ETHICAL HACKING AND CYBER SECURITY
Abstract:
?Hacking is basically expertise in any field. Hackers are classified as per working and as per knowledge. The ethical hackers come under white hat hackers. Ethical hackers use hacking techniques in order to provide security. They are legally authorized hackers. Various tools are used in order to carry out hacking. The most common hacking technique used is phishing. Since, there is a rapid growth in the number of attack, there is a need for people to learn ethical hacking concepts to secure themselves.
INTRODUCTION
Gaining access to a system that you are not supposed to have access is considered as hacking. For example: log into an e-mail account that is not supported to have access, gaining access to a remote computer that you are not support to have access, reading information that you are not supported too able to read is considered as hacking. There are a large number of ways to hack a system. In 1960, the first known event of hacking had taken place at MIT and at the same time, the term Hacker was organized.
Cyber Security is computer system or data. primarily about people, processes and technologies working together to encompass the full range of threat reducing, culmination reduction, deterrence, international engagement, incident response, resiliency, and recovery policies and activities, including computer network operations, information assurance, law enforcement, etc. Cyber security is the protection of internet – connected system, including hardware, software, and data from cyber-attacks. It is made up of two words one is cyber and other is security. Cyber is related to the technology which contains systems, network and programs or data. Whereas security related to the protection which includes systems security, network security and application and information security.
We live in security era, where we are securing all our belongings beneath different modes of lock browser it’s different within the case of system security. We are carelessly leaving our data’s and software’s unlocked. Thee sate of security on the web is dangerous and obtain to extend security protection by distinguishing and fix identified security on systems owned by different parties public, private and personal organizations migrate additional of their critical functions to the web, criminals have additional chance and incentive to achieve access to sensitive info through the online application.
So, ethical hacking is an assessment to check and test an information technology environment for possible weak links. Ethical Hacking describes the way of hacking a network in an ethical method, thus with good intentions. This paper describe about what ethical hacking is, what it will do, an ethical hacking methodology also as some tools which might be used for an ethical hacking and also this paper describes detail about the cyber security.
ETHICAL HACKING
Ethical hacking is also known as white hat hacking or Penetration Testing. Ethical hacking involves an authorized attempt to gain unauthorized access to a computer system and data. Ethical hacking is used to improve the security of the systems and networks by fixing the vulnerility found while testing. Ethical hacking involves an authorized attempt to gain unauthorized access to a computer system or data. Ethical hacking is used to improve the security of the systems and networks by fixing the vulnerability found while testing. Ethical hackers improves the security of an organization. Ethical hackers use the same tools, tricks and techniques that malicious hackers used, but with the permission of authorized person. The purpose of ethical hacking is to improve the security and to defend the systems from attacks by malicious users.
Independent computer security professionals breaking into the computer systems. Neither damage the target systems nor steal information. Evaluate target systems security and report back to owners about the vulnerabilities found.
TYPES OF HACKING
a. Network Hacking.
b. Website Hacking.
c. Computer Hacking.
d. Password Hacking.
e. E-mail Hacking
1. Network Hacking:
Network Hacking means gathering information about a network with the intent to harm the network system and hamper its operations using the various tools like Telnet, NS lookup, Ping, Tracert.
2. Website Hacking:
Website hacking means taking unauthorized access over a web server, database and make a change in the information.
3. Computer Hacking:
Computer hacking means unauthorized access to the Computer and steals the information from PC like Computer ID and password by applying methods.
4. Password Hacking:
Password hacking is the process of recovering secret passwords from data that has been already stored in the computer system.
5. Email Hacking:
Email hacking means unauthorized access on an Email account and using it without the owner’s permission.
HACKERS
· A person who enjoys learning details of a programming language or system.
· A person who enjoys actually doing the programming rather than the just theorizing about it.
· A person capable of appreciating someone else’s hacking.
· A person who picks up programming quickly.
· A person who is an expert at a particular programming language or system.
TYPES OF HACKERS
? White Hat Hackers.
? Black Hat Hackers.
? Grey Hat Hackers.
? Red Hat Hackers.
? Blue Hat Hackers.
? Elite Hackers.
? Neophyte
? Hacktiwist
1) White Hat Hackers:
White hat hackers are also called as Ethical Hackers. They never indent to harm a system rather they try to find out weakness in a computer or a network system as a part of penetration testing and vulnerability assessments.
Ethical Hacking is not illegal and it is one of the demanding jobs available in the IT industry. There are numerous companies that hire ethical hackers for penetration testing and vulnerability assessments.
2) Black Hat Hackers:
Black hat hackers are also called as Crackers, are those who hack in order to gain unauthorized access to a system and harm its operations or steal sensitive information.
Black hat hacking is always illegal because of its intent includes stealing corporate data violating privacy, damaging the system, blocking network communication, etc….,
3) Grey Hat Hackers:
Grey hat hackers are a blend of both black hat and white hat hackers. They act without malicious intent but for fun, they exploit a security weakness in a computer system or network without the owner’s permission or knowledge.
Their intent is to bring the weakness to the attention of the the owners and getting appreciation or a little bounty without from the owners
4) Red Hat Hackers:
Red hat hackers are again blended of both black and white hat hackers. They are usually on the level of hacking government agencies, top-secret information hubs, and generally anything that falls under the category of sensitive information.
5) Blue Hat Hacker:
A blue hat hacker is someone outside computer consulting firms who is used to bug-test a system prior to its launch. They look for loopholes that can be explained and try to close those gaps. Microsoft also used the term Blue Hat to represent a series of security briefing events.
6) Elite Hackers:
This is a social status among hackers which is used to describe the most skilled newly discovered exploits will circulate among those hackers.
7) Neophyte:
A neophyte “n00b” or “newbie” or “Green hat hacker” is someone who is new to hacking or phreaking and has almost no knowledge or experience of the workings of technology and hacking
8) Hacktiwist:
An activist is a hacker who utilizes technology to announce a social ideological, religious, or political message. In general, most activism involves website defacement or denial of – service attacks.
9) Script Kidde:
A script kindle is a non-expert who kindle is a non-expert who breaks into computer systems by using pre-packaged automated tools written by others, usually with understanding of the underlying concept hence the term Kidde
ADVANTAGES OF ETHICAL HACKING
v It helps to take preventive action against hackers.
v It helps to build a system which prevents any kinds of penetration by hackers.
v Ethical hacking offers security to banking and financial establishments.
v It helps to identify and close the holes in a computer system or network.
DISADVANTAGES OF ETHICAL HACKING
? This may corrupt the files of an organization.
? Ethical hackers might use information gained for malicious use. Hence trustful hackers are needed to have success in this system.
? Hiring such professionals will increase cost of the company.
? The technique can harm someone’s privacy.
? The system is illegal.
WHY DO WE NEED ETHICAL HACKING?
Ethical hacking has the privilege of gathering access to a company's network and information system. This automatically provides security to intellectual attacks and threats like viruses. Ethical hacking, as a result, ends up also testing the security levels of the programs and software.
NEED FOR ETHICAL HACKING
Ethical hacking these days is used as a common and favored process to analyze the security systems and programs of an organization. It runs parallel with security judgment, red teaming, intrusion testing, and vulnerability. Here are certain important points that will help you understand more about ethical hacking and its necessity.
- An ethical hacker usually tends to play the role of a security expert while hacking a computer system. They penetrate into systems in order to detect risks and illegal access of the same. They constantly have to face two hurdles – threat and vulnerability.
- Ethical hacking follows the guidelines of safe hacking for the efficient working of the system. This is a complex procedure hence an ethical hacker requires great skills in comparison to penetration testing.
- Ethical Hacking comes handy in corporate sectors and organizations, to fight against unlawful practices of breaching systems and to take precautionary actions on hackers.
