Assignment No. 1
Information Security
Submitted to: Prof. Dr. Abdul Qahar
Submitted by: Maarij Naeem
Roll no: BS ECOM 22 – 030
Subject: Information Security
Hailey College of Commerce
University of the Punjab
Lahore
1. Cybervandalism
Definition: Cybervandalism refers to the deliberate defacement or destruction of digital content,
websites, or data. It is usually done to damage the reputation of a person or organization, express
dissent, or for amusement.
Example: Changing a website’s homepage to display offensive or irrelevant content. For instance,
political activists might vandalize government websites to protest certain policies.
Motive: Disrupting operations, damaging reputation, expressing political or social protest, or simple
mischief.
Prevention:
Implementing strong security protocols such as HTTPS.
Regularly patching and updating systems to close vulnerabilities.
Monitoring web traffic and logging suspicious activity.
Employing website security tools like Web Application Firewalls (WAFs).
2. Denial of Service (DoS) Attack
Definition: A DoS attack aims to make a machine or network resource unavailable by overwhelming it
with a flood of illegitimate requests, making it difficult for legitimate users to access services.
Types:
Flooding: Overloading the network with fake traffic, making it impossible for legitimate users to
connect.
Crash attack: Exploiting bugs in the system’s software to make it crash or fail.
Example: Attacking a website server by sending excessive requests to crash the system.
Impact:
Financial losses from downtime.
Potential loss of customer trust and brand reputation.
Interruption of business operations.
Prevention:
Firewalls: Configuring to block or limit unwanted traffic.
Rate-limiting: Restricting the number of requests a server can handle.
Content Delivery Networks (CDNs): Distributing traffic to multiple servers to handle overloads.
3. Distributed Denial of Service (DDoS) Attack
Definition: A DDoS attack is a more severe version of a DoS attack where multiple computers (often part
of a botnet) are used to flood a target system, overwhelming it and disrupting services.
Example: In 2016, a major DDoS attack on Dyn caused widespread internet disruption, affecting services
like Twitter, Netflix, and GitHub.
Difference from DoS: While DoS attacks originate from a single source, DDoS attacks leverage thousands
or millions of devices, making it harder to block the traffic.
Prevention: Use of DDoS mitigation services, load balancing, network redundancy, and traffic analysis
tools.
4. Sniffing
Definition: Sniffing is the act of monitoring and capturing all data packets passing through a network. It
can be used by attackers to eavesdrop on network communications and steal sensitive information.
Types:
Passive sniffing: Monitoring without modifying the data.
Active sniffing: Intercepting and potentially modifying data.
Example: Capturing login credentials or email contents using a tool like Wireshark.
Impact:
Exposure of confidential data (e.g., passwords, credit card numbers).
Increased vulnerability to further attacks, like identity theft or unauthorized access.
Prevention: Use encrypted communication protocols (SSL/TLS), secure networks, virtual private
networks (VPNs), and network intrusion detection systems (NIDS).
5. Inside Attack
Definition: An inside attack occurs when a trusted individual, such as an employee or partner, misuses
their access to steal, alter, or destroy data, often bypassing security measures that protect against
external threats.
Types:
Malicious insider: Intentionally stealing or destroying data.
Unintentional insider: An employee unknowingly exposing sensitive information through
negligence.
Example: An employee leaking confidential data to competitors.
Impact:
Significant data loss or theft, leading to financial and reputational damage.
Difficulty detecting because insiders often have authorized access to the systems they exploit.
Prevention: Implementing strict access controls, monitoring user activity, regular audits, and providing
cybersecurity training.
0
