Knowledge in Computer Security & Cryptography

Crack/Hack windows password

This presentation is about  how to change the windows 7 administrator password without know it. If  you have some Basic Techinical knowledge of computer and you follow these steps you can do it. In this a command is given control userpasswords2 (for all windows operating systems 7/8/10) you can directly run this command in command prompt by running command prompt in administrater and from this you see a dialog box (when you see that you know what to do).this option is work on both cases i.e when you normally use your computer or your friend's computer. (THIS IS ONLY FOR KNOWLEDGE PURPOSE) 

Share Cryptography and Network Security: Principle

Share Cryptography and Network Security: Principles and Practice

Computer Network Security and Cyber Ethics

Computer Network Security and Cyber Ethics

Foundations of Cryptography: Basic Tools

Foundations of Cryptography: Basic Tools

Encyclopedia of Cryptography and Security

Encyclopedia of Cryptography and Security

Network security

This is a book on computer security

Block Chain, Cryptocurrency and Crypto Trading Sce

Block Chain Definition: The blockchain is a public ledger that is used to keep records of all transactions. It uses a peer-to-peer distributed computer network system to store records in multiple computers present all over the world. Every record contains a link to the previous transaction, current transaction details and hash function (using SHA-256 algorithm). Any change in data is authorized after the change is present in all copies of the file. Indian Context: In 2017, Government of Andhra Pradesh has piloted two key projects in Vizag using blockchain technology: managing land records and streamlining vehicle registrations. India Office of RXIL successfully implemented MonetaGo Blockchain solution which went live recently. Cryptocurrency – Working Definition: A digital currency which is decentralized and encrypted for security is called cryptocurrency. Working: 1. A transaction using Cryptocurrency a. Happens on user end 2. Cryptocurrency Mining a. Verification of Transaction b. Storage using Block Chain c. Update to User Cryptocurrency – Types and Formats Underlying ASSET There isn’t one. Each coin doesn’t exist physically but instead sits as a balance on an enormous public ledger in the cloud that (along with all transactions) is verified by this decentralized computing power. Notably, this makes it an alternative to a central bank controlled money, although following the abolition of the gold standard, “normal” money generally has no underlying asset either. Laws Regarding Crypto Trading Cryptocurrency “was” neither legal nor illegal in India before After April 2018, Regulated financial institutions in India can no longer provide services to companies or individuals dealing with virtual currencies But India is open to regulate norms as it has interests in the blockchain. RBI says the challenge is to get the right balance of freedom of enterprise and control over speculative and deceitful activities. Future Of Crypto Trading In India India to remain unfriendly to cryptocurrencies for a foreseeable future. India doesn’t recognize cryptocurrencies as legal tender. The underlying technology, Blockchain, will be utilized and in various central government schemes. Currently, only the legalities are being finalized right now. Supreme Court in a hearing stated that interested parties can still file petitions to RBI which needs to be heard and acted upon within two-weeks time. Indian conglomerates are investing heaving in implementing blockchain. The banking sector is particularly interested in using the concept to better their security.

current affairs pdf in hindi - December 1st week (2018)

Download current affairs pdf in hindi - December 1st week (2018)

IoT Security

What is the most important IoT security trend we are seeing this year? As consumers and businesses adopt more IoT devices and threats continue to multiply, securing those devices easily and at scale has become a daunting task. We are seeing more specialized security tools and processes specifically for IoT devices this year, specifically the use of digital certificates and public key infrastructure (PKI’s) to enable a more secure onboarding process. “‘Onboarding’ is the process by which a new device is connected and added to the network and the local IoT ecosystem. Onboarding includes the process for authentication, authorization, and accountability of that new device.” -- A Vision for Secure IoT Digital certificates are issued and signed by a reputable source, often referred to as a Certificate Authority or Root of Trust. Like a digital identity card, devices exchange digital certificates to cryptographically authenticate each other’s identity and origin. In other words, authentication credentials allow you to prove you are what you say you are. As the IoT Security Informed Insight explains, “not only do digital certificates increase security, they enable a better customer experience (e.g. no PIN to enter.)” The cryptographic signatures within the certificates cannot feasibly be forged or re-created unless you have the proper private key at the source. You can read more about the authentication process, digital certificates and PKI’s here. What are the main challenges facing the IoT industry today? The challenges are multifaceted, but the three most common I see are: While many companies are beginning to explore solutions, most device makers do not have security experts and are unprepared to manage security complexities Device manufacturers and security companies have traditionally operated in two quite separate worlds. Device manufacturers operate in a world of physical devices, often on the scale of hundreds of thousands, even millions of devices the manufactured each year. Tightly managing inventory, bill of material costs, and just in time delivery are essential to remaining competitive.  Device manufacturers work with firmware and small footprint applications, often with limited compute power and storage. Security can be limited to that which is only essential, in order to keep costs down and delivery times short. This market is generally characterized by tens of thousands of small to medium sized companies that individually might not drive very high volumes, but in aggregate ship billions of devices. Security companies have traditionally operated in the world of enterprise computing, networking, and web servers and web applications. These accounts are typically characterized by large corporations with IT groups and staff or consultants that specializes in security. Generally, these are large companies, banks, data centers, health care providers, etc. where there may not be a physical product, but valuable data that is stored in vast database servers. The data enables services and usually involves personal and/or financial information that must be protected. As you can see, this can result in a large mismatch between what a device maker needs, and what a security company is equipped to provide, resulting in the two parties talking past each other. As a result, device security often doesn’t get implemented properly. This is not because the device maker doesn’t want to do it, but because they are not effectively guided on HOW to do it. In the pressure to meet product schedules and quarterly earnings, device security is often omitted or left as an afterthought because it currently takes too much effort and cost to understand and implement it People often hear that cost is the reason for not implementing security, but misinterpret where that cost lies. There is indeed strong pressure to lower BOM costs, but the larger cost is often in the staff a company needs just to understand security itself. Whether it is allocating brain cycles from existing staff or new hires, headcount is generally one of the largest costs a company incurs. Understanding takes brain cycles. Brain cycles = time. Time = money, big money. If we are to address the IoT security issue effectively, we need to address the time aspect of implementing security. Although IoT has existed for some time now, the market pressure to go wireless leaves devices more vulnerable to attacks Autonomous networked devices have existed for quite some time already, but have primarily been implemented on wired networks on a relatively limited scale, using general purpose computers. However, with the relentless march of Moore’s Law, microcontrollers have advanced to the point where even a very small, inexpensive chip can operate a full TCP/UDP network stack in addition to managing a wireless radio. This high integration and lower cost have driven the market towards the adoption of small, wirelessly connected autonomous devices. In addition, the convenience of wireless connectivity has increased the scale of adoption to levels that are orders of magnitude greater than we have ever seen before. Every device that is connected to your network is effectively a user on that network. Would you let a human user onto your network without verifying their identity? If you wouldn’t do that, why would you let a “device” do it? I put “device” in quotes because, in a network environment, you can’t always be sure if something claiming to be a device actually is what it says it is. The justification for omitting security I often hear is “there is nothing important on that device”. That is the data center way of thinking about it where you are protecting what is directly on the system where security is implemented. My response is usually this, “You are absolutely correct. No one cares about what’s on the device. They care about the network it’s connected to.” That usually gets them to rethink their position. Insecure devices provide a foothold on the network to attack higher value devices or capture sensitive data.

