Unit 1 (1).pdf

Full Transcript

UNIT -1
Introduction to Cyber Security
& Ethical Hacking
 Cybersecurity
In some cases, it is also called electronic information security or
information technology security.
Cybersecurity is a crucial field that encompasses the practices,
technologies, and processes designed to protect computer systems,
networks, and data from unauthorized access, attacks, damage, or theft.
Types of Cyber Security
Network Security
Application Security
Information or Data Security
Endpoint Security
Identity management
IoT Security
Mobile Security
Cloud Security
 NETWORK SECURITY - This type focuses on safeguarding the
integrity, confidentiality, and availability of a network. It involves measures
like firewalls, intrusion detection systems (IDS), intrusion prevention
systems (IPS), and Virtual Private Networks (VPNs) to protect against
network-based threats.
INFORMATION OR DATA SECURITY - Information security aims to
protect data from unauthorized access, disclosure, alteration, and
destruction. Encryption, access controls, and data classification are critical
components in this category.
Endpoint Security - This involves securing individual devices (endpoints)
such as computers, smartphones, and tablets. Antivirus software,
anti-malware tools, and host-based intrusion detection systems help protect
these endpoints from malware and other threats.
 Application Security: Application security focuses on ensuring that
software and applications are free from vulnerabilities and are resistant
to attacks. It involves code reviews, penetration testing, and secure
coding practices during the software development lifecycle.
Cloud Security: With the increasing use of cloud services, cloud
security has become crucial. It involves securing data, applications, and
services hosted on cloud platforms. Measures include identity and access
management (IAM), encryption, and security assessments of cloud
providers.
IoT Security: As the Internet of Things (IoT) grows, securing connected
devices becomes paramount. IoT security includes measures to protect
smart devices, sensors, and networks that enable communication
between them.
 Mobile Security – It involves securing the organizational and personal
data stored on mobile devices such as cell phones, tablets, and other
similar devices against various malicious threats. These threats are
Unauthorized access, Device loss or Theft, Malware, etc.
Identity and Access Management (IAM) - It involves managing and
controlling user access to systems and resources. This ensures that only
authorized individuals or entities can access sensitive data or perform
specific actions.
NEED of CYBER SECURITY
Cybersecurity is to safeguard sensitive information which includes personal data, financial records,
intellectual property, and confidential government data.
Cybersecurity measures help in preventing unauthorized access, ensuring that data breaches are less
likely to occur.
Cybersecurity measures help build and maintain trust among individuals, organizations, and
governments.
Cybersecurity plays a crucial role in preventing various forms of cybercrime, including hacking,
phishing, and ransomware attacks.
Cybersecurity is essential for national security.
Many laws and regulations mandate cybersecurity measures. Organizations must comply with these
laws, or they may face legal consequences.
Cybersecurity ensures business continuity by preventing or mitigating the impact of cyber incidents.
Cybersecurity helps in managing and mitigating the risks associated with global connectivity.
 CIA TRAID
❑ Cyber Security's main objective is to ensure data protection. The security community provides a
triangle of three related principles to protect the data from cyber-attacks. This principle is called the
CIA triad.
❑ For example, ensuring confidentiality may involve encryption, which also contributes to data
integrity, and both are useless if the data is not available when needed.
CONFIDENTIALITY - It focuses on ensuring that information is kept
confidential and is only accessible to authorized individuals or systems.
Confidentiality measures are put in place to prevent unauthorized access or
disclosure of sensitive data. Encryption, access controls, and data
classification are commonly used to maintain confidentiality.
Standard measures to establish confidentiality include:
❑ Data encryption
❑ Two-factor authentication
❑ Biometric verification
❑ Security tokens
INTEGRITY: Integrity refers to protecting information from being
modified by unauthorized parties. It indicates to make the source of
information genuine. Integrity ensures the accuracy and trustworthiness of
data. It means that data should not be tampered with or altered by
unauthorized parties. Measures to maintain data integrity include
checksums, digital signatures, and auditing.
Standard measures to guarantee integrity include:
❑ Cryptographic checksums
❑ Using file permissions
❑ Uninterrupted power supplies
❑ Data backups
AVAILABILITY:Availability is making sure that information and data
are accessible to the authorized parties when needed. Data only has value
if the right people can access it at the right time. It involves protecting
against denial-of-service (DoS) attacks and ensuring that systems and data
are resilient to failures or disruptions.
Standard measures to guarantee availability include
Backing up data to external drives
Implementing firewalls
Having backup power supplies
Data redundanc:y
Introduction to Security Architecture
Security architecture is defined as the architectural design that includes all
the threats and potential risks which can be present in the environment or
that particular scenario. This also includes the security controls and the use
of security controls. For the security architecture, the proper documentation is
done that include all the security specifications and include all the detailed
information about the architecture.
