Unit-3

What are Proxy Servers?

A proxy server is an intermediate server that sits between a user's device and the
internet. When a user makes a request to access a website, the request first goes to the
proxy server, which then forwards the request to the website. The website's response is
sent back to the proxy server, which then sends it back to the user's device.

The primary function of a proxy server is to act as an intermediary between the user's
device and the internet. This can provide a number of benefits, including:

 Anonymity - Because the website only sees the proxy server's IP address, not the
user's device IP address, the user's identity is concealed.
 Security - Proxy servers can act as a buffer between the user's device and the
internet, helping to protect against malware, viruses, and other types of attacks.
 Access control - Proxy servers can be configured to block or allow certain types
of traffic, such as social media or streaming websites, providing organizations
with control over what their employees can access.
Types of Proxy Servers
There are several different types of proxy servers, including:
  Forward Proxy - A forward proxy is a server that sits between a client and the
internet. The client sends a request to the forward proxy, which then sends the
request to the internet on behalf of the client.
 Reverse Proxy - A reverse proxy is a server that sits between the internet and a
server. The reverse proxy receives requests from the internet and then forwards
those requests to the appropriate server.
 Transparent Proxy - A transparent proxy is a proxy that does not modify the
request or response, but simply passes the traffic along. Transparent proxies are
often used in corporate environments to monitor and control access to the internet.
 Anonymous Proxy - An anonymous proxy is a proxy that conceals the user's IP
address, providing an additional layer of privacy.
What are Anonymizers?
An anonymizer is a tool that is used to conceal a user's identity when accessing the
internet. Anonymizers work by hiding the user's IP address, making it difficult for
websites to track the user's online activity.

There are several different types of anonymizers, including:

 VPN - A Virtual Private Network (VPN) is a type of anonymizer that creates an

encrypted connection between the user's device and the internet. All traffic
between the device and the internet is routed through the VPN, which conceals
the user's IP address and provides an additional layer of security.
 TOR - The Onion Router (TOR) is a free software program that is used to conceal
a user's online activity by routing their traffic through a network of servers. TOR
is designed to be extremely difficult to trace, making it a popular choice for users
who need to conceal their identity.
 Web-based anonymizers - Web-based anonymizers are online tools that allow
users to browse the internet without revealing their IP address. These tools work
by routing traffic through a third-party server, making it difficult for websites to
track the user's online activity.
Benefits of Anonymizers
The primary benefits of using anonymizers include:

1. Anonymizers can provide users with a layer of privacy when accessing the
internet, helping to conceal their online activity from prying eyes.
2. Anonymizers can help protect users from malware, viruses, and other types of
attacks by creating an encrypted connection between the user's device and the
internet.
 3. Anonymizers can be used to access content that may be blocked or restricted in
certain locations, such as geo-restricted content or websites that may be blocked
by government or institutional firewalls.
4. Anonymizers can help protect a user's identity and personal information from
being tracked and monitored by third parties, such as advertisers or hackers.
5. Anonymizers can also provide improved performance when browsing the internet,
as they can reduce load times for certain types of content and reduce bandwidth
usage.

