Sunday, January 31, 2021

Windows Commands | Part-1

Windows Commands!

The most interesting work is to work in commands. It feels great like you are getting your desired information with your command over the computer. 

We all might be habituated in using CMD or Command line.

To start, just type> RUN> CMD> 

Then use the required Commands for day to day operation and network trouble shooting. Now lets keep some command shortcuts for reference purpose at here. Some Shortcut of CMD commands for use in Windows System!

Here are some of the collections. 

Accessibility Controls 

access.cpl

Add Hardware Wizard

hdwwiz.cpl

Add/Remove Programs

appwiz.cpl

Administrative Tools

control admintools

Automatic Updates

wuaucpl.cpl

Bluetooth Transfer Wizard

fsquirt

Calculator

calc

Certificate Manager

certmgr.msc

Character Map

charmap

Check Disk Utility

chkdsk

Clipboard Viewer

clipbrd

Command Prompt

cmd

Component Services

dcomcnfg

Computer Management

compmgmt.msc

Date and Time Properties

timedate.cpl

DDE Shares

ddeshare

Device Manager

devmgmt.msc

Direct X Control Panel (If Installed)*

directx.cpl

Direct X Troubleshooter

dxdiag

Disk Cleanup Utility

cleanmgr

Disk Defragment

dfrg.msc

Disk Management

diskmgmt.msc

Disk Partition Manager

diskpart

Display Properties

desk.cpl

Driver Verifier Utility

verifier

Event Viewer

eventvwr.msc

File Signature Verification Tool

sigverif

Findfast

findfast.cpl

Group Policy Editor (XP Prof)

gpedit.msc

Internet Properties

inetcpl.cpl

IP Configuration (Display Connection Configuration)

ipconfig /all

IP Configuration (Display DNS Cache Contents)

ipconfig /displaydns

IP Configuration (Delete DNS Cache Contents)

ipconfig /flushdns

IP Configuration (Release All Connections)

ipconfig /release

IP Configuration (Renew All Connections)

ipconfig /renew

IP Configuration (Refreshes DHCP & Re-Registers DNS)

ipconfig /registerdns

IP Configuration (Display DHCP Class ID)

iontrol Panel (If Installed)

Keyboard Properties

control keyboard

Local Security Settings

secpol.msc

Local Users and Groups

lusrmgr.msc

Logs You Out Of Windows

logoff

Mouse Properties

main.cpl

Network Connections

ncpa.cpl

Network Setup Wizard

netsetup.cpl

open Notepad

notepad

Password Properties

password.cpl

performance Monitor

perfmon

perfmon.msc

Phone and Modem Options

telephon.cpl

Power Configuration

powercfg.cpl

Regional Settings

intl.cpl

Registry Editor

regedit

Registry Editor

regedit32

Remote Desktop

mstsc

Removable Storage

ntmsmgr.msc

Removable Storage Operator Requests

ntmsoprq.msc

Security Center

wscui.cpl

Services

services.msc

Shared Folders

fsmgmt.msc

Shuts Down Windows

shutdown

Sounds and Audio

mmsys.cpl

SQL Client Configuration

cliconfg

System Configuration Editor

sysedit

System Configuration Utility

msconfig

System File Checker Utility (Scan Immediately)

sfc /scannow

System File Checker Utility (Scan Once At Next Boot)

sfc /scanonce

System File Checker Utility (Scan On Every Boot)

sfc /scanboot

System File Checker Utility (Return to Default Setting)

sfc /revert

System File Checker Utility (Purge File Cache)

sfc /purgecache 

- DR


at No comments:

Friday, January 29, 2021

Computer Networking Question & Answers | Part- 1

Networking Questions & Answers |Part-1

I think to provide some Q&A session for self practice. This can be referred when ever is required. This QA has been collected from different part of internet just to keep them at once place in the blog. I may not cover all the data around world. 

HA HA...

I am going to publish as part wise like part-1, part-2 etc. 

These are not any exam dumps. These may not help you to clear the CCNA or any relevant networking exams. This is just for your understanding and brainstorming.

The basic question always starts from router and switch roles, OSI layers etc.

So, 

1) What are the OSI Layer and name those layers.

