Unit - II Cyber Security
Unit - II Cyber Security
A threat is a potentially dangerous event that has not occurred but has the potential to
cause damage if it does. Exploits are how threats become attacks, and vulnerabilities are
how exploits gain access to targeted systems.
The four main types of vulnerabilities in information security are network vulnerabilities,
operating system vulnerabilities, process (or procedural) vulnerabilities, and human
vulnerabilities.
1. Network vulnerabilities are weaknesses within an organization’s hardware or software
infrastructure that allow cyberattackers to gain access and cause harm. These areas of
exposure can range from poorly-protected wireless access all the way to misconfigured
firewalls that don’t guard the network at large.
3. Process vulnerabilities are created when procedures that are supposed to act as security
measures are insufficient. One of the most common process vulnerabilities is an
authentication weakness, where users, and even IT administrators, use weak passwords.
4. Human vulnerabilities are created by user errors that can expose networks, hardware,
and sensitive data to malicious actors. They arguably pose the most significant threat,
particularly because of the increase in remote and mobile workers. Examples of human
vulnerability in security are opening an email attachment infected with malware, or not
installing software updates on mobile devices.
1. Human error – When end users fall victim to phishing and other social engineering
tactics, they become one of the biggest causes of vulnerabilities in security.
2. Software bugs – These are flaws in a code that cybercriminals can use to gain
unauthorized access to hardware, software, data, or other assets in an organization’s
network. sensitive data and perform unauthorized actions, which are considered
unethical or illegal.
5. Poor access control – improperly managing user roles, like providing some users more
access than they need to data and systems or not closing accounts for old employees,
makes networks vulnerable from both inside and outside breaches.
These hackers can gain illegal access to the systems and cause severe damage to data
privacy. Therefore, cybersecurity vulnerabilities are extremely important to monitor for
the overall security posture as gaps in a network can result in a full-scale breach of systems
in an organization.
There are many causes of Vulnerabilities, a few of them are mentioned below:
Complex Systems
Familiarity
Attackers may be familiar with common code, operating systems, hardware, and software
that lead to known vulnerabilities.
Connectivity
Weak and reused passwords can lead from one data breach to several.
OS Flaws
Operating systems can have flaws too. Unsecured operating systems by default can give
users full access and become a target for viruses and malware.
Internet
The internet is full of spyware and adware that can be installed automatically on
computers.
Software Bugs
If software or a website assumes that all input is safe, it may run unintended SQL injection.
People
Social engineering is the biggest threat to the majority of organizations. So, humans can be
one of the biggest causes of vulnerability.
Once a vulnerability is detected, it goes through the vulnerability assessment process. What
is a vulnerability assessment? It is a process of systematically reviewing security
weaknesses in an information system. It highlights whenever a system is prone to any
known vulnerabilities as well as classifies the severity levels, and recommends appropriate
remediation or mitigation if required.
Identify vulnerabilities: Analyzing network scans, firewall logs, pen test results,
and vulnerability scan results to find anomalies that might highlight vulnerabilities
prone to cyber-attacks.
Verify vulnerabilities: Decide whether an identified vulnerability could be
exploited and classify its severity to understand the level of risk
Mitigate vulnerabilities: Come up with appropriate countermeasures and measure
their effectiveness if a patch is not available.
Remediate vulnerabilities: Update affected software or hardware wherever
possible.
Network-based assessment
This type of assessment is used to identify potential issues in network security and detect
systems that are vulnerable on both wired and wireless networks.
Host-based assessment
Host-based assessment can help locate and identify vulnerabilities in servers, workstations,
and other network hosts. It generally assesses open ports and services and makes the
configuration settings and patch management of scanned systems more visible.
It involves the scanning of Wi-Fi networks and attack vectors in the infrastructure of a
wireless network. It helps validate that a network is securely configured to avoid
unauthorized access and can also detect rogue access points.
Application assessment
It is the identification of security vulnerabilities in web applications and their source code.
This is achieved by implementing automated vulnerability scanning tools on the front end
or analyzing the source code statically or dynamically.
Database assessment
The assessment of databases or big data systems for vulnerabilities and misconfiguration,
identifying rogue databases or insecure dev/test environments, and classifying sensitive
data to improve data security.
Vulnerability management becomes a continuous and repetitive practice because cyber
attacks are constantly evolving.
A software vulnerability is a defect in software that could allow an attacker to gain control
of a system.
As we explain in greater detail below, the defects that cause software vulnerabilities can
result from flaws in the way the software is designed, problems with the software’s source
code, poor management of data or access control settings within the application or any
other type of issue that attackers could potentially exploit.
An attacker can exploit a software vulnerability to steal or manipulate sensitive data, join a
system to a botnet, install a backdoor, or plant other types of malware. In addition, after
penetrating into one network host, the attacker could use that host to break into other
hosts on the same network.
