Top 30 Cyber Security Interview Questions & Answers 2025 | Cyber Security Job Interview| Intellipaat
8.33k views14114 WordsCopy TextShare
Intellipaat
🔥Enroll for our Cyber Security Course: https://intellipaat.com/cyber-security-course-certification/...
Video Transcript:
[Music] hello and welcome to this session about cyber security interview questions by inat before we start this session here are some famous cyber security attacks the 2009 operation Aurora against Google the Twitter profile breaches back in 2020 when hackers took over prominent accounts including those of Barack Obama and Elon Musk the 2019 Facebook security breach which exposed more than 540 million user records and then there is Amazon which faces persistent DDOS attacks these cases reveal just how volatile systems are from Tech giants like Google Amazon X and meta to smaller startups every organization faces the
constant threat of a Cyber attack what makes these cyber attacks even worse is the compromised user data the disruption of services and damaging the company's reputation with the growing tech industry the threat of cyber security attacks is also growing which in turn drives the demand for a cyber security professional an article by the economic Times highlights the critical shortage of over 800,000 cyber Security Professionals within India another article by folks highlights the 4 million waken cyber security jobs globally this proves that cyber security is not just an in- demand job rule with over 3,000 job
opportunities but it is also one of the highest paying Tech Industries according to glasso an average size cyber security professional earns a salary of 6 lakhs per year in this video we have compiled a list of the top 30 questions that stem from the core of cyber security which will help you get started with your career in cyber security so make sure to stick till the end of this video oh and if you want more such content then make sure to hit the like button and subscribe to intp's YouTube channel now without any further Ado
let's get started with the video so let's start with our very first question that is what is a cyber security attack and explain the different types of cyber security attack so a cyber security attack is when a hacker or a group of hackers try to steal your information try to steal modify or they try to delete your sensitive information without your knowledge or without your consent that is called as a cyber security attack or in technical terms a cyber security attack refers to any malicious attempt by hackers to access steal alter or damage Information Systems
networks or even your data now there are different types of cyber security attacks as well so the very common type of cyber security attack is a malware malwares can steal sensitive data spy on user activities and they can even disrupt your normal operations now there can be different types of malwares you will be familiar with viruses then there is warms the warms in this case are uh viruses I believe everybody will be familiar with viruses are like very very common you download any file online and uh the viruses they just tag along and you are
not aware that the virus is in contained in the file you download the file and then sometime later you realize that the virus has started corrupting your system they started attacking your files inside your system and that is a virus attack a warm attack on the other hand is more like a warm doesn't need a host unlike viruses because when you're when the virus is replicating itself it needs a host to get installed into your system but warms don't need that they can they don't need a host so they can replicate themselves without a which
makes them a lot more worse than viruses and I believe if I'm right there was an attack in 2004 or8 where the warms were spreading in form of emails emails is very common right we get like maybe over 10 or 20 emails per day now imagine warms affecting the emails and spreading into different computers the attack was so bad that it disrupted the whole global internet connectivity back in 2004 if I remember correctly that has how powerful warms can be then we have spyware now spyware is when you're targeting a specific organization or a person
spyware as the name suggests it is to spy on that particular user uh the attackers they spy on the user to get their passwords their credentials their credit card numbers their bank account numbers and they can just find out all of this by spying on your on you or the particular user that is called as a spyware next is the ransomware I myself have been the victim of a ransomware attack land someware is when the attacker installs some kind of software into your system and they corrupt your files whatever files are there on your system
every single file is corrupted then you're not able to access any of your files and when you try to access it you get a message your file has been corrupted and to recover this uh particular file you need to go to this website and then you go to the website and you realize that you have to pay certain Ransom or certain money to get your files back so that is money extortion that is Ransom we attack moving on we have fishing fishing is also again very common I've heard about a lot of people who got
caught in this fishing attack uh it's it's very simple just think about it like you are just browsing your internet and suddenly you get an email from your bank that your password has been compromised and you need to reset your password so you click on that particular email or you click on that particular link that got bya your SMS or maybe Gmail and then you're directed to a website and then you enter your bank details and then a few minutes later everything is gone everything is done and that's when you realize that it was a
fishing attack so fishing attack involves sending fraudulent Communications usually emails or it can be SMS as well that appear to come from a trusted Source when you're opening that particular link you think that oh it's it's from the bank so it must be safe I'm trying to protect my password because it has been compromised but then you realize that it was just a way to get your password to snatch your password that is fishing moving on you have mitm attack now this is man in the middle attack this is also again very common the attacker
secretly intercepts and Alters communication between two parties without their knowledge this you must have also seen whenever you connect to a public Wi-Fi you go on a maybe on a railway station or maybe in a cafe you connect to their Wi-Fi and you get a notification on your phone that you have been connected to public Wi-Fi so your data is visible to everybody connected to that Wi-Fi so you have to be very careful because when you're uh maybe you're accessing your bank account or maybe anything private that you don't want to share with the rest
of the world hackers can come in the middle of you and that public Wi-Fi and whatever data you're sending using the private Wi-Fi they can uh cut through the line and they can steal this information of yours so that is mitm attack moving on we have DDOS attack DDOS attack is again one of the really dangerous attack this a very common example I can think of is even in your own laptops or even in your own systems your computers uh if you open multiple tabs multiple apps multiple softwares at the same time your application your
system it just hangs it's just like I don't know what to do there's a lot of things going on so it just freezes hangs the same thing can happen to servers as well so in DDS attacks the hackers or the attackers they send a lot of information to the server and now the server it tries to manage all of this data and ends up getting unstable because of the overwhelming amount of traffic it is getting so that is a DDOS attack and there is one famous DDOS attack which affected a DNS server I think it
was in 2016 when a popular DNS server and it was popular because a lot of popular websites like your X Twitter Netflix Amazon all of these used to depend on this particular DNS server and some attackers attacked the it flooded the DNS server with so much traffic that all of these sides were closed temporarily as long as the site took to recover so that is why DDS attack is another powerful cyber security attack moving on we have SQL injection now SQL injection is exploiting the vulnerabilities in a database layer by inserting malicious SQL code now
this is say if you have a database which contains all of your personal all of your clients's passwords and everything an attacker can try to access this particular database by inputting SQL codes by inputting insert delete view modifier codes date code and SQL they can steal all of this data without your knowledge moving on we have the last and I believe personally this is really really dangerous you know in even in medical terms uh like uh there is no official cure for cancer per say because it's a virus and there is no particular cure for
cancer so it just makes it even more dangerous even more terrible right so it just makes it even more scary so this is something similar zero day exploit attack this is when you test your when you're launching a software you do a couple of penetration testing just to make sure that everything is safe and secure and then you release it to the market and then people are using it and some days later a particular hacker uh realizes that there is a certain vulnerability in the software that you launched and they exploit they take advantage of
that particular vulnerability and they attack your system now you or your team had no idea that this particular threat this particular vulnerability was in your product so how would you react to a threat for which you have no you didn't even know that the threat existed in the first place then how can you provide Aid to the users if you yourself didn't know that the threat existed that is what makes zero day exploit a lot more worse because you don't know that the vulnerability exists and once the vulnerability is discovered by some third party by
