Introduction To Cyber Security & Ethical Hacking
Introduction To Cyber Security & Ethical Hacking
Hacking
Confidentiality:
Confidentiality is the assurance that the information is accessible only to authorized.
Confidentiality breaches may occur due to improper data handling or a hacking attempt.
Confidentiality controls include data classification, data encryption, and proper disposal of
equipment (such as DVDs, USB drives, etc.)
Integrity:
Integrity is the trustworthiness of data or resources in the prevention of improper and
unauthorized changes—the assurance that information is sufficiently accurate for its
purpose. Measures to maintain data integrity may include a checksum (a number produced
by a mathematical function to verify that a given block of data is not changed)and access
control (which ensures that only authorized people can update, add, or delete
data).
Elements of Information
Security
Availability
Availability is the assurance that the systems responsible for delivering, storing, and
processing information are accessible when required by authorized users. Measures to
maintain data availability can include disk arrays for redundant systems and clustered
machines, antivirus software to combat malware, and distributed denial-of-service(DDoS)
prevention systems.
Authenticity
Authenticity refers to the characteristic of communication, documents, or any data
that ensures the quality of being genuine or uncorrupted. The major role of
authentication is to confirm that a user is genuine. Controls such as biometrics,
smart cards, and digital certificates ensure the authenticity of data, transactions,
communications, and documents.
Security Challenges
Motives, Goals, and Objectives of
Information Security
Attacks
Active Attacks
Passive Attacks
Close-in Attacks
Classification of Attacks
Active Attacks
Active attacks tamper with the data in transit or disrupt
communication or services between the systems to bypass or break
into secured systems. Attackers launch attack son the target system or
network by sending traffic actively that can be detected. These attacks
are performed on the target network to exploit the information in
transit. They penetrate or infect the target’s internal network and gain
access to a remote system to compromise the internal network.
Examples of active attacks:
Denial-of-service (DoS) attack
Bypassing protection mechanisms
Malware attacks (such as
viruses, worms, ransomware)
Modification of information
Spoofing attacks
Replay attacks
Password-based attacks
Session hijacking
Man-in-the-Middle attack
DNS and ARP poisoning
Compromised-key attack
Examples of active attacks:
Passive attack:
Passive attacks involve intercepting and monitoring network traffic and
data flow on the target network and do not tamper with the data.
Attackers perform reconnaissance on network activities using sniffers.
These attacks are very difficult to detect as the attacker has no active
interaction with the target system or network. Passive attacks allow
attackers to capture the data or files being transmitted in the network
without the consent of the user. For example, an attacker can obtain
information such as unencrypted data in transit, clear-text credentials,
or other sensitive information that is useful in performing active attacks.
Examples of Passive attacks
Footprinting
Sniffing and eavesdropping
Network traffic analysis
Decryption of weakly encrypted traffic
Close-in Attacks
Close-in Attacks:
Close-in attacks are performed when the attacker is in close physical
proximity to the target system or network. The main goal of
performing this type of attack is to gather or modify the information or
disrupt its access. For example, an attacker might shoulder surf user
credentials. Attackers gain close proximity through the surreptitious
entry, open access, or both
Examples of close-in attacks:
Social engineering
Insider Attacks
Insider Attacks:
Insider attacks are performed by trusted persons who have physical access to the critical
assets of the target. An insider attack involves using privileged access to violate rules or
intentionally cause a threat to the organization’s information or information systems.
Insiders can easily bypass security rules, corrupt valuable resources, and access sensitive
information. They misuse the organization’s assets to directly affect information systems'
confidentiality,
integrity, and availability These attacks impact the
organization’s business operations, reputation, and profit. It is difficult to figure out an
insider attack
What is Hacking?
Hacking:
Hacking is the activity of identifying weaknesses in a computer system or a network
to exploit the security to gain access to personal data or business data. An example of
computer hacking can be: using a password-cracking algorithm to gain access to a
computer system.
Who is a Hacker?
Hacker:
A Hacker is a person who finds and exploits the weakness in computer systems
and/or networks to gain access. Hackers are usually skilled computer programmers
with knowledge of computer security.
