DIGITAL REGENESYS: CYBER SECURITY MODULE 07

ETHICAL HACKING:
(Source: https://www.synopsys.com)
Ethical hacking involves an authorized attempt to gain unauthorized access to a computer system, application, or data.
Carrying out an ethical hack involves duplicating strategies and actions of malicious attackers. This practice helps to
identify security vulnerabilities which can then be resolved before a malicious attacker has the opportunity to exploit
them.

Introduction to Ethical Hacking:

(Source: https://www.geeksforgeeks.org)
Ethical Hacking: To crack passwords or to steal data? No, it is much more than that.
Ethical hacking is to scan vulnerabilities and to find potential threats on a computer or network. An ethical hacker
finds the weak points or loopholes in a computer, web application or network and reports them to the organization.
So, let’s explore more about Ethical Hacking step-by-step.

What are the key concepts of ethical hacking?

(Source: https://www.synopsys.com)
Hacking experts follow four key protocol concepts:
 Stay legal:
Obtain proper approval before accessing and performing a security assessment.
 Define the scope:
Determine the scope of the assessment so that the ethical hacker’s work remains legal and within the organization’s
approved boundaries.
 Report vulnerabilities:
Notify the organization of all vulnerabilities discovered during the assessment. Provide remediation advice for
resolving these vulnerabilities.
 Respect data sensitivity:
Depending on the data sensitivity, ethical hackers may have to agree to a non-disclosure agreement, in addition to
other terms and conditions required by the assessed organization.

What is an ethical hacker?

(Source: https://www.synopsys.com)
Also known as “white hats,” ethical hackers are security experts that perform these security assessments. The proactive
work they do helps to improve an organization’s security posture. With prior approval from the organization or owner
of the IT asset, the mission of ethical hacking is opposite from malicious hacking.

Types of Hackers:
There are generally 10-types of Hackers, they are:
1. White Hat Hackers:
White hat hackers are the one who is authorized or the certified hackers who work for the government and
organizations by performing penetration testing and identifying loopholes in their cybersecurity. They also
ensure the protection from the malicious cyber-crimes. They work under the rules and regulations provided by
the government, that’s why they are called Ethical hackers or Cybersecurity experts.

2. Black Hat Hackers:

They are often called Crackers. Black Hat Hackers can gain the unauthorized access of your system and destroy
your vital data. The method of attacking they use common hacking practices they have learned earlier. They are
considered to be as criminals and can be easily identified because of their malicious actions.

3. Grey Hat Hackers:

Grey hat hackers’ fall somewhere in the category between white hat and black hat hackers. They are not legally
authorized hackers. They work with both good and bad intentions; they can use their skills for personal gain. It
all depends upon the hacker. If a grey hat hacker uses his skill for his personal gains, he/she is considered as
black hat hackers.
 DIGITAL REGENESYS: CYBER SECURITY MODULE 07

4. Script Kiddies:
They are the most dangerous people in terms of hackers. A Script kiddie is an unskilled person who uses scripts
or downloads tools available for hacking provided by other hackers. They attempt to attack computer systems
and networks and deface websites. Their main purpose is to impress their friends and society. Generally, Script
Kiddies are juveniles who are unskilled about hacking.

5. Green Hat Hackers:

They are also amateurs in the world of hacking but they are bit different from script kiddies. They care about
hacking and strive to become full-blown hackers. They are inspired by the hackers and ask them few questions
about. While hackers are answering their question they will listen to its novelty.

6. Blue Hat Hackers:

They are much like the white hat hackers; they work for companies for security testing of their software right
before the product launch. Blue hat hackers are outsourced by the company unlike white hat hackers which are
employed by the (part of the) company.

7. Red Hat Hackers:

They are also known as the eagle-eyed hackers. Like white hat hackers, red hat hackers also aims to halt the
black hat hackers. There is a major difference in the way they operate. They become ruthless while dealing with
malware actions of the black hat hackers. Red hat hacker will keep on attacking the hacker aggressively that the
hacker may know it as well have to replace the whole system.

8. State/Nation Sponsored Hackers:

State or Nation sponsored hackers are those who are appointed by the government to provide them
cybersecurity and to gain confidential information from other countries to stay at the top or to avoid any kind of
danger to the country. They are highly paid government workers.

9. Hacktivist:
These are also called the online versions of the activists. Hacktivist is a hacker or a group of anonymous
hackers who gain unauthorized access to government’s computer files and networks for further social or
political ends.

10. Malicious Insider or Whistle-blower:

A malicious insider or a whistle-blower could be an employee of a company or a government agency with a
grudge or a strategic employee who becomes aware of any illegal activities happening within the organization
and can blackmail the organization for his/her personal gain.

TYPES OF ETHICAL HACKING:

(Source: https://www.knowledgehut.com)
There are different ways in which a system can be hacked -
1. Computer Hacking or System Hacking:
This type of hacking includes illegally gaining access to individual systems or computers within a network. This
is often seen when the target is singular, or the purpose is to steal information from a network of computers. It is
the job of ethical hackers to try and get into the systems to identify the weak points.

2. Network Hacking or Wireless Network Hacking:

Wireless Hacking is the process of stealing, capturing, or monitoring the wireless packets within a particular
network. Once a hacker gets access to the wireless network, they can also access passwords, chat sessions, user
history, etc. Ethical Hackers use similar methods to breach the wireless network and find new and different ways
that Black Hat hackers can use.

