1

Q1)what is cyber secutity?

Cyber security is the practice of defending computers, servers, mobile devices, electronic
systems, networks, and data from malicious attacks. It's also known as information
technology security or electronic information security. The term applies in a variety of
contexts, from business to mobile computing, and can be divided into a few common
categories.

Network security is the practice of securing a computer network from intruders, whether
targeted attackers or opportunistic malware.
Application security focuses on keeping software and devices free of threats. A
compromised application could provide access to the data its designed to protect. Successful
security begins in the design stage, well before a program or device is deployed.
Information security protects the integrity and privacy of data, both in storage and in transit.
Operational security includes the processes and decisions for handling and protecting data
assets. The permissions users have when accessing a network and the procedures that
determine how and where data may be stored or shared all fall under this umbrella.
Disaster recovery and business continuity define how an organization responds to a cyber-
security incident or any other event that causes the loss of operations or data. Disaster
recovery policies dictate how the organization restores its operations and information to
return to the same operating capacity as before the event. Business continuity is the plan the
organization falls back on while trying to operate without certain resources.
End-user education addresses the most unpredictable cyber-security factor: people. Anyone
can accidentally introduce a virus to an otherwise secure system by failing to follow good
security practices. Teaching users to delete suspicious email attachments, not plug in
unidentified USB drives, and various other important lessons is vital for the security of any
organization.

Q2)Types of cyber threats

The threats countered by cyber-security are three-fold:

1. Cybercrime includes single actors or groups targeting systems for financial gain or to
cause disruption.
2. Cyber-attack often involves politically motivated information gathering.
3. Cyberterrorism is intended to undermine electronic systems to cause panic or fear.

So, how do malicious actors gain control of computer systems? Here are some common
methods used to threaten cyber-security:

Malware:Malware means malicious software. One of the most common cyber threats,
malware is software that a cybercriminal or hacker has created to disrupt or damage a
legitimate user’s computer. Often spread via an unsolicited email attachment or legitimate-
looking download, malware may be used by cybercriminals to make money or in politically
motivated cyber-attacks.

There are a number of different types of malware, including:

M.VIJITHA DEPT.PF COMPUTER SCIENCE PBSC ARTS AND SCIENCE

 2

Virus: A self-replicating program that attaches itself to clean file and spreads throughout a
computer system, infecting files with malicious code.
Trojans: A type of malware that is disguised as legitimate software. Cybercriminals trick
users into uploading Trojans onto their computer where they cause damage or collect data.
Spyware: A program that secretly records what a user does, so that cybercriminals can make
use of this information. For example, spyware could capture credit card details.
Ransomware: Malware which locks down a user’s files and data, with the threat of erasing it
unless a ransom is paid.
Adware: Advertising software which can be used to spread malware.
Botnets: Networks of malware infected computers which cybercriminals use to perform tasks
online without the user’s permission.
SQL injection

An SQL (structured language query) injection is a type of cyber-attack used to take control of
and steal data from a database. Cybercriminals exploit vulnerabilities in data-driven
applications to insert malicious code into a databased via a malicious SQL statement. This
gives them access to the sensitive information contained in the database.

Phishing

Phishing is when cybercriminals target victims with emails that appear to be from a
legitimate company asking for sensitive information. Phishing attacks are often used to dupe
people into handing over credit card data and other personal information.
Man-in-the-middle attack

A man-in-the-middle attack is a type of cyber threat where a cybercriminal intercepts

communication between two individuals in order to steal data. For example, on an unsecure
WiFi network, an attacker could intercept data being passed from the victim’s device and the
network.

Denial-of-service attack

A denial-of-service attack is where cybercriminals prevent a computer system from fulfilling

legitimate requests by overwhelming the networks and servers with traffic. This renders the
system unusable, preventing an organization from carrying out vital functions.

Latest cyber threats

What are the latest cyber threats that individuals and organizations need to guard against?
Here are some of the most recent cyber threats that the U.K., U.S., and Australian
governments have reported on.

Dridex malware

In December 2019, the U.S. Department of Justice (DoJ) charged the leader of an organized
cyber-criminal group for their part in a global Dridex malware attack. This malicious
campaign affected the public, government, infrastructure and business worldwide.

Dridex is a financial trojan with a range of capabilities. Affecting victims since 2014, it
infects computers though phishing emails or existing malware. Capable of stealing
passwords, banking details and personal data which can be used in fraudulent transactions, it
has caused massive financial losses amounting to hundreds of millions.

M.VIJITHA DEPT.PF COMPUTER SCIENCE PBSC ARTS AND SCIENCE

 3

In response to the Dridex attacks, the U.K.’s National Cyber Security Centre advises the
public to “ensure devices are patched, anti-virus is turned on and up to date and files are
backed up”.

Romance scams

In February 2020, the FBI warned U.S. citizens to be aware of confidence fraud that
cybercriminals commit using dating sites, chat rooms and apps. Perpetrators take advantage
of people seeking new partners, duping victims into giving away personal data.