Phishing
Phishing is one type of cyber attack. Phishing got its name from “phish”
meaning fish. It’s a common phenomenon to put bait for the fish to get trapped.
Similarly, phishing works. It is an unethical way to dupe the user or victim to
click on harmful sites. The attacker crafts the harmful site in such a way that
the victim feels it to be an authentic site, thus falling prey to it. The most
common mode of phishing is by sending spam emails that appear to be authentic
and thus, taking away all credentials from the victim. The main motive of the
attacker behind phishing is to gain confidential information like
 Password
 Credit card details
 Social security numbers
 Date of birth
The attacker uses this information to further target the user and impersonate the
user and cause data theft. The most common type of phishing attack happens
through email. Phishing victims are tricked into revealing information that they
think should be kept private. The original logo of the email is used to make the
user believe that it is indeed the original email. But if we carefully look into the
details, we will find that the URL or web address is not authentic. Let’s
understand this concept with the help of an example:
In this example, most people believe it’s YouTube just by looking at the red
icon. So, thinking of YouTube as a secure platform, the users click on the
extension without being suspicious about it. But if we look carefully, we can
see the URL is supertube.com and not youtube.com. Secondly, YouTube never
asks to add extensions for watching any video. The third thing is the extension
name itself is weird enough to raise doubt about its credibility.
How Does Phishing Occur?
Below mentioned are the ways through which Phishing generally occurs. Upon
using any of the techniques mentioned below, the user can lead to Phishing
Attacks.
 Clicking on an unknown file or attachment: Here, the attacker
deliberately sends a mysterious file to the victim, as the victim opens the
file, either malware is injected into his system or it prompts the user to enter
confidential data.
 Using an open or free wifi hotspot: This is a very simple way to get
confidential information from the user by luring him by giving him free wifi.
The wifi owner can control the user’s data without the user knowing it.
 Responding to social media requests: This commonly includes social
engineering. Accepting unknown friend requests and then, by mistake,
leaking secret data are the most common mistake made by naive users.
 Clicking on unauthenticated links or ads: Unauthenticated links have
been deliberately crafted that lead to a phished website that tricks the user
into typing confidential data.
Types of Phishing Attacks
There are several types of Phishing Attacks, some of them are mentioned below.
Below mentioned attacks are very common and mostly used by the attackers.
 Email Phishing: The most common type where users are tricked into
clicking unverified spam emails and leaking secret data. Hackers
impersonate a legitimate identity and send emails to mass victims.
Generally, the goal of the attacker is to get personal details like bank details,
credit card numbers, user IDs, and passwords of any online shopping
website, installing malware, etc. After getting the personal information, they
use this information to steal money from the user’s account or harm the
target system, etc.
 Spear Phishing: In spear phishing of phishing attack, a particular
user(organization or individual) is targeted. In this method, the attacker first
gets the full information of the target and then sends malicious emails to
his/her inbox to trap him into typing confidential data. For example, the
attacker targets someone(let’s assume an employee from the finance
department of some organization). Then the attacker pretends to be like the
manager of that employee and then requests personal information or
transfers a large sum of money. It is the most successful attack.
 Whaling: Whaling is just like spear-phishing but the main target is the head
of the company, like the CEO, CFO, etc. a pressurized email is sent to such
executives so that they don’t have much time to think, therefore falling prey
to phishing.
 Smishing: In this type of phishing attack, the medium of phishing attack is
SMS. Smishing works similarly to email phishing. SMS texts are sent to
victims containing links to phished websites or invite the victims to call a
phone number or to contact the sender using the given email. The victim is
then invited to enter their personal information like bank details, credit card
information, user id/ password, etc. Then using this information the attacker
harms the victim.
 Vishing: Vishing is also known as voice phishing. In this method, the
attacker calls the victim using modern caller id spoofing to convince the
victim that the call is from a trusted source. Attackers also use IVR to make
it difficult for legal authorities to trace the attacker. It is generally used to
steal credit card numbers or confidential data from the victim.
 Clone Phishing: Clone Phishing this type of phishing attack, the attacker
copies the email messages that were sent from a trusted source and then
alters the information by adding a link that redirects the victim to a malicious
or fake website. Now the attacker sends this mail to a larger number of users
and then waits to watch who clicks on the attachment that was sent in the
email. It spreads through the contacts of the user who has clicked on the
attachment.
Impact of Phishing
These are the impacts on the user upon affecting the Phishing Attacks. Each
person has their own impact after getting into Phishing Attacks, but these are
some of the common impacts that happen to the majority of people.
 Financial Loss: Phishing attacks often target financial information, such as
credit card numbers and bank account login credentials. This information
can be used to steal money or make unauthorized purchases, leading to
significant financial losses.
 Identity Theft: Phishing attacks can also steal personal information, such
as Social Security numbers and date of birth, which can be used to steal an
individual’s identity and cause long-term harm.
 Damage to Reputation: Organizations that fall victim to phishing attacks
can suffer damage to their reputation, as customers and clients may lose trust
in the company’s ability to protect their information.
 Disruption to Business Operations: Phishing attacks can also cause
significant disruption to business operations, as employees may have their
email accounts or computers compromised, leading to lost productivity and
data.
 Spread of Malware: Phishing attacks often use attachments or links to
deliver malware, which can infect a victim’s computer or network and cause
further harm.