3. Email Hacking:
In the digital world of the corporate sector, emails contain extremely sensitive data & information that hackers
may be interested in. Email hacking can include hacking into the network to get email passwords and gaining
unauthorized access to the email of an individual or employees of a business. This can expose an individual's
 DIGITAL REGENESYS: CYBER SECURITY MODULE 07

personal life or reveal sensitive data from business emails. A phishing attack (widespread) can also lead to users
compromising their personal information or data security.

4. Website Hacking or Web Application Hacking:

Unethical hackers might show interest in hacking websites or web servers as it can negatively affect a business.
This can lead to the website being down for extended periods (loss of business, exposure, and recognition), theft
of software and database, and even permanent damage. However, ethical hackers attempt to do this with
permission and then suggest how the cracks can be fixed.

5. Password Hacking:
Password hacking can be a part of computer or system hacking. Hackers utilize the data stored on the computer
and on the servers to access the passwords to any website, computer, email, accounts, etc., and then use that
information for malicious purposes. Ethical hackers use similar methods to do so and identify any security
measures that can be followed to prevent this.

PHASES OF ETHICAL HACKING:

(Source: https://www.knowledgehut.com)
There are five phases of ethical hacking to ensure that all the bases of cybersecurity are covered while ethical hackers
test an organization's network. These phases help in understanding the fundamentals of ethical hacking.
1. Reconnaissance:
This is the first phase of ethical hacking and is often known as the preparatory phase. In this phase, an ethical
hacker will gather sufficient information, create a plan, and prepare for the attack. Within reconnaissance, the first
phase is Dumpster Diving, where an ethical hacker hopes to find useful information such as old passwords,
databases of employees, clients, archived financial information, etc. The next step is footprinting, where the
hacker will collect the relevant and required information for the hacking process, such as security frameworks, IP
addresses, etc.

2. Scanning:
Scanning is the process of getting quick access to the outer level of the security framework of any network or
system. Once again, hackers look for relevant information in this phase. The first step is pre-attack scanning,
where information from reconnaissance is used to gather more information. The second step is sniffing or port
scanning, where a hacker uses tools like vulnerability scanners, port scanners, dialers, etc., to survey the network.
Lastly, information extraction is where information about the ports, physical machine, and system details is
gathered to prepare for the hacking attack.

3. Gaining Access:
Once all the relevant information is gathered, the next step for the hacker is to gain access to the network or the
system. Once this happens, the hacker gains access and complete control over the network details and individual
systems.

4. Maintaining Access:
After an ethical hacker gains access to the system, they will continue to maintain the attack to allow sufficient
time to gather the information required or complete the purpose of hacking. Additional attacks are also launched if
the hacker needs more time or wants to do more damage.

5. Covering Tracks:
Escaping the security personnel and the security framework built into the system is as important as gaining access.
This is done by following steps such as closing open ports, deleting the log files, clearing all cookies, etc. This
ensures that the hacking attempt cannot be tracked to the hacker.
 DIGITAL REGENESYS: CYBER SECURITY MODULE 07

ROLES AND RESPONSIBILITIES OF ETHICAL HACKER:

(Source: https://intellipaat.com)
The roles and responsibilities of an ethical hacker include -
 Meeting with your client to go through the security systems currently put in place
 Verifying the organization’s system, network topology, and vulnerable entry points
 Performing penetration testing on the system(s)
 Identifying and documenting security flaws and vulnerabilities
 Testing the level of security in the network
 Finding out the best security solutions
 Creating penetration test reports
 Performing penetration testing after the implementation of suggested or new security features
 Finding out alternatives to security features, which are not working

SKILLS REQUIRED TO BE AN ETHICAL HACKER:

(Source: (Source: https://www.knowledgehut.com)
Some of the common skills that are required to become an ethical hacker include -

 Programming Knowledge that is required while working in the field of network security.
 Scripting knowledge to identify and deal with attacks.
 Network skills, as most malicious hacking attacks are aimed at the network. Proper knowledge of computer
networking is required to help find the flaws in the system.
 Basic knowledge of operating systems such as Windows, Mac OS, Linux, etc.
 Up-to-date knowledge of new hacking methods, tools available, hacking patterns, etc.

A detailed introduction to ethical hacking can help you with the process of developing the required skill set.

HOW ARE ETHICAL HACKERS DIFFERENT THAN MALICIOUS HACKERS?

(Source: https://www.knowledgehut.com)

Ethical Hacker Malicious Hackers

In the case of ethical hackers, the intent is to help the
owner identify any cracks or issues in the security
system.
Ethical Hacking is legal as ethical hackers have the
proper permissions and approvals.
The organization or the owner employs white hack
hackers.
Malicious Hackers hack into systems with the intent to
cause harm. They tend to steal sensitive information,
hinder work operations, etc.
Malicious hackers do not have permission to hack into
the systems. They forcefully enter to cause harm. It is
illegal and a punishable offence.
Black hat hackers do so without consent.

How are ethical hackers different than malicious hackers?

(Source: https://www.synopsys.com)
Ethical hackers use their knowledge to secure and improve the technology of organizations. They provide an essential
service to these organizations by looking for vulnerabilities that can lead to a security breach.

An ethical hacker reports the identified vulnerabilities to the organization. Additionally, they provide remediation
advice. In many cases, with the organization’s consent, the ethical hacker performs a re-test to ensure the vulnerabilities
are fully resolved.

Malicious hackers intend to gain unauthorized access to a resource (the more sensitive the better) for financial gain or
personal recognition. Some malicious hackers deface websites or crash backend servers for fun, reputation damage, or
to cause financial loss. The methods used and vulnerabilities found remain unreported. They aren’t concerned with
improving the organizations security posture.
 DIGITAL REGENESYS: CYBER SECURITY MODULE 07

What Problems Does Hacking Identify?

