DDoS attacks. They use a botnet to overload the network or server
with heavy traffic but exceed the network’s capabilities of processing
the traffic. This attack overloads the target with huge amounts of junk
data. This leads to the loss of network bandwidth and can lead to a
complete denial of service.
2. Protocol Attacks: TCP Connection Attacks exploit a vulnerability in
the TCP connection sequence which is commonly referred to as the
three-way handshake connection between the host and the server.
The work is explained as follows. The targeted server receives a
request to start with the handshake. In this attack, the handshake is
never accomplished. This leaves the connected port as busy and
unavailable to process any further requests. Meanwhile, the
cybercriminal continues to send multiple requests overwhelming all
the working ports and shutting down the server.
3. Application Attacks: Application layer attacks (Layer 7 attacks) target
the applications of the victim in a slower fashion. Thus, they may
initially appear as legitimate requests from users and the victim
becomes unable to respond. These attacks target the layer where a
server generates web pages and responds to HTTP requests.
Application-level attacks are combined with other kinds of DDoS
attacks targeting applications, along with the network and bandwidth.
These attacks are threatening as it is more difficult for companies to
detect.
4. Fragmentation Attacks: The cybercriminal exploits frangibility in the
datagram fragmentation process, in which IP datagrams are divided
into smaller packets, transferred across a network, and then
reassembled. In such attacks, fake data packets are unable to be
reassembled.

How do DDoS Attacks Work?

The logic of a DDoS attack is very simple, although attacks can be highly
different from each other. Network connections consist of various layers of the
OSI model. Various types of DDoS attacks focus on particular layers.
Examples are illustrated below:
● Layer-3: Network layer – Attacks are known as Smurf Attacks, ICMP
Floods, and IP/ICMP Fragmentation.
● Layer-4: Transport layer – Attacks include SYN Floods, UDP Floods,
and TCP Connection Exhaustion.
● Layer-7: Application layer – HTTP-encrypted attacks.

How to Protect Yourself from DDoS Attacks?

1. Take quick action: Sooner the DDoS attack is identified, the quicker
the harm can be resisted. Companies should provide DDoS services
or a certain kind of technology so that the heavy traffic can be
realized and worked upon as soon as possible.
2. Configure firewalls and routers: Firewalls and routers should be
configured in such a way that they reject bogus traffic and you should
keep your routers as well as firewalls updated with the latest security
patches.
3. Consider artificial intelligence: While present defenses of advanced
firewalls and intrusion detection systems are very common, Artificial
Intelligence is being used to develop new systems.
4. Secure your Internet of Things devices: To keep your devices from
becoming a part of a botnet, it’s smart to make sure your computers
have trusted security software. It’s important to keep it updated with
the latest security patches.

What is DDoS(Distributed Denial of Service)? – FAQs

What is a DoS attack?

DoS Stands for Denial of service attack. This attack is meant to shut down a
machine or network, due to which users are unable to access it. DoS attacks
accomplish this by flooding the target with traffic or sending it information that
triggers a crash.
What is a DDoS attack?

DDoS Stands for Distributed Denial of service attack. In a DDoS attack, the
attacker tries to make a particular service unavailable by directing continuous
and huge traffic from multiple end systems.

What are the different types of DoS attacks?

Types of DOS Attacks are:

● Buffer overflow attacks

● Ping of Death or ICMP flood
● Teardrop Attack
● Flooding Attack

What is Cross Site Scripting (XSS) ?

Last Updated : 28 Nov, 2022

Cross Site Scripting (XSS) is a vulnerability in a web application that allows a

third party to execute a script in the user’s browser on behalf of the web
application. Cross-site Scripting is one of the most prevalent vulnerabilities
present on the web today. The exploitation of XSS against a user can lead to
various consequences such as account compromise, account deletion,
privilege escalation, malware infection and many more.
In its initial days, it was called CSS and it was not exactly what it is today.
Initially, it was discovered that a malicious website could utilize JavaScript to
read data from other website’s responses by embedding them in an iframe,
run scripts and modify page contents. It was called CSS (Cross Site Scripting)
then. The definition changed when Netscape introduced the Same Origin
Policy and cross-site scripting was restricted from enabling cross-origin
response reading. Soon it was recommended to call this vulnerability as XSS
to avoid confusion with Cascading Style Sheets(CSS). The possibility of
getting XSSed arises when a website does not properly handle the input
provided to it from a user before inserting it into the response. In such a case,
a crafted input can be given that when embedded in the response acts as a
JS code block and is executed by the browser. Depending on the context,
there are two types of XSS –
1. Reflected XSS: If the input has to be provided each time to execute,
such XSS is called reflected. These attacks are mostly carried out by
delivering a payload directly to the victim. Victim requests a page
with a request containing the payload and the payload comes
embedded in the response as a script. An example of reflected XSS
is XSS in the search field.
2. Stored XSS: When the response containing the payload is stored on
the server in such a way that the script gets executed on every visit
without submission of payload, then it is identified as stored XSS. An
example of stored XSS is XSS in the comment thread.

There is another type of XSS called DOM based XSS and its instances are
either reflected or stored. DOM-based XSS arises when user-supplied data is
provided to the DOM objects without proper sanitizing. An example of code
vulnerable to XSS is below, notice the variables firstname and lastname :
php

<?php

if(isset($_GET["firstname"]) && isset($_GET["lastname"]))

$firstname = $_GET["firstname"];

$lastname = $_GET["lastname"];
if($firstname == "" or $lastname == "")

echo "<font color=\"red\">Please enter both fields...</font>";

}
else

echo "Welcome " . $firstname. " " . $lastname;

User-supplied input is directly added in the response without any sanity check.
Attacker an input something like –
html

<script> alert(1) </script>

and it will be rendered as JavaScript. There are two aspects of XSS (and any
security issue) –
1. Developer: If you are a developer, the focus would be secure
development to avoid having any security holes in the product. You
do not need to dive very deep into the exploitation aspect, just have
to use tools and libraries while applying the best practices for secure
code development as prescribed by security researchers. Some
resources for developers are – a). OWASP Encoding Project : It is a
library written in Java that is developed by the Open Web Application
Security Project(OWASP). It is free, open source and easy to use. b).
The “X-XSS-Protection” Header : This header instructs the browser
to activate the inbuilt XSS auditor to identify and block any XSS
attempts against the user. c). The XSS Protection Cheat Sheet by
OWASP : This resource enlists rules to be followed during
development with proper examples. The rules cover a large variety of
cases where a developer can miss something that can lead to the
website being vulnerable to XSS. d). Content Security Policy : It is a
stand-alone solution for XSS like problems, it instructs the browser
about “safe” sources apart from which no script should be executed
from any origin.
2. Security researchers: Security researchers, on the other hand, would
like similar resources to help them hunt down instances where the
developer became lousy and left an entry point. Researchers can
make use of – a). CheatSheets – 1. XSS filter evasion cheat sheet
by OWASP. 2. XSS cheat sheet by Rodolfo Assis. 3. XSS cheat
sheet by Veracode. b). Practice Labs – 1. bWAPP 2. DVWA(Damn
vulnerable Web Application) 3. prompt.ml 4. CTFs c). Reports – 1.
Hackerone Hacktivity 2. Personal blogs of eminent security
researchers like Jason Haddix, Geekboy, Prakhar Prasad, Dafydd
Stuttard(Portswigger) etc.

Learn in a distraction-free environment with refined, high-quality content and

35+ expert-led tech courses to help you crack any interview. From
programming languages and DSA to web development and data science,
GeeksforGeeks Premium has you covered!

Cross Site Scripting (XSS) Prevention Techniques

XSS or Cross-Site Scripting is a web application vulnerability that allows an

attacker to inject vulnerable JavaScript content into a website. An attacker
exploits this by injecting on websites that doesn’t or poorly sanitizes
user-controlled content. By injecting vulnerable content a user can perform
(but not limited to),
1. Cookie Stealing.
2. Defacing a website.
3. Bypassing CSRF Protection etc.,

There are multiple ways by which a web application can protect itself from
Cross-Site Scripting issues. Some of them include,
1. Blacklist filtering.
2. Whitelist filtering.
3. Contextual Encoding.
4. Input Validation.
5. Content Security Policy.

1. Blacklist filtering
It is easy to implement a filtering technique that protects the website from XSS
issues only partially. It works based on a known list of finite XSS vectors. For
example, most XSS vectors use event listener attributes such as onerror,
onmouseover, onkeypress etc., Using this fact, users given HTML attributes
can be parsed and these event listeners attributes. This will mitigate a finite
set of XSS vectors such as <img src=x onerror=alert()>.
For vectors like <a href=”javascript:alert()”>XSS</a>, one may remove
javascript:, data:, vbscript: schemes from user given HTML.

Advantages:
1. These filters are easy to implement in a web application.
2. Almost zero risk of false positives of safe user content being filtered
by these filter

Disadvantages:
But this filtering can be easily bypassed as XSS vectors are not finite and
cannot be maintained so. Here is the list of some valid bypasses of this filter.
This filtering doesn’t protect the website completely.
1. <a href=”jAvAscRipt:alert()”>XSS</a>
2. <a href=”jAvAs cRipt:alert()”>XSS</a>
3. <a href=”jAvAscRipt:prompt()”>XSS</a>
2. Whitelist Filtering
Whitelist filtering is the opposite of blacklist based filtering. Instead of listing
out unsafe attributes and sanitizing user HTML with this list, whitelist filtering
lists out a set of set HTML tags and attributes. Entities that are known to be
sure safe are maintained and everything else will be filtered out.
This reduces XSS possibilities to the maximum extent and opens up XSS only
when there is a loophole in the filter itself that treats some unsafe entities as
safe. This filtering can be done both in the Client and server-side. Whitelist
filtering is the most commonly used filter in modern web applications.

Advantages:
1. Reduces XSS possibilities to a very good extent.
2. Some whitelist filters like the Antisamy filter rewrite User content with
Safe rules. These causes rewriting of HTML content with strict
standards of HTML language.

Disadvantages:
More often this works by accepting unsafe or unsanitized HTML, parses them
and constructs a safe HTML, and responds back to the user. This is
performance intensive. Usage of these filters heavily may have a hidden
performance impact on your modern web application.
3. Contextual Encoding
The other common mitigation technique is to consider all user given data as
textual data and not HTML content, even if it is an HTML content. This can be
done performing HTML entity encoding on user data. Encoding
<h1>test</h1> may get converted to <pre><test> test </></pre> The
browser will then parse this correctly and render <h1>test</h1> as text
instead of rendering it as h1 HTML tag.

Advantages:
If done correctly, contextual encoding eliminates XSS risk completely.
Disadvantages:
It treats all user data as unsafe. Thus, irrespective of the user data being safe
or unsafe, all HTML content will be encoded and will be rendered as plain text.

4. Input Validation
In the Input validation technique, a regular expression is applied for every
request parameter data i.e., user-generated content. Only if the content
passes through a safe regular expression, it is then allowed. Otherwise, the
request will be failed on the server-side with 400 response code.
Advantages:
Input validation not only reduces XSS but protects almost all vulnerabilities
that may arise due to trusting user content.
Disadvantages:
1. It might be possible to mitigate an XSS in the phone number field by
having a numeric regular expression validation but for a name field, it
might not be possible as names can be in multiple languages and
can have non-ASCII characters in Greek or Latin alphabets.
2. Regular expression testing is performance intensive. All parameters
in all requests to a server must be matched against a regular
expression.

5. Content Security Policy

The modern browser allows using of CSP or Content Security Policy Headers.
With these headers, one can specify a list of domains only from which
JavaScript content can be loaded. If the user tries to add a vulnerable
JavaScript, CSP headers will block the request.
Advantages:
CSP is the most advanced form of XSS protection mechanism. It eliminates
untrusted sources to enter data to websites in any form.
Disadvantages:
To have CSP headers defined, websites must not use inline JavaScript code.
JS should be externalized and referred to in script tags. These set of domains
that loads static content must be whitelisted in CSP headers.

Encoding Vs Filtering –

One common question on mitigating XSS is deciding whether to encode or

filter(sanitize) user data. When user-driven content must be rendered as
HTML but if javascript shouldn’t execute, the content must pass through a
filter. If user data need not be rendered as HTML and if textual rendering
would suffice, then it is recommended to HTML encode characters in user
data.

Recommended Mitigation Technique For XSS –

Blacklist filter has been exploited multiple times and owing to continuously
growing HTML content, it is always unsafe to use Blacklist filter. Though
proper input validation and CSP headers might mitigate XSS to a good extent,
it is always recommended to entity encode or filter based on whitelist policy
based on the use case. Input validation and CSP headers can be added as an
extra layer of protection.

Layers of TCP/IP Model

● Application Layer
● Transport Layer(TCP/UDP)
● Network/Internet Layer(IP)
● Network Access Layer

The diagrammatic comparison of the TCP/IP and OSI model is as follows:

Difference Between Secure Socket Layer (SSL)
and Transport Layer Security (TLS)
Last Updated : 20 Aug, 2024

SSL stands for Secure Socket Layer while TLS stands for Transport Layer
Security. Both Secure Socket Layer and Transport Layer Security are the
protocols used to provide security between web browsers and web servers.
The main difference between Secure Socket Layer and Transport Layer
Security is that, in SSL (Secure Socket Layer), the Message digest is used to
create a master secret and It provides the basic security services which are
Authentication and confidentiality. while In TLS (Transport Layer Security), a
Pseudo-random function is used to create a master secret.

What is Secure Socket Layer (SSL)?

The Secure Socket Layer (SSL) is a cryptographic protocol designed to
provide secure communication over a computer network. It was developed by
Netscape in the 1990s to establish an encrypted link between the web
server and a web browser. SSL operates by using encryption to secure the
transmission of data ensuring that sensitive information such as credit card
details and personal data remains confidential.

Key Features of SSL

● Encryption: The SSL uses encryption algorithms to protect data

during transmission.
● Authentication: The SSL verifies the identity of the server to ensure
that data is sent to the correct destination.
● Data Integrity: The SSL ensures that data has not been altered
during the transmission.

What is Transport Layer Security (TLS)?

The Transport Layer Security (TLS) is the successor to SSL and is designed to
provide improved security and efficiency. TLS was developed as an
enhancement of SSL to the address various vulnerabilities and to the
incorporate modern cryptographic techniques. The first version, TLS 1.0 was
based on SSL 3.0 but included significant improvements. TLS continues to
evolve with the newer versions offering enhanced the security features.
Key Features of TLS

● Enhanced Encryption: The TLS uses stronger encryption algorithms

compared to SSL.
● Forward Secrecy: The TLS supports forward secrecy which ensures
that session keys are not compromised even if the server’s private
key is exposed.
● Improved Performance: The TLS provides better performance and
efficiency with the optimized algorithms and protocols.

Difference Between Secure Socket Layer (SSL) and

Transport Layer Security (TLS)

SSL TLS

SSL stands for Secure Socket Layer. TLS stands for Transport Layer Security.

SSL (Secure Socket Layer) supports the TLS (Transport Layer Security) does not
Fortezza algorithm. support the Fortezza algorithm.
TLS (Transport Layer Security) is the 1.0
SSL (Secure Socket Layer) is the 3.0 version.
version.

In TLS(Transport Layer Security), a

In SSL( Secure Socket Layer), the Message
Pseudo-random function is used to create a
digest is used to create a master secret.
master secret.

In TLS(Transport Layer Security), Hashed

In SSL( Secure Socket Layer), the Message
Message Authentication Code protocol is
Authentication Code protocol is used.
used.

SSL (Secure Socket Layer) is more complex

TLS (Transport Layer Security) is simple.
than TLS(Transport Layer Security).

SSL (Secure Socket Layer) is less secured as TLS (Transport Layer Security) provides high
compared to TLS(Transport Layer Security). security.
TLS is highly reliable and upgraded. It
SSL is less reliable and slower.
provides less latency.

