Tuesday, 26 July 2022

Intrusion detection system (IDS)

 An intrusion detection system (IDS)

An intrusion detection system (IDS) is a system that monitors network traffic for suspicious activity and alerts when such activity is discovered.

While anomaly detection and reporting are the primary functions of an IDS, some intrusion detection systems are capable of taking action when malicious activity or anomalous traffic is detected, including blocking traffic sent from suspicious Internet Protocol (IP) addresses.

An IDS can be contrasted with an intrusion prevention system (IPS), which monitors network packets for potentially damaging network traffic, like an IDS, but has the primary goal of preventing threats once detected, as opposed to primarily detecting and recording threats.

How do intrusion detection systems work?

Intrusion detection systems are used to detect anomalies with the aim of catching hackers before they do real damage to a network. IDSes can be either network- or host-based. A host-based intrusion detection system is installed on the client computer, while a network-based intrusion detection system resides on the network.

Intrusion detection systems work by either looking for signatures of known attacks or deviations from normal activity. These deviations or anomalies are pushed up the stack and examined at the protocol and application layer. They can effectively detect events such as Christmas tree scans and Domain Name System (DNS) poisonings.

An IDS may be implemented as a software application running on customer hardware or as a network security appliance. Cloud-based intrusion detection systems are also available to protect data and systems in cloud deployments.

Different types of intrusion detection systems

IDSes come in different flavors and detect suspicious activities using different methods, including the following:

  • network intrusion detection system (NIDS) is deployed at a strategic point or point within the network, where it can monitor inbound and outbound traffic to and from all the devices on the network.
  • host intrusion detection system (HIDS) runs on all computers or devices in the network with direct access to both the internet and the enterprise's internal network. A HIDS has an advantage over a NIDS in that it may be able to detect anomalous network packets that originate from inside the organization or malicious traffic that a NIDS has failed to detect. A HIDS may also be able to identify malicious traffic that originates from the host itself, such as when the host has been infected with malware and is attempting to spread to other systems.
  • signature-based intrusion detection system (SIDS) monitors all the packets traversing the network and compares them against a database of attack signatures or attributes of known malicious threats, much like antivirus software.
  • An anomaly-based intrusion detection system (AIDS) monitors network traffic. It compares it against an established baseline to determine what is considered normal for the network with respect to bandwidth, protocols, ports, and other devices. This type often uses machine learning to establish a baseline and accompanying security policy. It then alerts IT teams to suspicious activity and policy violations. By detecting threats using a broad model instead of specific signatures and attributes, the anomaly-based detection method improves upon the limitations of signature-based methods, especially in the detection of novel threats.

Historically, intrusion detection systems were categorized as passive or active. A passive IDS detected malicious activity would generate an alert or log entries but would not take action. An active IDS sometimes called an intrusion detection and prevention system (IDPs), would generate alerts and log entries but could also be configured to take actions, like blocking IP addresses or shutting down access to restricted resources.

Snort -- one of the most widely used intrusion detection systems -- is an open source, freely available, and lightweight NIDS that is used to detect emerging threats. Snort can be compiled on most Unix or Linux operating systems (OSes), with a version available for Windows as well.

Capabilities of intrusion detection systems

Intrusion detection systems monitor network traffic in order to detect when an attack is being carried out by unauthorized entities. IDSes do this by providing some -- or all -- of the following functions to security professionals:

  • monitoring the operation of routers, firewalls, key management servers, and files that are needed by other security controls aimed at detecting, preventing, or recovering from cyberattacks;
  • providing administrators a way to tune, organize and understand relevant OS audit trails and other logs that are otherwise difficult to track or parse;
  • providing a user-friendly interface so nonexpert staff members can assist with managing system security;
  • including an extensive attack signature database against which information from the system can be matched;
  • recognizing and reporting when the IDS detects that data files have been altered;
  • generating an alarm and notifying that security has been breached; and
  • reacting to intruders by blocking them or blocking the server.

Benefits of intrusion detection systems

Intrusion detection systems offer organizations several benefits, starting with the ability to identify security incidents. An IDS can be used to help analyze the quantity and types of attacks. Organizations can use this information to change their security systems or implement more effective controls. An intrusion detection system can also help companies identify bugs or problems with their network device configurations. These metrics can then be used to assess future risks.

Intrusion detection systems can also help enterprises attain regulatory compliance. An IDS gives companies greater visibility across their networks, making it easier to meet security regulations. Additionally, businesses can use their IDS logs as part of the documentation to show they are meeting certain compliance requirements.

