Get me outta here!

Tuesday, 15 May 2012

How Do You Protect Your Computer From Getting Hacked?



Hello Friends,

Today, We'll discuss about "How Do You Protect Your Computer from Hacking."

Hacking These days has increased very much so I decided to tell you all about How do you dodge the Hackers before they do damage to you or your Computer.

So, First I'll tell you about all the Hacking Attacks that I know of.

Types of Hacking Attacks.

1. Denial of Service - 
DoS attacks give hackers a way to bring down a network without gaining internal access. DoS attacks work by flooding the access routers with bogus traffic(which can be e-mail or Transmission Control Protocol, TCP, packets).

Read More About Denial of Service Attacks Here.

2. Distributed DoSs -
Distributed DoSs (DDoSs) are coordinated DoS attacks from multiple sources. A DDoS is more difficult to block because it uses multiple, changing, source IP addresses.

Read More About Distributed Denial of Service Attacks Here.

3. Sniffing - 
Sniffing refers to the act of intercepting TCP packets. This interception can happen through simple eavesdropping or something more sinister.

Read More About Sniffing Here.

4. Spoofing - 
Spoofing is the act of sending an illegitimate packet with an expected acknowledgment (ACK), which a hacker can guess, predict, or obtain by snooping

Read More About Spoofing Here.

5. SQL injection -
SQL injection is a code injection technique that exploits a security vulnerability occurring in the database layer of an application. It uses normal SQL commands to get into database with elivated privellages..

Read More About SQL Injection Here.

6. Viruses and Worms - 
Viruses and worms are self-replicating programs or code fragments that attach themselves to other programs (viruses) or machines (worms). Both viruses and worms attempt to shut down networks by flooding them with massive amounts of bogus traffic, usually through e-mail.

Read More About Viruses Here.
Read More About Worms Here. 

7. Back Doors - 
Hackers can gain access to a network by exploiting back doors administrative shortcuts, configuration errors, easily deciphered passwords, and unsecured dial-ups. With the aid of computerized searchers (bots), hackers can probably find any weakness in the network.

Read More About Back Doors Here.

8. Trojan Horses -
Trojan horses, which are attached to other programs, are the leading cause of all break-ins. When a user downloads and activates a Trojan horse, the software can take the full control over the system and you can remotely control the whole system.They are also reffered as RATs(Remote Administration tools)

Read More About Trojan Horses Here.

9. Keyloggers -
Consider the situation, everything you type in the system is mailed to the hacker..!! Wouldn't it be easy to track your password from that.. Keyloggers perform similar functionallities.. So next time you type anything.. Beware!

Read More About Keyloggers Here.

10. Brute-Forcing - 
Brute-Forcring is sometimes the Most Tiring Job.A Brute-Force attack on a Network.It tries all the Password Combinations possible.Many Times,Brute-Forcing doesn't works because of Connection Times Out.I have Posted Some Information about Brute-Force Tools and How it takes Place Long Back.You can refer to it for more information.

Read More About Brute-Forcing Here.

11. Secret Question - 
According to a survey done by security companies, it is found that rather than helping the legitimate users the security questions are more useful to the hackers.A hacker Can create a Fake Account and act as being someone else and in the meantime will get your trust and ask your Personal Secret Questions like In which Village was Your Mother Born? What was the Name of your First Grade Teacher? On what street where you Born? On what street your father livend in his Childhood? etc etc.It is upto you to Dodge People like this and Block them if You Find them Suspicious.

12. Social Engineering - 
This was one of the oldest trick to hack.. Try to convince your user that you are a legitimate person from the system and needs your password for the continuation of the service or some maintenance.This won't work now since most of the users are now aware about the Scam.

Read More About Social Engineering Here.

13. Phishing - 
This is another type of keylogging, here you have to bring the user to a webpage created by you resembling the legitimate one and get him to enter his password, to get the same in your mail box.Most of the Users now are aware of this attack but a Elite Hacker can come up with different ways of Phishing attacks.

Read More About Phishing Here.