SSL has been depreciated. TLS is still widely used.

TLS uses protocol to set up implicit

SSL uses port to set up explicit connection.
connection.

Conclusion
While Secure Socket Layer (SSL) and Transport Layer Security (TLS) both
aim to the secure communications over networks TLS is the more modern
and secure protocol. The TLS has replaced SSL due to its enhanced the
security features and performance improvements. Although SSL is still
commonly referenced it is advisable to use TLS for the secure
communications to benefit from the latest advancements in the cryptographic
technology.

What is 2FA (Two Factor Authentication)? Importance

and Types
Last Updated: 08 Nov, 2024

H
hemangshmi8o
Follow

Two-factor authentication (2FA) is a security method that adds an extra step to

protect your online accounts. Instead of just using a password, you also need
to enter a code sent to your phone or use a fingerprint scan. This extra step
makes it much harder for hackers to access your accounts, even if they know
your password. This article explains why two-factor authentication is important
for modern digital security, how it works, and how it helps keep your online
information safe.

Two-Factor Authentication (2FA) Definition

2FA, or Two-Factor Authentication, is a security process in which users
provide two different authentication factors to verify themselves. This method
adds an additional layer of security to the standard username-and-password
method of online identification.
Typically, 2FA requires the combination of something the user knows (like a
password), something the user has (such as a mobile device, a security
token, or a smart card), or something the user is (like a fingerprint or facial
recognition).
By requiring two distinct forms of identification, 2FA significantly decreases the
likelihood of a security breach.
Two Factor Authentication

Also check -

● How Does Two-Factor Authentication (2FA) Work?

● Types of Two-factor Authentication
● Importance of Two-Factor Authentication

Here’s why 2FA is essential in today’s digital landscape and how it plays a key
role in safeguarding sensitive information.
1. Protects Against Unauthorized Access
With 2FA, even if a hacker gains access to your password, they would still
need a second form of verification—like a unique code sent to your phone or a
fingerprint scan—to access your account. This significantly reduces the risk of
unauthorized access. Two-factor authentication makes it much harder for
cybercriminals to break into accounts, adding an essential barrier beyond just
a password.
2. Enhances Password Security
Many users reuse passwords across multiple accounts or choose passwords
that are easy to remember, making them vulnerable to attacks. 2FA
compensates for weak passwords by requiring an additional step for login.
Even if a password is compromised, 2FA reduces the chance that it alone will
lead to a successful breach. This is especially crucial for sensitive accounts
like online banking, corporate logins, and personal email.
3. Reduces Phishing Attack Success
Phishing attacks—where attackers trick users into revealing their
passwords—are common in the cybersecurity world. However, 2FA can help
protect against phishing because the attacker would still need the second
factor to gain access, even if they have your password. This makes 2FA a
valuable tool in fighting against social engineering attacks, reducing the
overall risk of a data breach.
4. Complies with Security Regulations
Many industries, especially those dealing with financial data, healthcare
information, or corporate security, have compliance standards requiring
enhanced security measures like 2FA. For example, the Payment Card
Industry Data Security Standard (PCI DSS) and General Data Protection
Regulation (GDPR) recommend or require 2FA to protect sensitive data.
Implementing 2FA not only strengthens security but also helps organizations
meet these important regulatory requirements.
5. Builds Customer Trust
For businesses, 2FA can improve trust among customers by demonstrating a
commitment to safeguarding their data. With so many high-profile data
breaches in recent years, consumers are increasingly aware of digital security.
Offering 2FA as an option for account security helps show that a business
prioritizes customer privacy, building loyalty and reputation in a competitive
market.
6. Lowers Financial and Operational Costs from Data Breaches
Recovering from a data breach can be financially devastating, especially for
small businesses. Not only do data breaches lead to lost revenue and
damage to a brand’s reputation, but they can also incur hefty recovery costs.
Implementing 2FA is a cost-effective way to significantly reduce the likelihood
of a breach, potentially saving organizations thousands, if not millions, in
recovery expenses and legal fees.
7. Easy to Implement and Widely Accessible
Modern 2FA solutions are easier than ever to set up, with options like SMS
codes, authentication apps, biometric scans, and even hardware tokens.
Many services and platforms now offer 2FA at no additional cost, making it
accessible to anyone. This combination of ease and accessibility means users
and organizations can boost their security quickly and with minimal setup.

What are the Factors of Authentication?

Authentication factors are the methods or criteria used to verify a user’s
identity and grant access to sensitive information or secure systems. As cyber
threats increase, multi-factor authentication (MFA) has become essential for
robust digital security, leveraging multiple factors of authentication to enhance
protection. Here, we dive into the key types of authentication factors, helping
you understand how they work and why they are critical in safeguarding your
online presence.
1. Knowledge Factor – Something You Know
The knowledge factor requires the user to provide information only they know.
This is the most common form of authentication, typically involving passwords,
PINs, or answers to security questions.
Examples
● Password: A unique combination of letters, numbers, and symbols.
● PIN (Personal Identification Number): Often used for banking or
mobile device access.
● Security Questions: Questions such as “What is your mother’s
maiden name?” provide an additional layer of security.
● Benefits: Simple and easy to implement.
● Limitations: Passwords can be easily forgotten, guessed, or hacked,
especially if users don’t follow best practices for strong password
creation.

2. Possession Factor – Something You Have

The possession factor requires a user to possess a specific physical device to
complete authentication. This is a popular method in two-factor authentication
(2FA) and multi-factor authentication (MFA) as it requires both a password and
a physical item, such as a mobile device.
Examples
● OTP (One-Time Password): A unique code sent via text message or
email that expires after a few minutes.
● Hardware Token: Devices that generate a new authentication code
every few seconds.
● Smart Cards: Often used in corporate or government environments,
smart cards store encrypted data that verifies user identity.
● Benefits: Adds a second layer of security beyond passwords; difficult
for hackers to replicate remotely.
● Limitations: If the user loses the device or it’s stolen, access may be
compromised.

3. Inherence Factor – Something You Are

The inherence factor uses biometric data to verify identity based on unique
physical traits. Because these characteristics are difficult to replicate,
biometric authentication is highly secure and commonly used in mobile
devices and secure facilities.
Examples
● Fingerprint Scanning: Used widely on smartphones and some
laptops.
● Facial Recognition: Scans the user’s face for unique features.
● Iris or Retinal Scanning: High-security environments, such as
research labs, use this method for extra protection.
● Benefits: Very secure and difficult to duplicate.
● Limitations: Can be affected by injuries, changes in appearance, or
poor-quality scanners, which might fail to recognize the user.

4. Location Factor – Somewhere You Are

The location factor checks the user’s geographical location through IP
addresses or GPS data. It’s often used to limit access based on physical
location and to detect potentially unauthorized access attempts from unusual
places.
Examples
● IP Address Tracking: Recognizes familiar IP addresses and blocks
unfamiliar ones.
● GPS-Based Verification: Confirms the user’s physical location using
GPS data on mobile devices.
● Wi-Fi Network Verification: Allows access only from specific, trusted
networks.
● Benefits: Adds an extra layer of protection by limiting access to
approved locations.
● Limitations: Not always reliable, as IP addresses can be spoofed,
and some users may frequently change locations.

5. Time Factor – When You Access

The time factor is less commonly used but can enhance security by restricting
access to specific times. This is particularly helpful for businesses that only
want users accessing systems during certain hours.
Examples
● Time-Based Access Controls: Restrict login hours, allowing access
only during business hours.
● Time-Limited OTPs: Some OTPs expire within a few seconds to
prevent unauthorized use.
● Benefits: Helps limit unauthorized access, particularly in corporate
environments.
● Limitations: Can be restrictive and inconvenient for users needing
flexible access times.

6. Behavioral Factor – How You Act

Behavioral authentication analyzes the user’s behavior patterns, such as
typing speed, mouse movements, or touchscreen usage patterns. It’s
commonly used as a background layer of security to detect unusual behavior.
Examples
● Typing Patterns: Monitors typing speed and patterns to verify user
identity.
● Gesture Recognition: Tracks unique gestures or movements on a
device.
● Mouse Movement Patterns: Recognizes distinct ways users interact
with their devices.
● Benefits: Provides passive security without requiring extra steps for
users.
● Limitations: May be less accurate for users whose behaviors vary or
for new users.

Pros and Cons of Two-Factor Authentication

Two-Factor Authentication (2FA) is a widely adopted security measure used to
protect online accounts and sensitive information. It enhances security by
requiring not only a password but also a second verification step, which
makes unauthorized access significantly harder. Below, we dive into the key
advantages and disadvantages of 2FA, helping you understand if it’s the right
security choice for your needs.
Pros of Two-Factor Authentication
Enhanced Security
With 2FA, unauthorized users need more than just a password to access your
account; they also need a second verification factor, like a code sent to your
phone. This makes it harder for hackers to gain entry, even if they obtain your
password.
Protection Against Phishing and Social Engineering
2FA is effective against phishing attacks, where hackers trick users into
revealing passwords. Even if a hacker gets your password through a phishing
scam, they won’t be able to access your account without the second
authentication factor.
Reduced Risk of Identity Theft
Identity theft is on the rise, and 2FA provides a strong defense. By requiring
multiple steps to verify identity, 2FA lowers the risk of someone impersonating
you online.
Increased User Trust
Businesses that implement 2FA show users they prioritize security, which
builds trust. Users are more likely to engage with and rely on services that
take extra steps to protect their information.
Cons of Two-Factor Authentication
Inconvenience and User Frustration
While 2FA improves security, it can be inconvenient. Requiring a second
authentication step adds time to the login process, which some users find
frustrating, especially if they are in a hurry.
Limited Access Without a Secondary Device
2FA often relies on a secondary device, such as a smartphone, to receive a
code. If you lose this device or don’t have it handy, accessing your account
can become challenging.
Potential for Account Lockouts
Users may face lockouts if they cannot complete the second authentication
step. This could happen if they lose access to their phone or cannot receive a
code due to network issues.
Susceptibility to SIM Swapping and Device Theft
While 2FA is secure, it’s not foolproof. Hackers can use methods like SIM
swapping to hijack phone numbers and intercept 2FA codes. Similarly, if
someone steals your device, they may gain access to 2FA-protected
accounts.
Costs for Businesses
Implementing 2FA can require additional resources, such as software,
devices, or security training. For businesses, these costs can add up,
particularly for large organizations.

Best Practices for Using Two-Factor Authentication

Securely
Below are key best practices for maximizing the security benefits of 2FA.
1. Choose Reliable 2FA Methods
Not all 2FA methods offer the same level of security. Text-based codes (SMS)
are convenient but can be vulnerable to SIM-swapping attacks. Authenticator
apps, hardware tokens, and biometrics provide more robust security.
● Use Authenticator Apps: Apps like Google Authenticator or Authy
generate time-sensitive codes that are difficult for hackers to
intercept.
● Consider Hardware Tokens: Devices like YubiKey offer high-security,
physical-based 2FA options.

2. Enable 2FA on All Important Accounts

Enabling 2FA on critical accounts—like email, banking, and social
media—reduces the risk of unauthorized access to your most sensitive data.
● Prioritize Financial and Email Accounts: These accounts are often
primary targets for hackers.
● Enable 2FA for Social Media and Cloud Storage: Protect your
personal information, photos, and files by securing accounts beyond
just financial ones.

3. Use Unique and Strong Passwords Alongside 2FA

While 2FA is a powerful security tool, it works best in combination with unique,
strong passwords for each account. Weak passwords can still compromise
your accounts if 2FA fails or is bypassed.
● Create Complex Passwords: Use a mix of letters, numbers, and
special characters.
● Avoid Reusing Passwords: Each account should have a unique
password to prevent cross-account compromises.

4. Keep Backup Codes in a Safe Place

Many 2FA systems offer backup codes for emergency access in case you lose
access to your phone or device. Storing these codes securely can save you
from lockouts.
● Store Offline: Write down backup codes and keep them in a secure
place, like a locked drawer or a password manager.
● Avoid Digital Storage: Refrain from saving codes on cloud storage or
email where they may be vulnerable to hacking.

5. Regularly Update Your 2FA Settings

As technology evolves, so do cyber threats. Periodically reviewing and
updating your 2FA settings helps ensure that you’re using the latest security
measures.
● Check for Newer Authentication Methods: Some services may offer
more secure 2FA options over time; switch if you find a more secure
method.
● Update Linked Devices: Remove old or unused devices from your
2FA settings to reduce potential access points.

6. Avoid Using Public Wi-Fi for 2FA Authentication

Public Wi-Fi networks are often less secure, which can expose your 2FA
codes to interception by cybercriminals.
● Use Mobile Data or Trusted Wi-Fi: When accessing 2FA-protected
accounts, use a trusted or private network.
● Consider a VPN: If you must use public Wi-Fi, a VPN adds an extra
layer of security, keeping your connection encrypted.

7. Be Wary of Phishing Scams

Hackers often use phishing to trick users into revealing their 2FA codes. Being
cautious can prevent you from falling victim to these attacks.
● Never Share 2FA Codes: Legitimate companies won’t ask for your
authentication codes. If you receive such a request, treat it as
suspicious.
● Inspect URLs Carefully: Before entering codes, make sure you’re on
the official website of the service.

8. Keep Your Authentication Devices Secure

If you use your phone or another device to receive 2FA codes, securing these
devices is crucial to maintain 2FA integrity.
● Enable Lock Screens: Use a PIN, fingerprint, or face lock to secure
the device where you receive 2FA codes.
● Use Device Locator Apps: These apps help you locate and secure a
lost device before it falls into the wrong hands.

What are 2FA Address Threats

Two-Factor Authentication (2FA) addresses several security threats,
enhancing the protection of user accounts and sensitive data:
● Password Theft: 2FA mitigates the risk posed by stolen or
compromised passwords. Even if a hacker obtains a password, they
still need the second factor to gain access.
● Phishing Attacks: Phishing often aims to trick users into revealing
their credentials. With 2FA, the effectiveness of such attacks is
reduced, as knowing the password alone is not sufficient.
● Keylogger Malware: Keyloggers record keystrokes to capture
passwords. 2FA can render this information useless without the
additional authentication factor.
● Credential Reuse: Users often reuse passwords across multiple
sites. 2FA ensures that even if credentials from one site are
compromised, they can't be used to access other accounts.
● Man-in-the-Middle (MitM) Attacks: In MitM attacks, hackers intercept
communication between the user and the service. 2FA can prevent
unauthorized access since the attacker would also need the second
factor.
● Social Engineering Tactics: These tactics manipulate individuals into
divulging sensitive information. 2FA reduces the risk because
knowledge of personal information alone is not enough to breach
accounts.

By addressing these threats, 2FA significantly enhances overall security,

making it a vital component in protecting both personal and organizational
digital assets.

Conclusion
In conclusion, Two-Factor Authentication (2FA) is a critical security measure
that adds an extra layer of protection to your online accounts. By requiring two
different forms of identification before granting access, 2FA significantly
reduces the risk of unauthorized access. This method combines something
you know (like a password) with something you have (such as a phone) or
something you are (like a fingerprint). Implementing 2FA is a straightforward
yet effective step towards safeguarding your digital life against the increasing
threats of hacking and identity theft. It's an essential tool in today's digital
world where security is paramount.
What is Two-Factor Authentication (2FA)? - FAQs
What is an example of two-factor authentication (2FA )?
Using two different factors like a password and a one-time passcode sent to a
mobile phone via SMS is two-factor authentication.

What are the benefits of Two-Factor Authentication (2FA)?

2FA is essential to web security because it immediately neutralizes the risks
associated with compromised passwords. If a password is hacked, guessed,
or even phished, that's no longer enough to give an intruder access: without
approval at the second factor, a password alone is useless.

How do you use 2FA?