Security architecture is a structured approach to designing and implementing
security controls and measures within an organization. Its primary goal is to
ensure the confidentiality, integrity, and availability of sensitive data and
resources while mitigating various security risks.
Security Architecture
The system architecture system has a role that it meets the security requirements and
also helps to protect the company operating environment.
It is beneficial for the company as it includes other activities like risk management
activities that require continuous improvement, and security architecture helps to
meet the organization requirements.
It defines proper polices, rules and regulations that need to reinforce in the
organization and provide proper information about them.
The architecture is also used for allocating the controls for technical security so that
the information system of the organization can be maintained properly.
It helps to define common regulations and standards for every employee so that
everyone can follow the rules and maintain data integrity and security in the
organization.
 Components of Security Architecture
Security Policies: They define the rules and guidelines that govern how security
measures should be implemented and enforced within an organization.
Security Controls: These are the technical and procedural mechanisms put in place to
protect assets. Examples include firewalls, intrusion detection systems.
Risk Assessment: Identifying and assessing potential security risks is crucial. This
involves analyzing threats, vulnerabilities, and the potential impact of security incidents.
Security Awareness: Human error is a common cause of security breaches. Security
awareness programs help educate employees and users about best practices and security
policies.
Incident Response Plan: An incident response plan outlines how the organization will
react to and mitigate the effects of such incidents.
Security Testing and Monitoring: Regularly testing and monitoring the security
measures is essential. This includes vulnerability assessments, penetration testing, and
continuous monitoring for suspicious activities.
Benefits of Using the Security Architecture
Help to protect the important company assets from the outside and
provide security to the important resources to the organization.
The architecture provides the limited access to the user so that the
confidential data can be kept secure and safe.
The architecture defines the common policies and standards that can be
used by the every employee of the company.
It helps the organization to reach their goal and easily conduct their
business operations smoothly.
The other benefit is risk management activities covered by the
architecture as the risk management activity requires continuous
assistance.
 Security Governance
Security governance is a process for overseeing the cybersecurity teams
who are responsible for mitigating business risks.
Security governance is a vital aspect of cybersecurity and information
security management. It encompasses the policies, processes, and
structures that an organization uses to oversee and manage its security
efforts. Security governance ensures that an organization's security
strategy aligns with its business goals and effectively manages risks.
 Security auditing
A security audit is a systematic evaluation of the security of a company's information
system.
A Cyber security audit involves a comprehensive analysis and review of your IT
infrastructure. It is an in-depth review of an organization's security measures and is a
vital component of a comprehensive risk management strategy.
Independent review and examination of a system's records and activities to determine
the adequacy of system controls, ensure compliance with established security policy
and procedures, detect breaches in security services, recommend any changes.
Security auditing is a critical process in the field of cybersecurity that involves the
systematic evaluation of an organization's information systems, policies, procedures,
and controls to assess their effectiveness in safeguarding data, identifying
vulnerabilities, and ensuring compliance with security standards and regulations.
It includes Risk Assessment, Vulnerability Identification, and Compliance Verification.
Regulations and Framework
Regulations and frameworks is essential as they provide guidelines and standards for
ensuring data security, privacy, and compliance.
NIST National Institute of Standards and Technology (NIST) Framework.
ISO 27001 and ISO 27002.
SOC2.(Service Organization Control)
NERC-CIP. (North American Electric Reliability Corporation Critical
Infrastructure Protection)
HIPAA[The Health Insurance Portability and Accountability Act.]
GDPR(General Data Protection Regulation)
FISMA(Federal Information Security Management Act) - (FISMA) is United
States legislation that defines a framework of guidelines and security standards to
protect government information and operations.
 General Data Protection Regulation (GDPR) - It is a European Union regulation that
focuses on the protection of individuals' personal data. It sets strict rules for how
organizations should handle and process personal data.
Payment Card Industry Data Security Standard (PCI DSS) - PCI DSS is a set of
security standards designed to ensure the secure handling of credit card information by
organizations. It applies to businesses that accept card payments.
Health Insurance Portability and Accountability Act (HIPAA) - HIPAA is a U.S. law
that governs the security and privacy of medical records and personal health information.
ISO/IEC 27001 - ISO/IEC 27001 is an international standard for information security
management systems (ISMS). It provides a framework for organizations to establish,
implement, maintain, and continually improve their information security management.
NIST Cybersecurity Framework - Developed by the National Institute of Standards and
Technology (NIST), this framework offers guidelines and best practices for organizations
to manage and reduce cybersecurity risks.
