Hello Friends,
Today, We'll discuss about "How Do You Protect Your Computer from Hacking."
Hacking These days has increased very much so I decided to tell you all about How do you dodge the Hackers before they do damage to you or your Computer.
So, First I'll tell you about all the Hacking Attacks that I know of.
Types of Hacking Attacks.
1. Denial of Service -
DoS
attacks give hackers a way to bring down a network without gaining
internal access. DoS attacks work by flooding the access routers with
bogus traffic(which can be e-mail or Transmission Control Protocol, TCP,
packets).
2. Distributed DoSs -
Distributed
DoSs (DDoSs) are coordinated DoS attacks from multiple sources. A DDoS
is more difficult to block because it uses multiple, changing, source
IP addresses.
3. Sniffing -
Sniffing
refers to the act of intercepting TCP packets. This interception can
happen through simple eavesdropping or something more sinister.
4. Spoofing -
Spoofing
is the act of sending an illegitimate packet with an expected
acknowledgment (ACK), which a hacker can guess, predict, or obtain by
snooping
5. SQL injection -
SQL
injection is a code injection technique that exploits a security
vulnerability occurring in the database layer of an application. It uses
normal SQL commands to get into database with elivated privellages..
Read More About SQL Injection Here.
6. Viruses and Worms -
Viruses
and worms are self-replicating programs or code fragments that attach
themselves to other programs (viruses) or machines (worms). Both viruses
and worms attempt to shut down networks by flooding them with massive
amounts of bogus traffic, usually through e-mail.
Read More About Viruses Here.
Read More About Worms Here.
7. Back Doors -
Hackers
can gain access to a network by exploiting back doors administrative
shortcuts, configuration errors, easily deciphered passwords, and
unsecured dial-ups. With the aid of computerized searchers (bots),
hackers can probably find any weakness in the network.
Read More About Back Doors Here.
8. Trojan Horses -
Trojan
horses, which are attached to other programs, are the leading cause of
all break-ins. When a user downloads and activates a Trojan horse, the
software can take the full control over the system and you can remotely
control the whole system.They are also reffered as RATs(Remote
Administration tools)
Read More About Trojan Horses Here.
9. Keyloggers -
Consider
the situation, everything you type in the system is mailed to the
hacker..!! Wouldn't it be easy to track your password from
that.. Keyloggers perform similar functionallities.. So next time you
type anything.. Beware!
Read More About Keyloggers Here.
10. Brute-Forcing -
Brute-Forcring
is sometimes the Most Tiring Job.A Brute-Force attack on a Network.It
tries all the Password Combinations possible.Many Times,Brute-Forcing
doesn't works because of Connection Times Out.I have Posted Some
Information about Brute-Force Tools and How it takes Place Long Back.You
can refer to it for more information.
Read More About Brute-Forcing Here.
11. Secret Question -
According
to a survey done by security companies, it is found that rather than
helping the legitimate users the security questions are more useful to
the hackers.A hacker Can create a Fake Account and act as being someone
else and in the meantime will get your trust and ask your Personal
Secret Questions like In which Village was Your Mother Born? What was
the Name of your First Grade Teacher? On what street where you Born? On
what street your father livend in his Childhood? etc etc.It is upto you
to Dodge People like this and Block them if You Find them Suspicious.
12. Social Engineering -
This was
one of the oldest trick to hack.. Try to convince your user that you are
a legitimate person from the system and needs your password for the
continuation of the service or some maintenance.This won't work now
since most of the users are now aware about the Scam.
13. Phishing -
This is
another type of keylogging, here you have to bring the user to a webpage
created by you resembling the legitimate one and get him to enter his
password, to get the same in your mail box.Most of the Users now are
aware of this attack but a Elite Hacker can come up with different ways
of Phishing attacks.
14. Fake Messengers -
Hackers Make Fake Applications pretending to be Some Social Messengers and When You Open them,Some RAT/Virus/Trojan is Executed.
15. Cookie Stealer -
Cookies
Stealing also known as Session Hijacking asks a victim to open a fake
site and When the Victim is Online,HIs Cookies are sent to the hacker
and While the Victim is online,his account's passoword is cracked and
the hacker is inside his account.
16. DNS Poisoning or PHARMING -
Pharming
is a derivate from phishing. Both use “ph” instead of an “f” and are
part of a computer slang. Pharming seeks to obtain personal or private
information through domain spoofing. In phisihing you are being spammed
with malicious deceiving e-mail requests for you to visit spoof Web
sites which appear legitimate. Pharming on the other hand poisons a DNS
server by infusing false information into the DNS server, resulting in a
user’s request being redirected elsewhere. Your browser, however will
show you are at the correct Web site, which makes pharming a bit more
serious and more difficult to detect. Phishing attempts to scam people
one at a time with an e-mail while pharming allows the scammers to
target large groups of people at one time through domain spoofing.
