20IT84-Cyber Security �& �Digital Forensics

B.Tech. (OPEN ELECTIVE)

By

M. Vijay Kumar

UNIT - II Syllabus

Proxy Server

A proxy server acts as an intermediary between a user's device and the internet. When a user sends a request, it goes through the proxy server, which then forwards the request to the internet and returns the response to the user.

Types of Proxies: 

• Forward Proxy: Used by clients to access the internet indirectly, typically employed within corporate networks to control and filter outbound traffic.
• Reverse Proxy: Sits in front of web servers and serves as a protective barrier, intercepting requests from clients and directing them to appropriate servers.

​

Benefits of Proxy Servers:�

• Enhanced privacy: Your IP address stays hidden, making it harder for websites and third-parties to track your online activity.
• Improved security: Proxy servers can filter malicious content and block certain websites, offering an extra layer of protection against online threats.
• Bypass geo-restrictions: Certain content might be unavailable in your geographical region. Proxy servers located in different countries can help you access such content by masking your true location.

​

Anonymizers:�

Anonymizers are tools or services that aim to conceal a user's identity and online activity by masking their IP address and encrypting internet traffic.

• Virtual Private Networks (VPNs): One of the most common types of anonymizers, VPNs create a secure and encrypted connection between the user's device and a VPN server, hiding the user's IP address and encrypting data transmitted over the network.
• Tor (The Onion Router): A network that anonymizes internet traffic by routing it through a series of volunteer-operated servers, encrypting it multiple times to conceal the user's identity and location.

​

Benefits of Anonymizers:�

• Extreme privacy: Your online activity becomes nearly untraceable, shielding you from targeted advertising, government surveillance, or malicious actors.
• Enhanced security: Encryption protects your data from potential eavesdroppers, even on public Wi-Fi networks.
• Geo-spoofing: You can choose a virtual location for your connection, bypassing geo-restrictions with greater ease.

​

Choosing the Right Tool:�

Both proxy servers and anonymizers have their strengths and weaknesses. Selecting the right one depends on your individual needs:

• For basic privacy and bypassing geo-restrictions, a simple proxy server might suffice.
• If you prioritize high anonymity and security for sensitive activities, an anonymizer like Tor or a VPN is recommended.

​

What is Phishing?

Phishing refers to fraudulent attempts to steal sensitive information like login credentials, credit card details, or personal data. Attackers craft deceptive emails, text messages, or websites that mimic legitimate entities, such as banks, social media platforms, or even trusted friends. These messages often create a sense of urgency or exploit curiosity to lure victims into clicking malicious links or divulging sensitive information.

How Does Phishing Work?

• Crafting the Bait: Attackers design emails, text messages, or websites that closely resemble those of trusted sources. They might use logos, branding, and language familiar to the target audience to instill a sense of legitimacy.
• Hooking the Victim: The message typically employs urgency, fear, or curiosity to entice the victim into clicking a malicious link or downloading an infected attachment. Common tactics include:
• Spoofing sender addresses: Emails appear to come from trusted entities like banks or online accounts.
• Creating fake urgency: Messages warn of account closure, identity theft, or other immediate threats to pressure quick action.
• Offering irresistible deals: Emails or texts lure victims with promises of discounts, prizes, or exclusive offers.

How Does Phishing Work?

• Reeling in the Catch: Once the victim clicks the malicious link or attachment, they might be directed to a fake website that looks like the real one. Here, they're tricked into entering their login credentials, credit card information, or other sensitive data. Alternatively, the attachment might install malware on their device, allowing attackers to steal data or gain unauthorized access.

​

Types of Phishing Attacks:�

Phishing attacks come in various forms, each targeting different vulnerabilities:

• Email Phishing: The most common type, using fraudulent emails disguised as legitimate sources.
• Smishing: Phishing attempts via text messages, often mimicking delivery alerts or bank notifications.
• Vishing: Phishing through phone calls, impersonating customer service representatives or government officials.
• Whaling: Targeted attacks aimed at high-profile individuals or executives, often involving elaborate social engineering tactics.

