Upload
others
View
6
Download
0
Embed Size (px)
Citation preview
INTERNATIONAL JOURNAL OF TECHNOLOGY AND COMPUTING (IJTC)
ISSN-2455-099X,
Volume 4, Issue 4 April, 2018
IJTC201804002 www. ijtc.org 43
An Evaluation of Prevent Hacking all the way
through Cyber Security 1Aarsh Jawa, 2Arpit Mishra
1,2 B.Tech,CSE Department, CGC Technical Campus,Jhanjeri (Mohali),India1
[email protected], [email protected]
Abstract: This analysis paper discusses the subject of cyber crime well, additionally because the varieties, strategies and effects of cyber
crimes on a network or a pc. Information has become like Associate in nursing quality that must be shielded from attacks. During this
paper, varied techniques, square measure given for the interference of the Active and Passive attacks. Some strategies square measure
delineate to forestall ourselves from cyber attacks, viruses or malwares. By following the strategies delineate during this analysis paper
one may be shielded from cyber attacks or hacking.
Keywords: Firewall, Honeypot, Intrusion detection system, Network security tools, Security.
I. INTRODUCTION
The usually accepted definition of cyber security is that the
protection of any ADPS, code program, and information
against unauthorized use, disclosure, transfer, modification,
or destruction, whether or not accidental or intentional. Here,
our major goal is to supply “information security” {of
information|of knowledge|of information} throughout on-
line or offline mode and to guard information from the “black
hat hacker” throughout on-line data transfer. Cyber attacks
will return from internal networks, the web, or different non-
public or public systems. E-mail and also the net square
measure the 2 main attack vectors employed by hackers to
infiltrate company networks. Businesses and people round
the globe have felt the sting of cyber intruders UN agency
attack structure networks with relative exemption. Some
attacks solely deface a web site, whereas others lead to
important embarrassment or loss. Whereas it's nearly not
possible to prevent some attacks, it's necessary for
organizations to acknowledge the distinction between
passive attacks and active attacks and also the shocking risks
of passive attacks. Network security is that the method by
that digital info assets square measure protected the goals of
security square measure to guard confidentiality, maintain
integrity, and assure accessibility. To secure the knowledge
and also the entire network system, one specific
methodology is needed which may be capable of providing
the entire security solutions. When a hacker infiltrates your
computer, smart phone or your online cloud account, the
outcome could be incredibly terrible for you and your family.
We never know if that hacker works for an organization and
plans to share your private data with them. That organization
may be a communal company which strategy to use your data
for marketing purposes. That organization can also be a
revolutionary group which plans to use your data for all the
erroneous reasons.
II. THE CHALLENGE
No matter what strategy is adopted, breaches can occur. It's
nearly not possible to require advantage of our
connectedness while not being in danger. Defensive
technologies like firewalls, passwords, encryption, physical
barriers, and authentication mechanisms are necessary to
keep up however alone haven't been effective in eliminating
breaches or predicting wherever following attack can occur.
Their worth as complete security measures are going to be of
restricted use in fighting more and more refined, innovative,
and well-funded cyber criminals. The rising challenge is to
search out additional prophetical ways of distinctive threats,
mitigating their impact, ANd managing an agile cyber
security operation that may each creatively and effectively
maintain protection. In attempt that challenge, it's necessary
to acknowledge that:
1) It isn't economical to guard each piece of knowledge and
each plus to constant extent.
2) A balance between the proper to privacy with the
requirement to guard nations, enterprises and people
from intrusions should be negotiated.
3) Attribution and severe penalties for cyber crime should be
additional uniformly completed among the multi-
national communities.
4) The challenge is nice and needs contemporary ways that to
mix individuals, processes, technology, and shared
information to guard societies from rising threats to
security.