17. Whaling -
The Whale virus is
a computer virus discovered on July 1, 1990. The file size, at
9,216 bytes, was for its time the largest virus ever discovered. It was
written by German programmer R. Horner. It is known for using several
advanced "stealth" methods.
After the
file becomes resident in the system memory below the 640k DOS boundary,
the operator will experience total system slow down as a result of the
virus' polymorphic code. Symptoms include video flicker to the screen
writing very slowly. Files may seem to "hang" even though they will
eventually execute correctly. This is just a product of the total system
slow down within the system's memory.
It was reported that one infected program displayed the following message when run:
THE WHALE IN SEARCH OF THE 8 FISH
I AM '~knzyvo}' IN HAMBURG addr error D9EB,02
I AM '~knzyvo}' IN HAMBURG addr error D9EB,02
_____________________________________________________________
Now, All the Hacking Ways I know are over,So Now comes the Question,How can you get Your Computer Protected against these attacks?
Protection Against Hacking Attacks.
How Do You Protect Your Site Against a DDOS or DOS Attack?
DDOS or DOS attack only takes place on Web-Sites and Not on Particular Computers so Skip this if you don't own a Website or don't want to protect your site.
A
Distributed Denial Of Service (DDOS) attack is an attempt by a malicious
party to prevent legitimate users of using your services. With a DDOS
attack this is typically accomplished through flooding, a process
whereby multiple clients generate traffic to your site that takes up all
capacity of your site so it stops responding to legitimate request.
There’s a
number of solutions available against these type of attacks but they
tend to be ineffective mostly because they’re either dependent on your
own infrastructure or they are reactive meaning that they will respond
after the attack has started. If DDOS attacks need to be blocked in/on
your own infrastructure you will very quickly run out of capacity as the
attacker can generate more traffic than your own infrastructure
(firewalls, switches, load balancers) can handle. So anytime you’re
dependent on blocking DDOS attacks in your environment you’re already
too late, it needs to be stopped before it gets to your doorstep. Now if
you have deep pockets there’s options available that run at the ISP
level. They’re basically IPS/IDS like solutions that will detect
anomalous traffic and blackhole this traffic. This will avoid the
traffic getting to your infrastructure but these are expensive solutions
that aren’t available to your run-of-the-mill website owner.
So whats
the solution to an attack that is capacity based? Have more capacity
than the attacker. That sounds like a bad solution as you don’t have
infinitely deep pockets to keep adding capacity for the unlikely event
you’re being targetted by a DDOS attack. Fortunately there’s a very easy
way of getting additional capacity beyond the means of any DDOS
attacker: use a Content Delivery Network. A CDN is a proxy solution that
can be used to deliver content close to a target group which offloads
traffic from your website. There’s a number of services available like
Akamai, Amazon CloudFront or MaxCDN. If you use a CDN and your site is
being attacked with a DDOS attack is actually not your site being
attacked but the CDN. And the CDN has tons and tons of capacity that no
normal DDOS will be able to saturate. In normal circumstances the costs
of using a CDN will be low enough not to give you any headaches but when
a DDOS is mounted you will see a spike in traffic. This will generate
costs as the CDN is responding to way more traffic than usual but your
site is protected against the DDOS attack. The decision whether you want
those costs is up to you but at least there is a sure fire way of
countering a DDOS attack.
Now
setting this up for a static website is simple but things get a bit more
complex with a dynamic, personalised site. Even then you can use a CDN
to your advantage. Most DDOS attacks are simple scripts without the
capabilities of a full browser. You could decide to host a static
homepage on the CDN that loads a Javascript or Flash animation that
needs to be executed before you move to the dynamic site. The DDOS
script can’t execute the Javascript or Flash animation and fails the
test. It will not proceed to the dynamic site. The firewall of your site
is configured in such way that only traffic coming from the CDN will be
accepted, there is no bypass.
If you’re willing to pay the price of a CDN you have every chance of surviving a DDOS.
How Do You Protect Your Computer from Sniffing?
A scary
aspect of these tools is who can, and will, use them. As stated earlier,
sniffers can be used for both legitimate and illegitimate purposes. For
instance, a network manager can use them to monitor the flow of traffic
on the network to ensure that the network is operating efficiently.
However, sniffers can also be used by malicious users to obtain valuable
personal information. Whether it is passwords or private communication,
both crackers and co-workers can benefit from reading your data.
Defending against sniffers, as with any other threat, needs to start
from the top and filter down to the user. As on any network,
administrators need to secure individual machines and servers. A sniffer
is one of the first things a cracker will load to see what is taking
place on and around their newly compromised machine.
