Name: Anubhab Mukherjee

Roll No: 2263034

Semester: 4th
Department: CSE (IOT and CS)
Paper Name: Ethical Hacking

1) What are the roles and types of ethical hackers? How do they contribute to cyber security?
ANS:
Ethical hackers, also known as white hat hackers or penetration testers, are cybersecurity
professionals who use their coding skills
and knowledge to identify and fix vulnerabilities in computer systems,
networks, applications, and other technology. Their main purpose is to
improve the security of the organization and prevent malicious
hackers from exploiting security holes for malicious purposes.
Role of Ethical Hackers:
1. **Testing: ** - Ethical hackers conduct penetration tests to identify vulnerabilities in system
systems,
networks and applications. - They simulate cyber attacks to find
security holes and evaluate the
effectiveness of existing security measures.
2. **Vulnerability Assessment: ** - Ethical hackers conduct
extensive vulnerability assessments to identify and prioritize security risks to
an organization's IT infrastructure. - They use
automated scanning tools and manual techniques to detect vulnerabilities.
3. **Security Research: ** - Ethical hackers stay updated
with the latest security trends, techniques and technologies. - They look
for new attack vectors and vulnerabilities to prevent new threats.
4. **Incident Response: ** - Ethical hackers engage in
response activities during security breaches. - They analyze
attack vectors, identify compromised systems and recommend
remedial measures.
5. **Security consulting: ** - Ethical hackers provide organizations with expert advice
and guidance on improving cyber security. - They
help develop security policies, procedures and best practices.
Types of Ethical Hackers:
1. **Ethical Ethical Hackers: ** - These are independent contractors
or members of regulated cybersecurity trade organizations who are hired
to test their security skills. - They simulate external
things and try to gain unauthorized access to the organization's
systems and data.
2. **Internal Ethical Hacker: ** - These are employees of the organization
who are responsible for testing internal systems and networks. -
They assess internal infrastructure and application security
from an insider threat perspective.
3. **Red Team: ** - Red Team members mimic the tactics, techniques,
and procedures (TTP) of real attackers to test the organization's
defenses. - They perform extensive penetration testing and
simulate real cyber attacks to identify vulnerabilities.
4. **Bug Hunters: ** - Bounty hunters are independent
security researchers who look for vulnerabilities in software and
systems. - They report their findings to organizations for money through bug programs.
Contributions to Cyber Security:
1. **Vulnerability detection: ** - Ethical hackers help
organizations identify and fix vulnerabilities before malicious
hackers can exploit them.
2. **Preventing data breaches: ** - By identifying and fixing vulnerabilities, ethical hackers
help prevent data breaches and protect
sensitive information.
3. **Improve Security: ** - Ethical hackers help
organizations improve their overall cyber security
by identifying gaps in security controls and recommending improvements.
4. **Awareness: ** - Ethical hackers raise awareness of cyber security
threats and help organizations understand the importance of proactive
security measures. 5. **Compliance and Regulations: ** - Ethical hacking helps
organizations comply with cybersecurity standards and regulations
keep their IT infrastructure secure.
In short, ethical hackers play a key role
in protecting organizations from cyber threats by identifying vulnerabilities,
improving security measures and preventing attacks. cyber attack
Their efforts help improve the overall cybersecurity of organizations
and protect sensitive data from unauthorized access and
exploitation.

2) Differentiate between different types of hacking with examples.

ANS:
Different types of hacking with examples:
1. White hat hacking: Hackers, also known as ethical hackers, use their
skills to find security holes and strengthen security systems
.
Example: Penetration testing A company hires hackers to
perform penetration tests on its network to identify and
patch security holes before malicious hackers can
exploit them.
2. Black Hat Hacking: A black hat hacker is an individual who breaks
into computer systems maliciously, often for personal gain
, theft or damage.
Example: Malware attack A black hat hacker creates and
distributes a ransomware virus that encrypts the victim's files
and demands payment for the decryption key.
3. Gray hat hacker: Gray hat hackers operate somewhere between white hat
and black hat hackers, sometimes breaking the law or
ethical standards, but without malice.
Example: Unauthorized access to a report A hacker gained
unauthorized access to a company's database to find security holes
. Instead of exploiting security holes, they
report problems to the company and offer to fix them
for a fee.
4. Hacktivism: Hacktivism is hacking with a political or social purpose
where the hacker aims to promote a particular cause or
ideology.
Example: Defacement of a website A group of attackers attacks a
government website and defaces it with messages or images
to oppose government policy.
5. Phishing: Phishing tricks people into giving
sensitive information such as usernames, passwords and credit card information,
pretending to be a trusted entity.
Example: e-mails Ax sends an e-mail pretending
to be from a bank and asks the recipient to click on a link and provide
their login details. The link leads to a fake website whose
purpose is to collect user data.
6. Social engineering: Social engineering involves manipulating \people into revealing confidential
information or
committing data security breaches.
Example: Identity Theft A hacker calls a company employee
pretending to be an IT support technician and asks for their login details
to solve the problem. Staff believe
hackers are legitimate and will provide information. 7. Insider threats: Insider threats involve
individuals within an organization who take advantage of their access and privileges
to steal data or cause harm.
Example: data theft.
A company employee with access to sensitive customer data
copies the data onto a USB stick and sells it to a
competitor.

