SlideShare a Scribd company logo

Cyber security.docx

Download as DOCX, PDF
S
saivarun91

The document discusses email phishing attacks and strategies to prevent them. It defines the attack surface as all possible entry points for unauthorized access, such as vulnerabilities, devices, and network nodes. Phishing works by tricking users into clicking links or entering login credentials on fake websites that look like legitimate ones. The document recommends educating users about phishing, punishing attackers legally, detecting and blocking phishing websites, and using technical methods like spam filters to stop phishing emails. It prioritizes improving remote access policies, separating personal and work data, frequently updating security systems, strong passwords, multi-factor authentication, and security training for employees.

Engineering
1 of 4
Download to read offline
1
2
3
4
Abstract: We cannot imagine a day without a computer especially without Internet. E-Mail is one of the primary ways through which we communicate. We not only use it every day for official communication but also to be in touch with our friends and relatives. As E-Mail plays a vital role in communication globally for communication and sharing of data as well. The security issues also have increased. The major problem or the attack on E-Mail by the hackers nowadays is known as E-Mail Phishing. It is the right time to secure the data communicated over mail even on trusted network. Cyber criminals craft these emails to look convincing, sending them out to literally millions of people around the world. The criminals do not have a specific target in mind, nor do they know exactly who will fall victim. They simply know the more emails they send out, the more people they may be able to fool. In this paper we are analyzing the various ways in which the Phishing is achieved, the possible solutions and the awareness along with some tips to be away from a victim of Phishing attacks are discussed. Data collectionplan. ▪ Define and describethe attacksurface: A) Attack Surface Definition: The attack surface refers to the total number of possible entry points for unauthorized access into a system. All vulnerabilities and endpoints that could be utilized to conduct a cyber-attack are included. The attack surface refers to the entire region of an organization or system that is exposed to hacking. Most modern businesses have a large and complicated attack surface. As the number of devices, web apps, and network nodes grows, so does the number of potential cybersecurity threats. B) DescriptionofAttack Surface: The Attack Surfaces for the Authentication attacks on email servers, the cyber attacker goal is to fool us in to clicking on a link and taking you to the website that asks for your login and password, or perhaps your credit card or ATM number. These websites look exactly same like original website. Another attack is a type of phishing attack whereby a legitimate, and previously delivered, email containing an attachment or link has had its content and recipient address taken and used to create an almost identical or cloned email. The attachment or Link within the email is replaced with a malicious version and then sent from an email address spoofed to appear to come from the original sender. It may claim to be a resend of the original or an updated version to the original. This technique could be used to pivot from a previously infected machine and gain a foothold on another machine, by exploiting the social trust associated with the inferred connection due to both parties receiving the original email. When we feel we are hacked we have to change the passwords immediately, because most individuals use the same password for several sites thieves may already have access to your other accounts on popular sites. Taking the following steps can help organizations examine and decrease their physical and digital attack surfaces:
 Educate users to understand how phishing attacks work and be alert when phishing-alike e-mails are received.  use legal methods to punish phishing attackers  Use technical methods to stop phishing attackers.  Detect and block the phishing Web sites in time.  Enhance the security of the web sites.  Block the phishing e-mails by various spam filters. Potential Sources:  Be suspicious of any email that requires “immediate action” or creates a sense of urgency. This is a common technique used by criminals to rush people into making a mistake.  Be suspicious of emails addressed to Dear Customer or some other generic salutation. If it is your bank, they will know your name.  Be suspicious of grammar or spelling mistakes; most businesses proofread their messages carefully before sending them  Be suspicious of attachments and only open those that you were expecting. Prioritizing the workofSecurityAnalyst: In order to prioritize work, an analyst must first determine which vulnerabilities are most likely to be exploited. Effective IT teams employ cybersecurity reports, and then make controlling those vulnerabilities a top priority on any controls they deploy to safeguard their cyber assets. The Following are the Tasks that need to be prioritized for the Remote security work 1) The Need for Better Remote Access Policies: However, many business owners are unaware of the requirements for arobust remote access strategy. Expert advice is becomingincreasinglyvital to avoid major risks such as identitytheft, data breaches, and data loss, which affect all workers, not just remote workers. 2) Separating Personal and Work Data: The issue of mobile access security isn't new. Bring-your-own-device (BYOD) rules have become more common in recent years, and 69 percent of "IT decision-makers" say they are a good idea. Because 67 percent of employees use personal devices at work, employers should already have security processes in place to cope with the possible risks of mixing personal and corporate data. 3) Frequently update your network security systems: It's critical that network security systems, like as firewalls, antivirus software, and spam filtering tools, are installed on each device that remote employees use to access company or customer data, and that those systems are kept up to date. You can even consider investing in a mobile device management platform so that you can remotely delete a device of any sensitive data if it is lost or stolen.
4) Require employees to use strong and varied passwords. Weak passwords pose a major security risk to your organization, especially when remote work is involved, so it’s important that you advise your employees to use strong and varied passwords and to avoid reusing passwords. 5) Utilize multi-factor authentication: In order to authenticate their identity, multi-factor authentication (MFA) needs users to supply numerous pieces of information. Security questions, push notifications, personal identification numbers, and biometrics are all forms of MFA. 6) Train your employees well and supply them with robust IT support: The most effective remote work security measures begin with good training. Provide cybersecurity awareness training to your staff, and make sure your IT team is available to assist your remote workforce with any security problems. Stake Holders involved: 1.Chief Security officer (CSO) is the organization's chief security official; he gathers information from his team and prepares and publishes the organization's security standards and principles. 2.Security Analyst: Security Analysts reports to the CSO, they work on the company security. They are also involved in the preparation of guidelines, or any issues raised. 3.Forensic Team: forensics team help the company to investigate on the cybercrimes. We use them for investigating the cyber-attacks. DesignDiagram: Securityimplementationfor Accessingthe Company data and Apps
References: [1] Guidelines on Electronic Mail Security Recommendations of the National Institute of Standards and Technology Special Publication 800-45 Version 2. [2] M. Delany, “Domain-based email authentication using DNS , May 2007. http://ietf.org.html [3] A countermeasure to email sender address spoofing by Toshiyuki Tanaka, Akihiro Sakai, Yoshiaki Hori, Kouichi. [4] Techniques and tools for forensic Investigation of e-mail International Journal of Network Security & Its Applications (IJNSA), Vol.3, No.6, November 2011 [5] Cyber crime – prevention & detection by v.shiva kumar, Asst.director A.P.Police Academy. [6] http://www.antiphishing.org.