Computer Emergency Response Team (CERT) Framework - CERT frameworks offer
guidelines for incident response and management. Organizations use these to develop
effective strategies for dealing with security incidents.
What is Hacking?
Hacking refers to the act of gaining unauthorized access to computer
systems, networks, or digital devices, typically with the intent to
manipulate, steal, or disrupt data or functionality. Hacking can take
various forms and is performed by individuals known as hackers.
For example:
Login into an email account that is not supposed to have access
Reading information that you are not supposed to able to read is
considered as hacking.
Unauthorized Access
Data Manipulation and Data Theft
Malware:
 Ethical Hacking
Ethical hacking involves an authorized attempt to gain unauthorized access to a
computer system, application, or data.
It referred to as "white hat hacking" or "penetration testing.
It is the practice of intentionally and legally probing computer systems, networks, and
software applications for security vulnerabilities.
Ethical hackers perform these activities with the permission and knowledge of the
system owners to identify and address security weaknesses.
They use the same tools, tricks, and techniques that malicious hackers used, but with
the permission of the authorized person.
Ethical hacking can involve different types of testing, including network penetration
testing, web application testing, wireless network testing, and social engineering
testing.
Why Ethical Hacking?
The purpose of ethical hacking is to improve the security and to defend the systems
from attacks by malicious users.
Ethical hacking is conducted within a legal framework and with proper authorization.
The primary objective of ethical hacking is to identify security weaknesses and
vulnerabilities in systems, networks, and applications before malicious hackers can
exploit them.
Ethical hackers use various techniques and tools to assess the security of a system.
They simulate real-world cyberattacks to identify potential entry points,
vulnerabilities, and weaknesses.
After conducting security assessments, ethical hackers provide detailed reports to the
organization, outlining the vulnerabilities discovered, the potential impact of these
vulnerabilities, and recommendations for remediation or mitigation.
Types of Hackers

Hackers can be classified into three different categories:
Black Hat Hacker
White Hat Hacker
Grey Hat Hacker
BLACK HAT HACKER
Black-hat Hackers are also known as an Unethical Hacker or a
Security Cracker.
These people hack the system illegally to steal money or to achieve
their own illegal goals.
Black hat hackers, on the other hand, engage in malicious activities
for financial gain or harm. They operate outside the law, exploiting
vulnerabilities and often acting without permission.
WHITE HAT HACKER
White hat Hackers are also known as Ethical Hackers or a Penetration
Tester.
White hat hackers are the good guys of the hacker world.
White hat hacking is legal.
White hat hackers are ethical and work within the boundaries of the
law to improve security. They often collaborate with organizations,
report vulnerabilities, and help protect systems.
GREY HAT HACKERS
Gray hat Hackers are Hybrid between Black hat Hackers and White hat
hackers.
They can hack any system even if they don't have permission to test the
security of the system but they will never steal money or damage the
system.
Grey hat hackers fall in between, sometimes identifying vulnerabilities
without authorization but not necessarily using them maliciously. They
may disclose findings or even sell them.
 Difference between Hackers
WHITE HAT HACKER BLACK HAT HACKER GREY HAT HACKER

White-Hat Hacking is legal. Black-Hat Hacking is illegal. Sometimes Gray-Hat Hackers
violate Laws.
White-Hat Hackers also called Good Black-Hat Hacker is also called Bad Grey Hat Hackers are both Good
Guys, Ethical Hackers. Guys, Crackers. and Bad guys.
White-hat hackers may sometimes Black-Hat hackers profit by carding Gray-Hat hackers discover problems
be compensated personnel. and selling information to other and notify the owner, occasionally
criminals. seeking small money to resolve the
problem.
White-hat hackers are employed by "black-hat hackers" compromise Without the owner's consent,
both governments and companies. computer security to benefit their gray-hat hackers identify problems
owners. in a
system.
Individuals who identify weaknesses Black-Hat hackers are highly trained Gray-Hat hackers employ both
in computer networks are known as individuals that break defensive and offensive strategies.
white-hat hackers. into a system without authorization.
White Hat hackers who use ethical Black Hat Hackers who use ethical Gray-Hat hackers are those who
hacking techniques. hacking techniques. engage in this activity.
Phases of Ethical Hacking
1. Reconnaisance(Information Gathering)
In this initial phase, the ethical hacker gathers information about
the target system or organization. This includes identifying the
scope of the assessment, understanding the goals and objectives,
and performing reconnaissance to gather information about the
target's infrastructure, systems, and potential vulnerabilities. This
phase helps in creating an effective strategy for the assessment.
2. Scanning
During this phase, the ethical hacker scans the target system for open ports, network
services, and other potential entry points. It involves using automated scanning tools and
techniques to discover vulnerabilities such as unpatched software, misconfigurations, or
weak access controls.