The FBI reports that romance cyber threats affected 114 victims in New Mexico in 2019,
with financial losses amounting to $1.6 million.
Emotet malware

In late 2019, The Australian Cyber Security Centre warned national organizations about a
widespread global cyber threat from Emotet malware.
Emotet is a sophisticated trojan that can steal data and also load other malware. Emotet
thrives on unsophisticated password: a reminder of the importance of creating a secure
password to guard against cyber threats.
End-user protection

End-user protection or endpoint security is a crucial aspect of cyber security. After all, it is
often an individual (the end-user) who accidentally uploads malware or another form of cyber
threat to their desktop, laptop or mobile device.

So, how do cyber-security measures protect end users and systems? First, cyber-security
relies on cryptographic protocols to encrypt emails, files, and other critical data. This not only
protects information in transit, but also guards against loss or theft.

In addition, end-user security software scans computers for pieces of malicious code,
quarantines this code, and then removes it from the machine. Security programs can even
detect and remove malicious code hidden in primary boot record and are designed to encrypt
or wipe data from computer’s hard drive.
Electronic security protocols also focus on real-time malware detection. Many use heuristic
and behavioral analysis to monitor the behavior of a program and its code to defend against
viruses or Trojans that change their shape with each execution (polymorphic and
metamorphic malware). Security programs can confine potentially malicious programs to a
virtual bubble separate from a user's network to analyze their behavior and learn how to
better detect new infections.

Security programs continue to evolve new defenses as cyber-security professionals identify

new threats and new ways to combat them. To make the most of end-user security software,
employees need to be educated about how to use it. Crucially, keeping it running and
updating it frequently ensures that it can protect users against the latest cyber threats.

Q3)Cyber Attacks:

A cyber-attack is an exploitation of computer systems and networks. It uses malicious code to

alter computer code, logic or data and lead to cybercrimes, such as information and identity
theft.

M.VIJITHA DEPT.PF COMPUTER SCIENCE PBSC ARTS AND SCIENCE

 4

We are living in a digital era. Now a day, most of the people use computer and internet. Due
to the dependency on digital things, the illegal computer activity is growing and changing
like any type of crime.

Cyber-attacks can be classified into the following categories:

Web-based attacks

These are the attacks which occur on a website or web applications. Some of the important
web-based attacks are as follows-

1. Injection attacks

It is the attack in which some data will be injected into a web application to manipulate the
application and fetch the required information.

Example- SQL Injection, code Injection, log Injection, XML Injection etc.

2. DNS Spoofing

DNS Spoofing is a type of computer security hacking. Whereby a data is introduced into a
DNS resolver's cache causing the name server to return an incorrect IP address, diverting
traffic to the attacker?s computer or any other computer. The DNS spoofing attacks can go on
for a long period of time without being detected and can cause serious security issues.

3. Session Hijacking

It is a security attack on a user session over a protected network. Web applications create
cookies to store the state and user sessions. By stealing the cookies, an attacker can have
access to all of the user data.

4. Phishing

Phishing is a type of attack which attempts to steal sensitive information like user login
credentials and credit card number. It occurs when an attacker is masquerading as a
trustworthy entity in electronic communication.

M.VIJITHA DEPT.PF COMPUTER SCIENCE PBSC ARTS AND SCIENCE

 5

5. Brute force

It is a type of attack which uses a trial and error method. This attack generates a large number
of guesses and validates them to obtain actual data like user password and personal
identification number. This attack may be used by criminals to crack encrypted data, or by
security, analysts to test an organization's network security.

6. Denial of Service

It is an attack which meant to make a server or network resource unavailable to the users. It
accomplishes this by flooding the target with traffic or sending it information that triggers a
crash. It uses the single system and single internet connection to attack a server. It can be
classified into the following-

Volume-based attacks- Its goal is to saturate the bandwidth of the attacked site, and is
measured in bit per second.

Protocol attacks- It consumes actual server resources, and is measured in a packet.

Application layer attacks- Its goal is to crash the web server and is measured in request per
second.

7. Dictionary attacks

This type of attack stored the list of a commonly used password and validated them to get
original password.

8. URL Interpretation

It is a type of attack where we can change the certain parts of a URL, and one can make a
web server to deliver web pages for which he is not authorized to browse.

9. File Inclusion attacks

It is a type of attack that allows an attacker to access unauthorized or essential files which is
available on the web server or to execute malicious files on the web server by making use of
the include functionality.

10. Man in the middle attacks

It is a type of attack that allows an attacker to intercepts the connection between client and
server and acts as a bridge between them. Due to this, an attacker will be able to read, insert
and modify the data in the intercepted connection.

System-based attacks

These are the attacks which are intended to compromise a computer or a computer network.
Some of the important system-based attacks are as follows-

1. Virus

M.VIJITHA DEPT.PF COMPUTER SCIENCE PBSC ARTS AND SCIENCE

 6

It is a type of malicious software program that spread throughout the computer files without
the knowledge of a user. It is a self-replicating malicious computer program that replicates by
inserting copies of itself into other computer programs when executed. It can also execute
instructions that cause harm to the system.