Password cracking
Password cracking is one of the imperative phases of the hacking framework.
Password cracking is a way to recuperate passwords from the information
stored or sent by a PC or mainframe. The motivation behind password cracking
is to assist a client with recuperating a failed authentication or recovering a
password, as a preventive measure by framework chairmen to check for
effectively weak passwords, or an assailant can utilize this cycle to acquire
unapproved framework access.
Types of Password Attacks :
Password cracking is consistently violated regardless of the legal aspects to
secure from unapproved framework access, for instance, recovering a password
the customer had forgotten etc. This hack arrangement depends upon aggressors
exercises, which are ordinarily one of the four types:
1. Non-Electronic Attacks –
This is most likely the hacker’s first go-to to acquire the target system
password. These sorts of password cracking hacks don’t need any
specialized ability or information about hacking or misuse of frameworks.
Along these lines, this is a non-electronic hack. A few strategies used for
actualizing these sorts of hacks are social engineering, dumpster diving,
shoulder surfing, and so forth.
2. Active Online Attacks –
This is perhaps the most straightforward approach to acquire unapproved
manager-level mainframe access. To crack the passwords, a hacker needs to
have correspondence with the objective machines as it is obligatory for
password access. A few techniques used for actualizing these sorts of hacks
are word reference, brute-forcing, password speculating, hash infusion,
phishing, LLMNR/NBT-NS Poisoning, utilizing
Trojan/spyware/keyloggers, and so forth.
3. Passive Online Attacks –
An uninvolved hack is a deliberate attack that doesn’t bring about a change
to the framework in any capacity. In these sorts of hacks, the hacker doesn’t
have to deal with the framework. In light of everything, he/she idly screens
or records the data ignoring the correspondence channel to and from the
mainframe. The attacker then uses the critical data to break into the system.
Techniques used to perform passive online hacks incorporate replay attacks,
wire-sniffing, man-in-the-middle attack, and so on.
4. Offline Attacks –
Disconnected hacks allude to password attacks where an aggressor attempts
to recuperate clear content passwords from a password hash dump. These
sorts of hacks are habitually dreary yet can be viable, as password hashes
can be changed due to their more modest keyspace and more restricted
length. Aggressors utilize preprocessed hashes from rainbow tables to
perform disconnected and conveyed network hacks.
Some of the best practices protecting against password cracking include :
1. Perform data security reviews to screen and track password assaults.
2. Try not to utilize a similar password during the password change.
3. Try not to share passwords.
4. Do whatever it takes not to use passwords that can be found in a word
reference.
5. Make an effort not to use clear content shows and shows with weak
encryption.
6. Set the password change technique to 30 days.
7. Try not to store passwords in an unstable area.
8. Try not to utilize any mainframe’s or PC’s default passwords.
9. Unpatched computers can reset passwords during cradle flood or Denial of
Service assaults. Try to refresh the framework.
10. Empower account lockout with a specific number of endeavors, counter
time, and lockout span. One of the best approaches to oversee passwords in
associations is to set a computerized password reset.
11. Ensure that the computer or server’s BIOS is scrambled with a password,
particularly on devices that are unprotected from real perils, for instance,
centralized servers and PCs.
Keyloggers
Keyloggers are many hackers and script kiddie’s favorite tools. Keylogging is
a method that was first imagined back in the year 1983. Around then, the
utilization of this product was uncommon and just the top examination
organizations and spies could get their hands on it, yet today, it is a typical
element offered by most government operative applications like TheOneSpy.
Individuals use it as an opportunity to guarantee the assurance of their families,
organizations, and the ones they care about.
Keylogger is a software that records each and every keystroke you enter,
including mouse clicks. Hardware keyloggers are also available which will be
inserted between keyboard and CPU. It provides the following features:
1. It takes a minute to install this software/hardware in the victim’s system,
from the next second onwards attacker will get every activity going on in
the victim computer.
2. Each and every activity happening in the victim’s system with screenshots
will be recorded. This activity will be saved in the victim’s system or it can
be mailed to the attacker email or can be uploaded to the FTP server.
Wondered? Let’s see how attackers do this along with protection techniques.
3. Keylogging highlight of spy applications is adept at recording each and
every keystroke made by utilizing a console, regardless of whether it is an
on-screen console.
4. It likewise takes a screen capture of the screen when the client is composing
(Usually this screen capture is taken when a catch on the mouse is clicked).
5. It works watchfully, escaped the client’s view, for example, the focused on
the client could never discover that all his keystrokes are being recorded.
6. Keyloggers recorder can record writings, email, and any information you
compose at whatever point using your support.
7. The log record made by the keyloggers would then have the option to be
sent to a predefined gatherer.
8. Some keyloggers tasks will likewise record any email that tends to your use
and Web website URLs you visit.
Some software keyloggers code can capture additional information without
requiring any keyboard key presses as input. They include:
1. Clipboard logging: Anything duplicated to the clipboard is caught.
2. Screen logging: Randomly coordinated screen captures of your PC are
logged.
3. Control text capture: The Windows API allows for programs to request
the text value of some controls, it means a password can still be captured
albeit it is behind a password mask.
4. Activity tracking: Recording of which programs, folders, and windows are
opened and also the screenshots of every.
5. Recording of program queries, instant message conversations, FTP
downloads alongside the other internet activities.