A: OSI layer known as Open Systems Interconnection and was created by ISO (International Organization of Standardization). There are 7 layers in OSI layer such as;

  • Application layer
  • Presentation layer
  • Session layer
  • Transport layer
  • Network layer
  • Data link layer
  • Physical layer

2) What is use of Flow Control?

A: The flow control provides a means for the receiver to govern the amount of data transmitted by the sender.

3) What is an IP address?

An Internet Protocol (IP) address is a numerical label that is assigned to devices participating in a computer network utilizing the Internet. It is a 32-bit number that identifies each sender or receiver of information that is sent in packets across the LAN /Internet. It has two parts: the identifier of a particular network on the Internet and an identifier of the particular device (which can be a server or a workstation) within that network. 

4) What is a subnet mask?

A subnet mask allows you to identify which part of an IP address is reserved for the network, and which part is available for host use. If you look at the IP address  alone, especially now with classless inter-domain routing, you can’t tell which part of the address is which. Adding the subnet mask, or net mask, gives you all the information you need to calculate network and host portions of the address with ease. In summary, knowing the subnet mask can allow you to easily calculate whether IP addresses are on. Subnetting enables the network administrator to further divide the host part of the address into two or more subnets.

5) What is ARP?

Short for Address Resolution Protocol, a network layer protocol used to convert an IP address into a physical address (called a DLC address), such as an Ethernet address. A host wishing to obtain a physical address broadcasts an ARP request onto the TCP/IP network. The host on the network that has the IP address in the request then replies with its physical hardware address. ARP is a very important part of IP networking. ARP is used  to connect OSI Layer 3 (Network) to OSI Layer 2 (Data- Link). For most of us, that means that ARP is used to link our IP addressing to our Ethernet addressing (MAC Addressing). For you to communicate with any device on your network, you must have the Ethernet MAC address for that device. If the device is not on your LAN, you go through your default gateway (your router). In this case, your router will be the destination MAC address that your PC will communicate with.

6) What is a default gateway? What happens if I don’t have one?

A default gateway is used by a host when an IP packet’s destination address belongs to someplace outside the local subnet. The default gateway address is usually an interface belonging to the LAN‘s border router.

In computer networking, a default network gateway is the device that passes traffic from the local subnet to devices on other subnets. The default gateway often connects a local network to the Internet, although internal gateways for connecting two local networks also exist.

7) What is a subnet?

A portion of a network which shares a network address in which each component is identified by a subnet number.

A subnet is a logical organization of network address ranges used to separate hosts and network devices from each other to serve a design purpose.

In many cases, subnets are created to serve as physical or geographical separations similar to those found between rooms, floors, buildings, or cities.

8) What is CIDR?

CIDR (Classless Inter-Domain Routing, sometimes known as super netting) is a way to allocate and specify the Internet addresses used in inter-domain routing more flexibly than with the original system of Internet Protocol (IP) address classes. As a result, the number of available Internet addresses has been greatly increased.

9) What is DHCP? What are the benefits and drawbacks of using it?

Benefits:

1. DHCP minimizes configuration errors caused by manual IP address configuration.
2. Reduced network administration.

Disadvantage

Your machine name does not change when you get a new IP address. The DNS (Domain Name System) name is associated with your IP address and therefore does change. This only presents a problem if other clients try to access your machine by its DNS name.

10) What are router interfaces? What types can they be?

Routers can have many different types of connectors; from Ethernet, Fast Ethernet, and Token Ring to Serial and ISDN ports.  Some of the available configurable items are logical addresses (IP,IPX), media types, bandwidth, and administrative commands. Interfaces are configured in interface mode which you get to from global configuration mode after logging in. The media type is Ethernet, Fast-Ethernet, Gigabit-Ethernet, Serial, Token-ring, or other media types. You must keep in mind that a 10Mb Ethernet interface is the only kind of Ethernet interface called Ethernet. A 100Mb Ethernet interface is called a Fast-Ethernet interface and a 1000Mb Ethernet interface is called a Gigabit-Ethernet interface.

11) How do I monitor IPSec?

To test the IPSec policies, use IPSec Monitor. IPSec Monitor (Ipsecmon.exe) provides information about which IPSec policy is active and whether a secure channel between computers is established.

12) How do I look at the open ports on my machine?


Windows: Open a command prompt (Start button -> Run-> type
“cmd”), and type:
netstat -a

Linux: Open an SSH session and type:
netstat -an

13) What protocol PPP uses to identify the Network layer Protocol?

