How To Secure a Facebook Acoount

Step 1:Log in to Facebook
Type in your username (or email ID) and your password.Never check the box "keep me logged in."if you do so, it will increase the chances of people hacking into your accounts.

You can check the "Keep me logged in" box on your own personal computer only(if n one else uses it).

Step 2: Never share your password.
There have been times when Facebook users share their passwords with other Facebook users,which leads to account hacking.If you share your password with your friends, they might as well log into and mess with your account, which can land you in serious trouble, so you should avoid sharing your password.

Step 3: Never log into your Facebook account when out at a public place.
However, if you think your friends are trustworthy (or your cyber cafe is trustworthy) when at the place you're out at, you can log in at a public place.

Step 4 : Use strong password.
Always have a very strong password that no one can guess.The password can be very long.
Just  a long password can't make your account secure either.Hackers can do a "Dictionary Attack" where they use each and every word of the English alphabet in the password box to open up your account.You are always welcomed to use numbers,lower and uppercase characters, symbols to make your password invulnerable to such types of attacks.

Be sure to change your Facebook password once every 2-3 months.If someone knows your password, he/she can't access your account after some time.

These are the common mistakes which people often make.Never use passwords similar to your Facebook password.

Never use the same passwords on multiple sites.For example, use three different passwords for your Facebook, Twitter and Google accounts.The reason for keeping multiple passwords on multiple sites is because , for if someone has hacked one of your accounts, he/she can hack another account using the same password.

Step 5: Never allow a third party app to gain access to your personal information.
These apps will have fights to post anything on your behalf, which can make it dangerous if you want a secured Facebook account.Always use third party apps that are good and have a very good reputation on Facebook.

Step 6: Personalize your privacy settings
This step is the major factor to securing your Facebook account.
Go to the settings ->securing and Login

Use two factor authentication

Add trusted contacts

This feature allows your trusted contacts on Facebook to help you to get back on the site if your Facebook account is hacked or you've forgotten your password somehow.Add a few trusted contacts.

How To Get WiFi Password

This method is only valid for known WiFi network.Sometimes we forgot the WiFi password which is used to access to the network.It works because windows 8 and 10 create a profile of every WiFi network to which you attach.If you tell Windows to forgot the network, then it also forgets the password, so this won't work.but most people never explicitly do that.So we can simply obtain the password like this.

Command Prompt => Run as administrator

Then type this command on command prompt.

c:\windows\system32>netsh wlan show profiles

once you type this command and hit enter, you can see all the networks which are connected to that particular device.

Then you should select the network which you want to get the password.

c:\windows\system32>netsh wlan show profile name="D-Link" key=clear

You should replace the profile name with you have.Once you type this command on terminal and hit enter you can see the WiFi password like this.

SQL Injection

Overview

A SQL injection attack consists of injection or "injection" of a SQL query via the input data from the client to the application.A successful SQL injection exploit can read sensitive data from the database,modify database data (insert/delete/update), execute administration operations on the database,recover the content of a given file present on the DBMS file system and in some cases issue commands to the operating system.SQL injection attacks are a type of injection attack, in which SQl commands are injected into data-plane input in order to effect the execution of predefined SQL commands.

SQL in Web Pages

SQL injection usually occurs when you ask a user for input, like their username/userid, and instead of a name/id, the user give you an SQL statement that you will unknowingly run on your database.

Example:-

txtUserId = getRequestString("UserId");
txtSQl = "SELECT * FROM Users WHERE UserId = " + txtUserId;

The original purpose of the code was to create an SQL statement to select a user, with a given user id.
If there is nothing to prevent a user from entering "wrong" input, the user can enter some "smart" input.

UserId:- 75 OR 1=1

Then SQL statement will be like this,

SELECT * FROM Users WHERE UserId = 75 OR 1=1;

The SQL above is valid and will return ALL rows from the "Users" table, since OR 1=1 is always TRUE.
A hacker might get access to all the user names and passwords in a database, by simply inserting 75 OR 1=1 into the input field.
SQL Injection Based on ""="" is Always true.