First, a user must download and install a free 2FA app on their smartphone or
desktop. They can then use the app with any site that supports this type of
authentication. At sign-in, the user first enters a username and password, and
then, when prompted, they enter the code shown on the app.

What is the 6 digit code for 2FA?

The token provides an authenticator, which is a six digit number users must
enter as the second factor of authentication. You need to install the Google
Authenticator app on your smart phone or tablet devices. It generates a
six-digit number, which changes every 30 seconds.

Multifactor Authentication
Last Updated : 19 Jan, 2023

Multi-factor authentication (MFA) takes two or more authentication methods

from different categories to confirm a user’s identity, MFA is increasingly
important for secure networks. It is a two-step verification mechanism that
satisfies user demand for an easy sign-in process while protecting data and
apps. Through several verification methods, such as phone, SMS, and mobile
app verification, it offers robust authentication. MFA’s security comes from its
layered approach.

Multifactor Authentication
As depicted in the diagram, for authentication, the user needs a password and
an additional phone or fingerprint to completely authenticate. So, we can
imagine it’s like an ATM, where the way to gather information about any bank
account requires both a physical card and a personal PIN. By requiring two or
more pieces
for full authentication, multi-factor authentication (MFA) adds protection to the
user’s identity.
Component of MFA:
These are divided into three groups, they are as follows:
1. Something you are familiar with, such as a password or a response
to a security question.
2. Something that you own, such as a smartphone app that receives
notifications or a token-generating device.
3. Something you are—usually a biometric trait like a fingerprint or face
scan, which is employed on many mobile devices.

Why do we use it?

Well, it reduces the impact of credential exposure and improves identity
security. If we use MFA, a malicious hacker will need a user’s password as
well as their phone or fingerprint to fully authenticate. So, a hostile hacker will
be unable to exploit those credentials to authenticate.
Malicious hackers face a considerable hurdle when it comes to compromising
numerous authentication factors. Even if a malevolent hacker learns the
user’s password, it’s meaningless unless they also have control of the trusted
device. If the user misplaces the gadget, anyone who discovers it will be
unable to use it unless they have the user’s password.

Choosing Supported Authentication Methods

When we enable MFA, we have the option of selecting which authentication
methods will be available. We should always support multiple methods so that
we have an alternative if their preferred method fails. We have the option of
using one of the following methods:
1. Mobile App Verification Code: In this case, an OATH verification code
can be retrieved via a mobile authentication app such as the
Microsoft Authenticator app, which is then typed into the sign-in
screen. This code is changed every 30 seconds, and the software
functions even when there is no internet connection.
2. Call to a phone: For example, Azure can dial a phone number
provided by the user. The user then uses the keypad to confirm the
authentication. This is the preferred technique for backup.
3. Sending a text message to a phone: We can send a text message to
a phone with a verification code. The user then completes the
authentication by entering the verification code into the sign-in
window.
Let’s take a closer look at each of these:
1. Password: We can’t make this method inactive; this is the default
method.
2. Security Questions Users are asked questions in these security
questions that they can only answer during registration. A user’s
questions and answers cannot be read or changed by an
administrator.
3. Windows Hello for Business: Windows Hello for Business is a
biometric authentication system that uses facial recognition or
fingerprint matching to deliver secure, fully integrated biometric
authentication.
4. Security keys from Fast Identity Online (FIDO)2 are a password-less
authentication solution based on industry standards that can be used
in any form factor. At the sign-in screen, users can register and then
choose a FIDO2 security key as their primary method of
authentication. These USB-based FIDO2 security keys can also, be
Bluetooth or NFC-enabled.
5. Microsoft Authenticator app: By sending a notification to the user’s
smartphone or tablet, the Microsoft Authenticator app helps block
fraudulent transactions and prevents unauthorized access to
accounts. By viewing the notification, users can accept or reject the
request.
6. Hardware OATH tokens: It is an open standard that outlines the
creation of one-time passwords. These tokens are available for
purchase by customers from any seller of one-time passwords.
These tokens are available for purchase by customers from any
seller. But keep in mind that secret keys are only allowed to include
128 characters, so not all tokens may be compatible with them.
7. OATH software tokens: computer programs Applications like the
Microsoft Authenticator app and other authenticator apps are
frequently used to generate OATH tokens, and the secret key, or
seed, that is entered into the app and utilized to generate each OTP
is produced by Azure AD (Active Directory).
8. Text message: To proceed, the user must type the code into the
browser within a predetermined time frame. When a user logs in,
Multi-Factor Authentication (MFA) adds more protection than simply
using a password.

Authentication Method Strength and Security

Review the available authentication methods when we deploy features like
multi-factor authentication in your organization. Choose the ways that meet or
exceed your requirements in terms of security, usability, and availability.
Where possible, use authentication methods with the highest level of security.

Disadvantage:
The disadvantage is that multi-factor authentication takes longer. Not only can
require two or more types of verification to lengthen a procedure, but the
setup itself can be time-consuming. Multi-factor authentication cannot be set
up by a company on its own. It has to be done by a third party. Despite its
drawbacks, MFA is still considered one of the greatest levels of security that
all firms should strive to deploy to protect their employees, networks, and
consumers.
Last but not least, here’s how some of the drawbacks of multi-factor
authentication can be turned into benefits:
1. Consider a dedicated vendor management system.
2. Consider a specialized vendor management system.
3. Replace your VPN with a better, more complete solution instead of
spending money on an expensive one.

SQL Injection
Last Updated : 08 Aug, 2024

SQL Injection is a security flaw in web applications where attackers insert

harmful SQL code through user inputs. This can allow them to access
sensitive data, change database contents or even take control of the system.
It’s important to know about SQL Injection to keep web applications secure.
In this article, We will learn about SQL Injection by understanding How to
detect SQL injection vulnerabilities, the impact of a successful SQL injection
attack and so on.

What is SQL Injection?

● SQLi or SQL Injection is a web page vulnerability that lets an
attacker make queries with the database.
● Attackers take advantage of web application vulnerability and inject
an SQL command via the input from users to the application.
● Attackers can SQL queries like SELECT to retrieve confidential
information which otherwise wouldn’t be visible.
● SQL injection also lets the attacker to perform a denial-of-service
(DoS) attacks by overloading the server requests.

What is the impact of a successful SQL injection attack?

● A successful SQL injection attack can have severe consequences,
including unauthorized access to sensitive data, such as personal
information and financial records.
● Attackers may manipulate or delete critical data, compromising its
integrity and causing operational disruptions.
● They can also bypass authentication mechanisms, gaining
unauthorized access to user accounts, including administrative
privileges.
● This can lead to the exposure of confidential information, identity
theft, and significant financial losses.
● Additionally, SQL injection attacks can result in service downtime and
damage to the organization’s reputation.

How to Detect SQL injection Vulnerabilities?

● To detect SQL injection vulnerabilities, you can start by performing
input validation testing, where special characters like ' or " are
inserted into inputs to see if they cause errors.
● Automated tools like SQLMap or Burp Suite can scan for
vulnerabilities by simulating attacks.
● Reviewing the source code helps identify insecure practices, such as
using dynamic SQL queries without proper parameterization.
● Monitoring for unexpected database error messages can reveal
potential issues.
● Finally, conducting thorough penetration testing, including both
black-box and white-box methods, provides a comprehensive
assessment of security weaknesses.

Use of SQL Injection in Web Applications

● Web servers communicate with database servers anytime they need
to retrieve or store user data.
● SQL statements by the attacker are designed so that they can be
executed while the web server is fetching content from the
application server.

1. SQL in Web Pages

● SQL injection typically occurs when you ask a user for input, such as
their username/user ID and instead of their name/ID, the user inputs
an SQL statement that will be executed without the knowledge about
your database.

For example,
txtUserId = getRequestString("UserId");
txtSQL = "SELECT * FROM Users
WHERE UserId = " + txtUserId;

The above code is constructing an SQL query by directly concatenating a user

input (txtUserId) into the query string. Attackers can easily exploit this by
giving an input that is always true, like x=x,1=1, etc.
If the attacker gave input as ” 105 OR 1=1 ” in the UserId field, the resulting
SQL will be:
SELECT * FROM Users WHERE UserId = 105 OR 1=1;

This resulting query will return data of all users, not just the user with UserId
=”105″.

Example of SQL Injection

For a better understanding of how attackers do a SQL injection attack, let’s
learn how to do an SQL injection attack ourselves. In this example, we will
perform a basic SQL injection attack and learn the process behind it.
Suppose we have an application based on student records. Any student can
view only his or her records by entering a unique and private student ID.
Suppose we have a field like the one below:
Student id: The student enters the following in the input field: 12222345 or
1=1.
Query:
SELECT * FROM STUDENT WHERE
STUDENT-ID == 12222345 or 1 = 1

SQL Injection based on 1=1 is always true. As you can see in the above
example, 1=1 will return all records for which this holds true. So basically, all
the student data is compromised. Now the malicious user can also similarly
use other SQL queries.
Consider the following SQL query.
Query 1:
SELECT * FROM USER WHERE
USERNAME = “” AND PASSWORD=””

Now the malicious attacker can use the ‘=’ operator cleverly to retrieve private
and secure user information. So following query when executed retrieves
protected data, not intended to be shown to users.
Query 2:
SELECT* FROM User WHERE
(Username = “” OR 1=1) AND
(Password=”” OR 1=1).

Since 1=1 always holds true, user data is compromised.

SQL Injection Types

There are different types of SQL injection attacks:

1. In-band SQL Injection

● It involves sending malicious SQL queries directly through the web

application’s interface.
● It allows attackers to extract sensitive information or modify the
database itself.

2. Error-based SQL Injection

● Attackers exploit error messages generated by the web application

by analyzing error messages to gain access to confidential data or
modify the database.

3. Blind SQL Injection

● Attackers send malicious SQL queries and observe the application’s

response.
● By analyzing the application’s behavior, attackers can determine the
success of the query.

4. Out-of-band SQL Injection

● Uses a different channel to communicate with the database.

● Allows attackers to exfiltrate sensitive data from the database.

5. Inference-based SQL Injection

● Uses statistical inference to gain access to confidential data.

● Attackers create queries that return the same result regardless of
input values.

Impact of SQL Injection

● The hacker can retrieve all the user data present in the database
such as user details, credit card information, and social security
numbers, and can also gain access to protected areas like the
administrator portal.
● It is also possible to delete user data from the tables.

Nowadays, all online shopping applications and bank transactions use

back-end database servers. So in case the hacker is able to exploit SQL
injection, the entire server is compromised.

SQL Injection Prevention

Developers can use the following prevention measures to prevent SQL
injection attacks.
● User Authentication: Validating input from the user by pre-defining
length, type of input, of the input field and authenticating the user.
● Restricting access privileges of users and defining how much amount
of data any outsider can access from the database. Basically, users
should not be granted permission to access everything in the
database.
● Do not use system administrator accounts.

For more details, refer to How to Protect Against SQL Injection Attacks article.

SQL Injection Based on Batched SQL Statements

1. Most databases guide batch SQL statements.
2. A batch of SQL statements is a collection of two or more square
statements separated using semicolons.

The SQL declaration underneath will return all rows from the “users” desk
after which delete the “Employees ” table.
Query:
SELECT * FROM Users;
DROP TABLE Employees;

Look at the following example:

Syntax:
txtEmpId = getRequestString("EmpId");
txtSQL = "SELECT * FROM Users WHERE EmpId = " + txtEmpId;

The valid SQL statement would look like this:

Query:
SELECT * FROM Users WHERE EmpId = 116;
DROP TABLE Employees;

How to Protect Against SQL Injection Attacks?

Last Updated : 12 Jul, 2022

SQL Injection, often known as SQLI, is a typical attack vector that employs
malicious SQL code to manipulate Backend databases in order to obtain
information that was not intended to be shown. This information might contain
sensitive corporate data, user lists, or confidential consumer information.

Types of SQL Injection:

1. Error-based SQLi: Error-based SQLI obtains information about the

database structure from error messages issued by the database server. In
rare circumstances, an attacker may enumerate an entire database using only
error-based SQL injection.
2. Union-Based SQLi: Union-based SQLI uses the UNION SQL operator to
aggregate the results of two or more SELECT queries into a single result,
which is subsequently returned as part of the HTTP response.
3. Blind Boolean-based SQLi: Boolean-based SQL Injection works by
submitting a SQL query to the database and forcing the application to produce
a different response depending on whether the query returns TRUE or
FALSE.
4. Blind Time-Based SQLi: Time-based SQL Injection works by sending a
SQL query to the database and forcing it to wait for a predetermined length of
time (in seconds) before answering. The response time will tell the attacker if
the query result is TRUE or FALSE.
Example:
Let’s look at how to use the SQLMAP penetration testing tool to determine
whether a website is safe against SQL injection. For demonstration purposes,
we will utilize a website created with vulnerabilities in this article:
http://testphp.vulnweb.com/listproducts.php?cat=1

Step 1: Compile the list of existing databases.

So, initially, we must provide the web URL to be checked together with the -u
argument. If we want to test the website using proxies, we may use the -tor
argument. Typically, we would want to test whether we can acquire access to
a database. So we utilize the –dbs option to do this. –dbs displays a list of all
accessible databases.
sqlmap.py -u http://testphp.vulnweb.com/

listproducts.php?cat=1 --dbs

Cryogenics Impact Factor. We discover two databases, acuart, and

information schema.
Step 2: Make a list of all the tables in a certain database.
We must slightly change our command to attempt to access any of the
databases. We now use -D to indicate the name of the database that we want
to access, and once there, we want to test if we can access the tables. We’ll
use the –tables query for this. Allow us to search the acuart database.
sqlmap.py -u http://testphp.vulnweb.com/
listproducts.php?cat=1

-D acuart --tables

SQLI Prevention:

Developers can prevent SQL Injection with the help of the following
techniques.
1. Use extensive data Sanitization: All user input must be filtered by websites.
Ideally, user data should be context-filtered. Email addresses, for example,
should be filtered to allow only the characters permitted in an e-mail address,
phone numbers should be filtered to allow only the characters permitted in a
phone number, and so on.
2. Make use of a web application firewall: Mod Security, a free and
open-source module for Apache, Microsoft IIS, and Nginx web servers, is a
prominent example. Mod Security offers a complex and constantly changing
collection of rules for filtering potentially hazardous online requests. Most
attempts to smuggle SQL across web channels are caught by its SQL
injection safeguards.
3. Patch software on a regular basis: Because SQL injection vulnerabilities
are frequently discovered in commercial software, it is critical to keep up with
updating.
4. Contextually limit database rights: Create numerous database user
accounts with the least amount of permission necessary for their usage
scenario. For example, the code powering a login page should query the
database using a restricted account that only has access to the appropriate
credentials table.
5. Monitor SQL statements from database-connected apps in real-time: This
will aid in the detection of rogue SQL statements and vulnerabilities. Machine
learning and/or behavioral analysis monitoring technologies can be extremely
effective.

Difference between Session and Cookies

In web development, sessions, and cookies are used to store user

information. Sessions keep data on the server and are temporary, which
means when the user closes the browser all data is deleted. Cookies store
data on the user’s computer and can persist over multiple visits, but are less
secure than sessions. Both methods help track and manage user interactions
on a website. In this article, we will discuss the difference between session
and cookies in detail.

What is a Session?
A session is used to save information on the server momentarily so that it
may be utilised across various pages of the website. It is the overall amount
of time spent on an activity. The user session begins when the user logs in to
a specific network application and ends when the user logs out of the
program or shuts down the machine.

Session values are far more secure since they are saved in binary or
encrypted form and can only be decoded on the server. When the user shuts
down the machine or logs out of the program, the session values are
automatically deleted. We must save the values in the database to keep
them forever.

