Ethical Hacking Training Course | Cyber Security
With the increase in cyber-crime, it has become important to know how and why the attackers attack a system and more importantly, how can these attacks be counteracted and prevented. The major attacks are done on the sensitive information of an organization as it is the one of the most valued assets in companies.
Information security is the protection of data, irrespective of its form as valuable and meaningful data can be stored in many forms while cyber security deals with the protection of data which is being generated in digital form only in systems and networks.
Hacking refers to the legal or illegal gain of access of system or network by the experts while ethical hacking refers to the hacking of system or a network by the expert but not with the malicious intent.
Elements of Information Security
- Confidentiality- It means that only authorized people can access the information.
- Integrity- It is the assurance that the information has been passed from sender to the destination as it was supposed to be. No tampering has been done with the data.
- Availability- It refers to the availability of device used to exchange information by the users, when required.
- Authenticity-Assurance that the quality of data is authentic and uncorrupted.
- Non-Repudiation-It is a way to guarantee that the sender has sent the data while the receiver has received it. Either of both cannot be denied later.
Motives of Attack
Classification of Attacks
- Active Attack- These are the direct attacks performed on the systems in which the attackers launch a detectable traffic into the network to exploit the information.
Examples- DOS attack, MITM, SQL injection, backdoor access, spoofing attacks, etc.
- Passive Attack- In this attack, in contrary to active attack, the attacker uses sniffers to capture the data without the consent of user, which is being transmitted from one end to another.
Examples- Foot printing, sniffing and eavesdropping, network traffic analysis, and decryption of weakly encrypted traffic.
- Close-in Attack- These attacks happens when the attacker is in the close proximity of the network or the target system. The main goal is to gather, modify or disrupt the information.
Examples- Social engineering
- Insider Attack- It is performed by a trusted person who has access to the sensitive information of the organization.
Examples- Eves dropping and wiretapping, social engineering, data theft and spoliation, etc.
- Distribution Attack- These attacks are performed even prior to the installation of the hardware or software. Attackers in this attack, tamper the source code before the installation.
Examples- Modification of hardware or software during production or distribution.
Cyber Kill Chain Methodology
- Reconnaissance- It means to gather information about the target system or network to identify a loophole before attacking.
- Weaponization- In this step, the attacker analyses the data gathered in order to select an appropriate tool to attack the system or target network.
- Delivery- It is the stage in which the attacker attacks its target. It could be through any form as decided by the adversary in the previous step. This is the stage in which the effectiveness of defense strategies of a system gets known.
- Exploitation- Once the delivery is done, the malicious code of the attacker starts to trigger exploitation in the target system. It is where the organizations face authenticity and authorization attacks.
- Command and Control- In this stage, the adversary creates a path for 2-way communication from the server controlled by him to the victim’s system to pass data back and forth continually.
- Actions on Objectives- The attacker finally gets what he seeks for. He gets either the confidential data he was looking for, or the target network or service are being disrupted, or the operational capability of the target has been compromised.
Indicators of Compromise
The system we use in our daily life, tends to behave odd when it’s been attacked. The indications of the system that points towards an intrusion are the indicators of compromise. A continuous check on the system and network should be performed by the security professionals to detect any threat to the system and counteract it. They need to remain updated an keep updating their system and network to detect and respond to the everyday evolving cyber threats. IOCs are not intelligence but do serve as a source of information for an organization to enhance their strategies to prevent and handle any attack.
- Email Indicators- Malicious data is sent through Email.
- Network Indicators- These are useful for command and control, malware delivery, and identifying the operating systems and other tasks.
- Host-Based Indicators- Indicators given by the infected system within the network of an organization.
- Behavioral Indicators- These are used to identify behavior related to specific attack.
Hacking refers to the exploitation of system and network vulnerabilities to gain access to the system in order to get benefitted. It involves the compromise of security systems and confidential data, or modifying system or application features that are unwanted by the authorized user.
Hacker is an intelligent and skilled individual who has the ability to create and explore hardware and software and discover vulnerabilities in the target system.
Classes of Hackers
Apart from these, there are-
- Green Hat Hackers- A hacker who is a newbie in the hacking game but is working hard to excel it.
- Red Hat Hackers- Hackers who target Linux system.
- Purple Hat Hackers- Hackers who tests themselves on their own PC.
- Blue Hat Hackers- Security professionals who are outside the organizations. They come to check the vulnerabilities of systems and the network.
- Elite Hackers- These are pro-hackers and takes years of practice to be one.
Phases of Hacking
- Reconnaissance- In this the attacker gains information about the target system or network prior to launching an attack. It is done to know the loopholes and backdoor to entry and exit into one.
- Active Reconnaissance- Direct interaction is done with the target.
- Passive Reconnaissance- Direct interaction is not done with the target.
- Pre-Attack Phase- Attacker uses the gathered information to scan the network for specific information.
- Port Scanner- Scanning by using dialers, port scanners, network mappers, ping tools, and vulnerability scanners.
- Extract Information- Information is extracted to launch attacks.
- Gaining Access- Phase in which the attacker gains access to the OS or applications on the target system.
- Maintaining Access- In this phase the attacker tries to own the system by snatching the authorship of authentic user over the system and also preventing other attackers to enter into it.
- Clearing Tracks- It is done by the adversary to clean their tracks in order to hide their identity. The attacker overwrites the server, system, and application logs to avoid suspicion.
Information Security Laws and Standards
Payment Card Industry Data Security Standard (PCI DSS)- It is an information security standard that takes care of credit cards.
ISO/IEC 27001:2013- It specifies the requirements for establishing, implementing, maintaining, and continually improvising an information management security system within an organization.
Health Insurance Portability and Accountability Act (HIPPA)- It deals with healthcare transactions, code sets, and identifiers.
Sarbanes Oxley Act (SOX)- These are financial standards to protect both, investors and public by increasing the accuracy and reliability of corporate disclosure.
DMCA and FISMA- These standards deal with plagiarism and copyright information.