Gene Spafford once said:
"The only truly secure system is one that is powered off, cast in a block of concrete and sealed in a lead-lined room with armed guards."
And this seems to be appropriately valid in today's world of technology.
Web Security simply means to keep everything you do online, safe. Security is one of the most important aspect of any online organization whether large scale or small scale.
What exactly is hacking?
Hacking is the gaining of unauthorized access to data in a computer network or any other device.
Types of Hackers
Well originally, there are over 9 categories of hackers identified. But, lets talk about only four of them:
- Black hat hackers: They are also known as crackers. They try to harm the system and steal sensative information.
- White hat hackers: They are the ethical hackers who do not intend to harm any software.
- Grey hat hackers: They are a mix of both. They try hacking for fun or out of curiosity.
- Blue hat hackers: A blue hat hacker is someone outside computer security firms and is used to test the bug in a system or software.
Social Engineering
Social Engineering is an attack that relies heavily on human interaction and often involves manipulating people into breaking normal security procedures in order to access to systems, networks, or for financial gains. So, here I am discussing a few Social engineering attacks to keep yourself safe from them.
How it works:
Suppose you are using facebook with your username(say Nick). There's a hacker on facebook with username say Lurk. He will message you and try to be friends with you by interacting with you and behaving like a trustworthy person. Once he gains your trust, he will try to extract all the useful information about you through that conversation which he needs to hack into your accounts or system.
A hacker also checks out your social media accounts and tries to gain as much information about you as possible and then use it against you. So next time you share anything on your social media accounts, think of the possible consequences twice before posting.
Types of Social Engineering attacks:
Phishing:
Phishing is when a malicious party sends a fraudulent mail disguised as a legitimate mail, often appearing from a trusted source with a reason to trick user.
Baiting:
Baiting is when an attacker leaves a malware affected device, such as USB flash drive in a place it is sure to be found.
Spear Phishing:
It is same as phishing except that it is targeted to one particular individual or organization.(Phishing is a general practice rather than particular).
Vishing:
Vishing means voice phishing . It is the practice of collecting the information of the user over the phone or some voice communication. This is the most commonly used techniques nowadays.
Malware
The word Malware means Malicious software. It is simply a program or a file that is harmful to a computer user. Let's dive into the possible categories of malware:
Virus:
VIRUS is a program that replicates by copying itself into other programs, system boot sectors, or documents and alter/damage the files and applications.
Trojan:
- Also known as Trojan Horse, it is a program that seems to be legitimate but acts maliciously when executed. But, until and unless you don't click on a Trojan, it won't activate.
- A Trojan can give a backdoor control to the attacker over a computing device.
- A Trojan can download and install a virus or worm to exploit a vulnerability in another program.
- Activate the computing device's camera and recording capabilities.
Ransomware:
- It is a special type of malware which you unknowingly download either from e-mails, malicious websites or peer to peer file sharing.
- It encrypts your computer files and asks for money to decrypt them. Generally, the price is demanded in terms of bitcoin or any form of cryptocurrency.
Spyware:
It is a system or software that includes Trojans or other malicious software that steals personal information of a user without the user's knowledge which means those malware are just spying on you. They know what you do over the internet and for what time.
Best practices to keep safe
Although keeping yourself totally safe from all kinds of cyber attacks and malware is nearly impossible. However, there are some practices we can follow while using internet and computer devices. So, let's talk about some of the trips and techniques to keep yourself safe.
- Configure browser security and privacy settings.
- Install security extensions with caution: HTTPS Everywhere and A Web of TrustD are few of the recommended security extensions for browsers.
- Don't share Drive C: without a password and without read-only instructions.
- Always use Anti-virus and install a secure firewall in your system.
- Try using more secure operating systems like LINUX or UNIX.
- Don't run any suspicious or unknown executable program just to "check it".
- Scan all email attachments with an anti-virus program before opening it.
- Encryption: It is one of the best ways of keeping your data files secure.
- W3C Link Ckecker: Before clicking on any doubtful link, copy the link adddress and check it on W3C link checker. W3C Link Checker provides you all the possible details of a link.
Hence, It won't be wrong to say that:
The biggest obstacle is not the technology but our approach to security.