A. NCP
B. ISDN
C.HDLC
D. LCP

A: NCP (Network Control Protocol)

14) What PPP protocol provides for dynamic addressing, authentication and multilink?

A. NCP
B. HDLC
C. LCP
D. X.25

A: LCP (Link Control Protocol)


15) What are two main types of ACL (access control list)?

A. Standard
B. IEEE
C. Extended
D. Specialized

A: Standard and Extended are used to configure security on a router. 

16) Which of the following protocol uses both TCP and UDP?

A. FTP
B. SMTP
C. Telnet
D. DNS

A: DNS

Remaining QA will be posted later post. 

-DR
at No comments:

Thursday, January 28, 2021

Cyber Security | A view on Data Privacy

Data Privacy

Today January 28 is recognized as Data Privacy Day. A relatively new but fast growing recognition in industry.

It is an international event, occurred and celebrated every year across globe. The purpose of this day is to raise awareness on Data Privacy and promote privacy and data protection.

Many countries have their standard and policy implemented so far on the data privacy. Europe has initiated its GDPR (General Data Privacy Regulation) and similarly others develop some standards like CIPP/E, CIPP/US by IAPP (International Association of Privacy Professionals).

As per wiki, The General Data Protection Regulation (EU) 2016/679 (GDPR) is a regulation in EU law on data protection and privacy in the European Union (EU) and the European Economic Area (EEA). It also addresses the transfer of personal data outside the EU and EEA areas. The GDPR's primary aim is to give individuals control over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU.[1] Superseding the Data Protection Directive 95/46/EC, the regulation contains provisions and requirements related to the processing of personal data of individuals (formally called data subjects in the GDPR) who are located in the EEA, and applies to any enterprise—regardless of its location and the data subjects' citizenship or residence—that is processing the personal information of individuals inside the EEA.
(Source: Wikipedia:https://en.wikipedia.org/wiki/General_Data_Protection_Regulation)

In India for the present time the data privacy act is in draft mode and under review process. May be within some years, it will be approved and implemented across the country. The Govt. may decide a particular standard to follow. However besides that, Data Security Council of India (DSCI) a setup by NASSCOM is working with the DSCI Security framework to comply many best practices. It also publishes white papers and studies. Please refer to DSCI website for more information. 

Many vendors provide service related to Data privacy across globe, their service includes but not limited to as below;
  • Register of data processing activities.
  • Data subject rights management.
  • International data transfers.
  • KPI / MI dashboard reporting. 
  • Policy and procedures maintenance.
  • Privacy Shield compliance assurance.
  • Data mapping. 
  • Privacy compliance assessments and Internal audits.
  • BCR application and maintenance. 
  • Monitoring of codes of conduct/certifications. 
  • Training.
  • Privacy crisis and incident management.
  • Shadow regulatory audits.
  • Risk Management
  • Privacy assessment
  • Breach Management
  • Records Management
  • Designing and implementing privacy practices that minimize risks associated with the collection of personal data
  • Data protection impact assessments
  • Data privacy process planning services
  • Document review and drafting services
  • Data protection gap analysis services
  • Personal data mapping services
  • Privacy user services
- DR

at No comments:

Tuesday, January 19, 2021

Cyber Security | Security Tips on Work from Home

Security Tips on Work from Home

Coronavirus Pandemic have enabled us to Work from Home. It means we have to setup an infrastructure at home to continue the Job. Home has become the new office. As on date of writing this post, many firms, organizations have resumed their office. But still the virus is not gone forever across globe. Many other strains of It has been mutated and infecting people somewhere. Keep the below tips for your reference while working at home. 

In general you need to focus on below points;

  • Network Security
  • Software and Asset Security
  • Email Security
  • Portable Media security
  • Password security and Management 
  • Privacy protection
  • Web security
  • Avoid Phishing traps

Below are the tips in descriptive to above areas of security:

