What are proxy chains?

Proxychains is a tool that forces any TCP connection made by any given operation to go through delegates like Escarpment or any other SOCKS4, SOCKS5 or HTTP delegates. It’s an open-source design for GNU/ Linux systems. Basically, you can use ProxyChains to run any program through a deputy garçon. This will allow you to pierce the Internet from behind a restrictive firewall, hide your IP address, run operations like SSH/ telnet/ wget/ FTP and Nmap through deputy waiters, and indeed pierce your original Intranet from outdoors through an external deputy. Proxychains indeed allow you to use multiple delegates at formerly by “ chaining ” the delegates together and to use programs with no erected-in deputy support through a deputy.

Installation on Kali Linux

Step 1.

Step 2.

Step 3. Go to Google and search for free proxy lists

Step 4. Uncomment the lines from below image

Step 5. Go to last lines and paste the proxies that you copied

Now you are all set.

Now just type: `proxychains firefox` browser will open with built-in proxies and now you are Anonymous

What is Dos/DDos?

DOS stands for Denial of Service and DDos stands for Distributed Denial of Service. It’s an attack that makes the website unreachable or unavailable by sending lots of traffic at once that the website can’t handle and responds SERVER ERROR 500.

Difference Between Dos and DDos?

In the Dos attack as shown in the above image a single computer attacks on the server but in the DDos attack a lot of computers send a large number of packets to the server at a single time.

Type of DOS/DDoS attacks

There are several types of DDoS attacks, each using different methods to flood the target. Some common types include:

• TCP/UDP Flood: This type of attack floods the attack large number of TCP or UDP packets, increasing the target’s network resources.
• HTTP Flood: This type of attack floods the target’s web server with a large number of HTTP requests, increasing the server’s resources until it crashes or returns Server error 500

Botnets

Botnets are often used to perform a good DDoS attack. Actually, botnets are the slaves or infected computers by an attacker that follows are command of the attacker and request websites to perform DDoS attacks. Botnets can be any personal computers or cloud-based computers

Prevention

• Using firewalls — While firewalls won’t protect your app or server from complex DDoS attacks, they can still effectively handle simple ones.
• Installing the latest security patches — Most attacks target specific software or hardware vulnerabilities, so deploying all patches on time can help you lessen the risk of attack.
• Disabling unused services — The fewer applications and services hackers can possibly attack the better. Make sure to disable all unneeded and unused services and applications to improve the security of your network.

Introduction :-

Authentication and authorization, although often confused, serve distinct purposes. Authentication verifies the identity of a user, whereas authorization determines the user’s level of access.

Types of broken access control :-

1. Vertical Access Control
2. Horizontal Access Control
3. Context-Dependent Access Control

1. Vertical Access Control :-

Vertical access control mechanisms limit access to critical functions based on user types.

In vertical access control, varying user types are granted access to specific application functions. For instance, an administrator may have permissions to modify or delete any user account, whereas a standard user does not possess such capabilities.

The diagram illustrates that admin users can access resources and functions requiring administrative privileges, while regular users can only access resources and functions designed for user-level privileges. Users are restricted from accessing resources and functions that demand admin privileges due to vertical access control.

2. Horizontal Access Control

Horizontal access control mechanisms limit access to resources to users who are explicitly authorized to access those resources.

In horizontal access control, different users are granted access to a specific subset of resources of the same type. For instance, within a banking application, a user can view transactions and make payments from their own accounts but cannot access accounts belonging to other users.

The diagram illustrates that each user can access their own designated resources and perform related actions. However, users cannot access resources or perform actions associated with other users, even if they have the same privilege level as regular users. This exemplifies horizontal access control.

3. Context-Dependent Access Control

Context-dependent access control mechanisms limit access to functionality and resources based on the state of the application or the user’s interactions with it. These controls prevent users from performing actions in an incorrect sequence.

Access Control Security Models

Role-Based Access Control (RBAC) :-

Role-Based Access Control (RBAC) relies on individuals’ roles and responsibilities within an organization or user base to make access decisions. Defining roles typically involves analyzing the organization’s goals and structure, and is closely tied to the security policy.

For example, in a medical setting, user roles might include doctors, nurses, attendants, and patients. Each role requires different levels of access to perform specific functions, with web transactions and permitted contexts varying based on security policies and relevant regulations.

RBAC is most effective when there is an appropriate number of roles to implement access controls effectively, without making the model overly complex and difficult to manage.

Discretionary Access Control (DAC) :-

Discretionary Access Control (DAC) restricts access to resources or functions based on specific users or named user groups. Owners of resources have the ability to assign or delegate access permissions to individual users. This model offers fine-grained control, where access rights are defined at the level of each resource or function and for each user. However, this level of granularity can lead to significant complexity in design and management.

Key features of DAC include:

• Discretionary: Access controls are not automatically enforced by the operating system.
• Controllable: Permissions are managed by the owner or administrator of the object (such as a file or folder).
• Transferable: Owners can transfer control of resources, allowing them to delegate access to others.

Mandatory Access Control (MAC) :-

Mandatory Access Control (MAC) ensures that organizational security policies are enforced without relying on voluntary compliance from web application users. MAC secures information by assigning sensitivity labels to information and comparing these labels to the sensitivity level assigned to users.

MAC is typically suitable for highly secure systems, such as multilevel secure military applications or mission-critical data applications.

Unlike Discretionary Access Control (DAC), in MAC, users and resource owners cannot delegate or modify access rights for their resources.