Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated: 1 00:00:00,730 --> 00:00:01,690 Hello, everyone. 2 00:00:01,690 --> 00:00:04,960 So in this video, we are going to talk about fundamental questions. 3 00:00:04,960 --> 00:00:12,220 Part one, basically, we have divided this fundamental questions because there are 55 questions and 4 00:00:12,220 --> 00:00:14,590 we have divided it in two parts. 5 00:00:15,010 --> 00:00:20,140 So let me start with what is an IPO and how does it differ from ideas? 6 00:00:20,350 --> 00:00:23,590 Basically, this question always asked by the interviewer. 7 00:00:23,770 --> 00:00:25,990 So let's see what exactly the IPS IP is. 8 00:00:25,990 --> 00:00:31,330 Is nothing but intrusion prevention system and ideas is intrusion detection system. 9 00:00:31,330 --> 00:00:34,300 Now what is the difference between the both of them? 10 00:00:34,300 --> 00:00:39,760 Definitely both are the part of the network infrastructure, but how it differs. 11 00:00:39,760 --> 00:00:42,280 So ideas, let's talk about the ideas. 12 00:00:42,280 --> 00:00:50,060 So it is generally used for the detection of any you can see detection of traffic, right? 13 00:00:50,200 --> 00:00:56,110 So whatever the traffic is flowing in your environment, it is coming to ideas. 14 00:00:56,260 --> 00:01:01,450 So once it will detect something, it will send to the administrator and whatever that misses have to 15 00:01:01,450 --> 00:01:05,740 do, they will do an intrusion prevention system. 16 00:01:06,550 --> 00:01:14,560 We can say that there is a, you know, particular signature on which if there is something suspicious 17 00:01:14,560 --> 00:01:21,400 found in the traffic related to that signature, then Ipfs is going to block that. 18 00:01:21,400 --> 00:01:27,100 So this is the basic difference between these tools apart from that. 19 00:01:28,300 --> 00:01:34,810 The main difference if we talk about so ideas is one of the monitoring system or and while IPC is a 20 00:01:34,840 --> 00:01:35,980 control system. 21 00:01:36,130 --> 00:01:40,240 So apart from that, you can just read out more information here. 22 00:01:41,290 --> 00:01:45,530 Now, second question, which is one of the important, which is generally asked by the interviewer. 23 00:01:45,550 --> 00:01:47,750 Explain risk, vulnerability and threat. 24 00:01:47,770 --> 00:01:52,330 So here is a very easy way to learn this. 25 00:01:52,360 --> 00:01:53,810 Risk, vulnerability and threat. 26 00:01:53,830 --> 00:01:54,910 So let's say threat. 27 00:01:54,910 --> 00:01:57,230 Threat is nothing but, you know, attack. 28 00:01:57,340 --> 00:01:59,590 Or you can say a bad actor. 29 00:01:59,770 --> 00:02:01,330 So this is what a threat. 30 00:02:02,140 --> 00:02:03,220 So usually threat. 31 00:02:03,220 --> 00:02:04,000 Exploit a one. 32 00:02:04,270 --> 00:02:04,930 One liberty. 33 00:02:05,080 --> 00:02:07,540 One liberty means the weakness, weakness, whatever. 34 00:02:07,540 --> 00:02:11,380 The weakness of the organization through which a threat can enter. 35 00:02:12,310 --> 00:02:16,810 So a threat exploits of one liberty and can damage or destroy an asset. 36 00:02:17,050 --> 00:02:20,920 Vulnerability refers to a weakness in your hardware, software or procedures. 37 00:02:21,160 --> 00:02:24,730 And this refers to the potential for loss or damage or destroyed assets. 38 00:02:24,730 --> 00:02:27,490 So threat is nothing but a bad actor. 39 00:02:27,510 --> 00:02:33,670 Vulnerability is the weakness and risk is referred to the whatever the loss already has been occurred 40 00:02:33,670 --> 00:02:37,150 in your organization or whatever the damage. 41 00:02:37,270 --> 00:02:41,890 So this is the basically the difference between risk, vulnerability and threat. 