3) Differentiate between insider threats and external cyber threats.

Internal and external cyber threats are two different types of
cyber security risks that organizations face. They differ as follows:
Insider threats:
1. Definition:
● Insider threats refer to security risks that originate
from within the organization, typically employees, contractors,
or business partners.

2. Motive:
● Insider threats can be intentional or unintentional.
● Intentional insider threats involve employees or
individuals with access to an organization's systems and
information that abuse their access for malicious purposes such as
hacking, system sabotage, or damage.
● Unintentional insider threats occur when employees
inadvertently compromise security, such as falling victim to
phishing attacks or accidentally disclosing sensitive
information.
3.
● Employees steal information, confidential information to sell
to competitors.
● Sensitive data of an employee who was a victim of a phishing message
was accidentally exposed.
● System or data sabotage by a disgruntled employee. 4. Challenge in detection:
● Insider threats can be difficult to detect because the insider
often has legitimate access to systems and data.
● Controlling and detecting insider threats requires a combination of
technology, process and employee
awareness.
External Cyber Threats:
1. Definition:
● External Cyber Threats originate outside the organization
and are usually caused by.

4) Compare and contrast viruses and worms and how they differ in terms of
propagation and impact.
ANS:

Name: Abhishek Kumar Sinha

Roll No: 2263045
Semester: 4th
Department: CSE (IOT and CS)
Paper Name: Ethical Hacking
1) What are the roles and types of ethical hackers? How
do they contribute to cyber security?
Ethical hackers, also known as white hat hackers or penetration testers, are
cybersecurity professionals who use their coding skills
and knowledge to identify and fix vulnerabilities in computer systems,
networks, applications, and other technology. Their main purpose is to
improve the security of the organization and prevent malicious
hackers from exploiting security holes for malicious purposes.
Role of Ethical Hackers:
1. **Testing: ** - Ethical hackers conduct penetration tests to
identify vulnerabilities in system systems,
networks and applications. - They simulate cyber attacks to find
security holes and evaluate the
effectiveness of existing security measures.
2. **Vulnerability Assessment: ** - Ethical hackers conduct
extensive vulnerability assessments to identify and prioritize security risks to
an organization's IT infrastructure. - They use
automated scanning tools and manual techniques to detect vulnerabilities.
3. **Security Research: ** - Ethical hackers stay updated
with the latest security trends, techniques and technologies. - They look
for new attack vectors and vulnerabilities to prevent new threats.
4. **Incident Response: ** - Ethical hackers engage in
response activities during security breaches. - They analyze
attack vectors, identify compromised systems and recommend
remedial measures.
5. **Security consulting: ** - Ethical hackers provide organizations with expert
advice
and guidance on improving cyber security. - They
help develop security policies, procedures and best practices.
Types of Ethical Hackers:
1. **Ethical Ethical Hackers: ** - These are independent contractors
or members of regulated cybersecurity trade organizations who are hired
to test their security skills. - They simulate external
things and try to gain unauthorized access to the organization's
systems and data.
2. **Internal Ethical Hacker: ** - These are employees of the organization
who are responsible for testing internal systems and networks. -
They assess internal infrastructure and application security
from an insider threat perspective.
3. **Red Team: ** - Red Team members mimic the tactics, techniques,
and procedures (TTP) of real attackers to test the organization's
defenses. - They perform extensive penetration testing and
simulate real cyber attacks to identify vulnerabilities.
4. **Bug Hunters: ** - Bounty hunters are independent
security researchers who look for vulnerabilities in software and
systems. - They report their findings to organizations for money through
bug programs.
Contributions to Cyber Security:
1. **Vulnerability detection: ** - Ethical hackers help
organizations identify and fix vulnerabilities before malicious
hackers can exploit them.
2. **Preventing data breaches: ** - By identifying and fixing vulnerabilities, ethical
hackers
help prevent data breaches and protect
sensitive information.
3. **Improve Security: ** - Ethical hackers help
organizations improve their overall cyber security