More Related Content

PPTX
Security threats and attacks in cyber security
Shri ramswaroop college of engineering and management
 
PPTX
Malicion software
A. Shamel
 
PPT
Chapter three e-security
Marya Sholevar
 
PPTX
Cyber security certification course
NishaPaunikar1
 
PPTX
What is Phishing - Kloudlearn
KloudLearn
 
PPT
Unit 4 e security
Dr. C.V. Suresh Babu
 
DOCX
Final report ethical hacking
samprada123
 
PPTX
Phishing Incident Response Playbook
Naushad CEH, CHFI, MTA, ITIL
 
Security threats and attacks in cyber security
Shri ramswaroop college of engineering and management
 
Malicion software
A. Shamel
 
Chapter three e-security
Marya Sholevar
 
Cyber security certification course
NishaPaunikar1
 
What is Phishing - Kloudlearn
KloudLearn
 
Unit 4 e security
Dr. C.V. Suresh Babu
 
Final report ethical hacking
samprada123
 
Phishing Incident Response Playbook
Naushad CEH, CHFI, MTA, ITIL
 

What's hot (20)

PPTX
Security Threats to Electronic Commerce
Darlene Enderez
 
PDF
E Commerce security
Mayank Kashyap
 
PDF
introduction to cyber security
Slamet Ar Rokhim
 
PPT
Security in e-commerce
SensePost
 
PPTX
Unit iii: Common Hacking Techniques
Arnav Chowdhury
 
DOCX
ethical hacking report
Akhilesh Patel
 
DOC
Data security
Laura Breese
 
PPTX
Introduction to Cyber Security
kailash shaw
 
PDF
Cyber Risk Quantification for Employees | Safe Security
Rahul Tyagi
 
PDF
CERT STRATEGY TO DEAL WITH PHISHING ATTACKS
csandit
 
PDF
04-1 E-commerce Security slides
monchai sopitka
 
PPTX
Understanding the Impact of Cyber Security in Health Care
Blue Cross Blue Shield of Michigan
 
PDF
Protecting Corporete Credentials Against Threats 4 48159 wgw03071_usen
CMR WORLD TECH
 
PPTX
E-commerce & Security
NetstarterSL
 
PPTX
What is a Malware - Kloudlearn
KloudLearn
 
PPTX
Presentation on cyber security
9784
 
PPTX
Information security
Laxmiprasad Bansod
 
PDF
e commerce security and fraud protection
tumetr1
 
PPTX
Hacking ppt
giridhar_sadasivuni
 
PPTX
Importance of cyber security in education sector
Seqrite
 
Security Threats to Electronic Commerce
Darlene Enderez
 
E Commerce security
Mayank Kashyap
 
introduction to cyber security
Slamet Ar Rokhim
 
Security in e-commerce
SensePost
 
Unit iii: Common Hacking Techniques
Arnav Chowdhury
 
ethical hacking report
Akhilesh Patel
 
Data security
Laura Breese
 
Introduction to Cyber Security
kailash shaw
 
Cyber Risk Quantification for Employees | Safe Security
Rahul Tyagi
 
CERT STRATEGY TO DEAL WITH PHISHING ATTACKS
csandit
 
04-1 E-commerce Security slides
monchai sopitka
 
Understanding the Impact of Cyber Security in Health Care
Blue Cross Blue Shield of Michigan
 
Protecting Corporete Credentials Against Threats 4 48159 wgw03071_usen
CMR WORLD TECH
 
E-commerce & Security
NetstarterSL
 
What is a Malware - Kloudlearn
KloudLearn
 
Presentation on cyber security
9784
 
Information security
Laxmiprasad Bansod
 
e commerce security and fraud protection
tumetr1
 
Hacking ppt
giridhar_sadasivuni
 
Importance of cyber security in education sector
Seqrite
 
Ad

Similar to Cyber security.docx (20)

DOCX
Learn About Social Engineering Services - Aardwolf Security
Aardwolf Security
 
DOCX
Article1DISCUSSION_1Information security within an organi
mallisonshavon
 
PDF
Edu 03 assingment
Aswani34
 
PPTX
Introduction to Cyber-Security beginners.pptx
ThirumalaiTrendchase
 
PDF
7 Types of Cyber Security Threats | The Lifesciences Magazine
The Lifesciences Magazine
 
PDF
The latest trends in cybersecurity and how to protect yourself.pdf
Cyberwing
 
PDF
Cybersecurity a short business guide
larry1401
 
PDF
Measure To Avoid Cyber Attacks
Skillmine Technology Consulting
 
PDF
Measures to Avoid Cyber-attacks
Skillmine Technology Consulting
 
PDF
Top Positive and Negative Impacts of AI & ML on Cybersecurity
PixelCrayons
 
PPTX
Cybersecurity Basics of awareness presentation .pptx
williambillrials
 
PPTX
Cybersecurity Basics of awareness presentation .pptx
williambillrials
 
PPTX
CyberCare Pro - Cybersecurity for SME's updated.pptx
margueritemcleod1
 
PPTX
Threat Intelligen.pptx
CompanySeceon
 
PPTX
Ceferov Cefer Intelectual Technologies
yusifagalar
 
PDF
90% of Data Breaches Start with Phishing—Here’s How to Protect Yourself.pdf
Enterprise world
 