42 00:02:42,360 --> 00:02:48,790 Moving to this part, what is the difference between asymmetry and symmetric encryption and which one 43 00:02:48,790 --> 00:02:49,540 is better? 44 00:02:49,930 --> 00:02:54,460 So definitely we'll talk about some asymmetric encryption. 45 00:02:54,460 --> 00:02:59,470 So symmetric and give should generally use the same key for both encryption and decryption. 46 00:02:59,470 --> 00:03:02,540 So let's say if there is some private and public. 47 00:03:02,770 --> 00:03:04,420 Both are generally same, right? 48 00:03:04,420 --> 00:03:11,950 So they will use for the encryption same key, public key and for the decryption they are going to use 49 00:03:12,340 --> 00:03:13,420 again public key. 50 00:03:14,590 --> 00:03:18,580 Whereas in asymmetric we have two keys, private and public key. 51 00:03:19,400 --> 00:03:26,120 Now here, with the help of public key, we are going to encrypt the data, whereas with the help of 52 00:03:26,120 --> 00:03:28,880 private key, we are going to decrypt it. 53 00:03:29,280 --> 00:03:29,750 Right. 54 00:03:29,750 --> 00:03:36,410 So usually what happens in asymmetric encryption, it takes much time because we have to encrypt, then 55 00:03:36,410 --> 00:03:38,570 we have to decrypt it as well if we have to send it. 56 00:03:38,570 --> 00:03:38,920 Right. 57 00:03:38,930 --> 00:03:45,530 So it is taking much time then submitting encryption and that's why the symmetric encryption is faster, 58 00:03:45,560 --> 00:03:53,090 whereas the asymmetric encryption is slow, but asymmetric encryption is much more secure than the symmetric 59 00:03:53,090 --> 00:03:53,810 encryption. 60 00:03:53,810 --> 00:03:59,840 That's why asymmetric I'm talking about this answer, which one is better? 61 00:03:59,840 --> 00:04:03,410 So that's why asymmetric encryption is much better. 62 00:04:04,790 --> 00:04:06,140 Now what is excesses? 63 00:04:06,140 --> 00:04:12,200 How will you mitigated excesses when I hope you have done some bug bounty or something? 64 00:04:13,400 --> 00:04:16,210 And you might have heard this exercise, right? 65 00:04:16,700 --> 00:04:23,390 And if you are fresher, then definitely I would suggest to you again that you can just go on Udemy. 66 00:04:23,390 --> 00:04:30,590 There will be a course of cyber community bug bounty or offensive hunting codes, so you can take that 67 00:04:30,590 --> 00:04:30,860 course. 68 00:04:30,860 --> 00:04:37,460 That is a very minimum price maybe, I guess 360 you can directly contact me on cyber community and 69 00:04:37,460 --> 00:04:39,590 we'll give you a link of 30 ₹60. 70 00:04:40,220 --> 00:04:41,510 Now what is access to? 71 00:04:41,510 --> 00:04:47,090 Access is in ultimate cross-site scripting in which we generally we use JavaScript only within web application. 72 00:04:47,090 --> 00:04:52,320 So the easiest way to explain this is a case when a user interface script in the client side. 73 00:04:52,340 --> 00:04:53,690 Now here one. 74 00:04:53,690 --> 00:05:01,670 One main thing to remember is that the interviewer can ask that what exactly the access attack is. 75 00:05:01,670 --> 00:05:07,340 So you can tell them that accesses is a client side attack, right? 76 00:05:07,880 --> 00:05:11,630 Exercise is a client side attack right now. 77 00:05:11,630 --> 00:05:19,190 What we can do to mitigate this, generally what we can do, we can input the validation, we can use 78 00:05:19,670 --> 00:05:22,970 it, we can implement a CSP that is content security policy. 79 00:05:22,970 --> 00:05:25,760 We can sanitize the input. 80 00:05:25,760 --> 00:05:29,480 These, these three things we can do as a mitigation part. 81 00:05:31,050 --> 00:05:33,480 What is the difference between encryption and hashing? 