a hacker or something everything will be shut down and all you can do is hope that your team comes up with a solution to recover uh back from the attack quickly moving on what are the differences between symmetric and asymmetric encryption now let me help you understand this with the help of an analogy say there are two people Stacy and Peter now Stacy is trying to send a confidential message to Peter now this is an analogy so she puts This Confidential message into a box and locks it with a key and then she sends both
the key and the box to Peter and now Peter because he got the key also he uses the key to access the confidential message this is called a symmetric encryption where there is only a single key a single public key for both encryption that is when Stacy was sending the message encryption and decryption where encryption is when she's locking the box but after putting the message she's locking it that's encryption and decryption is when Peter is unlocking the box with the same key um the problem here is that there's only a one key and that
key is public so anybody can access that key and anybody can exploit your data which makes them encryption quite dangerous then we have asymmetric encryption where the same file Stacy is sending the same file in the Box she puts it locks it in a with the key encrypts the data but this time instead of sending the whole box and the key she sends only the box and Peter he has his own key he has his own private key which he uses to decrypt or unlock the box and he gets the message now this is called
a asymmetric encryption where there are two keys there there's a pair of keys a public key and a private key public key is used for encryption that is locking the box and only the receiver who has the private key will be able to unlock the box so that way your box will be safe and even if it goes out in the public without the unlocking key nobody will be able to access the data moving on what is a firewall and how does it protect a network consider another analogy at this point you should just know
that I really love explaining uh with the help of analogies so here's another one say there's an employee and he's connected to the internet in their particular office now obviously with this internet again he has to send confidential company data the data has to travel uh with the help of this internet right a firewall you can basically call it as a shield which protects the company's servers from any malicious attack that is if a hacker tries to access the company's server then this firewall can block it because the fireball can detect the malicious activity and
it can just simply straightforward block it or in technical terms firewalls are an essential component of network security that provides protection against unauthorized access cyber threats and data breaches by monitoring and controlling the network traffic moving on explain the concept of Brute Force attack and how it can be prevented now Brute Force attack in normal English terms is when you know you're angry at a person and you're like blinded by rage you're like completely angry you just go around throw punches so that is called as a Brute Force attack where you're not really thinking you're
just doing whatever is coming to your mind you're just angry so in terms of cyber security a Brute Force attack is when a hacker tries to access your system the hacker doesn't really know the exact password but he's just trying out every possible combination he can to attack your particular system so it it is possible that the hacker might stalk you and they might KN you maybe your favorite color is blue or maybe your you set your default password as your birthday then in that case the hacker can use that knowledge to access your systems
that is called as a Brute Force attack where hackers try to gain unauthorized access to a system by trying all possible combinations of a password or encryption keys until they find the correct one and now how can it be prevented simple use strong password policies don't put your birthday or your name as your password use uh you use some symbols or numbers or special characters so that even if somebody's trying to access your system it it is not 100% foolproof obviously they can still try out like a lot of combinations to work work around your
password but still it is better than putting your birthday or your name as the password next you have account lockout mechanism now this is when um you know you give your a person maybe three number of tries or two number of tries and after that the system just completely shuts down that is the account Lo out mechanism after three or four or however number of Trials the system just completely closes off next you have rate limiting rate limiting is when a particular IP now this this can be beneficial though because say from my phone I'm
trying to access your system so I'm just trying out all the random combinations I can so your system can detect that from my IP there are a lot of requests coming so that way you can just block my IP completely that is rate limiting next you have MFA MFA or multiactor authentication the most common example is Google when you try to log to your Google account from a new system Google cross checks it it sends you an email or nowadays it's that number that it shows you a number and then you have to verify the
same thing on your mobile phones as well that is multiactor authentication you can add your phone numbers as well to verify to just cross check that it is you only who's trying to access your systems or even there are emails as well next you have capture system capture system is to prevent Bots when Bots are trying these password combination you can just make sure that it is a human or a bot you can differentiate between them and if it's a bot system will block it next is IP blocking IP blocking is again the same as
rate limiting you block a particular IP because of the number of requests it is making then there is password hashing password hashing is when you know we talked about SQL injection right you're storing all of your passwords in a particular database now a hacker can attack that database and store all of your password but if you hash the password that is if you encrypt the passwords and make them uh s that just makes them even more safer so even if a hacker wear to attack your database even if the hacker were to steal your passwords
without the decryption key they will have the password but it will be encrypted so they cannot use the password it's just useless so that is password hashing moving on what is a vulnerability assessment and how does it differ from penetration testing let's take another analogy to understand this say there's a house a celebrity house because those people need protection and then there are security guards imagine you are a celebrity this is your house now you are uh surrounding it with security guards so that you remain completely protected now these security guards they walk around your
house they check the alarm system they check the door locks they check the window locks and then okay he's just existing being a security guard now they make sure that everything is secure and they check the for the vulnerabilities they check oh is the windows lock a bit loose maybe the doors lock is a bit loose maybe the alarm system is not quite good enough so they let you know the vulnerabilities of of your system of your house that is they tell you how vulnerable your house is or your system is to Intruders to attack
us that is a vulnerability assessment when you just run around your software and you get to know that the these are the vulnerabilities that the potential hackers can exploit next you have the penetration testing say the same celebrities house but this time instead of bringing secure guards you bring thieves or security guards who are disguised as thieves now these security guards they will not just stand there and observe oh the alarm system seems a bit it's not good enough instead of doing that they actually attack your house and they see that how strong your house
is against these Intruders that is one guy picks the locks one guy tries to climb the windows one guy is trying to disable the alarms and the last one is he's still just being a thief so instead of just standing there and observing that these are the vulnerabilities they actually try to break in they actually try to see how strong your system is against the attack and then they draft the report that is they show you how they got in and what they could have done they draft a proper report that we could have got
in through this vulnerability and we could have done this we could have attacked your house in this way we could have attacked your or we could have exploited your software in this particular way that is called as a penetration testing in the form of a table so the goal of vulnerability assessment is to identify the potential vulnerable ities and in penetration is you know the vulnerability you're exploiting it method automated scans passive analysis penetration is manual and automated exploitation you actively keep on testing it intrusiveness it does not vulnerability is just standing there and be
like there vulnerability and the penetration is attacks the vulnerability output list of vulnerabilities and the severity proof of concept of exploits and potential impact of the vulnerabilities duration vulnerability assessment is generally faster because it's automated but penetration testing can take longer because you're attacking and you're trying out all the different angles so it will take a lot longer moving on to our next question Define a man in the middle attack and how to prevent it man in the middle attack we already discussed about when you're trying to access a public Wi-Fi and somebody interjects that