Intrusion detection systems can also improve security responses. Since IDS sensors can detect network hosts and devices, they can also be used to inspect data within the network packets, as well as identify the OSes of services being used. Using an IDS to collect this information can be much more efficient than manual censuses of connected systems.

Challenges of intrusion detection systems

IDSes are prone to false alarms -- or false positives. Consequently, organizations need to fine-tune their IDS products when they first install them. This includes properly configuring their intrusion detection systems to recognize what normal traffic on their network looks like compared to potentially malicious activity.

However, despite the inefficiencies they cause, false positives don't usually cause serious damage to the existing network and simply lead to configuration improvements.

A much more serious IDS mistake is a false negative, which is when the IDS misses a threat and mistakes it for legitimate traffic. In a false negative scenario, IT teams have no indication that an attack is taking place and often don't discover it until after the network has been affected in some way. It is better for an IDS to be oversensitive to abnormal behaviors and generate false positives than it is to be undersensitive, generating false negatives.

False negatives are becoming a bigger issue for IDSes -- especially SIDSes -- since malware is evolving and becoming more sophisticated. It's hard to detect a suspected intrusion because new malware may not display the previously detected patterns of suspicious behavior that IDSes are typically designed to detect. As a result, there is an increasing need for IDSes to detect new behavior and proactively identify novel threats and their evasion techniques as soon as possible.

IDS versus IPS

An IPS are similar to an intrusion detection system but differs in that an IPS can be configured to block potential threats. Like intrusion detection systems, IPSec can be used to monitor, log and report activities, but they can also be configured to stop threats without the involvement of a system administrator. An IDS simply warns of suspicious activity taking place, but it doesn't prevent it.

An IPS are typically located between a company's firewall and the rest of its network and may have the ability to stop any suspected traffic from getting to the rest of the network. Intrusion prevention systems execute responses to active attacks in real-time and can actively catch intruders that firewalls or antivirus software may miss. However, organizations should be careful with IPSes because they can also be prone to false positives. An IPS false positive is likely to be more serious than an IDS false positive because the IPS prevents legitimate traffic from getting through, whereas the IDS simply flags it as potentially malicious.

It has become a necessity for most organizations to have either an IDS or an IPS -- and usually both -- as part of their security information and event management (SIEM) framework.

Monday, 25 July 2022

Kali Linux

Kali Linux is a security distribution of Linux derived from Debian and specifically designed for computer forensics and advanced penetration testing. It was developed through rewriting of BackTrack by Mati Aharoni and Devon Kearns of Offensive Security. Kali Linux contains several hundred tools that are well-designed towards various information security tasks, such as penetration testing, security research, computer forensics, and reverse engineering.

BackTrack was their previous information security Operating System. The first iteration of Kali Linux was Kali 1.0.0 was introduced in March 2013. Offensive Security currently funds and supports Kalin Linux. you would see a large banner stating, “Our Most Advanced Penetration Testing Distribution, Ever.” A very bold statement that ironically has yet to be disproven.


Kali Linux has over 600 preinstalled penetration-testing applications to discover. Each program with its unique flexibility and use case. Kali Linux does an excellent job separating these useful utilities into the following.


  1. Information Gathering
  2. Vulnerability Analysis
  3. Wireless Attacks
  4. Web Applications
  5. Exploitation Tools
  6. Stress Testing
  7. Forensics Tools
  8. Sniffing & Spoofing
  9. Password Attacks
  10. Maintaining Access
  11. Reverse Engineering
  12. Reporting Tools
  13. Hardware Hacking

Professionals that use Kali Linux


* Security Administrators – Security Administrators are responsible for safeguarding their institution’s information and data. They use Kali Linux to review their environment(s) and ensure there are no easily discoverable vulnerabilities.


* Network Administrators – Network Administrators are responsible for maintaining an efficient and secure network. They use Kali Linux to audit their network. For example, Kali Linux has the ability to detect rogue access points.


* Network Architects – Network Architects, are responsible for designing secure network environments. They utilize Kali Linux to audit their initial designs and ensure nothing was overlooked or misconfigured.


* Pen Testers – Pen Testers, utilize Kali Linux to audit environments and perform reconnaissance on corporate environments which they have been hired to review.


* CISO – CISO or Chief Information Security Officers, use Kali Linux to internally audit their environment and discover if any new applications or rouge configurations have been put in place.


* Forensic Engineers – Kali Linux possesses a “Forensic Mode”, which allows a Forensic Engineer to perform data discovery and recovery in some instances.


* White Hat Hackers – White Hat Hackers, similar to Pen Testers use Kali Linux to audit and discover vulnerabilities that may be present in an environment.


