
The evolution of information security has been done immediately after the development of the mainframe computers and multiuser systems. Information security works on the principle of the CIA triad which stands for confidentiality, integrity and availability.
Written by Ayush Naman Pati, CTIS
Information security is the process by which we can implement a barrier towards the unauthorized access to our information and our data which we have stored. In other words we can also say that information security is the process by which we can safeguard our information which conveys some special meaning.it
The evolution of information security has been done immediately after the development of the mainframe computers and multiuser systems. Information security works on the principle of the CIA triad which stands for confidentiality, integrity and availability.
Confidentiality means we shall achieve the security of the information on the following areas like personal information which includes phone no, mail id, pan no etc. Intellectual Property which includes copyright, source code, network security etc. National Property which includes the financial, defence, political information of the nation.
Integrity means it ensures the correctness of the information. When we send the data to anyone whatever data we sent that should be correct so that integrity could be achieved.
Availablity means the correct data should be available to the right person at the right time.
Methodologies involved to secure the information are:
1.cryptography 2. Steganography 3. Hashing
Cryptography is an art of science where we can apply some encryption or decryption algorithm so that the information is converted to the coded format so that it is not easily understood by humans. In cryptography, there are two processes one is encryption and decryption. Encryption means the original text (plain text) is converted to the cypher text (unreadable format) by using some encryption algorithm and it is usually done at the sender side. In decryption, we apply some decryption algorithm at the receiver side so that the cypher text is converted into the plain text.
Steganography is an art of science in which the plain text is converted into the image format at the sender side and the at receiver side the image format is converted to the plain text at the receiver side. Here the encryption algorithm is applied at the sender side ( plain text to image format ) and the decryption algorithm is used at the receiver side so that the ( image format is converted into the plain text) so basically it is the way of securing our data with the means of an image.
Hashing is the process by which we can ensure the correctness of the data. When the message sent in the sender side the message is first applied with a hashing algorithm in which it generates the address which is a combination of the letters and digits and then an address is also generated at the receiver side which is the combination of the letters then the address of the sender and the receiver is then compared and then on basis of that the information integrity is measured.
Attack:- it is the way by which we can access information by the unauthorized user is known as an attack. Basically, the attacks are of two types Active attack, Passive attack
A passive attack is the type of attack the unauthorized user gains access of information without any kind of modification is known as a passive attack. It is basically the way by which attacker gain access without modification. Types of spoofing, traffic analysis,
The active attack in this of attack the unauthorized user gain the access of information and does the modification. It has more impact with respect to passive attack. Types of relay, macaque, DOS etc.
Cyber attacks by the attackers
- ATM SYSTEM HACKED in mid-2018 the ATM system was targeted by some of the attackers. The attackers tried to hack the ATM system of Canara bank and swept up to 20 lakhs rupees from 300 account holders of the banks.
- UDAI AADHAAR SOFTWARE HACKED in 2018 this massive attack occurred where the Aadhaar card data breach happens where the personal information of the 1.1 billion Aadhaar cardholders where the personal information like the pan no, phone no, mail id etc got stollen by which it can create a huge loophole for an individual as all the information is with the attacker.
- Wipro fishing attack it is one of the most dangerous attacks done by the attackers and this fishing attack was done by the attacker on the Wipro in Bengaluru in which personal information of the employees and companies which again created a huge vulnerability in the company.
- Yahoo Data breach the Ayaho data breach crossed all the records of all time. it is one of the most dangerous attacks done. It has been hacked two times in which about 3 billion accounts got hacked and their id passwords got stollen.
- Mirai Botnet attack is one of the largest attack done by cyber attackers. It was done on 12 Oct 2016 and these time the attackers targeted the IoT devices which stand for the internet of things. All the IoT which are connected to the internet is converted to bots. Bots mean they are converted into the remote control servers which are controlled by the third party. These bots are also called as cc servers. As the IoT is connected to the internet hence they can be easily hacked and turned into bots.
- DDOS ATTACK: The DDOs attack mainly stands for the distributed denial of service. This aims that the servers could not respond to the requests of the customers as the attacker tries to send multiple no of messages so that the servers could not respond to the requests of the customers. Some popular kinds of the DDoS attack are TCN SYNFLOOD ATTACK.
- PM MODI TWITTER ACCOUNT HACKED: The Twitter account of our honourable Prime minister Narendra Modi git hacked by the attackers. This was one of the biggest attacks that left shocked to most of us. The attackers demanded the Bitcoin which was really shocking but as we all know Bitcoin mining has a great future in India and in the whole world.
Preventions
- Make your pc password protected.
- Always update your PC and use antivirus.
- Don’t click on the link if it is http only click when it is https (secure) and do not download anything from the unnecessary sites because it may contain some spyware.
- Use firewall it protects our pc against the DDOS attacks.
- We can also use the blockchain technology if we are using IoT devices.
- Always use strong passwords and change the passwords regularly.
- Make use of the cryptographic techniques while sending the messages if you have the risk of hacking.
- Make your employees aware of the risks and attacks which the attackers can do.
Photo by Tima Miroshnichenko: https://www.pexels.com/photo/person-in-black-hoodie-hacking-a-computer-system-5380651