  • In network security part, you must use secure Wi-Fi network and secure VPN connections. Always use the company provided VPN and links. Use encryption. Keep your Operating system software and other application software updated. Use licensed software and install security patches in time. Never install free antivirus, free games. 
  • Business Email is a critical part of communication. It is also one of methods that hackers use to gain access to sensitive information and organizational data. Use strong spam filtering option for official and personal emails. Never forward a company email to personal email accounts. Never enable macros in word files received from unknown senders.
  • Perform a routine scan on hard disk drive, USB drives using updated antivirus. Use encrypted USB drives.
  • There should be good and strong password management. Never share your password to others, not even to your boss. Keep the password using long phrases and use passwords with strict password policy like 8 characters with a combination of alphanumeric and special characters (#@$%*). Use passwords in regular intervals like your toothbrush. Use two-factor authentication (2FA) where it is available to ensure that the password is not enough to login or access.
  • While visiting multiple web sites or web surfing, do visit only trusted web sites by checking a lock symbol or https at the start of the web address. Disable auto downloads and check download folder in time. Never enable save password option in the browser while prompting.
  • Phishing has been rising now a days at every small to large organizations. It uses fraud messages and emails to trap the recipient. A common indicator can be helpful to know the phishing attack details.
  • Always check for wrong spellings, mistake in layouts, wrong mail address of sender, suspicious attachment, spoofed hyperlinks, generic signatures etc.


So in the last, keep your data baked up in time to avoid the loss of data. 

-DR
at No comments:

Cyber Security | Whatsapp Security Tips

Whatsapp Security Tips

Hey everyone, here I am sharing some tips for the largest used social messaging application "whatsapp". 

As we know No application, no service and no network has been proven to be unhackable in this digital world. Hackers are more and more ahead with help of latest technology.  Hackers are also certified peoples like technology peoples. Similarly Whatsapp now a days became largely used across globe with around more than 2 billion people. Data Privacy is the primary concern in this social messaging service. Presently many spam callers have targeted whatsapp users over voice and video call. Whatsapp conversations were not always private. Spyware attacks can be possible at whatsapp. There need to protect your chat or messages too. In order to use whatsapp in best way, below are few tips to consider.

  1. Turn on security notification. 
  2. Check your whatsapp privacy settings regularly and ensure it has been set as per your safety and concern. Go to Settings > Account > Privacy and you can hide your last seen status.
  3. To add extra layer of protection, always enable touch ID or Face ID for lock the application. In privacy you can find that option to enable or disable.
  4. Enable two-step verification option. In case your mobile is stolen it can help to secure your account.
  5. Keep your application updated always manually through google play store. Don’t trust the device push messages for update. 
  6. Never share personal information or data with people or account you don’t know.
  7. Never share your two-step verification code with others.
  8. Disable cloud/google drive backup or automatic back up if you worry of your private data. Whatsapp > Settings > Chats > Chat back up > Auto back up > off
  9. Don’t ever click on unknown links or open attachments directly sent from friends, known persons or unknown persons.
  10. Don’t click and share on advertisement links such as lottery wins or click and share and win type messages. 
  11. Don’t share your confidential data over social messaging app.

-DR

at No comments:

Cyber Security | DSCI tips on Cyber best Practices

Cyber Best Practices

Cyber Security Awareness Month just crossed on October 2020. This is the international cyber awareness month. Considering the work from home and  maximum digitization, cyber attacks, frauds are also rising rapidly.

Below are the infographics published by DSCI, India and is shared below for awareness which can be referred for the best practices to prevent the Digital Payment Frauds, Phishing Attack, Remote Access Trojan, Ransomware and social engineering.






Source: DSCI.in


-DR

at No comments:

Cyber Security | What is Social Engineering

 Social Engineering

When any personal information is deceitfully collected from someone rather than technical hacking, it is called social engineering. Techniques used for social engineering are as below;

  • A phishing attack 
  • Phone spoofing or SMS Spoofing

Social engineering has proven a very effective way for a attacker to get in to your organization or network. Once a social engineer has a trusted employee's password, he can simply log in and snoop around for sensitive data. With an access card or code in order to physically get inside a facility, the criminal can access data, steal assets or even harm people.

A good way to get a sense of what social engineering tactics you should look out for is to know about what's been used in the past.

Offer something sweet, Fake it till the successful, Act like you are in charge, 

Tips to avoid Social Engineering;

  • Train yourself or conduct security awareness drive.
  • Brief any attack suspect to peers or friends.
  • Test phishing reporting reporting system and incident management.

 The social engineering attacks can be grouped into three types:

  • Human-based
  • Mobile-based
  • Computer-base
Human-Based Attacks:

They may act as a legitimate user and request for information or they pose as a higher authority and may ask for sensitive information. They try to gather sensitive and confidential details.

