Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated:
1
00:00:00,730 --> 00:00:01,690
Hello, everyone.
2
00:00:01,690 --> 00:00:04,960
So in this video, we are going to talk about fundamental questions.
3
00:00:04,960 --> 00:00:12,220
Part one, basically, we have divided this fundamental questions because there are 55 questions and
4
00:00:12,220 --> 00:00:14,590
we have divided it in two parts.
5
00:00:15,010 --> 00:00:20,140
So let me start with what is an IPO and how does it differ from ideas?
6
00:00:20,350 --> 00:00:23,590
Basically, this question always asked by the interviewer.
7
00:00:23,770 --> 00:00:25,990
So let's see what exactly the IPS IP is.
8
00:00:25,990 --> 00:00:31,330
Is nothing but intrusion prevention system and ideas is intrusion detection system.
9
00:00:31,330 --> 00:00:34,300
Now what is the difference between the both of them?
10
00:00:34,300 --> 00:00:39,760
Definitely both are the part of the network infrastructure, but how it differs.
11
00:00:39,760 --> 00:00:42,280
So ideas, let's talk about the ideas.
12
00:00:42,280 --> 00:00:50,060
So it is generally used for the detection of any you can see detection of traffic, right?
13
00:00:50,200 --> 00:00:56,110
So whatever the traffic is flowing in your environment, it is coming to ideas.
14
00:00:56,260 --> 00:01:01,450
So once it will detect something, it will send to the administrator and whatever that misses have to
15
00:01:01,450 --> 00:01:05,740
do, they will do an intrusion prevention system.
16
00:01:06,550 --> 00:01:14,560
We can say that there is a, you know, particular signature on which if there is something suspicious
17
00:01:14,560 --> 00:01:21,400
found in the traffic related to that signature, then Ipfs is going to block that.
18
00:01:21,400 --> 00:01:27,100
So this is the basic difference between these tools apart from that.
19
00:01:28,300 --> 00:01:34,810
The main difference if we talk about so ideas is one of the monitoring system or and while IPC is a
20
00:01:34,840 --> 00:01:35,980
control system.
21
00:01:36,130 --> 00:01:40,240
So apart from that, you can just read out more information here.
22
00:01:41,290 --> 00:01:45,530
Now, second question, which is one of the important, which is generally asked by the interviewer.
23
00:01:45,550 --> 00:01:47,750
Explain risk, vulnerability and threat.
24
00:01:47,770 --> 00:01:52,330
So here is a very easy way to learn this.
25
00:01:52,360 --> 00:01:53,810
Risk, vulnerability and threat.
26
00:01:53,830 --> 00:01:54,910
So let's say threat.
27
00:01:54,910 --> 00:01:57,230
Threat is nothing but, you know, attack.
28
00:01:57,340 --> 00:01:59,590
Or you can say a bad actor.
29
00:01:59,770 --> 00:02:01,330
So this is what a threat.
30
00:02:02,140 --> 00:02:03,220
So usually threat.
31
00:02:03,220 --> 00:02:04,000
Exploit a one.
32
00:02:04,270 --> 00:02:04,930
One liberty.
33
00:02:05,080 --> 00:02:07,540
One liberty means the weakness, weakness, whatever.
34
00:02:07,540 --> 00:02:11,380
The weakness of the organization through which a threat can enter.
35
00:02:12,310 --> 00:02:16,810
So a threat exploits of one liberty and can damage or destroy an asset.
36
00:02:17,050 --> 00:02:20,920
Vulnerability refers to a weakness in your hardware, software or procedures.
37
00:02:21,160 --> 00:02:24,730
And this refers to the potential for loss or damage or destroyed assets.
38
00:02:24,730 --> 00:02:27,490
So threat is nothing but a bad actor.
39
00:02:27,510 --> 00:02:33,670
Vulnerability is the weakness and risk is referred to the whatever the loss already has been occurred
40
00:02:33,670 --> 00:02:37,150
in your organization or whatever the damage.
41
00:02:37,270 --> 00:02:41,890
So this is the basically the difference between risk, vulnerability and threat.