82 00:05:33,480 --> 00:05:40,020 So generally encryption is a two way, two way and we can say reversible hashing is non reversible. 83 00:05:40,020 --> 00:05:47,250 Why I'm saying this because you know, once there is a data, we are we are encrypting it right and 84 00:05:47,250 --> 00:05:48,420 then we are decrypting it. 85 00:05:48,420 --> 00:05:49,980 That's why it's reversible. 86 00:05:49,980 --> 00:05:57,450 Whereas hashing is not because once the hash, you know, once the any file we got the hash value for 87 00:05:57,480 --> 00:05:59,730 that, it is not going to reverse that. 88 00:05:59,730 --> 00:06:03,360 It is not going to to reverse all data of that file. 89 00:06:03,390 --> 00:06:03,880 Right. 90 00:06:04,170 --> 00:06:10,770 So but hashing can be correct using rainbow tables and collision tags and encryption. 91 00:06:10,770 --> 00:06:16,620 What encryption ensures it ensures confidentiality, whereas hashing ensures integrity. 92 00:06:16,620 --> 00:06:19,940 Integrity means there is no modification of sorry. 93 00:06:20,010 --> 00:06:21,210 There is no modification. 94 00:06:21,330 --> 00:06:22,980 Modification of data. 95 00:06:24,100 --> 00:06:25,770 Now what is creative? 96 00:06:26,220 --> 00:06:30,930 I have also discussed CSR of In Bug Bounty, so you can go through that course as well. 97 00:06:31,200 --> 00:06:36,510 Now cross-site scripting a request rate of OCD is a web application in which the server does not check 98 00:06:36,510 --> 00:06:39,250 whether request came from a trusted client or not. 99 00:06:39,270 --> 00:06:40,860 So let me give you an example. 100 00:06:40,890 --> 00:06:41,620 Right, right. 101 00:06:41,640 --> 00:06:42,510 So. 102 00:06:43,580 --> 00:06:46,280 Let's say there is a web application, right? 103 00:06:46,400 --> 00:06:48,320 And you are one of the user. 104 00:06:48,710 --> 00:06:50,450 I'm another user. 105 00:06:51,350 --> 00:06:56,330 So what I will do, I'm changing something on my account on that web application. 106 00:06:57,050 --> 00:06:59,330 I'm changing in my profile section. 107 00:06:59,330 --> 00:07:01,600 Now, with the help of brute force. 108 00:07:01,610 --> 00:07:06,470 I have taken all those things and I'm sending one of the HTML file and you are directly clicking on 109 00:07:06,470 --> 00:07:06,950 that. 110 00:07:07,430 --> 00:07:13,220 So all changes, whatever I have done in my account that is also reflecting in in your account. 111 00:07:13,280 --> 00:07:13,670 Right. 112 00:07:13,670 --> 00:07:16,340 So this is what I see as RDF. 113 00:07:16,340 --> 00:07:24,050 And actually the server is not knowing that from where exactly it is coming. 114 00:07:24,050 --> 00:07:28,160 So it is thinking that you are the person who is doing it. 115 00:07:28,160 --> 00:07:35,990 So that's why from my point of view, CSV is a server side attack but some somewhere it is also written 116 00:07:35,990 --> 00:07:42,860 as a client side attack because generally it is happened due to the mistake of client or we can say 117 00:07:42,890 --> 00:07:43,580 a victim. 118 00:07:44,980 --> 00:07:49,450 Now the difference between Texas and Seattle is we have discussed both of them. 119 00:07:49,450 --> 00:07:56,200 I hope you understand exercise is much more dangerous than CSR because it's a client side attack. 120 00:07:56,200 --> 00:07:56,800 Right? 121 00:07:57,340 --> 00:08:04,750 And it can steal your credentials, password or whatever, the very important data you can say. 122 00:08:05,770 --> 00:08:07,570 So this is what the difference. 123 00:08:07,570 --> 00:08:15,700 And you can read more things with the help of this video file now is the access client said okay we 124 00:08:15,700 --> 00:08:20,800 have already discussed this one now what is IOC so indicator of compromise? 