(Source: https://www.knowledgehut.com)
Some of the common problems that ethical hacking solves are - it can identify pirated content on organization systems,
passwords that have been exposed, security levels that are not up to the mark, network protection settings that do not
provide enough security, etc.

Limitations of Ethical Hacking:

(Source: https://www.knowledgehut.com)
Some of the common limitations of ethical hacking include -
 The process of ethical hacking, if not done carefully, can damage the internal systems and files or even erase data.
 Even though ethical hackers are often made to sign contracts before they begin working, the information they see
during their work may be used for personal gain or malicious use.
 As ethical hackers will have access to the firm's systems and network, it can raise a question of employee privacy
and the privacy of client data.

Ethical Hacking Benefits:

(Source: https://www.knowledgehut.com)
Ethical hacking has benefits that help identify and curb any malicious attacks to steal data, cause issues for an individual
or a business, bring national security at risk, etc.
 Some of the most important benefits are -
 The creation of a secure network is the first step in ensuring low liability. Therefore, ethical hackers also help create
a safe network from security breaches.
 In terms of national security, ethical hacking plays a significant role. Intercepting information regarding digital
terrorist attacks, protecting data from malicious hackers, and defending the national systems from security breaches
are all some of the common ways in which ethical hacking is beneficial.
 Ethical hacking reinforces the digital structure of the concerned organization. It discerns and identifies the
underlying loopholes and ensures to take necessary measures to avoid compromises in security.

Ethical hacking also helps businesses establish trust with their customers. Reliability among customers helps them build
a loyal customer base. Security of the product or service and the user data help businesses flourish in their sector. Data
is one of the most critical assets of businesses, and it is their responsibility to ensure that it is safe and sound.

Conclusion:
You can start your Ethical Hacking career by taking a certification course and gaining relevant practical experience.
Understanding the fundamentals and getting theoretical knowledge are essential. However, practical experience will
help you understand the process better. Cyber security is an extremely important part of today's security framework.
With tons of sensitive data stored with third-party services, protecting that data has become a significant task.

INFORMATION SECURITY (INFOSEC):

(Source: https://www.imperva.com)
Information security (sometimes referred to as InfoSec) covers the tools and processes that organizations use to protect
information. This includes policy settings that prevent unauthorized people from accessing business or personal
information. InfoSec is a growing and evolving field that covers a wide range of fields, from network and infrastructure
security to testing and auditing.

Information security protects sensitive information from unauthorized activities, including inspection, modification,
recording, and any disruption or destruction. The goal is to ensure the safety and privacy of critical data such as customer
account details, financial data or intellectual property.

The consequences of security incidents include theft of private information, data tampering, and data deletion. Attacks
can disrupt work processes and damage a company’s reputation, and also have a tangible cost.
 DIGITAL REGENESYS: CYBER SECURITY MODULE 07

Organizations must allocate funds for security and ensure that they are ready to detect, respond to, and proactively
prevent, attacks such as phishing, malware, viruses, malicious insiders, and ransomware.

PRINCIPLES OF INFORMATION SECURITY:

(Source: https://www.imperva.com)
The basic tenets of information security are confidentiality, integrity and availability. Every element of the information
security program must be designed to implement one or more of these principles. Together they are called the CIA
Triad.
 Confidentiality
Confidentiality measures are designed to prevent unauthorized disclosure of information. The purpose of the
confidentiality principle is to keep personal information private and to ensure that it is visible and accessible only
to those individuals who own it or need it to perform their organizational functions.

 Integrity
Consistency includes protection against unauthorized changes (additions, deletions, alterations, etc.) to data. The
principle of integrity ensures that data is accurate and reliable and is not modified incorrectly, whether accidentally
or maliciously.

 Availability
Availability is the protection of a system’s ability to make software systems and data fully available when a user
needs it (or at a specified time). The purpose of availability is to make the technology infrastructure, the applications
and the data available when they are needed for an organizational process or for an organization’s customers.

Information Security vs. Cybersecurity:

(Source: https://www.imperva.com)
Information security differs from cybersecurity in both scope and purpose. The two terms are often used
interchangeably, but more accurately, cybersecurity is a subcategory of information security. Information security is a
broad field that covers many areas such as physical security, endpoint security, data encryption, and network security.
It is also closely related to information assurance, which protects information from threats such as natural disasters and
server failures.

Cybersecurity primarily addresses technology-related threats, with practices and tools that can prevent or mitigate them.
Another related category is data security, which focuses on protecting an organization’s data from accidental or
malicious exposure to unauthorized parties.

INFORMATION SECURITY POLICY:

(Source: https://www.imperva.com)
An Information Security Policy (ISP) is a set of rules that guide individuals when using IT assets. Companies can create
information security policies to ensure that employees and other users follow security protocols and procedures. Security
policies are intended to ensure that only authorized users can access sensitive systems and information.

Creating an effective security policy and taking steps to ensure compliance is an important step towards preventing and
mitigating security threats. To make your policy truly effective, update it frequently based on company changes, new
threats, conclusions drawn from previous breaches, and changes to security systems and tools.

Make your information security strategy practical and reasonable. To meet the needs and urgency of different
departments within the organization, it is necessary to deploy a system of exceptions, with an approval process, enabling
departments or individuals to deviate from the rules in specific circumstances.
 DIGITAL REGENESYS: CYBER SECURITY MODULE 07

TOP INFORMATION SECURITY THREATS:

(Source: https://www.imperva.com)
There are hundreds of categories of information security threats and millions of known threat vectors. Below we cover
some of the key threats that are a priority for security teams at modern enterprises.
 Unsecure or Poorly Secured Systems
The speed and technological development often leads to compromises in security measures. In other cases, systems
are developed without security in mind, and remain in operation at an organization as legacy systems. Organizations
must identify these poorly secured systems, and mitigate the threat by securing or patching them, decommissioning
them, or isolating them.