42
00:02:42,360 --> 00:02:48,790
Moving to this part, what is the difference between asymmetry and symmetric encryption and which one
43
00:02:48,790 --> 00:02:49,540
is better?
44
00:02:49,930 --> 00:02:54,460
So definitely we'll talk about some asymmetric encryption.
45
00:02:54,460 --> 00:02:59,470
So symmetric and give should generally use the same key for both encryption and decryption.
46
00:02:59,470 --> 00:03:02,540
So let's say if there is some private and public.
47
00:03:02,770 --> 00:03:04,420
Both are generally same, right?
48
00:03:04,420 --> 00:03:11,950
So they will use for the encryption same key, public key and for the decryption they are going to use
49
00:03:12,340 --> 00:03:13,420
again public key.
50
00:03:14,590 --> 00:03:18,580
Whereas in asymmetric we have two keys, private and public key.
51
00:03:19,400 --> 00:03:26,120
Now here, with the help of public key, we are going to encrypt the data, whereas with the help of
52
00:03:26,120 --> 00:03:28,880
private key, we are going to decrypt it.
53
00:03:29,280 --> 00:03:29,750
Right.
54
00:03:29,750 --> 00:03:36,410
So usually what happens in asymmetric encryption, it takes much time because we have to encrypt, then
55
00:03:36,410 --> 00:03:38,570
we have to decrypt it as well if we have to send it.
56
00:03:38,570 --> 00:03:38,920
Right.
57
00:03:38,930 --> 00:03:45,530
So it is taking much time then submitting encryption and that's why the symmetric encryption is faster,
58
00:03:45,560 --> 00:03:53,090
whereas the asymmetric encryption is slow, but asymmetric encryption is much more secure than the symmetric
59
00:03:53,090 --> 00:03:53,810
encryption.
60
00:03:53,810 --> 00:03:59,840
That's why asymmetric I'm talking about this answer, which one is better?
61
00:03:59,840 --> 00:04:03,410
So that's why asymmetric encryption is much better.
62
00:04:04,790 --> 00:04:06,140
Now what is excesses?
63
00:04:06,140 --> 00:04:12,200
How will you mitigated excesses when I hope you have done some bug bounty or something?
64
00:04:13,400 --> 00:04:16,210
And you might have heard this exercise, right?
65
00:04:16,700 --> 00:04:23,390
And if you are fresher, then definitely I would suggest to you again that you can just go on Udemy.
66
00:04:23,390 --> 00:04:30,590
There will be a course of cyber community bug bounty or offensive hunting codes, so you can take that
67
00:04:30,590 --> 00:04:30,860
course.
68
00:04:30,860 --> 00:04:37,460
That is a very minimum price maybe, I guess 360 you can directly contact me on cyber community and
69
00:04:37,460 --> 00:04:39,590
we'll give you a link of 30 ₹60.
70
00:04:40,220 --> 00:04:41,510
Now what is access to?
71
00:04:41,510 --> 00:04:47,090
Access is in ultimate cross-site scripting in which we generally we use JavaScript only within web application.
72
00:04:47,090 --> 00:04:52,320
So the easiest way to explain this is a case when a user interface script in the client side.
73
00:04:52,340 --> 00:04:53,690
Now here one.
74
00:04:53,690 --> 00:05:01,670
One main thing to remember is that the interviewer can ask that what exactly the access attack is.
75
00:05:01,670 --> 00:05:07,340
So you can tell them that accesses is a client side attack, right?
76
00:05:07,880 --> 00:05:11,630
Exercise is a client side attack right now.
77
00:05:11,630 --> 00:05:19,190
What we can do to mitigate this, generally what we can do, we can input the validation, we can use
78
00:05:19,670 --> 00:05:22,970
it, we can implement a CSP that is content security policy.
79
00:05:22,970 --> 00:05:25,760
We can sanitize the input.
80
00:05:25,760 --> 00:05:29,480
These, these three things we can do as a mitigation part.
81
00:05:31,050 --> 00:05:33,480
What is the difference between encryption and hashing?
82
00:05:33,480 --> 00:05:40,020
So generally encryption is a two way, two way and we can say reversible hashing is non reversible.