Network in the middle and tries to steal your data now again let's take another analogy an employee he's connected to the internet and now our hacker is trying to steal the data from the middle they're interjecting that particular connection so the attacker places themselves in the middle of the communication eavesdropping or manipulating the data being exchanged often for malicious purposes such as stealing sensitive information like login credentials Financial details or some personal gains now there can be different types of uh manthe middle attack the first one is Wi-Fi use dropping in which the attacker creates
a fake unsecured Wi-Fi network and tricks users into connecting to it and once you're connected to the hacker is Wi-Fi whatever activity you're doing in your uh systems everything will be visible to the hacker including your sensitive information like your password and your credit card details next we have session hijacking the attacker steals the session cookies to take over the users a session on a website now this is very common again if you're using your public Wi-Fi and then say you logged into Amazon or say uh whenever you log into a particular website there's a
particular cookies that are created for so so long as you browse through the website the cookies are there and when you log out from there the cookies are also disposed of but in man the middle attack what the hacker uses is they retrieve the cookies and they pretend to be you and then they try to access the same websites like say Amazon and then they can order anything they want to set their address and then use your money that is session hijacking lastly we have DNS poofing the attacker rirs the victim to a fake website
by manipulating the DNS response now the attacker what he does is when the victim is accessing a particular website there's a DNS response created so the attacker redirects the victim to a fake website by manipulating the DNS responses now this happens when a single letter or something changes in your particular IP address you might not notice it but it's so minute the detail is very minute that you might not even consider it and you accidentally click on it and then you accidentally are redirected to the malicious website um and you don't even realize that you
are in the malicious website because it looks the same as the original website is supposed to look and then you enter your sensitive information into that website and the next thing you know all your data is corrupted now how to prevent it obviously these are not again foolproof but these you can try like these can reduce minimize the attack effects encrypting your data like I said before when you're storing your passwords in a database you can hash those passwords so that even if the uh attacker gets of your password they won't be able to use
it like it's the same as our Peter and Stacy's case in asymmetry encryption so even if the attacker Where to steal that box which contains the file without the decryption key they cannot open the box don't think about smashing the box and all I'm talking about normal ways opening it with the key they can't because there is no decryption key so that is encryption then you have avoid unsecured public Wi-Fi obviously don't when you even when you're using public Wi-Fi don't access your bank with it next you have user VPN obviously enable 2fa 2fa is
two Factor authentication that also helps Implement encryption protocols again certificate pinning okay only visit the websites which have a certificate there certificate pinning I'll show you a very good example uh for example if you visit SBI you go right here you can see that the connection is secure and if you click on it you can see there a certificate that is the certificate pinning so only access a particular website if you're inputting your credentials and inputting your sensitive information then only do that when you have verified that there is a valid certificate um then you
have monitor for suspicious activities that is observe your systems if there is something suspicious going on even when a virus attacks your system your files start getting changed the format starts getting changed that is when you know your PC is under attack and then DNS security again use a VPN protect your IP addresses moving on to the next question so we've already discussed about SQL injections before but let me just show you how easy it is to uh manipulate any SQL code let me just open my SQL compiler okay we already have a database I'll
have to modify it a little um you can take any editor of your choice I'm taking programers here now say I want the one in which the first name is s Robert and um hypothetically speaking there is no password required here say this username was Robert and say I need the password as um pass 1 2 3 this is very lame don't put this password okay so um to access my server this is the SQL query that I'm putting that whenever the first name is Robert and the password is pass one 23 you can access
Roberts's profile information right now if a hacker gets hold of this code all they need to do is and you don't even need a password anymore all you need is a username or the first name to access Roberts's profile that is how easy it is that is how SQL injection works and that is how easy it is for hackers to attack your server and steal your confidential information now this is the what not to do now let me show you what to do for that I need another compiler say PHP compiler okay now here let
me create a prepared statement let me just write the code first then I'll show you what is the benefit of doing this I'm not typing out the whole thing h now this was the what not do part now let me show you what to do instead say we're going to create instead of that we're going to create a prepared statement I'm going to tell you the benefits of this but let me just write you the code real quick so that I can show you the difference um okay H this is my statement which goes to
the servers so that I'm able to access the credentials of my user which is Robert in this case now let's just execute this H now you can see in this particular code that I'm only taking the username which the user is inputting and the password that the user is inputting but I'm not sending my whole statement to the user even if now even if the attacker were to put a comment in the middle nothing would change because it would be a statement and if something like this were to happen the code would just throw an
error and it would not run at all and now now that is why prepared statements are much more better as compared to your SQL normal SQL code so in technical terms a SQL injection is a type of Cyber attack that allows an attacker to interfere with the queries that an application makes to its database so what you can do make a prepared statement so that even if the attacker tries to attack it it will just be a string and nothing would be changed and if the server detex that something is wrong it would just throw
an error and then nothing would work as simple as that okay now how how can they be avoided you can use web application firewalls which in case detects that something is happening in the SQL string then it will immediately throw an error and it will not let the query be proceeded any F and it will not let the query proceed next regular security testing just to make sure that everything is safe and secure keep on testing your web browsers next there is error handling that in case the browser throws an error or uh you know
sometimes when you're trying to access some website you visit a website and then you try to enter the username and your password say you forgot your password and you just entered something and maybe you missed a character or something so it just throws a message that either the username or the password is wrong so that kind of in error handling the benefit is that the hacker will not know if your usern name is wrong or your password is wrong right so that just increases the complexity and it can Safeguard your system from at least Brute
Force attack right it can be very beneficial so that's why proper error handling is required in your websites to add another layer of protection next we have explain the purpose of public key infrastructure say you trying to access or a person is trying to access their Banks's website now what happens in the back end is your browser saying this case Google Chrome uh goes to this website and validates the certificate we already looked at the certificate of SBI there are a lot of other certificates like let's encrypt diger so even if I were to go
to sbi's website again let's check for their connection they have dger so that's what I'm saying they have a particular certificate which is validated by your browser so your browser checks for the websites a certificate and if it's valid enough then the particular browser generates a public key to encrypt your confidential data that is whatever the data you sending to the website is encrypted using the public key and now naturally when this data is sent to your official bank's server it can only be decrypted with using a private key that the bank contains this way
with the combination of a public key and a private key your data remains safe and secure and that is exactly what you mean by a public key infrastructure it is a framework that manages public and private keypads and digital certificates just to add another layer of protection for your data moving on what is a two-factor authentication now two-factor authentication is very simple it is a security mechanism that adds an extra layer of protection like a phone number just beyond your username and password that is when you're trying to access a website it asks for a
email verification or a phone number verification just to be extra sure that it is you uh now there can be multiple types of um two Factor authentication it can be an SMS code or it can be an Authenticator app like the Microsoft authenticator app or it can be a hardware token or it can be any biometric verification like the fingerprint which I have here on my laptop there can be that kind of verifications as well moving on describe different forms of data leakage and their impact on the organization now data leakage refers to an unauthorized
