1: What is cybersecurity?
Cyber securities are defined as a group of processes, technologies and practices which are designed in a special way to protect computers, networks, access which are unauthorized and many more.
2: What do you mean by Cross Site Scripting?
Cross Site Scripting generally tends to refer to an injected attack which is from the side of the client code, where, the one who is attacking has all the authorities in executive scripts which are malicious
into an application of web or a website which is legitimate. Such kinds of attack are generally seen where the web application is making use of the non-encoded or non-validated inputs of the users inside the range of the output
which is generated.
3: What does Cyber security work for in a specific organization?
There are mainly three major reasons for which cyber security works:
1. Confidentiality: Whenever information is transmitted from one place to another, a certain level of secrecy is maintained, which is known as confidentiality.
2. Integrity: This means that whenever there is a need for change in any document stored beforehand or new, it can only be done by an authorised person with proper and secure mechanism.
3. Availability: Everything that is important should be readily available to the authorized people otherwise there will be no use of such information that is not available.
4: What can you defend yourself from Cross Site Scripting attack?
Like any other injection attack, Cross Site Scripting attack can also be prevented by the use of the proper available sanitizers. Web developers have to have an eye on the gateways through which they receive information and these are the gateways which must be made as a barrier for malicious files. There are software or applications available for doing this, like the XSS Me for Firefox and domsnitch for Google Chrome. Also, the default web application firewall formula, popularly known as ModSecurity Plus will also o the job quite satisfactorily.
5: What do you mean by a Botnet?
A botnet is basically known to be a network or a group of computers which are affected by malware and are being constantly monitored by a server which throws the commands. The one is in control of the botnet can impact some serious damage through all those linked computers affected with malware.
6: Strike the difference between vulnerability, a risk and a threat?
These three terms are interlinked but they are very different from each other:
1. Vulnerability: If your security program has a breach or weakness then different threats can further exploit the program and thus hack into your system to access data that is stored securely.
2. Risk: If your system is not secure enough and has the chances of getting damaged or destruction along with loss of data when a threat exploits the vulnerability, it’s under huge risk.
3. Threat: Something that is necessary for exploiting the vulnerability either knowingly or by accident in order to damage or destroy personal and official data.
7: How can the two factor authentication be implemented for the public facing websites?
The two factor authentication or shortly abbreviated as 2FA acts as another or an extra seal on your already protected account with a password. This two factor authentication can be implemented on public-facing websites like Microsoft, Twitter, Apple, Google and LinkedIn. For enabling such services, one can easily go to settings and then to manage security settings. Here, you will find the option of enabling two factor authentications.
8: Being a professional, what is more important Threats or Vulnerabilities?
]Despite the advancements in the security systems with the years, the threats and vulnerabilities have only increased with each passing day. Assessing threats is still not under the control of any high-tech security team. Although, a threat rises from vulnerability, so if we have proper control ver them, we can still try and control threats. Secondly, the type of threats remains same but the vulnerabilities are what keep on changing. Thus we need to focus on building something that has a proper defence mechanism and also can track down new vulnerabilities.
9: What is the main point of consideration when it comes to the differences between the Stored XXS and the Reflected XXS?
In case of Stored XXS, since Stored XXS is stored in a page which is static, thus, it is directly pulled out and displayed to the user directly as per needed. On the other hand, in Reflected XXS, the user has to send a request first. Now, this request will start running on the browser of the victim’s computer and then will reflect the results back from the website or the browser to the user who has sent the request.
10: How does the HTTP control the State?
This is a tricky question. HTTP doesn’t and will never control the state. Answers like cookies are still better. The job of the cookies is to provide a gateway to what HTTP can’t do. In simpler terms, cookies serve as a hack to what HTTP fails to do.
11: Describe the 3 major first steps for securing your Linux server.
Every system has its own security software’s so for securing your Linux, the first three steps are:
1. Auditing: A system scan is performed using a tool called Lynis for auditing. Every category is scanned separately and the hardening index is provided to the auditor for further steps.
2. Hardening: After the audit is complete, the system is hardened depending on the level of security it further needs. It is an mportant process based on the decision of auditor.
3. Compliance: The system needs to be checked almost every day for better results and also lesser threats from security point of view.
12: What are the techniques used in preventing a brute force login attack?
To avoid brute force login attacks, you generally have three kinds of techniques to go about. The first technique is to implement a policy for account lockout. In this method, an account will be locked out unless and until the administrator himself opens it. The second being progressive delays. In this method, after a few attempts of login, your account will stay locked for the next few number of days. Lastly, use a challenge-response test. This prevents any kind of automatic submissions on the login page.
13: How can you defend yourself against CSRF attacks?
To defend yourself against CSRF attacks, you can opt for two available methods. Firstly, with every request try to include a random token. In this way a unique string of tokens will be generated which is a good safeguard. Secondly, for each field of form, try using different names. This will somewhat help you in becoming anonymous due to the entry of so many different names and thus will behave as a safeguard from CSRF attacks.
14: What is the need for DNS monitoring?
The Domain Name System allots your website under a certain domain that is easily recognizable and also keeps the information about other domain names. It works like a directory for everything on the internet. Thus, DNS monitoring is very important since you can easily visit a website without actually having to memorise their IP address.
15: Define the process of Salting and state the use of Salting.
Salting is that process where you extend the length of your passwords by using some special characters. In order to use salting, you must know the entire mechanism of salting and also, it is not that very difficult to be cracked by a person who already knows the concept of salting.
The use of salting is to make your passwords stronger and not easy to be cracked if you are someone who is prone to use of simple or ordinary words as passwords.
No comments:
Post a Comment