Tailgating: When an authorized person arrives into a restricted area, the unauthorized person also enters the restricted AREA without the employee’s knowledge.

Piggybacking: Here the attacker may pose as an employee and ask the authorized employee to allow him to enter along with him. He may give fake reasons like he forgot his smart badge, etc.

Dumpster Diving: Any confidential or sensitive document should be properly shredded before disposed into the dustbin. If not, an attacker may just look into the dustbin to access the confidential information.

Eavesdropping: Unauthorized listening to conversations thereby collecting important data is called as eavesdropping.

Shoulder surfing: It is a direct observation technique like looking over someone’s shoulder to know the sensitive information like password, pin numbers, etc.


-DR
at 1 comment:

Cyber Security | Securing own network

Securing your own network

This is simple question in my mind too, how can I secure my network or my organization from cyber attacks and threats now a days? Generally it is known that security is a combination of technology, devices, applications, processes and peoples. Network security is a set of policies or measures to keep the network secure from attacks, threats. Network Security combines several layers of defenses at the network. It helps to protect the information and reputation of every organization. 

Security Solutions now a days;

There are the some common types of network security devices that can help in securing the network against attacks and cyber threats at smaller to large organizations such as;

  • Firewall
  • IDS (Intrusion Detection System)
  • IPS (Intrusion Prevention System)
  • UTM (Unified Threat Management)
  • Proxy Server
  • Web Filter
  • Network Load Balancer
  • Spam Filter
  • DDoS Protector
  • Ethernet Encryption Device
  • SIEM (Security Information and Event Monitoring)
Some Application level security which can also play big role in larger networks are as below;
  • Email Security
  • Antivirus
  • Data Leak Prevention (DLP) 
  • SOAR (Security Orchestration, Automation and Response) 
  • Vulnerability Assessment and Penetration Testing Tools
  • Encryption tools
  • Network Scanner
  • Traffic Analyzer
Security is a measure priority now a days. 

An administrator needs to implement administrative, physical and technical controls. Everyone plays a role in securing one organization's information and system. It saves the reputation of the Organization.

The attacks are to breach Confidentiality, Integrity and Availability (CIA) of an organization's assets.
 
-DR
at No comments:

Cyber Security | Data Security & Privacy

Data Security & Privacy

The exponential evolution of a global information economy, driven by new technologies and disruptive business models, means that an ever-increasing amount of personal data is being collected, used, exchanged, analyzed, retained, and sometimes used for commercial purposes. It also means there is an ever-increasing number of accidental or intentional data breaches, incorrect or lost data records, data theft, data manipulations and data misuse incidents.

Data privacy is a part of data protection rule. It is associated with the way to control the data handling and its compliance with the protection regulation. 

Compliance with the data protection laws and regulations.

On the other hand Data Security comprises a set of standards and different safeguards and measures that an organization is taking in order to avoid any third party from unauthorized access to digital data, or any intentional or unintentional alteration, deletion or disclosure of data. It emphases on the protection of data from malicious attacks and prevents the exploitation of stolen data, breach. 

Data Security includes Access control, Encryption, Network security, etc.

Regulatory margins such as GDPR, HIPAA, GLBA, or CCPA.

General Data Protection Regulation (GDPR) marked the first thoughtful intent to control the extreme exploitation of personal data and to fine both data processors and data controllers appropriately. However GDPR is not the first privacy law, but several data privacy laws before GDPR were outdated, given that both technology and the way we transfer and share our data has transformed greatly in just a few years.

Every individual should be aware that, what data is being collected from them via online or offline, why it's collected, for how long it will be used, with whom it will be shared. Always read the terms and conditions before sharing your personal data. 

Do you know, Health data are considered to be the most sensitive form of personal data and is accorded the highest level of privacy protection. A consent itself is the primary legal safeguard used to protect against privacy violation. Again a consent also gives absolute power to the data controller. On account of breach, the data controller will not be liable always.

So in the modern world, consent sometimes fails in safeguarding the privacy due to interconnected databases of the service providers in this digital age.

Conducting a Privacy Impact Assessment (PIA) where determining how and where data is stored, backed up, and disposed, what data security measures are taken in to consideration, and where systems may be vulnerable to a data privacy breach.