What is a Cookie?
A cookie is a small text file that is saved on the user’s computer. The
maximum file size for a cookie is 4KB. It is also known as an HTTP cookie, a
web cookie, or an internet cookie. When a user first visits a website, the site
sends data packets to the user’s computer in the form of a cookie.
The information stored in cookies is not safe since it is kept on the client side
in a text format that anybody can see. We can activate or disable cookies
based on our needs.

Difference Between Session and Cookies

Cookies Session
ookies are client-side files on a local computer that Sessions are server-side files that contain user
hold user information. data.

When the user quits the browser or logs out of

Cookies end on the lifetime set by the user.
the program, the session is over.

It can only store a certain amount of info. It can hold an indefinite quantity of data.

We can keep as much data as we like within a

he browser’s cookies have a maximum capacity of session, however there is a maximum memory
4 KB. restriction of 128 MB that a script may consume
at one time.

ecause cookies are kept on the local computer, we To begin the session, we must use the session
don’t need to run a function to start them. start() method.

Session are more secured compare than

Cookies are not secured.
cookies.
Cookies stored data in text file. Session save data in encrypted form.

Cookies stored on a limited data. Session stored a unlimited data.

n PHP, to get the data from Cookies , $_COOKIES In PHP , to get the data from Session,
the global variable is used $_SESSION the global variable is used

In PHP, to destroy or remove the data stored

We can set an expiration date to delete the cookie’s
within a session, we can use the
data. It will automatically delete the data at that
session_destroy() function, and to unset a
specific time.
specific variable, we can use the unset() function.

Conclusion
In conclusion, sessions and cookies both store user information but differ in
key ways. Sessions are stored on the server and are more secure but
temporary, while cookies are stored on the user’s computer and can last
longer but are less secure. Choosing between them depends on the need for
security and persistence of the data.
What is Kubernetes (k8s)?
Kubernetes is an open-source Container Management tool that automates
container deployment, container scaling, descaling, and container load
balancing (also called a container orchestration tool). It is written in Golang
and has a vast community because it was first developed by Google and later
donated to CNCF (Cloud Native Computing Foundation). Kubernetes can
group ‘n’ number of containers into one logical unit for managing and
deploying them easily. It works brilliantly with all cloud vendors i.e. public,
hybrid, and on-premises.

Benefits of Using Kubernetes

Kubernetes simplifies the orchestration of containerized applications, making
it an essential tool in DevOps. The DevOps Engineering – Planning to
Production course provides an in-depth introduction to Kubernetes and its
integration into DevOps workflows.

1. Automated deployment and management

● If you are using Kubernetes for deploying the application then no

need for manual intervention kubernetes will take care of everything
like automating the deployment, scaling, and containerizing the
application.
● Kubernetes will reduce the errors that can be made by humans
which makes the deployment more effective.

2. Scalability
● You can scale the application containers depending on the incoming
traffic Kubernetes offers Horizontal pod scaling the pods will be
scaled automatically depending on the load.

3. High availability

● You can achieve high availability for your application with the help of
Kubernetes and also it will reduce the latency issues for the end
users.

4. Cost-effectiveness

● If there is unnecessary use of infrastructure the cost will also

increase kubernetes will help you to reduce resource utilization and
control the overprovisioning of infrastructure.

5. Improved developer productivity

● Developer can concentrate more on the developing part kubernetes

will reduce the efforts of deploying the application.

Features of Kubernetes
1. Automated Scheduling– Kubernetes provides an advanced
scheduler to launch containers on cluster nodes. It performs
resource optimization.
2. Self-Healing Capabilities– It provides rescheduling, replacing, and
restarting the containers that are dead.
3. Automated Rollouts and Rollbacks– It supports rollouts and
rollbacks for the desired state of the containerized application.
4. Horizontal Scaling and Load Balancing– Kubernetes can scale up
and scale down the application as per the requirements.
5. Resource Utilization– Kubernetes provides resource utilization
monitoring and optimization, ensuring containers are using their
resources efficiently.
6. Support for multiple clouds and hybrid clouds– Kubernetes can be
deployed on different cloud platforms and run containerized
applications across multiple clouds.
7. Extensibility– Kubernetes is very extensible and can be extended
with custom plugins and controllers.
8. Community Support- Kubernetes has a large and active community
with frequent updates, bug fixes, and new features being added.

What Is Cloud Computing?

Cloud Computing means storing and accessing the data and programs on
remote servers that are hosted on the internet instead of the computer’s hard
drive or local server. Cloud computing is also referred to as Internet-based
computing, it is a technology where the resource is provided as a service
through the Internet to the user. The data that is stored can be files, images,
documents, or any other storable document.

The following are some of the Operations that can be performed with Cloud
Computing

● Storage, backup, and recovery of data

● Delivery of software on demand
● Development of new applications and services
● Streaming videos and audio

Architecture Of Cloud Computing

Cloud computing architecture refers to the components and sub-components
required for cloud computing. These components typically refer to:

1. Front end ( Fat client, Thin client)

2. Back-end platforms ( Servers, Storage )
3. Cloud-based delivery and a network ( Internet, Intranet, Intercloud )

What Are The Types of Cloud Computing Services?

The following are the types of Cloud Computing:
1. Infrastructure as a Service (IaaS)
2. Platform as a Service (PaaS)
3. Software as a Service (SaaS)
4. Function as as Service (FaaS)

What is a Cloud Deployment Model?

Cloud Deployment Model functions as a virtual computing environment with
a deployment architecture that varies depending on the amount of data you
want to store and who has access to the infrastructure.

Types of Cloud Computing Deployment Models

The cloud deployment model identifies the specific type of cloud
environment based on ownership, scale, and access, as well as the cloud’s
nature and purpose. The location of the servers you’re utilizing and who
controls them are defined by a cloud deployment model. It specifies how
your cloud infrastructure will look, what you can change, and whether you
will be given services or will have to create everything yourself.
Relationships between the infrastructure and your users are also defined by
cloud deployment types. Different types of cloud computing deployment
models are described below.

● Public Cloud
● Private Cloud
● Hybrid Cloud
● Community Cloud
● Multi-Cloud

Public Cloud

The public cloud makes it possible for anybody to access systems and
services. The public cloud may be less secure as it is open to everyone. The
public cloud is one in which cloud infrastructure services are provided over
the internet to the general people or major industry groups. The
infrastructure in this cloud model is owned by the entity that delivers the
cloud services, not by the consumer. It is a type of cloud hosting that allows
customers and users to easily access systems and services. This form of
cloud computing is an excellent example of cloud hosting, in which service
providers supply services to a variety of customers. In this arrangement,
storage backup and retrieval services are given for free, as a subscription, or
on a per-user basis. For example, Google App Engine etc.
Public Cloud

Advantages of the Public Cloud Model

● Minimal Investment: Because it is a pay-per-use service, there is no
substantial upfront fee, making it excellent for enterprises that
require immediate access to resources.
● No setup cost: The entire infrastructure is fully subsidized by the
cloud service providers, thus there is no need to set up any
hardware.
● Infrastructure Management is not required: Using the public cloud
does not necessitate infrastructure management.
● No maintenance: The maintenance work is done by the service
provider (not users).
● Dynamic Scalability: To fulfill your company’s needs, on-demand
resources are accessible.

Disadvantages of the Public Cloud Model

● Less secure: Public cloud is less secure as resources are public so
there is no guarantee of high-level security.
● Low customization: It is accessed by many public so it can’t be
customized according to personal requirements.

Private Cloud

The private cloud deployment model is the exact opposite of the public cloud
deployment model. It’s a one-on-one environment for a single user
(customer). There is no need to share your hardware with anyone else. The
distinction between private and public clouds is in how you handle all of the
hardware. It is also called the “internal cloud” & it refers to the ability to
access systems and services within a given border or organization. The cloud
platform is implemented in a cloud-based secure environment that is
protected by powerful firewalls and under the supervision of an
organization’s IT department. The private cloud gives greater flexibility of
control over cloud resources.

Private Cloud

Advantages of the Private Cloud Model

● Better Control: You are the sole owner of the property. You gain
complete command over service integration, IT operations, policies,
and user behavior.
● Data Security and Privacy: It’s suitable for storing corporate
information to which only authorized staff have access. By
segmenting resources within the same infrastructure, improved
access and security can be achieved.
● Supports Legacy Systems: This approach is designed to work with
legacy systems that are unable to access the public cloud.
● Customization: Unlike a public cloud deployment, a private cloud
allows a company to tailor its solution to meet its specific needs.

Disadvantages of the Private Cloud Model

● Less scalable: Private clouds are scaled within a certain range as
there is less number of clients.
● Costly: Private clouds are more costly as they provide personalized
facilities.

Hybrid Cloud

By bridging the public and private worlds with a layer of proprietary

software, hybrid cloud computing gives the best of both worlds. With a
hybrid solution, you may host the app in a safe environment while taking
advantage of the public cloud’s cost savings. Organizations can move data
and applications between different clouds using a combination of two or
more cloud deployment methods, depending on their needs.
Hybrid Cloud

Advantages of the Hybrid Cloud Model

● Flexibility and control: Businesses with more flexibility can design
personalized solutions that meet their particular needs.
● Cost: Because public clouds provide scalability, you’ll only be
responsible for paying for the extra capacity if you require it.
● Security: Because data is properly separated, the chances of data
theft by attackers are considerably reduced.

Disadvantages of the Hybrid Cloud Model

● Difficult to manage: Hybrid clouds are difficult to manage as it is a
combination of both public and private cloud. So, it is complex.
● Slow data transmission: Data transmission in the hybrid cloud
takes place through the public cloud so latency occurs.

Community Cloud

It allows systems and services to be accessible by a group of organizations. It

is a distributed system that is created by integrating the services of different
clouds to address the specific needs of a community, industry, or business.
The infrastructure of the community could be shared between the
organization which has shared concerns or tasks. It is generally managed by
a third party or by the combination of one or more organizations in the
community.

Community Cloud

Advantages of the Community Cloud Model

● Cost Effective: It is cost-effective because the cloud is shared by
multiple organizations or communities.
● Security: Community cloud provides better security.
● Shared resources: It allows you to share resources, infrastructure,
etc. with multiple organizations.
● Collaboration and data sharing: It is suitable for both collaboration
and data sharing.

Disadvantages of the Community Cloud Model

● Limited Scalability: Community cloud is relatively less scalable as
many organizations share the same resources according to their
collaborative interests.
● Rigid in customization: As the data and resources are shared
among different organizations according to their mutual interests if
an organization wants some changes according to their needs they
cannot do so because it will have an impact on other organizations.

Multi-Cloud

We’re talking about employing multiple cloud providers at the same time
under this paradigm, as the name implies. It’s similar to the hybrid cloud
deployment approach, which combines public and private cloud resources.
Instead of merging private and public clouds, multi-cloud uses many public
clouds. Although public cloud providers provide numerous tools to improve
the reliability of their services, mishaps still occur. It’s quite rare that two
distinct clouds would have an incident at the same moment. As a result,
multi-cloud deployment improves the high availability of your services even
more.

Multi-Cloud

Advantages of the Multi-Cloud Model

● You can mix and match the best features of each cloud provider’s
services to suit the demands of your apps, workloads, and business
by choosing different cloud providers.
● Reduced Latency: To reduce latency and improve user experience,
you can choose cloud regions and zones that are close to your
clients.
● High availability of service: It’s quite rare that two distinct clouds
would have an incident at the same moment. So, the multi-cloud
deployment improves the high availability of your services.
Disadvantages of the Multi-Cloud Model
● Complex: The combination of many clouds makes the system
complex and bottlenecks may occur.
● Security issue: Due to the complex structure, there may be
loopholes to which a hacker can take advantage hence, makes the
data insecure.

What is the Right Choice for Cloud Deployment Model?

As of now, no such approach fits picking a cloud deployment model. We will
always consider the best cloud deployment model as per our requirements.
Here are some factors which should be considered before choosing the best
deployment model.

● Cost: Cost is an important factor for the cloud deployment model as

it tells how much amount you want to pay for these things.
● Scalability: Scalability tells about the current activity status and how
much we can scale it.
● Easy to use: It tells how much your resources are trained and how
easily can you manage these models.
● Compliance: Compliance tells about the laws and regulations which
impact the implementation of the model.
● Privacy: Privacy tells about what data you gather for the model.

Each model has some advantages and some disadvantages, and the
selection of the best is only done on the basis of your requirement. If your
requirement changes, you can switch to any other model.

Overall Analysis of Cloud Deployment Models

The overall Analysis of these models with respect to different factors is
described below.
Public Private Community Hybrid
Factors
Cloud Cloud Cloud Cloud

Complex, Complex,
Complex,
requires a requires a
requires a
Initial Setup Easy professional professional
professional
team to team to
team to setup
setup setup

Scalability
and High High Fixed High
Flexibility

Between
Distributed
Cost-Comp Cost-Eff public and
Costly cost among
arison ective private
members
cloud

Reliability Low Low High High

Data
Low High High High
Security

Data
Low High High High
Privacy

Models of Cloud Computing

Cloud Computing helps in rendering several services according to roles,
companies, etc. Cloud computing models are explained below.

● Infrastructure as a service (IaaS)

● Platform as a service (PaaS)
● Software as a service (SaaS)

1. Infrastructure as a service (IaaS)

Infrastructure as a Service (IaaS) helps in delivering computer infrastructure

on an external basis for supporting operations. Generally, IaaS provides
services to networking equipment, devices, databases, and web servers.

Infrastructure as a Service (IaaS) helps large organizations, and large

enterprises in managing and building their IT platforms. This infrastructure is
flexible according to the needs of the client.

Advantages of IaaS
● IaaS is cost-effective as it eliminates capital expenses.
● IaaS cloud provider provides better security than any other software.
● IaaS provides remote access.
Disadvantages of IaaS
● In IaaS, users have to secure their own data and applications.
● Cloud computing is not accessible in some regions of the World.

2. Platform as a service (PaaS)

Platform as a Service (PaaS) is a type of cloud computing that helps

developers to build applications and services over the Internet by providing
them with a platform.

PaaS helps in maintaining control over their business applications.

Advantages of PaaS
● PaaS is simple and very much convenient for the user as it can be
accessed via a web browser.
● PaaS has the capabilities to efficiently manage the lifecycle.

Disadvantages of PaaS
● PaaS has limited control over infrastructure as they have less control
over the environment and are not able to make some
customizations.
● PaaS has a high dependence on the provider.

3. Software as a service (SaaS)

Software as a Service (SaaS) is a type of cloud computing model that is the

work of delivering services and applications over the Internet. The SaaS
applications are called Web-Based Software or Hosted Software.

SaaS has around 60 percent of cloud solutions and due to this, it is mostly
preferred by companies.

Advantages of SaaS
● SaaS can access app data from anywhere on the Internet.
● SaaS provides easy access to features and services.

Disadvantages of SaaS
● SaaS solutions have limited customization, which means they have
some restrictions within the platform.
● SaaS has little control over the data of the user.
● SaaS are generally cloud-based, they require a stable internet
connection for proper working.

What is a Container ?
One of the greatest challenges in software development is ensuring that an
app works similarly in a variety of environments. In earlier times, this has
been attended to by working through a virtual machine (VM), but it's quite a
heavyweight solution. That's when containers came along, as a more
lightweight and effective alternative for this challenge. They encapsulate an
application and its dependencies in such a way that the same computing
environment can run without running into problems.

Primary Terminologies
● Container: An isolated, stand-alone unit that encapsulates an
application and all its dependencies, it runs the same and
consistently in any environment, independently of the host system,
being unaffecting and not getting affected by it.
● Docker: Docker is an open-source platform designed to make it easy
for containers to be built, developed, and run. It provides one with
all the software required, in addition to development capabilities, to
build, run, and manage containers for maximum efficiency.
● Image: A container image is a lightweight, read-only, executable file
that includes everything needed to run a piece of software: the code,
the runtime, the libraries, the environment variables, and
configurations. It basically serves as a template for creating
containers.
● Containerization: The way of bundling the application together with
all its dependencies into a container .In this way, the application acts
in the same way in which it is executed.
● Orchestration: It automatically takes care of the coordination,
scheduling, and management of multi-container deployments
running on a cluster of machines, container orchestration tools
include Kubernetes and Docker Swarm.

