Title unit3-b.pdf ✅

• Man-in-the-middle attack where the attacker sits between both parties communicating and replacing their messages with his message. In other words, both parties believe that they are talking to each other, but in reality, they are talking to the attacker. Types of active attacks: • Interruption: These attacks are also known as masquerade attacks, where an unlawful attacker tries to show themselves as another identity. • Modification of messages: A message has been tampered with or delayed, or reordered in some way to produce an unwanted effect. The integrity of the original data is violated when it is altered. Denial-of- service attacks, such as altering or flooding the network with deceptive data packets, can be used by unauthorized parties to gain access to and tamper with data. Authentication is under attack when something is manufactured. For example, a message saying “Allow Robert to read confidential file A” is changed to “Allow Thomas to read confidential file A.” • Repudiation occurs when the network is not completely secure, or the login credential has been tampered with. Using this attack, a malicious user can change the author’s information to save false data in log files, up to general data manipulation on behalf of others, similar to e-mail spoofing. • Replay make necessary passively capturing and transmitting a message to produce an authorized effect. Using this attack method, the attacker essentially hopes to copy all of the data on a network and then use it for their purposes in the future. User safety and security are compromised if a data breach occurs. • Denial of Service– It damages the normal operation of communication networks. This attack may target a specific individual; for example, all messages destined for a specific location are filtered out or suppressed. Other ways of denying service include overloading a network with messages or disabling the network altogether. • Fabrication: These attacks cause Denial of service attacks in which the attackers try to prevent legal users from preventing access to some services. In other words, the attacker gains access to the activities, and the permitted users are prohibited from using the services. Passive attack Passive attacks are the ones in which the attacker observes all the messages and copy the content of messages or information. They focus on monitoring all the transmissions and gaining data. The attacker does not try to change any data or information he gathers. Although there is no potential harm to the system due to these attacks, they can significantly threaten your data’s confidentiality. Unlike Active attacks, these are difficult to detect as it does not involve alteration in data or information. Thus, the victim doesn’t get any idea about the attack. Although it can be prevented using some encryption techniques. In this way, at any time of transmission, the message is in indecipherable form, so that hacker could not understand it. So this is the reason why more emphasis is given to prevention than detection. There are some protective measures that you can take to prevent these attacks. Avoid posting sensitive and personal information online as attackers can use it to hack your network. Use encryption for your messages and make them unreadable for any unintended intruder. Examples of Passive attacks • The attackers try to scan a device to find vulnerabilities, such as weak operating systems or open ports. • The hackers analyze and monitor a website’s traffic to see who visits it.

Cybercrime prevention methods Cyber security is the application of technologies, processes and controls to protect systems, networks, programs, devices and data from cyber-attacks. It aims to reduce the risk of cyber-attacks and protect against the unauthorized exploitation of systems, networks and technologies. What are the prevention methods of cyber-crime? How to protect yourself against cybercrime? Anyone using the internet should exercise some basic precautions. Here are some tips you can use to help protect yourself against the range of cybercrimes out there. • Use a full-service internet security suite For instance, Norton Security provides real-time protection against existing and emerging malware including ransomware and viruses, and helps protect your private and financial information when you go online. • Use strong passwords Don’t repeat your passwords on different sites, and change your passwords regularly. Make them complex. That means using a combination of at least 10 letters, numbers, and symbols. A password management application can help you to keep your passwords locked down. • Keep your software updated This is especially important with your operating systems and internet security software. Cybercriminals frequently use known exploits, or flaws, in your software to gain access to your system. Patching those exploits and flaws can make it less likely that you’ll become a cybercrime target. • Manage your social media settings Keep your personal and private information locked down. Social engineering cybercriminals can often get your personal information with just a few data points, so the less you share publicly, the better. For instance, if you post your pet’s name or reveal your mother’s maiden name, you might expose the answers to two common security questions. • Strengthen your home network