While your pc is joined to the web, the malware a hacker has
put in on your laptop quietly transmits your personal and
monetary info while not your information or consent. Or, a
pc predator might pounce on the personal info you
unknowingly unconcealed. In either case, they may:
Hijack your usernames and passwords
Steal your money and open credit card and bank
accounts in your name
Ruin your credit
Request new account Personal Identification
Numbers (PINs) or additional credit cards
Make purchases
Add themselves or an alias that they control as an
authorized user so it’s easier to use your credit
Obtain cash advances
Use and abuse your Social Security number
IJTC.O
RG
INTERNATIONAL JOURNAL OF TECHNOLOGY AND COMPUTING (IJTC)
ISSN-2455-099X,
Volume 4, Issue 4 April, 2018
IJTC201804002 www. ijtc.org 44
Sell your information to other parties who will use
it for illicit or illegal purposes.
III. ATTACKS
The motive for an attack depends on the attacker. A teenager
with too much time on his hands may be just playing around
to see what he can do without getting caught. On the other
hand, an experienced cyber criminal may be looking for user
credentials or credit card information that he can steal and
sell to others for illegal use. The motive determines to some
degree, the degree of impact on the organization and its
reputation.
A. TYPES OF ATTACKS
a) Passive Attacks
A passive attack involves somebody listening in on
telecommunications exchanges or passively recording laptop
activity. AN example of the previous is AN assaulter sniffing
network traffic employing a protocol instrument or another
packet capturing package. The assaulter finds the way to plug
into the network and begins capturing traffic for later
analysis. Different attackers think about key loggers,
typically as a worm in an exceedingly "free transfer," to
record keystrokes like user IDs and passwords. The goal,
notwithstanding the tactic, is simply to pay attention and
record the information passing through. The passive attack
itself isn't harmful, per se, however the knowledge gathered
throughout the session may be very damaging.
b) Active Attack
Active attacks on computers involve victimisation data
gathered throughout a passive attack, like user IDs and
passwords, or associate degree outright attack victimisation
technological "blunt instruments." Such instruments embody
word batty, denial-of-service attacks, email phishing attacks,
worms and different malware attacks. In a full of life attack,
the aggressor is resolute bring an internet site down, steal
data or perhaps destroy computing instrumentality. As
network directors install defenses against existing attack
tools, hackers develop a lot of refined tools and also the game
of technology leapfrog continues.
IV. PREVENTIONS
a) Registry Settings
Below Is the Recommended Registry key configuration to
ruin DOS Attacks
Caution: Incorrectly editing the registry may harshly
damage your system. Before you make changes to the
registry, one should back up any important data on the
computer. You can also use the Last Known Good
Configuration start-up option if you encounter problems
after manual changes have been applied.
These registry key settings can be implemented to enable
protection against DoS attacks:
hkey_local_machine \system \currentcontrolset \services
\tcpip \parameters \synattackprotect=1 REG_DWORD
hkey_local_machine \system \currentcontrolset \services
\tcpip \parameters
\tcpmaxconnectresponseretransmissions=2 REG_DWORD
hkey_local_machine \system \currentcontrolset \services
\tcpip \parameters \tcpmaxdataretransmissions=3
REG_DWORD
hkey_local_machine \system \currentcontrolset \services
\tcpip \parameters \enablepmtudiscovery=0 REG_DWORD
b) Steps to Follow
1. Deploy an antivirus program and firewall into your
network if not already done. This helps in restricting the
bandwidth usage to authenticated users only.
2. Server configuration can help diminish the probability of
being attacked. If you’re a network administrator at
some firm, take a look at your network configurations
and harden the firewall policies to block out
unauthenticated users from addressing the server’s
resources.
3. Ad-Blocker Must Be used to ensure Web Safety.
4. Cloud Backup Should be maintained regularly so that in
case of any attack the data can be recovered back.
5. Using Honeypot technique as it offers a fast and
effective way to prevent spam.
6. Open ports on a server are a security vulnerability that
can potentially allow a hacker to exploit services on
your network. So closing unused ports is a good safety
measure.