Firewall Setup In Linux

There are three actions which the iptables can perform on the traffic ACCEPT DROP REJECT 1. ACCEPT When a traffic passes the rules in its specified chain, then the iptable accepts the traffic. That means it opens up the gate and allows the person to go inside the kingdom of Thanos. 2. DROP When the traffic is unable to pass the rules in its specified chain, the iptable blocks that traffic. That means the firewall is closed. 3. REJECT This type of action is similiar to the drop action but it sends a message to the sender of the traffic stating that the data transfer has failed. As a general rule, use REJECT when you want the other end to know the port is unreachable’ use DROP for connections to hosts you don’t want people to see. To list the rules of the current iptables:- sudo iptables -L 2. Clear the rules : If you ever want to clear/flush out all the existing rules. Run the following command:- sudo iptables -F This will reset the iptables. 3. Changing the default policy of chains : sudo iptables -P Chain_name Action_to_be_taken As you can see in the above picture ,default policy of each of the chain is ACCEPT. For eg:– If you see the forward chain, you will see “Chain FORWARD (policy ACCEPT)”.This means your computer allows any traffic to be forwarded to another computer.   In order to change the policy of forward to drop:- sudo iptables -P FORWARD DROP The above command will stop any traffic to be forwarded through your system. That means no other system can your system as an intermediary to pass the data. Making your First Rule : 1. Implementing a DROP rule : We’ll now start building our firewall policies.We’ll first work on the input chain since that is where the incoming traffic will be sent through. Syntax:- sudo iptables -A/-I chain_name -s source_ip -j action_to_take We’ll take an example to understand the topic. Let’s assume we want to to block the traffic coming from a ip address 192.168.1.3. The following command can be used:- sudo iptables -A INPUT -s 192.168.1.3 -j DROP This may look complicated, but most of it will make sense when we go over the components:- -A INPUT :- The flag -A is used to append a rule to the end of a chain. This part of the command tells the iptable that we want to add a rule to the end of the INPUT chain. -I INPUT:- In this flag the rules are added to the top of the chain. -s 192.168.1.3:- The flag -s is used to specify the source of the packet. This tells the iptable to look for the packets coming from the source 192.168.1.3 -j DROP This specifies what the iptable should do with the packet.   In short, the above command adds a rule to the INPUT chain which says , if any packet arrives whose source address is 192.168.1.3 then drop that packet, that means do not allow the packet reach the computer. Once you execute the above command you can see the changes by using the command:- sudo iptables -L

Types of crptography

Modern cryptography concerns with: Confidentiality - Information cannot be understood by anyone Integrity - Information cannot be altered. Non-repudiation - Sender cannot deny his/her intentions in the transmission of the information at a later stage Authentication - Sender and receiver can confirm each Cryptography is used in many applications like banking transactions cards, computer passwords, and e- commerce transactions. Three types of cryptographic techniques used in general. 1. Symmetric-key cryptography 2. Hash functions. 3. Public-key cryptography Symmetric-key Cryptography: Both the sender and receiver share a single key. The sender uses this key to encrypt plaintext and send the cipher text to the receiver. On the other side the receiver applies the same key to decrypt the message and recover the plain text. Public-Key Cryptography: This is the most revolutionary concept in the last 300-400 years. In Public-Key Cryptography two related keys (public and private key) are used. Public key may be freely distributed, while its paired private key, remains a secret. The public key is used for encryption and for decryption private key is used. Hash Functions: No key is used in this algorithm. A fixed-length hash value is computed as per the plain text that makes it impossible for the contents of the plain text to be recovered. Hash functions are also used by many operating systems to encrypt passwords.