​

Protecting Yourself from Phishing:

• Think before you click: Hover over links to see the actual destination URL before clicking. Be wary of unexpected attachments, even from seemingly familiar senders.
• Verify sender information: Scrutinize email addresses and phone numbers for inconsistencies or typos. Don't rely solely on sender names displayed in messages.
• Beware of urgency and scare tactics: Legitimate entities rarely use threats or pressure tactics in their communications.
• Double-check websites: Look for suspicious URLs, typos, or inconsistencies in website design. If unsure, access websites directly through their official channels.
• Enable two-factor authentication: This adds an extra layer of security for your online accounts, requiring additional verification beyond passwords.
• Keep software updated: Regularly update your operating system, browser, and antivirus software to ensure they have the latest security patches.
• Report suspicious activity: If you suspect a phishing attempt, report it to the relevant entity (e.g., bank, social media platform) and delete the message immediately.

​

Password cracking

Password cracking is a method used by cyber attackers to gain unauthorized access to systems, accounts, or data by systematically attempting to guess or uncover passwords. It involves using various techniques and tools to discover or decrypt passwords stored in a system or transmitted over a network.

Password Hashes:

• Most systems store passwords in hashed forms, converting the plaintext password into an unreadable format using cryptographic hashing algorithms like MD5, SHA-256, bcrypt, etc.
• Password cracking involves attempts to reverse these hashed passwords to their original plaintext form.

​

Methods of Password Cracking:�

• Brute Force Attack: Involves systematically trying all possible combinations of characters until the correct password is found. While effective, this method can be time-consuming and resource-intensive.
• Dictionary Attack: Uses pre-generated lists of common passwords, words, phrases, or permutations based on dictionaries or wordlists to guess passwords. These attacks are more efficient than brute force and target commonly used passwords.
• Rainbow Table Attack: Utilizes precomputed tables of hashed passwords and their corresponding plaintext forms. Attackers compare stolen hashed passwords with entries in these tables to find matches.
• Hybrid Attack: Combines elements of dictionary attacks with alterations, such as adding numbers or special characters to dictionary words, to increase the chances of success.

​

Protecting Yourself from Password Cracking:�

The good news is, you can significantly reduce the risk of password cracking by adopting strong password practices:

• Use long and complex passwords: Aim for at least 12 characters, including a mix of uppercase and lowercase letters, numbers, and special symbols.
• Avoid common words and phrases: Steer clear of dictionary words, personal information like birthdays or names, and easily guessable patterns.
• Never reuse passwords: Each account should have a unique password to minimize the impact of a security breach.
• Enable two-factor authentication: This adds an extra layer of security by requiring a second verification factor, like a code sent to your phone, at login.
• Use a password manager: These tools can generate and store strong passwords for all your accounts, making them more secure and easier to manage.

​

Keyloggers

Keyloggers are a type of spyware that records every keystroke entered on a keyboard, including passwords, credit card numbers, and other sensitive information. They can be installed on a computer system without the user’s knowledge and can be used to steal confidential information.

Types of Keyloggers:

• Software Keyloggers: Installed as software on a computer or device, these log keystrokes and activities, often covertly.
• Hardware Keyloggers: Physical devices inserted between the keyboard and the computer, intercepting and recording keystrokes directly.

​

Spyware

• Spyware is a type of malicious software that secretly collects information about a user's browsing habits, activities, and sensitive data. It can capture browsing history, passwords, credit card details, and personal information.
• Spyware often gets installed on a user's device through malicious email attachments, infected websites, software downloads, or bundled with seemingly legitimate programs.