Another method of protection involves tools, such as antisniff,
that scan networks to determine if any NICs are running in promiscuous
mode. These detection tools should run regularly, since they act as an
alarm of sorts, triggered by evidence of a sniffer.
How Do You Protect Your Computer from Spoofing?
E-mail Spoofing is the Most used spoofing technique used these days,To Protect yourself from Spoofing,take the same measures as you would use to avoid Phishing Traps, i.e , Don't click Links provided in the email that you are suspicious of.Do not give away your personal information to anybody pretending to be a legitimate source.Always be sure that you are on the right site while entering sensitive information such as Online Bank Account Passwords, Social Networking Site Passowords by Checking the Site's Webisite Certificate.On Google Chrome,If you are visiting the Right Site,the Address Bar will show a Lock Icon in Green Color, In the Same way, Go to the Paypal's Log-In Site and see if it Shows the Green Icon or not.You can Google to see More Ways of Protecting Yourself against Spoofing.
How Do You Protect Your Computer From SQL Vulnerability?
To Protect Your Site against the SQL Vulnerability, You have to understand the Whole Process in which it takes place,Because I can't Explain too much right now,I am giving you a Link from where you can learn about What Is SQL,How it Takes Place, and How to Get Protection Against it.
Read all about SQL Here.
How Do You Protect Your Computer From Viruses
and Worms, Back Doors, Trojan Horses, Keyloggers ,
Fake Messengers,Whaling?
Well,Now
This is Too Easy to do task.To Protect Your Computer Against these
dangerous things,The first and foremost step is to have a Good and
Updated Anti-Virus.If You are a Windows Operating System User,then the
best I could recommend you all is to have Microsoft Security Essentials Installed.If you don't prefer MSE then Given Below is a List of Anti-Virus that I recommend.
1. Norton Internet Security.
2. Bit Diffender Anti-Virus.
3. Kasperesky Internet Security.
4. Panda Anti-Virus Pro.
5. F-Secure Anti-Virus.
6. AVG Anti-Virus.
7. Avast Pro Anti-Virus.
8. G Data Anti-Virus.
9. Bull-Guard Anti-Virus.
10. Avira Anti-Virus Premium.
11. ESET NOD32 Anti-Virus.
If You Need any More, then You Can Google About it.
Having an Updated Anti-Malware Software is also necessary.I would recommend :
1. Malwarebytes.
2. SUPER Anti-Spyware.
_____________________________________________________________
How Do You Protect Your Web-Site From Brute-Force Attacks?
(! ; @ ; # ; $ ; % ; ^ ; & ; *)
Entering Passwords with Capital and Small Letters with Numbers and Special Characters can be a bit frustrating at times but remember its only for your Web-Site's Security.
How Do You Protect Yourself from Secret Question and Social Engineering?
How Do You Protect Yourself from Cookie Stealing?
How Do You Protect Yourself from DNS Poisoning or Pharming?
_____________________________________________________________
OTHER NEWS AND NOTES ABOUT "Protect Your Computer from getting Hacked." :-
You Can visit the Official Site of Anti-Phishing Working Group Here.
How can you spot a Genuine Links or URL?
Given below are some tips you show know so that you don't get hacked in future.
- Always Notice how to E-mail Sender addresses you. Genuine E-mails will always address you in a personal manner.(Either by your Name or your Username on the site.)
- Genuine URLs will have SSL (Secure Socket Layer) Security.This can be spotted by reading the term "HTTPS" in the URL.
- Genuine URLs will have a Lock symbol and the right-hand side bottom of the page or in the address bar right before the URL.This signifies the Digital certificate.
Click the Photo to Enlarge.
How Do You Spot a Fake Links or URL?
- Hover the mouse over a link before you click it.It will reveal the real destination in case the URL is a masked one.
- Beware of the Sign "@" in the URL as all the browsers ignore the characters before the "@" sign.For example the URL "www.facebook@wooder.com" will not take you to the original Facebook Webpage.
- Check the spelling of the URL carefully. Hackers sometimes change a single character to try and trick victims. For instance, many people will feel at first glance that “www.micorsoft.com” is the same as “www.microsoft.com”.
- Check if the URL of the page you are directed to is the same as that mentioned in the email.
- Read the link properly. For instance, the URL “www.apple.com.wooder.com” will not take you to the official Apple website.
- Ensure that the link does not start with an IP address. For instance, “http://198.162.256.56/wood/index.htm” is the kind of link that you must never trust.
- There are several services online which shorten URLs to cater to character count limitations. To avoid falling for fake shortened URLs you should use a service like “www.longurl.org” which reverses the process to show you the real destination.
- On another note, it is also advisable to not download any suspicious attachments. If it is necessary, you must download and scan them separately.
No comments:
Post a Comment