security attacks and its prevention

SECURITY ATTACKS AND ITS

PREVENTION

SRINATH REDDY DUDIBY

These are the attacks which made on our computers, mobiles, social accounts, and third party sites for stealing personal and sensible data.

ATTACKS ON PERSONAL DATA

BRUTE FORCE ATTACK

How It Works? How To Prevent?

Using Strong Password with combination of special characters and numbers.

Continously Logging into a Site with your username and a random password.

COOKIE STEALING

How It Works? How To Prevent?

Removing Untrusted and Unknown Applications Running in the Background.

Stealing login session cookies of websites you logged in.

KEYLOGGER

How It Works? How To Prevent?

Removing Untrusted and Unknown Applications Running in the Background.

Records and sends all the keys pressed in your keyboard to the attacker.

ATTACKS WITH PIRATED SOFTWARES

How It Works? How To Prevent?

Avoiding use of pirated softwares.

Installing Malware with pirate softwares which run in the background.

PHISHING PAGES

How It Works? How To Prevent?

Identifying the fake and original webpage byLooking at domain Name.

Creating a fake webpage which is identical to the original one and promoting users to login.

FAKE E-MAIL

How It Works? How To Prevent?

Confirming with the officials before replying to the e-mail.

By looking at the mail server domain.

Sending a fake e-mail with an official e-mail address to steal sensitive information.

FAKE E-MAIL SCRIPT IN PHP

<?php

mail('someone@example.com','subject of e-mail','body of e-mail','From: user@example.com');

?>

SOCIAL ENGINEERING

How It Works? How To Prevent?

Using Different passwords for each and every site.

Hacking one Site and using its password to login to other sites.

FAKE E-COMMERCE SITES

How It Works? How To Prevent?

Using Credit card details on only trusted e-commerce stores.

Creating a fake e-commerce store to gain your credit card details.

ATTACKS WITH BROWSER TOOLBARS

How It Works? How To Prevent?

By Not Installing un trusted browser extensions or toolbars.

Installing a toolbar on your browser and it records all your browsing history and sensitive information.

ATTACKS WITH MOBILE APPS

How It Works? How To Prevent?

Not downloading untrusted and unknown applications.

An application on your mobile will record all your contacts, messages, files and send them to the attacker.

OPEN WIFI NETWORKS

How It Works? How To Prevent?

Not connecting to untrusted open wifi networks.

Open Wifi Networks will record all the packets sent and received through the network

FIREWALL

How It Works? How To Use?

Turning on the firewall.Filters every packet sent and received and blocks packets which come into the firewall filters.

These are the attacks which made on our websites to hack and steal our data and customers data.

ATTACKS ON OUR OWN SITES

TARGETTING VULNERABILITIES OF PROGRAMMING LANGUAGE

How It Works? How To Prevent?

Hiding file extension using url re-writing

By looking at the source language in which our site is written, Attackers try to exploit our site using the vulnerabilities of that language.

.HTACCESS CODE FOR HIDING FILE EXTENSION

“RewriteEngine OnRewriteRule ^([^\.]+)$ $1.html [NC,L]”

ATTACKS WITH FREE TEMPLATES

How It Works? How To Prevent?

Avoid using free themes and plugins.

Attackers add malicious code in themes and distribute them for free to hack sites

EMPLOYEES CAN STEAL INFROMATION BY ACCESSING DATABASE

How It Works? How To Prevent?

Using encrypted data fields for password in database(md5(), sha1(), sha2() ).

Employee’s or attackers who got access to database can view user passwords and login to the site.

SQL INJECTION

How It Works? How To Prevent?

Filtering special characters from the text fields before applying them to the sql query.

Attackers trick with the text fields to alter the sql query to gain access to the users profile.

DISTRIBUTED DENIAL OF SERVICE(DDOS) ATTACKS

How It Works? How To Prevent?

Using content delivery networks like cloudflare.

Attacking target site with a large no of hits by which the service stops responding.

ATTACKS ON CMS

How It Works? How To Prevent?

Keep updated with the CMS and its vulnerabilities.

Attacking third party content management system(CMS) by exploiting its vulnerabilities.

BRUTE FORCE ATTACK

How It Works? How To Prevent?

Using captcha and limiting the login attempts per day.

Continously Logging into a Site with your username and a random password.

ATTACKING WEB HOSTING PROVIDER

How It Works? How To Prevent?

Hiding web hosting provider using cloudflare.

Attackers target web hosting provider and use vulnerabilitites to hack your site.

ATTACKING DOMAIN NAME PROVIDER

How It Works? How To Prevent?

Using private whois information to hide your domain data.

Attackers target domain name provider and use vulnerabilitites to hack your site.

ATTACKING FILE UPLOAD FEATURE

How It Works? How To Prevent?

Filtering the file types in file upload dialogue.

Attackers upload malicious scripts to your site with file upload feature to hack your site.

SOME MORE TIPS…….

Hosting Sites on trusted Service Providers

Performing Penetration Testing Using Firewall On Web Server Turning off Directory Listing Using Trusted Content Delivery

Networks. Using Trusted Third Party API’s and

Scripts.

REFERENCES……

https://httpd.apache.org/docs/current/rewrite/

http://php.net/manual/en/security.hiding.php

https://msdn.microsoft.com/en-us/library/cc875811.aspx

https://www.webhostinghero.com/who-is-hosting/

https://www.cloudflare.com/ https://www.kali.org/

ANY QUESTIONS ?