SPAM
Spam is a broad term and applies to various digital platforms like messaging, forums, chatting, emailing, advertisement, etc.
However, the widely recognised form is email spam.
Depending on their requirements, organisations or individuals buy or create a mailing list(list of email addresses) and repeatedly send advertisement links and invitation emails to a large number of users.
This creates unnecessary junk in the inbox of the receiver’s email and often tricks a user into buying something or downloading a paid software or malware.
Nowadays, email services like Gmail, etc. have an automatic spam detection algorithm that filters emails and makes things easier for the end users.
A user can also mark an undetected unsolicited email as “spam”, thereby ensuring that such type of email is not delivered into the inbox as normal email in future.
Difference between HTTP vs HTTPS
Both the HTTP (Hyper Text Transfer Protocol) and its variant HTTPS (Hyper Text Transfer Protocol Secure) are a set of rules (protocol) that govern how data can be transmitted over the WWW (World Wide Web).
They provide rules for the client web browser and servers to communicate.
HTTP sends information over the network as it is. It does not scramble the data to be transmitted, leaving it vulnerable to attacks from hackers.
Hence, HTTP is sufficient for websites with public information sharing like news portals, blogs, etc.
However, when it comes to dealing with personal information, banking credentials and passwords, we need to communicate data more securely over the network using HTTPS.
HTTPS encrypts the data before transmission. At the receiver end, it decrypts to recover the original data. The HTTPS based websites require SSL Digital Certificate.
ANTIVIRUS
Antivirus is a software, also known as anti-malware. Initially, antivirus software was developed to detect and remove viruses only and hence the name antivirus. Later, it has evolved and now comes bundled with the prevention, detection and removal of a wide range of malware.
Methods of Malware Identification used by Antivirus
a. Signature-based detection:
In this method, an antivirus works with the help of a signature database known as “Virus Definition File (VDF)”.
This file consists of virus signatures and is updated continuously on a real-time basis.
This makes the regular update of the antivirus software a must. If there is an antivirus software with an outdated VDF, it is as good as having no antivirus software installed, as the new malware will infect the system without getting detected.
This method also fails to detect malware that has an ability to change its signature (polymorphic) and the malware that has some portion of its code encrypted.
b. Sandbox detection:
In this method, a new application or file is executed in a virtual environment (sandbox) and its behavioural fingerprint is observed for a possible malware.
Depending on its behaviour, the antivirus engine determines if it is a potential threat or not and proceeds accordingly.
Although this method is a little slow, it is very safe as the new unknown application is not given access to actual resources of the system.
c. Data mining techniques:
This method employs various data mining and machine learning techniques to classify the behaviour of a file as either benign or malicious.
d. Heuristics:
Often, a malware infection follows a certain pattern. Here, the source code of a suspected program is compared to viruses that are already known and are in the heuristic database.
If the majority of the source code matches with any code in the heuristic database, the code is flagged as a possible threat.
e. Real-time protection:
Some malware remains dormant or gets activated after some time. Such malware needs to be checked on a real-time basis. b In this technique, the anti-malware software keeps running in the background and observes the behaviour of an application or file for any suspicious activity while it is being executed i.e. when it resides in the active (main) memory of the computer system.
HACKERS AND CRACKERS
Hackers and crackers are people having a thorough knowledge of the computer systems, system software (operating system), computer networks and programming.
They use this knowledge to find loopholes and vulnerabilities in computer systems or computer networks and gain access to unauthorised information.
White Hats:
If a hacker uses its knowledge to find and help in fixing the security flaws in the system, its termed as White Hat hacker.
They are actually security experts. organisations hire ethical or white hat hackers to check and fix their systems for potential security threats and loopholes.
Black Hats:
If hackers use their knowledge unethically to break the law and disrupt security by exploiting the flaws and loopholes in a system, then they are called black hat hackers.
Grey Hats:
It represents the class of hackers that are neutral, they hack systems by exploiting its vulnerabilities, but they don’t do so for monetary or political gains. The grey hats take system security as a challenge and just hacksystems for the fun of it.
SNOOPING
Snooping means secretly listening to a conversation. In the context of networking, it refers to the process of secret capture and analysis of network traffic. It is a computer program or utility that has a network traffic monitoring capability.
In this attack, the hacker taps or listens to a channel of communication by picking all of the traffic passing through it.
Once the network packets are analysed by the snooping device or software, it reproduces the exact traffic packets and places them back in the channel, as if nothing has happened.
So, if the data that is being sent over the network is not encrypted, it is vulnerable to snooping and eventually may cause serious damage, depending upon the type of information leak.
However, snooping is not always an attack, at times it is also used by network administrators for troubleshooting various network issues.
Snooping is also known as sniffing. Various snooping software exist that act as network traffic analyser. Besides, various network hubs and switches have a SPAN (Sniffer Port Analyser) port function for snooping.
EAVESDROPPING
The term eavesdropping has been derived from the literal practice of secretly listening to the conversations of people by standing under the eaves of a house.
Unlike snooping, where the network traffic can be stored for later analysis, eavesdropping is an unauthorised real-time interception or monitoring of private communication between two entities over a network.
Digital devices like laptops and cell phones that have a built-in microphone or camera can be easily hacked and eavesdropped using rootkit malware.
Eavesdropping is different from snooping. While the former happens in real time, the latter does not.
However, in snooping, that person may make a copy of a letter that is addressed to your friend and keep the copy with himself and send the original letter to the intended address.
COOKIES
The term "cookie" was derived from the term "magic cookie" used by Unix programmers to indicate a packet of data that a program receives and sends it back unchanged.
A computer cookie is a small file or data packet, which is stored by a website on the client’s computer.
A cookie is edited only by the website that created it, the client’s computer acts as a host to store the cookie.
Cookies are used by the websites to store browsing information of the user.
A cookie can also be used to store other user-centric information like login credentials, language preference, search queries, recently viewed web pages, music choice, favourite cuisine, etc., that helps in enhancing the user experience and making browsing time more productive. Depending upon their task, there are different types of cookies. c Session cookies keep track of the current session and even terminate the session when there is a time-out (banking website). So, if you accidentally left your e-banking page open, it will automatically close after the time-out.
Authentication cookies are used by a website to check if the user is previously logged in (authenticated) or not. This way, you don’t need to login again and again while visiting different web pages or links of the same website.
Threats due to cookies:
Cookies are used for enhancing the user’s browsing experience and do not infect your computer with malware.
However, some malware might disguise as cookies.
E.g.: supercookies.
There is another type of cookie known as “Zombie cookie” that gets recreated after being deleted.
Some third-party cookies might share user data without the consent of the user for advertising or tracking purposes.
Thus, one should be careful while granting permission to any websites to create and store cookies on the user computer.
FIREWALL
Computer firewall is a network security system designed to protect a trusted private network from unauthorised access or traffic originating from an untrusted outside network (e.g., the internet or different sections of the same network) to which it is connected. Firewall can be implemented in software, hardware or both.
A malware like worm has the capability to move across the networks and infect other computers. The firewall acts as the first barrier against malware.
A firewall acts as a network filter and based on the predefined security rules, it continuously monitors and controls the incoming and outgoing traffic.
Types of Firewall:
a. Network Firewall: If the firewall is placed between two or more networks and monitors the network traffic between different networks, it is termed as Network Firewall.
b. Host-based Firewall: If the firewall is placed on a computer and monitors the network traffic to and from that computer, it is called a host-based firewall.