83
00:05:40,020 --> 00:05:47,250
Why I'm saying this because you know, once there is a data, we are we are encrypting it right and
84
00:05:47,250 --> 00:05:48,420
then we are decrypting it.
85
00:05:48,420 --> 00:05:49,980
That's why it's reversible.
86
00:05:49,980 --> 00:05:57,450
Whereas hashing is not because once the hash, you know, once the any file we got the hash value for
87
00:05:57,480 --> 00:05:59,730
that, it is not going to reverse that.
88
00:05:59,730 --> 00:06:03,360
It is not going to to reverse all data of that file.
89
00:06:03,390 --> 00:06:03,880
Right.
90
00:06:04,170 --> 00:06:10,770
So but hashing can be correct using rainbow tables and collision tags and encryption.
91
00:06:10,770 --> 00:06:16,620
What encryption ensures it ensures confidentiality, whereas hashing ensures integrity.
92
00:06:16,620 --> 00:06:19,940
Integrity means there is no modification of sorry.
93
00:06:20,010 --> 00:06:21,210
There is no modification.
94
00:06:21,330 --> 00:06:22,980
Modification of data.
95
00:06:24,100 --> 00:06:25,770
Now what is creative?
96
00:06:26,220 --> 00:06:30,930
I have also discussed CSR of In Bug Bounty, so you can go through that course as well.
97
00:06:31,200 --> 00:06:36,510
Now cross-site scripting a request rate of OCD is a web application in which the server does not check
98
00:06:36,510 --> 00:06:39,250
whether request came from a trusted client or not.
99
00:06:39,270 --> 00:06:40,860
So let me give you an example.
100
00:06:40,890 --> 00:06:41,620
Right, right.
101
00:06:41,640 --> 00:06:42,510
So.
102
00:06:43,580 --> 00:06:46,280
Let's say there is a web application, right?
103
00:06:46,400 --> 00:06:48,320
And you are one of the user.
104
00:06:48,710 --> 00:06:50,450
I'm another user.
105
00:06:51,350 --> 00:06:56,330
So what I will do, I'm changing something on my account on that web application.
106
00:06:57,050 --> 00:06:59,330
I'm changing in my profile section.
107
00:06:59,330 --> 00:07:01,600
Now, with the help of brute force.
108
00:07:01,610 --> 00:07:06,470
I have taken all those things and I'm sending one of the HTML file and you are directly clicking on
109
00:07:06,470 --> 00:07:06,950
that.
110
00:07:07,430 --> 00:07:13,220
So all changes, whatever I have done in my account that is also reflecting in in your account.
111
00:07:13,280 --> 00:07:13,670
Right.
112
00:07:13,670 --> 00:07:16,340
So this is what I see as RDF.
113
00:07:16,340 --> 00:07:24,050
And actually the server is not knowing that from where exactly it is coming.
114
00:07:24,050 --> 00:07:28,160
So it is thinking that you are the person who is doing it.
115
00:07:28,160 --> 00:07:35,990
So that's why from my point of view, CSV is a server side attack but some somewhere it is also written
116
00:07:35,990 --> 00:07:42,860
as a client side attack because generally it is happened due to the mistake of client or we can say
117
00:07:42,890 --> 00:07:43,580
a victim.
118
00:07:44,980 --> 00:07:49,450
Now the difference between Texas and Seattle is we have discussed both of them.
119
00:07:49,450 --> 00:07:56,200
I hope you understand exercise is much more dangerous than CSR because it's a client side attack.
120
00:07:56,200 --> 00:07:56,800
Right?
121
00:07:57,340 --> 00:08:04,750
And it can steal your credentials, password or whatever, the very important data you can say.
122
00:08:05,770 --> 00:08:07,570
So this is what the difference.
123
00:08:07,570 --> 00:08:15,700
And you can read more things with the help of this video file now is the access client said okay we
124
00:08:15,700 --> 00:08:20,800
have already discussed this one now what is IOC so indicator of compromise?