What are Containers ?

● A container is a light, stand-alone, and executable software package
that wraps an application with all its dependencies, such as
libraries, configuration files, and binaries, in order to be run.
Containers make sure that no matter where an application is
deployed, whether it is in a developer's laptop, the testing
environment, or the production server, it behaves the same way.
● Containers do this by isolating an application from the underlying
system, and therefore they are not dependent on any setting or
software installed in the operating system of the host. Instead
everything an application requires to run is packed within the
container itself. This isolation allows containers to be more efficient
compared to traditional virtual machines (VMs), which contain a full
operating system besides the application.

Containers vs. Virtual Machines (VMs)

Containers
● Architecture: All containers share the host OS kernel; however, the
running user spaces are isolated, making them lightweight.
● Boot Time: Containers have much less boot time typically in
seconds, as they do not need to boot a full OS.
● Isolation: Containers provide isolation at the process level, which is
less strong compared to VMs, but for many use cases this does not
matter
● Resource Usage: Containers consume fewer resources because they
do not need an entire OS—only the necessary binaries and libraries.

Virtual Machines (VMs)

● Architecture: A hypervisor that runs on the host OS includes a full

guest OS with virtualized hardware.
● Resource Usage: Very high, as the full OS overhead is incurred for
each instance.
● Isolation: Very good because each VM is a system on its own with
its own OS.
● Boot Time: VMs typically have longer boot times because the full
OS in a VM needs to be initialized.

What is Containerization?
Containerization is the process of packing an application together with all its
dependencies into a container in order to allow the application to run
consistently from one computing environment to another, in simple terms
containerization involves using the host OS kernel to run many isolated
instances of applications on the same machine, making it very lightweight
and efficient in deploying applications.
Use Cases for Containerization

● Microservices Architecture: Containers are just the right fit for

deploying microservices, where each service runs in its own
container.
● CI/CD Pipelines: Containers make CI/CD very easy by providing
consistent environments from development to production.
● Cloud-Native Applications: Containers are the underlying
infrastructure for cloud-native applications, while at the same time
being portable across various cloud providers.
● Dev/Test Environments: Containers make it easier to set up
consistent development and testing environments, significantly
reducing the problems associated with "it works on my machine."
● Legacy Application Modernization: Containers enable legacy
applications to be packaged in a way that makes them easier to
deploy and manage on modern infrastructure.

What is cloud security?

Cloud security is the set of control-based security measures and technology
protection, designed to protect online stored resources from leakage, theft, and
data loss. Protection includes data from cloud infrastructure, applications, and
threats. Security applications uses a software the same as SaaS (Software as a
Service) model.

How to manage security in the cloud?

Cloud service providers have many methods to protect the data.

Firewall is the central part of cloud architecture. The firewall protects the
network and the perimeter of end-users. It also protects traffic between various
apps stored in the cloud.

Access control protects data by allowing us to set access lists for various assets.
For example, you can allow the application of specific employees while
restricting others. It's a rule that employees can access the equipment that they
required. We can keep essential documents which are stolen from malicious
insiders or hackers to maintaining strict access control.

Data protection methods include Virtual Private Networks (VPN), encryption, or

masking. It allows remote employees to connect the network.
VPNaccommodates the tablets and smartphone for remote access. Data
masking maintains the data's integrity by keeping identifiable information
private. A medical company share data with data masking without violating the
HIPAA laws.

For example, we are putting intelligence information at risk in order of the

importance of security. It helps to protect mission-critical assets from threats.
Disaster recovery is vital for security because it helps to recover lost or stolen
data.

Difference between Block Cipher and Stream

Cipher
Last Updated : 12 Nov, 2024

Block Cipher and Stream Cipher are the types of symmetric key
cipher. These two block ciphers are used to transform plain text into
ciphertext. The difference between a Block cipher and a Stream
cipher is that the former transforms the plain text into cipher text by
taking the plain text block by block. On the other hand, a block
cipher produces cipher text from plain text by taking one byte of
plain text at a time. In this article, we will see the difference between
Block Cipher and Stream Cipher in detail.

What is Block Cipher?

A block cipher encrypts data in fixed-size blocks usually 64 or 128 bits
at a time. The encryption algorithm processes each block of data
separately using the cryptographic key to transform the plaintext into
the ciphertext. Block ciphers function on complex mathematical
computation and permutation to ensure that the data encrypted is
safe. The choice of block size does not directly affect the strength of
the encryption scheme.
The strength of the cipher depends upon the key length. However,
any size of the block is acceptable. The following aspects can be kept
in mind while selecting the size of a block: Avoid very small block
sizes, Do not have very large block sizes, and Multiples of 8-bit.

Block Cipher

Key Features of Block Ciphers

● Fixed Block Size: The Data is encrypted in a fixed-size block.

● Complex Operations: In block ciphers, substitution
combined with permutation forms the operation to achieve
encryption.
● Modes of Operation: Block ciphers employ several modes
such as ECB (Electronic Codebook) and CBC (Cipher Block
Chaining) for enhanced security.
Examples: AES (Advanced Encryption Standard), DES (Data
Encryption Standard) and Blowfish.

What is Stream Cipher?

A stream cipher encrypts data one bit or one byte at a time rather
than in fixed-size blocks. It generates a keystream that is combined
with the plaintext to the produce ciphertext. Stream ciphers are
made for the scenarios where data needs to be encrypted in the
continuous stream making them suitable for the real-time
applications.
It can be categorized into the synchronous, self-synchronizing and
one-time pad types. The Synchronous encryption requires
independently generated keystream from both the plaintext and the
ciphertext. They have to be in the same state, with the same key, in
order to decode the data properly.
Key Features of Stream Ciphers

● Continuous Encryption: The data is encrypted in a stream

that runs continuously, a bit or byte at a time
● Keystream Generation: To create encryption keys, the
Stream ciphers use a pseudorandom keystream generator.
● Efficiency: Stream ciphers are generally more efficient for
encrypting data of variable length and in the streaming
applications.

Examples: RC4, Salsa20, and ChaCha20.

Difference Between Block Cipher and Stream
Cipher

Block Cipher Stream Cipher

Stream Cipher Converts the

Block Cipher Converts the plain
plain text into cipher text by
text into cipher text by taking
taking 1 bit plain text at a
plain text’s block at a time.
time.

Block cipher uses either 64 bits While stream cipher uses 8

or more than 64 bits. bits.

The complexity of block cipher is While stream cipher is more

simple. complex.

Block cipher uses confusion as While stream cipher uses

well as diffusion. only confusion.
While in-stream cipher,
In block cipher, reverse
reverse encrypted text is
encrypted text is hard.
easy.

The algorithm modes which are The algorithm modes which

used in block cipher are ECB are used in stream cipher are
(Electronic Code Book) and CBC CFB (Cipher Feedback) and
(Cipher Block Chaining). OFB (Output Feedback).

Block cipher works on While stream cipher works

transposition techniques like on substitution techniques
rail-fence technique, columnar like Caesar cipher, polygram
transposition technique, etc. substitution cipher, etc.

Block cipher is slow as compared While stream cipher is fast in

to a stream cipher. comparison to block cipher.

Suitable for applications that Suitable for applications that

require strong encryption, such require strong encryption,
as file storage and internet such as file storage and
communications. internet communications.
More secure than stream ciphers Less secure than block
when the same key is used ciphers when the same key
multiple times. is used multiple times.

key length is typically 128 or 256 key length is typically 128 or

bits. 256 bits.

Operates on fixed-length blocks Encrypts data one bit at a

of data. time.

Hash Functions and Types of Hash functions

Last Updated : 20 May, 2024

Hash functions are a fundamental concept in computer science and

play a crucial role in various applications such as data storage,
retrieval, and cryptography. In data structures and algorithms (DSA),
hash functions are primarily used in hash tables, which are essential
for efficient data management. This article delves into the intricacies
of hash functions, their properties, and the different types of hash
functions used in DSA.
What is a Hash Function?
A hash function is a function that takes an input (or ‘message’) and
returns a fixed-size string of bytes. The output, typically a number, is
called the hash code or hash value. The main purpose of a hash
function is to efficiently map data of arbitrary size to fixed-size values,
which are often used as indexes in hash tables.

Key Properties of Hash Functions

● Deterministic: A hash function must consistently produce

the same output for the same input.
● Fixed Output Size: The output of a hash function should
have a fixed size, regardless of the size of the input.
● Efficiency: The hash function should be able to process input
quickly.
● Uniformity: The hash function should distribute the hash
values uniformly across the output space to avoid clustering.
● Pre-image Resistance: It should be computationally
infeasible to reverse the hash function, i.e., to find the original
input given a hash value.
● Collision Resistance: It should be difficult to find two
different inputs that produce the same hash value.
● Avalanche Effect: A small change in the input should
produce a significantly different hash value.

Applications of Hash Functions

● Hash Tables: The most common use of hash functions in
DSA is in hash tables, which provide an efficient way to store
and retrieve data.
● Data Integrity: Hash functions are used to ensure the
integrity of data by generating checksums.
● Cryptography: In cryptographic applications, hash functions
are used to create secure hash algorithms like SHA-256.
● Data Structures: Hash functions are utilized in various data
structures such as Bloom filters and hash sets.

Types of Hash Functions

There are many hash functions that use numeric or alphanumeric
keys. This article focuses on discussing different hash functions:
1. Division Method.
2. Multiplication Method
3. Mid-Square Method
4. Folding Method
5. Cryptographic Hash Functions
6. Universal Hashing
7. Perfect Hashing

Let’s begin discussing these methods in detail.

1. Division Method
The division method involves dividing the key by a prime number
and using the remainder as the hash value.

h(k)=k mod m

Where k is the key and 𝑚m is a prime number.

Advantages:
● Simple to implement.
● Works well when 𝑚m is a prime number.

Disadvantages:
● Poor distribution if 𝑚m is not chosen wisely.

2. Multiplication Method
In the multiplication method, a constant 𝐴A (0 < A < 1) is used to
multiply the key. The fractional part of the product is then multiplied
by 𝑚m to get the hash value.

h(k)=⌊m(kAmod1)⌋

Where ⌊ ⌋ denotes the floor function.

Advantages:
● Less sensitive to the choice of 𝑚m.

Disadvantages:
● More complex than the division method.

3. Mid-Square Method
In the mid-square method, the key is squared, and the middle digits
of the result are taken as the hash value.
Steps:
1. Square the key.
2. Extract the middle digits of the squared value.

Advantages:
● Produces a good distribution of hash values.

Disadvantages:
● May require more computational effort.

4. Folding Method
The folding method involves dividing the key into equal parts,
summing the parts, and then taking the modulo with respect to 𝑚m.
Steps:
1. Divide the key into parts.
2. Sum the parts.
3. Take the modulo 𝑚m of the sum.

Advantages:
● Simple and easy to implement.
Disadvantages:
● Depends on the choice of partitioning scheme.

5. Cryptographic Hash Functions

Cryptographic hash functions are designed to be secure and are
used in cryptography. Examples include MD5, SHA-1, and SHA-256.
Characteristics:
● Pre-image resistance.
● Second pre-image resistance.
● Collision resistance.

Advantages:
● High security.

Disadvantages:
● Computationally intensive.

6. Universal Hashing
Universal hashing uses a family of hash functions to minimize the
chance of collision for any given set of inputs.

h(k)=((a⋅k+b)modp)modm
Where a and b are randomly chosen constants, p is a prime number
greater than m, and k is the key.

Advantages:
● Reduces the probability of collisions.

Disadvantages:
● Requires more computation and storage.

7. Perfect Hashing
Perfect hashing aims to create a collision-free hash function for a
static set of keys. It guarantees that no two keys will hash to the same
value.
Types:
● Minimal Perfect Hashing: Ensures that the range of the hash
function is equal to the number of keys.
● Non-minimal Perfect Hashing: The range may be larger than
the number of keys.

Advantages:
● No collisions.

Disadvantages:
● Complex to construct.

Conclusion
In conclusion, hash functions are very important tools that help store
and find data quickly. Knowing the different types of hash functions
and how to use them correctly is key to making software work better
and more securely. By choosing the right hash function for the job,
developers can greatly improve the efficiency and reliability of their
systems.

Unlock a distraction-free, high-quality learning experience with

GeeksforGeeks Premium! Get unlimited access to 35+ expert-led tech
courses covering everything from programming languages, DSA
to Web Development and Data Science, all designed to help you
ace any interview.

Message Digest in Information security

Last Updated : 16 Sep, 2019

Message Digest is used to ensure the integrity of a message

transmitted over an insecure channel (where the content of the
message can be changed). The message is passed through a
Cryptographic hash function. This function creates a compressed
image of the message called Digest.
Lets assume, Alice sent a message and digest pair to Bob. To check
the integrity of the message Bob runs the cryptographic hash
function on the received message and gets a new digest. Now, Bob
will compare the new digest and the digest sent by Alice. If, both are
same then Bob is sure that the original message is not changed.
This message and digest pair is equivalent to a physical document
and fingerprint of a person on that document. Unlike the physical
document and the fingerprint, the message and the digest can be
sent separately.
● Most importantly, the digest should be unchanged during
the transmission.
● The cryptographic hash function is a one way function, that
is, a function which is practically infeasible to invert. This
cryptographic hash function takes a message of variable
length as input and creates a digest / hash / fingerprint of
fixed length, which is used to verify the integrity of the
message.
● Message digest ensures the integrity of the document. To
provide authenticity of the message, digest is encrypted with
sender’s private key. Now this digest is called digital
signature, which can be only decrypted by the receiver who
has sender’s public key. Now the receiver can authenticate
the sender and also verify the integrity of the sent message.

Example:
The hash algorithm MD5 is widely used to check the integrity of
messages. MD5 divides the message into blocks of 512 bits and
creates a 128 bit digest(typically, 32 Hexadecimal digits). It is no
longer considered reliable for use as researchers have demonstrated
techniques capable of easily generating MD5 collisions on
commercial computers.
The weaknesses of MD5 have been exploited by the Flame malware
in 2012.
In response to the insecurities of MD5 hash algorithms, the Secure
Hash Algorithm (SHA) was invented.
Implementation:
MD5 hash in Java
Related GATE Questions:
GATE-CS-2014-(Set-1)
GATE-CS-2016 (Set 1)

The MD4/MD5 Message-Digest Algorithms

Overview
The MD4/MD5 Message-Digest Algorithm is a hash-based cryptographic function. It takes a
message of arbitrary length as its input and produces a 128-bit digest. Both MD4 and MD5
have a padding and appending process before digest the message of arbitrary length. The
difference between MD4 and MD5 is the digest process. The MD4 have 3 round hash
calculations while the MD5 have 4. For each round, both of them have intra loop-carried
dependencies.

Currently this library supports the following algorithms:

● MD4
● MD5

The MD4 algorithm is defined in RFC 1320, and the MD5 is defined in RFC 1321.

Implementation on FPGA
The internal structure of MD4 and MD5 are shown in the figures below:

As we can see from the figures, the hash calculation can be partitioned into two parts.

● The pre-processing part pads or splits the input message which is comprised by
a stream of 32-bit words into fixed sized blocks (512-bit for each).
● The digest part iteratively computes the hash values. Loop-carried dependency is
enforced by the algorithm itself, thus this part cannot reach an initiation interval
(II) = 1.

As these two parts can work independently, they are designed into parallel dataflow
processes, connected by streams (FIFOs).
Performance
MD4
A single instance of MD4 function processes input message at the rate of 512 bit / 50
cycles at 312.79MHz.