 Social Media Attacks

Many people have social media accounts, where they often unintentionally share a lot of information about
themselves. Attackers can launch attacks directly via social media, for example by spreading malware via social
media messages, or indirectly, by using information obtained from these sites to analyze user and
organizational vulnerabilities, and use them to design an attack.

 Social Engineering
Social engineering involves attackers sending emails and messages that trick users into performing actions that may
compromise their security or divulge private information. Attackers manipulate users using psychological triggers
like curiosity, urgency or fear.

Because the source of a social engineering message appears to be trusted, people are more likely to comply, for
example by clicking a link that installs malware on their device, or by providing personal information, credentials,
or financial details.

Organizations can mitigate social engineering by making users aware of its dangers and training them to identify
and avoid suspected social engineering messages. In addition, technological systems can be used to block social
engineering at its source, or prevent users from performing dangerous actions such as clicking on unknown links or
downloading unknown attachments.

 Malware on Endpoints
Organizational users work with a large variety of endpoint devices, including desktop computers, laptops, tablets,
and mobile phones, many of which are privately owned and not under the organization’s control, and all of which
connect regularly to the Internet.

A primary threat on all these endpoints is malware, which can be transmitted by a variety of means, can result in
compromise of the endpoint itself, and can also lead to privilege escalation to other organizational systems.
Traditional antivirus software is insufficient to block all modern forms of malware, and more advanced approaches
are developing to securing endpoints, such as endpoint detection and response (EDR).

 Lack of Encryption
Encryption processes encode data so that it can only be decoded by users with secret keys. It is very effective
in preventing data loss or corruption in case of equipment loss or theft, or in case organizational systems are
compromised by attackers.

Unfortunately, this measure is often overlooked due to its complexity and lack of legal obligations associated with
proper implementation. Organizations are increasingly adopting encryption, by purchasing storage devices or using
cloud services that support encryption, or using dedicated security tools.
 DIGITAL REGENESYS: CYBER SECURITY MODULE 07

 Security Misconfiguration
Modern organizations use a huge number of technological platforms and tools, in particular web applications,
databases, and Software as a Service (SaaS) applications, or Infrastructure as a Service (IaaS) from providers like
Amazon Web Services.

Enterprise grade platforms and cloud services have security features, but these must be configured by the
organization. Security misconfiguration due to negligence or human error can result in a security breach. Another
problem is “configuration drift”, where correct security configuration can quickly become out of date and make a
system vulnerable, unbeknownst to IT or security staff.

Organizations can mitigate security misconfiguration using technological platforms that continuously monitor
systems, identify configuration gaps, and alert or even automatically remediate configuration issues that make
systems vulnerable.

ACTIVE VS. PASSIVE ATTACKS:

(Source: https://www.imperva.com)
Information security is intended to protect organizations against malicious attacks. There are two primary types of
attacks: active and passive. Active attacks are considered more difficult to prevent, and the focus is on detecting,
mitigating and recovering from them. Passive attacks are easier to prevent with strong security measures.

Active Attack:
An active attack involves intercepting a communication or message and altering it for malicious effect. There are three
common variants of an active attacks:
 Interruption—the attacker interrupts the original communication and creates new, malicious messages,
pretending to be one of the communicating parties.
 Modification—the attacker uses existing communications, and either replays them to fool one of the
communicating parties, or modifies them to gain an advantage.
 Fabrication—creates fake, or synthetic, communications, typically with the aim of achieving denial of
service (DoS). This prevents users from accessing systems or performing normal operations.

Passive Attack:
In a passive attack, an attacker monitors, monitors a system and illicitly copies information without altering it. They
then use this information to disrupt networks or compromise target systems.

The attackers do not make any change to the communication or the target systems. This makes it more difficult to
detect. However, encryption can help prevent passive attacks because it obfuscates the data, making it more difficult
for attackers to make use of it.

Active Attacks Passive Attacks

Modify messages, communications or data
Poses a threat to the availability and integrity of
sensitive data
May result in damage to organizational systems.
Victims typically know about the attack
Main security focus is on detection and mitigation.
Do not make any change to data or systems
Poses a threat to the confidentiality of sensitive
data.
Does not directly cause damage to organizational
systems.
Victims typically do not know about the attack.
Main security focus is on prevention.

INFORMATION SECURITY CONTROLS:

(Source: https://reciprocity.com)
Information security controls are measures taken to reduce information security risks such as information
systems breaches, data theft, and unauthorized changes to digital information or systems. These security controls are
intended to help protect the availability, confidentiality, and integrity of data and networks, and are typically
implemented after an information security risk assessment.
 DIGITAL REGENESYS: CYBER SECURITY MODULE 07

Types of information security controls include security policies, procedures, plans, devices and software intended to
strengthen cybersecurity. There are three categories of information security controls:
 Preventive security controls, designed to prevent cyber security incidents
 Detective security controls, aimed at detecting a cyber security breach attempt (“event”) or successful breach
(“incident”) while it is in progress, and alerting cyber security personnel
 Corrective security controls, used after a cyber-security incident to help minimize data loss and damage to the
system or network, and restore critical business systems and processes as quickly as possible (“resilience”)

FORMS OF SECURITY CONTROLS:

(Source: https://reciprocity.com)
Security controls come in the form of:
 Access controls including restrictions on physical access such as security guards at building entrances, locks,
and perimeter fences
 Procedural controls such as security awareness education, security framework compliance training,
and incident response plans and procedures
 Technical controls such as multi-factor user authentication at login (login) and logical access controls, antivirus
software, firewalls
 Compliance controls such as privacy laws and cyber security frameworks and standards.