14. Fake Messengers - 
Hackers Make Fake Applications pretending to be Some Social Messengers and When You Open them,Some RAT/Virus/Trojan is Executed.

15. Cookie Stealer - 
Cookies Stealing also known as Session Hijacking asks a victim to open a fake site and When the Victim is Online,HIs Cookies are sent to the hacker and While the Victim is online,his account's passoword is cracked and the hacker is inside his account.

Read More About Cookie Stealing Here.

16. DNS Poisoning or PHARMING - 
Pharming is a derivate from phishing. Both use “ph” instead of an “f” and are part of a computer slang. Pharming seeks to obtain personal or private information through domain spoofing. In phisihing you are being spammed with malicious deceiving e-mail requests for you to visit spoof Web sites which appear legitimate. Pharming on the other hand poisons a DNS server by infusing false information into the DNS server, resulting in a user’s request being redirected elsewhere. Your browser, however will show you are at the correct Web site, which makes pharming a bit more serious and more difficult to detect. Phishing attempts to scam people one at a time with an e-mail while pharming allows the scammers to target large groups of people at one time through domain spoofing.

17. Whaling - 

The Whale virus is a computer virus discovered on July 1, 1990. The file size, at 9,216 bytes, was for its time the largest virus ever discovered. It was written by German programmer R. Horner. It is known for using several advanced "stealth" methods.
After the file becomes resident in the system memory below the 640k DOS boundary, the operator will experience total system slow down as a result of the virus' polymorphic code. Symptoms include video flicker to the screen writing very slowly. Files may seem to "hang" even though they will eventually execute correctly. This is just a product of the total system slow down within the system's memory.
It was reported that one infected program displayed the following message when run:

THE WHALE IN SEARCH OF THE 8 FISH
I AM '~knzyvo}' IN HAMBURG addr error D9EB,02

_____________________________________________________________

Now, All the Hacking Ways I know are over,So Now comes the Question,How can you get Your Computer Protected against these attacks?

Protection Against Hacking Attacks.

How Do You Protect Your Site Against a DDOS or DOS Attack?

DDOS or DOS attack only takes place on Web-Sites and Not on Particular Computers so Skip this if you don't own a Website or don't want to protect your site.


A Distributed Denial Of Service (DDOS) attack is an attempt by a malicious party to prevent legitimate users of using your services. With a DDOS attack this is typically accomplished through flooding, a process whereby multiple clients generate traffic to your site that takes up all capacity of your site so it stops responding to legitimate request.
There’s a number of solutions available against these type of attacks but they tend to be ineffective mostly because they’re either dependent on your own infrastructure or they are reactive meaning that they will respond after the attack has started. If DDOS attacks need to be blocked in/on your own infrastructure you will very quickly run out of capacity as the attacker can generate more traffic than your own infrastructure (firewalls, switches, load balancers) can handle. So anytime you’re dependent on blocking DDOS attacks in your environment you’re already too late, it needs to be stopped before it gets to your doorstep. Now if you have deep pockets there’s options available that run at the ISP level. They’re basically IPS/IDS like solutions that will detect anomalous traffic and blackhole this traffic. This will avoid the traffic getting to your infrastructure but these are expensive solutions that aren’t available to your run-of-the-mill website owner.
So whats the solution to an attack that is capacity based? Have more capacity than the attacker. That sounds like a bad solution as you don’t have infinitely deep pockets to keep adding capacity for the unlikely event you’re being targetted by a DDOS attack. Fortunately there’s a very easy way of getting additional capacity beyond the means of any DDOS attacker: use a Content Delivery Network. A CDN is a proxy solution that can be used to deliver content close to a target group which offloads traffic from your website. There’s a number of services available like Akamai, Amazon CloudFront or MaxCDN. If you use a CDN and your site is being attacked with a DDOS attack is actually not your site being attacked but the CDN. And the CDN has tons and tons of capacity that no normal DDOS will be able to saturate. In normal circumstances the costs of using a CDN will be low enough not to give you any headaches but when a DDOS is mounted you will see a spike in traffic. This will generate costs as the CDN is responding to way more traffic than usual but your site is protected against the DDOS attack. The decision whether you want those costs is up to you but at least there is a sure fire way of countering a DDOS attack.
Now setting this up for a static website is simple but things get a bit more complex with a dynamic, personalised site. Even then you can use a CDN to your advantage. Most DDOS attacks are simple scripts without the capabilities of a full browser. You could decide to host a static homepage on the CDN that loads a Javascript or Flash animation that needs to be executed before you move to the dynamic site. The DDOS script can’t execute the Javascript or Flash animation and fails the test. It will not proceed to the dynamic site. The firewall of your site is configured in such way that only traffic coming from the CDN will be accepted, there is no bypass.
If you’re willing to pay the price of a CDN you have every chance of surviving a DDOS.
How Do You Protect Your Computer from Sniffing?