PPTX
Cyber security
Akdu095
 
PPTX
Common Types of Cyber Attacks & How to Prevent Them.pptx
KalponikPrem
 
PPTX
Cybersecurity
A. Shamel
 
DOCX
UNIT-3.docx
CSEA18Arun537
 
Learn About Social Engineering Services - Aardwolf Security
Aardwolf Security
 
Article1DISCUSSION_1Information security within an organi
mallisonshavon
 
Edu 03 assingment
Aswani34
 
Introduction to Cyber-Security beginners.pptx
ThirumalaiTrendchase
 
7 Types of Cyber Security Threats | The Lifesciences Magazine
The Lifesciences Magazine
 
The latest trends in cybersecurity and how to protect yourself.pdf
Cyberwing
 
Cybersecurity a short business guide
larry1401
 
Measure To Avoid Cyber Attacks
Skillmine Technology Consulting
 
Measures to Avoid Cyber-attacks
Skillmine Technology Consulting
 
Top Positive and Negative Impacts of AI & ML on Cybersecurity
PixelCrayons
 
Cybersecurity Basics of awareness presentation .pptx
williambillrials
 
Cybersecurity Basics of awareness presentation .pptx
williambillrials
 
CyberCare Pro - Cybersecurity for SME's updated.pptx
margueritemcleod1
 
Threat Intelligen.pptx
CompanySeceon
 
Ceferov Cefer Intelectual Technologies
yusifagalar
 
90% of Data Breaches Start with Phishing—Here’s How to Protect Yourself.pdf
Enterprise world
 
Cyber security
Akdu095
 
Common Types of Cyber Attacks & How to Prevent Them.pptx
KalponikPrem
 
Cybersecurity
A. Shamel
 
UNIT-3.docx
CSEA18Arun537
 
Ad

Recently uploaded (20)

PDF
Human-AI Collaboration: Balancing Agentic AI and Autonomy in Hybrid Systems
ijccsa
 
PDF
Integrating Fractal Dimension and Time Series Analysis for Optimized Hyperspe...
acijjournal
 
PDF
Artificial Superintelligence (ASI) Alliance Vision Paper.pdf
SonaliPatil325517
 
PDF
UNIT no 1 INTRODUCTION TO DBMS NOTES.pdf
pawarbhaktiit
 
PDF
Categorization of Factors Affecting Classification Algorithms Selection
IJDKP
 
PPTX
Fundamentals of Mechanical Engineering.pptx
MdMowdudAhmed
 
PDF
86236642-Electric-Loco-Shed.pdf jfkduklg
ddeepakbhai790
 
PPT
Total quality management ppt for engineering students
juleeyadav818
 
PDF
EXPLORING LEARNING ENGAGEMENT FACTORS INFLUENCING BEHAVIORAL, COGNITIVE, AND ...
johnmathew9417
 
PDF
BIO-INSPIRED HORMONAL MODULATION AND ADAPTIVE ORCHESTRATION IN S-AI-GPT
ijaia
 
PPT
INTRODUCTION -Data Warehousing and Mining-M.Tech- VTU.ppt
Subramanyam Natarajan
 
PDF
R24 SURVEYING LAB MANUAL for civil enggi
MNANDITHACIVILSTAFF
 
PPTX
communication and presentation skills 01
CdtAfrazAttaullah
 
PDF
Level 2 – IBM Data and AI Fundamentals (1)_v1.1.PDF
KSRIHARISASANKA
 
PDF
III.4.1.2_The_Space_Environment.p pdffdf
sittiporn2
 
PPTX
Nature of X-rays, X- Ray Equipment, Fluoroscopy
DJERALDINAUXILLIAECE
 
PDF
Abrasive, erosive and cavitation wear.pdf
nfandraden
 
PPT
Introduction, IoT Design Methodology, Case Study on IoT System for Weather Mo...
MariaRufina4
 
PDF
Soil Improvement Techniques Note - Rabbi
rahmatideal000
 
PDF
SMART SIGNAL TIMING FOR URBAN INTERSECTIONS USING REAL-TIME VEHICLE DETECTI...
Niraj Aarya
 
Human-AI Collaboration: Balancing Agentic AI and Autonomy in Hybrid Systems
ijccsa
 
