Publication of "Basics of Cyber Security" in Prothom Alo, a

well-known news source in Bangladesh.

Date – 21/03/2023

Introduction to Cyber Security

Attackers are now using more sophisticated techniques to target the systems. Individuals,

small-scale businesses or large organization, are all being impacted. So, all these firms

whether IT or non-IT firms have understood the importance of Cyber Security and focusing

on adopting all possible measures to deal with cyber threats.

What is cyber security?

"Cyber security is primarily about people, processes, and technologies working together to

encompass the full range of threat reduction, vulnerability reduction, deterrence, international

engagement, incident response, resiliency, and recovery policies and activities, including

computer network operations, information assurance, law enforcement, etc."

Cyber security is the body of technologies, processes, and practices designed to protect

networks, computers, programs and data from attack, damage or unauthorized access.

The term cyber security refers to techniques and practices designed to protect digital

data. The data that is stored, transmitted or used on an information system. OR

Cyber security is the protection of Internet-connected systems, including hardware, software,

and data from cyber-attacks.

It is made up of two words one is cyber and other is security.

Cyber is related to the technology which contains systems, network and programs or

data. Whereas security related to the protection which includes systems security, network

1
security and application and information security.

Why is cyber security important?

Cyber-attacks can be extremely expensive for businesses to endure.

In addition to financial damage suffered by the business, a data breach can also inflict

untold reputational damage. Cyber-attacks these days are becoming progressively destructive.

Types of Cyber Attacks

A cyber-attack is an exploitation of computer systems and networks. It uses malicious code to

alter computer code, logic or data and lead to cybercrimes, such as information and identity

theft.

Cyber-attacks can be classified into the following categories:

1) Web-based attacks

2) System-based attacks

Web-based attacks

These are the attacks which occur on a website or web applications. Some of the important

web-based attacks are as follows-

1. Injection attacks

It is the attack in which some data will be injected into a web application to manipulate the

application and fetch the required information.

Example- SQL Injection, code Injection, log Injection, XML Injection etc.

2. DNS Spoofing

DNS Spoofing is a type of computer security hacking. Whereby a data is introduced into a

DNS resolver's cache causing the name server to return an incorrect IP address, diverting

traffic to the attackers computer or any other computer. The DNS spoofing attacks can go on

for a long period of time without being detected and can cause serious security issues.

3. Session Hijacking

It is a security attack on a user session over a protected network. Web applications create

2
cookies to store the state and user sessions. By stealing the cookies, an attacker can have

access to all of the user data.

4. Phishing

Phishing is a type of attack which attempts to steal sensitive information like user login

credentials and credit card number. It occurs when an attacker is masquerading as a

trustworthy entity in electronic communication.

5. Brute force

It is a type of attack which uses a trial and error method. This attack generates a large number

of guesses and validates them to obtain actual data like user password and personal

identification number. This attack may be used by criminals to crack encrypted data, or by

security, analysts to test an organization's network security.

Hardware Attacks:

Common hardware attacks include:

Manufacturing backdoors, for malware or other penetrative purposes; backdoors

aren’t limited to software and hardware, but they also affect embedded radio-

frequency identification (RFID) chips and memory. Eavesdropping by gaining access to

Hardware Inducing faults, causing the interruption of normal behaviour

Hardware modification tampering with invasive operations

Backdoor creation; the presence of hidden methods for bypassing normal computer

authentication systems.

Counterfeiting product assets that can produce extraordinary operations and those

made to gain malicious access to systems.

Security Policies:

Security policies are a formal set of rules which is issued by an organization to ensure that the

user who are authorized to access company technology and information assets comply with

rules and guidelines related to the security of information.

A security policy also considered to be a "living document" which means that the document

is never finished, but it is continuously updated as requirements of the technology and

employee changes.

We use security policies to manage our network security. Most types of security policies are

3
automatically created during the installation. We can also customize policies to suit our

specific environment.

Need of Security policies-

1) It increases efficiency.

2) It upholds discipline and accountability

3) It can make or break a business deal

4) It helps to educate employees on security literacy.

CYBER FORENSICS:

Computer forensics is the application of investigation and analysis techniques to gather and
preserve evidence. Forensic examiners typically analyse data from personal computers,
laptops, personal digital ,assistants, cell phones, servers, tapes, and any other type of media.
This process can involve anything from breaking encryption, to executing search warrants with a
law enforcement team, to recovering and analysing files from hard drives that will be critical
evidence in the most serious civil and criminal cases. The forensic examination of computers,
and data storage media, is a complicated and highly specialized process. The results of forensic
examinations are compiled and included in reports. In many cases, examiners testify to their
findings, where their skills and abilities are put to ultimate scrutiny.