​

Detection and Prevention:�

• Antivirus and Anti-spyware Tools: Regularly update and run security software to detect and remove keyloggers and spyware.
• Firewalls and Intrusion Detection Systems (IDS): Use these tools to monitor network traffic and detect suspicious activities that might indicate the presence of keyloggers or spyware.
• Security Best Practices: Avoid downloading software from untrusted sources, regularly update operating systems and applications, and be cautious when clicking on links or downloading attachments in emails.

​

Types of Malware and Symptoms�Types of Malware

• Malware is used to steal data, bypass access controls, cause harm to, or compromise a system.
• Types of Malware
• Spyware - track and spy on the user
• Adware - deliver advertisements, usually comes with spyware
• Bot - automatically perform action
• Ransomware - hold a computer system or the data captive �until a payment is made
• Scareware - persuade the user to take a specific action �based on fear.

​

Initial Code Red Worm Infection

19

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential

Types of Malware and Symptoms�Types of Malware (Cont.)

• Types of Malware (Cont.)
• Rootkit - modify the operating system to create a backdoor
• Virus - malicious executable code that is attached to other executable files
• Trojan horse - carries out malicious operations under� the guise of a desired operation
• Worm - replicate themselves by independently �exploiting vulnerabilities in networks
• Man-in-The-Middle or Man-in-The-Mobile – �take control over a device without the �user’s knowledge

​

Code Red Worm Infection 19 Hours Later

20

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential

Types of Malware and Symptoms�Symptoms of Malware

• There is an increase in CPU usage.
• There is a decrease in computer speed.
• The computer freezes or crashes often.
• There is a decrease in Web browsing speed.
• There are unexplainable problems with network �connections.
• Files are modified.
• Files are deleted.
• There is a presence of unknown files, programs, �or desktop icons.
• There are unknown processes running.
• Programs are turning off or reconfiguring themselves.
• Email is being sent without the user’s knowledge or consent.

21

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential

Understanding Viruses and Worms

Viruses

Definition: A virus is a malicious program that attaches itself to another program and replicates itself, spreading through various means like infected files, emails, or network connections.

Characteristics:

• Parasitic: Relies on a host program to function and reproduce.
• Infectious: Spreads readily to other files and systems.
• Destructive: Can delete files, corrupt data, disrupt system performance, and even steal information.

​

How Viruses Work?�

• Infection Process:
• Attachment: The virus attaches itself to a healthy program or file.
• Triggering: When the host program is executed, the virus code also activates.
• Replication: The virus replicates itself, creating copies that can infect other programs or files.
• Payload Delivery: The virus then executes its malicious payload, which could involve data deletion, system disruption, or information theft.

​

Types of Viruses�

• File Infector Viruses: Attach to executable files, spreading when the file is run.
• Macro Viruses: Target macro-enabled applications like Microsoft Word or Excel.
• Boot Sector Viruses: Infect the boot sector of hard drives, affecting system startup.
• Polymorphic Viruses: Constantly change their code to evade detection by antivirus software.

​

What are Worms?

Definition: A worm is a self-replicating malware program that spreads across networks, exploiting vulnerabilities in operating systems or applications.

Characteristics:

• Independent: Unlike viruses, worms don't need a host program to function.
• Network-oriented: Spreads through network connections without user interaction.
• Resource-intensive: Can consume bandwidth and system resources, impacting performance.

​

How Worms Work?

Propagation Methods:

• Vulnerability Exploits: Targets weaknesses in software or operating systems to gain access to other systems.
• Email Spam: Spreads through infected email attachments or links.
• Shared Resources: Infects files on shared drives or network folders.
• P2P Networks: Exploits vulnerabilities in peer-to-peer file sharing platforms.

​

Protecting Yourself from Viruses and Worms�

Difference Between Virus and Worm

Trojan Horses

Definition: A trojan horse is a seemingly harmless program or file that conceals malicious code, granting attackers access to your system once activated.

Characteristics:

• Masquerade: Disguised as legitimate software, games, or documents.
• Delivery Methods: Downloaded from untrusted sources, attached to emails, embedded in pirated software.
• Payload: Steals data, installs additional malware, disrupts system functions.

