Security Considerations for Secure Wi-Fi Network

Authentication Methods:

• WPA2/WPA3-Personal: Uses password (pre-shared key)
• WPA2/WPA3-Enterprise: Uses RADIUS server for user authentication

Encryption Protocols:

• WPA3: Most secure (uses strong encryption)
• WPA2 (AES): Common and secure
• Avoid WEP (insecure)

Strong Password: Use complex and long Wi-Fi passwords

SSID Management: Change default SSID and disable SSID broadcast if needed

Firewall & Updates: Enable router firewall and keep firmware updated

MAC Address Filtering: Allow only specific devices

Network Segmentation: Use guest network for visitors

Disable Unused Services: Turn off WPS and remote access

Using strong authentication, modern encryption, and proper configuration helps prevent unauthorized access and ensures secure Wi-Fi communication.

Penetration Testing (Pen Testing) is a security testing method where ethical hackers simulate real-world attacks on a network service to identify vulnerabilities.

Purpose:

• To find security weaknesses in the network
• To evaluate system security
• To prevent unauthorized access and attacks

Process:

• Scanning: Identify open ports and services
• Exploitation: Try to access the system using vulnerabilities
• Reporting: Document findings and suggest fixes

Penetration testing helps organizations improve network security by detecting and fixing vulnerabilities before attackers exploit them.

Common Security Vulnerabilities in Web Applications & Their Solutions

1. SQL Injection:

• Attackers insert malicious SQL queries
• Solution: Use prepared statements and input validation

2. Cross-Site Scripting (XSS):

• Malicious scripts are injected into web pages
• Solution: Use input sanitization and output encoding

3. Cross-Site Request Forgery (CSRF):

• Unauthorized actions performed on behalf of users
• Solution: Use CSRF tokens and secure cookies

4. Weak Authentication:

• Poor password or login system
• Solution: Use strong passwords, multi-factor authentication (MFA)

5. Broken Access Control:

• Users access unauthorized data
• Solution: Implement proper authorization checks

6. Security Misconfiguration:

• Default settings or improper setup
• Solution: Regular updates and secure configuration

7. Sensitive Data Exposure:

• Data not properly protected
• Solution: Use encryption (HTTPS, SSL/TLS)

By applying secure coding practices, proper validation, and strong authentication, web application vulnerabilities can be minimized.

Social Engineering is a technique where attackers manipulate people into revealing confidential information instead of hacking systems directly.

Common Social Engineering Techniques:

• Phishing: Fake emails or websites used to steal login credentials or personal data.
• Pretexting: Attacker creates a false scenario to gain trust and extract information.
• Baiting: Offering something attractive (e.g., free USB, download) to trick users.
• Tailgating (Piggybacking): Unauthorized person follows an authorized person into a restricted area.
• Quid Pro Quo: Offering a service (e.g., tech support) in exchange for sensitive information.
• Spear Phishing: Targeted phishing attack aimed at a specific individual or organization.

Conclusion:
Social engineering attacks exploit human psychology, so awareness and user training are essential for prevention.

Malware (Malicious Software) is software designed to harm, damage, or gain unauthorized access to a computer system.

Examples of Malware:

• Virus: Attaches to files and spreads when executed
• Worm: Spreads automatically through networks
• Trojan Horse: Disguised as legitimate software
• Ransomware: Locks data and demands payment
• Spyware: Monitors user activity secretly

Conclusion:
Malware can damage systems and steal data, so using antivirus and security practices is important

• Ensures uniqueness of records
• Prevents duplicate entries

A Foreign Key is a field in one table that refers to the Primary Key of another table.
Example: Student(ID, Name), Course(CourseID, StudentID) → StudentID is Foreign Key.
Purpose:

• Maintains relationship between tables
• Ensures referential integrity