Adopting security measures on the privacy regulation such as;

  • Data Loss Prevention (DLP)
  • Data Masking
  • Data protection
  • User rights management
  • Privileged user access management
  • PIA and other audit assessments

#cybersecurity #dataprivacy #privacy 3.0

-DR

at No comments:

Cyber Security | Cyber Domains and Career path

Cyber Security domains overview

The cyber security domain is now a days very vast comparative to older times. The day by day creations of millions of threats play the vital role in it. The map of cyber security domain prepared by henry jiang is very interesting and understandable. 

The map have captured the key areas of cyber security practices which are again interconnected with each other. The map is not a standard nor a guide. 

Here is it for the overview on Multiple domains.



Source: Henry Jiang

It is distributed from framework & standard up to Risk assessment, Threat Intelligence, Security operation, Security Architecture, Governance and career development, etc. Please zoom in or download this image to see the clear view.

Anyone interested to start the career on cyber security can refer the image to know his/her self capability, skills and can plan for the future.  

-DR

at No comments:

Monday, January 18, 2021

Cyber Security | Tips on how to Prepare yourself from Cyber Attacks

 Tips | Prepare yourself for the cyber attacks

We should know the way to safeguard our self and our family and relatives from various kinds of cyber attacks.

The below are few tips which can  be considered for the future preparedness for the cyber attack.

  • Keep work device and personal devices separate.
  • Do not do personal works on business or work system. Try to avoid.
  • Keep Your antivirus software updated.
  • Always use paid antivirus for a updated virus engine data base. 
  • Up to date system, software patches in time.
  • Beware of Phishing emails in personal as well as work email.
  • Avoid who are asking personal data or information.
  • Think social engineering prevention measures.
  • Carry out tabletop exercises, vulnerability assessments, cyber security audits periodically if you are in an organization.
  • User awareness training or get trained on different techniques, tools, processes for the cyber security.
  • Make use of strong and complex passwords.
  • Change passwords in regular interval or use password management tool.
  • Refine Incident Response Plan.

Besides the above, we should always teach the young generation and elder peoples about the types of attacks, impact and tips on daily basis to avoid the loss.


-DR


at No comments:

Cyber Security | Cyber Stalking

Cyber Stalking

This is one of the harassment or threatening act frequently or repeatably done in internet by the cyber criminals/stalkers. The victim is get distracted and receives hate messages. The criminal uses voice chat, text, social media, messenger service etc. The criminal may have its ego, revenge, hate etc.

Tips to save your self and others from the Cyber stalking:-
  • Avoid communication with strangers/ criminals over internet.
  • Do not share your personal information including photos and videos no matter how safe you feel.
  • Do not use your real name, mobile number, email address visible to others.
  • Do not allow physical access or remote access to unknown people.
  • Always logout from web and applications.
  • Keep saved all the evidences (soft and hard copy) including email, chat data, photos, screen shots for future reference and reporting purpose.
  • Check and review your privacy settings in periodic manner.
  • If there is a relationship breakup, immediately change all your passwords and unfriend him/her for a good practice.
  • Practice data encryption.
  • Keep your password confidential and complex.
  • If any incident happens always consult your family, friends and trusty people about the harassment for strong support. 
  • Keep yourself searching at web to check any duplicate profile or any wrong information is circulated or not about you.
  • Avoid public forums.
  • Take awareness learning for self improvement.

-DR 

at No comments:

Cyber Security | Security Tips for ZooM hacking!

Security Tips for Zoom Application

Many of us have heard about ZOOM Application threats and hackings happened during the covid breakout time. Many organizations, institutions started their day to day meetings, classes through ZOOM application.

Zoom a social video conferencing app just spiked its popularity in use during the Covid Pandemic Days. It have added many users in 2020 than 2019. It have added around 2.22 M users in 2020. 

Many Corporate people, Office people, Students engaged in ZOOM during the period.

However all of a sudden it brings everyone's eye catch in to one thing i.e. 
"Security Issue".

Issues raised due to its Data and Privacy issue.  It has control over your profile, data and system or mobile screen. So you don't know what is going back end. 

That Means I am showing you one movie; and I am browsing your files behind the screen. Like this what we can understand. I can take your files and you can not know even. 