2. Worm

It is a type of malware whose primary function is to replicate itself to spread to uninfected

computers. It works same as the computer virus. Worms often originate from email
attachments that appear to be from trusted senders.

3. Trojan horse

It is a malicious program that occurs unexpected changes to computer setting and unusual
activity, even when the computer should be idle. It misleads the user of its true intent. It
appears to be a normal application but when opened/executed some malicious code will run
in the background.

4. Backdoors

It is a method that bypasses the normal authentication process. A developer may create a
backdoor so that an application or operating system can be accessed for troubleshooting or
other purposes.

5. Bots

A bot (short for "robot") is an automated process that interacts with other network services.
Some bots program run automatically, while others only execute commands when they
receive specific input. Common examples of bots program are the crawler, chatroom bots,
and malicious bots.

Q4)Cyber safety tips - protect yourself against cyberattacks

1. Update your software and operating system: This means you benefit from the latest
security patches.
2. Use anti-virus software: Security solutions like Kaspersky Total Security will detect and
removes threats. Keep your software updated for the best level of protection.
3. Use strong passwords: Ensure your passwords are not easily guessable.
4. Do not open email attachments from unknown senders: These could be infected with
malware.
5. Do not click on links in emails from unknown senders or unfamiliar websites:This is a
common way that malware is spread.
6. Avoid using unsecure WiFi networks in public places: Unsecure networks leave you
vulnerable to man-in-the-middle attacks.
Kaspersky Endpoint Security received three AV-TEST awards for the best performance,
protection, and usability for a corporate endpoint security product in 2021. In all tests
Kaspersky Endpoint Security showed outstanding performance, protection, and usability for
businesses.

M.VIJITHA DEPT.PF COMPUTER SCIENCE PBSC ARTS AND SCIENCE

 7

Q5)Banking Online Safely using smart devices:

Security tips for banking by smartphone:

Mobile banking makes your life easier, but it can also pose a threat to your mobile security, if
you don’t use it carefully. Therefore, before you start using your smartphone as the preferred
banking tool, here are some security tips to keep in mind.

Keep the Banking App Updated: Updating the banking app whenever a new version is
available is a must-do. App developers keep adding various new security features and bug
fixes, which are released as updates periodically.

“The best way to ensure periodical updates is to give the application permission to install the
latest updates automatically as and when they are released. You can also switch on the ‘push
notifications’ feature to know whenever an updated version is available,”
Avoid Using Public Wi-Fi Networks: While banking apps have strong security
mechanisms, it is prudent to avoid using public Wi-Fi networks for banking transactions.
Wi-Fi networks can be infected with Trojans and hidden viruses that can potentially steal
information from smartphones. So, “always make sure that you are connected to a secure Wi-
Finetwork,
Avoid Automatic Logins: Don’t allow your browser or app to save your banking passwords
-- on the web or on a mobile app. “Automatic logins are convenient, but very dangerous if
they come in the wrong hands. Otherwise, if a phone is lost or stolen, someone may have
access to all your data, and your money,”

Don’t Save Your Login Credentials: Don’t share your passwords, pins, answers to secret
questions or store them anywhere on your handset. Saving your login credentials in your
address book is a bad idea.
Keep Track of Your Device: Take special care to make your phone traceable. Smartphone
manufacturers offer various features to track the phone or render it unusable in situations like
theft or misplacement. These include features like auto-locking, finger-print recognition, etc.
Clear Data Periodically: Banks send information for every financial transaction, including
text messages with one-time passwords to validate any transaction. “Make sure you clear all
such data periodically to avoid leakage of any sensitive information to any third party at any
point,”
6)Create Strong Password:

Cyber criminals know that most people create passwords that are easy to remember and will
often reuse the same password across multiple accounts. Because of this, all it takes is
hacking into one account to easily access the rest of the accounts.

1. Do not use sequential numbers or letters

For example, do not use 1234, qwerty, jklm, 6789, etc.

2. Do not include your birth year or birth month/day in your password

M.VIJITHA DEPT.PF COMPUTER SCIENCE PBSC ARTS AND SCIENCE

 8

Remember that cyber criminals can easily find this information by snooping into your social
media accounts.

3. Use a combination of at least eight letters, numbers, and symbols

The longer your password and the more character variety it uses, the harder it is to guess. For
example, M0l#eb9Qv? uses a unique combination of upper- and lowercase letters, numbers,
and symbols.
4. Combine different unrelated words in your password or passphrase
This makes it difficult for cyber criminals to guess at your password. Do not use phrases from
popular songs, movies, or television shows. Use three or four longer words to create your
passphrase. For example, 9SpidErscalKetobogGaN.
5. Do not use names or words found in the dictionary
Substitute letters with numbers or symbols to make it difficult to guess the password. Or
deliberately use spelling errors in the password or passphrase. For example, P8tty0G#5dn for
“patio garden.”
6. Use a password manager to store your passwords
Do not store your passwords in a document on your computer. Make sure you’re using the
password manager tool provided to you by the IT/support team to store all professional and
personal passwords.