The specific exploits that an attacker can execute vary from one vulnerability to the next.
Not all vulnerabilities allow attackers to cause the same types of harm, and not all
vulnerabilities create equally severe risks.
However, all vulnerabilities pose at least some level of risk to the applications they impact,
as well as the environments that host those applications and any resources that integrate
with the applications.
Then, the attacker must devise a method for exploiting the vulnerability. Here again, exploit
methods vary widely, but they may involve techniques like injecting malicious code into an
application or bypassing access controls. Some vulnerabilities can be exploited remotely,
meaning that attackers can take advantage of the security weakness over the network.
Others require direct physical access to the infrastructure that hosts the vulnerable
software.
If the exploit is successful, the attacker will gain the ability to perform malicious actions
within the compromised application or its host system. Depending on the nature of the
vulnerability, these actions could include activity like exfiltrating sensitive data, running
malicious commands, planting malware or disrupting critical services in order to cause
problems for the business.
As noted above, there are many potential causes for a software vulnerability. Some
applications are vulnerable due to overall design flaws, such as an architecture that
involves moving sensitive data over unsecured networks. In other cases, vulnerabilities
result from specific coding errors that introduce vulnerabilities such as the following:
Buffer overflows: These allow someone to put more data into an input field than
what the field is supposed to allow. An attacker can take advantage of this by placing
malicious commands into the overflow portion of the data field, which would then
execute.
SQL Injection: This could allow an attacker to inject malicious commands into the
database of a web application. The attacker can do this by entering specially-crafted
Structured Query Language commands into either a data field of a web application
form, or into the URL of the web application. If the attack is successful, the
unauthorized and unauthenticated attacker would be able to retrieve or manipulate
data from the database.
Third-party libraries: Many programmers use third-party code libraries, rather
than try to write all software from scratch. This can be a real time-saver, but it can
also be dangerous if the library has any vulnerabilities. Before using any of these
libraries, developers need to verify that they don’t have vulnerabilities.
Application Programming Interfaces: An API, which allows software programs to
communicate with each other, could also introduce a software vulnerability. Many
APIs are not set up with strict security policies, which could allow an
unauthenticated attacker to gain entry into a system.
A cyber threat actor is any individual or group that poses a threat to cybersecurity. Threat
actors are the perpetrators behind cyberattacks, and are often categorized by a variety of
Today, the cyber threat environment is arguably more dynamic than ever before and threat
Understanding threat actors and their motives can help organizations better protect
themselves from the damage these actors cause as they exploit vulnerabilities, compromise
user identities with elevated privileges, evade security controls, damage or delete data, or
Threat actors primarily target large organizations for monetary gain, data, and sensitive
intelligence, or to cause service disruption and reputational harm. However, small and
medium-sized businesses (SMBs) have also become frequent targets for threat actors
because their relative lack of resources can mean that their security systems are weaker
regardless of their size or industry. In fact, businesses faced 50% more cyberattack
attempts per week in 2021 compared to 2020. Today, threat actors can and will find a path
“Threat actor” is a broad term that encompasses a wide variety of individuals and groups
Here are some of the most common types of threat actors and the motivations typically
Cybercriminals are individuals or groups who use digital technology to conduct illegal
This type of threat actor typically employs social engineering tactics such as phishing
emails to lure victims into clicking on a malicious link or downloading malicious software
(malware). Other examples of cybercrime include stealing data, tricking victims into
2. Nation-States
Nation-states may fund threat actor groups to perform a variety of malicious activities on
nation-state funded threat actors tend to be highly resourced, their behavior is often
seek to exfiltrate or corrupt sensitive data and assets, disrupt critical infrastructure, or
3. Terrorist Groups
As with physical acts of terrorism, the goal of cyber terrorists is typically to cause harm and
destruction that furthers their cause. This type of threat actor targets businesses, state
machinery, and critical infrastructures or services that will cause the most damage or
disruption.
4. Thrill-Seekers
Thrill-seekers are threat actors who attack computer systems or networks for personal
enjoyment. Whether they want to see how much data and sensitive information they can
steal, or they are interested in how specific networks and computer systems operate, thrill-
seekers may not necessarily intend to do much harm to their targets. However, they can
interfere with computer systems and networks or exploit vulnerabilities for more
5. Insider Threats
Insider threats are on the rise. These threats can be categorized into the following types:
Malicious Insiders: Malicious insiders are individuals who have access to the
corporate environment and decide to turn against their employers by helping threat
Incautious Insiders: Incautious insiders are employees who may not have
malicious intent but end up causing a data breach due to their carelessness. They
might click on a phishing email, install unapproved software, or lose their corporate
devices.