by identifying gaps in security controls and recommending improvements.
4. **Awareness: ** - Ethical hackers raise awareness of cyber security
threats and help organizations understand the importance of proactive
security measures. 5. **Compliance and Regulations: ** - Ethical hacking helps
organizations comply with cybersecurity standards and regulations
keep their IT infrastructure secure.
In short, ethical hackers play a key role
in protecting organizations from cyber threats by identifying vulnerabilities,
improving security measures and preventing attacks. cyber attack
Their efforts help improve the overall cybersecurity of organizations
and protect sensitive data from unauthorized access and
exploitation.
2) Distinguish between various types of hacking
with examples.
Different types of hacking with examples:
1. White hat hacking: Hackers, also known as ethical hackers, use their
skills to find security holes and strengthen security systems
.
Example: Penetration testing A company hires hackers to
perform penetration tests on its network to identify and
patch security holes before malicious hackers can
exploit them.
2. Black Hat Hacking: A black hat hacker is an individual who breaks
into computer systems maliciously, often for personal gain
, theft or damage.
Example: Malware attack A black hat hacker creates and
distributes a ransomware virus that encrypts the victim's files
and demands payment for the decryption key.
3. Gray hat hacker: Gray hat hackers operate somewhere between white hat
and black hat hackers, sometimes breaking the law or
ethical standards, but without malice.
Example: Unauthorized access to a report A hacker gained
unauthorized access to a company's database to find security holes
. Instead of exploiting security holes, they
report problems to the company and offer to fix them
for a fee.
4. Hacktivism: Hacktivism is hacking with a political or social purpose
where the hacker aims to promote a particular cause or
ideology.
Example: Defacement of a website A group of attackers attacks a
government website and defaces it with messages or images
to oppose government policy.
5. Phishing: Phishing tricks people into giving
sensitive information such as usernames, passwords and credit card information,
pretending to be a trusted entity.
Example: e-mails Ax sends an e-mail pretending
to be from a bank and asks the recipient to click on a link and provide
their login details. The link leads to a fake website whose
purpose is to collect user data.
6. Social engineering: Social engineering involves manipulating \people into
revealing confidential information or
committing data security breaches.
Example: Identity Theft A hacker calls a company employee
pretending to be an IT support technician and asks for their login details
to solve the problem. Staff believe
hackers are legitimate and will provide information. 7. Insider threats: Insider
threats involve
individuals within an organization who take advantage of their access and privileges
to steal data or cause harm.
Example: data theft.
A company employee with access to sensitive customer data
copies the data onto a USB stick and sells it to a
competitor.
3) Differentiate between internal and external cyber threats.
Internal and external cyber threats are two different types of
cyber security risks that organizations face. They differ as follows:
Insider threats:
1. Definition:
● Insider threats refer to security risks that originate
from within the organization, typically employees, contractors,
or business partners.

2. Motive:
● Insider threats can be intentional or unintentional.
● Intentional insider threats involve employees or
individuals with access to an organization's systems and
information that abuse their access for malicious purposes such as
hacking, system sabotage, or damage.
● Unintentional insider threats occur when employees
inadvertently compromise security, such as falling victim to
phishing attacks or accidentally disclosing sensitive
information.
3.
● Employees steal information, confidential information to sell
to competitors.
● Sensitive data of an employee who was a victim of a phishing message
was accidentally exposed.
● System or data sabotage by a disgruntled employee. 4. Challenge in
detection:
● Insider threats can be difficult to detect because the insider
often has legitimate access to systems and data.
● Controlling and detecting insider threats requires a combination of
technology, process and employee
awareness.
External Cyber Threats:
1. Definition:
● External Cyber Threats originate outside the organization
and are usually caused by.

5) Write the importance of encryption and digital signature in image security.