7. Do not reuse your passwords

Every device, application, website, and piece of software requires a unique and strong
password or PIN. Remember, if a cyber criminal does guess one of your passwords, they will
use this to attempt hack into all of your personal and professional accounts.

change Password:

After A Security Breach: With massive breaches like the Capital One and Target breaches
in recent years, consumers have been put at risk from hackers halfway across the globe and
on domestic soil. When a company declares they’ve experienced a data breach, you’ll want to
change your password as soon as possible to protect your information. If your info has been
compromised, you’ll typically be alerted by the company.

If You Suspect Unauthorized Access: Don’t wait until there’s glaring evidence of
unauthorized access of your account(s). By that time, it’s usually too late. If you suspect
someone is attempting or has attempted to access one or more of your accounts, change your
passwords ASAP. It’s always better to take preventative measures than to wait until the
damage is done.

If You Discover Malware or Other Phishing Software: A virus can put your computer at
risk and leave your personal information exposed. If you discover such software on your
computer after a scan, change your passwords immediately; preferably from a different
device until you’re certain the virus has been removed.

Shared Access: Lots of people share access to accounts like Netflix and other media
services. Some even share access to a joint bank account and access the info via web or

M.VIJITHA DEPT.PF COMPUTER SCIENCE PBSC ARTS AND SCIENCE

 9

mobile app. If you share access with someone you’re no longer in contact with, change your
password as soon as possible. It’s best to not trust anyone outside of your circle of trusted
people with your passwords. Ex-spouses or significant others, friends, and previous
colleagues shouldn’t have access to any of your accounts.

Logging In At Public Places: Using an unsecured network to log in to your accounts is a

good way to have your password stolen. If you visit the library or use a public network,
change your password afterward. Follow these Digital Identity Guidelines to keep your
identity safe whether you’re at home or in public.

If You Haven’t Logged In: You should always change an old password that hasn’t been
used in over a year, but some experts recommend changing old passwords after just a few
months. The more often you change slightly-used passwords, the safer you’ll be; especially if
you’re not using multi-factor authentication.

How Often Should You Require Users To Change Their Passwords?

Don’t make the mistake of thinking these guidelines only apply to individuals. Businesses
also must keep a close watch on their password practices

Q6) Common Types of Social Engineering Attacks

1. Phishing attacks
2. Spear phishing
3. Whaling
4. Smishing and Vishing
5. Baiting
6. Piggybacking/Tailgating
7. Pretexting
8. Business Email Compromise (BEC)

1. Phishing attacks

Phishing is the most common type of social engineering tactic and has increased more than
tenfold in the past three years, according to the FBI

2. Spear phishing

Normal phishing attacks have no specific target. But spear phishing attacks occur when
hackers target a specific individual or organization.

Nearly 60% of IT decision-makers believe targeted phishing attacks are their top security
threat

3. Whaling

M.VIJITHA DEPT.PF COMPUTER SCIENCE PBSC ARTS AND SCIENCE

 10

Whaling is a term used to describe phishing attacks that target a specific, high-profile person.
Usually, an executive, government official, or celebrity.

The victims of whaling attacks are considered “big fish” to cybercriminals. These targets
offer great potential to scammers with either large financial payouts or access to valuable
data.

4. Smishing (SMS phishing) and vishing (voice phishing)

Phishing isn’t always limited to emails and fraudulent websites.

Smishing is the term used to describe phishing via the use of SMS text messages. Scammers
purchase spoofed phone numbers and blast out messages containing malicious links.

5. Baiting

Baiting is a type of social engineering attack in which scammers lure victims into providing
sensitive information by promising them something valuable in return.

For example, scammers will create pop-up ads that offer free games, music, or movie
downloads. If you click on the link, your device will be infected with malware.

6. Piggybacking / Tailgating

Piggybacking and tailgating both refer to a type of attack in which an authorized person
allows an unauthorized person access to a restricted area.

7. Pretexting

Pretexting occurs when someone creates a fake persona or misuses their actual role. It’s what
most often happens with data breaches from the inside.

8. Business Email Compromise (BEC)

There are three main types of BEC social engineering attacks:

1. Impersonation. This occurs when scammers use spoof emails to pose as employees or
trusted vendors and clients. They’ll ask their target to send fraudulent payments,
change payroll and direct deposit information, or share sensitive information.
2. Account compromise. This occurs when hackers gain access to a legitimate employee
email address. Scammers can reply to and send emails company-wide (to clients,
vendors, etc.), containing malicious code.
3. Thread hijacking. This is an advanced take on an account compromise attack. Thread
hijacking occurs when hackers scan compromised inboxes for subject lines containing
“Re:”. They then automatically reply with malware-laced messages. Recipients open
the hacked email, not thinking twice because they “know” the sender.