6. Hackers
Although the term ‘threat actor’ is often used interchangeably with ‘hackers’, hackers and
threat actors are not one and the same. A hacker is someone who uses their computer skills
to overcome a challenge or problem, for better or for worse, while threat actors almost
intentions, such as causing disruption or breaking the law. However, there are many types
Here are some examples of different types of hackers and what they can do:
break into computer networks or systems with malicious intent. Black hat hackers often
work alone or with organized crime groups and employ a number of techniques to hack
their targets, including social engineering, hacking passwords, infecting devices with
White hat hackers, also called ethical hackers, work with organizations or government
agencies to identify vulnerabilities and protect cyber systems from malicious hackers.
Unlike other types of hackers, white hat hackers always have permission from the
organization or agency they work with to hack into computer networks or systems.
Grey hat hackers fall somewhere in between white hat hackers and black hat hackers. Grey
hat hackers hack into computer networks or systems in order to draw the target’s attention
to vulnerabilities or potential attack paths and then charge a fee to fix the issues they’ve
discovered. Most often, this type of hacker exploits security issues without malicious intent,
Green hat hackers are beginners and often seek out information from more experienced
members of the hacking community. Although green hat hackers may not always have the
necessary skills or knowledge to launch a coordinated attack, they can still cause serious
damage if they don’t have a clear understanding of what they’ve done or how to fix it.
Blue hat hackers are most similar to white hat hackers: they’re security professionals
working at consulting firms that are hired specifically to test a system prior to its launch.
Sometimes, blue hat hackers also target individuals or companies in retaliation for some
wrongdoing without putting much thought into the consequences of their actions.
Red hat hackers are often seen as the “dark horses” of the hacking world, working alone or
in private groups to disarm black hat hackers. Unlike white hat hackers who turn black hat
hackers into the authorities, red hat hackers often focus on destroying resources and doing
harm.
Script Kiddies
Unlike other types of hackers, script kiddies are often motivated by boredom and don’t
write their own computer scripts or code. Instead, they insert existing scripts or codes into
viruses or applications to hack computer systems belonging to others. In the hacking world,
script kiddies are notorious for being relatively unskilled and immature compared to other
types of hackers.
Hacktivists
Hacktivists are often considered black hat hackers, but their motivations for hacking are
political. Whether they’re concerned with preserving free speech or exposing instances of
agencies.
Most of the time, hacktivists believe they’re trying to enact a positive change in the world.
For example, the hacking group Anonymous is well-known for its numerous cyberattacks
against several governments and have been called “freedom fighters” by their supporters.
Of the different types of hackers, the term “threat actor” most directly applies to black hat
The sophistication, scale and frequency of cybercrime continue to rise. While organizations
are concerned about cyber threats, the vast majority of them appear to be acting too slowly
to reduce the risks. Businesses in all sectors are scrambling to respond to cyber-attacks,
with healthcare, finance and government sectors reporting high volumes of breaches.
To increase resilience and protect against cyber crimes, organizations must fully
understand the risks.
A cyber incident can cause a financial loss of millions of dollars, with costs often recurring
over a long period of time. With increasing awareness, customers are more conscious about
what information they are providing to organizations. Failure to protect your customers'
data can lead to loss of trust and to wider, significant reputational damage. This also can
lead to further revenue loss or an impact on investors.
Sophisticated cyber crimes, including ransomware and denial of service (DoS) attacks, can
cause significant damage. They not only bring business operations to a halt but sometimes
involve hefty ransom payments.
The recent attack on the Colonial Pipeline in North America is a stark example. The attack
shut down the fuel distribution network and caused chaos as the community anticipated
gasoline shortages. In addition to reputational damage, Colonial Pipeline also suffered a
direct financial impact, paying $4.4 million dollars to end the attack.
What is authentication?
Authentication is the process of determining whether someone or something is who or
what they say they are. Authentication technology provides access control for systems by
checking to see if a user's credentials match the credentials in a database of authorized
users or a data authentication server. In doing this, authentication ensures that systems,
processes and enterprise information are secure.
There are several authentication types. For user identity, users are typically identified with
a user ID; authentication occurs when the user provides credentials, such as a password,
that match their user ID.
Organizations use authentication to control who can access corporate networks and
resources, and to identify and control which machines and servers have access. Companies
also use authentication to enable remote employees to access applications and networks
securely.
Login to corporate systems. Authentication methods are used to verify the identity of
employees and grant them access to corporate systems, such as email, databases and
document stores. This helps secure the confidentiality and integrity of sensitive
corporate data.
Secure remote access. Many organizations let their employees work remotely,
connecting to resources from offsite locations. Authentication methods enable secure
remote access, verifying the identity of remote users, ensuring authorized access and
maintaining the security of the organization's network infrastructure.
