Introduction To Cyber Security & Ethical

Hacking

WHAT IS INFORMATION SECURITY

INFORMATION SECURITY IS “THE STATE OF THE WELL-BEING OF INFORMATION
AND INFRASTRUCTURE IN WHICH THE POSSIBILITY OF THEFT, TAMPERING, OR
DISRUPTION OF INFORMATION AND SERVICES IS KEPT LOW OR TOLERABLE.
"INFORMATION SECURITY REFERS TO THE PROTECTION OR SAFEGUARDING OF
INFORMATION AND INFORMATION SYSTEMS THAT USE, STORE, AND TRANSMIT
INFORMATION FROM UNAUTHORIZED ACCESS, DISCLOSURE, ALTERATION, AND
DESTRUCTION.
Elements of Information
Security
Elements of Information
Security

Confidentiality:
Confidentiality is the assurance that the information is accessible only to authorized.
Confidentiality breaches may occur due to improper data handling or a hacking attempt.
Confidentiality controls include data classification, data encryption, and proper disposal of
equipment (such as DVDs, USB drives, etc.)
Integrity:
Integrity is the trustworthiness of data or resources in the prevention of improper and
unauthorized changes—the assurance that information is sufficiently accurate for its
purpose. Measures to maintain data integrity may include a checksum (a number produced
by a mathematical function to verify that a given block of data is not changed)and access
control (which ensures that only authorized people can update, add, or delete
data).
Elements of Information
Security
Availability
Availability is the assurance that the systems responsible for delivering, storing, and
processing information are accessible when required by authorized users. Measures to
maintain data availability can include disk arrays for redundant systems and clustered
machines, antivirus software to combat malware, and distributed denial-of-service(DDoS)
prevention systems.
Authenticity
Authenticity refers to the characteristic of communication, documents, or any data
that ensures the quality of being genuine or uncorrupted. The major role of
authentication is to confirm that a user is genuine. Controls such as biometrics,
smart cards, and digital certificates ensure the authenticity of data, transactions,
communications, and documents.
Security Challenges
Motives, Goals, and Objectives of
Information Security
Attacks

Attacks = Motive (Goal) + Method +

Vulnerability
Classification of Attacks

Active Attacks
Passive Attacks
Close-in Attacks
Classification of Attacks

Active Attacks
Active attacks tamper with the data in transit or disrupt
communication or services between the systems to bypass or break
into secured systems. Attackers launch attack son the target system or
network by sending traffic actively that can be detected. These attacks
are performed on the target network to exploit the information in
transit. They penetrate or infect the target’s internal network and gain
access to a remote system to compromise the internal network.
Examples of active attacks:
 Denial-of-service (DoS) attack
 Bypassing protection mechanisms
 Malware attacks (such as
viruses, worms, ransomware)
 Modification of information
 Spoofing attacks
 Replay attacks
 Password-based attacks
 Session hijacking
 Man-in-the-Middle attack
 DNS and ARP poisoning
 Compromised-key attack
Examples of active attacks:

 Firewall and IDS attack

 Profiling
 Arbitrary code execution
 Privilege escalation
 Backdoor access
 Cryptography attacks
 SQL injection
 XSS attacks
 Directory traversal attacks
 Exploitation of application and
OS software
Passive Attacks

Passive attack:
Passive attacks involve intercepting and monitoring network traffic and
data flow on the target network and do not tamper with the data.
Attackers perform reconnaissance on network activities using sniffers.
These attacks are very difficult to detect as the attacker has no active
interaction with the target system or network. Passive attacks allow
attackers to capture the data or files being transmitted in the network
without the consent of the user. For example, an attacker can obtain
information such as unencrypted data in transit, clear-text credentials,
or other sensitive information that is useful in performing active attacks.
Examples of Passive attacks

 Footprinting
 Sniffing and eavesdropping
 Network traffic analysis
 Decryption of weakly encrypted traffic
Close-in Attacks