​

Types of Trojan Horses

• Ransomware Trojans: Encrypt your data and demand payment for decryption.
• Spyware Trojans: Monitor your online activity and steal sensitive information.
• Downloader Trojans: Download additional malware onto your system, escalating the attack.
• Banking Trojans: Hijack online banking sessions and steal financial data.
• Botnet Trojans: Turn your device into a part of a botnet for coordinated cyberattacks.

​

Backdoors

Definition: A backdoor is a secret entry point created by attackers to bypass security measures and gain unauthorized access to a system.

Characteristics:

• Concealed Code: Often embedded within legitimate software or firmware.
• Remote Access: Allows attackers to remotely control the compromised system.
• Difficult Detection: Hidden deep within system, evading conventional detection methods.

​

How are Backdoors Installed?

Protecting Yourself from Trojans and Backdoors

• Antivirus and Anti-Malware Software: Use reputable security software to detect and remove malicious programs.
• System Updates: Apply software and operating system updates promptly to patch security vulnerabilities.
• Email Security: Be cautious about opening email attachments and clicking on suspicious links.
• Software Download Sources: Download software only from trusted and official sources.
• Firewall: Use a firewall to filter incoming and outgoing network traffic, blocking unauthorized access.
• Regular Monitoring: Monitor your system for unusual activity and investigate any suspicious processes.

​

Steganography

Steganography is a technique used to hide information within another message or object to avoid detection. It is a form of covert communication that can be used to conceal almost any type of digital content, including text, image, video, or audio content. Steganography can be used in cyber security to hide sensitive data, such as passwords or other confidential information, within seemingly harmless files or messages.

Types of Steganography

How does Steganography Work?

• Least Significant Bit (LSB) Modification: In digital images, each pixel is represented by a series of bits. By altering the least significant bit of each pixel, data can be embedded without significantly affecting the image's visual quality.
• Parity Encoding: Exploiting redundancy in files like audio or video streams, data can be hidden by modifying parity bits without impacting the file's functionality.
• Text-in-Whitespace: Extra spaces or tabs within text files can be used to encode binary data.

​

Applications of Steganography

Applications of Steganography

Sniffers

Sniffers in the context of cybersecurity refer to tools used to capture and analyze network traffic. They can be used by network or system administrators to monitor and troubleshoot network traffic. However, attackers can also use sniffers to capture data packets containing sensitive information, such as passwords and account details, for malicious purposes.

Sniffers (Cont..)

Imagine a network as a highway of data packets, each carrying information between devices. Sniffers are like highway toll booths, capturing and examining these packets as they pass by. They come in both hardware and software forms, and can analyze the contents of packets, revealing details like:

Source and destination devices: Who's sending the data and who's receiving it?

Protocol: What type of communication is happening (e.g., email, web browsing)?

Data: Depending on encryption, the actual content of the packets might be visible.

​

The good side of sniffing:�

• Network troubleshooting: Sniffers can diagnose network issues like slowdowns, errors, and suspicious activity. By analyzing traffic patterns, admins can identify bottlenecks, malware infections, and even unauthorized access attempts.
• Security analysis: Security professionals use sniffers to simulate attacks, test network defenses, and uncover vulnerabilities. This proactive approach helps them strengthen security before actual threats appear.
• Network optimization: Analyzing traffic patterns can reveal peak usage times, underutilized resources, and inefficient configurations. This helps network administrators optimize resource allocation and improve overall network performance.

​

The dark side of sniffing:�

In the wrong hands, sniffers become tools for malicious actors:

• Data interception: Hackers can use sniffers to steal sensitive information like passwords, financial data, and confidential documents. Unencrypted data is particularly vulnerable.
• Man-in-the-middle attacks: By intercepting and manipulating packets, attackers can impersonate legitimate users, inject malware, and disrupt communication.
• Network mapping: Sniffers can reveal the layout of a network, identifying its devices, services, and potential vulnerabilities. This information can be used to launch more targeted attacks.