Electronic healthcare records (EHRs). Authentication methods are critical in
healthcare to protect the privacy and security of patients' EHRs while enabling
authorized healthcare professionals to access them when needed.
Validating a user with a user ID and password is considered the most basic type of
authentication. It depends on the user knowing those two pieces of information. Since this
type of authentication relies on just one authentication factor, it's a type of SFA.
Strong authentication is more reliable and resistant to attack. Typically, it uses at least two
different types of authentication factors and often requires strong passwords with at least
eight characters, a mix of lowercase and uppercase letters, special symbols and numbers.
2FA and MFA are types of strong authentication, with MFA among today's most common
authentication practices.
An authentication factor represents a piece of data or attribute that can validate a user
requesting access to a system. An old security adage has it that authentication factors can
be something you know, something you have or something you are. Additional factors have
been proposed and applied in recent years, with location often serving as the fourth factor
and time serving as the fifth factor.
Password Policy
Password Policy describes the rules that are enforced regarding password
strength, changes, and re-use. An effective password policy supports strong
authentication. It is generally accepted that the each of the following will
increase the integrity of the authentication process:
The more of these rules that are enforced, the stronger will be the
authentication mechanism,
Password Cracking
There are countless hacking tools and frameworks available to help an attacker
guess a password through an automated sequence of attempts. This is called
“brute forcing” because such tools will attempt all possible password
combinations given a set of constraints in an attempt to authenticate. An
application that does not protect itself against password cracking in some
manner may be considered as having a Weak Authentication vulnerability
depending the requirements and risk-level.
Dictionary Attacks
In addition to brute force attacks, password cracking tools also typically have
the ability to test a file of candidate passwords. This is called a dictionary
attack because the file used may actually be a dictionary of words. Passwords
that can be found in a dictionary are considered weak because they can
eventually discovered using a dictionary attack. An application that allows
dictionary words as passwords may be considered as having a Weak
Authentication vulnerability depending the application requirements and risk -
level.
Popular Passwords
Since passwords are usually freely chosen and must be remembered, and given
that humans are lazy, passwords that are easy to remember tend to be more
popular than those that are not. In fact, some passwords become very
popular and are used far more frequently that might be expected. Although the
most popular entries change over time, you can always find a “top -N” list
somewhere, like here, or here, or here. Clearly it is in the user’s best interest to
avoid the most popular passwords.
Authentication Bypass
Cybersecurity awareness includes being aware of the latest security threats, cybersecurity
best practices, the dangers of clicking on a malicious link or downloading an infected
attachment, interacting online, disclosing sensitive information and so on. Security
awareness training programs help to enhance your organization’s security posture and
tighten its processes, thereby paving the way to building a more resilient business.
Cybersecurity awareness must be an organization-wide initiative for it to be most effective
and beneficial.
With cybercrime continuing its upward trend, cybersecurity is a top priority for businesses
of all sizes. Security awareness training is a critical component of an organization’s
cybersecurity strategy. It encompasses various tools and techniques used to inform and
equip employees about security risks and how to avoid them. This helps them understand
the cyber-risks your business faces every day, the impact they have on your business and
their roles and responsibilities with regard to the safety and security of digital assets.
Cybercriminals are constantly evolving and devising new methods to exploit vulnerabilities
to steal valuable data from businesses. Additionally, they look to exploit human behavior
and emotions. It is no surprise social engineering attacks like phishing, spear phishing,
business email compromise (BEC), etc., are so successful.
Well-educated and trained employees can quickly identify these threats, which can
significantly reduce the risk of cybersecurity incidents and help prevent data breaches.
Security awareness training not only helps stop threat actors in their tracks, but also
promotes an organizational culture that is focused on heightened security. Cybersecurity
awareness training is a necessity for the survival of your organization. Your organization
must invest in cybersecurity training, tools and talent to minimize risk and ensure
company-wide data security. A well-defined cybersecurity awareness training can help
significantly reduce the cost and number of security incidents in your organization.
Over the years, cybersecurity awareness training has come a long way from being largely
reserved for security professionals to include IT administrators and other employees. The
scope of cybersecurity awareness programs may vary depending on the number of
employees, how aware they are, budget and so on. Regardless of what the scope is, here are
some courses that every cybersecurity awareness training program must include.
Email security: Email is one of the most important communications tools for businesses
today. However, it is also the entry point for several types of cybercrime, including
phishing, ransomware, malware and BEC. About 94% of all dangerous ransomware and
other malware enter an organization through email. Therefore, email security training is
crucial to protect your employees and business from malicious email attacks. Email
security training will help employees be mindful of unsafe links and attachments.