- Dangerous software like Trojan horses, viruses and spam email causes disruption and disturbance in the system and storage space. Ethical hacking provides useful here as it helps to uncover these virus attacks against systems and in addition, lends high-level security.
- The main objective of ethical hacking is to promise safety in wireless infrastructure which constitutes most of the current business companies’ aims.
- Ethical hacking has the privilege of gathering access to a company’s network and information system. This automatically provides security to intellectual attacks and threats like viruses. Ethical hacking, as a result, ends up also testing the security levels of the programs and software
Importance of Ethical Hacking
The apparatus of hacking refers to the evolution of programs that are required for coding purposes, which in turn give way to more promising security coupled with better efficiency. On the other hand, excess and obsession of particular interest can lead to issues.
An organization that is hacked or assaulted by cyber criminals is going to lose business as their clients are going to lose confidence in them. On the off chance that the clients don’t feel that their data or individual subtle elements are totally protected, they are not going to buy items or administrations any longer. This can soften an organization up by simply a couple of weeks of the data being taken. Interference may be considerably all the more harming. While individual data that is put away may not be imparted out along these lines, the put away data might be lost alongside other imperative archives,
for example, receipts, payroll and organization records that are filed. It just takes one hack to wipe out a whole hard drive loaded with information.
The other explanation behind leading this sort of Ethical hacker break is to prepare the IT staff to recognize these shortcomings on their own and to stay up with the latest on the most recent security programming. At the point when there are representatives who can recognize these gaps in the security, then they might be get more efficient. The issue could be mitigated before it turns into an issue and no records are going to be lost or stolen. The engineering in computer frameworks and systems is continually propelling. More established frameworks must be fixed. Organizations need to stay updating by enlisting entrance testing organizations to lead moral hacking to guarantee that the system is protected and secured. Having staff that can additionally do this is a savvy decision for any organization that depends on a computer system for everyday business.
PHASES OF ETHICAL HACKING
There are 5 phases of Ethical Hacking,
1. Reconnaissance.
2. Scanning.
3. Gaining Access.
4. Marinating Access.
5. Clearing Tracks.
.1. Reconnaissance:
Information Gathering and getting to know the target systems is first process in ethical hacking. Reconnaissance is a set of processes and techniques (Footprint, Scanning and Enumeration) used to covertly discover and collect information about a target system.
During reconnaissance, an ethical hacker attempts to gather as much information about a target system as possible, following the 7 steps listed below ---
ü Gather initial information.
ü Determine the network range.
ü Identify active machines.
ü Discover open ports and access points.
ü Fingerprint the operating system.
ü Uncover services on ports.
ü Map the networks.
We will discuss in detail all these steps in the subsequent chapters of this tutorial. Reconnaissance takes place in two parts --- Active Reconnaissance and Passive Reconnaissance.
a) Active Reconnaissance:
In this process, you will directly interact with the computer system to gain information. This information can be relevant and accurate. But there is a risk of getting detected if you are planning active reconnaissance without permission. If you are ducted, then system admin can take serve action against you and trail your subsequent activities.
b) Passive Reconnaissance:
In this process, you will not be directly connected to a computer system. This process is used to gather essential information without ever interacting with the target system.
2. Scanning
Scanning is a set of procedures for identifying live hosts, ports and services, discovering Operating system and architecture of target system, identifying vulnerabilities and threats in the network. Network scanning is used to create a profile of the target organization.
Scanning refers to collecting more information using complex and aggressive reconnaissance techniques.
3. Gaining Access
The attacker would exploit a vulnerability to gain access to the target. This typically involves taking control of one or more network devices to extract data from the target or use that device to perform attacks on other targets.
Some of the examples of methods to gain access are:
v Abusing a username / password that was found.
v Exploring a known vulnerability.
v Breaking into weekly secured network.
v Sending malware to an employee via E-mail or a USB stick on the parking lot.
4. Marinating Access.
After having gained access the attacker will now need to maintain access long enough to gather as much data as possible or to enable himself to return at a later time. In order to maintaining access for a longer time, the attacker must remain stealthy to not get caught using the host environment.
Some examples of techniques used in this phase:
§ Privilege escalation
§ Installation of a backdoor or remote access Trojan.
§ Creating own credentials.
5. Clearing Tracks
In the final phase, the attacker will take steps necessary to hide the intrusions and any controls he may have left behind for future visits. Any changes that were made, installed Trojan, backdoors, escalated authorizations, etc. must return to a state in which the attacker’s presence can’t be recognized by the network’s administrators.
Some examples of covering trackers:
ü Remove logging
ü Exfiltration of data via DNS tunneling or steganography
ü Installation of rootkits.
WHAT DO HACKERS DO AFTER HACKING?
While your computer is connected to the Internet, the malware a hacker has installed on your PC quietly transmits your personal and financial information without your knowledge or consent. Or, a computer predator may pounce on the private information you unwittingly revealed. In either case, they will be able to:
- Hijack your usernames and passwords
- Steal your money and open credit card and bank accounts in your name
- Ruin your credit
- Request new account Personal Identification Numbers (PINs) or additional credit cards
- Make purchases
- Add themselves or an alias that they control as an authorized user so it’s easier to use your credit
- Obtain cash advances
- Use and abuse your Social Security number
- Sell your information to other parties who will use it for illicit or illegal purposes
Predators who stalk people while online can pose a serious physical threat. Using extreme caution when agreeing to meet an online “friend” or acquaintance in person is always the best way to keep safe.
How will I know if I've been hacked?
Check the accuracy of your personal accounts, credit cards, and documents. Are there unexplained transactions? Questionable or unauthorized changes? If so, dangerous malware installed by predators or hackers may already be lurking.
What can I do about computer hackers and predators?
When you arm yourself with information and resources, you’re wiser about computer security threats and less vulnerable to threat tactics. Hackers and predators pose equally serious and but very different threats.
Protect yourself while online
- Continually check the accuracy of personal accounts and deal with any discrepancies right away
- Use extreme caution when entering chat rooms or posting personal Web pages
- Limit the personal information you post on a personal Web pages
- Carefully monitor requests by online “friends” or acquaintances for predatory behavior
- Keep personal and financial information out of online conversations
- Use extreme caution when agreeing to meet an online “friend” or acquaintance in person
Security Tips to Prevent Hacking
- Use a 2-way firewall
- Update your operating system regularly
- Increase your browser security settings
- Avoid questionable Web sites
- Only download software from sites you trust. Carefully evaluate free software and file-sharing applications before downloading them.
Practice safe email and virus/malware protocols
- Don't open messages from unknown senders
- Immediately delete messages you suspect to be spam
- Make sure that you have the best security software products installed on your PC:
- Use antivirus protection
- Get antispyware software protection
Guard Yourself Against Dangerous Online Threats
An unprotected computer is like an open door for computer hackers and predators. To take it a step further, protect your computer from hackers by using a spam filter or gateway to scan inbound email or instant messages. Products like Webroot AntiVirus and Webroot Internet Security Complete thwart dangerous malware before it can enter your PC, stand guard at every possible entrance of your computer and fend off any spyware or viruses that try to enter, even the most damaging and devious strains. While free anti-spyware and antivirus downloads are available, they just can’t keep up with the continuous onslaught of new malware strains. Previously undetected forms of malware can often do the most damage, so it’s critical to have up-to-the-minute, guaranteed protection.
PENETRATION TESTING
Penetration Testing, also called pen testing of testing or ethical hacking, a computer system, network or web application to find security vulnerabilities that an attacker could exploit. Penetration testing can be automated with software applications or performed manually. Either way the process involves gathering information about the target before the test, identifying possible entry points, attempting to break in – either virtually or for real – and reporting back the findings.
The main objectives of penetration testing is to identify security weakness. Penetration testing can also organization’s security policy, its employees, and its employees. Security awareness and the organization ability to identify and respond to security incidents.