125
00:08:21,250 --> 00:08:29,650
So let's say you have seen hash value IP domain you are a user is and now if these are malicious these
126
00:08:29,650 --> 00:08:36,130
are suspicious then it means these are the indicators of showing something is malicious, something
127
00:08:36,130 --> 00:08:37,620
is suspicious.
128
00:08:37,630 --> 00:08:44,920
So that's why we call it indicator of compromise, just for generally to know all those things.
129
00:08:44,920 --> 00:08:51,790
We we see that whether the IP is malicious or not, whether the domain you are l user isn't or you can
130
00:08:51,790 --> 00:08:53,770
say the hash values malicious or not.
131
00:08:55,220 --> 00:08:55,660
Okay.
132
00:08:55,690 --> 00:08:57,790
Now antivirus versus idea.
133
00:08:57,790 --> 00:08:59,740
This is one of the important question.
134
00:09:00,340 --> 00:09:07,840
Believe me, guys, I have given a lot of interviews and I have take the feedback from my seniors,
135
00:09:07,840 --> 00:09:14,260
my juniors and everybody tell that they always ask this question antivirus versus EDR.
136
00:09:14,290 --> 00:09:19,390
Maybe they will ask you about firewall versus antivirus versus EDR.
137
00:09:19,870 --> 00:09:27,070
So you can also go through my YouTube channel and you will also get the whole video of that.
138
00:09:28,150 --> 00:09:33,040
Now, area is all definitely we know it's an endpoint detection response.
139
00:09:33,040 --> 00:09:33,480
Right?
140
00:09:34,360 --> 00:09:38,540
And it works on real time monitoring and detection of threats.
141
00:09:38,560 --> 00:09:41,530
So it's a behavior based, right?
142
00:09:41,860 --> 00:09:43,600
It is behavior based.
143
00:09:43,600 --> 00:09:48,850
Whereas antivirus is your signature based means there is some predefined signatures.
144
00:09:48,850 --> 00:09:54,970
And on those basis, antivirus is detecting the suspicious traffic.
145
00:09:54,970 --> 00:09:56,590
Or you can see the malware.
146
00:09:57,430 --> 00:10:05,230
Whereas EDR is the real time monitoring, it's a behaviour based so there is inbuilt sandbox and they
147
00:10:05,230 --> 00:10:11,080
are going to analyze each and everything that what actually the pattern analysis that what actually
148
00:10:11,080 --> 00:10:12,700
the pattern is happening.
149
00:10:13,790 --> 00:10:18,710
So that's what basic difference between ADR and antivirus.
150
00:10:19,580 --> 00:10:21,220
Now, here is one question.
151
00:10:21,230 --> 00:10:22,520
Do I need both?
152
00:10:23,120 --> 00:10:27,140
Well, our area is also having the signature.
153
00:10:27,140 --> 00:10:33,620
You know, there is predefined signatures, but along with that, it is having the.
154
00:10:35,670 --> 00:10:45,750
Behavior analysis, you can say, right, so it is sufficient, but you can even keep both the idea
155
00:10:45,750 --> 00:10:46,560
and antivirus.
156
00:10:46,560 --> 00:10:49,110
But it is sufficient for the organization.
157
00:10:50,040 --> 00:10:51,450
What is a firewall?
158
00:10:52,410 --> 00:10:57,780
A firewall is a network security system that monitors and controls incoming and outgoing network traffic
159
00:10:57,780 --> 00:11:00,330
based on the predefined security rules.
160
00:11:00,870 --> 00:11:06,810
It means there is a particular predefined rules and on those basis.
161
00:11:07,940 --> 00:11:15,980
It is taking the or you can directly saying you can directly say it filtering the traffic on the basis
162
00:11:15,980 --> 00:11:17,990
of predefined security rules.
163
00:11:19,800 --> 00:11:20,130
Now.
164
00:11:20,130 --> 00:11:23,670
What is the difference between IPS and firewall?
165
00:11:26,000 --> 00:11:31,160
So the main difference being that firewall performs actions such as blocking and filtering of traffic.
166
00:11:31,790 --> 00:11:39,920
And while an IPS detects an alert system engine or you can stop prevent the attacks as part of the configuration.