ANS:

security and integrity of images. They are important

for the following reasons :
The importance of encryption in image protection:
Data protection:
● Encryption helps protect the privacy of images by encrypting
the content so that only authorized parties
with the decrypted key can access the original image.
● This prevents unauthorized access to sensitive or private images
by ensuring that only selected recipients can see them.
Prevent unauthorized access:
● Encrypted images prevent unauthorized access even if
they are intercepted in transit or stored on unprotected
devices or servers.
● Encryption provides additional security, especially
for images containing sensitive or confidential information.
Compliance requirements:
● Image encryption helps organizations meet multiple
privacy regulations and industry standards such as
GDPR, HIPAA and PCI DSS that require the protection of
sensitive data, including images.
Secure transmission:
● Encrypted images can be sent securely over unsecured
networks such as the Internet without the risk of eavesdropping or
eavesdropping.
● Encryption ensures that images remain private and secure
when transferred between devices or over a network.
Importance of digital signatures in image security:
Ensuring integrity:
● digital signatures help ensure the integrity and authenticity of
images by providing an encryption mechanism that detects
unauthorized changes or tampering.
● A digital signature ensures that the image is not altered
after the sender has signed it.
Denial:
● Digital signatures provide non-repudiation, which means that the sender
cannot deny sending an image and the recipient cannot deny
receiving it.
● This helps build trust and accountability between the stakeholders
in the exchange of images.
Proof of origin:
● Digital signatures prove the origin of an image because they are
associated with the sender's identity through a digital certificate.
● Recipients can verify the authenticity of the image and
make sure it comes from a trusted source.
Legal admissibility:
● Digitally signed images are legally admissible as evidence in court proceedings
because they provide an infallible record
of the origin and integrity of the image.
● Digital signatures help ensure the
authenticity and integrity of images, making them suitable for use in legal, contractual or
regulatory applications.
Common Importance:
Total Security:
● By combining encryption and digital signatures, organizations can
ensure the full security of their image and
protect both confidentiality and integrity.
● Encrypted images remain private and secure during
transmission and storage, while digital signatures ensure their
authenticity and integrity.
Trust and Security:
● Encryption and digital signatures help build trust when
exchanging images, ensuring that images are protected from
unauthorized access, tampering or modification.
● Organizations and individuals can exchange images with the
confidence that they are safe, authentic, and have not been
modified or tampered with.

6) Explain the purpose and functionalities of IDS.

ANS:
Intrusion Detection System "IDS" is a critical part of
cyber security infrastructure designed to detect and respond to
unauthorized access, misuse and security breaches in a network
or system.
The primary purpose of IDS is to monitor network and system activity,
detect suspicious patterns or behavior, and alert system administrators
to potential security breaches.
Below is an explanation of the purpose and operation of IDS:
Purpose of IDS:
1. Threat Detection:
● The main purpose of IDS is to detect and detect security threats,
including unauthorized access and malware. infection and
insider attacks.
● and other suspicious activity on the network or system.
2. Incident Response:
● IDS helps organizations respond to information security incidents quickly
and effectively by providing real-time alerts and notifications
when suspicious activity is detected.
● It enables security teams to quickly investigate and mitigate
security breaches, minimizing the impact on the organization's
operations and data.
3. Policy implementation:
● IDS helps enforce security policies and compliance
by monitoring network and system operations to detect violations of policies, rules,
and established security regulations
.
4. Forensic Analysis:
● IDS captures and stores detailed information about security events
including the source, nature and impact of security events.
● This information is valuable for forensic analysis and helps organizations
understand the root causes of security breaches, identify
vulnerabilities and improve their security posture.
IDS Features:
Monitoring and Analysis:
● IDS continuously monitors network and system activity
by analyzing traffic, logs, and event data to detect suspicious
patterns, behavior, or anomalies.
Signature-based detection:
● IDS uses predefined signatures, patterns, or rules to detect
known threats and attack patterns.
● Signature-based detection compares network traffic, system logs,
and file activity against a database of known signatures to
detect malicious activity.
Anomaly-based detection:
● IDS uses anomaly detection techniques to detect unusual or
suspicious behavior that deviates from a normal pattern.
● Anomaly detection uses machine learning, statistical \analysis, and behavioral
profiling to identify new or zero-day \attacks.
Real-time alerts:
● IDS generates real-time alerts and notifications when suspicious
activities or security events are detected.
● An alert is sent to a system administrator or security analyst containing
information about the nature of the threat, its severity, and
recommended actions to counter and mitigate it.
Logging and Reporting:
● IDS logs detailed information about security events,
including timestamp, source IP address, destination IP address,
event type and severity.
● Recorded data is used for investigative analysis, incident
response and compliance reporting.
Response and Mitigation:
● IDS enables organizations to respond to security incidents
quickly and efficiently by providing automated or manual
countermeasures..