The hardware resource utilizations are listed in tab1MD4 below:

clock
BRAM DSP FF LUT CLB SRL
period(ns)

0 0 3868 4449 986 0 3.197

MD5
A single instance of MD5 function processes input message at the rate of 512 bit / 81
cycles at 329.05MHz.

The hardware resource utilizations are listed in tab1MD5 below:

clock
BRAM DSP FF LUT CLB SRL
period(ns)

0 0 4893 4790 931 0 3.039

Previous
What is HMAC(Hash based Message
Authentication Code)?
Last Updated : 01 Jul, 2024

HMAC (Hash-based Message Authentication Code) is a type of

message authentication code (MAC) that is acquired by executing a
cryptographic hash function on the data that is to be authenticated
and a secret shared key. Like any of the MACs, it is used for both data
integrity and authentication.

What is HMAC?
HMAC (Hash-Based Message Authentication Code) is a
cryptographic technique that ensures data integrity and authenticity
using a hash function and a secret key. Unlike approaches based on
signatures and asymmetric cryptography. Checking data integrity is
necessary for the parties involved in communication. HTTPS, SFTP,
FTPS, and other transfer protocols use HMAC. The cryptographic
hash function may be MD-5, SHA-1, or SHA-256. Digital signatures are
nearly similar to HMACs i.e. they both employ a hash function and a
shared key. The difference lies in the keys i.e. HMAC uses a symmetric
key(same copy) while Signatures uses an asymmetric (two different
keys).
Working of Hash-based Message Authentication
Code
HMACs provides client and server with a shared private key that is
known only to them. The client makes a unique hash (HMAC) for
every request. When the client requests the server, it hashes the
requested data with a private key and sends it as a part of the
request. Both the message and key are hashed in separate steps
making it secure. When the server receives the request, it makes its
own HMAC. Both the HMACS are compared and if both are equal, the
client is considered legitimate.
The formula for HMAC:
HMAC = hashFunc(secret key + message)

There are three types of authentication functions. They are message

encryption, message authentication code, and hash functions. The
major difference between MAC and hash (HMAC here) is the
dependence of a key. In HMAC we have to apply the hash function
along with a key on the plain text. The hash function will be applied
to the plain text message. But before applying, we have to compute
S bits and then append it to plain text and after that apply the hash
function. For generating those S bits we make use of a key that is
shared between the sender and receiver.
Using key K (0 < K < b), K+ is generated by padding O’s on left side of
key K until length becomes b bits. The reason why it’s not padded on
right is change(increase) in the length of key. b bits because it is the
block size of plain text. There are two predefined padding bits called
ipad and opad. All this is done before applying hash function to the
plain text message.
ipad - 00110110
opad - 01011100
Now we have to calculate S bits:
1. K+ is XORed with ipad and the result is S1 bits which is
equivalent to b bits since both K+ and ipad are b bits. We
have to append S1 with plain text messages. Let P be the
plain text message.
2. S1, p0, p1 upto Pm each is b bits. m is the number of plain text
blocks. P0 is plain text block and b is plain text block size.
After appending S1 to Plain text we have to apply HASH
algorithm (any variant). Simultaneously we have to apply
initialization vector (IV) which is a buffer of size n-bits. The
result produced is therefore n-bit hashcode i.e H( S1 || M ).
3. Similarly, n-bits are padded to b-bits And K+ is EXORed with
opad producing output S2 bits. S2 is appended to the b-bits
and once again hash function is applied with IV to the block.
This further results into n-bit hashcode which is H( S2 || H( S1
|| M )).

Summary of Calculation

● Select K.
○ If K < b, pad 0’s on left until k=b. K is between 0
and b ( 0 < K < b )
● EXOR K+ with ipad equivalent to b bits producing S1 bits.
● Append S1 with plain text M
● Apply SHA-512 on ( S1 || M )
● Pad n-bits until length is equal to b-bits
● EXOR K+ with opad equivalent to b bits producing S2 bits.
● Append S2 with output of step 5.
● Apply SHA-512 on step 7 to output n-bit hashcode.

Security in Hash-based Message Authentication

Code
HMAC is more secure than MAC since the key and message are
hashed in different steps:

HMAC(key, message) = H(mod1(key) || H(mod2(key) || message).

The data is initially hashed by the client using a private key before
being sent to the server as part of the request. The server then
creates its own HMAC. This assures that the process is not vulnerable
to attacks, which could result in crucial data being disclosed as
subsequent MACs are generated. Additionally, once the procedure is
completed, the delivered message becomes irreversible and
resistant to hackers. Even if a malicious party attempts to steal the
communication, they will be unable to determine its length or
decrypt it because they do not have the decryption key.

Advantages of HMAC
● HMACs are ideal for high-performance systems like routers
due to the use of hash functions which are calculated and
verified quickly unlike the public key systems.
● Digital signatures are larger than HMACs, yet the HMACs
provide comparably higher security.
● HMACs are used in administrations where public key systems
are prohibited.

Disadvantages of HMAC
● HMACs uses shared key which may lead to non-repudiation.
If either sender or receiver’s key is compromised then it will
be easy for attackers to create unauthorized messages.
● Securely managing and distributing secret keys can be
challenging.
● Although unlikely, hash collisions (where two different
messages produce the same hash) can occur.
● The security of HMAC depends on the length of the secret
key. Short keys are more vulnerable to brute-force attacks.
● The security of HMAC relies on the strength of the chosen
hash function (e.g., SHA-256). If the hash function is
compromised, HMAC is also affected.

Applications of HMAC
● Verification of e-mail address during activation or creation of
an account.
● Authentication of form data that is sent to the client browser
and then submitted back.
● HMACs can be used for Internet of things (IoT) due to less
cost.
● Whenever there is a need to reset the password, a link that
can be used once is sent without adding a server state.
● It can take a message of any length and convert it into a
fixed-length message digest. That is even if you got a long
message, the message digest will be small and thus permits
maximizing bandwidth.

How Does a Secure Hash Algorithm work in

Cryptography?
Last Updated : 14 Jun, 2024

Cryptography is very much essential and vital for data encryption and
decryption to safeguard sensitive and touchy data in businesses and
individual. However, with the advancement of technology data
breaches and cyberattacks has become very common, and need to
employ different types of cryptography tools to combat such issues
and problems. Hashing is used for data integrity verification and to
detect any unauthorized modification or tampering and can ensure
the digital document's authenticity.
Secure Hash Algorithms (SHA) is one of the cryptography technology
and uses hashing for plaintext to message digest conversion. In this
article, we will learn all about the SHA like it's definition, difference
between SHA and AES, primary technology, key terms, practical
examples, real-life scenarios, pros, and cons etc.

What is a Secure Hash Algorithm?

A Secure Hash Algorithm (SHA) is a cryptography technique and are
developed by National Security Agency(NSA) and at a later stage, the
National Institute of Standards and Technology standardized the
SHA technique and ready for various purposes(authentication,
message integrity checks, digital signatures, and key derivation)

Difference Between Secure Hash Algorithm

(SHA) and Advanced Encryption Standard (AES)

Aspect SHA AES

AES uses a symmetric
SHA uses hash function
encryption algorithm
for plain text to
Cryptograp and employs a shared
message digest
hy key for data encryption
creation and are used
technique and decryption and
for data authentication
ensures privacy and
and integration.
confidentiality.

SHA creates a unique

hash value by the
one-way mathematical
function and the hash
value is irreversible and
used for to identify any AES uses same key for
tempered or changes of data encryption and
Fundament
plain text. decryption processes
al
and checks for data
operations
confidentiality and
This hash value is privacy
irreversible and is
typically used for
verifying data integrity
and detecting changes
to digital data.

Primary Technology
National Security Agency(NSA) developed SHA-2 family of hash
functions and SHA -256 is one the widely and popular SHA standard
of SHA-2.
SHA-256 takes an input message (of any length or size) and creates a
256-bit (32-byte) hash value and while creating the hash values
complex and standard mathematical algorithms are applied to the
input message.

Processing of SHA

1. Input

Input is the original message and need to be hashed before sending

to the recipient.
For example, let's take "Hello, World!"

2. Preprocessing

Next, We need to perform preprocessing (removal of unnecessary

characters or punctuation wherever applicable) and then input
message to a binary format conversion.

3. Hashing

Next, We will be applying the SHA hash function by using the

mathematical operations on the processessed input message to a
fixed size output or hash value.

4. Output

Hash value can act as a tool for authenticating the originality of the
input message by making sure to verify any unauthorised and
modifications made due to the data tampering and henceforth
discarding the message. If the recipient gets different hash value
upon using the same hashing algorithm and hash function on the
input then the message are tempered and modified and henceforth
need to be discarded.
We may be get the hash or fixed size output as follows,

e3b0c4429cfbbc8c830a8f102620e8a020869d64f84e98fc48d7b8b67f
677f8b9d64f84e98fc48d7b8b67f677f8b9d

Properties of Secure Hash Functions

Collision Attacks

A collision attack are the technique used by an attacker and

generally for any two different inputs the attackers try to find the
same hash value and uses it for carrying out crimes and related
activities. SHA function can handle , manage and are resistant to
collision attacks which are often used by attackers to compromise
the security and henceforth resulting in loss of data and sensitive
information and sometimes financial and related losses also.
Attacker and cyber criminals can break the security and may modify
the electronic document and files leading to loss of authenticity and
identity but doesn't allow to notice the same by showing the same
hash as similar to the original and hence can prove the file’s
genuineness and integrity. But in reality the attacker has changed
and switched out the orginal file and tricked the recipient to
download a different file without getting aware and unknowingly
falling pray to cyber attacks.

Avalanche Effect
Secure Hash functions support avalanche effect and are used to
determine the underlying modification and tempering of the data
even if any negligible and small changes are made to the inputs as it
would result into a significant and large change in the hash and
henceforth are easily detected and identified.

Applications of Secure Hash Algorithms in

Cryptography

1. Message Authentication Codes (MACs)

Message Authentication Codes or MACs is one of the most popular

applications of SHA and are used to ensure message integrity. SHA
hash is attached with the input message and then send to the
recipient.
Recipient can verify the integrity by recomputing the hash value and
check with the attached and can ensure and authenticate whether
the message has been changed or not.

2. Digital Signatures

SHA are also used with cryptography technique such as digital

signatures to ensure and verify the authenticity and identity of
electronic documents( e- mail, confidential reports, project data).

3. Password Hashing

Password Hashing is one of the most effective and important

features and uses hashing to manage and store password in online
websites and applications.
However, Passwords are generally hashed using SHA and are stored
in the database and relevant record systems as to make it difficult to
recognise and identify the original password and henceforth reduces
the possibility of cyber attack and security issues leading to a
database leak.

SHA Hashing: Ensuring Data Integrity in

Cryptography
SHA hash functions are used for data integrity verification and
authentication as to ensure the electronic document, messages and
informations are not modified or tampered during the transmission
or storage.
Hashing helps to cross verify and recheck the authenticity by doing a
recalculation of the hash value on the same data and the previous
hash function and can easily detect and identify any unauthorized
changes made during transmission and henceforth maintains the
data integrity and authenticity.

Real Life Scenario

1. Let's assume two corporation ABC and MNC

● ABC wants to send an important and vital information (such

as contract, services) via email to MNC, the partner company.
● ABC employs a digital signature upon the email contents
and information as to ensure the confidentiality and integrity
using the respective private key.
● SHA -256 are used for hash value computation and attached
the same along with the email as separate file for cross
verification by the recipient.
● Whenever, MNC receives the ABC company's email and
rechecks for the integrity.
● MNC recomputes the hash value with the same SHA-256
hash function and compares with the attached hash value
and If the match is found then only MNC can be assured the
email is intact and unmodified.

2. Let's take another example of top- secret project and it's

related conversation

● Suppose A,B are working on a top -secret project and A

wanted to send some confidential information to B.
● A decided to use a SHA 256 algorithm for transperent and
secured messaging and to ensure authentication and
integrity as well during the transmission.
● A sends the message to B and B recheck who and verifies
the authenticity and integrity of A's message using the same
SHA-256 hash function.
● However, a third person C has received the message during
transmission and then C tempers with the message and
injects a malware and modify the content.
● C recalculated the hash value of the modified message and
sent it to B.
● Upon receiving the message B rechecks and compares it the
hash provided by C.
● A mismatch was identified by B and henceforth discarded
the message as the message was improper and malicious.
● SHA algorithm are useful for safeguarding and protecting
the touchy and sensitive information in reality and practically.

Pros and Cons

Pros

1. Non-repudiation: Hash value are calculated systematically and

using the complex mathematical algorithms based on the message
contents and hence it's not feasible to say that the message
transmission is under risk or neither anyone can deny the non
receptive of the sent or encrypted the message.
2. Collision Resistance: SHA-256 is are built and designed to be
collision-resistant as to ensure that there should be different digest
for messages and hence reducing the possibility of the same hash
value.

Cons

1. Length: However one shortfall of the SHA-256 algorithm is the

hash value are if fixed size(32 bytes) and hence are inappropriate for
very long messages and often required multiple hash function in a
chained mode which is tedious and inefficient.
2. Key management: Key management are very necessary as if by
any means the secret key is lost, stolen or misused then can lead to
unauthorised access and security loss.

What is Steganography?
Last Updated : 27 Mar, 2024

Steganography is defined as which involves caching of secret

information. This word is derived from two Greek words- ‘stegos’
meaning ‘to cover’ and ‘grayfia’, meaning ‘writing’, thus translating to
‘covered writing’, or ‘hidden writing’. The sensitive information will
also be uprooted from the ordinary train or communication at its
discovery. With the help of Steganography, we can hide any digital
thing like textbook, image, videotape, etc behind a medium.

Different Types of Steganography

Text Steganography

Text Steganography is defined as a type of steganography which

involves caching dispatches or secret information within a textbook
document or other textual data. In this system, we try to hide secret
data with the help of each letter of the word. It is challenging to
describe especially when the variations or changes made are subtle.

Image Steganography

Image Steganography is defined as a type of steganography which

involves caching dispatches or secret information within digital
images. It is achieved by making changes in the pixels of the image
to render the information. It is generally used for watermarking,
covert communication, brand protection, etc.

Audio Steganography

Audio Steganography is defined as a type of steganography which

involves caching dispatches or secret information within audio lines.
The ideal behind using this fashion is to hide information in such a
way that people cannot notice it when they hear the audio. It's
generally used for digital rights operation in audio lines.

Video Steganography

Video Steganography is defined as a type of steganography which

involves caching dispatches or secret information within digital
videotape lines. The ideal way to use Video Steganography is to
detect secret information in a videotape in such a way that normal
people won't notice it.
Network or Protocol Steganography

Network or Protocol Steganography is defined as a type of

steganography which involves caching dispatches or secret
information within network protocols or dispatches. It tries to hide
secret information in the usual inflow of internet or network exertion
so that nothing can describe it.

Advantages of Steganography
● It offers better security for data sharing and communication.
● It's veritably important delicate to descry. It can only be
detected by the receiver party.
● It can apply through colorful means like images, audio,
videotape, textbook,etc.
● It plays a vital part in securing the content of the
communication.
● It offers double subcaste of protection, first being the train
itself and second the data decoded.
● With the help of Steganography advanced functional agency
can communicate intimately.

Difference between Steganography and

Cryptography

Steganography Cryptography

Steganography is defined as a
Cryptography is defined as the
system of concealing data or
system of guarding information
information
underknown-secret data or and communication with the
training. help of colorful ways.

Its main purpose is to

Its main ideal is to give data
maintain communication
protection.
security.

The structure of data is not The structure of data is

modified in the case of modified in the case of
Steganography. Cryptography.

It is less popular. It is further popular.

The use of key is not

The use of key is obligatory in
obligatory, but if it is used it
the case of Cryptography.
enhances security.
But, in Cryptography, there is
In Steganography, the use of
use of fine metamorphoses to
fine metamorphoses is not
play with the data and increase
involved importantly.
protection.