Username: John
Password: abc123

uName = getRequestString("username");
uPass = getRequestString("userpassword");

sql = 'SELECT * FROM Users WHERE Name ="' + uName + '" AND Pass ="' + uPass + '"'

Result 

SELECT * FROM Users WHERE Name =" john " AND Pass = "abc123"

A hacker might get access to user names and passwords in a database by simply inserting "OR""=" into the user name or password text box:

Username : "or ""="
Password : "or ""="

Result

SELECT * FROM Users WHERE Name = "" or  ""="" AND  Pass = "" or ""=""

The SQL above is valid and will return all rows from the "Users" table, since OR ""="" is always TRUE.

SQL Injection Based on Batched SQL Statements

Most databases support batched SQL statement.
A batch of SQL statements is a group of two or more SQL statements, separated by semicolons.
The SQL statement below will return all rows from the "Users" table, then delete the "Suppliers" table.

SELECT * FROM Users; DROP TABLE Suppliers

txtUserId = getRequestString("UserId");
txtSQL = "SELECT * FROM Users WHERE UserId = " + txtUserId;


Input will be like this:

User id : 75; DROP TABLE Suppliers

Result

SELECT * FROM  Users WHERE UserId = 75; DROP TABLE Suppliers;

Use SQL Parameters for Protection

To protect a web site from SQL injection, you can use SQL parameters.
SQL parameters are values that are added to an SQL query at execution time, in a controlled manner.

txtUserId = getRequestString("UserId");
txtSQL = "SELECT * FROM Users WHERE UserId = @0";
db.Execute(txtSQL,txtUserId);

Note that parameters are represented i the SQL statement by a @ marker.

The SQL engine checks each parameter to ensure that it is correct form its column and are treated literally, and not as part of the SQL to be executed.

Firewalls

What is a Firewall?

Firewall is a network security system to control and monitor the incoming and outgoing traffic based on predefined security rules.A firewall is normally barrier between trusted internal network and outside network.All the traffics which are allows to transmit over the network is predefined inside the firewall policy. All other traffics are denied.

Types of firewalls and history

Ancient history firewall was used to prevent the spread of fire.After that firewall concept is borrowed for computer security.Before firewalls emerged in the late 1980s, the only real form of network security performed by Access Control List(ACL).It has a predefined list of IP addresses were granted or denied access to the network.

The growth of the internet and connectivity  ACL wasn't enough to keep out malicious traffic.

Packet Firewalls

Packet filtering is a firewall technique used in used to control network access by monitoring outgoing and incoming packets and allowing them to pass or halt based on the source and destination Internet  

Protocol (IP) addresses, protocol and ports.

Network layer firewalls define packet filtering rule sets, which provide highly efficient security mechanisms.Packet filtering is also known as static filtering.

Stateful Firewalls

In order to recognize a packet's connection state, a firewall needs to record all connections passing through it to ensure it has enough information to assess whether a packet is the start of a new connection,a part of an existing connection, or not part of any connection.This is what's called "stateful packet inspection."Stateful inspection was first introduced in 1994 by Check Point Software in its Firewall-1 software firewall, and by the late 1990s,it was a common firewall product feature.

This additional information can be used to grant or reject access based on the packet's history in the state table,and to speed up packet processing; that way,packets that are part of an  existing connection based on the firewall's state table can be allowed through without further analysis.If a packet does not match an existing connection,it's evaluated according to the rule set for new connections.

Application Layer Firewalls

As attacks against Web servers become more common, so too did the need for a firewall that could protect servers and the applications running on them, not merely the notwork resources behind them, Application-layer firewall technology first emerged in 1999, enabling firewalls to inspect and filter packets on any OSI layer up to the application layer.

The key benefit of application-layer filtering is the ability to block specific content, such as known malware or certain websites, and recognize when certain applications and protocols such as HTTP,FTP and DNS are being misused.

Proxy Firewalls

Firewall proxy servers also operate at the firewall's application layer,acting as an intermediary for requests from one network to another for a specific network application. A proxy firewall prevents direct connections between either sides of the firewall; both sides are forced to conduct the session through the proxy, which can block or allow traffic based on its rule set.A proxy service must be run for each type of internet application the firewall will support,such as an HTTP proxy for Web services.

Advantages

-Higher security than packet filters

-Only need to scrutinize a few allowable applications

-Easy to log and audit all incoming traffic

Disadvantages

-Additional processing overhead on each connection (gateway as splice point)