167
00:11:40,190 --> 00:11:49,160
So generally, if if the interviewer is, you know, he's expecting more answers from you so you can
168
00:11:49,160 --> 00:11:54,830
add here more things like a firewall generally captures the header IPS captures the.
169
00:11:55,650 --> 00:12:03,770
Bailer So Pharrell, what, what actually Pharrell captures in the header form they capture, you know,
170
00:12:04,740 --> 00:12:12,600
IP addresses, source IP, destination IP, port numbers, domain URL, these things they capture,
171
00:12:12,810 --> 00:12:22,080
whereas IP is capture IP check whether there is something known malware, something known suspicious
172
00:12:22,080 --> 00:12:23,930
thing is there in that payload or not.
173
00:12:23,940 --> 00:12:29,970
So on those bases, if there is something malicious, they will detect it and they will block it.
174
00:12:32,340 --> 00:12:36,510
Now question number 13, what is a security misconfiguration?
175
00:12:36,750 --> 00:12:42,390
So security misconfiguration is a vulnerability when a device or against the application network is
176
00:12:42,390 --> 00:12:47,210
configured in a way that can be exploited by an attacker to take advantage of it.
177
00:12:47,220 --> 00:12:50,820
So this can be as simple as leaving the default username password engine.
178
00:12:50,820 --> 00:12:52,410
So only this question.
179
00:12:52,830 --> 00:12:58,680
This is very less chances of asking this question by the interview, but they can ask this question.
180
00:12:58,680 --> 00:13:03,630
So you should remember that what actually the other security misconfiguration.
181
00:13:04,830 --> 00:13:04,950
Now.
182
00:13:04,950 --> 00:13:06,330
What is a black hat?
183
00:13:07,160 --> 00:13:08,620
White hat and grey hat.
184
00:13:09,320 --> 00:13:13,160
Now, let me complete this in a very beautiful manner.
185
00:13:13,940 --> 00:13:19,940
So Black Hat is nothing but a hacker who has no no authority.
186
00:13:19,940 --> 00:13:21,170
But he is hacking.
187
00:13:22,050 --> 00:13:22,500
Right.
188
00:13:22,740 --> 00:13:28,920
Whereas White Hatter is also known as the, you can say, ethical hacker who have the legal authority
189
00:13:29,010 --> 00:13:31,500
to perform the actions.
190
00:13:33,190 --> 00:13:38,620
And Grey Decker is just a combination of black and white head echo.
191
00:13:42,620 --> 00:13:42,950
Now.
192
00:13:42,950 --> 00:13:47,910
Question 15 How do you keep yourself updated with the information security news?
193
00:13:47,930 --> 00:13:54,020
So guys, this one is very important because definitely they are basically these two questions which
194
00:13:54,020 --> 00:13:54,800
I'm marking.
195
00:13:56,060 --> 00:14:00,950
These questions are two questions are very important because definitely they will ask you that how you
196
00:14:00,950 --> 00:14:02,150
keep yourself updated.
197
00:14:02,150 --> 00:14:06,140
So you can you can start reading the blogs such as trend micro blogs.
198
00:14:06,140 --> 00:14:11,960
I can use ZB hackers, you know, and apart from that, they can also also name some reason that I can
199
00:14:11,960 --> 00:14:12,920
explain in brief.
200
00:14:13,080 --> 00:14:13,410
Right.
201
00:14:13,460 --> 00:14:19,010
So if you are reading something, you are updating your self, then definitely you should be aware about
202
00:14:19,010 --> 00:14:21,620
the latest vulnerability, recent attack.
203
00:14:21,860 --> 00:14:27,890
So for example, as far as I'm making this video, so the recent attack is, you know, is spring for
204
00:14:28,130 --> 00:14:32,360
one liberty or and you can also include the law lock for the liberty.
205
00:14:33,170 --> 00:14:35,720
So these are the some recent attacks.
206
00:14:35,990 --> 00:14:38,820
You should focus on these two questions now.
207
00:14:38,870 --> 00:14:39,620
What is CIA?
208
00:14:39,620 --> 00:14:40,370
CIA is nothing.