Types Of Keylogger

There are basically two types of Keyloggers:

1. Hardware Keylogger: This is a thumb-size device. It records all the
keystrokes you enter from the keyboard then saves it in its memory. Later
this data will be analyzed. The drawback of this device is, It can’t record
mouse clicks, can’t take screenshots, and even can’t email, more
importantly, It requires physical access to the machine. Hardware Keylogger
is advantageous because it’s not hooked into any software nor can it’s
detected by any software.
2. Software Keylogger: Software Keylogger can be installed in the victim’s
system even if they use updated Antivirus. There are lots of software
available in market which make a Keylogger undetectable by latest
antivirus, we are going to study about them too in upcoming chapters. There
are many keyloggers available in market with various features. Some
examples of Software Keyloggers are:

How your Computer gets a Keylogger?

A Keylogger is often installed on your computer in one of many ways. Anybody
with access to your PC could introduce it; keyloggers could come as an area of
a plague or from any application establishment, in spite of how misleadingly
honest it’s getting the chance to look. This is a part of the rationale why you
ought to always make certain that you’re downloading files from a trusted
resource.
Most companies implant Keylogger software to send recorded data to a foreign
location. This happens by using one of the following methods:
1. Uploading the info to an internet site, database, or FTP server.
2. Periodically emailing data to a predefined email address.
3. Wirelessly transmitting information through a joined equipment framework.
4. Software empowering far off login to your neighborhood machine.
How to Detect and Remove Keylogger?
There is a way to detect a Keylogger, though none are a catchall, so if you’ve
got a reason to suspect your computer features a Keylogger, we recommend
trying a variety of these tactics:
1. Choose the best Antivirus, to detect a Keylogger on your system. There is
some specific sort of AV dedicated for such scans.
2. Press Ctrl+Alt+Delete to check the task list on your computer. Examine the
tasks running, and if you’re unacquainted any of them, look them abreast of
an inquiry engine.
3. Scan your hard disc for the foremost recent files stored. Look at the contents
of any files that often update, as they could be logs.
4. Use your system configuration utility to look at which programs are loaded
at computer start-up. Access this list by typing “msconfig” into the run box.