access transfer or disclosure of sensitive information it is when there is a sensitive information of your companies's data or your data and that data is accidentally or with purpose is leaked or is shared with the rest of the world or with the rest of the people who it was not supposed to be shared with it can occur in ious forms and its impact on organizations can be severe now different forms of data leakage first one is unintentional data leakage that is if an employee is handling a sensitive information and humans can make errors so if
some kind of error happens maybe they were careless or they didn't pay enough attention or maybe they didn't see but the data got leaked somehow that is unintentional data leakage then there is malicious Insider threats when a person intentionally leaks the data of say a particular organization then that is called as malicious Insider threats then you have external breaches that is when a third party say a hacker or someone um or maybe another organization tries to breach into your data that is called as external breaches then it is data transfer leakage that is say if
you're transferring your data from one particular place to another and while the data was getting transferred again a man in the- Middle attack happened and your data again got leaked then you have social engineering attacks where uh the third parties they can blackmail your employees to breach the data that is social engineering attack then there is third party vend leaks that is again when you're sending your data to another company or an organization and the data gets leaked from their end due to maybe a lack of security measures and last but not the least we
have misconfiguration of cloud services that is again when you're updating your data to the cloud and somehow the data gets breached again man in the middle attack the network gets breached and then the data is taken from there now talking about the impact it can have on the organization obviously reputation damage uh if it's a big organization and such uh data breaches happen obviously the companies's reputation is affected a lot then the financial loss the amount of loss the company has to endure due to the data breach operational disruption loss of competitive advantage and the
list just goes on and on and on moving on what is a root kit and how can it be detected another one of a really dangerous cyber security attack now let me just show you how it works exactly say there's an internal server to which multiple employee systems are connected now what happens in a rootkit attack is say this hacker sends a message to one of the employees an email uh the hacker tries to do an email fishing and sends the message to one of the employees's computers and now the employee unaware about such an
email attack clicks on this particular email and the rootkit is installed into that particular employees's computer now what rootkit does is it provides the complete access of this system in which it is affected to the hacker to whoever installed the rootkit that is in our case it is this hacker who installed the rootkit in our employees system now the problem with rootkit is that it's embedded in the operating systems of whatever system it gets installed on so it gets very hard to detect a rootkit attack now another problem with rootkit is that it can multiply
that is it can hop onto other systems as well and it can spread throughout the entire employee system and inevitably it can even attack the main internal server uh which can further act as a back door to the hacker so the hacker can get all the main data that is stored in the internal server so the hacker is just free to access every single confidential data that is happening inside the particular organization as for the technical definition a rootkit is a type of malicious software designed to gain unauthorized access to a computer or network while
remaining hidden from the user and standard detection method like I said before detecting a rootkit becomes really difficult because it gets embedded into the operating system of the particular system in which it is attacking the standard detection methods your anti- malware detection softwares fail to detect root kit installed in your system now detecting it can be difficult but there are certain precautions that you can keep in mind to make sure that you're increasing your chances of detecting a rootkit if it is in your system that is the behavioral analysis obviously when a rootkit is installed
into your system your PC's control is in the person who installed the rootkit they can uh change whatever they want to in your system your PC is under their control so you can see you can monitor for changes in the behavior like suddenly the files which would only be accessible to certain people with passwords are open to everyone you can see such kind of changes within your system next is rootkit scanners there are certain scanners which is basically defined for Linux I believe like RK Hunter and chk rootkit these uh softwares these scanners are specifically
designed to detect rootkit in Linux systems so those you can use then there is system monitoring tools you can either manually check for the uh behavioral system that is up to you or you can install certain softwares inside your laptop just to make sure that the systems if the files are getting changed on their own if the passwords are getting changed too frequently or the passwords are getting removed on their own then these system monitoring tools can alert you uh they can track this and they can show the report to you that these things got
changed without your knowledge next you have anti- software again this doesn't stand a lot of chance but it's still better to have something then manual inspection is only for the ones who have a lot of um experience they can inspect the systems on their own um and then they can figure out the root kit but for that you need to have a lot of uh experience and you need to thoroughly know about your Linux systems underlaying architecture to conduct a manual inspection yourself moving on how does trace rout work in tracking data routes now this
trace route is basically like the name itself says Trace route trace route is when a particular package is being sent from one location to the other now trace route makes sure that every single server it is the package is going onto it tracks it that is um trace route is a network diagnostic tool that tracks the path your data takes from your computer to a specific destination like a server by showing all the intermediate point or hops along the way all the inter intermediate servers that your data has to travel through before reaching the final
Destin ation is called as a trace route it's a diagnostic tool uh like say consider an example so in the screen you can see two girls over here now one of them is trying to send a package to the other girl now one of them is trying to send a package to the other girl now obviously when the package gets delivered here it has to go through a lot of servers in the middle to reach its final destination now let me just show you an overview of how this exactly works first the message is sent
to the closest server that is this one here and it is assigned a particular number that is the time time to live time to live is how many hops the package can make so right now it's just one when you're sending the package initially it's one so in the first go TTL is one it went here first go exhausted now now the number is zero the TTL was one and the Hop happened here it went to the first server TTL was one it got zero now the time to live has exceeded so what happens is
this package is sent back to the user itself to the origin server itself because the time exceeded because the TTL was one now trace route monitors all of this data it stores all of this data it keeps the total time it took to reach here and to come back which is known as the round trip time to reach the first server TTL is exhausted now it came back the total time it took how many servers it passed what was the time to live all of this data is being monitored by Trace rout now similarly this
jumps onto the next server then the next and next and next until it reaches your friend finally now all these little jum that the package made is called as Hops and obviously they all have time to live as well the first time it was TTL 1 it came back then it went again this time it was TTL 2 to TTL 1 TTL 2 got zero it again went back to the original server and then TTL 3 TTL 4 it just keeps on going and coming back until it reaches the final server which matches the description
where it is supposed to reach then it sends an echo echo message ke I have reached the server and then the message gets delivered to the end destination or the end server that is how tracking is performed with Trace rout moving on to a next question what are HTTP response status codes and which ones are critical for the web applications security HTTP response status codes are three-digit numbers returned by the server in response to a client's HTTP request they inform the client about the result of the request whether it was successful encountered an error or
requires further action that is in the most simple terms if you visit a particular website and you try to interact with the website that website is being controlled by a server so the HTTP codes are a way in which the servers are responding to your requests now there there are five types of HTTP servers anything that starts with one is informational like 100 which is continue anything with 2x it shows success that whatever you request send work like the 200 okay then there is anything with 300 is a redirection like whichever site you were trying