Integrating Fractal Dimension and Time Series Analysis for Optimized Hyperspe...
acijjournal
 
Artificial Superintelligence (ASI) Alliance Vision Paper.pdf
SonaliPatil325517
 
UNIT no 1 INTRODUCTION TO DBMS NOTES.pdf
pawarbhaktiit
 
Categorization of Factors Affecting Classification Algorithms Selection
IJDKP
 
Fundamentals of Mechanical Engineering.pptx
MdMowdudAhmed
 
86236642-Electric-Loco-Shed.pdf jfkduklg
ddeepakbhai790
 
Total quality management ppt for engineering students
juleeyadav818
 
EXPLORING LEARNING ENGAGEMENT FACTORS INFLUENCING BEHAVIORAL, COGNITIVE, AND ...
johnmathew9417
 
BIO-INSPIRED HORMONAL MODULATION AND ADAPTIVE ORCHESTRATION IN S-AI-GPT
ijaia
 
INTRODUCTION -Data Warehousing and Mining-M.Tech- VTU.ppt
Subramanyam Natarajan
 
R24 SURVEYING LAB MANUAL for civil enggi
MNANDITHACIVILSTAFF
 
communication and presentation skills 01
CdtAfrazAttaullah
 
Level 2 – IBM Data and AI Fundamentals (1)_v1.1.PDF
KSRIHARISASANKA
 
III.4.1.2_The_Space_Environment.p pdffdf
sittiporn2
 
Nature of X-rays, X- Ray Equipment, Fluoroscopy
DJERALDINAUXILLIAECE
 
Abrasive, erosive and cavitation wear.pdf
nfandraden
 
Introduction, IoT Design Methodology, Case Study on IoT System for Weather Mo...
MariaRufina4
 