Phishing and social engineering: The human attack surface is the primary gateway for
threat actors. Social engineering attackers are aware of how humans think and work. They
leverage this knowledge to exploit human behavior and emotions to influence their targets
to take desired actions. For example, disclosing sensitive information, granting system
access, sharing credentials, transferring funds and so on. Verizon’s 2021 Data Breach
Investigations Report revealed that more than 35% of data breaches involved phishing.
Phishing and social engineering attacks are targeted and convincing, making them highly
successful. However, with the right training and skills, your employees can spot warning
signs and greatly reduce the probability of falling victim to these scams.
Browser security: Web browsers are hot targets for hackers since they are the gateways
to the internet and hold large volumes of sensitive data, including personal information.
Not all websites you visit online are safe. Therefore, browser/internet security training,
including best practices, browser security tips, the different types of browser threats,
internet and social media policies, can go a long way toward maintaining confidentiality
and browsing the web safely.
Information security: Your organization’s information is the most prized asset. That’s
why protecting its confidentiality, integrity and availability should be everyone’s
responsibility. Your training programs must include courses that emphasize the criticality
of data security and responsibilities toward protecting the data. Train your employees on
how to handle, share, store and dispose of sensitive information safely. Having a clear
understanding of the legal and regulatory obligations of a breach is critical. Employees
should also be trained on incident reporting to remediate issues quickly and minimize risk.
Remote work protocol: Working remotely is the new norm, as is evident with most
organizations globally implementing a hybrid work model. This poses greater challenges
for organizations since they must now ensure safety and security both in the office and at
home (or anywhere). This also means additional security risks. However, these risks can be
significantly reduced with the right knowledge and tools for your employees. Your training
programs must include the dangers of connecting to unsecured public Wi-Fi networks, the
use of personal devices and unauthorized software, and the importance of VPNs for
additional layers of security, to name a few.
Physical security: Physical security includes everything from being aware of shoulder
surfers to protecting your company-provided laptops and mobile devices from potential
security risks. For example, locking the devices when stepping away, keeping the
workstation clean, avoiding tailgating, and storing confidential files and printed materials
in a secure place.
Removable media security: Removable media, such as USB drives, CDs, portable hard
drives, smartphones, SD cards, etc., offer convenient ways to copy, transfer and store data.
However, there are risks of data exposure, virus or malware infection, data loss and theft.
Educate your employees about your organization’s removable media policy, the risks
involved with using removable media, especially untrusted/unsanctioned removable
media, the importance of the policy and the repercussions of not following procedure.
Incident response: Having an incident response (IR) plan and IR team is not enough. You
must also educate your employees about their roles and responsibilities in the event of a
security incident. The harsh reality is security incidents are inevitable. Your organization’s
preparedness to deal with such incidents can be the difference maker between grappling
with legal and regulatory issues and quickly recovering from crises and avoiding further
damage.
At a high level, access control is about restricting access to a resource. Any access
control system, whether physical or logical, has five main components:
Access control can be split into two groups designed to improve physical security
or cybersecurity:
Physical access control: limits access to campuses, building and other physical
assets, e.g. a proximity card to unlock a door.
Logical access control: limits access to computers, networks, files and
other sensitive data, e.g. a username and password.
Access control minimizes the risk of authorized access to physical and computer systems,
forming a foundational part of information security, data security and network security.
What Is Authentication?
Authentication is a security process followed to verify and confirm the identity of an
individual, device, or system attempting to access a particular resource or service. It
ensures that the claimed identity is valid and authorized to perform the requested actions
or access specific information. Authentication is fundamental to maintaining data privacy,
protecting sensitive resources, and preventing unauthorized access to systems and data.
1. Identity: The user, system, or entity that seeks access to a particular resource is
identified through a unique identifier, often referred to as a username, user ID, or client ID.
2. Credentials: These include information that users or entities present to prove their
identity. Prevalent credential types include:
Something the user knows: This includes passwords, personal identification numbers
(PINs), passphrases, or any other secret information that only the legitimate user should
know.
Something the user has: This involves possession of physical objects or devices such as
smart cards, security tokens, or mobile phones used for receiving one-time passwords
(OTPs).
Something the user is: This pertains to biometric characteristics such as fingerprints, iris
patterns, facial features, or voice recognition.
Biometric Authentication
Biometric authentication refers to a cybersecurity process that verifies a user’s identity
using their unique biological traits such as fingerprints, voices, retinas, and facial features.
Biometric authentication systems store this information in order to verify a user’s identity
when that user accesses their account. This type of authentication is usually more secure
than traditional forms of multi-factor authentication.
Understanding Cryptography
Cryptography can be defined as the art and science of concealing information and data in
an unreadable format so that only the intended individual can read it. In other words,
cryptography is a study to secure communication that allows only the message sender
and the intended recipient to view the message’s contents.
The applications of cryptography have been traced back to the ancient Egyptians.
However, the art of coding has reached new heights over the millennia. Modern
cryptography combines engineering, advanced computer technology, maths and other
disciplines.