PURPOSE OF PENETRATION TESTING
The primary goal of a pen test is to identify weak sports in an organization’s security posture, as well as measure the compliances of its security policy test the staff’s awareness of security issues and determine whether – and how – the organization would be subject to security disasters. A penetration test can also highlight weakness in a company’s preventing and defecting an attack on an enterprise’s systems, that policy may not include a process to expel a hacker.
TYPES OF NETWORK PENETRATION TESTING
Penetration testing has become a vital part of modern vulnerability management programme. Just like in today’s Hollywood thrillers, industrialized hackers around the world are trying to breach network corporate brands, but also of any company – with easily discovered and exploited security vulnerabilities.
Hacking is now industrialized
Simulation the behavior of a cyber-criminal, a penetration test will uncover the critical security issues of your systems, how these vulnerabilities were exploit – as well as steps required to fix them (before they are exploited for real).
But there are several different types of Pen Testing, each with a different viewpoint, and objectives so it is important to know the differences – so you know which type of test meets your requirements and objectives.
While there are numerous sub – categories and variations, generally the different types of penetration test can be divided into four main groups.
§ External Network Penetration Test
An external network penetration test is typically what most people think of when talking about pen testing.
An external pen test involves an ethical trying to break into an organizations network – across the internet. This means it’s done off-site (remotely, as hacker would be), using controlled and agreed ethical hacking techniques to accurately simulate a targeted attack from malicious parties on your network
Benefits of Network pen testing:
Its probes your defenses, providing an effective test of how your externally – facing network infrastructures responds to the threats and where potential weakness and vulnerabilities lie.
Network devices, server and software packages represented a constant challenge to secure, and a frequent opportunity for attack. Network penetration testing allows you to find your most exposed security vulnerabilities before they can be exploited.
As with all pen testing methodology, a hacker will performs an intelligence gathering phase from publicity available sources to identify performing and vulnerability to exploit. This would include using performing a vulnerability scan to identify potential weakness to exploir, e.g. misconfigurations, weak passwords, unpatched software, open ports.
§ Internal network penetration test
An internal penetration by contrast, simulates either the actions a hackers might take once access has gained to be a network or those of a malicious actor, disgruntled employee with access that he or she is looking to escalate.
The end target is ultimately the same as an external penetration test. but the the starting assumes a degree of network access already
NETWORK PENETRATION TESTING
The primary objective for a network penetration test is to identify exploitable vulnerabilities in networks, systems, hosts and network devices (ie: routers, switches) before hackers are able to discover and exploit them. Network penetration testing will reveal real-world opportunities for hackers to be able to compromise systems and networks in such a way that allows for unauthorized access to sensitive data or even take-over systems for malicious/non-business purposes.
Our penetration testing methodology includes an attack simulation carried out by our highly trained security consultants in an effort to:
- Identify security flaws present in the environment
- Understand the level of risk for your organization
- Help address and fix identified network security flaws
RedTeam Security network penetration testers have had experience supporting network, systems and hosts —not just trying to break them. They leverage this experience to zero in on critical issues and provide actionable remediation guidance.
As a result of our network penetration tests, you’ll be able to view your systems through the eyes of both a hacker and experienced network security professional to discover where you can improve your security posture. Our consultants produce their network pen test findings in written reports and provide your team with the guidance necessary to effectively remediate any issues we uncover.
The network is often the nerve system of an organization — storing its information and driving its communication. Your network allows everyone in the enterprise to access tools they need to be successful. At the same time, your business must make sure that no one gains unauthorized access. That’s where network penetration testing can help.
What Is Network Penetration Testing?
Network penetration testing aims to do what a bad actor would do — identify and exploit vulnerabilities in your networks, systems and network devices. Yet the network pen test sets out to find any opportunities for an attack before an unauthorized user does.
By identifying real-world opportunities to compromise systems and networks, the network pen tester can provide suggestions to better protect sensitive data and prevent take-over of systems for malicious/non-business purposes.
A network penetration test typically employs globally accepted approaches based on the Penetration Testing Execution Standard (PTES). This will include:
- Intelligence Gathering — the discovery of all accessible systems and their respective services to obtain as much information as possible.
- Threat Modeling — identifying vulnerabilities within systems via automated scans and deep-dive manual testing techniques.
- Vulnerability Analysis — documenting and analyzing vulnerabilities to develop the plan of attack.
- Exploitation — Actually carrying out the attempt to exploit
- Reporting — Delivering, ranking, and prioritizing findings to generate an actionable report, complete with evidence, for the project stakeholders.
Some network pen testing can be done using automation, but for the best results, your testers will use all the same techniques — including manual efforts — to access your network that a highly motivated bad actor might use.
All of RedTeam Security’s network penetration testing comes with free remediation testing at no additional cost, with no time limits, to help guide you in your efforts to effectively remediate any issues uncovered by our pen tests.
Why Should I Conduct A Network Penetration Test?
A network penetration test will help you gain valuable insight into the security posture of the in-scope assets and be able to fix them before hackers are able to cause serious damage by exploiting them.
BASIC OF NETWORK
A network can be defined as a group of computers and other devices connected in some ways so as to be able to exchange data. Each of the devices on the network can be thought of as a node; each node has a unique address. Address are numeric quantities that are easy for computer to work with, but not for humans to remember.
Example : 204.160.241.98
Some networks also provides names that human can more easily remember than numbers.
Examples: www.javasoft.com , corresponding to numeric address
Addressing
Internet address:
o Consists of 4 bytes separated by periods
Example: 136.102.233.49
o The R first bytes(R=1,2,3) correspomds to the network address; The remaining H bytes (H=3,2,1) are used for the host machine.
o Inter NIC Register : Organization in charge of the allocation of the address ranges corresponding to networks.
o Criteria considered:
? Geographical area (country)
? Organization enterprise
? Department
? Host
Domain Name System ( DNS):
Menemonics textual addresses are provided to facilate the multipulation of internet address. DNS servers are responsible for translating mnemomic textual Internet address into hard numeric Internet addresses. DNS servers are responsible for transferring mnemonic textual internet address into hard numeric internet address.
Ports :
v An IP address identifies a host machines on the internet.
v An IP port will identify by a number, the port number.
v The number of ports is not is not functionally limited, in contrast to serial communications where only 4 ports are allowed.
v There are some port numbers which are dedicated for specific applications
An IP port will identify a specific application running on an Internet host machine.
Data Transmission:
In the modern networks, data are transferred are transferring using packet switching. Messages are broken into units called packets, and sent from one computer to the other. At the destination, data are extracted from one or more packets and used to reconstruct the original message. Each packet has a maximum size and consists of a header and a data area. The header contains the address of the sources and destination computers and sequencing information necessary to reasonable the message at the destination.
Networks:
A network consists of two or more computers that are linked in order to share resources (such as printers and CDs), exchange files, or allow electronic communications. The computers on a network may be linked through cables, telephone lines, radio waves, satellites, or infrared light beams.
Basis of Networkings:
The foundations of networking: switches, routers, and wireless access points. Switches, routers, and wireless access points are the essential networking basics. Through them, devices connected to your network can communicate with one another and with other networks, like the Internet.
Types of Networks
There are 11 types of Networks,
They are,
1. Personal Area Network
2. Local Area Network
3. Wireless Local Area Network
4. Campus Area Network
5. Storage- Area Network
6. Wide Area Network
7. Metropolitan Area Network
8. System – Area Network
9. Passive Optical Local Area Network(POLAN)
10. Enterprise Private Network
11. Virtual Private Network
· Personal Area Network
A personal area network, or PAN, is a computer network that enables communication between computer devices near a person. PANs can be wired, such as USB or FireWire, or they can be wireless, such as infrared, ZigBee, Bluetooth and ultrawideband, or UWB. The range of a PAN typically is a few meters.