125 00:08:21,250 --> 00:08:29,650 So let's say you have seen hash value IP domain you are a user is and now if these are malicious these 126 00:08:29,650 --> 00:08:36,130 are suspicious then it means these are the indicators of showing something is malicious, something 127 00:08:36,130 --> 00:08:37,620 is suspicious. 128 00:08:37,630 --> 00:08:44,920 So that's why we call it indicator of compromise, just for generally to know all those things. 129 00:08:44,920 --> 00:08:51,790 We we see that whether the IP is malicious or not, whether the domain you are l user isn't or you can 130 00:08:51,790 --> 00:08:53,770 say the hash values malicious or not. 131 00:08:55,220 --> 00:08:55,660 Okay. 132 00:08:55,690 --> 00:08:57,790 Now antivirus versus idea. 133 00:08:57,790 --> 00:08:59,740 This is one of the important question. 134 00:09:00,340 --> 00:09:07,840 Believe me, guys, I have given a lot of interviews and I have take the feedback from my seniors, 135 00:09:07,840 --> 00:09:14,260 my juniors and everybody tell that they always ask this question antivirus versus EDR. 136 00:09:14,290 --> 00:09:19,390 Maybe they will ask you about firewall versus antivirus versus EDR. 137 00:09:19,870 --> 00:09:27,070 So you can also go through my YouTube channel and you will also get the whole video of that. 138 00:09:28,150 --> 00:09:33,040 Now, area is all definitely we know it's an endpoint detection response. 139 00:09:33,040 --> 00:09:33,480 Right? 140 00:09:34,360 --> 00:09:38,540 And it works on real time monitoring and detection of threats. 141 00:09:38,560 --> 00:09:41,530 So it's a behavior based, right? 142 00:09:41,860 --> 00:09:43,600 It is behavior based. 143 00:09:43,600 --> 00:09:48,850 Whereas antivirus is your signature based means there is some predefined signatures. 144 00:09:48,850 --> 00:09:54,970 And on those basis, antivirus is detecting the suspicious traffic. 145 00:09:54,970 --> 00:09:56,590 Or you can see the malware. 146 00:09:57,430 --> 00:10:05,230 Whereas EDR is the real time monitoring, it's a behaviour based so there is inbuilt sandbox and they 147 00:10:05,230 --> 00:10:11,080 are going to analyze each and everything that what actually the pattern analysis that what actually 148 00:10:11,080 --> 00:10:12,700 the pattern is happening. 149 00:10:13,790 --> 00:10:18,710 So that's what basic difference between ADR and antivirus. 150 00:10:19,580 --> 00:10:21,220 Now, here is one question. 151 00:10:21,230 --> 00:10:22,520 Do I need both? 152 00:10:23,120 --> 00:10:27,140 Well, our area is also having the signature. 153 00:10:27,140 --> 00:10:33,620 You know, there is predefined signatures, but along with that, it is having the. 154 00:10:35,670 --> 00:10:45,750 Behavior analysis, you can say, right, so it is sufficient, but you can even keep both the idea 155 00:10:45,750 --> 00:10:46,560 and antivirus. 156 00:10:46,560 --> 00:10:49,110 But it is sufficient for the organization. 157 00:10:50,040 --> 00:10:51,450 What is a firewall? 158 00:10:52,410 --> 00:10:57,780 A firewall is a network security system that monitors and controls incoming and outgoing network traffic 159 00:10:57,780 --> 00:11:00,330 based on the predefined security rules. 160 00:11:00,870 --> 00:11:06,810 It means there is a particular predefined rules and on those basis. 161 00:11:07,940 --> 00:11:15,980 It is taking the or you can directly saying you can directly say it filtering the traffic on the basis 162 00:11:15,980 --> 00:11:17,990 of predefined security rules. 163 00:11:19,800 --> 00:11:20,130 Now. 164 00:11:20,130 --> 00:11:23,670 What is the difference between IPS and firewall? 165 00:11:26,000 --> 00:11:31,160 So the main difference being that firewall performs actions such as blocking and filtering of traffic. 