Ethical Hacking CYB 0206 Chapter 1 PDF
Document Details
Imam Mohammad Ibn Saud Islamic University
Tags
Related
- questions.pdf
- Western Governors University Certified Ethical Hacker (CEH) Version 12 eBook PDF
- Secure Thinking Session 3: What is a Hacker PDF
- ECCouncil Certified Ethical Hacker Exam (CEHv12) 312-50v12 PDF
- Chapter 1 Ethical Hacking, Ethics, and Legality PDF
- De Montfort University Kazakhstan CSEC1001K: Cyber Ethics Lecture 1 PDF
Summary
This document provides an overview of ethical hacking, covering concepts like information security, hacking methodologies, hacker classes, and more.
Full Transcript
Imam Mohammad Ibn Saud Islamic University Applied College Computer Sciences Program Ethical Hacking CYB 0206 Chapter 1: Introduction to Ethical Hacking Out...
Imam Mohammad Ibn Saud Islamic University Applied College Computer Sciences Program Ethical Hacking CYB 0206 Chapter 1: Introduction to Ethical Hacking Outline Information Security Concepts Hacking Methodologies and Frameworks Hacking Concepts and Different Hacker Classes Ethical Hacking Concept and Scope Techniques used in Information Security Controls 2 Information Security Concepts 3 Information Security Information is a critical assets that organization should protect. Information security refers to the protection of information and systems from unauthorized access, disclosure, alteration, and destruction. Information disclosure leads to huge losses in terms of finance, reputation, and customers. 4 Elements of Information Security 5 Elements of Information Security Confidentiality – restrict access to authorized individuals Integrity – data has not been altered in an unauthorized manner Availability Availability – information can be accessed and modified by authorized individuals in an appropriate timeframe 6 Information Security Attack Attackers have goals and objectives behind their information security attack. Attackers use various tools and techniques to exploit vulnerabilities in a computer system or its security policy and controls to achieve their objectives. Goals and objective of attackers: 7 Classification of attacks According to IATF, security attacks are classified to five categories: passive, active, close-in, insider, and distribution. Passive attack : Obtain confidential information or monitor system behavior without being detected. Active attack : Obtain unauthorized access to a network or system and cause damage or gain sensitive information. 8 Example : Differences between passive attack and active attack: 9 Information Warfare Information warfare or InfoWar refers to the use of information and communication technologies (ICT) to gain competitive advantage over opponent. Examples of information warfare weapons: 10 Block diagram of Information Warfare 11 Hacking Methodologies and Frameworks 12 Hacking Methodology Hacking methodology defines the step-by-step process to perform ethical hacking. Hacking methodology guides ethical hackers to succeed in the ethical hacking process by learning various tactics, techniques, and tools used by attackers at the phases of attacks. 13 Hacking Methodology Phases ❖Footprint and reconnaissance: an attacker gathers information about the target such as the target organization’s clients, employees, operations, network, and systems. ❖Scanning: the attacker use the information gathered during reconnaissance to scan the network for specific information. It is a logical extension of active reconnaissance but involves more in-depth probing by the attacker. ❖Enumeration: involves making active connection to a target system. Attackers gather information such as network user lists, routing tables, security flaws, shared users, groups, applications, and banners. ❖Vulnerability assessment: the examination of the ability of a system or application to resist offensive. Attackers perform vulnerability analysis to identify security weaknesses in the target network, communication infrastructure, and end systems. 14 System Hacking The attacker follow a certain methodology to hack a system, the obtain information during the methodology phases used to exploit the target system by Gaining access, escalating privileges, maintaining access, and clearing logs. 15 Cyber Kill Chain Methodology It is a component of intelligence-driven defense for the identification and prevention of malicious intrusion activities. It is a framework developed for securing cyberspace based on the concept of military kill chains. This method aims to enhance intrusion detection and response, It is equipped with seven-phase protection mechanism to reduce cyber threats. 16 Cyber Kill Chain Methodology (cont.) 17 Tactics, Techniques, and Procedures (TTPs) Tactics, Techniques, and Procedures (TTPs) refers to the patterns of activities and methods associated with specific threat actors or groups of threat actors. TTPs used to strengthen the security infrastructure for the organization. Tactics The guidelines that describe the way an attack performs that attack. This guideline consists of the tactics for information gathering. The technical methods used by an attacker includes initial exploitations Techniques Command and Control > C2 Procedures The Organizational approaches that threat actors follow. 18 Hacking Concepts and Different Hacker Classes 19 What is Hacking, Hacker and Hacker classes? Hacking refers to exploiting system vulnerabilities and compromising security controls to gain unauthorized or inappropriate access to a system’s resources. It involves modifying system or application features to achieve a goal outside the creator’s original purpose. Hacking can be used to steal and redistribute intellectual property, leading to business loss. Hacker is an intelligent individual with excellent computer skills who can create and explore computer software and hardware. For some hackers hacking is a hobby to see how many computers or networks they can compromise. Hackers’ intention can either be to gain knowledge or to probe and do illegal things. 20 21 Ethical Hacking Concept and Scope Ethical Hacking Ethical hacking involves the use of hacking tools, tricks, and techniques to identify vulnerabilities and ensure system security. It focuses on simulating the techniques used by attackers to verify the existence of exploitable vulnerabilities in a system security. Ethical hackers perform security assessments for organization with permission of concerned authorities. 23 Why Ethical Hacking is Necessary? Reasons why organizations recruit ethical hackers: ✓ Prevent hackers ✓Uncover vulnerability ✓Strengthen an organizations security posture. ✓Avoid security breaches ✓To help safeguard customer data. ✓To enhance security awareness. 24 Scope and Limitation of Ethical Hacking 25 Skills of Ethical Hackers 26 Techniques used in Information Security Controls 27 Information Assurance (IA) IA refers to the assurance that the integrity, availability, confidentiality and authenticity of information and information systems is protected during the usage, processing, storage, and transmission of information. Processes help to achieving AI: 28 Continual/Adaptive Security Strategy Organizations should adopt Adaptive Security Strategy, which involve implementing all the four network security approaches. 29 Defense-in-Depth It is a security strategy in which several protection layers are placed throughout an information system. It helps to prevent direct attacks against the system and its data because a break in one layer only leads the attacker to the next layer. 30 Risk Management Risk management is the process of reducing and maintaining risk at an acceptable level by means of a well-defined and actively employed security program. Risk management phases: 31 References Regalado, D. et al. , “Gray Hat Hacking: The Ethical Hacker's Handbook”, 2018, 5th Edition EC Council, "Ethical Hacking and Countermeasures V11",2020, Version 11. 32