Worms and Virus

1. Worms :
Worms are similar to a virus but it does not modify the program. It replicates itself more
and more to cause slow down the computer system. Worms can be controlled by remote.
The main objective of worms is to eat the system resources. The WannaCry ransomware
worm in 2000 exploits the Windows Server Message Block (SMBv1) which is a resource-
sharing protocol.
2. Virus :
A virus is a malicious executable code attached to another executable file that can be
harmless or can modify or delete data. When the computer program runs attached with a
virus it performs some action such as deleting a file from the computer system. Viruses
can’t be controlled by remote. The ILOVEYOU virus spreads through email
attachments.
Difference between Worms and Virus :
Basis of
Sr.No. Comparison WORMS VIRUS
A Virus is a malicious
A Worm is a form of malware executable code attached to
that replicates itself and can another executable file
spread to different computers which can be harmless or
1. Definition via Network. can modify or delete data.
 The main objective of worms
is to eat the system resources.
It consumes system resources
such as memory and
bandwidth and made the
system slow in speed to such The main objective of
an extent that it stops viruses is to modify the
2. Objective responding. information.
It doesn’t need a host to
replicate from one computer It requires a host is needed
3. Host to another. for spreading.
4. Harmful It is less harmful as compared. It is more harmful.
Detection Worms can be detected and Antivirus software is used
and removed by the Antivirus and for protection against
5. Protection firewall. viruses.
Controlled Worms can be controlled by Viruses can’t be controlled
6. by remote. by remote.
Worms are executed via Viruses are executed via
7. Execution weaknesses in the system. executable files.
Worms generally comes from
the downloaded files or Viruses generally comes
through a network from the shared or
8. Comes from connection. downloaded files.
 Hampering
computer  Pop-up windows
performance by linking to
slowing down it malicious
 Automatic opening websites
and running of  Hampering
programs computer
 Sending of emails performance by
without your slowing down it
knowledge  After booting,
 Affected the starting of
performance of web unknown
9. Symptoms browser programs.
  Error messages  Passwords get
concerning to changed without
system and your knowledge
operating system
 Installation of
Antivirus
software
 Never open email
 Keep your operating attachments
system and system  Avoid usage of
in updated state pirated software
 Avoid clicking on  Keep your
links from untrusted operating system
or unknown updated
websites  Keep your
 Avoid opening browser updated
emails from as old versions
unknown sources are vulnerable to
 Use antivirus linking to
software and a malicious
10. Prevention firewall websites
Internet worms, Instant Boot sector virus, Direct
messaging worms, Email Action virus, Polymorphic
worms, File sharing worms, virus, Macro virus,
Internet relay chat (IRC) Overwrite virus, File
worms are different types of Infector virus are different
11. Types worms. types of viruses
Examples of worms include Examples of viruses
Morris worm, storm worm, include Creeper, Blaster,
12. Examples etc. Slammer, etc.
It does not need human action It needs human action to
13. Interface to replicate. replicate.
Its spreading speed is
slower as compared to
14. Speed Its spreading speed is faster. worms.
What Is a Trojan Horse?
A Trojan Horse Virus is a type of malware that downloads onto a computer
disguised as a legitimate program. The delivery method typically sees an attacker
use social engineering to hide malicious code within legitimate software to try
and gain users' system access with their software.

A simple way to answer the question "what is Trojan" is it is a type of malware

that typically gets hidden as an attachment in an email or a free-to-download file,
then transfers onto the user’s device. Once downloaded, the malicious code will
execute the task the attacker designed it for, such as gain backdoor access to
corporate systems, spy on users’ online activity, or steal sensitive data.

Indications of a Trojan being active on a device include unusual activity such as

computer settings being changed unexpectedly.

Features of Trojan Horse

 It steals information like a password and more.
 It can be used to allow remote access to a computer.
 It can be used to delete data and more on the user’s computers.

How Does Trojan Horse Work?

Unlike computer viruses, a Trojan horse requires a user to download the server
side of the application for it to function because it cannot manifest by itself.
This means that for the Trojan to target a device’s system, the executable (.exe)
file must be implemented and the software installed.
In order to reach as many people’s inboxes as possible, spammers send emails
with attachments that appear to be legal and that contain files that propagate
trojan viruses. The trojan will install and run automatically each and every time
the infected device is turned on the email is opened and downloaded malicious
attachment.
Cybercriminals can also utilize social engineering techniques to trick people
into installing malicious software, which can then infect a device with a Trojan.
The malicious file may be hidden in internet links, pop-up ads, or banner
advertisements. The malicious file may be hidden in internet links, pop-up ads,
or banner advertisements.
Trojan software can propagate to other computers from a Trojan-infected the
computer. A hacker makes the device into a zombie computer, giving them
remote access to it without the user’s knowledge. The zombie machine can then
be used by hackers to spread malware among a botnet of computers.
A user might, for example, get an email from a friend that has an attachment
that likewise appears to be real. However, the attachment has malicious code
that runs on the user’s device and installs the Trojan. The user may not be aware
that anything suspicious has happened because their machine may continue to
function regularly without any signs of it having been infected.