166 00:11:31,790 --> 00:11:39,920 And while an IPS detects an alert system engine or you can stop prevent the attacks as part of the configuration. 167 00:11:40,190 --> 00:11:49,160 So generally, if if the interviewer is, you know, he's expecting more answers from you so you can 168 00:11:49,160 --> 00:11:54,830 add here more things like a firewall generally captures the header IPS captures the. 169 00:11:55,650 --> 00:12:03,770 Bailer So Pharrell, what, what actually Pharrell captures in the header form they capture, you know, 170 00:12:04,740 --> 00:12:12,600 IP addresses, source IP, destination IP, port numbers, domain URL, these things they capture, 171 00:12:12,810 --> 00:12:22,080 whereas IP is capture IP check whether there is something known malware, something known suspicious 172 00:12:22,080 --> 00:12:23,930 thing is there in that payload or not. 173 00:12:23,940 --> 00:12:29,970 So on those bases, if there is something malicious, they will detect it and they will block it. 174 00:12:32,340 --> 00:12:36,510 Now question number 13, what is a security misconfiguration? 175 00:12:36,750 --> 00:12:42,390 So security misconfiguration is a vulnerability when a device or against the application network is 176 00:12:42,390 --> 00:12:47,210 configured in a way that can be exploited by an attacker to take advantage of it. 177 00:12:47,220 --> 00:12:50,820 So this can be as simple as leaving the default username password engine. 178 00:12:50,820 --> 00:12:52,410 So only this question. 179 00:12:52,830 --> 00:12:58,680 This is very less chances of asking this question by the interview, but they can ask this question. 180 00:12:58,680 --> 00:13:03,630 So you should remember that what actually the other security misconfiguration. 181 00:13:04,830 --> 00:13:04,950 Now. 182 00:13:04,950 --> 00:13:06,330 What is a black hat? 183 00:13:07,160 --> 00:13:08,620 White hat and grey hat. 184 00:13:09,320 --> 00:13:13,160 Now, let me complete this in a very beautiful manner. 185 00:13:13,940 --> 00:13:19,940 So Black Hat is nothing but a hacker who has no no authority. 186 00:13:19,940 --> 00:13:21,170 But he is hacking. 187 00:13:22,050 --> 00:13:22,500 Right. 188 00:13:22,740 --> 00:13:28,920 Whereas White Hatter is also known as the, you can say, ethical hacker who have the legal authority 189 00:13:29,010 --> 00:13:31,500 to perform the actions. 190 00:13:33,190 --> 00:13:38,620 And Grey Decker is just a combination of black and white head echo. 191 00:13:42,620 --> 00:13:42,950 Now. 192 00:13:42,950 --> 00:13:47,910 Question 15 How do you keep yourself updated with the information security news? 193 00:13:47,930 --> 00:13:54,020 So guys, this one is very important because definitely they are basically these two questions which 194 00:13:54,020 --> 00:13:54,800 I'm marking. 195 00:13:56,060 --> 00:14:00,950 These questions are two questions are very important because definitely they will ask you that how you 196 00:14:00,950 --> 00:14:02,150 keep yourself updated. 197 00:14:02,150 --> 00:14:06,140 So you can you can start reading the blogs such as trend micro blogs. 198 00:14:06,140 --> 00:14:11,960 I can use ZB hackers, you know, and apart from that, they can also also name some reason that I can 199 00:14:11,960 --> 00:14:12,920 explain in brief. 200 00:14:13,080 --> 00:14:13,410 Right. 201 00:14:13,460 --> 00:14:19,010 So if you are reading something, you are updating your self, then definitely you should be aware about 202 00:14:19,010 --> 00:14:21,620 the latest vulnerability, recent attack. 203 00:14:21,860 --> 00:14:27,890 So for example, as far as I'm making this video, so the recent attack is, you know, is spring for 204 00:14:28,130 --> 00:14:32,360 one liberty or and you can also include the law lock for the liberty. 205 00:14:33,170 --> 00:14:35,720 So these are the some recent attacks. 