Q7)Identifying fake social media connections:

1. Account activity

M.VIJITHA DEPT.PF COMPUTER SCIENCE PBSC ARTS AND SCIENCE

 11

Official profiles can receive numerous tags and messages by the day, hour or even minute
depending on their type. Check out how a profile engages with followers and be
suspicious of profiles that post spam or only showcase deals that seem too good to be
true.
On customer service profiles, you will likely find direct engagement with followers.
Remember to send a private message and not to post personal or particular details on a
message wall.
2. Number of followers

Even though the number of followers can vary greatly according to the popularity of
the brand, product or business, it can help you recognize if a channel is official or
not.

3. Account history

On Twitter and other social media platforms, you can see how long a profile has been
active. Be careful when interacting with profiles that haven’t been open for long,
since you can’t know their purpose. If a profile has been open for a long time but has
few posts or messages, it may no longer be in use.
Q8)Types of Backups and Recovery

There are three main backup types used to back up all digital assets:

 Full backup: The most basic and comprehensive backup method, where all data is
sent to another location.
 Incremental backup: Backs up all files that have changed since the last backup
occurred.
 Differential backup: Backs up only copies of all files that have changed since the
last full backup.

Not all IT organizations can support all backup types since network capability may vary
from organization to organization. Choosing the right backup method requires a tactical
approach — one that can help organizations get the best level of data protection without
demanding too much from the network. However, before determining which backup
method best suits the needs of your business, you need to understand the ins and outs of the
three main backup types mentioned above.

Full Backup

A full backup involves the creation of a complete copy of an organization’s files,

folders, SaaS data and hard drives. Essentially, all the data is backed up into a single
version and moved to a storage device. It’s the perfect protection against data loss when

M.VIJITHA DEPT.PF COMPUTER SCIENCE PBSC ARTS AND SCIENCE

 12

you factor in recovery speed and simplicity. However, the time and expense required to
copy all the data (all the time) may make it an undesirable option for many IT
professionals.

How does full backup work?

Let’s say you have to back up photos from Monday to Friday.

 Monday: You perform a full backup for 100 photos. You get an image file of 100
photos.
 Tuesday: You add another 100 photos and perform a full backup. You get an image
file of 200 photos.
 Wednesday: You delete 100 photos and then perform a full backup. You get an
image file of 100 photos.
 Thursday: You make no changes to your photos and perform a full backup. You get
an image file of 100 photos.
 Friday: You add 200 photos and perform a full backup. You get an image file of 300
photos.

You get five backup files containing 800 photos. Should a data loss incident occur and you
need to recover all the photos, simply restore the last version to get all 800 photos.

Full Backup: Pros and Cons

Here are the advantages and disadvantages of running a full backup method:

Pros

 Quick restore time

 Storage management is easy since all the data is stored on a single version
 Easy version control allows you to maintain and restore different versions without
breaking a sweat
 File search is easy as it gets

Cons

 Demands the most storage space comparatively

 Depending on their size, it takes a long time to back up files
 The need for additional storage space makes it the most expensive backup method
 The risk of data loss is high since all the data is stored in one place

When should you use full backup?

Small businesses that deal consistently with a small amount of data may find full backup a
good fit since it won’t eat up their storage space or take too much time to back up.

Incremental Backup

Incremental backup involves backing up all the files, folders, SaaS data and hard drives that
have changed since the last backup activity. This could be the most recent full backup in

M.VIJITHA DEPT.PF COMPUTER SCIENCE PBSC ARTS AND SCIENCE

 13

the chain or the last incremental backup. Only the recent changes (increments) are backed
up, consuming less storage space and resulting in a speedy backup. However, the recovery
time is longer since more backup files will need to be accessed.

How does incremental backup work?

Let’s say you have to back up photos from Monday to Thursday.

 Monday: You add 100 photos and perform a full backup. You get an image file of
100 photos.
 Tuesday: You add another 100 photos (now you have 200 photos) and perform an
incremental backup. You get an image file of 100 photos.
 Wednesday: You make no changes and perform an incremental backup. You get an
empty image file.
 Thursday: You delete 100 photos and edit the other 100 photos there and perform an
incremental backup. You get an image file of only the edited 100 photos.

You get three image files containing 300 photos in total. In case you need to recover all the
photos, restore all the image files since the last full backup, including the last full backup
and the later incremental backups, to get your 200 photos (including the deleted 100
photos).

Incremental Backup: Pros and Cons

Here are the advantages and disadvantages of running an incremental backup method:

Pros

 Efficient use of storage space since files are not duplicated in their entirety
 Lightning-fast backups
 Can be run as often as desired, with each increment being an individual recovery
point

Cons

 Time-consuming restoration since data must be pieced together from multiple

backups
 Successful recovery is only possible if all the backup files are damage-proof
 File search is cumbersome – you need to scout more than one backup set to restore a
specific file

When should you use incremental backup?