Basically, at this stage, four types of scans are used:
Pre-attack: Hacker scans the network for specific information based on the information
gathered during reconnaissance.
Port scanning/sniffing: This method includes the use of dialers, port scanners, and other
data-gathering equipment.
Vulnerability Scanning: Scanning the target for weaknesses/vulnerabilities.
Information extraction: In this step, hacker collects information about ports, live
machines and OS details, topology of network, routers, firewalls, and servers.
 3. Gaining Access
The ethical hacker attempts to exploit the identified vulnerabilities to gain
unauthorized access to the target system. for example:
Phishing attack
Man in the middle attack
Brute Force Attack
Spoofing Attack
Dos attack
Buffer overflow attack
Session hijacking
BEC Attack
4. Maintaining Access
Once access is gained, the ethical hacker may attempt to maintain
persistent access to the target system. This phase involves escalating
privileges, creating backdoors, or installing persistent malware. The
objective is to simulate an actual attacker who establishes long-term
control over the compromised system.
Once a hacker has gained access, they want to keep that access for future
exploitation and attacks.
Also, the hacker secures access to the organization’s Rootkits and
Trojans and uses it to launch additional attacks on the network
 5. Analysis And Reporting
After the assessment phase, the ethical hacker analyzes the data gathered throughout
the process. They evaluate the impact and potential risks associated with the
identified vulnerabilities.
A detailed report is then prepared, highlighting the vulnerabilities, their potential
impact, and recommendations for mitigating or fixing them.
The report aims to provide actionable insights to the organization for improving its
security posture.
6. Clearing Tracks
Once the assessment is complete, the ethical hacker and the organization work together
to address the identified vulnerabilities and implement appropriate countermeasures.
Ethical hackers may choose to remove any traces of their activities from the target
system to maintain a low profile. This involves erasing logs, restoring altered files to
their original state, and eliminating any evidence of the ethical hacking activities.
An intelligent hacker always clears all evidence so that in the later point of time, no one
will find any traces leading to him/her. He/she does this by:
Clearing the cache and cookies
Modifying registry values
Modifying/corrupting/deleting the values of Logs
Clearing out Sent emails
Closing all the open ports
Uninstalling all applications that he/she be used
Penetration Testing
A penetration test (pen test) is an authorized simulated attack performed on a
computer system to evaluate its security.
Penetration testing, or pen testing, is a series of tests carried out by specialized testers
trying to penetrate a company’s systems to find vulnerabilities that could be
exploited internally or externally by criminals and other bad actors.
Penetration testing is a technique used in cybersecurity to identify vulnerabilities in
applications or networks. Penetration testers are also often responsible for assessing
an organization’s security policies, compliance, and employee awareness of security
protocols.
TYPES Penetration Test
1. Network Penetration Test
2. Web Application Penetration Test
3. Client-Side Penetration Test
4. Wireless Network Penetration Test
5. Social Engineering Penetration Test
1. Network Penetration Test
The penetration tester audits a network environment for security
vulnerabilities.
Network penetration tests can be further subdivided into two categories:
external tests and internal tests.
An external penetration test involves testing public IP addresses.
Internal test provides the tester with network access so that they can
emulate a hacker who has already penetrated the network’s defenses.
Penetration testers focus on the following areas in network penetration
tests:
Firewall configuration
DNS-level attacks
2. Web Application Penetration Test
In a web application penetration test, testers search for security problems
associated with the insecure design, development, or coding of a web
app. These types of tests focus on browsers, websites, web applications,
and related items, including plug-ins, procedures, and applets.
3. Client-Side Penetration Test
Client-side penetration tests identify security vulnerabilities within an organization.
These are often located in the programs and applications the organization uses, such
as email platforms, web browsers, and Adobe Acrobat.
for example, gain access to a vulnerable application through a well-crafted email
directing an employee to a malicious webpage or load malware onto a USB stick that
can execute the malware once it is inserted into a device. Client-side penetration tests
aim to identify these risks and address all related internal vulnerabilities.
4. Wireless Network Penetration Test
Wireless network penetration tests focus on vulnerabilities in wireless
devices, such as tablets, laptops, notebooks, and smartphones. These
tests aim to identify all devices used by an organization that are
vulnerable to cyberattacks. These vulnerabilities may include wireless
devices’ security controls, access point configurations, or weak security
protocols.
5. Social Engineering Penetration Test

Social engineering penetration tests focus on the human aspect of an
organization’s security. In a social engineering test, testers attempt to
deceive employees into giving up sensitive information or allowing the
tester access to the organization’s systems. This enables penetration
testers to understand the organization’s vulnerability to scams or other
social engineering cyberattacks.