Cryptography creates highly secure and sophisticated cyphers and algorithms for
protecting sensitive data in this digital era.
Cryptography in cybersecurity involves the use of encryption and decryption algorithms.
It is used for digital signing, cryptographic key generation, confidential communication,
internet browsing, and verification to ensure data privacy.
Confidentiality: Only the intended recipient can access and read the data. Hence,
the data remains private.
Ensuring data integrity: The encoded data must not be tampered with or modified
en route from the sender to the recipient without any traceable marks.
Authentication: The receiver and sender can verify each other’s identity and the
destination of the information.
Non-repudiation: The sender becomes accountable for the messages they send.
The latter cannot deny that the message was transmitted – email tracking and
digital signatures are some examples of this.
Cryptography & Its Types
In symmetric key cryptography, the same key is used in cryptography to encrypt and
decrypt information. The keys used in this kind of encryption should be kept secret by
both parties, making them vulnerable to attack from hackers. Symmetric cryptography is
often employed to safeguard the local storage of sensitive data on servers or drivers.
The main drawback of this method is finding a way to securely share the key between
the sender and receiver. Advanced Encryption Standard (AES) and Data Encryption
Standard (DES) are examples of this method.
Block cyphers: This form of cryptography – including the Fiestal cypher – codes
and decodes one data block at a time.
Stream cyphers: This form works on a single data byte at a time and regularly
changes the encryption key. In this method, the keystream can be in tandem with or
independent of the message stream.
2. Asymmetric Key Cryptography/Public Key
Asymmetric key cryptography uses two keys instead of one. This is a more secure
cryptography involving the sender and receiver having two private and one public key.
The sender uses the receiver’s public key to encrypt the message. On the other hand, the
receiver uses the private key to decrypt it.
RSA: It is the basis of key exchanges and digital signatures. Its algorithm is based on
the principle of factorisation.
Digital Signature Algorithm (DSA): Created by the National Institute of Standards
and Technologies, it is the standard for verifying electronic signatures and is built
on the modular exponentiation principles.
Elliptic Curve Cryptography (ECC): This type of cryptography uses the algebraic
structure of elliptic curves for building complex algorithms. It is ideal for electronic
devices – such as smartphones – with limited computing power since they don’t
need much storage or bandwidth.
Identity-based Encryption (IBE): In this algorithm, the receiver doesn’t have to
provide the public key to the sender. Instead, the sender uses some known unique
identifier – such as email address – to generate a public key to encode the message.
A corresponding private key is then generated by a third-party server, which the
receiver can access for decrypting the information.
3. Hash Functions
These are the kind of cryptographic algorithms which don’t use any keys. Instead, they
use a hash value – a number with fixed lengths that acts as a unique data identifier –
designed based on the length of the plain text information and is employed to encrypt
the data. Various operating systems generally use this method for protecting passwords.
Check out our free technology courses to get an edge over the competition.
Of the several techniques employed for concealing data and files through cryptography,
some have been listed below:
Hashing
In this method, a data string is converted into a unique string. Irrespective of the data
type, this technique will change the data into a unique, irreversible form. Hashing is used
for message integrity, password validation, blockchain technology, checking file
integrity, etc.
Steganography
It is an old technique to conceal data or messages behind non-secret images, data, text or
other files. In this method, the secret message is blended with the file, therefore
becoming incredibly challenging to detect.
Salting
It is another technique used in hashing to enhance and make them unreadable. Just like
adding salt to food improves its taste, this salting technique strengthens the hashing
process. A random salt string can be placed on either side of any password to change its
hash string.
The downside or risk of deception technology is that cyber criminals have escalated the
size, scope, and sophistication of their attacks, and a breach may be greater than what the
deception server and its associated shadow or mock assets can handle. Further, cyber
criminals may be able to quickly determine that they themselves are being tricked as the
deception server and decoy assets become immediately obvious to them. As such, they can
quickly abort the attack—and likely return even stronger.
Ethical hackers aim to investigate the system or network for weak points that malicious
hackers can exploit or destroy. They collect and analyze the information to figure out ways
to strengthen the security of the system/network/applications. By doing so, they can
improve the security footprint so that it can better withstand attacks or divert them.
Ethical hackers are hired by organizations to look into the vulnerabilities of their systems
and networks and develop solutions to prevent data breaches. Consider it a high-tech
permutation of the old saying “It takes a thief to catch a thief.”
They check for key vulnerabilities include but are not limited to:
Injection attacks
Components used in the system or network that may be used as access points
Ethical Hackers must follow certain guidelines in order to perform hacking legally. A good
hacker knows his or her responsibility and adheres to all of the ethical guidelines. Here are
the most important rules of Ethical Hacking:
An ethical hacker must seek authorization from the organization that owns the system.