to access it has been moved permanently anything with 4X is the client's error that is your error you were trying to access something which was not supposed that you were not supposed to access like a bad request a 401 unauthorized a 403 Forbidden or a 404 not found anything with the 5x is danger because that is a server error like the most common 500 internal server error or the fin not 2 which is bad gateway or the fin not 3 that is service unavailable and now which of these are critical for a web applications of
security 429 too many requests now this is again rate limiting as example this protects your server from a DDOS attack when there are too many requests happening to your server it can raise a 429 too many requests and not allow you to access that particular server for a limited time frame then there is bad request 400 which is when you are again trying to access something you are not supposed to access then there is 41 unauthorized there is authentication and authorization right so authentication is authenticating your user that okay you are allowed to access the
system but authorization is certain resources are protected like there are levels of priority right the top level priority the middle level and the public that everybody can access so there can be an employee that is able to access the public one or the top level one but they cannot access the data which is a high priority highly confidential so that is 41 unauthorized 500 internal server error is when there is something wrong with the server but the server doesn't know what is wrong so that is 500 internal server error find out to bad gateway something
is wrong with other servers that you were trying to fetch the data from and it's not working again there's some internal server error so that's why your server is not able to fetch the data that you requested for for not3 forbidden again if you try to access some data which is not available to you which you're not authorized to take you're forbidden 44 not found the web page that you requested for does not exist fin or three service unavailable is if an attack is actively going on and the server was switched down then that means
the servic is unavailable moving on discuss the key elements of a strong security policy within an organization now there can be a lot of things that can be done within your organization to implement safety one of the things is roles and responsibilities that is assigning the responsibilities assigning roles to your employees so that they feel a lot more responsible for the data that they're handling hence they they are less likely to be care L and the data breaches are less likely to occur then we have data classification and handling like I said before handle or
classify your data if it's a top priority highly confidential data if it is available to the employees but not to the public or if it is available to everybody classify the data based on its sensitivity next there is access control that is again the case of authentication and authorization access control is mostly defining who can access which resource based on their roles and responsibilities if it's a lower level employee they cannot access the highly confidential data only a senior level employee can access that confidential data so Define those rules that is Access Control next there
is incident response like if a attack were likely to happen or if an attack happened what will be your what will be the procedures that is going to happen afterwards like if a zero day vulnerability happened a zero day exploit attack happened suddenly there's an attack and you don't know what to do then which team handles it how would the response be that is the in incident response establish a clear incident response plan for identifying responding to and recovering from an attack next you have acceptable use policy that is how much of the resources of
the company can an employee access that is the acceptable use policy next there is training and awareness like most of the times the employees they must they might be unaware of such attacks so conduct meetings conduct training sessions where they where you teach them or where other third parties come over and they teach your employees how about the cyber security prevention measures that you should be aware of then there is monitoring and auditing obviously Implement systems monitoring network activity data access and user Behavior so that even if there is a malicious activity going on your
systems your monitoring systems will be able to capture that and report it to you next there's physical security obviously you can lock up the server rooms and only um allow certain employees to access the server rooms measures like that then there is compliance with laws and regulations the already existing cyber laws make sure that your companies's rules and regulations are aligning with it moving on to the next question what are advanced persistent threats advanced persistent threats are sophisticated prolonged cyber security attacks typically carried out by a well-funded and highly skilled groups often linked to na
nation states organized crimes or activists now the very common uh one that I can think of is Google's Aurora attack this was another DDOS and advanced persistent threat attack in which a certain attacker group elderwood group which was based on based in China they attacked Google through Microsoft Explorer which was again a zero day exploit Microsoft didn't know that there was such a vulnerability present in Internet Explorer so these group of hackers they attacked that they found out that particular vulnerability and then they sent an email in Internet Explorer to Google's employees and the Google's
employees whoever were clicking on that link the particular militia malware was getting installed in their system which corrupted their system which stole the credentials from their system and later they were able to access the internal server of Google and they stole a lot of data and it was a huge Ruckus with operation arura um so that's how dangerous Advanced persistence threats can be when they are targeting a specific Organization for a lot of reasons moving on what is cognitive cyber security and how does it use AI For Thread detection now cognitive cyber security is an
advanced approach to securing digital environments by using cognitive Technologies to enhance the detection and response to cyber threats a lot of the times I've said this before also humans tend to make errors but AI well considerably the accuracy of a human and AI is different an AI is ACC accuracy is much much higher as compared to human's accuracy so you can train an AI to detect certain patterns or certain repetitive patterns which can help you uh prevent or even stop a Cyber attack completely at the earlier stages itself as even if when we discussed about
the case of root kit if you could have prevented it when the root kit was being installed in the first employees's server itself it would never have spread or like Google Zora if they could have detected that my internet explorers is vulnerability initially itself then that the attack would have never happened so cognitive cyber security is a way to leverage AI as your cyber security tool now um there can be a lot of AI models that you can use like your artificial intelligence machine learning NLP or natural language processing and now how does this exactly
work starting with behavioral analysis behavioral analysis is where an AI model can learn the normal behavior of users systems and networks over time now this is especially helpful when root kits and when malw like root kits are installed in your system because AI can monitor the pattern although you might not be able to check the reports all the time maybe the AI can check the reports for you if the activities are slightly different as compared to your normal everyday activities then the AI can alert the user or can prevent another cyber security attack to your
system next we have threat intelligence threat intelligence is where the AI systems analyze was amounts of data from various sources like thread feeds logs and historical attack patterns in real time they analyze a lot of patterns a lot of data from the past cyber security attacks and if the same pattern they see it over again obviously they are able to recognize the pattern and prevent the cyber security attack from happening then we have automated threat hunting AI can automate the identification of hidden vulnerabilities and malicious activity that might not be visible to human analyzis a
lot of times even when you're using softwares malware detection softwares a lot of times it happens that the threats go unnoticed by the human analyst but in case of AIS it does everything thoroughly with an excellent accuracy hence the likelihood of finding a hidden malware is much much higher for an AIS compared to a human then we have a predictive analysis predictive analysis is when machine learning models predict future attacks based on the past data so it can happen in case of advanced persistent attacks so you can your AI can detect that okay at this
time the attack is supposed to happen or on this particular day the attack is supposed to happen by looking at the previous data the AI can predict this new data hence preventing another cyber security attack then there is U realtime response realtime response is obviously again like your incident response timing in which you setting up a team but there's a problem imagine if there was nobody in the office and then the attack is happening and by the time you realize maybe the next day the attack must have spread a lot and we already saw how
rapidly warms and viruses can spread or root kids they spread on a very very very fast basis so if there's an AI it can automatically detect when the spreading is happening it can detect it and it can prevent it at that exact moment hence the gap for you to realize it is minimized hence saving you a lot of time and your money moving on how does SSH help in securing a server SSH or secure shell is a particular protocol that allows two computers to communicate with each other over a network securely let's consider an example
