Introduction to CEH Edited PDF
Document Details
Uploaded by MagicalWatermelonTourmaline5568
APSIS Fort Road
Tags
Related
- Western Governors University Certified Ethical Hacker (CEH) Version 12 eBook PDF
- ECCouncil Certified Ethical Hacker Exam (CEHv12) 312-50v12 PDF
- Ethical Hacking CYB 0206 Chapter 1 PDF
- De Montfort University Kazakhstan CSEC1001K: Cyber Ethics Lecture 1 PDF
- اﻟﮭﺎﻛﺮ اﻷﺧﻼﻗﻲ Ethical Hacking PDF
- Lecture 2: Information Security and Ethical Hacking PDF
Summary
This document introduces the concept of information security, describing its essential components and providing basic explanations. It covers areas such as security needs, the CIA triad, security definitions, ethical hacking, and assets. The text is organized in a slide format discussing key aspects of information security
Full Transcript
Introduction to Information Security Need for Security Assessment What is Information Security CIA Triad Key Security Definition Ethical Hacking Hassan 8 Need for Security Assessment Hassan 9 Hassan 10 ...
Introduction to Information Security Need for Security Assessment What is Information Security CIA Triad Key Security Definition Ethical Hacking Hassan 8 Need for Security Assessment Hassan 9 Hassan 10 Folk Model Home‐computer Users at Risk Due to Use of ‘ Folk Model’ Security EAST LANSING, Mich. — Most home computers are vulnerable to hacker attacks because the users either mistakenly think they have enough security in place or they don’t believe they have enough valuable information that would be of interest to a hacker. That’s the point of a paper published this month by Michigan State University’s Rick Wash, who says that most home‐computer users rely on what are known as “folk models.” Those are beliefs about what hackers or viruses are that people use to make decisions about security to keep their information safe. Unfortunately, they don’t often work the way they should. Hassan 11 Folk Model Home‐computer Users at Risk Due to Use of ‘ Folk Model’ Security Hassan 12 Folk Model Home‐computer Users at Risk Due to Use of ‘ Folk Model’ Security [email protected] dell6***** [email protected] 27343945 59119138 Hassan 13 Folk Model [email protected] CENSORED PASSWORD HASH pakis*********** 32614a9c0df2de4368d288f0b33c70c180b88f1f Abutt***** a5ce3c18d20098d90b695d0a75c43df99998ab61 pakis******** afce7959d4b69e9b2f8c9bb1d5773fa4f72e8458 [email protected] CENSORED PASSWORD HASH ZULFI******* 4adc1a934707244dcd79340989bbcb07c74067d5 tTL5Q************ 1258105f59f46d23ea021633409c7c570b468acb Loveh*********** e2e8326c4faaefa1b68bf9bc3179034e8de9b3ac Hassan 14 Introduction to Information Security Need for Security Assessment What is Information Security CIA Triad Key Security Definition Ethical Hacking Hassan 15 What is Information Security The protection of information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction in order to provide confidentiality, integrity, and availability. Hassan 16 Introduction to Information Security Need for Security Assessment What is Information Security CIA Triad Key Security Definition Ethical Hacking Hassan 17 CIA Triad Confidentiality Preventing unauthorized access to information and disclosure Achieved through Cryptography Integrity Guarding against information modifications Achieved through Hashing etc Hassan 18 CIA Triad Availability Ensuring timely and reliable access to information Achieved through redundancy, backups etc. Hassan 19 Key Concepts Hassan 20 CIA Triad (Example) The two-factor authentication (debit card with the PIN code) provides confidentiality before authorizing access to sensitive data The ATM and bank software ensure data integrity by maintaining all transfer and withdrawal records The ATM provides availability as it is for public use and is accessible at all times Hassan 21 Introduction to Information Security Need for Security Assessment What is Information Security CIA Triad Key Security Definition Ethical Hacking Hassan 22 Information