209
00:14:40,370 --> 00:14:45,980
But, you know, our trade, you can say confidentiality, integrity, availability.
210
00:14:45,980 --> 00:14:47,630
Now, what is confidentiality?
211
00:14:47,630 --> 00:14:52,610
Keeping the information secret integrity is nothing but keeping the information unaltered.
212
00:14:52,610 --> 00:14:56,360
Unaltered means there will be there should be no modification.
213
00:14:57,650 --> 00:15:02,180
Availability information is available to the authorized parties at all times.
214
00:15:03,470 --> 00:15:08,360
Now hear ideas, verses and ideas and which one is better and why.
215
00:15:08,900 --> 00:15:10,280
So what is ideas?
216
00:15:10,280 --> 00:15:12,690
Is a host intrusion detection system and idea.
217
00:15:12,860 --> 00:15:15,980
See is network intrusion detection system.
218
00:15:17,490 --> 00:15:28,920
Now, the difference here is that maintaining the ideas is, you know, very tough because we will get
219
00:15:28,920 --> 00:15:36,060
a lot of traffic with that from ideas, whereas managing their needs is too easy.
220
00:15:36,770 --> 00:15:44,000
So as for the enterprise, an idea is preferred as ideas is difficult to manage.
221
00:15:44,810 --> 00:15:46,550
So this is what the basic difference.
222
00:15:46,550 --> 00:15:48,710
And you can read more things on Google here.
223
00:15:49,400 --> 00:15:50,630
What is what is scanning?
224
00:15:50,640 --> 00:15:53,060
What is scanning is the process of sending messages.
225
00:15:53,930 --> 00:15:55,940
In order to gather information gathered.
226
00:15:55,940 --> 00:15:59,390
Information means requirements for the requirements we use for scanning.
227
00:15:59,390 --> 00:16:08,300
Write about the network system and definitely which body actually is open so that they can they can
228
00:16:08,300 --> 00:16:11,900
think about entering from that port number in the organisation.
229
00:16:12,200 --> 00:16:14,240
So this is what the port is scanning.
230
00:16:15,590 --> 00:16:18,140
Now what is the difference between V and PD?
231
00:16:18,470 --> 00:16:21,320
There is some you can say the minor difference.
232
00:16:21,320 --> 00:16:25,820
So one assessment is an approach used to find flaws.
233
00:16:26,690 --> 00:16:28,280
In an application network.
234
00:16:29,240 --> 00:16:35,480
Whereas penetration testing is the practice of finding exploitable vulnerabilities like a real attacker
235
00:16:35,510 --> 00:16:36,080
do.
236
00:16:36,350 --> 00:16:43,040
So via is like traveling on the subway surface where Speedy is digging it for a gold.
237
00:16:44,520 --> 00:16:47,100
Now let's move to question number 21.
238
00:16:47,370 --> 00:16:50,040
And this is one of the important questions.
239
00:16:50,070 --> 00:16:53,500
Can you name some response codes from a Web application?
240
00:16:53,530 --> 00:16:54,360
Well, yes.
241
00:16:54,770 --> 00:16:59,280
See, you might have seen 201 200 code, right?
242
00:16:59,340 --> 00:17:03,420
301 302 error code 404.
243
00:17:03,450 --> 00:17:03,940
Right.
244
00:17:03,960 --> 00:17:04,980
So what exactly.
245
00:17:04,980 --> 00:17:05,730
Those things.
246
00:17:05,730 --> 00:17:06,020
Right.
247
00:17:06,030 --> 00:17:14,010
So if there is some something error is coming or something go astray as gdb code is starting from one
248
00:17:14,010 --> 00:17:18,750
and then accesses maybe 0110 whatever up to 199.
249
00:17:19,940 --> 00:17:26,660
Then it's information, responses and the code, which is starting from two.
250
00:17:26,690 --> 00:17:30,320
Then it means the success is starting from three.
251
00:17:30,350 --> 00:17:31,640
It means redirection.
252
00:17:32,800 --> 00:17:38,800
Starting from four blindside error and starting from fifth is server side error rate.