· Local Area Network
We’re confident that you’ve heard of these types of networks before – LANs are the most frequently discussed networks, one of the most common, one of the most original and one of the simplest types of networks. LANs connect groups of computers and low-voltage devices together across short distances (within a building or between a group of two or three buildings in close proximity to each other) to share information and resources. Enterprises typically manage and maintain LANs.
· Wireless Local Area Network
Functioning like a LAN, WLANs make use of wireless network technology, such as Wi-Fi. Typically seen in the same types of applications as LANs, these types of networks don’t require that devices rely on physical cables to connect to the network.
· Campus Area Network
Larger than LANs, but smaller than metropolitan area networks (MANs, explained below), these types of networks are typically seen in universities, large K-12 school districts or small businesses. They can be spread across several buildings that are fairly close to each other so users can share resources.
· Storage- Area Network
As a dedicated high-speed network that connects shared pools of storage devices to several servers, these types of networks don’t rely on a LAN or WAN. Instead, they move storage resources away from the network and place them into their own high-performance network. SANs can be accessed in the same fashion as a drive attached to a server. Types of storage-area networks include converged, virtual and unified SANs.
· Wide Area Network
This term is fairly new within the past two decades. It is used to explain a relatively local network that is designed to provide high-speed connection in server-to-server applications (cluster environments), storage area networks (called “SANs” as well) and processor-to-processor applications. The computers connected on a SAN operate as a single system at very high speeds.
· Metropolitan Area Network
These types of networks are larger than LANs but smaller than WANs – and incorporate elements from both types of networks. MANs span an entire geographic area (typically a town or city, but sometimes a campus). Ownership and maintenance is handled by either a single person or company (a local council, a large company, etc.).
· System – Area Network
This term is fairly new within the past two decades. It is used to explain a relatively local network that is designed to provide high-speed connection in server-to-server applications (cluster environments), storage area networks (called “SANs” as well) and processor-to-processor applications. The computers connected on a SAN operate as a single system at very high speeds
· Passive Optical Local Area Network(POLAN)
As an alternative to traditional switch-based Ethernet LANs, POLAN technology can be integrated into structured cabling to overcome concerns about supporting traditional Ethernet protocols and network applications such as PoE (Power over Ethernet). A point-to-multipoint LAN architecture, POLAN uses optical splitters to split an optical signal from one strand of singlemode optical fiber into multiple signals to serve users and devices.
· Virtual Private Network
By extending a private network across the Internet, a VPN lets its users send and receive data as if their devices were connected to the private network – even if they’re not. Through a virtual point-to-point connection, users can access a private network remotely.If you have questions about which type of network is right for your organization, or want to learn more about Belden’s network solutions that improve uptime, maintain security, and help improve user access.
WEBSITE PENETRATION
A penetration test, also known as a pen test, is a simulated cyber attack against your computer system to check for exploitable vulnerabilities. In the context of web application security, penetration testing is commonly used to augment a web application firewall (WAF).
Pen testing can involve the attempted breaching of any number of application systems, (e.g., application protocol interfaces (APIs), frontend/backend servers) to uncover vulnerabilities, such as unsanitized inputs that are susceptible to code injection attacks.Insights provided by the penetration test can be used to fine-tune your WAF security policies and patch detected vulnerabilities.
Penetration testing stages
1. Planning and reconnaissance
The first stage involves:
· Defining the scope and goals of a test, including the systems to be addressed and the testing methods to be used.
· Gathering intelligence (e.g., network and domain names, mail server) to better understand how a target works and its potential vulnerabilities.
2. Scanning
The next step is to understand how the target application will respond to various intrusion attempts. This is typically done using:
· Static analysis – Inspecting an application’s code to estimate the way it behaves while running. These tools can scan the entirety of the code in a single pass.
· Dynamic analysis – Inspecting an application’s code in a running state. This is a more practical way of scanning, as it provides a real-time view into an application’s performance.
3. Gaining Access
This stage uses web application attacks, such as cross-site scripting, SQL injection and backdoors, to uncover a target’s vulnerabilities. Testers then try and exploit these vulnerabilities, typically by escalating privileges, stealing data, intercepting traffic, etc., to understand the damage they can cause.
4. Maintaining access
The goal of this stage is to see if the vulnerability can be used to achieve a persistent presence in the exploited system— long enough for a bad actor to gain in-depth access. The idea is to imitate advanced persistent threats, which often remain in a system for months in order to steal an organization’s most sensitive data.
5.Analysis
The results of the penetration test are then compiled into a report detailing:
· Specific vulnerabilities that were exploited
· Sensitive data that was accessed
· The amount of time the pen tester was able to remain in the system undetected
This information is analyzed by security personnel to help configure an enterprise’s WAF settings and other application security solutions to patch vulnerabilities and protect against future attacks.
Penetration testing methods
External testing
External penetration tests target the assets of a company that are visible on the internet, e.g., the web application itself, the company website, and email and domain name servers (DNS). The goal is to gain access and extract valuable data.
Internal testing
In an internal test, a tester with access to an application behind its firewall simulates an attack by a malicious insider. This isn’t necessarily simulating a rogue employee. A common starting scenario can be an employee whose credentials were stolen due to a phishing attack.
Blind testing
In a blind test, a tester is only given the name of the enterprise that’s being targeted. This gives security personnel a real-time look into how an actual application assault would take place.
Double-blind testing
In a double blind test, security personnel have no prior knowledge of the simulated attack. As in the real world, they won’t have any time to shore up their defenses before an attempted breach.
Targeted testing
In this scenario, both the tester and security personnel work together and keep each other appraised of their movements. This is a valuable training exercise that provides a security team with real-time feedback from a hacker’s point of view.
· Penetration testing and web application firewalls
· Penetration testing and WAFs are exclusive, yet mutually beneficial security measures.
· For many kinds of pen testing (with the exception of blind and double blind tests), the tester is likely to use WAF data, such as logs, to locate and exploit an application’s weak spots.
· In turn, WAF administrators can benefit from pen testing data. After a test is completed, WAF configurations can be updated to secure against the weak spots discovered in the test.
Finally, pen testing satisfies some of the compliance requirements for security auditing procedures, including PCI DSS and SOC 2. Certain standards, such as PCI-DSS 6.6, can be satisfied only through the use of a certified WAF. Doing so, however, doesn’t make pen testing any less useful due to its aforementioned benefits and ability to improve on WAF configurations.
HACKING ATTACKS.
Given the amount of sensitive and financial information that is transmitted over the Internet every hour, it would be an obvious choice for cyber criminals to conduct their illegal activities. Yet in addition to the amount of traffic, the proliferation of insecure web applications makes web based hacking attacks even more attractive, and even more profitable.
Breaking into computer systems for malicious intent is nothing new. Since the early eighties skilled computer enthusiasts, or hackers, have used their knowledge to break into systems with no redeeming intent. However with the advent of web based applications, the sophistication of hacking attacks has dramatically increased while the amount of skill required to carry out these attacks has proportionately lessened.
Malicious hackers nowadays can make use of a number of tools that help them automate their attack. Using scanning tools the attacker is able to perform the first step of their attack, enumeration. In this phase information is gathered regarding the intended target. With specific tools, the attacker can scan multiple computers, routers, servers, and web sites at once looking for specific information that will help them easily attack the machine. Add to this the ability for the attacker to conduct the enumeration process with an army of zombie computers and the number of vulnerable systems that they can identify rises exponentially depending upon the size of the botnet they control.
Once the targets have been identified the attacker continues to analyze the targets looking for known vulnerabilities. Depending on what the overall goal of the attacker is, they could be searching for any number, or combination, of vulnerabilities in which to exploit. These can include, but are not limited to:
· Cross-Site Scripting
· SQL Injection
· Remote File Execution
· Denial of Service
Hacking attacks can have detrimental effects on the victim. These effects vary according to the type of attack the hacker launched and what the target of their attack is. Unfortunately for many Web Sites, there are multiple ways to exploit them.