7. Turn Off Ping Service
8. Bind IP To MAC Address
9. Use Intrusion Detection Systems (IDS) and Intrusion
Prevention Systems (IPS) for security visibility, denial
of - service (DoS) protection, anti-hacking detection,
and e -commerce business defences. [1]
10. Use reputable antivirus software and a firewall.
Maintaining a strong firewall and keeping your
security software up to date are critical.
11. Do make sure that all systems and software are up-to-
date with relevant patches.
12. Do employ content scanning and filtering on your mail
servers.
13. Uses strong encryption to perform daily transaction on
the web when you transfer your personal
information, can use SSL (Digital Certificate) which
being hard for intruders.
14. Use antivirus program to detect and prevent from the
viruses
15. Use a “passphrase” that is easy to remember —
E@tUrVegg1e$ (Eat your veggies) and make sure to use
a combination of upper and lower case letters, numbers,
and symbols to make it less susceptible to brute force
attacks. Try not to use simple dictionary words as they
are subject to dictionary attacks – a type of brute force
attack.
16. Do not share or write down any “passphrases.”
IJTC.O
RG
INTERNATIONAL JOURNAL OF TECHNOLOGY AND COMPUTING (IJTC)
ISSN-2455-099X,
Volume 4, Issue 4 April, 2018
IJTC201804002 www. ijtc.org 45
17. Communicate/educate your employees and executives on
the latest cyber security threats and what they can do to
help protect critical information assets.
18. Do not click on links or attachments in e-mail from
untrusted sources.
19. Do not send sensitive business files to personal email
addresses.
20. Have suspicious/malicious activity reported to security
personnel immediately.
21. Secure all mobile devices when traveling, and report lost
or stolen items to the technical support for remote
kill/deactivation.
22. Educate employees about phishing attacks and how to
report fraudulent activity.
In this modern age, it seems almost impossible to avoid being
a victim of cybercrime, with all the advancements in
technology which make it easy for someone to perform
cybercrimes. In light of this, there are some ways however to
avoid becoming a victim of cybercrime. Users must install
and keep up-to-date antivirus programs, firewalls and
spyware checkers. Along with keeping them up to date, users
must make sure that they run the scans regularly. The easiest
way to protect a network from an outside attack is to close it
off completely from the outside world. A closed network
provides connectivity only to trusted known parties and sites
[2].
V. CONCLUSION
The risks of cybercrime are very real and too threatening to
be ignored. Every franchisor and licensor, indeed every
business owner, has to face up to their vulnerability and do
something about it. At the very least, every company must
conduct a professional analysis of their cyber security and
cyber risk or engage in a prophylactic plan to minimize the
liability and insure against losses to the greatest extent
possible and implement and promote a well-thought out
cyber policy, including crisis management in the event of a
worst case scenario. Nevertheless, business should employ
practices where their employees follow proper safety
practices to ensure that integrity and confidentially of stored
information is kept at all times to combat cybercrimes. Safety
practices like ensuring that staying off game sites on
company time where viruses can be downloaded, forwarding
chain emails, leaving workstation unattended or password
sharing over virtual mediums should be prohibited.
Preventions for attacks like ransom ware are also described
in this research paper with all these safety practices
implemented, it can be said that the safety of many clients
stored information is optimal.
REFERENCES
[1]. Network Security: Attacks, Tools and Techniques
Vandna, Dr. Ritu Sindhu (IJSRM)
[2]. A Review on Network Security Threats and Solutions
Prakhar Golchha , Rajesh Deshmukh , Palak Lunia
[3]. https://en.wikipedia.org/wiki/Computer_security
[4]. https://www.cso.com.au/article/618875/top-5-cyber-
security-tips-keep-hackers-away/
[5]. https://www.webroot.com/us/en/home/resources/article
s/pc-security/computer-security-threats-hackers
IJTC.O
RG