253
00:17:40,360 --> 00:17:42,640
Now, when do you use stress or stress?
254
00:17:42,810 --> 00:17:43,630
Now what exactly?
255
00:17:43,630 --> 00:17:46,330
That is why we are using it, actually.
256
00:17:46,570 --> 00:17:53,650
So let's say if you are not able to ping any destination, then here we can use a trace or trace route
257
00:17:53,650 --> 00:17:54,760
or you can say that trace.
258
00:17:55,480 --> 00:18:02,660
And this will definitely help us to identify where the connection is, stops or gets broken where.
259
00:18:02,680 --> 00:18:03,100
Right.
260
00:18:03,100 --> 00:18:10,450
So and it will also help us to know that whether it's a it's a firewall, whether it's ISP, whether
261
00:18:10,450 --> 00:18:12,030
it's a router, etc., etc..
262
00:18:12,790 --> 00:18:20,050
So with the help of this trace route or trace it, we will get to know where exactly the connection
263
00:18:20,050 --> 00:18:21,280
is breaking.
264
00:18:23,010 --> 00:18:31,740
Lidos and it's mitigation so severe, we know it's a distributed denial of service, right?
265
00:18:32,010 --> 00:18:36,870
So when a network goes, our application is flooded with a large number of requests, which is which
266
00:18:37,230 --> 00:18:42,220
which is not designed to handle making the server unavailable to legitimate requests.
267
00:18:42,220 --> 00:18:44,070
So let's, let's take an example.
268
00:18:44,070 --> 00:18:44,370
Let's.
269
00:18:46,640 --> 00:18:52,940
There is a web server and they it can only take 100 requests per minute.
270
00:18:53,010 --> 00:18:56,150
Right now, you are a hacker and you just.
271
00:18:56,660 --> 00:19:01,790
You are doing the DDoS attack and you are requesting 200 or let's say 101.
272
00:19:01,790 --> 00:19:02,200
Right.
273
00:19:02,690 --> 00:19:04,940
That's 101 request per minute.
274
00:19:05,030 --> 00:19:06,610
Then what will happen?
275
00:19:06,620 --> 00:19:15,280
The the server is not going to reply to the legitimate person who is asking for something.
276
00:19:15,290 --> 00:19:15,830
Right.
277
00:19:16,460 --> 00:19:26,480
So this is what the DDoS it means the flooding of the traffic far after you can say more than the bandwidth
278
00:19:26,480 --> 00:19:27,710
of the server.
279
00:19:29,020 --> 00:19:30,550
So this can be mitigated.
280
00:19:30,790 --> 00:19:33,550
This can be mitigated with the help of a scrubbing center.
281
00:19:33,550 --> 00:19:41,050
And scrubbing center is nothing but one of the center which generally block the traffic of the doors.
282
00:19:41,050 --> 00:19:49,750
And it only filters the legitimate it it passes through only legitimate traffic.
283
00:19:51,430 --> 00:19:52,180
What is RAF?
284
00:19:52,180 --> 00:19:59,140
RAF is nothing but a web application firewall, so it is used to protect the application by filtering
285
00:19:59,140 --> 00:20:01,410
legitimate traffic from malicious traffic.
286
00:20:01,420 --> 00:20:07,660
So if there is a lot of traffic coming, then it will only filter that legitimate traffic and malicious
287
00:20:07,660 --> 00:20:10,600
traffic it is going to filter out.
288
00:20:11,620 --> 00:20:15,250
There can be either a box type or cloud based.
289
00:20:15,490 --> 00:20:17,780
How do you handle antivirus alerts?
290
00:20:17,800 --> 00:20:24,250
This can be asked by the interview, so check the policy for the EVI and then alert.
291
00:20:24,280 --> 00:20:28,500
If the alert is for a legitimate file, then it can be whitelisted, right?
292
00:20:29,410 --> 00:20:35,470
And if it is malicious, then definitely we need to quarantine or we we are going to delete it.
293
00:20:35,470 --> 00:20:40,660
So the hash of the file can be checked for depredation on various websites like VirusTotal, malware,
294
00:20:40,840 --> 00:20:41,470
etc..