Types of Hackers
Grey hat:
A hacker who is in between ethical and black hat hackers. He/she breaks into
computer systems without authority with a view to identify weaknesses and reveal
them to the system owner
Types of Hackers
Suicide Hackers:
Suicide hackers are individuals who aim to bring down critical infrastructure for a “cause” and are not
worried about facing jail terms or any other kind of punishment. Suicide hackers are similar to suicide
bombers who sacrifice their life for an attack and are thus not concerned with the consequences of their
actions.
Script kiddies:
A non-skilled person who gains access to computer systems using already-made tools
Script kiddies are unskilled hackers who compromise systems by running scripts, tools, and
software developed by real hackers. They usually focus on the quantity, rather than the quality,
of the attacks that they initiate. They do not have a specific target or goal in performing the
attack and simply aim to gain popularity or
prove their technical skills.
Types of Hackers
Cyber Terrorists:
Cyber terrorists are individuals with a wide range of skills who are motivated by religious or
political beliefs to create the fear of large-scale disruption of computer networks.
Hacktivist:
Hacktivism is a form of activism in which hackers break into government or corporate computer
systems as an act of protest. Hacktivists use hacking to increase awareness of their social or
political agendas, as well as to boost their own reputations both online and offline arenas. They
promote a political agenda especially by using hacking to deface or disable websites. In some
incidents, hacktivists may also obtain and reveal confidential information to the public. Common
hacktivist targets include government agencies, financial institutions, multinational corporations,
and any other entity that they perceive as a threat. Irrespective of hacktivists’ intentions, gaining
unauthorized access is a crime
Types of Hackers
State-Sponsored Hackers:
State-sponsored hackers are skilled individuals having expertise in hacking and are employed by the government to
penetrate, gain top-secret information from, and damage the information systems of other governments or military
organizations. The main aim of the threat actors is to detect vulnerabilities and exploit a nation’s infrastructure and
gather intelligence or sensitive information
industrial Spies:
Industrial Spies: Industrial spies are individuals who perform corporate espionage by illegally spying
on competitor organizations. They focus on stealing critical information such as blueprints, formulas,
product designs, and trade secrets. These threat actors use advanced persistent threats (APTs) to
penetrate a network and can also stay undetected for years. In some cases, they may use social
engineering techniques to steal sensitive
information such as development plans and marketing strategies of the target company, which can result
in financial loss to that company.
Types of Hackers
Insiders:
An insider is any employee (trusted person) who has access to critical assets of an
organization. An insider threat involves the use of privileged access to violate rules or
intentionally cause harm to the organization’s information or information systems.
Insiders can easily bypass security rules, corrupt valuable resources, and access
sensitive information. Generally, insider threats arise from disgruntled employees,
terminated employees, and undertrained staff members.
Types of Hackers
Criminal Syndicates:
Criminal syndicates are groups of individuals or communities that are involved in
organized, planned, and prolonged criminal activities. They exploit victims from
distinct jurisdictions on the Internet, making them difficult to locate. The main aim of
these threat actors is to illegally embezzle money by performing sophisticated cyber-
attacks and money-laundering activities.
Hacking Phases
Reconnaissance Types:
Active reconnaissance:
directly interacting with the target to gather information about the target. Eg Using
the Nmap tool to scan the target
Passive reconnaissance:
Passive reconnaissance is an attempt to gain information about targeted
computers and networks without actively engaging with the systems. In active
reconnaissance, in contrast, the attacker engages with the target system, typically
conducting a port scan to find any open ports.
Hacking Phases
Scanning:
Three types of scanning are involved:
• Port scanning: This phase involves scanning the target for information like
open ports, Live systems, and various services running on the host.
• Vulnerability Scanning: Checking the target for weaknesses or
vulnerabilities which can be exploited. Usually done with help of automated tools
Gaining Access:
This phase is where an attacker breaks into the system/network using various tools or methods. After entering
into a system, he has to increase his privilege to the administrator level so he can install an application he
needs or modify data or hide data.
Maintaining Access:
Hacker may just hack the system to show it was vulnerable or they can be so mischievous that he wants to
maintain or persist the connection in the background without the knowledge of the user. This can be done
using Trojans, Rootkits o,r other malicious files. The aim is to maintain success in the target until he finishes
the tasks he planned to accomplish in that target.
Clearing Track:
No thief wants to get caught. An intelligent hacker always clears all evidence so that at a later point in time, no
one will find any traces leading to him. This involves modifying/corrupting/deleting the values of Logs,
modifying registry values and uninstalling all applications he used, and deleting all folders he created.
What is Hacking?