Madme Codes
Security (CS50 Blog)

Photo by FLY:D on Unsplash

Security (CS50 Blog)

#DAY3

Ayush Gupta's photo
Ayush Gupta
·

7 min read

Table of contents

Users' data is of utmost importance to them as it contains personal information, memories, and sensitive details, making its protection crucial for privacy and security.

*Files are never Deleted

  • Whenever we save our files/data on our computer, it is stored in storage devices like hard disk or SSD by our Operating System in the form of zeroes and ones.

  • The operating system uses a file system to organize and store data on a disk. It typically keeps track of available space and maintains a file allocation table or similar data structure that records the location of each file on the disk.

  • The allocation process involves finding a suitable region of free space on the disk that is large enough to accommodate the file. The operating system then updates the file allocation table to reflect the new file's location and size.

  • Whenever we delete our file, permanently, our OS simply forgets the location of that stored data in our disk. But the data still persist there in the form of 0 and 1.

  • This data remains there till OS doesn't allocate the same part of the disk for some other file, in such case 0 and 1 of previous data rearrange themself according to the new data.

  • But if that part is not allocated it simply means your deleted data still can be recovered by using some software which can be both dangerous and useful depending on the situation.

  • Also, there exist softwares which are used to scrub the deleted files from the disk enabling a secure delete.

*Cookies

  • Cookies are small text files that are commonly used by websites to store information on a user's computer or device.

  • They serve various purposes, such as keeping users logged in, remembering preferences, and tracking user behavior for analytics and advertising purposes.

  • When a user visits a website, the site sends a cookie to the user's browser, which stores it on their device. The next time the user visits the same website, the browser sends the stored cookie back to the site, allowing the website to recognize and customize the user's experience.

  • But this can be dangerous because hackers can sniff the wireless traffic, take your cookie, and then they can impersonate the legitimate user and gain unauthorized access to the user's account or session on the website. This is known as Session-hijack.

  • Session hijacking, also known as session hijack or session sidejacking, is a type of security attack that targets the session cookies used by websites. In a session hijacking attack, an unauthorized individual intercepts or steals the session cookie of a legitimate user. This can be done through various means, such as capturing network traffic, exploiting vulnerabilities in the website or browser, or using malicious software.

  • To mitigate the risk of session hijacking, websites and web applications employ various security measures. These include using secure and encrypted connections (HTTPS), implementing secure coding practices, employing secure session management techniques, and regularly updating and patching software to address any vulnerabilities.

  • Additionally, users can protect themselves by being cautious about using public Wi-Fi networks, keeping their devices and browsers up to date, and regularly clearing cookies or using private browsing modes to limit exposure.

*Phishing

  • Phishing is a deceptive technique used by cybercriminals to trick individuals into divulging sensitive information, such as login credentials, credit card details, or personal data.

  • It typically involves impersonating a trusted entity, such as a well-known company or financial institution, through fraudulent emails, messages, or websites.

Steps to prevent getting phished:-

  • Be vigilant

  • Verify the source

  • Avoid clicking on suspicious links

  • Keep software up to date

  • Use strong, unique passwords

  • Enable two-factor authentication (2FA)

  • Educate yourself

*Search History

Search history can potentially be used as a valuable resource for cyber attackers to gather information about an individual or organization. By analyzing someone's search history, attackers can gain insights into their interests, habits, preferences, and even potential vulnerabilities. A solution to this can be the use of Incognito mode which doesn't store users history and cookies.

*Authentication

Methods of authentication, such as biometrics and two-step verification, play a crucial role in preventing cyber attacks by adding an extra layer of security to verify the identity of users. Here are several common authentication methods:

  1. Password-based Authentication

  2. Two-Factor Authentication (2FA)

  3. Biometric Authentication

  4. Multi-Factor Authentication (MFA)

  5. Hardware Tokens

*Password managers

The concept of creating one strong master password to store all our passwords can be useful and dangerous.

Pros:

  1. Enhanced Security

  2. Convenient Password Management

  3. Auto-fill Functionality

  4. Secure Password Sharing

  5. Password Strength Analysis

Cons:

  1. Single Point of Failure

  2. Dependency on the Service

  3. Potential Vulnerabilities

*Network Security

The use of HTTPS significantly enhances network security by encrypting data, providing authentication, ensuring data integrity, and boosting user trust. It is considered the standard protocol for secure communication on the web, offering substantial benefits over the non-secure HTTP. This is not an issue in todays world because all the sites use HTTPS, but still one should be conscious enough while browsing.

*VPN (Virtual Private Network)

A Virtual Private Network (VPN) creates a secure and private connection between a user's device and a remote server or network over the internet. It allows users to access the internet securely and privately by encrypting their data and routing it through a server located in a different location.

  1. It encrypts the data before sending it from our computers. And sends data via an encrypted tunnel between the user and VPN server which can't be accessed by unauthorised parties.

  2. The VPN server acts as an intermediary between the user's device and the websites or services they access.

  3. he VPN server assigns the user's device a new IP address, replacing the original IP address assigned by the user's Internet Service Provider (ISP). Helps in making user anonymous.

  4. Users can bypass geographical restrictions and access content or services that may be restricted in their actual location.

It's important to note that while VPNs enhance privacy and security, users should choose reputable and trustworthy VPN providers. Additionally, VPNs do not make users completely anonymous, as other factors, such as website cookies or account logins, can still reveal some identifying information.

*Firewall

A firewall is a network security device that monitors and controls incoming and outgoing network traffic based on predetermined security rules. It acts as a barrier between an internal network (such as a private company network) and external networks (such as the internet) to protect the internal network from unauthorized access and potential threats.

By implementing a firewall, organizations can enforce security policies, control network access, prevent unauthorized access, and protect against various network threats, such as hacking attempts, malware, and unauthorized data exfiltration. Firewalls are a crucial component of network security and are often used in combination with other security measures to create a layered defense strategy.

*Encryption

Two famous types of encryption techniques to prevent data hamper are Secret Key cryptography and Public Key cryptography.

  1. Secret Key Cryptography (Symmetric Cryptography):

    Secret key cryptography, also known as symmetric cryptography, involves the use of a single secret key for both encryption and decryption of data. The same key is used by both the sender and the recipient to encrypt and decrypt the information. It is called "secret key" because the key used for encryption must be kept confidential and shared securely between the communicating parties. Examples: SSL(Secure Socket Layer), Virtual Private Networks (VPNs), etc.

  2. Public Key Cryptography (Asymmetric Cryptography):

    Public key cryptography, also known as asymmetric cryptography, involves the use of a pair of keys: a public key and a private key. These keys are mathematically related, but while the public key is freely shared and known to everyone, the private key is kept secret and known only to the owner. (HTTPS follows this cryptography technique)

*Malware

Malware, short for malicious software, is a type of software designed to disrupt, damage, or gain unauthorized access to computer systems or networks. Malware can take various forms and have different purposes, but their common objective is to exploit vulnerabilities and compromise the security of targeted devices or networks.

Methods to Prevent Malware:

  1. Use Reliable Security Software

  2. Keep Software Updated

  3. Exercise Caution with Email and Downloads

  4. Practice Safe Browsing Habits

  5. Enable Firewalls

  6. Secure Network Connections

  7. Regularly Back Up Data

#DAY3

WeMakeDevsSecuritycs50