* Black Hat Hackers – Black Hat Hackers, utilize Kali Linux to discover and exploit vulnerabilities. Kali Linux also has numerous social engineer applications, which can be utilized by a Black Hat Hacker to compromise an organization or individual.


* Grey Hat Hackers – Grey Hat Hackers, lie in between White Hat and Black Hat Hackers. They will utilize Kali Linux in the same methods as the two listed above.


* Computer Enthusiast – Computer Enthusiast is a pretty generic term, but anyone interested in learning more about networking or computers, in general, can use Kali Linux to learn more about Information Technology, networking, and common vulnerabilities.













Sunday, 24 July 2022

Detail Backlink Topic

 What is a Backlink?

Backlinks are also known as inbound links. These are the links from one website to a page on another website. Website pages with a high number of backlinks are more likely to rank on the search engine rather than one which does not have.

You would need a backlink for better results for your website over the internet. If you have a number of links on your site, the more weightage you will have on the search engine. Creating a large number of backlinks is why a blog or website ranks over google or other search engines.

There are two types of backlinks.

Do-Follow:

A Dofollow link passes the authority of the original website to the desired site. These links allow other search engines and Google to point back to your website or blog. A Dofollow link helps your website rank in the top positions in the search engines. High-quality do-follow backlinks are the best way to generate increased traffic for your website.

No-Follow:

A No-follow website does not influence the ranking of the website. However, it increases the traffic of the website. These links do not give the website many benefits but definitely provide traffic to your site. Social media sites primarily use Nofollow links. Businesses can link their social media platforms with their website through No-follow links.

Both of these links benefit your website, so do not ignore any of these methods to bring more traffic to your site.

Whenever a website links its webpage with the other website, it passes a link juice. The link juice helps you to increase your website ranking and traffic. The more the link juice flows from the linking website to the linked site, the more authentic recommendation will be to the site. A website owner can block the link juice when he builds a no-follow link instead of do-follow.

Adding a Root Domain:

Adding a root domain refers to adding a number of backlinks from specific domains to your websites. If you create several links from a single website, it will still be considered as a linked root domain.

A low-quality link is generated from spam, unauthorized, or hacked sites. Building low-quality links can hamper your search engine ranking and cause harm to your site.

The best way to get quality backlinks is to build backlinks on high-quality content sites with more traffic and search results. Creating backlinks on the most authoritative website is difficult but most relevant for your SEO visibility.

Internal links are the links that link your website pages internally with one another. This internal linking will help your user or the visitor easily navigate between your site’s web pages. This method will keep your visitor for a longer time on your website.

Backlinks play an essential role in SEO as they represent a vote from one site to another. Creating backlinks will be worth it only when you choose the right site to build links. For instance, You offer products related to footwear and build links on a clothing website. These links will be of no use to your business.

When you build high-quality backlinks, it helps you to improve the organic ranking of your website. Below are some of the points which will tell you how backlinks matter for SEO-

  • Creating backlinks will help you in fast indexing over a search engine.
  • You can drag more traffic to your website.
  • Backlinks help you to position your website as an authority.
  • More backlinks on other sites will assure Google that the content you provide through your website is authentic and relevant for the viewers.
  • When you purchase high-quality backlinks from reputed sites, the search engine automatically considers your site to be placed on the top positions in the search engine.

Here are the tips that will help in your site’s high-quality link building.

Publish Good and Evergreen Content:

When you publish good content with the best keywords, it will influence other websites to allow you to build links on their website.

Tips and tricks to write better content

  • You should include query-solving content for your audience.
  • For a better user experience, always write readable content for your visitor.
  • Use an informal and interactive way of content writing.

Start Guest Blogging:

Guest posting is the best way to get quality backlinks. You need to find which sites are offering guest posting. You can do guest posts on another website and add your website’s backlinks to them. With the help of guest blogging, you can build high-quality backlinks.

You can use infographics to create high-quality backlinks. Infographic is a good source of information that is usually shared over the internet. So if you create backlinks on infographics, it can bring more traffic to your website.

Be Active on Quora:

Quora can be a fine option for you to build backlinks free for generating high traffic for your website. You can also answer the questions on quora and add your site’s backlink with detailed information on that topic to get more viewers on your website. To benefit more from quora, you can improve your presence on this platform.

Most SEO experts use this technique to build high-quality backlinks free on another website. The experts look for broken links and ask the website owners to fix these links and place their links in exchange for broken links. Quora is the most convenient way to get your links on a high-traffic website. To check broken links of any website, you can use the broken link check site.

Do Internal Linking:

You can increase your website’s search ranking by creating internal links. You can link one webpage with another internally on your website. This technique of interlinking pages will boost the search visibility of your site.