Close-in Attacks:
Close-in attacks are performed when the attacker is in close physical
proximity to the target system or network. The main goal of
performing this type of attack is to gather or modify the information or
disrupt its access. For example, an attacker might shoulder surf user
credentials. Attackers gain close proximity through the surreptitious
entry, open access, or both
Examples of close-in attacks:
 Social engineering
Insider Attacks

Insider Attacks:
Insider attacks are performed by trusted persons who have physical access to the critical
assets of the target. An insider attack involves using privileged access to violate rules or
intentionally cause a threat to the organization’s information or information systems.
Insiders can easily bypass security rules, corrupt valuable resources, and access sensitive
information. They misuse the organization’s assets to directly affect information systems'
confidentiality,
integrity, and availability These attacks impact the
organization’s business operations, reputation, and profit. It is difficult to figure out an
insider attack
What is Hacking?

Hacking:
Hacking is the activity of identifying weaknesses in a computer system or a network
to exploit the security to gain access to personal data or business data. An example of
computer hacking can be: using a password-cracking algorithm to gain access to a
computer system.
Who is a Hacker?

Hacker:
A Hacker is a person who finds and exploits the weakness in computer systems
and/or networks to gain access. Hackers are usually skilled computer programmers
with knowledge of computer security.
Types of Hackers

White hat Hackers:

A security hacker who gains access to systems with a view to fix the identified
weaknesses. They may also perform penetration Testing and vulnerability
assessments .
Types of Hackers

Cracker (Black hat):

A hacker who gains unauthorized access to computer systems for personal gain. The
intent is usually to steal corporate data, violate privacy rights, transfer funds from
bank accounts, etc.

Grey hat:
A hacker who is in between ethical and black hat hackers. He/she breaks into
computer systems without authority with a view to identify weaknesses and reveal
them to the system owner
Types of Hackers

Suicide Hackers:
Suicide hackers are individuals who aim to bring down critical infrastructure for a “cause” and are not
worried about facing jail terms or any other kind of punishment. Suicide hackers are similar to suicide
bombers who sacrifice their life for an attack and are thus not concerned with the consequences of their
actions.

Script kiddies:
A non-skilled person who gains access to computer systems using already-made tools
Script kiddies are unskilled hackers who compromise systems by running scripts, tools, and
software developed by real hackers. They usually focus on the quantity, rather than the quality,
of the attacks that they initiate. They do not have a specific target or goal in performing the
attack and simply aim to gain popularity or
prove their technical skills.
Types of Hackers

Cyber Terrorists:
Cyber terrorists are individuals with a wide range of skills who are motivated by religious or
political beliefs to create the fear of large-scale disruption of computer networks.

Hacktivist:
Hacktivism is a form of activism in which hackers break into government or corporate computer
systems as an act of protest. Hacktivists use hacking to increase awareness of their social or
political agendas, as well as to boost their own reputations both online and offline arenas. They
promote a political agenda especially by using hacking to deface or disable websites. In some
incidents, hacktivists may also obtain and reveal confidential information to the public. Common
hacktivist targets include government agencies, financial institutions, multinational corporations,
and any other entity that they perceive as a threat. Irrespective of hacktivists’ intentions, gaining
unauthorized access is a crime
Types of Hackers

State-Sponsored Hackers:
State-sponsored hackers are skilled individuals having expertise in hacking and are employed by the government to
penetrate, gain top-secret information from, and damage the information systems of other governments or military
organizations. The main aim of the threat actors is to detect vulnerabilities and exploit a nation’s infrastructure and
gather intelligence or sensitive information

industrial Spies:
Industrial Spies: Industrial spies are individuals who perform corporate espionage by illegally spying
on competitor organizations. They focus on stealing critical information such as blueprints, formulas,
product designs, and trade secrets. These threat actors use advanced persistent threats (APTs) to
penetrate a network and can also stay undetected for years. In some cases, they may use social
engineering techniques to steal sensitive
information such as development plans and marketing strategies of the target company, which can result
in financial loss to that company.
Types of Hackers