206 00:14:35,990 --> 00:14:38,820 You should focus on these two questions now. 207 00:14:38,870 --> 00:14:39,620 What is CIA? 208 00:14:39,620 --> 00:14:40,370 CIA is nothing. 209 00:14:40,370 --> 00:14:45,980 But, you know, our trade, you can say confidentiality, integrity, availability. 210 00:14:45,980 --> 00:14:47,630 Now, what is confidentiality? 211 00:14:47,630 --> 00:14:52,610 Keeping the information secret integrity is nothing but keeping the information unaltered. 212 00:14:52,610 --> 00:14:56,360 Unaltered means there will be there should be no modification. 213 00:14:57,650 --> 00:15:02,180 Availability information is available to the authorized parties at all times. 214 00:15:03,470 --> 00:15:08,360 Now hear ideas, verses and ideas and which one is better and why. 215 00:15:08,900 --> 00:15:10,280 So what is ideas? 216 00:15:10,280 --> 00:15:12,690 Is a host intrusion detection system and idea. 217 00:15:12,860 --> 00:15:15,980 See is network intrusion detection system. 218 00:15:17,490 --> 00:15:28,920 Now, the difference here is that maintaining the ideas is, you know, very tough because we will get 219 00:15:28,920 --> 00:15:36,060 a lot of traffic with that from ideas, whereas managing their needs is too easy. 220 00:15:36,770 --> 00:15:44,000 So as for the enterprise, an idea is preferred as ideas is difficult to manage. 221 00:15:44,810 --> 00:15:46,550 So this is what the basic difference. 222 00:15:46,550 --> 00:15:48,710 And you can read more things on Google here. 223 00:15:49,400 --> 00:15:50,630 What is what is scanning? 224 00:15:50,640 --> 00:15:53,060 What is scanning is the process of sending messages. 225 00:15:53,930 --> 00:15:55,940 In order to gather information gathered. 226 00:15:55,940 --> 00:15:59,390 Information means requirements for the requirements we use for scanning. 227 00:15:59,390 --> 00:16:08,300 Write about the network system and definitely which body actually is open so that they can they can 228 00:16:08,300 --> 00:16:11,900 think about entering from that port number in the organisation. 229 00:16:12,200 --> 00:16:14,240 So this is what the port is scanning. 230 00:16:15,590 --> 00:16:18,140 Now what is the difference between V and PD? 231 00:16:18,470 --> 00:16:21,320 There is some you can say the minor difference. 232 00:16:21,320 --> 00:16:25,820 So one assessment is an approach used to find flaws. 233 00:16:26,690 --> 00:16:28,280 In an application network. 234 00:16:29,240 --> 00:16:35,480 Whereas penetration testing is the practice of finding exploitable vulnerabilities like a real attacker 235 00:16:35,510 --> 00:16:36,080 do. 236 00:16:36,350 --> 00:16:43,040 So via is like traveling on the subway surface where Speedy is digging it for a gold. 237 00:16:44,520 --> 00:16:47,100 Now let's move to question number 21. 238 00:16:47,370 --> 00:16:50,040 And this is one of the important questions. 239 00:16:50,070 --> 00:16:53,500 Can you name some response codes from a Web application? 240 00:16:53,530 --> 00:16:54,360 Well, yes. 241 00:16:54,770 --> 00:16:59,280 See, you might have seen 201 200 code, right? 242 00:16:59,340 --> 00:17:03,420 301 302 error code 404. 243 00:17:03,450 --> 00:17:03,940 Right. 244 00:17:03,960 --> 00:17:04,980 So what exactly. 245 00:17:04,980 --> 00:17:05,730 Those things. 246 00:17:05,730 --> 00:17:06,020 Right. 247 00:17:06,030 --> 00:17:14,010 So if there is some something error is coming or something go astray as gdb code is starting from one 248 00:17:14,010 --> 00:17:18,750 and then accesses maybe 0110 whatever up to 199. 249 00:17:19,940 --> 00:17:26,660 Then it's information, responses and the code, which is starting from two. 250 00:17:26,690 --> 00:17:30,320 Then it means the success is starting from three. 