Video Marketing:

As viewers show interest in video-related content. You can build your youtube channel and describe the topic on which you have prepared a blog. You can add your blog’s link to the video content so that whoever watches your vlog can easily move to your website to know more about the topic. This method of preparing backlinks can bring large traffic to your website and help you rank on search engines.

Some of the benefits of using backlinks are

  • Backlinks help you to improve the organic traffic of your website.
  • Creating backlinks will provide you with the option of fast indexing.
  • You can also increase the referral traffic of your site.
  • Building high-quality backlinks sites will help you rank in the top positions in the search engine.

Constant in PHP

What is Constant in PHP

A constant is a name or an identifier for a fixed value. Constants are like variables, except that once they are defined, they cannot be undefined or changed.

Constants are very useful for storing data that doesn't change while the script is running. Common examples of such data include configuration settings such as database username and password, website's base URL, company name, etc.

Constants are defined using PHP's define() function, which accepts two arguments: the name of the constant, and its value. Once defined the constant value can be accessed at any time just by referring to its name. 

<?php // Defining constant define("SITE_URL", "https://www.tutorialrepublic.com/"); // Using constant echo 'Thank you for visiting - ' . SITE_URL; ?>


Conventions for PHP Constants

Name of constants must follow the same rules as variable names, which means a valid constant name must start with a letter or underscore, followed by any number of letters, numbers, or underscores with one exception: the $ the prefix is not required for constant names.






Saturday, 23 July 2022

Variable in PHP

 Variables are used to store data, like strings of text, numbers, etc. Variable values can change over the course of a script. Here're some important things to know about variables:

1) In PHP, a variable does not need to be declared before adding a value to it. PHP automatically converts the variable to the correct data type, depending on its value.

2) After declaring a variable it can be reused throughout the code.

3) The assignment operator (=) used to assign value to a variable.

In PHP variable can be declared as: $var_name = value;

<?php // Declaring variables $txt = "Hello World!"; $number = 10; // Displaying variables value echo $txt; // Output: Hello World! echo $number; // Output: 10 ?>


In the example, we have created two variables where the first one has been assigned with a string value and the second has been assigned with a number. Later we displayed the values of the variables in the browser using the echo statement. The PHP echo the statement is often used to output data to the browser. We will learn more about this in the upcoming chapter.

Conventions for PHP Variables

These are the following rules for naming a PHP variable:

  • All variables in PHP start with a $ sign, followed by the name of the variable.
  • A variable name must start with a letter or the underscore character _.
  • A variable name cannot start with a number.
  • A variable name in PHP can only contain alpha-numeric characters and    underscores (A-z, 0-9, and _).
  • A variable name cannot contain spaces.





















Friday, 22 July 2022

PHP Syntax

Basic PHP syntax, including case sensitivity, statements, and whitespaces.

As a programming language, PHP has a set of rules that governs how you write programs.

Start PHP 

<?php

Enclosing tag

?>

Example

<!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8"> <title>PHP Syntax</title> </head> <body> <h1><?php echo 'PHP Syntax'; ?></h1> </body> </html>


 PHP code, the enclosing tag is optional

<?php echo 'PHP Syntax';


PHP is partially case-sensitive. Knowing what is case sensitive and what is not is crucial to avoid syntax errors.

If you have a function such as, you can use it as COUNT. It would work properly.

The following are case-insensitive in PHP:

  • PHP constructs are if, if-else, if-else, switch, while, do-while, etc.
  • Keywords such as true and false.
  • User-defined function & class names.

On the other hand, variables are case-sensitive. e.g., $message and $MESSAGE are different variables.

A PHP script typically consists of one or more statements. A statement is a code that does something, e.g., assigning a value to a variable and calling a function.

A statement always ends with a semicolon (;). The following shows a statement that assigns a literal string to the $message variable:

$message = "Hello";PHP also has a compound statement that consists of one or more simple statements.if( $is_new_user ) { send_welcome_email(); }The closing tag of a PHP block (?>) automatically implies a semicolon (;). Therefore, you don’t need to place a semicolon in the last statement in a PHP block. For example:<?php echo $name ?>The statement echo $name doesn’t need a semicolon. However, using a semicolon for the last statement in a block should work fine. For example:<?php echo $name; ?>

Whitespace & line breaks

In most cases, whitespace and line breaks don’t have special meaning in PHP. Therefore, you can place a statement in one line or span it across multiple lines.

login( $username, $password );


login( $username, $password );






























o";










Microsoft Thwarts Chinese Cyber Attack Targeting Western European Governments

  Microsoft on Tuesday   revealed   that it repelled a cyber attack staged by a Chinese nation-state actor targeting two dozen organizations...