· Malware that infects desktop computers can reveal administrator credentials or FTP credentials. These credentials can then be used to access the web site, web server, and even other resources on a companies network.
· Vulnerabilities in the server operating system can provide a hacker access to the files that make up the web site. The web site can then serve spam or malicious files to innocent visitors. Sites that are found to do this, even if they are not aware, can be flagged as malicious by the search engines and even removed from the Search Engine Results Page.
· Web applications that power dynamic web sites present multiple ways for an attacker to exploit a site and connect to the web site’s data base. Data bases that contain financial or personal information can then be farmed to later be used for credit card fraud or identity theft.
· Denial of Service attacks can cause a disruption in web services. If any essential business processes are run over the Internet, these can cease to function as well.
The Need to Protect Against Hacking Attacks
When a web site or network is attacked, the blame falls on the owner. It is their responsibility to ensure that any service or application that they are running is protected against the vulnerabilities that can be used to exploit their property, and that includes their web site.
To protect customers and employees from having their financial or private information from being stolen, both industry and governments have implemented regulations with the intent of securing against common hacking attacks. To combat credit card fraud, the Payment Card Industry created the Data Security Standard that requires merchants who process credit cards to take specific measures that help protect against hacking attacks. The European Union, United Kingdom, United States, and Canada are among the governments that have also instituted privacy acts meant to regulate how businesses protect their customer and employee data from malicious hackers.
In addition to the fees and legal ramifications that can come as a result of failing to comply with the different regulations, hacking attacks can also damage a company’s reputation to the point that they lose customers and revenue. A company who is in the news because they have been hacked is sure to lose the trust of even their most loyal customers. The same happens with web sites that are identified as containing spam or malicious scripts. Once this is known, most visitors will stay away. And if losing traffic wasn’t bad enough, but once the search engines have identified as site as malicious their placement in the search engine falls dramatically rendering any Search Engine Optimization work essentially useless until the problem is corrected.
How Does dotDefender Helps to Protect Against Hacking Attacks?
IBM’s X-Force Trend report stated that, “Web applications remain the Achilles heel for the security industry”. With over 80% of all web sites having contained at least one vulnerability, web application security needs to be addressed by any company with a web presence as protecting web applications not only helps to protect your web site from attack, but also can protect your web servers and any other network resources that access them.
dotDefender enables companies to address challenges facing their web site in a straightforward and cost-effective manner by utilizing a Security as a Service solution. dotDefender offers comprehensive protection against the vulnerabilities that hacking attacks use against your web site every day.
The reasons dotDefender offers such a comprehensive solution to your web application security needs are:
· Easy installation on Apache and IIS servers
· Strong security against known and emerging hacking attacks
· Best-of-breed predefined security rules for instant protection
· Interface and API for managing multiple servers with ease
· Requires no additional hardware, and easily scales with your business
Architected as plug & play software providing optimal out-of-the-box protection, dotDefender creates a security layer in front of the application to detect and protect against application-level attacks in incoming web traffic that could be used to compromise the web server, steal sensitive information, or disrupt web services.
CYBER SECURITY
Cybersecurity is the protection of internet-connected systems such as hardware, software and data from cyber-threats. The practice is used by individuals and enterprises to protect against unauthorized access to data centers and other computerized systems.
MEANING OF CYBER SECURITY
Cyber security or information technology security are the techniques of protecting computers, networks, programs and data from unauthorized access or attacks that are aimed for exploitation.
Description: Major areas covered in cyber security are:
1) Application Security
2) Information Security
3) Disaster recovery
4) Network Security
Application security encompasses measures or counter-measures that are taken during the development life-cycle to protect applications from threats that can come through flaws in the application design, development, deployment, upgrade or maintenance. Some basic techniques used for application security are: a) Input parameter validation, b) User/Role Authentication & Authorization, c) Session management, parameter manipulation & exception management, and d) Auditing and logging.
Information security protects information from unauthorized access to avoid identity theft and to protect privacy. Major techniques used to cover this are: a) Identification, authentication & authorization of user, b) Cryptography.
Disaster recovery planning is a process that includes performing risk assessment, establishing priorities, developing recovery strategies in case of a disaster. Any business should have a concrete plan for disaster recovery to resume normal business operations as quickly as possible after a disaster.
Network security includes activities to protect the usability, reliability, integrity and safety of the network. Effective network security targets a variety of threats and stops them from entering or spreading on the network. Network security components include: a) Anti-virus and anti-spyware, b) Firewall, to block unauthorized access to your network, c) Intrusion prevention systems (IPS), to identify fast-spreading threats, such as zero-day or zero-hour attacks, and d) Virtual Private Networks (VPNs), to provide secure remote access.
IMPORTANCE OF CYBER SECURITY
Cybersecurity's importance is on the rise. Fundamentally, our society is more technologically reliant than ever before and there is no sign that this trend will slow. Personal data that could result in identity theft is now posted to the public on our social media accounts. Sensitive information like social security numbers, credit card information and bank account details are now stored in cloud storage services like Dropbox or Google Drive.
The fact of the matter is whether you are an individual, small business or large multinational, you rely on computer systems every day. Pair this with the rise in cloud services, poor cloud service security, smartphones and the Internet of Things (IoT) and we have a myriad of cybersecurity threats that didn't exist a few decades ago. We need to understand the difference between cybersecurity and information security, even though the skillsets are becoming more similar.
Governments around the world are bringing more attention to cybercrimes. GDPR is a great example. It has increased the reputational damage of data breaches by forcing all organizations that operate in the EU to:
- Communicate data breaches
- Appoint a data-protection officer
- Require user consent to process information
- Anonymize data for privacy
The trend towards public disclosure is not limited to Europe. While there are no national laws overseeing data breach disclosure in the United States, there are data breach laws in all 50 states. Commonalities include:
- The requirement to notify those affect as soon as possible
- Let the government know as soon as possible
- Pay some sort of fine
California was the first state to regulate data breach disclosures in 2003, requiring persons or businesses to notify those affected "without reasonable delay" and "immediately following discovery". Victims can sue for up to $750 and companies can be fined up to $7,500 per victim.
This has driven standards boards like the National Institute of Standards and Technology (NIST) to release frameworks to help organizations understand their security risks, improve cybersecurity measures and prevent cyber attacks.
Why is cybercrime increasing?
Information theft is the most expensive and fastest growing segment of cybercrime. Largely driven by the increasing exposure of identity information to the web via cloud services. But it is not the only target. Industrial controls that manage power grids and other infrastructure can be disrupted or destroyed. And identity theft isn't the only goal, cyber attacks may aim to compromise data integrity (destroy or change data) to breed distrust in an organization or government.
Cybercriminals are becoming more sophisticated, changing what they target, how they affect organizations and their methods of attack for different security systems.
Social engineering remains the easiest form of cyber attack with ransomware, phishing, and spyware being the easiest form of entry. Third-party and fourth-party vendors who process your data and have poor cybersecurity practices are another common attack vector, making vendor risk management and third-party risk management all the more important.
According to the Ninth Annual Cost of Cybercrime Study from Accenture and the Ponemon Institute, the average cost of cybercrime for an organization has increased by $1.4 million over the last year to $13.0 million and the average number of data breaches rose by 11 percent to 145. Information risk management has never been more important.
Data breaches can involve financial information like credit card numbers or bank account details, protected health information (PHI), personally identifiable information (PII), trade secrets, intellectual property and other targets of industrial espionage. Other terms for data breaches include unintentional information disclosure, data leak, cloud leak, information leakage or a data spill.