Steganography Tools
Steganography Tools are defined as tools which help the stoner to
hide secret dispatches or information inside another train in colorful
formats. There are colorful tools available in the request which helps
to perform steganography. Some of the steganography tools are
following-
● OpenStego
● Steghide
● OutGuess
● Hide n shoot
● QuickStego
● Disguise

TLS LATEST VERSION

TLS 1.2: TLS 1.2 is an advanced version of TLS 1.1. It was designed
for both improved reliability and high performance and also offers
better security. TLS 1.3: It is the latest version of TLS, it is used by
various network protocols for encoding, it is the modern version of
SSL.

1. Automated deployment and management

● If you are using Kubernetes for deploying the application then no
need for manual intervention kubernetes will take care of everything
like automating the deployment, scaling, and containerizing the
application.
● Kubernetes will reduce the errors that can be made by humans
which makes the deployment more effective.

2. Scalability

● You can scale the application containers depending on the incoming

traffic Kubernetes offers Horizontal pod scaling the pods will be
scaled automatically depending on the load.

3. High availability

● You can achieve high availability for your application with the help of
Kubernetes and also it will reduce the latency issues for the end
users.

4. Cost-effectiveness

● If there is unnecessary use of infrastructure the cost will also

increase kubernetes will help you to reduce resource utilization and
control the overprovisioning of infrastructure.

5. Improved developer productivity

● Developer can concentrate more on the developing part kubernetes

will reduce the efforts of deploying the application.
Nmap Scans for Cyber Security and
Penetration Testing
Last Updated : 30 Aug, 2024

Nmap stands for Network Mapper is arguably one of the most popular s
open source security tools employed for network mapping applications. As
one of the primary utilities of the cybersecurity domain, recon helps the users
to scan the hosts and services in the computer network. Nmap uses the
concept whereby it sends packets to a target and tries to analyze the
response as a way of dealing with the target network. This article will not
only discuss various fundamental techniques of Nmap Scanning and the
general guidelines for conducting network vulnerability scans, but this article
will also explain to you how actually to use Nmap quite efficiently.

What is Nmap?
Nmap stands for Network Mapper which is a free Open source
command-line tool. Nmap is an information-gathering tool used for recon
reconnaissance. It scans hosts and services on a computer network which
means that it sends packets and analyzes the response. Listed below are the
most useful Scans which you can run with the help of Nmap tools.

How to Use Nmap

Using Nmap is straightforward. Below are some basic steps and commands
to get started with Nmap:

1. Install Nmap: Nmap is available for various operating systems, including

Linux, Windows, and macOS. You can download it from the official Nmap
website.
2. Basic Syntax: The basic syntax for running aIt Nmap scan is:

nmap [Scan Type] [Options] {Target}

● Scan Type: Specifies the type of scan (e.g., TCP, SYN).

● Options: Additional options such as port range or timing options.
● Target: The IP address or domain name of the target.

Nmap Scanning Techniques

1. TCP Scan/TCP Connect Scan:

nmap -sT 192.168.1.12 --top-ports 50

Here:

● -sT is used for TCP Scan.

● –top-ports is used to give top ports which are used to give the
number of ports. Here we give 50 which means the top 50 ports
which are most used in TCP.
● 192.168.1.12 is the Destination IP. You can also give the Destination
URL.
This scan is used to scan the TCP ports. It completes the 3-way handshake
process which means the host tries to make a connection with the target
before any communication happens between the systems.

3-way handshake process if the Destination port is Open.

Using this command your system sends a SYN packet and the Destination
responds with SYN and ACK packets which means the port is listening
and your system sends an ACK packet to complete the connection.

If the port is Closed then the Destination Respond with RST/ACK packets.
3-way handshake if the Destination port is close

In the above image, you can see the result of the TCP scan you can see the
port number and state of the ports and services on these ports.

2. SYN Scan/Stealth Scan/Half Open Scan:

nmap -sS 192.168.1.12 --top-ports 50

Here: -sS is used for SYN Scan.

SYN Scan is the same as TCP Scan but it does not complete the 3-way
handshake process.

In this scan, Source sends the SYN packet and the destination responds with
SYN/ACK packets but the source interrupts the 3-way handshake by sending
the RST packet. Because of the interruption Destination or host does not
keep a record of the Source system.
3. UDP Scan:

nmap -sU 192.168.1.12 --top-ports 50

Here: -sU is used to activate the UDP Scan. It generally sends the empty
UDP packets and it takes more time than TCP Scan.
4. Ping Scan/NO PORT Scan:

nmap -sn 192.168.1.0/24

Here: -sn and -sP both are used for Ping Scan.

Only print the available host that responds to the host Discovery probes
within the network. The above command does not tell anything about the
ports of the system. you can also use it to check for a single IP to check that
the host is up or not.
Different States of the Port Scan Results and their
Meaning
There are mainly 4 types of State in the port scan results.

1. Open: A port is Open means that a service is listening to the port, for
example, a MySQL service running at port 3306 as you can see in the TCP
Scan result image.

2. Closed: This means the service is not listening at that port.

3. Filtered: Port is filtered by a security system like Firewall and whether the
port is open or closed is not determined. If the host sends an Unusual
response then also the port is filtered. Like in the above image of the UDP
Scan Result when the host sends a response like ICMP Unreachable then the
port is considered as filtered.

4. Open | Filtered: No answer is given by the host so the port may be filtered
by a firewall. But in some cases like the above result of the UDP Scan image,
the host does not send an ACK packet like in TCP Scan so due to the lack of
response means the port may be open.

Best Practices for Network Vulnerability Discovery

● Use Multiple Scan Types: There are types of scans: TCP, SYN, UDP,
etc. The use of combined types is more informative about the
network.
● Timing and Performance: You may also apply timing options such
as, -T0 to -T5 in order to regulate the rate of your scans. Low scan
speeds are virtually undetectable but on the other hand, they take
more time than any other scan.
● Regular Scanning: It is helpful to constantly ‘ping’ your network in
order to discover new opportunities for attacks and check if all the
countermeasures are still suitable.
● Safe Scanning: With -sV option the Nessus will scan for services
and their versions without actually probing. It is always helpful to
seek consent before trying to scan a network, which you do not own.
● Save Results: The -oN, -oX, or -oG options can be used in order to
save your results so that you can analyze them later.

What is Network Security?

Last Updated : 16 Sep, 2024

Every company or organization that handles a large amount of data, has a

degree of solutions against many cyber threats. This is a broad,
all-encompassing phrase that covers software and hardware solutions, as
well as procedures, guidelines, and setups for network usage, accessibility,
and general threat protection.

The most basic example of Network Security is password protection which

the user of the network chooses. In recent times, Network Security has
become the central topic of cyber security with many organizations inviting
applications from people who have skills in this area. The network security
solutions protect various vulnerabilities of the computer systems such as
users, location, data, devices, and applications.

What is Network Security?

Any action intended to safeguard the integrity and usefulness of your data
and network is known as network security. In other words, Network security
is defined as the activity created to protect the integrity of your network and
data.
Network security is the practice of protecting a computer network from
unauthorized access, misuse, or attacks. It involves using tools, technologies,
and policies to ensure that data traveling over the network is safe and secure,
keeping sensitive information away from hackers and other threats.

Network Security

How Does Network Security Work?

Network security uses several layers of protection, both at the edge of the
network and within it. Each layer has rules and controls that determine who
can access network resources. People who are allowed access can use the
network safely, but those who try to harm it with attacks or other threats are
stopped from doing so.

The basic principle of network security is protecting huge stored data and
networks in layers that ensure the bedding of rules and regulations that have
to be acknowledged before performing any activity on the data. These levels
are:
● Physical Network Security: This is the most basic level that
includes protecting the data and network through unauthorized
personnel from acquiring control over the confidentiality of the
network. The same can be achieved by using devices like biometric
systems.
● Technical Network Security: It primarily focuses on protecting the
data stored in the network or data involved in transitions through
the network. This type serves two purposes. One is protected from
unauthorized users, and the other is protected from malicious
activities.
● Administrative Network Security: This level of network security
protects user behavior like how the permission has been granted
and how the authorization process takes place. This also ensures
the level of sophistication the network might need for protecting it
through all the attacks. This level also suggests necessary
amendments that have to be done to the infrastructure.

Types of Network Security

There are several types of network security through which we can make our
network more secure, Your network and data are shielded from breaches,
invasions, and other dangers by network security. Here below are some
important types of network security:

Email Security

Email Security is defined as the process designed to protect the Email

Account and its contents safe from unauthorized access. For Example, you
generally see, fraud emails are automatically sent to the Spam folder.
because most email service providers have built-in features to protect the
content.
The most common danger vector for a security compromise is email
gateways. Hackers create intricate phishing campaigns using recipients’
personal information and social engineering techniques to trick them and
direct them to malicious websites. To stop critical data from being lost, an
email security programme restricts outgoing messages and stops incoming
threats.

Network Segmentation

Network traffic is divided into several categories by software-defined

segmentation, which also facilitates the enforcement of security regulations.
Ideally, endpoint identity—rather than just IP addresses—is the basis for the
classifications. To ensure that the appropriate amount of access is granted to
the appropriate individuals and that suspicious devices are controlled and
remediated, access permissions can be assigned based on role, location, and
other factors.

Access Control

Your network should not be accessible to every user. You need to identify
every user and every device in order to keep out any attackers. You can then
put your security policies into effect. Noncompliant endpoint devices might
either have their access restricted or blocked. Network access control (NAC)
is this process.

Sandboxing

Sandboxing is a cybersecurity technique in which files are opened or code is

performed on a host computer that simulates end-user operating
environments in a secure, isolated environment. To keep threats off the
network, sandboxing watches the code or files as they are opened and
searches for harmful activity.

Cloud Network Security

This is very vulnerable to the malpractices that few unauthorized dealers

might pertain to. This data must be protected and it should be ensured that
this protection is not jeopardized by anything. Many businesses embrace
SaaS applications for providing some of their employees the allowance of
accessing the data stored in the cloud. This type of security ensures creating
gaps in the visibility of the data.

Workloads and applications are no longer solely housed in a nearby data

centre on-site. More adaptability and creativity are needed to protect the
modern data centre as application workloads move to the cloud.

Web Security

A online security solution will restrict access to harmful websites, stop

web-based risks, and manage staff internet usage. Your web gateway will be
safeguarded both locally and in the cloud. “Web security” also include the
precautions you take to safeguard your personal website.

Intrusion Prevention System(IPS)

An intrusion Prevention System is also known as Intrusion Detection and

Prevention System. It is a network security application that monitors network
or system activities for malicious activity. The major functions of intrusion
prevention systems are to identify malicious activity, collect information about
this activity, report it, and attempt to block or stop it.
Antivirus and Anti-malware Software

This type of network security ensures that any malicious software does not
enter the network and jeopardize the security of the data. Malicious software
like Viruses, Trojans, and Worms is handled by the same. This ensures that
not only the entry of the malware is protected but also that the system is
well-equipped to fight once it has entered.

Firewalls Security

A firewall is a network security device, either hardware or software-based,

which monitors all incoming and outgoing traffic and based on a defined set
of security rules accepts, rejects, or drops that specific traffic. Before
Firewalls, network security was performed by Access Control Lists (ACLs)
residing on routers.

Application Security
Application security denotes the security precautionary measures utilized at
the application level to prevent the stealing or capturing of data or code
inside the application. It also includes the security measurements made
during the advancement and design of applications, as well as techniques
and methods for protecting the applications whenever.

Wireless Security

Wireless networks are less secure than wired ones. If not properly secured,
setting up a wireless LAN can be like having Ethernet ports available
everywhere, even in places like parking lots. To prevent attacks and keep
your wireless network safe, you need dedicated products designed to protect
it from exploits and unauthorized access.

Web Security

A web security solution manages how your staff uses the internet, blocks
threats from websites, and stops access to harmful sites. It safeguards your
web gateway either onsite or in the cloud. Additionally, “web security”
involves measures taken to protect your own website from potential attacks
and vulnerabilities.

Mobile Device Security

Cybercriminals are focusing more on mobile devices and apps. In the next
three years, about 90 percent of IT organizations might allow corporate
applications on personal mobile devices. It’s crucial to control which devices
can connect to your network and set up their connections securely to protect
network traffic from unauthorized access.
Industrial Network Security

As industries digitize their operations, the closer integration of IT, cloud

services, and industrial networks exposes Industrial Control Systems (ICS) to
cyber threats. To safeguard against these risks, it’s crucial to have complete
visibility into your Operational Technology (OT) security status. This involves
segmenting the industrial network and providing detailed information about
OT devices and their behaviors to IT security tools. This approach helps in
effectively monitoring and protecting critical industrial systems from potential
cyber attacks.

VPN Security

A virtual private network (VPN) encrypts the connection between a device

and a network, usually over the internet. A remote-access VPN commonly
uses IPsec or Secure Sockets Layer (SSL) to verify and secure the
communication between the device and the network. This encryption ensures
that data transmitted between the device and the network remains private
and secure from unauthorized access.

Benefits of Network Security

Network Security has several benefits, some of which are mentioned below:

● Network Security helps in protecting clients’ information and data

which ensures reliable access and helps in protecting the data from
cyber threats.
● Network Security protects the organization from heavy losses that
may have occurred from data loss or any security incident.
● It overall protects the reputation of the organization as it protects
the data and confidential items.
Advantages of Network Security
● Protection from Unauthorized Access: Network security measures
such as firewalls and authentication systems prevent unauthorized
users from accessing sensitive information or disrupting network
operations.
● Data Confidentiality: Encryption technologies ensure that data
transmitted over the network remains confidential and cannot be
intercepted by unauthorized parties.
● Prevention of Malware and Viruses: Network security solutions like
antivirus software and intrusion detection systems (IDS) detect and
block malware, viruses, and other malicious threats before they can
infect systems.
● Secure Remote Access: Virtual private networks (VPNs) and other
secure remote access methods enable employees to work remotely
without compromising the security of the organization’s network
and data.

Disadvantages of Network Security

● Complexity and Management Overhead: Implementing and
managing network security measures such as firewalls, encryption,
and intrusion detection systems (IDS) can be complex and require
specialized knowledge and resources.
● Cost: Effective network security often requires investment in
hardware, software, and skilled personnel, which can be expensive
for organizations, especially smaller ones.
● Privacy Concerns: Some network security measures, such as deep
packet inspection and monitoring, may raise privacy concerns among
users and stakeholders, requiring careful balancing of security needs
with individual privacy rights.
Conclusion
In conclusion, network security is essential for protecting computer networks
from unauthorized access, data breaches, and cyber attacks. By implementing
layers of defenses such as firewalls, encryption, and intrusion detection
systems, organizations can safeguard their data and systems from malicious
actors. Regular updates, strong passwords, and user education are also vital
to maintaining network security. Ultimately, a well-managed network
security strategy ensures safe and reliable communication while mitigating
potential risks and vulnerabilities.

What are Scanning Attacks?

Last Updated : 14 Feb, 2023

Scanning in ethical hacking is a network exploration technique used to

identify the systems connected to an organization’s network. It provides
information about the accessible systems, services, and resources on a target
system. Some may refer to this type of scan as an active scan because it can
potentially disrupt services on those hosts that are susceptible. Scanning is
often used during vulnerability assessment when probing weaknesses in
existing defenses.

There are two ways of scanning:

● Active Scanning
● Passive Scanning

Scanning is more than just port scanning, but it is a very important part of
this process. Scanning allows you to identify open ports on the target system
and can be used for port mapping, performing an interactive session with the
operating system via those ports, or even redirecting traffic from these open
ports. There are many tasks that can be performed with a scanning tool.