Insiders:
An insider is any employee (trusted person) who has access to critical assets of an
organization. An insider threat involves the use of privileged access to violate rules or
intentionally cause harm to the organization’s information or information systems.
Insiders can easily bypass security rules, corrupt valuable resources, and access
sensitive information. Generally, insider threats arise from disgruntled employees,
terminated employees, and undertrained staff members.
Types of Hackers

Criminal Syndicates:
Criminal syndicates are groups of individuals or communities that are involved in
organized, planned, and prolonged criminal activities. They exploit victims from
distinct jurisdictions on the Internet, making them difficult to locate. The main aim of
these threat actors is to illegally embezzle money by performing sophisticated cyber-
attacks and money-laundering activities.
Hacking Phases

In general, there are five phases of hacking:

 Reconnaissance
 Scanning
 Gaining Access
 Maintaining Access
 Clearing Tracks
Hacking Phases

Reconnaissance Types:
Active reconnaissance:
directly interacting with the target to gather information about the target. Eg Using
the Nmap tool to scan the target

Passive reconnaissance:
Passive reconnaissance is an attempt to gain information about targeted
computers and networks without actively engaging with the systems. In active
reconnaissance, in contrast, the attacker engages with the target system, typically
conducting a port scan to find any open ports.
Hacking Phases

Scanning:
Three types of scanning are involved:
• Port scanning: This phase involves scanning the target for information like
open ports, Live systems, and various services running on the host.
• Vulnerability Scanning: Checking the target for weaknesses or
vulnerabilities which can be exploited. Usually done with help of automated tools

• Network Mapping: Finding the topology of the network, routers,

firewalls servers if any, and host information and drawing a network diagram with
the available information. This map may serve as a valuable piece of information
throughout the haking process.
Hacking Phases

Gaining Access:
This phase is where an attacker breaks into the system/network using various tools or methods. After entering
into a system, he has to increase his privilege to the administrator level so he can install an application he
needs or modify data or hide data.

Maintaining Access:
Hacker may just hack the system to show it was vulnerable or they can be so mischievous that he wants to
maintain or persist the connection in the background without the knowledge of the user. This can be done
using Trojans, Rootkits o,r other malicious files. The aim is to maintain success in the target until he finishes
the tasks he planned to accomplish in that target.

Clearing Track:
No thief wants to get caught. An intelligent hacker always clears all evidence so that at a later point in time, no
one will find any traces leading to him. This involves modifying/corrupting/deleting the values of Logs,
modifying registry values and uninstalling all applications he used, and deleting all folders he created.
What is Hacking?

Hacking is the process of identifying and exploiting weaknesses in a system or a

network to gain unauthorized access to data and system resources. It can also be
defined as an unauthorized intrusion into the information systems/networks by an
attacker by compromising security. Example of Hacking: Exploiting the weakness of
default passwords to gain access to the data stored inside the system.
What is Ethical Hacking?

Ethical Hacking sometimes called penetration Testing is an act of

intruding/penetrating into systems or networks to find out threats, and vulnerabilities
in those systems that a malicious attacker may find and exploit causing loss of data,
financial loss or other major damages. The purpose of ethical hacking is to improve
the security of the network or systems by fixing the vulnerabilities found during
testing. Ethical hackers may use the same methods and tools used by malicious
hackers but with the permission of the authorized person for the purpose of
improving security and defending the systems from attacks by malicious users.
Ethical hackers are expected to report all the vulnerabilities and weaknesses found
during the process to the management.
Who is an Ethical Hacker?

An ethical Hacker is a skilled professional who has excellent technical knowledge

and skills and knows how to identify and exploit vulnerabilities in target systems. He
works with the permission of the owners of the systems. An ethical Hacker must
comply with the rules of the target organization or owner and the law of the land and
their aim is to assess the security posture of a target organization/system.