Other factors driving the growth in cybercrime include:
- The distributed nature of the Internet
- The ability for cybercriminals to attack targets outside their jurisdiction making policing extremely difficult
- Increasing profitability and ease of commerce on the dark web
- The proliferation of mobile devices and the Internet of Things.
What is the impact of cybercrime?
A lack of focus on cybersecurity can damage your business in range of ways including:
- Economic costs: Theft of intellectual property, corporate information, disruption in trading and the cost of repairing damaged systems
- Reputational costs: Loss of consumer trust, loss of current and future customers to competitors and poor media coverage
- Regulatory costs: GDPR and other data breach laws mean that your organization could suffer from regulatory fines or sanctions as a result of cybercrimes
All businesses, regardless of the size, must ensure all staff understand cybersecurity threats and how to mitigate them. This should include regular training and a framework to work with to that aims to reduce the risk of data leaks or data breaches.
Given the nature of cybercrime and how difficult it can be to detect, it is difficult to understand the direct and indirect costs of many security breaches. This doesn't mean the reputational damage of even a small data breach or other security event is not large. If anything, consumers expect increasingly sophisticated cybersecurity measures as time goes on.
How to protect your organization against cybercrime
There are three simple steps you can take you increase security and reduce risk of cybercrime:
- Educate all levels of your organization about the risks of social engineering and common social engineering scams like phishing emails and typosquatting
- Invest in tools that limit information loss, monitor your third-party risk and fourth-party vendor risk and continuously scan for data exposure and leak credentials
- Use technology to reduce costs like automatically sending out vendor assessment questionnaires as part of an overall cyber security risk assessment strategy
Companies should no longer be asking why is cybersecurity important, but how can I ensure my organization's cybersecurity practices are sufficient to comply with GDPR and other regulation and to protect my business against sophisticated cyber attacks.
Examples of damages to companies affected by cyber attacks and data breaches
The amount of cyber attacks and data breaches in the recent years is staggering and it's easy to produce a laundry list of companies who are household names that have been affected.
Here's a few examples:
- Equifax:
The Equifax cybercrime identity theft event affected approximately 145.5 million U.S. consumers along with 400,000-44 million British residents and 19,000 Canadian residents. Equifax shares dropped 13% in early trading the day after the breach and numerous lawsuits were filed against Equifax as a result of the breach. Not to mention the reputational damage that Equifax suffered. On July 22 2019, Equifax agreed to a settlement with the FTC which included a $300 million fund for victim compensation, $175m for states and territories in the agreement and $100 million in fines.
- eBay:
Between February and March 2014, eBay was the victim of a breach of encrypted passwords, which resulted in asking all of its 145 million users to reset their password. Attackers used a small set of employee credentials to access this trove of user data. The stolen information included encrypted passwords and other personal information, including names, e-mail addresses, physical addresses, phone numbers and dates of birth. The breach was disclosed in May 2014, after a month-long investigation by eBay.
- Adult Friend Finder:
In October 2016, hackers collected 20 years of data on six databases that included names, email addresses and passwords for The FriendFinder Network. The FriendFinder Network includes websites like Adult Friend Finder, Penthouse.com, Cams.com, iCams.com and Stripshow.com. Most of the passwords were protected only by the weak SHA-1 hashing algorithm, which meant that 99% of them had been cracked by the time LeakedSource.com published its analysis of the entire data set on November 14.
- Yahoo:
Yahoo disclosed that a breach in August 2013 by a group of hackers had compromised 1 billion accounts. In this instance, security questions and answers were also compromised, increasing the risk of identity theft. The breach was first reported by Yahoo on December 14, 2016, and forced all affected users to change passwords, and to reenter any unencrypted security questions and answers to make them encrypted in the future. However, by October of 2017, Yahoo changed the estimate to 3 billion user accounts. An investigation revealed that users' passwords in clear text, payment card data and bank information were not stolen. Nonetheless, this remains one of the largest data breaches of this type in history.
While these are a few examples of high profile data breaches, it's important to remember that there are even more that never made it to the front page.
SCOPES OF CYBER SECURITY
The cybersecurity market, there still persists a skill gap that will take a couple of years to fill up. In the National Cyber Security Awareness Month (NCSAM), a lot of job and salary data was explored in the cybersecurity space. And it was found that the scope of Cyber Security is buzzing with well-paying jobs that require a well-armed cyber workforce.
According to the predictions by experts, the scope of the Cyber Security market will become $170 billion industry by 2020. For the last 5 years, Cyber Security professionals have been making more salary than average IT professionals. And the average salary gap across the gap is 9% to state the least.
While the job size is growing, salaries are better, the skill gap is taking time to fill up. It was identified by the Center for Cyber Safety and Education Center in 2017 if job aspirants don’t start upskilling, the industry will face a deficiency of 1.8 million Cyber Security experts by 2020.
Ask why should you learn Cyber Security? It is evident that the Cyber Security attacks are not turning back. Every 3 seconds a new malware is being created and that intends to find a victim and lead to damage of some scale.
That means while the cyber hackers are working at a very higher pace, the attack prevention system is still struggling to have a sufficient workforce. Do you know what sounds more alarming?
“According to the research by GISWS, almost 66% of the cyber security workforce that was the part of the study lacked the right skillset to combat the attacks that are being fabricated currently”.
To fill the gaps, organizations are encouraging the existing employees to chisel their skills by taking up certifications. Or they are working on building in-house teams to stay alert and protect against cyberattacks.
What kind of Scope with Cyber Security does have in India?
India has turned into a hotbed for Cyber Security experts. According to a recent study by Indeed.com, the scope of Cyber Security has turned more competitive in India. There are more job post clicks in India as compared to the US and UK. As per the industry stats, most hiring is happening for the below roles.
- Network Security Engineer
- Cyber Security Analyst
- Security Architect
- Cyber Security Manager
- Chief Information Security Officer
Over the last a couple of years, the average salary of a Cyber Security professional has been performing 9% better than any other IT professionals. The freshers are able to get good packages starting from 7 lacs and the experienced resources are in more demand drawing salaries in the range of 20-24 lacs.
Thus the scope of Cyber Security in India is better than ever. Here is a video that explains why the need is the most now.
Every geography has a different kind of skillset requirement. In India, most of the Cyber Security job post is looking for resources proficient in:
- Python
- Virtualization Network Services and Security
- Linux
- Cryptography,
- Android
- IoT
- Windows Server
What are the Exact Requirements & Scope of Cyber Security jobs in India?
If you were searching for the right and growth path in IT, you must have identified it by now. But before you tread into the territory or plan to upgrade yourself, it is very important to know the details at a granular level.
Educational or Experience Requirement
There is no denying that the job market is expanding and will continue to do so. According to the Bureau of Labor Statistics (BLS) by 2020, the demand for Information Security Analysts would be up by 37%.
The precise technical skills for procuring a handsome salary are difficult to pinpoint as there are so many sub-disciplines. It is important to note that the scope of Cyber Security in all these disciplines is good. But from a broader perspective, we can say that to penetrate into space one must have basic to advanced knowledge of:
(i) Network and system architecture, administration, and management know-how
(ii) Having a skill in a popular programming language like Java, C/C++, PHP, Python or shell.
WHY CYBER SECURITY IS IMPORTANT?
Cybersecurity is important because it encompasses everything that pertains to protecting our sensitive data, personally identifiable information (PII), protected health information (PHI), personal information, intellectual property, data, and governmental and industry information systems from theft and damage attempted by criminals and adversaries.
Cybersecurity risk is increasing, driven by global connectivity and usage of cloud services, like Amazon Web Services, to store sensitive data and personal information. Widespread poor configuration of cloud services paired with increasingly sophisticated cyber criminals means the risk that your organization suffers from a successful cyber attack or data breach is on the rise.
Gone are the days of simple firewalls and antivirus software being your sole security measures. Business leaders can no longer leave information security to cybersecurity professionals.