Examples of Trojan Horse Virus Attacks

Trojan assaults that infect systems and steal user data are to blame for
significant damage. Typical instances of Trojans include:
 Rakhni Trojan: The Rakhni Trojan infects devices by delivering
ransomware or a cryptojacker utility that allows an attacker to utilize a
device to mine bitcoin.
 Tiny Banker: With the use of Tiny Banker, hackers can steal users’ bank
information. As soon as it infected, it was discovered at least 20 U.S. banks.
 Zeus or Zbot: Zeus, often known as Zbot, is a toolkit that allows hackers
to create their own Trojan virus and targets financial services. To steal user
passwords and financial information, the source code employs strategies
like form grabbing and keystroke logging.


Uses of Trojan Horse

There are many ways that it can be used :
1. Spy: Some Trojans act as spyware. It is designed to take the data from the
victim like social networking(username and passwords), credit card details,
and more.
2. Creating backdoors: The Trojan makes some changes in the system or the
device of the victim, So this is done to let other malware or any cyber
criminals get into your device or the system.
3. Zombie: There are many times that the hacker is not at all interested in the
victim’s computer, but they want to use it under their control.

Types of Trojan Horse

Now there are many Trojans which is designed to perform specific functions.
Some of them are: –
 Backdoor trojan: A trojan horse of this kind gives the attacker remote
access to the compromised machine.
 Ransom trojan: This kind of trojan horse is intended to encrypt the data on
the compromised system and then demand payment in exchange for its
decryption.
 Trojan Banker: It is designed to steal the account data for online banking,
credit and debit cards, etc.
 Trojan Downloader: It is designed to download many malicious files like
the new versions of Trojan and Adware into the computer of the victims.
 Trojan Dropper: It is designed to prevent the detection of malicious files
in the system. It can be used by hackers for installing Trojans or viruses on
the victim’s computers.
 Trojan GameThief: It is designed to steal data from Online Gamers.
 Trojan I’s: It is designed to steal the data of login and passwords like: -a.
skype b. yahoo pager and more.

What is a Backdoor Attack?

In cybersecurity terms, a Backdoor Attack is an attempt to infiltrate a system or a network
by maliciously taking advantage of software's weak point.

Backdoors allow the attackers to quietly get into the system by deceiving the security
protocols and gain administrative access. It is similar to the real-life robbery in which
burglars take advantage of the loopholes in a house and get a 'backdoor' entry for
conducting the theft.

After gaining high-level administrative privilege, the cyber attackers could perform various
horrendous tasks like injecting spyware, gaining remote access, hack the device, steal
sensitive information, encrypt the system through ransomware, and many more.

Backdoors are originally meant for helping software developers and testers, so they are not
always bad.
Types of Backdoor

As mentioned, Backdoors are not always malicious. Here are the two types of Backdoors
as per their intentions.

Administrative Backdoor

Sometimes software developers intentionally leave a backdoor into the program so that in
case of any failure or error, they can easily reach the core of the software's code and quickly
solve the issue. Such Backdoors are called the Administrative Backdoors. These deliberate
Backdoors can also help the software testers to testify the codes.

Though such Backdoors are only known to the developers, a skillful hacker can take
advantage of it and silently use it for his benefit. So Administrative Backdoor can be called
a type of loophole in the program.

Malicious Backdoor
Malicious Backdoors are the backdoors installed on the system by cybercriminals
using malware programs like Remote Access Trojan (RAT). These are
specifically designed for taking control of the system or network and conduct
malicious tasks. RAT is a malware program that can reach the root of the system and
install the backdoor. RAT is generally spread through a malicious program.

Why are Backdoors dangerous?

It might be evident by now what havoc a software backdoor can create, even if it is
meant for the rightful purposes. Here is the list of the malicious purposes a backdoor
can be used for:

Backdoor can be a gateway for dangerous malware like trojans, ransomware,

spyware, and others. Using backdoor, it becomes easy for the cyberattackers to
release the malware programs to the system.

Backdoors are the best medium to conduct a DDoS attack in a network.