A scary aspect of these tools is who can, and will, use them. As stated earlier, sniffers can be used for both legitimate and illegitimate purposes. For instance, a network manager can use them to monitor the flow of traffic on the network to ensure that the network is operating efficiently. However, sniffers can also be used by malicious users to obtain valuable personal information. Whether it is passwords or private communication, both crackers and co-workers can benefit from reading your data. Defending against sniffers, as with any other threat, needs to start from the top and filter down to the user. As on any network, administrators need to secure individual machines and servers. A sniffer is one of the first things a cracker will load to see what is taking place on and around their newly compromised machine.
Another method of protection involves tools, such as antisniff, that scan networks to determine if any NICs are running in promiscuous mode. These detection tools should run regularly, since they act as an alarm of sorts, triggered by evidence of a sniffer.


How Do You Protect Your Computer from Spoofing?

E-mail Spoofing is the Most used spoofing technique used these days,To Protect yourself from Spoofing,take the same measures as you would use to avoid Phishing Traps, i.e , Don't click Links provided in the email that you are suspicious of.Do not give away your personal information to anybody pretending to be a legitimate source.Always be sure that you are on the right site while entering sensitive information such as Online Bank Account Passwords, Social Networking Site Passowords by Checking the Site's Webisite Certificate.On Google Chrome,If you are visiting the Right Site,the Address Bar will show a Lock Icon in Green Color, In the Same way, Go to the Paypal's Log-In Site and see if it Shows the Green Icon or not.You can Google to see More Ways of Protecting Yourself against Spoofing.

How Do You Protect Your Computer From SQL Vulnerability?

To Protect Your Site against the SQL Vulnerability, You have to understand the Whole Process in which it takes place,Because I can't Explain too much right now,I am giving you a Link from where you can learn about What Is SQL,How it Takes Place, and How to Get Protection Against it.
Read all about SQL Here.


How Do You Protect Your Computer From Viruses 
and Worms, Back Doors, Trojan  Horses, Keyloggers ,

Fake Messengers,Whaling?

Well,Now This is Too Easy to do task.To Protect Your Computer Against these dangerous things,The first and foremost step is to have a Good and Updated Anti-Virus.If You are a Windows Operating System User,then the best I could recommend you all is to have Microsoft Security Essentials Installed.If you don't prefer MSE then Given Below is a List of Anti-Virus that I recommend.

1. Norton Internet Security.

2. Bit Diffender Anti-Virus.

3. Kasperesky Internet Security.

4. Panda Anti-Virus Pro.

5. F-Secure Anti-Virus.

6. AVG Anti-Virus.

7. Avast Pro Anti-Virus.

8. G Data Anti-Virus.

9. Bull-Guard Anti-Virus.

10. Avira Anti-Virus Premium.

11. ESET NOD32 Anti-Virus.

If You Need any More, then You Can Google About it.

Having an Updated Anti-Malware Software is also necessary.I would recommend :

1. Malwarebytes.

2. SUPER Anti-Spyware.

_____________________________________________________________

How Do You Protect Your Web-Site From Brute-Force Attacks?