TYPES OF INFORMATION SECURITY CONTROL:

(Source: https://reciprocity.com)
Information security controls can be classified into three basic groups:
1. Preventive controls
As the name implies, preventive controls are designed to identify and address vulnerabilities within your
information systems before those weaknesses become a gateway for cyber threats. Through diligent risk
management practices, your team can identify potential weaknesses and take steps to fortify your systems. By
mitigating risks in advance, you can significantly reduce the likelihood of experiencing a cybersecurity incident.

2. Detective controls
Detective controls act as guardians, alerting you to potential breach attempts and ongoing data breaches. These
controls serve as early-warning systems, equipping your cybersecurity staff with timely information to take
immediate action. By detecting and responding to threats swiftly, you can limit the extent of the damage and
protect your valuable assets.

3. Corrective controls
Corrective controls enter the picture after an incident has happened. They exist to minimize damage, facilitate
recovery, and repair weaknesses so a similar attack doesn’t happen again. For example, robust backup mechanisms
are a corrective control because they let you restore compromised data. By employing effective backups, you can
mitigate data loss and expedite the restoration of your systems, reducing downtime and restoring normal operations
promptly.

For the sake of easy implementation, information security controls can also be classified into several types of data
protection:
 Physical access controls. These controls include restrictions on physical access, (such as security guards at
building entrances), locks, closed-circuit security cameras, and perimeter fences.
 Cyber access controls. These are cybersecurity controls and policies such as up-to-date firewalls, password
policies, and software applications that alert you to risks such as ransomware attacks and phishing.
 Procedural controls. These controls include security awareness education, security framework compliance
training, incident response plans, and other procedures to enhance network security.
 Technical controls. Increasingly common are controls such as multi-factor user authentication at login, to
assure internal control access on a need-to-know basis.
 DIGITAL REGENESYS: CYBER SECURITY MODULE 07

 Compliance controls. This means adherence to privacy laws, cybersecurity frameworks, and standards designed
to minimize security risks. These controls typically require an information security risk assessment and impose
information security requirements.

How to Place Security Controls?

(Source: https://reciprocity.com)
When implementing information security controls, you need to follow a six-step sequence to fortify your defenses
effectively.
1. Deter
Discourage potential intruders by displaying warning signs, employing security personnel, and using surveillance
cameras to create a perception of strong security.

2. Deny/prevent Access
Establish strict access permissions and robust authentication mechanisms such as multi-factor authentication and
strong passwords to prevent unauthorized entry.

3. Detect
Deploy detection mechanisms such as endpoint protection software, intrusion detection systems, and network
monitoring tools to identify potential risks and threats swiftly. Log detections for analysis and understanding.

4. Delay
Introduce measures that slow down risks or attacks, such as implementing “too many attempts” functionality for
password entries, increasing complexity, and reducing success rates.

5. Correct
Have a well-defined incident response plan to respond promptly to security breaches. Isolate affected systems,
collect evidence, and take appropriate remedial actions to mitigate the impact.

6. Recover
Establish robust backup and recovery procedures to restore systems quickly to a secure and operational state.
Regularly backup critical data, test restoration processes, and maintain backup generators for essential
infrastructure.

Working Remotely Demands Separate Countermeasures against Data Breaches:

(Source: https://reciprocity.com)
Many businesses sent a large percentage of employees to work from home in 2020 because of Covid, and a significant
number of employees still work remotely today.

With that in mind, it’s a good idea to review your remote IT infrastructure, as well as the use of mobile devices and
cloud-based web applications. For example, be sure to include your remote work IT environment when conducting
vulnerability scans on your IT systems and software configurations. (It’s easy to “forget” hardware that’s not right there
on campus, after all.)

Speaking of employees and emerging risks, also remember this: As your business grows and your IT structure becomes
more sophisticated, train employees to stay current with your organizations risk profile. Do so by conducting periodic
security awareness training for everyone and scheduling regular inspections of whether your established security
controls have kept up with the threat landscape.
 DIGITAL REGENESYS: CYBER SECURITY MODULE 07

8 Best Practices for Security Controls:

(Source: https://reciprocity.com)
Here’s a quick rundown of Information security controls best practices you can use to enhance your cybersecurity
posture, mitigate risks associated with modern cyber threats, and safeguard security control families.
1. Keep strong passwords. Implement stringent password policies, including unique passwords for each user, a mix
of characters, and regular password expiration to prevent unauthorized access and data breaches.
2. Enact user access restrictions. Limit user access through access controls and permissions, following the principle
of least privilege to minimize the potential for unauthorized access, malware spread, and improve compliance and
audit processes.
3. Embrace patch management. Perform regular updates and patches to address vulnerabilities in operating systems
and third-party software, reducing the risk of cyber-attacks and improving system security and performance.
4. Use firewall protection. Employ firewalls to regulate incoming and outgoing network traffic, establishing a strong
barrier against unauthorized access and potential threats to your business.
5. Use VPN encryption. Use a virtual private network (VPN) to encrypt data and protect privacy when connecting
to public networks, assuring anonymity and safeguarding against potential hackers.
6. Use antivirus software. Install enterprise-grade antivirus and anti-malware software on all devices and systems
to detect and remove malicious threats automatically.
7. Encourage multi-factor authentication (MFA). Implement MFA to add an extra layer of security beyond
passwords, requiring additional verification factors like PINs, authenticator apps, or biometric data to assure secure
user authentication.
8. Schedule regular data backup. Back up important files, including sensitive information and cloud applications,
to protect against data loss due to compromise or unforeseen events, ensuring minimal disruption to operations.