251 00:17:30,350 --> 00:17:31,640 It means redirection. 252 00:17:32,800 --> 00:17:38,800 Starting from four blindside error and starting from fifth is server side error rate. 253 00:17:40,360 --> 00:17:42,640 Now, when do you use stress or stress? 254 00:17:42,810 --> 00:17:43,630 Now what exactly? 255 00:17:43,630 --> 00:17:46,330 That is why we are using it, actually. 256 00:17:46,570 --> 00:17:53,650 So let's say if you are not able to ping any destination, then here we can use a trace or trace route 257 00:17:53,650 --> 00:17:54,760 or you can say that trace. 258 00:17:55,480 --> 00:18:02,660 And this will definitely help us to identify where the connection is, stops or gets broken where. 259 00:18:02,680 --> 00:18:03,100 Right. 260 00:18:03,100 --> 00:18:10,450 So and it will also help us to know that whether it's a it's a firewall, whether it's ISP, whether 261 00:18:10,450 --> 00:18:12,030 it's a router, etc., etc.. 262 00:18:12,790 --> 00:18:20,050 So with the help of this trace route or trace it, we will get to know where exactly the connection 263 00:18:20,050 --> 00:18:21,280 is breaking. 264 00:18:23,010 --> 00:18:31,740 Lidos and it's mitigation so severe, we know it's a distributed denial of service, right? 265 00:18:32,010 --> 00:18:36,870 So when a network goes, our application is flooded with a large number of requests, which is which 266 00:18:37,230 --> 00:18:42,220 which is not designed to handle making the server unavailable to legitimate requests. 267 00:18:42,220 --> 00:18:44,070 So let's, let's take an example. 268 00:18:44,070 --> 00:18:44,370 Let's. 269 00:18:46,640 --> 00:18:52,940 There is a web server and they it can only take 100 requests per minute. 270 00:18:53,010 --> 00:18:56,150 Right now, you are a hacker and you just. 271 00:18:56,660 --> 00:19:01,790 You are doing the DDoS attack and you are requesting 200 or let's say 101. 272 00:19:01,790 --> 00:19:02,200 Right. 273 00:19:02,690 --> 00:19:04,940 That's 101 request per minute. 274 00:19:05,030 --> 00:19:06,610 Then what will happen? 275 00:19:06,620 --> 00:19:15,280 The the server is not going to reply to the legitimate person who is asking for something. 276 00:19:15,290 --> 00:19:15,830 Right. 277 00:19:16,460 --> 00:19:26,480 So this is what the DDoS it means the flooding of the traffic far after you can say more than the bandwidth 278 00:19:26,480 --> 00:19:27,710 of the server. 279 00:19:29,020 --> 00:19:30,550 So this can be mitigated. 280 00:19:30,790 --> 00:19:33,550 This can be mitigated with the help of a scrubbing center. 281 00:19:33,550 --> 00:19:41,050 And scrubbing center is nothing but one of the center which generally block the traffic of the doors. 282 00:19:41,050 --> 00:19:49,750 And it only filters the legitimate it it passes through only legitimate traffic. 283 00:19:51,430 --> 00:19:52,180 What is RAF? 284 00:19:52,180 --> 00:19:59,140 RAF is nothing but a web application firewall, so it is used to protect the application by filtering 285 00:19:59,140 --> 00:20:01,410 legitimate traffic from malicious traffic. 286 00:20:01,420 --> 00:20:07,660 So if there is a lot of traffic coming, then it will only filter that legitimate traffic and malicious 287 00:20:07,660 --> 00:20:10,600 traffic it is going to filter out. 288 00:20:11,620 --> 00:20:15,250 There can be either a box type or cloud based. 289 00:20:15,490 --> 00:20:17,780 How do you handle antivirus alerts? 290 00:20:17,800 --> 00:20:24,250 This can be asked by the interview, so check the policy for the EVI and then alert. 291 00:20:24,280 --> 00:20:28,500 If the alert is for a legitimate file, then it can be whitelisted, right? 