Businesses that deal with large volumes of data and cannot dedicate time to the backup
process will find incremental backup methods effective since they take up less storage
space and encourage fast backups.

Differential Backup

M.VIJITHA DEPT.PF COMPUTER SCIENCE PBSC ARTS AND SCIENCE

 14

Differential backup falls between full backup and incremental backup. It involves backing
up files, folders and hard drives that were created or changed since the last full backup
(compared to just the changes since the last incremental backup). Only a small volume of
data is backed up between the time interval of the last backup and the current one,
consuming less storage space and requiring less time and investment.

How does differential backup work?

Let’s say you have to back up photos from Monday to Thursday.

 Monday: You have 200 photos and perform a full backup. You get an image file of
200 photos.
 Tuesday: You add another 200 photos (a total of 400 photos) and perform a
differential backup. You get an image file of the newly added 200 photos.
 Wednesday: You make no changes and perform a differential backup on the existing
400 photos. You get an image file of the newly added 200 photos on Tuesday.
 Thursday: You delete 100 photos and edit another 100 photos (total of 300 photos)
and perform a differential backup. You get image files of 100 photos, 200 photos and
300 photos.

Recovering 100 photos: Both deletion and editing happen to the added 200 photos. The
differential backup will back up the edited 100 photos.

Recovering 200 photos: If you delete 100 photos from the added photos and edit 100
photos from the original photos, the differential backup will back up the edited 100 photos
and the 100 added photos (left after deletion).

Recovering 300 photos: The differential backup will back up the edited 100 photos and the
added 200 photos.

Differential Backup: Pros and Cons

Here are the advantages and disadvantages of running a differential backup method:

Pros

 Takes less space than full backups

 Faster restoration than incremental backups
 Much faster backups than full backups

Cons

 Potential for failed recovery if any of the backup sets are incomplete
 Compared to incremental backups, the backup takes longer and requires more storage
space
 Compared to full backups, restoration is slow and complex

When should you use differential backup?

M.VIJITHA DEPT.PF COMPUTER SCIENCE PBSC ARTS AND SCIENCE

 15

Small and medium-sized organizations that want to process large volumes of valuable data
but cannot perform constant backups will find the differential backup method useful.

Backup & Recovery With Unitrends

Choosing the right backup method depends on your situation. You can determine your
situation by asking yourself some primary questions.

 How much data are you backing up?

 How much time can your organization devote to the process?
 How quickly will you need to recover lost data in case of a disaster?
 What operating system(s) and software programs does your business use?

Q9)Cyber security professional roles

The Roles and job titles in the security sector often leads to overlapping of several
responsibilities and are customized according to the size and needs of the organization.
Different job roles like security analyst, security administration, security engineer, security
architect and other consultant specialist are the typical job titles. As the cybersecurity
domain keeps on expanding and developing all over the place further, new roles and titles
are likely to emerge an d the roles attributed to the current titles will likely crystallize or
evolve.
Cyber security is a vital area in this advanced world. With a surge of cyber attacks
nowadays, ensuring the safety of your and your clients data has become a must-have for all
companies. There are many different types of cyber security jobs available, some more
technical than others. Often, you will need to have a few years of specialized education or
training under your belt before you can apply for these positions, but even entry level jobs
in the cyber security industry are still very lucrative.
There are many job titles and which are discussed below:
1. Security Specialist –
Security specialist are the people who are responsible for their organizations security.
They check the systems and the connections for any security vulnerability. The onset of
cloud trend has boosted this role as a security specialist is required to assess the cloud
systems regularly.

2. Incident Responder –
Incident responders are people who not only detect the threats but also respond to them.
These people help the organization and its employees to stay prepared and act when the
security is breached.

3. Security Administrator –
Security administrators are the most essential personnel. Their tasks include roles of
multiple titles. They set up proper security guidelines for the flow of data and also are
responsible for installing firewalls and malware blockers.

4. Vulnerability Assessor –
Vulnerability assessor or vulnerable assessment analyst are people who run multiple
tests on the systems. Their main aim is to find the critical flaws in the security system

M.VIJITHA DEPT.PF COMPUTER SCIENCE PBSC ARTS AND SCIENCE

 16

while also prioritizing things that affect the organization the most.

5. Cryptographer –
Cryptographers are the people who use cryptography techniques to encrypt and decrypt
the data keeping it hidden from irrelevant parties. They are very essential and are more
in demand.

6. Security Manager –
Security managers supervise the rest of the team. They take important decisions and
oversee the whole team’s work.

7. Security Architect –
As the name suggests security architect are people who design the security structure.
They also test out the security and respond to threats.

8. Security Analyst –
Security analysts analyze the systems and patch the loop holes. They often work
together with the rest of the team of IT specialist and developers.

9. Security Auditor –
Security auditor are the people who are tasked with finding the breach in the system
first before anyone else does. They check whether the currently installed firewalls and
other security measures are working properly or not.