295
00:20:41,590 --> 00:20:45,390
So see, let's say if there is a file of BitTorrent, right?
296
00:20:45,430 --> 00:20:48,670
And definitely the hash value is going to generate for that.
297
00:20:48,670 --> 00:20:56,050
So you can directly check the hash, whether it's malicious or not, you can check for that file whether
298
00:20:56,050 --> 00:20:57,040
there is something or not.
299
00:20:57,040 --> 00:21:00,700
So if it is legitimate, legitimate, you can whitelist.
300
00:21:00,700 --> 00:21:03,820
If it is malicious, you can delete it.
301
00:21:05,390 --> 00:21:07,400
Blue teaming versus red teaming.
302
00:21:07,400 --> 00:21:11,540
So every teaming is an attacker and a blue teaming is defender.
303
00:21:11,780 --> 00:21:16,100
So being on the red team seems fun, but being in the blue team is difficult.
304
00:21:16,100 --> 00:21:20,390
As you need to understand the text and metrology, the red teams may flow.
305
00:21:21,350 --> 00:21:27,320
So as a blue team you have to defend all those attacks with the help of tools, with the help of your
306
00:21:27,320 --> 00:21:30,290
knowledge, with the help of your investigations.
307
00:21:31,400 --> 00:21:32,060
Next question.
308
00:21:32,060 --> 00:21:36,500
We have what is a false positive and false a negative in case of ideas?
309
00:21:36,500 --> 00:21:38,330
Which one is more acceptable?
310
00:21:39,980 --> 00:21:40,490
Right.
311
00:21:40,520 --> 00:21:45,140
So when the device generated an alert for an intrusion, that it has actually not happened.
312
00:21:45,470 --> 00:21:48,860
So what exactly the false word is positive is right.
313
00:21:48,950 --> 00:21:52,550
So let's say you have set one of the rules.
314
00:21:52,580 --> 00:21:53,180
Right.
315
00:21:53,510 --> 00:22:02,720
But let's say for brute force that there is a logic that there is ten failures for a minute.
316
00:22:02,750 --> 00:22:03,320
Right.
317
00:22:03,410 --> 00:22:10,250
But alert is generating generated four, five, five failures for a minute, then definitely it's a
318
00:22:10,250 --> 00:22:14,420
false positive because we didn't set up a rule for that.
319
00:22:14,420 --> 00:22:16,490
And it is a false positive.
320
00:22:16,520 --> 00:22:18,050
Now, what is that false?
321
00:22:18,050 --> 00:22:18,830
Negative.
322
00:22:19,790 --> 00:22:26,000
So now if the device has not generated any alert and then the intrusion has actually happened, then
323
00:22:26,000 --> 00:22:28,700
this is the case of false negative.
324
00:22:28,940 --> 00:22:31,640
Well, false positives are more acceptable.
325
00:22:31,640 --> 00:22:35,930
False negatives will led to intrusion happening without getting noticed.
326
00:22:36,650 --> 00:22:38,630
Now, let's see the last question.
327
00:22:38,630 --> 00:22:40,280
What is the data leakage?
328
00:22:40,280 --> 00:22:44,150
So data leakage or we simply call it DLP.
329
00:22:44,180 --> 00:22:45,860
How will you detect and prevent it?
330
00:22:45,890 --> 00:22:50,780
Well, organizations are using different types of DLP.
331
00:22:51,140 --> 00:22:55,760
Many companies are providing it, let's say McCafé, providing the DLP.
332
00:22:55,760 --> 00:22:57,710
So we can use the DLP software.
333
00:22:57,740 --> 00:22:58,220
Right.
334
00:22:58,940 --> 00:23:05,870
Just to check whether if if there is some person who is sending the confidential or sensitive data outside
335
00:23:05,870 --> 00:23:07,280
the organization or not.
336
00:23:07,520 --> 00:23:11,330
So it ensures that the data is not leaking.
337
00:23:11,750 --> 00:23:15,200
So that's it, guys, and we'll meet in the next video.
31948
Can't find what you're looking for?
Get subtitles in any language from opensubtitles.com, and translate them here.