Soil Improvement Techniques Note - Rabbi
rahmatideal000
 
SMART SIGNAL TIMING FOR URBAN INTERSECTIONS USING REAL-TIME VEHICLE DETECTI...
Niraj Aarya
 

Cyber security.docx

  • 1. Abstract: We cannot imagine a day without a computer especially without Internet. E-Mail is one of the primary ways through which we communicate. We not only use it every day for official communication but also to be in touch with our friends and relatives. As E-Mail plays a vital role in communication globally for communication and sharing of data as well. The security issues also have increased. The major problem or the attack on E-Mail by the hackers nowadays is known as E-Mail Phishing. It is the right time to secure the data communicated over mail even on trusted network. Cyber criminals craft these emails to look convincing, sending them out to literally millions of people around the world. The criminals do not have a specific target in mind, nor do they know exactly who will fall victim. They simply know the more emails they send out, the more people they may be able to fool. In this paper we are analyzing the various ways in which the Phishing is achieved, the possible solutions and the awareness along with some tips to be away from a victim of Phishing attacks are discussed. Data collectionplan. ▪ Define and describethe attacksurface: A) Attack Surface Definition: The attack surface refers to the total number of possible entry points for unauthorized access into a system. All vulnerabilities and endpoints that could be utilized to conduct a cyber-attack are included. The attack surface refers to the entire region of an organization or system that is exposed to hacking. Most modern businesses have a large and complicated attack surface. As the number of devices, web apps, and network nodes grows, so does the number of potential cybersecurity threats. B) DescriptionofAttack Surface: The Attack Surfaces for the Authentication attacks on email servers, the cyber attacker goal is to fool us in to clicking on a link and taking you to the website that asks for your login and password, or perhaps your credit card or ATM number. These websites look exactly same like original website. Another attack is a type of phishing attack whereby a legitimate, and previously delivered, email containing an attachment or link has had its content and recipient address taken and used to create an almost identical or cloned email. The attachment or Link within the email is replaced with a malicious version and then sent from an email address spoofed to appear to come from the original sender. It may claim to be a resend of the original or an updated version to the original. This technique could be used to pivot from a previously infected machine and gain a foothold on another machine, by exploiting the social trust associated with the inferred connection due to both parties receiving the original email. When we feel we are hacked we have to change the passwords immediately, because most individuals use the same password for several sites thieves may already have access to your other accounts on popular sites. Taking the following steps can help organizations examine and decrease their physical and digital attack surfaces:
  • 2.  Educate users to understand how phishing attacks work and be alert when phishing-alike e-mails are received.  use legal methods to punish phishing attackers  Use technical methods to stop phishing attackers.  Detect and block the phishing Web sites in time.  Enhance the security of the web sites.  Block the phishing e-mails by various spam filters. Potential Sources:  Be suspicious of any email that requires “immediate action” or creates a sense of urgency. This is a common technique used by criminals to rush people into making a mistake.  Be suspicious of emails addressed to Dear Customer or some other generic salutation. If it is your bank, they will know your name.  Be suspicious of grammar or spelling mistakes; most businesses proofread their messages carefully before sending them  Be suspicious of attachments and only open those that you were expecting. Prioritizing the workofSecurityAnalyst: In order to prioritize work, an analyst must first determine which vulnerabilities are most likely to be exploited. Effective IT teams employ cybersecurity reports, and then make controlling those vulnerabilities a top priority on any controls they deploy to safeguard their cyber assets. The Following are the Tasks that need to be prioritized for the Remote security work 1) The Need for Better Remote Access Policies: However, many business owners are unaware of the requirements for arobust remote access strategy. Expert advice is becomingincreasinglyvital to avoid major risks such as identitytheft, data breaches, and data loss, which affect all workers, not just remote workers. 2) Separating Personal and Work Data: The issue of mobile access security isn't new. Bring-your-own-device (BYOD) rules have become more common in recent years, and 69 percent of "IT decision-makers" say they are a good idea. Because 67 percent of employees use personal devices at work, employers should already have security processes in place to cope with the possible risks of mixing personal and corporate data. 3) Frequently update your network security systems: It's critical that network security systems, like as firewalls, antivirus software, and spam filtering tools, are installed on each device that remote employees use to access company or customer data, and that those systems are kept up to date. You can even consider investing in a mobile device management platform so that you can remotely delete a device of any sensitive data if it is lost or stolen.
  • 3. 4) Require employees to use strong and varied passwords. Weak passwords pose a major security risk to your organization, especially when remote work is involved, so it’s important that you advise your employees to use strong and varied passwords and to avoid reusing passwords. 5) Utilize multi-factor authentication: In order to authenticate their identity, multi-factor authentication (MFA) needs users to supply numerous pieces of information. Security questions, push notifications, personal identification numbers, and biometrics are all forms of MFA. 6) Train your employees well and supply them with robust IT support: The most effective remote work security measures begin with good training. Provide cybersecurity awareness training to your staff, and make sure your IT team is available to assist your remote workforce with any security problems. Stake Holders involved: 1.Chief Security officer (CSO) is the organization's chief security official; he gathers information from his team and prepares and publishes the organization's security standards and principles. 2.Security Analyst: Security Analysts reports to the CSO, they work on the company security. They are also involved in the preparation of guidelines, or any issues raised. 3.Forensic Team: forensics team help the company to investigate on the cybercrimes. We use them for investigating the cyber-attacks. DesignDiagram: Securityimplementationfor Accessingthe Company data and Apps
  • 4. References: [1] Guidelines on Electronic Mail Security Recommendations of the National Institute of Standards and Technology Special Publication 800-45 Version 2. [2] M. Delany, “Domain-based email authentication using DNS , May 2007. http://ietf.org.html [3] A countermeasure to email sender address spoofing by Toshiyuki Tanaka, Akihiro Sakai, Yoshiaki Hori, Kouichi. [4] Techniques and tools for forensic Investigation of e-mail International Journal of Network Security & Its Applications (IJNSA), Vol.3, No.6, November 2011 [5] Cyber crime – prevention & detection by v.shiva kumar, Asst.director A.P.Police Academy. [6] http://www.antiphishing.org.