292 00:20:29,410 --> 00:20:35,470 And if it is malicious, then definitely we need to quarantine or we we are going to delete it. 293 00:20:35,470 --> 00:20:40,660 So the hash of the file can be checked for depredation on various websites like VirusTotal, malware, 294 00:20:40,840 --> 00:20:41,470 etc.. 295 00:20:41,590 --> 00:20:45,390 So see, let's say if there is a file of BitTorrent, right? 296 00:20:45,430 --> 00:20:48,670 And definitely the hash value is going to generate for that. 297 00:20:48,670 --> 00:20:56,050 So you can directly check the hash, whether it's malicious or not, you can check for that file whether 298 00:20:56,050 --> 00:20:57,040 there is something or not. 299 00:20:57,040 --> 00:21:00,700 So if it is legitimate, legitimate, you can whitelist. 300 00:21:00,700 --> 00:21:03,820 If it is malicious, you can delete it. 301 00:21:05,390 --> 00:21:07,400 Blue teaming versus red teaming. 302 00:21:07,400 --> 00:21:11,540 So every teaming is an attacker and a blue teaming is defender. 303 00:21:11,780 --> 00:21:16,100 So being on the red team seems fun, but being in the blue team is difficult. 304 00:21:16,100 --> 00:21:20,390 As you need to understand the text and metrology, the red teams may flow. 305 00:21:21,350 --> 00:21:27,320 So as a blue team you have to defend all those attacks with the help of tools, with the help of your 306 00:21:27,320 --> 00:21:30,290 knowledge, with the help of your investigations. 307 00:21:31,400 --> 00:21:32,060 Next question. 308 00:21:32,060 --> 00:21:36,500 We have what is a false positive and false a negative in case of ideas? 309 00:21:36,500 --> 00:21:38,330 Which one is more acceptable? 310 00:21:39,980 --> 00:21:40,490 Right. 311 00:21:40,520 --> 00:21:45,140 So when the device generated an alert for an intrusion, that it has actually not happened. 312 00:21:45,470 --> 00:21:48,860 So what exactly the false word is positive is right. 313 00:21:48,950 --> 00:21:52,550 So let's say you have set one of the rules. 314 00:21:52,580 --> 00:21:53,180 Right. 315 00:21:53,510 --> 00:22:02,720 But let's say for brute force that there is a logic that there is ten failures for a minute. 316 00:22:02,750 --> 00:22:03,320 Right. 317 00:22:03,410 --> 00:22:10,250 But alert is generating generated four, five, five failures for a minute, then definitely it's a 318 00:22:10,250 --> 00:22:14,420 false positive because we didn't set up a rule for that. 319 00:22:14,420 --> 00:22:16,490 And it is a false positive. 320 00:22:16,520 --> 00:22:18,050 Now, what is that false? 321 00:22:18,050 --> 00:22:18,830 Negative. 322 00:22:19,790 --> 00:22:26,000 So now if the device has not generated any alert and then the intrusion has actually happened, then 323 00:22:26,000 --> 00:22:28,700 this is the case of false negative. 324 00:22:28,940 --> 00:22:31,640 Well, false positives are more acceptable. 325 00:22:31,640 --> 00:22:35,930 False negatives will led to intrusion happening without getting noticed. 326 00:22:36,650 --> 00:22:38,630 Now, let's see the last question. 327 00:22:38,630 --> 00:22:40,280 What is the data leakage? 328 00:22:40,280 --> 00:22:44,150 So data leakage or we simply call it DLP. 329 00:22:44,180 --> 00:22:45,860 How will you detect and prevent it? 330 00:22:45,890 --> 00:22:50,780 Well, organizations are using different types of DLP. 331 00:22:51,140 --> 00:22:55,760 Many companies are providing it, let's say McCafé, providing the DLP. 332 00:22:55,760 --> 00:22:57,710 So we can use the DLP software. 333 00:22:57,740 --> 00:22:58,220 Right. 334 00:22:58,940 --> 00:23:05,870 Just to check whether if if there is some person who is sending the confidential or sensitive data outside 335 00:23:05,870 --> 00:23:07,280 the organization or not. 336 00:23:07,520 --> 00:23:11,330 So it ensures that the data is not leaking. 337 00:23:11,750 --> 00:23:15,200 So that's it, guys, and we'll meet in the next video. 31948