As per researchers findings, what it has collected;
  • Multiple Usernames
  • passwords
  • Home Address
  • Email Address
  • Social network profiles
  • Mobile number
  • IP address
What other issues came?
  • Hijacking the session by hackers/strangers.
  • Playing pornographic content during middle of the conference.
  • Cracking passwords.
  • Using third party trackers and surveillance.
  • It provided link encryption. Not purely encryption.
  • Many zoom conference video files came to market on internet.
  • Free version does not supports end to end encryption.
After getting many complaints, zoom has changed its security configurations, patched its application. Still some are under development. The application is stable as on date of writing this blog. 

So we can use the video conference apps with caution. 

-DR


       

at No comments:

Cyber Security | Tips on Facebook Account Security

Security and Safety tips for Facebook

The largest used social media application "Facebook" has become one dump gradually. Many trash items, irrelevant things, personal albums, private photos all are now public through FB. This is a very cause of concern, why I am to share my private photo with others? Am I selling photos freely on web ? 

Some people argue, if we are using Facebook then why we could not upload our photos? Their argument is right. 

But if a guy asks a girl please share me your photo. The immediately will ask why? What you do with my photo? Same photo the girl uploads at Facebook and the guy later likes that photo and downloads to his own device. He may use any technology to morph that photo or can sell the morphed photo at black market for financial benefit.

Now some law tells that always takes a consent before you take others photo. But people are randomly share their each and every photo at public and at others' server. 
 
Here are some tips for using the social networking site Facebook. These are security tips and are applicable for day to day operating the app.

Please read carefully and act sensibly. Your security is in your hand.
  1. Keep your system up to date always. OS and Antivirus should be updated and patched regularly.
  2. Open Facebook with secure login only. Check there is https available in the browser. 
  3. Don't Accept friend request from Strangers/ Unknown peoples even it shows mutual friend. 
  4. Don't copy and paste any script if you receive from strangers or even known peoples. Ask first. 
  5. Always create strong password.
  6. Change your password in periodic manner.
  7. Don't let your device to remember your password.
  8. Never share your password. Think it as your own tooth brush.
  9. Share your photos only with selected friends.
  10. Do not use Facebook from cyber cafe or public computer. If used for urgency remember to log out instead of closing the window. 
  11. Always remember to download your mobile app from google play store.
  12. Always keep the settings as "visible to friends only". Not for public. 
  13. Check your privacy once in a week.
  14. Disable public search and turn off spam apps under privacy settings.
  15. Keep hide your, job profile, relationship status, date of birth, mobile number and email address. 
  16. Try to unfriend the same person and multiple accounts with proper verifying which one is active account.
  17. Review your friend list timely.
  18. Turn off your location/GPS. 
  19. Do not click on advertisements/Adwares.
  20. Always logout when not in use. 

-DR
at No comments:

Cyber Security | Tips on Cyber crime Reporting at India

Cyber Crime Reporting 

The day to day increasing of cyber crime became the headache of every organization and individual around the world. 

When we talk about individual level, this has been increased the stress level of every one. People generally get embarrassed or confused when attack or crime happens against them and their system.
Many of us fear or don't know how to report the crime at specific authority.

Here is a list of countries who get most attacks as;

Ransomware Attacks
  • India-9.6%
  • Russian Federation-6.41%
  • Kazakhstan-5.75%
  • Italy-5.25%
  • Germany-4.26%
  • Vietnam-3.96%
  • Algeria-3.9%
  • Brazil-3.72%
  • Ukraine-3.72%
  • United States-1.41%
(Source: cybersecurity-insider.com)

In India, if anyone have got cyber attack, there is one Govt. authorized website to report the crime. 

Now which type of crimes one individual should report? Here is it as mentioned below;
  • Identity Theft
  • Fake profile creation at social media
  • password hacking
  • email hacking
  • Online banking/ Mobile banking/ Payment app/ Digital Wallet fraud
  • Cyber Pornography
  • Phishing
  • Ransomware
  • DoS attack
  • Man in the middle attack
  • Brute force attack
  • Credential re-use
  • SQL injection
  • Job related fraud
and So on many types of attack were ongoing day to day.

Just when you attacked, first thing is to suggested that,
  • Don't be panic
  • Keep evidences/screenshots
  • Response in time
  • Report smartly 
In India the website for reporting the cyber crime as well as you can get more details on awareness is mentioned as below;

https://cybercrime.gov.in

Helpline Number: 155260 (9:00 AM to 6:00 PM)

Cyber Crime Reporting Portal | India


For other countries reporting structure and portal information, request to please refer to govt. portals only. The details must be there. 