​

Protecting yourself from sniffing:�

• Encryption: Always use HTTPS when browsing the web and secure protocols for other sensitive communication. Encryption scrambles data, making it unreadable for even the most skilled sniffer.
• VPNs: Virtual Private Networks create encrypted tunnels for your internet traffic, shielding it from eavesdroppers on public Wi-Fi or compromised networks.
• Network security: Strong network firewalls and intrusion detection systems can help identify and block suspicious activity, including sniffing attempts.

​

Spoofing

Spoofing in cybersecurity refers to a technique used by malicious actors to deceive systems, users, or networks by falsifying information. This manipulation involves creating a false identity or masquerading as a trusted entity to gain unauthorized access, bypass security measures, or launch attacks.

Here are some common types of spoofing:

• Email spoofing,
• Website spoofing,
• Phone number spoofing,
• IP address spoofing,
• GPS spoofing,
• DNS Spoofing

Email spoofing:

Occurs when an attacker forges email headers to make it seem like the email originates from a legitimate source, tricking users into revealing sensitive information or performing malicious actions.

​

Website spoofing: 

This involves creating a fake website that looks almost identical to a legitimate website, such as a bank or online store. When a victim enters their login credentials on the fake website, the attacker can steal them.

​

Phone number spoofing: 

This involves modifying the caller ID information to make it appear as if the call is coming from a legitimate source, such as a friend, family member, or business. This can be used to trick victims into giving up personal information or money.

​

IP address spoofing: 

This involves changing the source IP address of a packet of data to make it appear as if it came from a different computer. This can be used to launch denial-of-service attacks or to bypass security measures.�

GPS spoofing: 

This involves manipulating the GPS signal of a device to make it appear as if it is located in a different place. This can be used to track someone's movements without their knowledge or to commit fraud.

​

DNS spoofing 

DNS spoofing is a type of attack where the attacker alters the DNS server’s records to redirect traffic to a malicious website

What is session hijacking?

In the digital world, a session is a temporary connection between your device and a server, often identified by a unique token (like a cookie or session ID) that verifies you're the authorized user. Session hijacking is the act of stealing that token and using it to impersonate you, taking control of your active session and potentially gaining access to your data, accounts, or resources.

Types of session hijacking:

Cookie hijacking:

Attackers steal your session cookies through various means, like phishing emails, malware, or sniffing unprotected Wi-Fi networks. With the cookie, they can impersonate you on the websites that issued it.

​

Session sniffing:

Hackers use packet sniffing tools to capture network traffic and steal session IDs or other sensitive information transmitted between your device and the server.�

Man-in-the-middle attack: 

Attackers intercept communication between your device and the server, eavesdropping and potentially modifying data, including stealing your session token.

​

Session sidejacking: 

Hackers exploit vulnerabilities in browser extensions or website scripts to steal or manipulate session data stored on your device's local storage.

​

Impacts of session hijacking:

• Identity theft: Attackers can gain access to your personal information, financial data, and even medical records.
• Financial fraud: They can steal your money by transferring funds from your bank account or making unauthorized purchases with your credit card.
• Data breach: They can steal sensitive data from your organization, such as customer information or trade secrets.

​

Preventing session hijacking:�

Here are some ways to protect yourself from session hijacking:

• Use strong passwords and enable two-factor authentication: This makes it harder for attackers to guess or steal your login credentials.
• Beware of phishing emails and suspicious links: Don't click on links or open attachments from unknown senders.
• Use a VPN on public Wi-Fi: A VPN encrypts your internet traffic, making it more difficult for attackers to eavesdrop.
• Use a web browser with built-in security features: Many web browsers offer features like anti-phishing protection and sandboxing that can help protect you from session hijacking.
• Log out of accounts when you're done using them: Don't leave your accounts logged in on public computers or shared devices.