To Protect your web-site and even computer (File Transfer Protocol way can be used to hack into your Computers too.) from getting hacked you have to use a strong password for your Computer's Broadband Connection and Web-Site's Admin Log-In Password.To Make a Strong password, you must use Both,Capital and Small Letters with numbers along with some special characters -
 (! ; @ ; # ; $ ; % ; ^ ; & ; *)
Entering Passwords with Capital and Small Letters with Numbers and Special Characters can be a bit frustrating at times but remember its only for your Web-Site's Security.

How Do You Protect Yourself from Secret Question and Social Engineering?

To Protect Yourself from these attacks, Do not reveal your secret things like Sharing Your passwords with others and tell people about your past life until you trust them.Identifying Fake Profiles on Social Networking Sites can be easy.First,See the Person's Profile before accepting their friend requests.If they have started their account on the site recently and have lots of friends in their friend list,then beware! These Profiles are 100% Fake.Also See if they have the Same Profile Picture from the Beginning of Time (Fake Profile Holders really don't care about changing their profile pictures).And One more thing,do not share anything personal with the people you've added recently and if they directly ask you personal questions in a few weeks,I suggest you to block them.

How Do You Protect Yourself from Cookie Stealing?

The best way to protect yourself against a session hijacking attack is to use https:// connection (Hyper Text Transfer Protocol SECURED.) each and every time you login to your Facebook, Gmail, Hotmail or any other email account. As your cookies would be encrypted so even if an attacker manages to capture your session cookies he won't be able to do any thing with your cookies.

How Do You Protect Yourself from DNS Poisoning or Pharming?

Its a Really Big Article and You need to spare time to read this.You can read all about DNS Poisoning and How to Protect Yourself from Here.

_____________________________________________________________


OTHER NEWS AND NOTES ABOUT "Protect Your Computer from getting Hacked." :-

Given Below is the Table By Anti-Phishing Working Group (APWG) which contains some information about Phishing Attacks.According to their report,there were at least 83,083 unique phishing attacks worldwide in 190 top-level domains (TDLs)  in the second half of 2011 .The attacks used 50,298 unique domain names.

Click The Photo to Enlarge.

You Can visit the Official Site of Anti-Phishing Working Group Here.

How can you spot a Genuine Links or URL?

Given below are some tips you show know so that you don't get hacked in future.


  • Always Notice how to E-mail Sender addresses you. Genuine E-mails will always address you in a personal manner.(Either by your Name or your Username on the site.)

  • Genuine URLs will have SSL (Secure Socket Layer) Security.This can be spotted by reading the term "HTTPS" in the URL.

  • Genuine URLs will have a Lock symbol and the right-hand side bottom of the page or in the address bar right before the URL.This signifies the Digital certificate.
Click the Photo to Enlarge.


How Do You Spot a Fake Links or URL?


  • Hover the mouse over a link before you click it.It will reveal the real destination in case the URL is a masked one.

  • Beware of the Sign "@" in the URL as all the browsers ignore the characters before the "@" sign.For example the URL "www.facebook@wooder.com" will not take you to the original Facebook Webpage.

  • Check the spelling of the URL carefully. Hackers sometimes change a single character to try and trick victims. For instance, many people will feel at first glance that “www.micorsoft.com” is the same as “www.microsoft.com”.

  • Check if the URL of the page you are directed to is the same as that mentioned in the email.

  • Read the link properly. For instance, the URL “www.apple.com.wooder.com” will not take you to the official Apple website.


  • Ensure that the link does not start with an IP address. For instance, “http://198.162.256.56/wood/index.htm” is the kind of link that you must never trust.

  • There are several services online which shorten URLs to cater to character count limitations. To avoid falling for fake shortened URLs you should use a service like “www.longurl.org” which reverses the process to show you the real destination.

  • On another note, it is also advisable to not download any suspicious attachments. If it is necessary, you must download and scan them separately.

If I am missing something then please comment below.

- KANISHK SINGH

0 comments:

Post a Comment

Due to the permanent shut down, I rarely visit the blog. Don't expect answers to your queries very soon.
-Kanishk