say we have a server which contains confidential data right now obviously this server interacts with a lot of internal employee system now if any of these employee system is corrupted by a hacker then they will be able to reach this particular server as well and then breach the contents of the server as well hence leading to a data leakage even a hacker tries to attack one of these systems if you're using SSH it protects the server and it protects the overall network from getting breached by any Outsider that is any hacker um in case of
SSS there are two keys a private key and a public key a private key is visible to everyone and it identifies who can access which particular system uh private key can identify a particular user but it will only let the users in who have the permission then there is public key it is used to provide the identity of a user so if a user is ENT entering that user's identity is provided by the public key moving on what are the security challenges associated with iot devices iot devices are very fragile and very common to cyber
attacks like the CCTV camera that we have Smart speakers fitness trackers smart watches or even the smart bulbs that you have in your room these all are very susceptible to cyber attacks because of a lot of reasons let's list some of them down like the weak authentication when you try to connect with an iot device it's super simple it's Bluetooth all you need to do is activate its Bluetooth and connect with your own mobile application or your laptop application so can you imagine how easy it would be for a hacker or any illegal attacker to
attack your systems your iot systems if they get access to your CCTV camera can you imagine the amount of damage they can do then there is insecure communication like I said it uses Bluetooth which is very weak so anybody can perform a man the middle attack and breach the network and take the contents or use that to stock on you install a spyware which can lead to a lot of other attacks as well then there is limited resources then there is limited resources as in an iot device is quite weak to start with a lot
of iot devices their processors are also very not that strong so it gets kind of easier and even if you were to EST add a lot of security features in it it doesn't have the capacity to handle that much of strength it's not build to handle that then there is lack of updates and patches a lot of times even when you buy a CDV camera it's not like they take it away and then update it and then you keep it back so once the model has been published or it has been launched there are very
few companies which actually keep on updating your resources so that's another security challenge moving on to the next question explain fishing attacks and measures to prevent them fishing attacks we already saw which is uh they turn into a trusted Source they fool you into thinking that they are a trusted source so that you would listen to them you would click on the links and what not and then you would enter your credentials uh you're basically entering your security credentials into a website which is going to use those credentials to exploit your data so fishing is
a type of Cyber attack where attackers impersonate legitimate ities to trick individuals into providing sensitive information such as username password credit card numbers or other personal data now there are a lot of types of fishings like email fishing sphere fishing veiling SMS fishing or voice fishing email fishing we already discussed about where they send an email say from a from your bank they will be like your password has been compromised uh click on this link to reset your password you have to reset it immediately and you will click on it because you'll think oh my
password has been compromised that is already a security threat you just you think that you're trying to make it better but all you're doing is making it worse then there is spear fishing spear fishing is when you are targeting a specific individual or a specific organization then there is Wailing wailing is when you target someone really powerful or some powerful organization that is whing then there is SMS fishing SMS fishing is also called as smishing and then it is where you send link all these kind of links in the form of an SMS then there
is voice fishing where the attacker they call you and then they ask you to provide your security credentials maybe you might be getting a 50% cash back on something or you are getting a 50% discount or something or you have won prize money suddenly and they're asking you for your bank account details so that you they can send the money that is voice fishing moving on let's look at some of the measures using which we can prevent them naturally you have to educate and train users the more you spread awareness about such things the more
people know about such things they will be careful of these kind of attacks if if they don't even know that such an attack exists then how can they recognize it so the best thing you can do is spread awareness about it then use email filters you can uh in Gmail also it happens automatically whatever Gmail think is a spam that automatically goes to the spam folder so you can use that and then verify links so before you're clicking a particular link you can hover over the particular link with your mouse just to see which URL
it is taking you to you don't have to do it for every single link just for the links which you think might be suspicious then there is avoid sharing personal information especially online avoid sharing your personal information which should not be shared do not trust uh key okay this is fine I can share this much with this person do not do that do not share your private information with the people who doesn't need to know that enable MFA multiactor authentication like Google does whenever use login with any of your email in any of your systems
it sends you a message on your phone is it really you trying to log in from this particular IP address of from this particular location regularly update software a lot of times when software manufacturers when they find that there is a particular flaw they update it they patch it and then they release the next version so make sure that you have also updated in your systems also so that that particular vulnerability if there was a vulnerability cannot be exploited by cyber security attackers report suspicious activities if you think there is something wrong in or there's
a sudden spike in the activities happening in servers nearby you reported immediately try to contain it because cyber attacks spread very fast very quickly even before you realize it's happening it must have spread a lot it must have spread out of control so report it as soon as you can monitor accounts in which you keep on changing your password on a regular basis so that even if the hacker is able to get the password if you keep on changing it you're more likely to keep your account safe moving on what is data protection in transit
versus data protection ction at rest data protection in transit is basically safeguarding the data when it is in motion that is when it is traveling from one particular server to the other and data protection at rest is when the data is stored in a particular location say a database so data protection in transit refers to the security measures applied when data is being transferred from one location to the other and data protection at rests involves securing that data is stored in a fixed location such as a hard drive or database or a cloud storage service
now why and when do you need to protect the data so you must have heard of the data life cycle which starts from data's creation to its storage to its usage sharing archiving and finally its destruction so when the data is created it's at one place right you're creating the data you need to save that data you're storing the data again data protection at rest when the data is been getting used it's being traveled from one place to the other so again data protection at Transit when it's transitioning then data sharing when you're sharing it
obviously the data is in movement you need to um protect the network lines you need to you need to encrypt your data so that even if the attacker is able to capture your data it still stays encrypted and without the decryption key it cannot be opened then data archiving and Data Destruction now data protection and Transit is a common method used for protection um it includes encryption methods like the TLs and the SSL which which are protocols which Safeguard your data when they are in motion then data protection at rest protection mechanism include encryption access
control and physical security access control encryption you already know access control is who can access the data and then physical security you can surround the servers with say security G just to make sure that nobody is able to break in then moving on to the next question what is a zero day vulnerability and why is it dangerous now consider a particular software that you just newly have launched now the problem here is that a particular hacker notices a certain vulnerability that your testing team failed to notice now the hacker can exploit this particular vulnerability to
attack the users who are using your particular software now the problem with this whole zero day vulnerability is that your developing team has no idea that such a vulnerability exists and the problem is that since they have no idea about such a vulnerability existence they don't have a solution for it either so by the time they find a solution for this particular vulnerability it can affect a lot of users all the users who are using your software all of their systems will be affected from your software and by the time you detect it it must