PENETRATION TESTING:
(Source: https://www.synopsys.com)
A penetration test (pen test) is an authorized simulated attack performed on a computer system to evaluate its security.
Penetration testers use the same tools, techniques, and processes as attackers to find and demonstrate the business
impacts of weaknesses in a system. Penetration tests usually simulate a variety of attacks that could threaten a business.
They can examine whether a system is robust enough to withstand attacks from authenticated and unauthenticated
positions, as well as a range of system roles. With the right scope, a pen test can dive into any aspect of a system.

What is Penetration Testing?

(Source: https://www.imperva.com)
A penetration test, also known as a pen test, is a simulated cyber-attack against your computer system to check for
exploitable vulnerabilities. In the context of web application security, penetration testing is commonly used to augment
a web application firewall (WAF).

Pen testing can involve the attempted breaching of any number of application systems, (e.g., application protocol
interfaces (APIs), frontend/backend servers) to uncover vulnerabilities, such as unsanitized inputs that are susceptible
to code injection attacks.

Insights provided by the penetration test can be used to fine-tune your WAF security policies and patch detected
vulnerabilities.
 DIGITAL REGENESYS: CYBER SECURITY MODULE 07

Penetration Testing Stages:

(Source: https://www.imperva.com)
The pen testing process can be broken down into five stages.
1. Planning and reconnaissance:
The first stage involves:
 Defining the scope and goals of a test, including the systems to be addressed and the testing methods to be
used.
 Gathering intelligence (e.g., network and domain names, mail server) to better understand how a target works
and its potential vulnerabilities.

2. Scanning:
The next step is to understand how the target application will respond to various intrusion attempts. This is
typically done using:
 Static analysis – Inspecting an application’s code to estimate the way it behaves while running. These tools
can scan the entirety of the code in a single pass.
 Dynamic analysis – Inspecting an application’s code in a running state. This is a more practical way of
scanning, as it provides a real-time view into an application’s performance.

3. Gaining Access:
This stage uses web application attacks, such as cross-site scripting, SQL injection and backdoors, to uncover a
target’s vulnerabilities. Testers then try and exploit these vulnerabilities, typically by escalating privileges,
stealing data, intercepting traffic, etc., to understand the damage they can cause.

4. Maintaining Access:
The goal of this stage is to see if the vulnerability can be used to achieve a persistent presence in the exploited
system— long enough for a bad actor to gain in-depth access. The idea is to imitate advanced persistent threats,
which often remain in a system for months in order to steal an organization’s most sensitive data.

5. Analysis
The results of the penetration test are then compiled into a report detailing:
 Specific vulnerabilities that were exploited
 Sensitive data that was accessed
 The amount of time the pen tester was able to remain in the system undetected

This information is analyzed by security personnel to help configure an enterprise’s WAF settings and other
application security solutions to patch vulnerabilities and protect against future attacks.

PENETRATION TESTING METHODS:

(Source: https://www.imperva.com)
1. External Testing:
External penetration tests target the assets of a company that are visible on the internet, e.g., the web application
itself, the company website, and email and domain name servers (DNS). The goal is to gain access and extract
valuable data.

2. Internal Testing:
In an internal test, a tester with access to an application behind its firewall simulates an attack by a malicious
insider. This isn’t necessarily simulating a rogue employee. A common starting scenario can be an employee
whose credentials were stolen due to a phishing attack.
 DIGITAL REGENESYS: CYBER SECURITY MODULE 07

3. Blind Testing:
In a blind test, a tester is only given the name of the enterprise that’s being targeted. This gives security personnel
a real-time look into how an actual application assault would take place.

4. Double-blind Testing:
In a double blind test, security personnel have no prior knowledge of the simulated attack. As in the real world,
they won’t have any time to shore up their defenses before an attempted breach.

5. Targeted Testing:
In this scenario, both the tester and security personnel work together and keep each other appraised of their
movements. This is a valuable training exercise that provides a security team with real-time feedback from a
hacker’s point of view.

What are the benefits of penetration testing?

(Source: https://www.synopsys.com)
Ideally, software and systems were designed from the start with the aim of eliminating dangerous security flaws. A pen
test provides insight into how well that aim was achieved. Pen testing can help an organization
 Find weaknesses in systems
 Determine the robustness of controls
 Support compliance with data privacy and security regulations (e.g., PCI DSS, HIPAA, GDPR)
 Provide qualitative and quantitative examples of current security posture and budget priorities for management

How much access is given to pen testers?

(Source: https://www.synopsys.com)
Depending on the goals of a pen test, testers are given varying degrees of information about, or access to, the target
system. In some cases, the pen testing team takes one approach at the start and sticks with it. Other times, the testing
team evolves its strategy as its awareness of the system increases during the pen test. There are three levels of pen test
access.
 Opaque box. The team doesn’t know anything about the internal structure of the target system. It acts as hackers
would, probing for any externally exploitable weaknesses.
 Semi-opaque box. The team has some knowledge of one or more sets of credentials. It also knows about the
target’s internal data structures, code, and algorithms. Pen testers might construct test cases based on detailed
design documents, such as architectural diagrams of the target system.
 Transparent box. Pen testers have access to systems and system artifacts including source code, binaries,
containers, and sometimes even the servers running the system. This approach provides the highest level of
assurance in the smallest amount of time.

What are the phases of pen testing?