Hackers should obtain complete approval before performing any security assessment on
the system or network.
Determine the scope of their assessment and make known their plan to the organization.
Report any security breaches and vulnerabilities found in the system or network.
Keep their discoveries confidential. As their purpose is to secure the system or network,
ethical hackers should agree to and respect their non-disclosure agreement.
Erase all traces of the hack after checking the system for any vulnerability. It prevents
malicious hackers from entering the system through the identified loopholes.
Learning ethical hacking involves studying the mindset and techniques of black hat hackers
and testers to learn how to identify and correct vulnerabilities within networks. Studying
ethical hacking can be applied by security pros across industries and in a multitude of
sectors. This sphere includes network defender, risk management, and quality assurance
tester.
However, the most obvious benefit of learning ethical hacking is its potential to inform and
improve and defend corporate networks. The primary threat to any organization's security
is a hacker: learning, understanding, and implementing how hackers operate can help
network defenders prioritize potential risks and learn how to remediate them best.
Additionally, getting ethical hacking training or certifications can benefit those who are
seeking a new role in the security realm or those wanting to demonstrate skills and quality
to their organization.
You understood what is ethical hacking, and the various roles and responsibilities of an
ethical hacker, and you must be thinking about what skills you require to become an ethical
hacker. So, let's have a look at some of the ethical hacker skills.
An ethical hacker should have in-depth knowledge about all the systems, networks,
program codes, security measures, etc. to perform hacking efficiently. Some of these skills
include:
Networking skills - This skill is important because threats mostly originate from
networks. You should know about all of the devices present in the network, how they
are connected, and how to identify if they are compromised.
Understanding of databases - Attacks are mostly targeted at databases. Knowledge of
database management systems such as SQL will help you to effectively inspect
operations carried out in databases.
The ability to work with different hacking tools available in the market.
What Is Firewall?
Firewall is a network security device that observes and filters incoming and outgoing
network traffic, adhering to the security policies defined by an organization. Essentially, it
acts as a protective wall between a private internal network and the public Internet.
Fencing your property protects your house and keeps trespassers at bay; similarly,
firewalls are used to secure a computer network. Firewalls are network security systems
that prevent unauthorized access to a network. It can be a hardware or software unit that
filters the incoming and outgoing traffic within a private network, according to a set of
rules to spot and prevent cyberattacks.
Types of Firewalls
A firewall can either be software or hardware. Software firewalls are programs installed on
each computer, and they regulate network traffic through applications and port numbers.
Meanwhile, hardware firewalls are the equipment established between the gateway and
your network. Additionally, you call a firewall delivered by a cloud solution as a cloud
firewall.
Intrusion Detection System (IDS)
A system called an intrusion detection system (IDS) observes network traffic for
malicious transactions and sends immediate alerts when it is observed. It is software that
checks a network or system for malicious activities or policy violations. Each illegal
activity or violation is often recorded either centrally using a SIEM system or notified to
an administration. IDS monitors a network or system for malicious activity and protects a
computer network from unauthorized access from users, including perhaps insiders. The
intrusion detector learning task is to build a predictive model (i.e. a classifier) capable of
distinguishing between ‘bad connections’ (intrusion/attacks) and ‘good (normal)
connections’.
Scanning
Scanning in ethical hacking is a network exploration technique used to identify the systems
connected to an organization’s network. It provides information about the accessible
systems, services, and resources on a target system. Some may refer to this type of scan as
an active scan because it can potentially disrupt services on those hosts that are
susceptible. Scanning is often used during vulnerability assessment when probing
weaknesses in existing defenses.
There are two ways of scanning:
Active Scanning
Passive Scanning
Scanning is more than just port scanning, but it is a very important part of this process.
Scanning allows you to identify open ports on the target system and can be used for port
mapping, performing an interactive session with the operating system via those ports, or
even redirecting traffic from these open ports. There are many tasks that can be performed
with a scanning tool.
An incident response plan is a set of documented procedures detailing the steps that should
be taken in each phase of incident response. It should include guidelines for roles and
responsibilities, communication plans, and standardized response protocols.
Within your plan it is important to use clear language and define any ambiguous terms. One
set of terms that are frequently confused is event, alert, and incident. When using these
terms in your plan, it can help to restrict use as follows:
Event—a change in system settings, status, or communication. Examples include
server requests, permissions update, or the deletion of data.
Incident—an event that puts your system at risk. For example, theft of credentials
or installation of malware.
There are many types of cybersecurity incidents that could result in intrusions on an
organization’s network:
4. Phishing Attack: Occurs when an attacker sends an email or message that appears
to be from a legitimate source, but is actually a trap to steal sensitive information or
spread malware.