10. Forensic Expert –

Forensic expert are people who trace back the hacks and breaches. They investigate
cyberattacks or any other illegal activity taking place online. They try to revive any
damaged or encrypted data related to the crime.

11. Penetration Tester –

Penetration testers are people who are allowed to hack the system and try to find a way
in. They act like hackers trying to attack the security system.

12. Security Consultant –

Security consultant are people who assess the systems and suggest new improvements
while pointing out the flaws. These people generally work as freelancers to develop a
security plan.

13. Security Engineer –

Security engineers patch, maintain and remove stuffs on the system. They work directly
on the system and are responsible for the modification of the system.
Finally, Cyber security is a vast world which has multiple job titles depending on the
requirement. Even though the job responsibilities of most roles overlap, each one has its
importance.

Q10)What is a denial-of-service attack?

A denial-of-service (DoS) attack occurs when legitimate users are unable to access
information systems, devices, or other network resources due to the actions of a malicious
cyber threat actor. Services affected may include email, websites, online accounts (e.g.,

M.VIJITHA DEPT.PF COMPUTER SCIENCE PBSC ARTS AND SCIENCE

 17

banking), or other services that rely on the affected computer or network. A denial-of-service
condition is accomplished by flooding the targeted host or network with traffic until the target
cannot respond or simply crashes, preventing access for legitimate users. DoS attacks can
cost an organization both time and money while their resources and services are inaccessible.

common denial-of-service attacks

There are many different methods for carrying out a DoS attack. The most common method
of attack occurs when an attacker floods a network server with traffic. In this type of DoS
attack, the attacker sends several requests to the target server, overloading it with traffic.
These service requests are illegitimate and have fabricated return addresses, which mislead
the server when it tries to authenticate the requestor. As the junk requests are processed
constantly, the server is overwhelmed, which causes a DoS condition to legitimate requestors.

 In a Smurf Attack, the attacker sends Internet Control Message Protocol broadcast
packets to a number of hosts with a spoofed source Internet Protocol (IP) address that
belongs to the target machine. The recipients of these spoofed packets will then
respond, and the targeted host will be flooded with those responses.
 A SYN flood occurs when an attacker sends a request to connect to the target server
but does not complete the connection through what is known as a three-way
handshake—a method used in a Transmission Control Protocol (TCP)/IP network to
create a connection between a local host/client and server. The incomplete handshake
leaves the connected port in an occupied status and unavailable for further requests.
An attacker will continue to send requests, saturating all open ports, so that legitimate
users cannot connect.

Individual networks may be affected by DoS attacks without being directly targeted. If the
network’s internet service provider (ISP) or cloud service provider has been targeted and
attacked, the network will also experience a loss of service.
distributed denial-of-service attack
A distributed denial-of-service (DDoS) attack occurs when multiple machines are operating
together to attack one target. DDoS attackers often leverage the use of a botnet—a group of
hijacked internet-connected devices to carry out large scale attacks. Attackers take advantage
of security vulnerabilities or device weaknesses to control numerous devices using command
and control software. Once in control, an attacker can command their botnet to conduct
DDoS on a target. In this case, the infected devices are also victims of the attack.
Botnets—made up of compromised devices—may also be rented out to other potential
attackers. Often the botnet is made available to “attack-for-hire” services, which allow
unskilled users to launch DDoS attacks.
DDoS allows for exponentially more requests to be sent to the target, therefore increasing the
attack power. It also increases the difficulty of attribution, as the true source of the attack is
harder to identify.
DDoS attacks have increased in magnitude as more and more devices come online through
the Internet of Things (IoT) (see Securing the Internet of Things). IoT devices often use
default passwords and do not have sound security postures, making them vulnerable to
compromise and exploitation. Infection of IoT devices often goes unnoticed by users, and an
attacker could easily compromise hundreds of thousands of these devices to conduct a high-
scale attack without the device owners’ knowledge.

M.VIJITHA DEPT.PF COMPUTER SCIENCE PBSC ARTS AND SCIENCE

 18

While there is no way to completely avoid becoming a target of a DoS or DDoS attack, there
are proactive steps administrators can take to reduce the effects of an attack on their network.

 Enroll in a DoS protection service that detects abnormal traffic flows and redirects
traffic away from your network. The DoS traffic is filtered out, and clean traffic is
passed on to your network.
 Create a disaster recovery plan to ensure successful and efficient communication,
mitigation, and recovery in the event of an attack.

It is also important to take steps to strengthen the security posture of all of your internet-
connected devices in order to prevent them from being compromised.

 Install and maintain antivirus software.

 Install a firewall and configure it to restrict traffic coming into and leaving your
computer (see Understanding Firewalls for Home and Small Office Use).
 Evaluate security settings and follow good security practices in order to minimalize
the access other people have to your information, as well as manage unwanted traffic
(see Good Security Habits).