(Source: https://www.synopsys.com)
Pen testers simulate attacks by motivated adversaries. To do this, they typically follow a plan that includes the following
steps:
 Reconnaissance. Gather as much information about the target as possible from public and private sources to inform
the attack strategy. Sources include internet searches, domain registration information retrieval, social engineering,
nonintrusive network scanning, and sometimes even dumpster diving. This information helps pen testers map out
the target’s attack surface and possible vulnerabilities. Reconnaissance can vary with the scope and objectives of
the pen test; it can be as simple as making a phone call to walk through the functionality of a system.
 Scanning. Pen testers use tools to examine the target website or system for weaknesses, including open services,
application security issues, and open source vulnerabilities. Pen testers use a variety of tools based on what they
find during reconnaissance and during the test.
 Gaining access. Attacker motivations can include stealing, changing, or deleting data; moving funds; or simply
damaging a company’s reputation. To perform each test case, pen testers determine the best tools and techniques to
 DIGITAL REGENESYS: CYBER SECURITY MODULE 07

gain access to the system, whether through a weakness such as SQL injection or through malware, social
engineering, or something else.
 Maintaining access. Once pen testers gain access to the target, their simulated attack must stay connected long
enough to accomplish their goals of exfiltrating data, modifying it, or abusing functionality. It’s about demonstrating
the potential impact.

What are the types of pen testing?

(Source: https://www.synopsys.com)
A comprehensive approach to pen testing is essential for optimal risk management. This entails testing all the areas in
your environment.
 Web apps. Testers examine the effectiveness of security controls and look for hidden vulnerabilities, attack patterns,
and any other potential security gaps that can lead to a compromise of a web app.
 Mobile apps. Using both automated and extended manual testing, testers look for vulnerabilities in application
binaries running on the mobile device and the corresponding server-side functionality. Server-side vulnerabilities
include session management, cryptographic issues, authentication and authorization issues, and other common web
service vulnerabilities.
 Networks. This testing identifies common to critical security vulnerabilities in an external network and systems.
Experts employ a checklist that includes test cases for encrypted transport protocols, SSL certificate scoping issues,
use of administrative services, and more.
 Cloud. A cloud environment is significantly different than traditional on-premises environments. Typically, security
responsibilities are shared between the organization using the environment and the cloud services provider. Because
of this, cloud pen testing requires a set of specialized skills and experience to scrutinize the various aspects of the
cloud, such as configurations, APIs, various databases, encryption, storage, and security controls.
 Containers. Containers obtained from Docker often have vulnerabilities that can be exploited at scale.
Misconfiguration is also a common risk associated with containers and their environment. Both of these risks can
be uncovered with expert pen testing.
 Embedded devices (IoT). Embedded / Internet of Things (IoT) devices such as medical devices, automobiles, in-
home appliances, oil rig equipment, and watches have unique software testing requirements due to their longer life
cycles, remote locations, power constraints, regulatory requirements, and more. Experts perform a thorough
communication analysis along with a client/server analysis to identify defects that matter most to the relevant use
case.
 Mobile devices. Pen testers use both automated and manual analysis to find vulnerabilities in application binaries
running on the mobile device and the corresponding server-side functionality. Vulnerabilities in application binaries
can include authentication and authorization issues, client-side trust issues, misconfigured security controls, and
cross-platform development framework issues. Server-side vulnerabilities can include session management,
cryptographic issues, authentication and authorization issues, and other common web service vulnerabilities.
 APIs. Both automated and manual testing techniques are used to cover the OWASP API Security Top 10 list. Some
of the security risks and vulnerabilities testers look for include broken object level authorization, user authentication,
excessive data exposure, lack of resources / rate limiting, and more.
 CI/CD pipeline. Modern DevSecOps practices integrate automated and intelligent code scanning tools into the
CI/CD pipeline. In addition to static tools that find known vulnerabilities, automated pen testing tools can be
integrated into the CI/CD pipeline to mimic what a hacker can do to compromise the security of an application.
Automated CI/CD pen testing can discover hidden vulnerabilities and attack patterns that go undetected with static
code scanning.
 DIGITAL REGENESYS: CYBER SECURITY MODULE 07

What are the types of pen testing tools?

(Source: https://www.synopsys.com)
There is no one-size-fits-all tool for pen testing. Instead, different targets require different sets of tools for port scanning,
application scanning, Wi-Fi break-ins, or direct penetration of the network. Broadly speaking, the types of pen testing
tools fit into five categories.
 Reconnaissance tools for discovering network hosts and open ports
 Vulnerability scanners for discovering issues in-network services, web applications, and APIs
 Proxy tools such as specialized web proxies or generic man-in-the-middle proxies
 Exploitation tools to achieve system footholds or access to assets
 Post exploitation tools for interacting with systems, maintaining and expanding access, and achieving attack
objectives

How does pen testing differ from automated testing?

(Source: https://www.synopsys.com)
Although pen testing is mostly a manual effort, pen testers do use automated scanning and testing tools. But they also
go beyond the tools and use their knowledge of the latest attack techniques to provide more in-depth testing than a
vulnerability assessment (i.e., automated testing).
 Manual pen testing
Manual pen testing uncovers vulnerabilities and weaknesses not included in popular lists (e.g., OWASP Top 10)
and tests business logic that automated testing can overlook (e.g., data validation, integrity checks). A manual pen
test can also help identify false positives reported by automated testing. Because pen testers are experts who think
like adversaries, they can analyze data to target their attacks and test systems and websites in ways automated testing
solutions following a scripted routine cannot.