7) How can organizations effectively manage software

updates and patches to mitigate the security risks.
ANS:
critical for
organizations to minimize security risks and ensure the
security and integrity of their IT infrastructure.
Here are some best practices
to effectively manage software updates and patches:
1. Define a patch management policy:
● Develop a patch management policy. Comprehensive Patching
describes the processes, responsibilities, and schedule
for installing patches and software updates.
● Define criteria for prioritizing patches based on criticality,
criticality and potential impact on organizational security. 2. Centralized Patch
Management System:
● Deploy a centralized patch management system to automate the
deployment, tracking and reporting of software updates and
patches.
● Use patch management tools to streamline the process of identifying, testing, and
deploying patches
to your organization's IT infrastructure.
3. Regular vulnerability scanning:
● Perform regular vulnerability assessments and scanning to identify
security holes and vulnerabilities in software,
operating systems and network devices.
● Use automatic vulnerability scanning tools to detect missing
patches and outdated software versions.
4. Prioritize Critical Patches:
● Prioritize the deployment of critical patches and security updates
that address known vulnerabilities that are at high risk of exploitation.
● Patch critical vulnerabilities as soon as possible to reduce
the organization's exposure to cyber threats and attacks.
5. Test patches before deployment:
● Test patches in a controlled environment (such as a test lab or
production environment) before deploying them to a
production system.
● Ensure that fixes do not cause compatibility issues,
performance issues, or unintended consequences that could
disrupt business operations.
6. Automatic Patching:
● Automatically install software updates and patches to ensure fast and consistent
application of patches across your organization's IT infrastructure.
● Use automated management tools to schedule and
deploy patches outside of peak times to minimize business
disruptions. 7. Check patch compatibility:
● Check patch compatibility and make sure all systems, devices, and
applications are up to date with the latest patches and security updates
.
● Use patch management tools to create reports and dashboards that
provide information about patch status, compliance, and
potential security risks.
8. User education and awareness:
● Educate employees about the importance of software updates and \facilities to
maintain infrastructure security and integrity
at the organization's IT level.
● Be aware of the risks associated with using outdated software and the role of \
patch management in preventing cyber threats and
atacts.
9. Define a recovery plan:
● Develop a recovery plan to quickly revert to previous
software versions or configurations if a patch crashes or
fails.
● Test recovery processes to ensure efficiency and
fast decommissioning to minimize downtime and disruption.
10. Continuous Improvement:
● Review and continuously improve the organization's improvements
management processes, policies and procedures
based on lessons learned, best practices and emerging threats.
● Stay up to date with new vulnerabilities, patches and updates released by
software developers and security researchers.

8) Explain the importance of using strong passwords.

ANS:
 important to maintain the security and
integrity of online accounts, systems and data.
Here are some reasons that emphasize the use of strong
passwords:
1. Protect against unauthorized access:● Strong passwords are the first line of defense
against unauthorized access to accounts, systems and sensitive
data. .
● Strong passwords are difficult for attackers to guess or crack using
brute force, dictionary attacks, or other
password cracking techniques. 2. Account hijacking prevention:
● strong passwords prevent account hijacking and identity theft
by making it harder for attackers to gain
access to user accounts.
● Weak passwords are easy to guess or crack, allowing attackers to hack
accounts, steal personal information, or
commit fraud.
3. Protect personal and confidential information:
● Strong passwords protect personal and confidential
information stored in online accounts (such as financial
accounts, email and social media).
● Malicious accounts can result in loss of sensitive information,
financial loss, reputational damage and other adverse
consequences.
4. Follow security best practices.
● Using strong passwords is a security best practice
recommended by cybersecurity experts, organizations, and
regulators.
● Many security standards and regulations such as PCI DSS,
HIPAA and GDPR require the use of strong passwords to
protect sensitive data and ensure compliance with
data security requirements.
5. Avoid credential stuffing attacks. Strong passwords help prevent credential
stuffing attacks,
where attackers test automated tools. Usernames and
passwords for multiple accounts have been stolen.
● Using complex and unique passwords for each account makes it difficult for
attackers to
reuse compromised credentials
across platforms.
6. Protection against brute-force attacks:
● Strong passwords protect against brute-force attacks, where
an attacker systematically tries different combinations of characters
to guess the password.
● Strong passwords often contain a combination of upper and lower
letters, numbers and special characters, which makes them
harder to crack. 7. Enhanced data security for company systems:
● In a business environment, strong passwords help protect
company networks, systems and sensitive data from
unauthorized use and cyber attacks.
● Implementing strong password policies and meeting password
complexity requirements improves an organization's overall
security.
8. Protect Online Reputation:
● Strong passwords protect the online reputation and
reputation of individuals and organizations by preventing
unauthorized access to social media accounts, websites and
online profiles. of.