Cryptojackers can use the backdoor to infiltrate your system and conduct crypto
mining.
Using backdoors, hackers can modify sensitive system settings like Administrative
passwords and others.

Backdoors can help cyber attackers to use your internet connection remotely for uploading
and downloading.

Attackers can also install and run some specific applications or tasks with the help of
Backdoors.

aratings and reviews.

What is a denial-of-service attack?

A denial-of-service (DoS) attack is a type of cyber attack in which a malicious actor
aims to render a computer or other device unavailable to its intended users by
interrupting the device's normal functioning. DoS attacks typically function by
overwhelming or flooding a targeted machine with requests until normal traffic is
unable to be processed, resulting in denial-of-service to addition users. A DoS attack is
characterized by using a single computer to launch the attack.

A distributed denial-of-service (DDoS) attack is a type of DoS attack that comes from
many distributed sources, such as a botnet DDoS attack.

How does a DoS attack work?

The primary focus of a DoS attack is to oversaturate the capacity of a targeted machine,
resulting in denial-of-service to additional requests. The multiple attack vectors of DoS
attacks can be grouped by their similarities.

DoS attacks typically fall in 2 categories:

Buffer overflow attacks: An attack type in which a memory buffer overflow can
cause a machine to consume all available hard disk space, memory, or CPU time.
This form of exploit often results in sluggish behavior, system crashes, or other
deleterious server behaviors, resulting in denial-of-service.
Flood attacks: By saturating a targeted server with an overwhelming amount of
packets, a malicious actor is able to oversaturate server capacity, resulting in denial-
of-service. In order for most DoS flood attacks to be successful, the malicious actor
must have more available bandwidth than the target.

Difference between DOS and DDOS attack

1. DOS Attack is a denial of service attack, in this attack a computer sends a
massive amount of traffic to a victim’s computer and shuts it down. Dos attack
is an online attack that is used to make the website unavailable for its users
when done on a website. This attack makes the server of a website that is
connected to the internet by sending a large number of traffic to it.
2. DDOS Attack means distributed denial of service in this attack dos attacks
are done from many different locations using many systems.
Difference between DOS and DDOS attacks:

DOS DDOS

DDOS Stands for Distributed Denial of

DOS Stands for Denial of service attack.
service attack.

In Dos attack single system targets the In DDoS multiple systems attacks the victims
victim system. system..

Victim PC is loaded from the packet of Victim PC is loaded from the packet of data
data sent from a single location. sent from Multiple location.

Dos attack is slower as compared to

DDoS attack is faster than Dos Attack.
DDoS.

It is difficult to block this attack as multiple

Can be blocked easily as only one system
devices are sending packets and attacking
is used.
from multiple locations.

In DOS Attack only single device is used In DDoS attack,The volumeBots are used to
with DOS Attack tools. attack at the same time.
DOS DDOS

DOS Attacks are Easy to trace. DDOS Attacks are Difficult to trace.

DDoS attacks allow the attacker to send

Volume of traffic in the Dos attack is less
massive volumes of traffic to the victim
as compared to DDos.
network.

Types of DOS Attacks are: 1. Buffer

Types of DDOS Attacks are: 1. Volumetric
overflow attacks 2. Ping of Death or
Attacks 2. Fragmentation Attacks 3.
ICMP flood 3. Teardrop Attack 4.
Application Layer Attacks 4. Protocol Attack.
Flooding Attack

SQL injection

SQL injection is a technique used to extract user data by injecting web page
inputs as statements through SQL commands. Basically, malicious users can
use these instructions to manipulate the application’s web server.
1. SQL injection is a code injection technique that can compromise your
database.
2. SQL injection is one of the most common web hacking techniques.
3. SQL injection is the injection of malicious code into SQL statements via
web page input.
The Exploitation of SQL Injection in Web
Applications
Web servers communicate with database servers anytime they need to retrieve
or store user data. SQL statements by the attacker are designed so that they can
be executed while the web server is fetching content from the application
server. It compromises the security of a web application.