 Automated testing
Automated testing generates results faster and needs fewer specialized professionals than a fully manual pen testing
process. Automated testing tools track results automatically and can sometimes export them to a centralized
reporting platform. Also, the results of manual pen tests can vary from test to test, whereas running automated
testing repeatedly on the same system will produce the same results.

What are the pros and cons of pen testing?

(Source: https://www.synopsys.com)

With the frequency and severity of security breaches increasing year after year, organizations have never had a greater
need for visibility into how they can withstand attacks. Regulations such as PCI DSS and HIPAA mandate periodic pen
testing to remain current with their requirements. With these pressures in mind, here are some pros and cons for this
type of defect discovery technique.

Pros of pen testing

 Finds holes in upstream security assurance practices, such as automated tools, configuration and coding standards,
architecture analysis, and other lighter-weight vulnerability assessment activities
 Locates both known and unknown software flaws and security vulnerabilities, including small ones that by
themselves won’t raise much concern but could cause material harm as part of a complex attack pattern
 Can attack any system, mimicking how most malicious hackers would behave, simulating as close as possible a
real-world adversary

Cons of pen testing

 Is labour-intensive and costly
 Does not comprehensively prevent bugs and flaws from making their way into production
 DIGITAL REGENESYS: CYBER SECURITY MODULE 07

FOOTPRINTING AND RECONNAISSANCE:

(Source: https://www.itperfection.com)
Footprinting (also known as reconnaissance) commonly refers to one of the pre-attack phases; tasks performed before
doing the actual attack. In other words, footprinting is the first step in the evaluation of the security posture of the target
organization’s IT infrastructure. During this phase, a hacker can collect the following information −
 Domain name
 IP Addresses
 Namespaces
 Employee information
 Phone numbers
 E-mails
 Job Information
Footprinting can help hackers find a number of opportunities to penetrate and assess the target’s network. In order to
obtain such information, hackers might have to utilise various tools and technologies.

Some of the tools used for Footprinting are:

 Sam Spade: A set of powerful tools suitable for hacking. Read this article.
 Nslookup: This is a command line tool which installed on all operating systems to trace the IP address assigned
to a specific domain and vice versa.
 Traceroute: The tool ‘traces the route’ from your IP to the IP of the end host you specify. It is particularly useful
in identifying routers, firewalls and gateways which exists between you and your target.
 Nmap: this tool has been the de facto network scanning tool for many years. Of course it can do much more than
merely scan for live hosts but during the active footprinting phase that is all we want to do.

Also there are some technique used for footprinting:

 DNS queries
 Network enumeration
 World Wide Web spidering
 Network queries
 Port Scanning
 Operating system identification
 Point of contact queries
 Registrar queries (WHOIS queries)
 SNMP queries
 Organizational queries
 Ping sweeps
Also, Wireshark is used for footprinting.

TYPES OF FOOTPRINTING:
(Source: https://www.itperfection.com)
There are two types of footprinting that can be used:
 Active: This type is the process of using tools and techniques, such as performing a ping sweep or using the
traceroute command, to gather information on a target.
 Passive: This type is the process of gathering information on a target by innocuous, or, passive, means.

Some examples of ways to use active footprinting are:

 Performing traceroute analysis
 Gathering information through email tracking
 Performing Whois lookup
 Extracting DNS information
 DIGITAL REGENESYS: CYBER SECURITY MODULE 07

Some examples of ways to use passive footprinting are:

 Browsing the target’s website
 Monitoring target using alert services
 Visiting social media profiles of employees
 Collecting location information on the target through web services
 Searching for the website on WHOIS
 Finding Information through search engines
 Collecting information through social engineering on social networking sites.
 Gathering infrastructure details of the target organization through job sites
 Gathering financial information about the target through financial services

Active Footprinting can trigger a target’s Intrusion Detection System (IDS) and may be logged but passive Footprinting
is the stealthier method since it will not trigger a target’s IDS or otherwise alert the target of information being gathered.

Google Hacking:
(Source: https://www.itperfection.com)
Footprinting using advanced Google hacking techniques gather information by locating strings of text within search
results. In order to confine a search, Google offers advanced search operators. These search operators help to narrow
down the search query and get the most relevant and accurate output.

Hackers can create complex search engine queries in order to filter large amounts of search results to obtain information
related to computer security. Hackers locate specific strings of text within the search results to detect websites and web
servers that are vulnerable to exploitation, as well as locate private, sensitive information about others. Once a vulnerable
site is identified, attackers try to launch various possible attacks such as SQL injection or buffer overflows that
compromise information security.

Ethical Hacking & Footprinting:

(Source: https://www.itperfection.com)
Footprinting could also be a security solution. A security expert can use footprinting to identify network security
vulnerabilities. This is actually the concept of ethical hacking.

We know in footpring process, Information such as ip address, Whois records, DNS information, an operating system
used, employee email id, Phone numbers etc is collected. So, footprinting helps us to
 Know Security Posture: The data gathered will help us to get an overview of the security posture of the company
such as details about the presence of a firewall, security configurations of applications etc.
 Reduce Attack Area: Can identify a specific range of systems and concentrate on particular targets only.
 Identify vulnerabilities: we can build an information database containing the vulnerabilities, threats, loopholes
available in the system of the target organization.
 Draw Network map: helps to draw a network map of the networks in the target organization covering topology,
trusted routers, presence of server and other information.

How to Prevent Footprinting?

(Source: https://www.itperfection.com)
Footprinting is the first step to perform in pen testing process. The pen tester will discover potential security liabilities
that an attacker may exploit. Footprinting penetration testing helps organizations/businesses to:
 Prevent information leakage
 Reduce the chances of Social Engineering
 Prevent DNS record retrieval from public servers