11. What is the main objective of Cyber Security?

Cyber security aims to maintain secure data storage, manage access, and prevent unlawful data processing, transfer, or deletion. It protects information’s confidentiality, integrity, and availability. A variety of cyber security techniques are implemented to protect networks and computer hardware from malicious attacks and harm. Organizations develop security goals and policies based on the cyber security criteria that must be met.

12. What is phishing?

Phishing is a type of cyber attack. It involves sending fake emails and messages to trick people into providing sensitive information, including credit card details and passwords. It can be carried out through social media, phone calls, or SMS messages. These attacks can take various forms, such as spear phishing targeting popular or high-profile individuals. They often result in severe consequences for individuals and organizations, such as identity theft and financial loss. It is essential to be aware of suspicious emails and messages to protect sensitive data against cyber attacks like phishing. We can verify the authenticity of websites before entering sensitive information. It is advisable to use strong passwords and two-factor authentication whenever possible.

13. What is a firewall?

A firewall in cyber security is a network security system. It monitors and controls the incoming and outgoing network traffic based on an organization’s previously established security policies. Firewalls can be implemented as both software and hardware to protect organizations or individuals from potential cyberattacks. Monitoring network security and blocking suspicious traffic is essential to prevent unauthorized access.

14. What does XSS stand for? How can it be prevented?

XSS is an abbreviation for cross-site scripting. It is a web security flaw that allows an attacker to compromise user interactions with a susceptible application. It enables an attacker to bypass the same origin policy, which is intended to separate various websites.

Web developers should validate and clean user inputs, encrypt user-generated content before displaying it, use secure frameworks and libraries, secure cookies with HttpOnly and Secure flags, conduct routine security audits, instruct developers about security best practices, and keep all software components updated with security patches to prevent Cross-Site Scripting (XSS) attacks.

15. What do you mean by Network Sniffing?

Network Sniffing is a passive approach for monitoring network communication, decoding protocols, and inspecting headers and payloads for relevant information. It is a technique for both identifying and analyzing targets. Sniffers are used by attackers to capture data packets including sensitive passwords and account information. Sniffers are implemented in the system as hardware or software. A hostile intruder on a network can gather and analyze all network traffic by utilizing a packet sniffer in promiscuous mode.

16. What is cipher text?

Cipher texts refer to encrypted or encoded messages that people can not understand. Ciphertext can be understood only when it is decrypted using the key. It is an essential part of cyber security as it helps to maintain the authenticity and confidentiality of sensitive data. Cipher texts are crucial in securing data during communication, transmission, and storage.

17. What is encryption?

Encryption in cyber security is the process of converting plain text into cipher text. It protects sensitive information, such as login credentials, credit card details, and passwords, from potential cyber-attacks. It uses complex algorithms to encrypt the plain text that people can not understand until authorized users with a key or password decrypt it.

18. What is decryption?

Decryption is the process of converting cipher text to plain text. It involves using a key to unlock the encryption algorithm used to decrypt cipher text that people can understand. It ensures that only authorized users can interpret and access sensitive information.

19. What is cryptography?

It is a technique through which we convert plain text to ciphertext and ciphertext to plain text. Plain text is a message that can be understood and read by any human, whereas Cipher text is an encrypted message that can only be read but can not be understood. Plain text is converted to cipher text using a key and vice versa. With this key, we can decode the cipher text into plain text.

20. What are Kerberos?

Kerberos is a network security protocol developed at MIT in the late ’80s and early ’90s for Project Athena. It is used to authenticate service requests between trusted hosts across the internet. To verify the user’s identity, Kerberos uses secret-key cryptography and a trusted authority to authenticate the application. It is implemented in big tech giants like Microsoft, Unix, and Apple.

21. What is a vulnerability assessment?

A vulnerability assessment identifies and evaluates the security weaknesses of an organization’s IT infrastructure and various digital assets. It is an essential component of any effective cyber-security program. Vulnerability assessment aims to identify vulnerabilities that attackers can exploit. It also analyzes the risk associated with different vulnerabilities and prioritizes them based on the attack’s impact.

22. What is a patch in cyber security?

A patch in cyber security is a software update that identifies a security weakness in an existing software application. Developers release patches to fix issues that may make a system or application vulnerable to cyber-attacks. It is essential to regularly apply patches to ensure our systems’ security and protect them against any potential attacks.

23. What is multi-factor authentication?

Multi-factor authentication in cyber security is a security mechanism. It requires users to provide more than one form of authentication factor, such as something they know, something they have, and something they are. These factors help to ensure authorized access to any application or system. Multi-factor authentication aims to increase the security of user authentication and makes it difficult for attackers to gain access to a system even if they have the password.

24. What is a Denial of Service attack?

A Denial of Service attack is a cyber attack that aims to disturb the functioning of a network or website. It does so by sending a massive volume of traffic to the target website from multiple sources; this makes it impossible to respond to any user requests or messages on the website. This results in financial and reputational damage.

25. What are the two types of attacks on message integrity?

Message integrity is an essential aspect of cyber security. It refers to the assurance that the message is authentic and is not altered or disclosed. It ensures the confidentiality and integrity of data. We can use cryptographic techniques, such as digital signatures, to ensure message integrity and protect data from unauthorized access and modification. The two types of attacks in message integrity are as follows –

• Passive attack:  Here, an unauthorized party has access to the data. They do not alter the data, but their objective might be to read for pleasure or eavesdrop. For example – a user is passive during the information-gathering phase. When this user plans on an attack later, they might be a passive adversary, meaning that their actions are harmless and limited only to eavesdropping on the messages transmitted through the network channel.
• Active attack: An active attack is when an unauthorized party here has access to the data. An active adversary can perform several kinds of malicious actions, as listed below –
  1. Breach of the authenticity of the data by altering it during transmission.2. Saving the messages and denying access to the statements later.3. Attempt to masquerade as several users in the network channel.