The Exploitation of SQL Injection in Web

Applications
Web servers communicate with database servers anytime they need to retrieve
or store user data. SQL statements by the attacker are designed so that they can
be executed while the web server is fetching content from the application
server. It compromises the security of a web application.
Suppose we have a field like the one below:
Student id: The student enters the following in the input field: 12222345 or
1=1.
Query:
SELECT * from STUDENT where
STUDENT-ID == 12222345 or 1 = 1

Now, this 1=1 will return all records for which this holds true. So basically, all
the student data is compromised. Now the malicious user can also delete the
student records in a similar fashion. Consider the following SQL query.
Query:
SELECT * from USER where
USERNAME = “” and PASSWORD=””

Now the malicious can use the ‘=’ operator in a clever manner to retrieve private
and secure user information. So instead of the above-mentioned query the
following query when executed retrieves protected data, not intended to be
shown to users.
Query:
Select * from User where
(Username = “” or 1=1) AND
(Password=”” or 1=1).

Since 1=1 always holds true, user data is compromised.

Impact of SQL Injection
The hacker can retrieve all the user data present in the database such as user
details, credit card information, and social security numbers, and can also gain
access to protected areas like the administrator portal. It is also possible to
delete user data from the tables.
Nowadays, all online shopping applications and bank transactions use back-end
database servers. So in case the hacker is able to exploit SQL injection, the
entire server is compromised.

Preventing SQL Injection

 User Authentication: Validating input from the user by pre-defining length,
type of input, of the input field and authenticating the user.
 Restricting access privileges of users and defining how much amount of data
any outsider can access from the database. Basically, users should not be
granted permission to access everything in the database.
 Do not use system administrator accounts.

What Is Buffer Overflow?

Buffer overflow is a software coding error or vulnerability that can be exploited by
hackers to gain unauthorized access to corporate systems. It is one of the best-known
software security vulnerabilities yet remains fairly common. This is partly because
buffer overflows can occur in various ways and the techniques used to prevent them
are often error-prone.

The software error focuses on buffers, which are sequential sections of computing
memory that hold data temporarily as it is transferred between locations. Also known
as a buffer overrun, buffer overflow occurs when the amount of data in the buffer
exceeds its storage capacity. That extra data overflows into adjacent memory
locations and corrupts or overwrites the data in those locations.

What Is a Buffer Overflow Attack?

A buffer overflow attack takes place when an attacker manipulates the coding error
to carry out malicious actions and compromise the affected system. The attacker
alters the application’s execution path and overwrites elements of its memory, which
amends the program’s execution path to damage existing files or expose data.

A buffer overflow attack typically involves violating programming languages and

overwriting the bounds of the buffers they exist on. Most buffer overflows are caused
by the combination of manipulating memory and mistaken assumptions around the
composition or size of data.

A buffer overflow vulnerability will typically occur when code:

1. Is reliant on external data to control its behavior

2. Is dependent on data properties that are enforced beyond its immediate scope
3. Is so complex that programmers are not able to predict its behavior accurately

Buffer Overflow Consequences

Common consequences of a buffer overflow attack include the following:

1. System crashes: A buffer overflow attack will typically lead to the system
crashing. It may also result in a lack of availability and programs being put
into an infinite loop.
2. Access control loss: A buffer overflow attack will often involve the use of
arbitrary code, which is often outside the scope of programs’ security policies.
3. Further security issues: When a buffer overflow attack results in arbitrary
code execution, the attacker may use it to exploit other vulnerabilities and
subvert other security services.

Types of Buffer Overflow Attacks

There are several types of buffer overflow attacks that attackers use to exploit
organizations’ systems. The most common are:

1. Stack-based buffer overflows: This is the most common form of buffer

overflow attack. The stack-based approach occurs when an attacker sends data
containing malicious code to an application, which stores the data in a stack
buffer. This overwrites the data on the stack, including its return pointer,
which hands control of transfers to the attacker.
2. Heap-based buffer overflows: A heap-based attack is more difficult to carry
out than the stack-based approach. It involves the attack flooding a program’s
memory space beyond the memory it uses for current runtime operations.
3. Format string attack: A format string exploit takes place when an application
processes input data as a command or does not validate input data effectively.
This enables the attacker to execute code, read data in the stack, or cause
segmentation faults in the application. This could trigger new actions that
threaten the security and stability of the system.