What are the Hacking, Denial of services, Database administrator (DBA)?
Answer: Hacking, Denial of services, Database administrator (DBA)
Hacking is the art of exploring various security breaches. All hackers have motives, methods, and skills. A computer hacker is a typically knowledgeable person. He/she knows several languages, familiar with UNIX and NT, Networking protocols.
A hacker will look for internal and external system holes or break into the system. Cracker and hacker are two different terms. Cracker is attempting to break into the system by guessing or cracking user’s passwords. We can easily identify crackers because their actions are malicious.
An ethical hacker possesses the skills, mindset, and tools of a hacker but is also trustworthy. Ethical hackers perform the hacks as security tests for their systems. It has also known as ethical hacking as penetration testing or white-hat hacking. It involves the same tools and techniques that hackers use, but with one major difference. Ethical hacking is legal. The attack vector is a path for hackers. By means by which a hacker can gain access to a computer system or computer server in order to deliver a payload or malicious outcome. Attack vectors enable hackers to use system vulnerabilities, including the human. Viruses, attachments of electronic mail, web pages, pop‐up windows, instant messages, and chat rooms are examples of attack vectors. These methods require programming. To prevent vectors, you can use firewall and antivirus software.
Denial of services (DoS) :
Denial of services (DoS) is a network-based attack whose aim is not to steal the system resources or access confidential data, but it aims to prevent legitimate users from accessing information or services by interrupting the normal use of the system services. DoS attacks fall under two categories:
1. One which eats up almost all system resources, preventing legitimate users from doing any useful work.
2. Another targets the network and disrupts its operation.
The most common type of DoS attack occurs when attackers mischievously flood a network server or a web server with multiple false requests for services in order to crash the network. In this situation, the server cannot serve genuine requests. This is a ʹdenial of services’ because the legitimate users cannot use the network facility.
DoS attack does not damage information or access restricted areas, but it can shut down a website, making it inaccessible for genuine users. Several times, it becomes difficult for it has attacked a website to determine that it.
For example, it may consider a slowdown due to network traffic.
It is usually impossible to prevent DoS attacks.
Protecting against DoS attack is:
(i) Make a list of all resources consumed by every user.
(ii) Detect when the resources consumed by a user exceed those allowed by some system policy.
(iii) After detecting an attack, reclaim the consumed resources using as few additional resources as
possible or remove an offending user.
Classification of DoS attacks :
(i) Logic attacks: This attack takes place in network software such as TCP/IP protocol stack or web server.
(ii) Protocol attacks: Protocol is a set of rules. This attack takes place on a specific feature or implementation bug.
(iii) Bandwidth attacks: Attacker open many web pages and keep on refreshing for consuming
more bandwidth. After some time website becomes out of service.
Types of DoS attacks:
1. Ping of death: Ping of death attack sends large oversized ICMP packets. The maximum legal size of IP packets is 65535 bytes. Because of limitations in the physical layer, packets may have to be fragmented and then reassembled at the destination. So it fragments this packet for transport. The receiver then reassembles the fragments as the ping fragments arrive. The total packet length becomes too large. It may be possible that the system may crash.
2. Smurf: It is a variation of ping attack. The attacker selects a network of unwitting victims. The attacker spoofs the source address in the ping packet so that it appears to come from the victim. Then the attacker sends this request to the network in broadcast mode by setting the last byte of the address to all 1s.
3. Teardrop attack: This attack misuse a feature designed to improve network communication. An attacker sends a series of datagrams that cannot fit together properly. One datagram might say it is position 0 for length 60 bytes, another position 30 for 90 bytes so on. These fragment pieces overlap so it cannot reassemble properly them.
4. Malicious misrouting of packets: A attacker may attack a router and change its routing table, resulting in misrouting of data packets, causing a denial of service.
5. Attacker sends a large number of UDP packets to nonlisting ports on the victim. This causes victim to respond with an ICMP host unreachable message for each packet that it receives.
Database administrator (DBA) :
The database administrator is a person having central control over data and programs accessing that data. He coordinates all the activities of the database system. The database administrator has a good understanding of the enterprise’s information resources and needs.
Functions of a DBA :
1. Schema definition: The creation of the original database schema. This involves writing a set of definitions in a DDL (data storage and definition language), compiled by the DDL compiler into a set of tables stored in the data dictionary.
2. Storage structure and access method definition: Writing a set of definitions translated by the data storage and definition language compiler.
3. Schema and physical organization modification: Writing a set of definitions used by the DDL compiler to generate modifications to appropriate internal system tables (Example: Data dictionary). This is done rarely, but sometimes the database schema or physical organization must be modified.
4. Granting user authority to access the database: Granting different types of authorization for data access to various users.
5. Specifying integrity constraints: Generating integrity constraints. These are consulted by the database manager module whenever updates occur.
6. Routine maintenance: It includes the following :
(i) Acting as liaison with users.
(ii) Monitoring performance and responding to changes in requirements.
(iii) Periodically backing up the database.