How do you know if an attack is happening?

Symptoms of a DoS attack can resemble non-malicious availability issues, such as technical
problems with a particular network or a system administrator performing maintenance.
However, the following symptoms could indicate a DoS or DDoS attack:

 Unusually slow network performance (opening files or accessing websites),

 Unavailability of a particular website, or
 An inability to access any website.

The best way to detect and identify a DoS attack would be via network traffic monitoring and
analysis. Network traffic can be monitored via a firewall or intrusion detection system. An
administrator may even set up rules that create an alert upon the detection of an
anomalous traffic load and identify the source of the traffic or drops network packets that
meet a certain criteria.
Q11)Data breaches recovery plan:

The moments after a data breach are the most crucial to a company. That is why it is so
important to have an established data breach recovery plan that clearly details the actions that
need to be taken at the first sign of a breach.
When it comes time to act, it’s imperative everyone is able to remain focused, react quickly,
and follow these five steps:

1) Isolate the Impacted Systems

System isolation is beneficial in two ways: Beyond simply isolating the affected machines,
this phase enables law enforcement agencies to perform analysis that may help them identify
the attacker and the vector of attack.
Isolate the breached machine from your network in order to prepare the system for forensic
analysis. It will be important to look at all systems that interact with the compromised
system.

M.VIJITHA DEPT.PF COMPUTER SCIENCE PBSC ARTS AND SCIENCE

 19

If any one of those systems has been breached, it will be necessary to repeat the process with
systems further along the network. This should be repeated until all affected machines have
been identified. After all systems have been isolated, create forensic copies and ensure all
activity has been documented.

2) Make a Clean Start and Recovery

This step should include a rotation of credentials (passwords, encryption keys, etc.). Your
incident response team must work with system owners to ensure any system-to-system
communication remains in working order.

At the server level, the same steps should be taken in a virtual and physical environment. If
rebuilding is not possible, bring in experts who are capable of cleaning the system.
Attempting to have untrained personnel perform this activity could lead to further breaches
down the road.

After your system has been rebuilt, ensure that all systems are up to date with patches. It will
take time, but data analysis will be required if any data repositories were breached. It will
also be necessary to ensure the database is clean — this may require going back to a backup,
analyzing the data and working with transaction logs to rebuild your server.

3) Increase Monitoring
There are three main reasons for this, the first of which is that the compromised server might
not have been the original server. It’s possible your investigation missed the location of the
initial breach, and increased monitoring can help you determine if that is the case.

The second reason is attackers may attempt to enter your system a second time—and if they
do, you’ll want to be ready for them. Lastly, there’s a good chance your system has a greater
asset value than you originally thought. Increased monitoring is always a good option,
helping you keep an eye on things no matter where you are in terms of security.

4) Make Note of Lessons Learned

It’s always important to learn from a breach and the reaction of your incident response team.
In the aftermath of a breach, it’s best to look at the existing processes that enabled the
attacker to access your firm’s data, and identify any gaps in your incident response process.

5) Communicate
After a breach, communication is important, not only within your organization and your
incident response team, but also with customers and any other users who may have been
impacted. It is imperative to make sure these communications go through your organization’s
legal department and/or outside counsel

M.VIJITHA DEPT.PF COMPUTER SCIENCE PBSC ARTS AND SCIENCE

 20

Q12)Data Destruction:

Data destruction is the process of destroying data stored on tapes, hard disks and other forms
of electronic media so that it is completely unreadable and cannot be accessed or used for
unauthorized purposes.

When data is deleted, it is no longer readily accessible by the operating

system or application that created it. But deleting a file is not enough; data
destruction software must be used to overwrite the available space/blocks with random data
until it is considered irretrievable.

Data can also be destroyed through degaussing, which destroys data on magnetic storage
tapes and disk drives by changing the magnetic field. One caveat with this method is that the
person who wishes to destroy data will need to know the exact strength of degaussing needed
for each tape type and drive. Storage media can also be destroyed by using a mechanical
device called a shredder to physically mangle tape, optical media and hard disk drives.

What is CyberSecurity?

Cybersecurity is the practice of protecting networks and systems, programs and sensitive
information from digital attacks.

Why Are Cyber Attacks Done?

The cyberattacks are done to access, change, or destroy sensitive data, extort money from
users, or interrupt normal business processes.

Why is Cybersecurity Important?

Cybersecurity is of prime importance for businesses of all sizes and across all industries to
keep the data of companies and their customers safe.

What are the challenges in cybersecurity implementation?

Implementing effective cybersecurity measures is challenging today because there are more
devices than people, and as attackers become more innovative.

Increasing global connectivity, outsourcing and usage of cloud services means a much larger
attack than in the past. In addition, third-party and fourth-party risks are on the rise, making.
The roles and responsibilities of cybersecurity professionals are even more critical for
reducing the risk of data breaches.

M.VIJITHA DEPT.PF COMPUTER SCIENCE PBSC ARTS AND SCIENCE