have spread on a huge scale that is a problem with zero day vulnerability now a zero day vulnerability is a security flaw in a software or Hardware that is unknown to the vendor or the developer moving on to the next question how does a wepn differ from a wean in terms of network security a wepn or a virtual private Network and a wean or a virtual local area network they are both very different a wepn is designed primarily to provide secure access to a network from a remote location over the Internet it is for individual
use a Wheeland is used to segment a network within a local area within a single office building to improve management and security without additional physical Hardware as in the whole office building if they're all all connected to one particular Network it will be a bit more harder for the attackers to attack the system because they have their own virtual local network instead of connecting with the public Wi-Fi okay moving on to the next question what is ethical hacking and what principles does it follow ethical hacking is the practice of intentionally probing a computer system Network
or application to identify and fix security vulnerabilities ethical hacking there are even ethical hack haers ethical hacking is itself a job position in which uh I've seen a lot of Freelancers in this particular position where companies pay you to check for any vulnerabilities and if you as a hacker are able to detect any vulnerabilities in the system they pay you for the efforts and time you put in there so ethical hacking follows a certain set of principles starting with legality and authorization obviously you can only hack a particular system after you have been officially given
the permission that yes you have the the permission to perform a penetration test on this particular software and find the vulnerability integrity and confidentiality the whatever information the hacker finds out during their penetration testing during the whole ethical hacking they cannot uh share it with the rest of the public there's a full disclosure form purpose and scope uh while performing before performing the ethical hacking the company asks them gives them a particular segment of their whole software to test it's not like they can do whatever they want to they are given a particular their their
scope is limited to whatever the company wants to check not the whole application just certain aspects of the application reporting and accountability whatever changes or whatever vulnerabilities they find they have to report it to the company they cannot keep it to themselves they cannot disclose it to the outside world they have to uh disclose it securely to the company non-malicious intent naturally whoever is performing the ethical hacking they need to have a clear concise it's not like finding the vulnerability here and going out and Reporting it to third party that is not ethical hacking ethical
hacking is performed with a non-malicious intent as in a no harm structure where they're only helping the company to figure out any vulnerability that exists they after that they figure it out after they report it and after a patch has been made they do not harm the system anymore further moving on what is the significance of penetration testing in cyber security we've already seen what is penetration testing let's look at what what is it significant why we need penetration testing so say there's a bank website before it's being launched into the public what if in
the bank a website a zero day exploit kind of attack occurs if they directly just make the software and launch it directly to the public without testing it for potential hacking or potential vulnerabilities then if a zero day exploit attack happens they're just doomed especially because it's a bank website so uh to prevent such a event from happening they test it with a sort with the testers present they can hire Freelancers all the ethical hackers who are working for them in the company itself they run penetration tests to just make sure that everything is running
smooth and they reduce the chances of zero day exploit the penetration testing reveals critical vulnerabilities allowing companies to strengthen its web application web applications to security before the launch now the the significance is that planning and scope again a a scope is defined that okay we're going to test this particular segment this particular segment a planning is made completely reconnaissance so reconnaissance is where the testing team gathers the information about the technologies that are being used by the website whichever software or website they're testing out uh they have to gather the list of the technologies
that are being used by that website so that's called as reconnaissance then there is scanning scanning for any potential vulnerability exploitation they scan if and if they find any vulnerabilities they exploit it that is they attack it just to find out how bad the attack can be and then post exploitation they again observe after exploiting whatever changes did happen how badly could they attack what are the changes that happened to the data how how like how is the data getting breached whatever side effects are happening or however ways they can um gather the data how
many types of attacks can be performed with that particular exploitation then they report it that okay these many problems are coming out with the website we need this to be fixed and that is where remediation comes in where you try to fix it then after fixing everything after patching everything you retest it run the tests all over again just to make sure that everything is clear and no attacks no cyber security unknown cyber security attacks can be can happen to your software moving on explain the concept of data encryption and it's important data encryption is
very important even if your data is at rest or even if your data is in transit that is it's moving the safety of your data is crucial let's look at why data encryption is so important with an example you must have all heard of Caesar Cipher which is messing around with the alphabets so say you have a particular message hello and now I'm going to use Caesar Cipher to decrypt this obviously this is not used that commonly but still if I were to move three letters to the front that is H becomes K uh e
becomes h l becomes o and my o becomes R so my hello would turn out to be after decrypting it would turn out to be C so now anybody who has the decryption key will be able to figure out if I just send a message C obviously you wouldn't know what that means right only if you know the decryption that okay whatever it is you have to move back three letters to get hello which is the actual message only then will you be able to know now obviously this is a bit silly because uh nobody's
going to use Caesar Cipher they're going to use something more complicated like uh WhatsApp which uses AES which is the advanced encryption standard um so in WhatsApp also when you're sending a message to any of your friends or colleagues or family members or any person you're sending a message to your message is encrypted first so that even if the hacker is able to uh uh steal your data they will not be able to read the data with without the decryption key moving on what are the different types of cyber attacks targeting Cloud infrastructure now cloud
is one of the rapidly growing Tech Industries in recent days and naturally cyber security attacks happening in Cloud also is fairly common nowadays let's look at the types of cyber attacks that can happen data breaches naturally anything uploading to the cloud it attackers again do the man in the middle attack and they try to breach the data before it reaches the cloud itself account hijacking they can hijack your account and steal your credentials and whatever data you already have in the cloud they can download their data they can access their data DDOS denial distributed denial
of service again they can um flood your Cloud infrastructure with a lot of traffic hence making you not being not even being able to access your own Cloud Server mitc attack now this is man in the cloud attack again uh like man the middle attack again it can breach your network take your credentials steal data from your Cloud malware injection like your SQL injection they can uh maybe in some of the files they can attach a particular malware like a virus or a Trojan and then it can just directly go to your cloud and then
like a root kit I had said before so it can just directly go to your cloud and provide them access to your Cloud's service insecure API sometimes certain API request that you make to your Cloud can be used by the attacker to make the same request and then steal your data again next we have hyper jacking hyper jacking is you know every cloud runs every virtual system runs on a hypervisor so they can attack that hypervisor and that is that's like really dangerous because at that time they they're not just targeting one they can Target
all the virtual systems which are attached to that one hypervisor cross Cloud attacks lateral movement of attacks like we saw in root kit where it was jumping from one computer to the other and then ended up with the internal server again that can also happen it can corrupt all the system systems and then move to the hypervisor attack the main hypervisor Insider threats sometimes the people working in the software industry itself they can only sell out your data misconfiguration exploits sometimes you uh maybe make public storage and that can be exploited moving on how do
incident Response Team manage and mitigate breaches let's just understand what incident response team is so say you have a bank website now a hacker tries to attack this particular Bank website they send a particular uh say a virus to your Banks's website the employees system also gets corrupted with this particular virus and that's when our security information event management or our incident Response Team comes into play they can reset this employees's whole system hence successfully removing the particular virus from its system how this whole process takes place they first start preparing they observe okay this