Cyber threats can come from any level of your organization. You must educate your staff about simple social engineering scams like phishing and more sophisticated cybersecurity attacks like ransomware attacks (think WannaCry) or other malware designed to steal intellectual property or personal data.
GDPR and other laws mean that cybersecurity is no longer something businesses of any size can ignore. Security incidents regularly affect businesses of all sizes and often make the front page causing irreversible reputational damage to the companies involved.
CYBER SECURITY GOALS
1. Protect the confidentiality of data. Confidentiality is roughly equivalent to the privacy and avoids the unauthorized disclosure of information. ...
2. Preserve the integrity of data. ...
3. Promote the availability of data for authorized users.
TYPES OF CYBER ATTACKS
A cyber-attack is an exploitation of computer systems and networks. It uses malicious code to alter computer code, logic or data and lead to cybercrimes, such as information and identity theft.
We are living in a digital era. Now a day, most of the people use computer and internet. Due to the dependency on digital things, the illegal computer activity is growing and changing like any type of crime.
Cyber-attacks can be classified into the following categories:
· Web – basd aatacks
· System – based attacks
Web-based attacks
These are the attacks which occur on a website or web applications. Some of the important web-based attacks are as follows-
1. Injection attacks
It is the attack in which some data will be injected into a web application to manipulate the application and fetch the required information.
Example- SQL Injection, code Injection, log Injection, XML Injection etc.
2. DNS Spoofing
DNS Spoofing is a type of computer security hacking. Whereby a data is introduced into a DNS resolver's cache causing the name server to return an incorrect IP address, diverting traffic to the attacker?s computer or any other computer. The DNS spoofing attacks can go on for a long period of time without being detected and can cause serious security issues.
3. Session Hijacking
It is a security attack on a user session over a protected network. Web applications create cookies to store the state and user sessions. By stealing the cookies, an attacker can have access to all of the user data.
4. Phishing
Phishing is a type of attack which attempts to steal sensitive information like user login credentials and credit card number. It occurs when an attacker is masquerading as a trustworthy entity in electronic communication.
5. Brute force
It is a type of attack which uses a trial and error method. This attack generates a large number of guesses and validates them to obtain actual data like user password and personal identification number. This attack may be used by criminals to crack encrypted data, or by security, analysts to test an organization's network security.
6. Denial of Service
It is an attack which meant to make a server or network resource unavailable to the users. It accomplishes this by flooding the target with traffic or sending it information that triggers a crash. It uses the single system and single internet connection to attack a server. It can be classified into the following-
Volume-based attacks- Its goal is to saturate the bandwidth of the attacked site, and is measured in bit per second.
Protocol attacks- It consumes actual server resources, and is measured in a packet.
Application layer attacks- Its goal is to crash the web server and is measured in request per second.
7. Dictionary attacks
This type of attack stored the list of a commonly used password and validated them to get original password.
8. URL Interpretation
It is a type of attack where we can change the certain parts of a URL, and one can make a web server to deliver web pages for which he is not authorized to browse.
9. File Inclusion attacks
It is a type of attack that allows an attacker to access unauthorized or essential files which is available on the web server or to execute malicious files on the web server by making use of the include functionality.
10. Man in the middle attacks
It is a type of attack that allows an attacker to intercepts the connection between client and server and acts as a bridge between them. Due to this, an attacker will be able to read, insert and modify the data in the intercepted connection.
System-based attacks
These are the attacks which are intended to compromise a computer or a computer network. Some of the important system-based attacks are as follows-
1. Virus
It is a type of malicious software program that spread throughout the computer files without the knowledge of a user. It is a self-replicating malicious computer program that replicates by inserting copies of itself into other computer programs when executed. It can also execute instructions that cause harm to the system.
2.. Worm
It is a type of malware whose primary function is to replicate itself to spread to uninfected computers. It works same as the computer virus. Worms often originate from email attachments that appear to be from trusted senders.
3. Trojan horse
It is a malicious program that occurs unexpected changes to computer setting and unusual activity, even when the computer should be idle. It misleads the user of its true intent. It appears to be a normal application but when opened/executed some malicious code will run in the background.
4. Backdoors
It is a method that bypasses the normal authentication process. A developer may create a backdoor so that an application or operating system can be accessed for troubleshooting or other purposes.
5. Bots
A bot (short for "robot") is an automated process that interacts with other network services. Some bots program run automatically, while others only execute commands when they receive specific input. Common examples of bots program are the crawler, chatroom bots, and malicious bots.
TYPES OF CYBER ATTACKERS
In computer and computer networks, an attacker is the individual or organization who performs the malicious activities to destroy, expose, alter, disable, steal or gain unauthorized access to or make unauthorized use of an asset.
As the Internet access becomes more pervasive across the world, and each of us spends more time on the web, there is also an attacker grows as well. Attackers use every tools and techniques they would try and attack us to get unauthorized access.
There are four types of attackers which are described below-
o Cyber Criminals
o Hacktivists
o State – Sponsored attackers
o Insider Threats
Cyber Criminals
Cybercriminals are individual or group of people who use technology to commit cybercrime with the intention of stealing sensitive company information or personal data and generating profits. In today's, they are the most prominent and most active type of attacker.
Cybercriminals use computers in three broad ways to do cybercrimes-
- Select computer as their target- In this, they attack other people's computers to do cybercrime, such as spreading viruses, data theft, identity theft, etc.
- Uses the computer as their weapon- In this, they use the computer to do conventional crime such as spam, fraud, illegal gambling, etc.
- Uses the computer as their accessory- In this, they use the computer to steal data illegally.
Hacktivists
Hacktivists are individuals or groups of hackers who carry out malicious activity to promote a political agenda, religious belief, or social ideology. According to Dan Lohrmann, chief security officer for Security Mentor, a national security training firm that works with states said "Hacktivism is a digital disobedience. It's hacking for a cause." Hacktivists are not like cybercriminals who hack computer networks to steal data for the cash. They are individuals or groups of hackers who work together and see themselves as fighting injustice.
State-sponsored Attacker
State-sponsored attackers have particular objectives aligned with either the political, commercial or military interests of their country of origin. These type of attackers are not in a hurry. The government organizations have highly skilled hackers and specialize in detecting vulnerabilities and exploiting these before the holes are patched. It is very challenging to defeat these attackers due to the vast resources at their disposal.
Insider Threats
The insider threat is a threat to an organization's security or data that comes from within. These type of threats are usually occurred from employees or former employees, but may also arise from third parties, including contractors, temporary workers, employees or customers.
Insider threats can be categorized below-
o Malicious
o Accidental
o Negligent
Malicious-
Malicious threats are attempts by an insider to access and potentially harm an organization's data, systems or IT infrastructure. These insider threats are often attributed to dissatisfied employees or ex-employees who believe that the organization was doing something wrong with them in some way, and they feel justified in seeking revenge.
Insiders may also become threats when they are disguised by malicious outsiders, either through financial incentives or extortion.
Accidental-
Accidental threats are threats which are accidently done by insider employees. In this type of threats, an employee might accidentally delete an important file or inadvertently share confidential data with a business partner going beyond company?s policy or legal requirements.
Negligent-
These are the threats in which employees try to avoid the policies of an organization put in place to protect endpoints and valuable data. For example, if the organization have strict policies for external file sharing, employees might try to share work on public cloud applications so that they can work at home. There is nothing wrong with these acts, but they can open up to dangerous threats nonetheless.
CYBER SECURITY PRINCIPLES
1. Risk Management Regime
A risk management regime should be set up which mainly consists of applicable policies and practices that must be established, streamlined and should effectively be communicated to all the employees, contractors and suppliers to assure that everyone is aware of the approach, e.g., how decisions are made, about risk boundaries, etc.