​

DoS (Denial of Service) Attack:

• In a DoS attack, the offender uses a single source, often a single computer or a network, to flood a target system with excessive traffic or requests.
• The aim is to consume the target system's resources (such as bandwidth, CPU, memory) to the point where it becomes unavailable to legitimate users.
• DoS attacks can exploit vulnerabilities in services, protocols, or software to exhaust system resources, causing the targeted system to crash or become unusable.

​

How it works:�

A DoS attack floods a targeted system (website, server, network) with excessive traffic, making it unavailable to legitimate users. This can be done in various ways, like:

• Ping of death: Sending oversized data packets to crash the system.
• SYN flood: Overwhelming the target with connection requests it can't handle.
• Smurf attack: Exploiting vulnerabilities in internet-connected devices to amplify the attack.

​

DDoS- Distributed Denial of Service

Impact of DoS Attacks:

Denial of Service�DDoS

• Similar to DoS, from multiple, coordinated sources
• Botnet - a network of infected hosts
• Zombie - infected hosts
• The zombies are controlled by handler systems.
• The zombies continues to infect more hosts, creating more zombies.

64

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential

Impact of DDoS Attacks:�

Protecting against DoS and DDoS Attacks:�

What is SQL Injection?

• It's a cyberattack that involves injecting malicious SQL code into a web application's input fields.
• The goal is to manipulate the database behind the application and gain unauthorized access to sensitive data.
• It's one of the most common and dangerous web application vulnerabilities.

​

How it Works:

• Attacker finds a vulnerable input field: This could be a login form, search bar, or any field accepting user input.
• Injects malicious SQL code: The attacker inserts carefully crafted SQL statements into the input field, instead of the expected data.
• Application unknowingly executes the code: The application processes the input as part of a SQL query, executing the attacker's code along with it.
• Attacker gains access or control: If successful, the attacker can:
• Retrieve sensitive data (e.g., user passwords, credit card numbers, personal information)
• Modify or delete data
• Execute arbitrary commands on the database server

​

SQL Injection

Example:

• Suppose a login form has a username field with the following SQL query:

SELECT * FROM users WHERE username = '$username' AND password = '$password'

• An attacker could enter this malicious input:

username' OR '1'='1' –

This would transform the query into:

SELECT * FROM users WHERE username = '' OR '1'='1' --' AND password = '$password‘

The '--' comments out the remaining part of the query, making the password irrelevant. The attacker would now gain access without knowing the actual password.

​

Types of SQL Injection:

Prevention Measures:�

Buffer Overflow

Buffer Overflow is a cybersecurity vulnerability that occurs when a program or process tries to store more data in a buffer (temporary storage area) than it was intended to hold. This extra data can overflow into adjacent memory locations, corrupting or overwriting data, altering the program's behavior, and potentially allowing attackers to execute malicious code.

Buffer Overflow attacks :

Types of Buffer Overflows:

There are two main types of buffer overflows:

• Stack-based overflows: These exploit the program's call stack, a temporary storage area used for function calls. Overwriting the stack can alter return addresses, sending the program execution flow to the attacker's code.
• Heap-based overflows: These target the heap, a dynamic memory allocation area. Overflowing the heap can overwrite data structures and program logic, enabling attackers to manipulate the program's behavior.

​

Protecting Against Buffer Overflows:

Developers can implement various techniques to prevent buffer overflows:

• Input validation: Checking and limiting the size and format of user input can prevent malicious code from being injected.
• Safe coding practices: Using secure coding languages and libraries can minimize vulnerabilities.
• Bound checking: Implementing mechanisms to ensure data stays within allocated buffer boundaries.
• Address space layout randomization (ASLR): Randomizing the location of memory segments makes it harder for attackers to predict where their code will land after an overflow.