is the problem that has happened this this is what we're supposed to do and this is how we're supposed to do so they prepare they plan what their action and then detection analysis after preparation they try to detect for further if any further harm has been done how how much harm has it caused and how much potential harm can it cause in the future that is near future happening right now that is detection analysis containment then they try to stop the spread you have to first contain it only then can you stop like only then
can you cure it so they first try to contain contain it they address they see this is how it's spreading they contain it first then they try to eradicate it once they have contained and secured it then they try to remove the virus then they recover the systems because after a virus attack especially with ransomware and all they completely corrupt your files so you need the files to be recovered then post incident analysis then they observe why this particular vulnerability occur if one vulnerability is there it there is a 90% chance that there is another
vulnerability of the same nature it is there somewhere in the system so they have to analyze it just to make sure that in the future it never happens so they documented in order to make sure that the same mistake doesn't happen twice or Thrice or ever in the future moving on what is the difference between malware and ransomware one of the things you need to keep in mind while discussing malware and ransomware is that a ransomware is a malware but a malware is not a ransomware malware ransomware now let's look at the definition malware is
a broad term for malicious softwares designed to harm or exploit systems we have seen virus your spy wear warms your ransomware everything is part of malware ransomware is a type of malware that encrypts or locks data demanding a ransom demanding money if a ransomware is in your system it corrupts your files and it asks you for money so that they can give you back your files purpose of a malware is to disrupt operations steal data spy on users or damage system ransomware is simple extort money from the victims in exchange for restoring access to their
data Behavior varies viruses spread uh there are spyware monitors Trojan creates back doors creating back door is basically like this Google's Aurora attack where Google's servers were compromised and then they created a back door as in nobody consider a house there's a back door and then um you don't know that the back door is open the lock to the back door is open so the attackers can just bring in whatever softwares whatever even more malicious softwares they can bring in through the back door and corrupt your system like make your system even worse um ransomware
encrypts files or locks the system then demands ransom for encryption types include viruses trojen warm spyware adwar ransomware and others specific type within the malware category example is a troen that steals financial information without the users knowledge um the example of our ransomware is w a cry which inre cted files and demanded P payment for decryption Keys impact can cause data theft system damage privacy Invasion or loss of control impact of Ransom wear is it directly leads to a data loss or unavailability unless Ransom is paid motivation varies theft sabotage surveillance or financial gain the
motivation behind a ransomware attack is to primarily gain money through extortion moving on what are the best practices for securing mobile devices first one enable strong authentication use stronger passwords I've said this before also don't use your birthday or your name or your favorite pets's name or your favorite parents's name as a password because that can be easily guessed by a person who's just stalking you it's very easy for them so use strong passwords P or biometric authentication to prevent unauthorized access face ID I'm not so sure of but fingerprint yes then keep your software
updated like I said softwares they tend to uh they keep on even if they detect a certain vulnerability if you don't update it then obviously that vulnerability is present in your system so make sure to update your softwares regularly to update the patches regularly so that your system is less susceptible to a cyber security attack then use MDM MDM or mobile device Management Solutions allow Remote Management of security setting data access and application control especially important for work devices then we have enable devis encryption device encryption is so important I cannot emphasize this enough because
even if your data gets stolen if you have protected your device if the encryption is strong enough then even if they have the data they cannot exploit it because you have encrypted it securely and safely then we have avoid using public Wi-Fi public Wi-Fi I've already said a lot of issues are there with the man in the middle attack so the less you can use public Wi-Fi the better and even if you are using it make sure to enable a VPN just to to protect data when connecting through public or insecure networks moving on how
does machine learning contribute to cyber security solution this is a fairly new term bringing Ai and machine learning into the whole context but this is a fascinating New Perspective for cyber security industry let's look at how it's working threat detection ml algorithms can analyze vast amount of data in real time to detect unusual patterns behaviors or anomalies that may indicate security threats like malware fishing attacks or Insider threats like I said ml or your AI they can analyze vast amounts of data which even if you aren checking it manually all the time your AI models
can predict it they can analyze it and provide you realtime responses then we have anomaly detection ml models is especially useful for identifying Insider threats or unusual network activity that traditional rule based systems might miss if there is an usual spike in the traffic of your server or any such malicious activity your AI models can be much more quicker and much more accurate to detect that then we have Predictive Analytics after observing a particular data historical data um the ml models can predict if a certain attack is going to happen in your particular system realtime
response this I said before also incident Response Team even before your incident response team can react to a particular Cyber attack uh your ml driven systems will be quick they can contain the attack way before the your incident Response Team comes into play and contains it next we have fraud detection in areas like banking NL algorithms track user behavior and flag potentially fraudulent transactions or activities protecting both users and institutions ml models can analyze the data frequencies the way the trans data transmission is happening and based on that they can detect malicious activities happening in
the back end that the humans might miss to notice next we have behavioral metrics ml can track behavioral patterns like typing speed or mic or Mouse movements to enhance identity verification improving login security without relying on passwords alone this is especially useful in capture when you're solving capture it's not about the way uh you're solving it it's about your mouse movements this boards can only move in certain way this is very hard to do but this is how they move sorry I'm not a robot but if it's a human obviously they move like this so
that way it's very easier for AI or an ml model to figure out that it's a human or if it's a bot next you have enhanced threat intelligence ml can scan threat intelligence feed cyber security reports and dark web sources to provide updated information on emerging threats helping organizations stay prepared this is again another uh safety precautionary from your zero day exploits whatever new trends are there in the market ml can analyze that data and provide it to you and Safeguard your system from any new attack that is being launched in the market and that
is the end of this particular video thank you so much for watching [Music]
Related Videos
48:49
15 Most Asked OOPS Interview Questions 202...
Intellipaat
7,320 views
33:08
How to Start Coding | Programming for Begi...
Intellipaat
9,475,090 views
1:56:24
Cyber Security Interview Questions And Ans...
Simplilearn
160,580 views
17:34
Cybersecurity Architecture: Five Principle...
IBM Technology
536,213 views
1:04:46
CIF Webinar Feb 2025 – Understanding the I...
The Smart Cube
27 views
![Top 30 Cybersecurity Interview Questions [For Freshers]](https://img.youtube.com/vi/kqnl30Q0pKQ/mqdefault.jpg)
50:32
Top 30 Cybersecurity Interview Questions [...
Rajneesh Gupta
22,298 views
1:07:26
How to Become Cyber Security Expert in 202...
Intellipaat
163,380 views
1:43:03
Cybersecurity IDR: Incident Detection & Re...
Google Career Certificates
174,904 views
1:14:33
Cybersecurity for Beginners | Google Cyber...
Google Career Certificates
4,627,575 views
27:08
20 Most Asked Linux Interview Questions 20...
Intellipaat
12,522 views
1:21:55
30 Most Asked Django Interview Questions 2...
Intellipaat
7,876 views
1:14:29
Software Engineering Job Interview – Full ...
freeCodeCamp.org
1,704,614 views
1:25:54
Top 30 Machine Learning Interview Question...
Intellipaat
14,795 views
1:22:48
Business Analyst Interview Questions & Ans...
Intellipaat
12,391 views
4:58:59
Cyber Security Full Course for Beginner
My CS
3,286,887 views
11:01
How to Become a Cyber Security Engineer? |...
Intellipaat
8,612 views
1:57:38
30 Most Asked Python Interview Questions 2...
Intellipaat
35,284 views
![Pointers in C / C++ [Full Course]](https://img.youtube.com/vi/zuegQmMdy8M/mqdefault.jpg)
3:47:23
Pointers in C / C++ [Full Course]
freeCodeCamp.org
5,021,757 views
1:00:10
From Events to Persistence: Leveraging Sal...
Integration Corner
83 views
36:20
Hadoop Interview Questions and Answers | B...
Intellipaat
37,656 views