The risk management regime should be supported by governance structure which should be strong enough and should constitute a board of members and senior members with expertise in a given area.
2. Secure Configuration
Establish policies that would secure the organization’s security perimeter, a secure baseline and processes should be developed for ensuring configuration management. One must also disable or remove unnecessary functionality from the system which always lies at the high end of security breaching. All the software and systems should be regularly patched to fix loopholes that lead to a security breach. Failing to any of the mentioned strategies might lead to an increased risk of compromise of systems and information.
3. Network Security
Connecting to an unsecured network, for an instance – HTTP, over the internet, poses a big risk of getting your systems to be attacked or infected by bugs that lie at the other end. So policies and appropriate architectural and technical responses must be established which will serve as a baseline for networking. It will ensure the inbound and outbound networking rules that must be implemented to secure your network perimeter. E.g., the inbound connections (outside to inside) should first face the network firewall and should be filtered for threats and then finally should be passed to the destination system. By implementing these policies, any organization can reduce the chances of becoming a victim of cyber-attack. Furthermore, SIEM (security information and event management) solution should further be implemented; SOC centers should be established to use the technologies to effectively monitor your network.
4. Managing User Privileges
All the users should be provided with reasonable (and minimal) access privileges that would allow them to just go fine with their work. If users are granted more access than they need, it will be misuse and a much bigger risk to information security. Also, the granting of highly elevated privileges should be very carefully controlled and managed.
5. User Education and Awareness
End users and organization’s people play a vital role in keeping an organization safe and secure. If end-users are not aware of the policies, risk management regime that has been set and defined by the organization, these policies will fail its purpose. End-users must be provided with security awareness training and regular training should be conducted to ensure the users are aware of the organization’s policies and threats that may lead to security breaches. On the other hand, the cybersecurity professionals of the organization should be highly trained and should be ready to combat mode at any point in time if any breaches happen.
6. Incident Management
A SIEM solution will always create security-related incidents to you. An organization should establish effective incident management policies to support the business and ensure security throughout the organization and at all the endpoints, endpoints at rest (Like desktop) as well as endpoints in motion (Like laptops, Mobile Phones, etc.).
7. Malware Prevention
It requires the establishment of policies that directly address the business processes that are at the forefront of getting infected by malware such as email, web, personal devices, USB. E.g., a policy should be established which will restrict USB access to computers, similarly, other policy may restrict outbound internet request, etc., all depending upon situations and needs. Separate expertise solutions should be implemented to protect each forefront from malware such as email threat protection for emails, network analyzer like IDS, IPS and firewalls for networking and any web requests, managing profiles to monitor organization data at the end user’s mobile, etc. The endpoints should be very effectively protected by implementing anti-virus solutions that can detect, prevent and remediate malware from endpoints.
8. Monitoring
A monitoring strategy and solution should be created in order with the help of which an organization will have complete visibility of the security posture. It is also be used to create another layer of security when security breaches are passed by our detection and prevention system but the monitoring solution detects it and creates a security incident. E.g. you endpoint solution was able to detect the malware but it was unable to block or delete that malware, in that case, the monitoring solution will create a security incident. The solution will monitor all the inbound and outbound traffic and will integrate with logs from the firewall, endpoints, NIPS, NIDS, HIPS, HIDS, and other solutions.
9. Removable Media Controls
Every organization must define its removable media policies and should restrict the use of removable media as much as possible. If there are cases where their use is unavoidable, the policy should limit the types of media that can be used and the types of information that can be shared.
10. Home and Mobile Networking
When users are at home or mobile, they are no longer connecting to the company’s LAN or WAN. This poses a network risk where organizations do not have control over the internet. So risk-based policies that support mobile and home working should be established. The company can also choose to manage the user’s profile on mobile and have control of their data that is stored on mobile or Home computer.
DATA SECURITY CONSIDERATION
Data Security Consideration. ... It refers to the right of individuals or organizations to deny or restrict the collection and use of information about unauthorized access. Data security requires system managers to reduce unauthorized access to the systems by building physical arrangements and software checks.
SECURITY TECHNOLOGIES
Security technology is a critical part of IT infrastructure as organizations strive to defend against a rapidly evolving threat landscape. The right security technology can deliver stronger protection, more control and greater visibility while enabling more secure access, processing and storage.
THREATS TO CYBER SECURITY
Computer security threats are relentlessly inventive. Masters of disguise and manipulation, these threats constantly evolve to find new ways to annoy, steal and harm. Arm yourself with information and resources to safeguard against complex and growing computer security threats and stay safe online.
Examples of Online Cybersecurity Threats
Perhaps the most well-known computer security threat, a computer virus is a program written to alter the way a computer operates, without the permission or knowledge of the user. A virus replicates and executes itself, usually doing damage to your computer in the process.
Carefully evaluating free software, downloads from peer-to-peer file sharing sites, and emails from unknown senders are crucial to avoiding viruses. Most web browsers today have security settings which can be ramped up for optimum defense against online threats. But, as we'll say again and again in this post, the single most-effective way of fending off viruses is up-to-date antivirus software from a reputable provider.
Learn more about how to combat computer virus threats and stay safe online.
A serious computer security threat, spyware is any program that monitors your online activities or installs programs without your consent for profit or to capture personal information. We’ve amassed a wealth of knowledge that will help you combat spyware threats and stay safe online.
While many users won't want to hear it, reading terms and conditions is a good way to build an understanding of how your activity is tracked online. And of course, if a company you don't recognize is advertising for a deal that seems too good to be true, be sure you have an internet security solution in place and click with caution.
We’ve amassed a wealth of knowledge that will help you combat spyware threats- learn more about the dangers of spyware and stay safer online
People, not computers, create computer security threats and malware. Hackers and predators are programmers who victimize others for their own gain by breaking into computer systems to steal, change, or destroy information as a form of cyber-terrorism. These online predators can compromise credit card information, lock you out of your data, and steal your identity. As you may have guessed, online security tools with identity theft protection are one of the most effective ways to protect yourself from this brand of cybercriminal.
Masquerading as a trustworthy person or business, phishers attempt to steal sensitive financial or personal information through fraudulent email or instant messages. Phishing attacks are some of the most successful methods for cybercriminals looking to pull off a data breach. Antivirus solutions with identity theft protection can be "taught" to recognize phishing threats in fractions of a second.
CYBER SECURITY TOOLS
· Firewalls. As we know, the firewall is the core of security tools, and it becomes one of the most important security tools. ...
· Antivirus Software. ...
· PKI Services. ...
· Managed Detection and Response Service (MDR) ...
· Penetration Testing. ...
CYBER SECURITY CHALLENGES
o Ransomware Evolution. Ransomware is the bane of cybersecurity, IT, data professionals, and executives. ...
o AI Expansion. ...
o IoT Threats. ...
o Blockchain Revolution. ...
o Serverless Apps Vulnerability.
ADVANTAGES OF CYBER SECURITY
1. Improved security of cyberspace
2. Increase in cyber defense
3. Increase in cyber speed
4. Protecting company data and computers against virus, worms, Malware and Spyware, etc.
5. Protects individual private information.
6. Protects networks and information.
DISADVANTAGES OF CYBER SECURITY
1. It will be costly for average users.
2. Firewalls can be difficults to confrigure correctly.
3. Need to keep updating the new software in order to keep security up to date.
4. Make system slower than before
CONCLUSION
A leading Cyber Security company Absoluteshared that42% of the endpoints of any company’s network are unprotected. And at any given time almost 100% of endpoint security tools fail thus the organizations are facing a negative ROI when it comes to the security spend.
In conclusion, ethical hacking is not a criminal activity and should not be considered as such. While it is true that malicious hacking is a computer crime and criminal activity, ethical hacking is never a crime. Ethical hacking is in line with industry regulation and organizational IT policies.
Ethical Hacker at S-Chem
2 个月hi