Security Purpose “Security to identify the threats against, the risks and the associated potential damage to, and the safeguarding of Information Assets..” Hassan 23 Assets People, property, and information. People may include employees and customers along with other invited persons such as contractors or guests. Property assets consist of both tangible and intangible items that can be assigned a value. Intangible assets include reputation and proprietary information. Information may include databases, software code, critical company records, and many other intangible items. Hassan 24 Vulnerability Weaknesses or gaps in a security program that can be exploited by threats to gain unauthorized access to an asset Hassan 25 Threat Threat – Anything that can exploit a vulnerability, intentionally or accidentally, and obtain, damage, or destroy an asset. A threat is what we’re trying to protect against. Hassan 26 Risk Risk – The potential for loss, damage or destruction of an asset as a result of a threat exploiting a vulnerability. or Probability of a threat becoming real, and the corresponding potential damages Hassan 27 Introduction to Information Security Need for Security Assessment What is Information Security CIA Triad Key Security Definition Ethical Hacking Hassan 28 What is Ethical Hacking Hassan 29 Phases of Ethical Hacking Phases of Ethical Hacking (5) FOOTPRINTING RSGMC Recce Scanning R Gaining Access Scanning and S Maint Access enumeration G Covering Tracks M C Vulnerability Research Vulnerability Exploitation BRNSS-K Hassan 30 FOOTPRINTING Using basic info to gather further details 31 FOOTPRINTING Foot-printing steps Identify Target (TNOP) Identify IP Network topology Tgt (ID): ID (ip, asn, Server) DNS, Subdomains, whois, web Identify ASN (https://ipinfo.io/) NW/Website info Network/ : Website Information technologies Identify Servers if possibleNW topology Identify Admins (whois) DNS https://lookup.icann.org/en/lookup Gather Org Information Sundomains whois web tech Gather Passwords Gather Employees Emails, phone nos id Admins(whois) Haveibeenpawned (harverster) (hunter.io),Linkedin https://lookup.icann.org/en/lookup breadcheddirectory Gather documents (google dorks) Gather Org info: army secret site:*.gov.in filetype:pdf Emails,passwords,phone nos (harvester & hunter.io), linkedin gather docu (google dorks) Army secret websit : Scanning & gov.in.filetype:pdf Gather passwords Enumeration Haveibeenpawned 32 HPS Host Port SCANNING AND ENUMERATION Svc Objectives of NW scanning(4) HSSV DISCOVER: HIP: Host(live), Ip add, Ports(Open) S + A: System(OS) & Syst archit Services: running on host Vulnerabilities: in live host 33 SCANNING AND ENUMERATION Scanning Steps Identify Live hosts HPS E2 Host: Id live host Port: Id Open Port Ping sweep –sn TCP Ports Svc Id Svc netdiscover Udp Ports Identify Open Ports Scan for all ports Enumerate: Sys & Web Identify services System Enumerate Detect service Version -sV Collect usernames, system names, Emails etc Web Enumeration Subdomains Vhosts DNS Hack it 34 GAINING ACCESS Vulnerability Research 35 GAINING ACCESS Vulnerability Exploitation 36 MAINTAINING ACCESS Maintaing Access (6) BRNSS-K Backdoor Keyloggers Rootkits NTFS Streams Spyware Spyware Steganography Keyloggers Backdoors Rootkits NTFS Streams Steganography Steganography MALWARE: HARMS SYSTEM SPYWARE: DONT HARMS, RATHER JUST OBSERVES/monitors eg(Wireshar) Backdoor Port: Default loop/port left for setting. made during development of App/process/system eg REVRSE SHELL (code type) Rootkit: Access to KERNEL system rather then basic lvl for granular control Stegnography: Hide a file/info inside image 37 COVERING TRACKS Tech to cover tracks(6) WAFL2T Windows functionality (Disable) Auditing: Disable Files: Delete/Hid Artifacts Logs: Clearing + Manipulating Tracks: Covering Tr on NW/OS 38 Hacking Mindset Hopefully, you will learn to think like a criminal mastermind but behave like a gentleman/woman! Hassan 39