Thank You.

-DR

at No comments:

Cyber Security | Cyber Crimes during Covid Outbreak!

Cyber Crimes during Covid Outbreak!

The Covid-19 pandemic have switched on a digital life around the world. However there is a fear of cyber attacks and crimes every where. Many organizations have started work from home #wfh remotely from home, where they don't have any security protection at home, like proxy, firewall, IPS, IDS as well they miss the regular patch updates, OS upgrades.

People tried to sell fake and duplicate items such as Masks, Sanitizers and even fake vaccines. 

such attacks were;

  • Phishing attack
  • eMail Spam attack
  • Ransomware attack
  • KYC fraud
  • Social Media attack
  • Fake medicine and anti corona drugs, covid vaccines
  • Identity theft
  • Covid positive patient medical record breach.
  • Vaccine data steal
  • Fake online live tracking for corona.
  • The virus related attacks multiplied during this situation to 200 times.
Just need to check your privacy and reset your password in periodic basis. 

Beware on Advertisements!

-DR
at No comments:

Cyber Security | Social Media Hacks Rising

Social Media Account Hacks are Rising!


News and media everywhere on July 16, 2020 was flashed for one thread that #twitter account was hacked. Yes, in truth was hacked for some high profile peoples around the world.

Check all your social media account regularly. During any social media hacking news, immediate change your password and log out from devices. If possible avoid the social networking accounts for some couple of days. 

Some accounts were recovered whereas some were locked. The internal team was working it. Investigation is ongoing as there no traces of evidences found.

Review privacy and Resetting your password is only advisable and first step for now.

-DR
at No comments:

Cyber Security | Tips on Safeguarding your data

Tips on safeguarding your Data 


Do you know what data your device have? What Information is stored in your mobile? Knowing that data/ information is the first step to protect your data. 

Do you know some data might have stored at somewhere at someone's machine? Do you know someone tracks your data ? Someone is keeping eye on you. 

Remember, your data are being sold at Black market/ Dark Web at cheap prices with the hackers. 

Below are the type of data basically attracts strangers:

  • Credit/Debit Card/ CVV Number
  • Social Security Number
  • Address
  • Health Data
  • Text Messages
  • Social Networking Messages
  • Web history
  • Bank Account Number/ online User name 
  • Contacts
  • Call history
  • Current Location
  • Recent location
  • e-Commerce sites visit
  • Products purchased
  • Products with wish list
  • Deleted data
  • Financial transaction/ Tax information
  • And many.....
Now you can check out what data is not in your device.

So minimize the risk of transmitting those data to hackers end. 
Tune in to good practices from Cyber security advisories. 

Keep some items in Confidential.

Similarly note few tips below;
  • Its advised that don't share your personal information on social media. If you do let check your privacy settings. Check with whom its shared. 
  • Sharing your sensible data such as Address, phone number, Aaddhar Number, Social Security Number, Photo, Date of Birth makes a stalker to misuse those and gives a chance to a hacker to guess your password.
  • Don't share copy of PAN, DL and other documents to unknown. 
  • Never share your OTP with anyone else.
  • Never Share your password.
  • Do not click at unknown links or attachments. 
  • Do not use auto fill forms for online form filling, just do type.
  • Do not allow the prompt of browser to save your password.
  • Never use cybercafe for using social media account.
  • Always keep your location/GPS turned "off".

Tune up for more updates..

-DR
at No comments:
Subscribe to: Posts (Atom)

Network Scanning Tools

Network Scanning through Nmap and Nessus Network scanning is a process used to troubleshoot active devices on a network for vulnerabilities....

  • Basics of Ethernet
    Ethernet   Ethernet is the Media access method in a network where all the device or hosts , that share data or share the bandwidth in betw...
  • Telecom | STM-1/4/16 SDH Multiplexer- Part 2
    STM-1/4/16 SDH Multiplexer In my older post I have covered the basic STM and STM-1. STM1 is a synchronous digital hierarchy (SDH) is standar...
  • Basics of Switching | Switches- part 2
    Basics of Switching Switching is a basic function of networking. Switching breaks up large collision domains in to smaller ones. A Swit...