Scanning can be as simple as creating a list of IP addresses and netmasks to

scan all the active addresses on the network. This is called a ping sweep.
Another method is performing a syn port scan, which is an active scan that
sends TCP SYN packets to ports on the target system waiting for a reply. A
syn port scan sends TCP SYN packets to ports that are open and waiting for
replies, and an RST packet when it grants an RST/ACK (meaning that the port
is closed). An example of open ports could be telnet and FTP, which are used
by default.

Types of Scanning Techniques:

1. TCP connect scan: This is a scan that sends TCP SYN packets to
each port on the target system, waiting for an RST/ACK. This is a
steal their type of scan because it does not show the open ports on
the target system. The last port that responds is its open port, and
you can use this to your advantage to determine which ports are
open.
2. TCP syn port scan: This is a similar type of scan, but the packets are
TCP SYN packets and not TCP ACK. This type of scan sends packets
to ports that are open and waiting for a reply.
3. Network Scanning: Network scanning is used to identify the devices
and services that are running on a target network, determine their
operating systems and software versions, and identify any potential
security risks or vulnerabilities. Network scanning can be performed
manually or automated using software tools, and can target specific
systems or an entire network.
4. Vulnerability Scanning: Vulnerability scanning is a process of
identifying, locating, and assessing the security vulnerabilities of a
computer system, network, or application. This process is performed
using automated software tools that scan for known vulnerabilities,
as well as weaknesses in the configuration or implementation of the
system being tested.

Purpose
Scanning attacks are performed by cybercriminals or malicious actors for
several reasons, including:

Information Gathering: The primary purpose of a scanning attack is to

gather information about a target system or network. This information can be
used to plan and execute a more sophisticated attack, such as a distributed
denial of service (DDoS) attack or a data breach.

Vulnerability Identification: Scanning attacks can be used to identify

vulnerabilities in a target system or network. These vulnerabilities can then
be exploited to gain unauthorised access, steal sensitive information, or cause
harm to the target.

Network Mapping: Scanning attacks can be used to map out a target

network, including its infrastructure, servers, and devices. This information
can be used to plan and execute a more sophisticated attack, such as a DDoS
attack or a data breach.

Active Scanning
Active scanning is a type of network scanning technique that is used to
gather information about a target system or network. Unlike passive
scanning, which only gathers information that is readily available, active
scanning actively interacts with the target system to gather information.

It involves sending requests or packets to a target system and analyzing the

responses to gather information about the target. This type of scanning is
more aggressive and intrusive than passive scanning and is often used to
identify vulnerabilities and weaknesses in a target system or network.

It can be performed using a variety of tools and techniques, including port

scanning, vulnerability scanning, and penetration testing. Port scanning
involves sending requests to specific ports on a target system to determine
which ports are open and which services are running. Vulnerability scanning
involves identifying known vulnerabilities in a target system and attempting
to exploit them.

The goal of active scanning is to gather as much information as possible

about a target system or network. This information can be used to plan and
execute a more sophisticated attack, such as a distributed denial of service
(DDoS) attack or a data breach.

While active scanning can provide valuable information about a target

system or network, it can also pose a security risk. Active scanning can
generate a large amount of network traffic and put a strain on target systems,
potentially causing service disruptions or system crashes. Additionally, active
scanning can trigger security measures, such as firewalls or intrusion
detection systems (IDS), which can alert organizations to the presence of an
attacker.
Passive Scanning
Passive scanning is a type of network scanning technique that is used to
gather information about a target system or network without actively
interacting with the target. Unlike active scanning, which sends requests or
packets to the target and analyzes the responses, passive scanning only
gathers information that is readily available, such as information transmitted
over the network or stored in system logs.

It is used to gather information about a target system or network for a variety

of purposes, including network mapping, vulnerability assessment, and
compliance testing. By analyzing network traffic and system logs, passive
scanning can provide valuable information about a target’s infrastructure,
servers, and devices, as well as the types of services and applications that
are running.

One of the benefits of passive scanning is that it is less intrusive and less
likely to trigger security measures, such as firewalls or intrusion detection
systems (IDS), than active scanning. As a result, passive scanning can provide
organizations with valuable information about their systems and networks
without putting them at risk.

However, passive scanning is also limited in its ability to gather information

compared to active scanning. Passive scanning can only gather information
that is readily available and cannot actively probe a target system or network
for vulnerabilities or weaknesses.

Key Points:

There are three conditions that allow an attacker to utilize the scanning
techniques:
● Physical access to the target system: Using a port scanner or ping
sweep, you can locate open ports.
● Vulnerable target software: An application may have vulnerabilities
that allow you to use a TCP connect scan or an SYN flood attack.
● Administrator privileges on the target system (Windows); In order
for an attacker to perform an SYN flood attack, he must have
administrator privileges on the target system.

Types of Port Scanners:

There are several port scanning or checking methods, Some of them are
given below:

● Ping scans: A ping is used to check if a network packet can reach an

IP address without any problems. Ping scanning involves the
automatic transmission of multiple ICMP requests to different
servers.
● Half-open or SYNC scans: Attackers can check the status of a port
without creating a full connection by using semi-open scanning,
commonly known as SYN scanning. This type of analysis simply
transmits an SYN message and does not establish a connection with
the receiver.
● XMAS scans: XMAS scan sends some packets to a port to check if it
is open or not. If the port is closed, the scanner will receive a
response. If there is no response, the port is open and can be used
to access the network.

Countermeasures:

The best option to prevent getting scanned is to block the scanning packets.
● For TCP connect scan, blocking ACK packets from entering your
network.
● For an SYN flood attack, you can use an SYN cookie or SYN proxy,
which will be discussed in the next session.

Scanning can be considered a logical extension (and overlap) of active

reconnaissance that helps attackers identify specific vulnerabilities. It’s often
that attackers use automated tools such as network scanners and war dialers
to locate systems and attempt to discover vulnerabilities.

Chapter 4 - Network Security
No ratings yet
Chapter 4 - Network Security
48 pages
Bca Notes
No ratings yet
Bca Notes
8 pages
Final Assessment 20202
No ratings yet
Final Assessment 20202
9 pages
Data Protection - Lecture Notes
No ratings yet
Data Protection - Lecture Notes
78 pages
CS8603 Distributed System Model Question
50% (2)
CS8603 Distributed System Model Question
2 pages
9d25206a Secure Software Engineering
No ratings yet
9d25206a Secure Software Engineering
1 page
Hci U II
No ratings yet
Hci U II
23 pages
TOP 99 NETWORKING Multiple Choice Questions and Answers
No ratings yet
TOP 99 NETWORKING Multiple Choice Questions and Answers
19 pages
2.3,2.4-Benefits, Limitations and Risks of Cloud Computing
No ratings yet
2.3,2.4-Benefits, Limitations and Risks of Cloud Computing
19 pages
Csa Important Question
No ratings yet
Csa Important Question
10 pages
Assignment 1 Comp314
No ratings yet
Assignment 1 Comp314
6 pages
Design and Analysis of Algorithms Feb 2022
No ratings yet
Design and Analysis of Algorithms Feb 2022
2 pages
Importance of Cyber Security IJERTCONV8IS05036
No ratings yet
Importance of Cyber Security IJERTCONV8IS05036
3 pages
Introduction To Python (Part II)
No ratings yet
Introduction To Python (Part II)
29 pages
CCN UNIT-I Introduction Complete Notes
No ratings yet
CCN UNIT-I Introduction Complete Notes
47 pages
Network Security Presentation
No ratings yet
Network Security Presentation
10 pages
Components of Internet of Things PDF
No ratings yet
Components of Internet of Things PDF
1 page
Network Technology Administration and Security
No ratings yet
Network Technology Administration and Security
1 page
Major Synopsis IPU PDF
No ratings yet
Major Synopsis IPU PDF
17 pages
Project Proposal
No ratings yet
Project Proposal
7 pages
A Comprehensive Survey On Detection of Sinkhole Attack
No ratings yet
A Comprehensive Survey On Detection of Sinkhole Attack
21 pages
Unit 2 Notes
No ratings yet
Unit 2 Notes
99 pages
Chapter 1 Introduction Se
No ratings yet
Chapter 1 Introduction Se
21 pages
Unit 4 Security Policies-1
No ratings yet
Unit 4 Security Policies-1
16 pages
4 A Study of Encryption Algorithms
No ratings yet
4 A Study of Encryption Algorithms
9 pages
Network Security and Cryptography Dr.P.rizwan Ahmed
No ratings yet
Network Security and Cryptography Dr.P.rizwan Ahmed
6 pages
1 - Advanced Network Architecture
No ratings yet
1 - Advanced Network Architecture
10 pages
Digital Watermarking
No ratings yet
Digital Watermarking
101 pages
Real-Time Systems: Frank Drews
No ratings yet
Real-Time Systems: Frank Drews
30 pages
Bluetooth Based Smart Sensor Networks
No ratings yet
Bluetooth Based Smart Sensor Networks
17 pages
Cyber Security Workshop Lab File Complete
No ratings yet
Cyber Security Workshop Lab File Complete
43 pages
CN KCS-603 Important Questions Solved
No ratings yet
CN KCS-603 Important Questions Solved
162 pages
Jagadish
No ratings yet
Jagadish
13 pages
A Wireless Intrusion Detection System and A New Attack Model
No ratings yet
A Wireless Intrusion Detection System and A New Attack Model
28 pages
Evolution of Cloud Computing
No ratings yet
Evolution of Cloud Computing
8 pages
Unit 5 Cyber Security
No ratings yet
Unit 5 Cyber Security
23 pages
DWDM Unit - 1 MCQ: by Arpit Sharma 01629802018
No ratings yet
DWDM Unit - 1 MCQ: by Arpit Sharma 01629802018
27 pages
STE Microproject
No ratings yet
STE Microproject
35 pages
The Network Devices Function
No ratings yet
The Network Devices Function
2 pages
Digital Communications Exam Paper
No ratings yet
Digital Communications Exam Paper
2 pages
Iare DWDM and WT Lab Manual PDF
No ratings yet
Iare DWDM and WT Lab Manual PDF
69 pages
OOSE Syllabus
No ratings yet
OOSE Syllabus
2 pages
UNIT-4 Radiation Sensors
No ratings yet
UNIT-4 Radiation Sensors
18 pages
Confinement Principle
No ratings yet
Confinement Principle
6 pages
Distributed Systems Chapter 3-Processes
No ratings yet
Distributed Systems Chapter 3-Processes
33 pages
ADA Lab Manual Final
100% (1)
ADA Lab Manual Final
92 pages
Cryptography and Network Security
100% (1)
Cryptography and Network Security
90 pages
JNTUH Mobile Application Development Syllabi
No ratings yet
JNTUH Mobile Application Development Syllabi
2 pages
Group - A (Short Answer Questions)
No ratings yet
Group - A (Short Answer Questions)
9 pages
Scenario: ABC College Wants To Develop A University Management System (UMS) To Store Information On
No ratings yet
Scenario: ABC College Wants To Develop A University Management System (UMS) To Store Information On
1 page
Transport Layer - MCQs With Answer
No ratings yet
Transport Layer - MCQs With Answer
7 pages
Chapter 3 - Process Synchronization
No ratings yet
Chapter 3 - Process Synchronization
61 pages
Chapter 2 - Securing Network Devices
0% (1)
Chapter 2 - Securing Network Devices
5 pages
Characterization of Distributed Systems Ds Module1
No ratings yet
Characterization of Distributed Systems Ds Module1
23 pages
Chapter6 Review Question&Exercises
No ratings yet
Chapter6 Review Question&Exercises
6 pages
Types of Network: Introduction To Data Communications and Networking
No ratings yet
Types of Network: Introduction To Data Communications and Networking
2 pages
Trackpad Pro Ver. 5.0 Class 7
From Everand
Trackpad Pro Ver. 5.0 Class 7
Nidhi Arora
5/5 (1)
AppDynamics Third Edition
From Everand
AppDynamics Third Edition
Gerardus Blokdyk
No ratings yet
Unit2Part1
No ratings yet
Unit2Part1
35 pages
Computer Networks
No ratings yet
Computer Networks
7 pages
COMPUTER NETWORKS OSI MODEL MCQs
No ratings yet
COMPUTER NETWORKS OSI MODEL MCQs
52 pages
Driving ORAN Forward
No ratings yet
Driving ORAN Forward
14 pages
Wireless Sensor Network Simulators A Survey and Comparisons: Harsh Sundani
No ratings yet
Wireless Sensor Network Simulators A Survey and Comparisons: Harsh Sundani
17 pages
Data Link Layer MAC New
No ratings yet
Data Link Layer MAC New
49 pages
Packet Tracer Module 1-10 Answer Key
No ratings yet
Packet Tracer Module 1-10 Answer Key
78 pages
SYLLABUS- Engineering,VTU University
No ratings yet
SYLLABUS- Engineering,VTU University
54 pages
OPEN Alliance Automotive Ethernet ECU Test Specification Layer 2
No ratings yet
OPEN Alliance Automotive Ethernet ECU Test Specification Layer 2
72 pages
NWC204
No ratings yet
NWC204
5 pages
Lecture 2 - Mobile Security 1
No ratings yet
Lecture 2 - Mobile Security 1
13 pages
NR - Physical Channels and Modulation
No ratings yet
NR - Physical Channels and Modulation
130 pages
III B.Tech I Semester L T P C 3 1 0 3 16CSE313 Computer Networks
No ratings yet
III B.Tech I Semester L T P C 3 1 0 3 16CSE313 Computer Networks
2 pages
ITS323Y10S1E02-Final-Exam-Answers
No ratings yet
ITS323Y10S1E02-Final-Exam-Answers
21 pages
All Chapter CCNA1
No ratings yet
All Chapter CCNA1
49 pages
HCNA-HNTD Entry Training Materials V2.2 E
No ratings yet
HCNA-HNTD Entry Training Materials V2.2 E
399 pages
USRP/GNU Radio Tutorial: 윤성로 NCSU, [email protected]
100% (1)
USRP/GNU Radio Tutorial: 윤성로 NCSU, [email protected]
87 pages
CN Unit 2 Notes
No ratings yet
CN Unit 2 Notes
53 pages
Unit 1
No ratings yet
Unit 1
15 pages
HG8145V Datasheet
No ratings yet
HG8145V Datasheet
2 pages
Instant Ebooks Textbook Network Programming With Rust 1st Edition Abhishek Chanda Download All Chapters
100% (7)
Instant Ebooks Textbook Network Programming With Rust 1st Edition Abhishek Chanda Download All Chapters
52 pages
Multiplexing and Multiple Access
No ratings yet
Multiplexing and Multiple Access
63 pages
CompTIA Network+ Certification Study Guide, Seventh Edition (Exam N10-007) Clarke 2024 Scribd Download
100% (9)
CompTIA Network+ Certification Study Guide, Seventh Edition (Exam N10-007) Clarke 2024 Scribd Download
52 pages
Routing Between VLANs & Layer 3 Switches - Practical Networking
No ratings yet
Routing Between VLANs & Layer 3 Switches - Practical Networking
41 pages
09 Software Defined Networks
No ratings yet
09 Software Defined Networks
83 pages
SR - Scheduling Request
No ratings yet
SR - Scheduling Request
3 pages
80211bb 2023
No ratings yet
80211bb 2023
37 pages
5G NR Radio Network Temporary Identifier
No ratings yet
5G NR Radio Network Temporary Identifier
7 pages
Aruba Mac FIlter
No ratings yet
Aruba Mac FIlter
3 pages
ETH-Brevier 20111118
No ratings yet
ETH-Brevier 20111118
74 pages
Cambium Networks Data Sheet PTP 450i
No ratings yet
Cambium Networks Data Sheet PTP 450i
5 pages
Mobile Communications Chapter 7: Wireless Lans: Slides by Jochen Schiller With Modifications by Emmanuel Agu
No ratings yet
Mobile Communications Chapter 7: Wireless Lans: Slides by Jochen Schiller With Modifications by Emmanuel Agu
65 pages