​

Identity Theft

• Identity theft occurs when someone steals your personal information, such as your name, Social Security number, credit card details, or even medical records, and uses them for their own gain. This can involve activities like:
• Opening fraudulent accounts: Criminals might use your information to open credit cards, bank accounts, or even take out loans in your name, leaving you with the financial burden.
• Making unauthorized purchases: Your stolen payment information can be used to make online or offline purchases, leaving you facing unexpected charges and potential credit score damage.
• Selling your information on the dark web: Personal information is a valuable commodity for cybercriminals who can sell it on underground marketplaces and use it for further scams.

​

The Impact of Identity Theft:�

The consequences of ID theft can be far-reaching and long-lasting, causing:

• Financial losses: Unauthorized charges, fees, and interest can significantly impact your finances.
• Credit score damage: Recovering from fraudulent activity on your credit report can take months or even years.
• Emotional distress: Dealing with the aftermath of ID theft can be stressful, leading to anxiety, fear, and frustration.

​

Types of Identity Theft:

ID theft can take various forms, each targeting different types of personal information:

• Financial identity theft: Stealing credit card numbers, bank account details, or Social Security numbers to commit financial fraud.
• Medical identity theft: Using stolen medical information to obtain healthcare services or medications fraudulently.
• Tax identity theft: Filing false tax returns using someone else's Social Security number to claim refunds.
• Driver's license identity theft: Stealing driver's license information for various purposes, like purchasing alcohol or opening illegal accounts.

​

Protecting Yourself from Identity Theft:

• Be cautious with your personal information: Don't share sensitive information online or over the phone unless you're absolutely sure of the recipient's legitimacy.
• Use strong passwords and protect your accounts: Implement complex passwords with a combination of letters, numbers, and special characters, and enable two-factor authentication for added security.
• Be mindful of phishing scams: Phishing emails and websites try to trick you into revealing personal information. Always double-check the sender's address and website URL before entering any sensitive details.
• Shred important documents: Don't discard documents containing personal information without shredding them first.
• Monitor your credit reports and financial statements: Regularly checking your credit reports and bank statements can help you detect fraudulent activity early.
• Invest in identity theft protection services: Consider using reputable identity theft protection services that monitor your information and alert you of potential threats.

​

What is Port Scanning?

Port scanning is a network reconnaissance technique used to identify open ports on a computer system or network device. A port is a virtual communication channel assigned to a specific service or application, like an apartment number in a building. For example, port 80 is typically used for HTTP traffic, while port 22 is used for SSH. By sending probe packets to different ports and analyzing the responses, scanners can determine whether a port is open, closed, or filtered.

Why is Port Scanning Important?

• For attackers: Knowing which ports are open can help attackers identify potential vulnerabilities and entry points. Open ports could reveal running services, outdated software versions, or misconfigured systems, presenting opportunities for exploitation.
• For defenders: Port scanning can be a valuable tool for network administrators to assess their security posture. By identifying open ports and the services running on them, they can proactively address vulnerabilities and implement appropriate security measures.

​

Types of Port Scanning:

• TCP SYN Scanning: This common technique sends a synchronization (SYN) packet to each port and analyzes the response. An open port will respond with a SYN-ACK packet, revealing its presence.
• UDP Scanning: This technique sends UDP packets to various ports and monitors for responses. While less stealthy than TCP SYN scanning, it can be useful for identifying open UDP ports used by certain services.
• Ping Sweep: This technique sends ping packets to different IP addresses within a network range and analyzes the responses. Identifying responding hosts can potentially reveal open ports on those systems.

​

Staying Safe from Port Scanning:

• Minimize open ports: Only keep essential ports open and close unused ones to reduce attacker opportunities.
• Run secure services: Regularly update software and services running on open ports to mitigate known vulnerabilities.
• Implement network security measures: Firewalls and intrusion detection/prevention systems can help filter suspicious traffic and alert administrators to potential scanning attempts.

​

Tools used for Port Scanning:

Various scanning tools like Nmap, hping, and Wireshark are commonly used to perform port scans. These tools provide extensive options for customization and analysis, allowing users to perform different types of scans and analyze responses.