5. Malware Attack: Occurs when an attacker uses malware, such as a virus or Trojan
horse, to gain access to an organization’s systems or data or perform other
malicious activities. Different types of malware can perform different activities. For
example, ransomware can prevent access to data until a ransom has been paid.
6. Denial-of-Service (DoS) Attack: Occurs when an attacker floods a system or
network with traffic, causing it to become unavailable to legitimate users.
Security Policies
Security policies are a formal set of rules which is issued by an organization to ensure that
the user who are authorized to access company technology and information assets comply
with rules and guidelines related to the security of information. It is a written document in
the organization which is responsible for how to protect the organizations from threats and
how to handles them when they will occur. A security policy also considered to be a "living
document" which means that the document is never finished, but it is continuously updated
as requirements of the technology and employee changes.
1) It increases efficiency.
The best thing about having a policy is being able to increase the level of consistency which
saves time, money and resources. The policy should inform the employees about their
individual duties, and telling them what they can do and what they cannot do with the
organization sensitive information.
When any human mistake will occur, and system security is compromised, then the security
policy of the organization will back up any disciplinary action and also supporting a case in
a court of law. The organization policies act as a contract which proves that an organization
has taken steps to protect its intellectual property, as well as its customers and clients.
It is not necessary for companies to provide a copy of their information security policy to
other vendors during a business deal that involves the transference of their sensitive
information. It is true in a case of bigger businesses which ensures their own security
interests are protected when dealing with smaller businesses which have less high-end
security systems in place.
An organization needs to unite defenses and response to stop threats faster and more
efficiently if they wish to succeed and grow rapidly. When a solid framework is applied,
effective threat management is achieved. This framework typically includes one or more
practice methods including:
Unified Insight. Awareness of current threat operations can be used to tailor your
organization's management plan to meet the unique needs of your organization.
Access to Visibility. Access into the threat landscape with services to test an
organization’s system for risks can integrate security and non-security data resources.
Risk Detection. Identifying the most critical threats to an organization through the
integration of AI, attack models, and intelligence systems from years of securing well
known companies.
Use of Investigation Tools. Investigation with the help of artificial intelligence and
advanced analytics across data sources with multiple degrees of capabilities.
Effective Response. Response to automated actions against common threats provide
organizations with a business-wide playbook for the orchestration of threat
management across people and technological processes.
Unsecured broadband connections and WiFi networks pose a significant risk to users, as
they are vulnerable to hacking, identity theft, and other cyber threats.
Risk of Eavesdropping
There is a risk of eavesdropping by hackers when you use public networks. They may use
“man in the middle” style to gain access to your personal data. The hacker may be able to
eavesdrop on your information as it passes from your phone or computer to any website
you may use.
1. As these networks do not require any authentication, the hackers receive unfettered
access to unprotected gadgets within the same network.
2. The hackers may position between you and the hotspot, which leaves
youvulnerable to attacks.
3. If a hacker gets access to your personal information, he may misuse the same at any
point in time.
4. Unsecured Wi-Fi networks are also used by cyber criminals to distribute infected
software like viruses and malware.
5. Intruders may not damage the public network but may use it for illegal purposes
that may have severe repercussions.
Hackers target users who do not have the right knowledge to remain protected. Here are a
few tips that ensure security while connecting to a public Wi-Fi network:
When you use a VPN, the information is encrypted. Therefore, the hackers are unable to
access your confidential information even if they position within the connection. Also,
criminals often do not want to spend time decrypting the information as it is a long and
tedious procedure.
It is most likely that you may not have access to a VPN. Nonetheless, you may still encrypt
your data while using the internet on a public network. It is recommended that you enable
the “Always use HTTPS” setting on frequently used websites for more security.
While connecting to the Internet on a public network, you may not share personal files and
data. It is advisable to switch off sharing from the control panel or system
preferences while using a laptop. It generally depends on the operating system.
Alternatively, you may allow Windows to switch it off while opting for “Public” option
when you connect to an unprotected network the first time.
Before connecting to a public Wi-Fi network, reading the terms and conditions may be
beneficial. Although you may not understand all these, it is likely you will be able to
comprehend the kind of data the network will collect and how it will be used. Moreover, it
is important you do not install any browser extensions or additional software.
5. Security Protocols
Using a well-configured firewall mechanism to filter data transmission over the public
network is recommended. In addition, having updated security software, such as anti-key-
logger or anti-malware is also beneficial.
Tools like Wi-Fi check helps to verify the download speed and the security of the network.
It helps in identifying if the public network is secure or not. Such tools are highly beneficial
while using a public Wi-Fi network.
Even after adhering to the aforementioned tips and adopting multiple security measures,
you may still be at some risk. Therefore, using strong and secure internet service
providers and installing robust security software is important. The software will scan your
files for any malware attack and also scan new files before downloading these.