Ethical Hacking
What is Ethical Hacking?
Ethical Hacking is the act of locating weaknesses and vulnerabilities of computer and information systems by duplicating the intent and actions of malicious hackers. The key difference between this and illegal hacking is gaining the owners permission before beginning. Ethical Hacking can also be called or known as penetration testing, intrusion testing, red teaming, or tiger teams.Who are Ethical Hackers?
An Ethical Hacker or white hat is a security professional professional who applies their hacking skills for defensive purposes on behalf of the owners of information systems.Ethical hackers know how to find and exploit vulnerabilities and weaknesses in systems just like a malicious hacker or black hat. In fact, they both use the same skills; however, an ethical hacker uses those skills in a legitimate, lawful manner to try to find vulnerabilities and fix them before the bad guys can get there and try to break in. The primary difference between ethical hackers and real hackers is the legality. Nowadays, certified ethical hackers are among the most sought after information security employees in large organizations.
Ethical Hackers use many techniques and tools to locate vulnerabilities in systems including but not limited to penetration testing, social engineering, scanning, sniffing, cracking passwords, and locating weaknesses in security systems.
Popular Ethical Hacking tools include: Nmap, Metasploit, Kalu Linux, Burp Suite, Cain & Able, Aircrack, Nessus, and many more.
The role of an ethical hacker is important since the bad guys will always be there, trying to find cracks, backdoors, and other secret ways to access data they shouldn’t. In fact, there’s even a professional certification for ethical hackers: the Certified Ethical Hacker(CEH).
*make sure you have documented permission from the right people before breaking into something. Not breaking the law is paramount to being an ethical hacker.
Cybersecurity
What is Cybersecurity?
Cybersecurity, Computer Security, Electronic Information Security or IT Security is a set of techniques for the protection of computer systems, their hardware, software or electronic data, as well as, servers, mobile devices, electronic systems, and networks from disruption, misdirection, unauthorized access, modification,or malicious attacks of the services they provide.There are hundreds of job titles in cyber security, but some of the top positions include:
Chief information security officer.Security Analyst.
Incident responder.
Security Engineer.
Computer forensics expert.
Security Architect.
Penetration tester.
Security Administrator.
Security Software Developer.
Cryptographer.
Cryptanalyst.
Security Consultant.
Some helpful terms:
Asset- Something of value to a person, business or organization.Attack- An attempt to gain unauthorized access to system services, resources, or information, or an attempt to compromise system integrity.
Firewall- Hardware or software designed to prevent unauthorised access to a computer or network from another computer or network.
Hacker- Someone who violates computer security for malicious reasons, kudos or personal gain.
Proxy server- Server that acts as an intermediary between users and others servers, validating user requests.
Risk- Something that could cause an organization not to meet one of its objectives.
Security control- Something that modifies or reduces one or more security risks.
Threat- Something that could cause harm to a system or organization.
Vulnerability- A flaw or weakness that can be used to attack a system or organization.
Common Threats include:
PhishingTrojans
Botnets
Ransomware
Distributed Denial of Service (DDoS)
Wiper Attacks
Spyware/Malware
Man in the Middle (MITM)
Drive-By Downloads
Malvertising
Rogue and Unpatched Software
Major Elements in Cybersecurity include:
Software security
Application Security
Information Security
Network Security
Disaster recovery
End-User Education
Next Software Security
Software Security
What is Software Security?
Software security is the idea of engineering software with a robust design so that it is resistant to and continues to function correctly under malicious attack.Secure Coding
Secure coding is the practice of writing software that’s resistant to attack by malicious or mischievous people or programs. An insecure program can provide access for an attacker to take control of a server or a user’s computer, resulting in anything from denial of service to a single user, to the compromise of secrets, loss of service, or damage to the systems of thousands of users.Attacks
Attacks often take advantage of vulnerabilities found in web-based and other application software. Vulnerabilities can be present for many reasons, including coding mistakes, logic errors, incomplete requirements, and failure to test for unusual or unexpected conditions. Examples of specific errors include: the failure to check the size of user input; failure to filter out unneeded but potentially malicious character sequences from input streams; failure to initialize and clear variables; and poor memory management allowing flaws in one part of the software to affect unrelated and more security critical portions.There is a flood of public and private information about such vulnerabilities available to attackers and defenders alike, as well as tools and techniques to allow “weaponization” of vulnerabilities into exploits. Attackers can inject specific exploits, including buffer overflows, Structured Query Language (SQL) injection attacks, cross-site scripting, cross-site request forgery, and click-jacking of code to gain control over vulnerable machines.
Best Practices
Software security best practices leverage good software engineering practice and involve thinking about security early in the software development lifecycle, knowing and understanding common threats, including language-based flaws and pitfalls, designing for security and subjecting all software artifacts to thorough objective risk analyses and testing.Secure coding helps protect a user’s data from theft or corruption. By identifying the insecure coding practices that lead to these errors and educating developers on secure alternatives, we can take proactive steps to help significantly reduce or eliminate vulnerabilities in software before deployment.
Here is a Great Resource for Secure Coding: Secure Coding Cheat Sheet
Next Application Security
Application Security
Application security is the use of software, hardware, and procedural methods to protect applications from external threats.Security is becoming an increasingly important concern during development as applications become more frequently accessible over networks and are, as a result, vulnerable to a wide variety of threats.
Helpful terms
Application firewall - an enhanced firewall that limits access by applications to the operating system (OS) of a computer.Backdoor - A method of bypassing established authentication or other security processes to obtain access to a system.
Cross-Site Scripting (XSS) - An attack on an application where malicious executable scripts are injected into a trusted application or website.
Countermeasure - is an action, device, procedure, or technique that reduces a threat, a vulnerability, or an attack by eliminating or preventing it.
Encryption - The transformation of plaintext data into indecipherable data (ciphertext).
IP address - short for Internet Protocol address, is an identifying number for a piece of network hardware.
JavaScript hijacking - is a technique that an attacker can use to masquerade as a valid user and read sensitive data from a vulnerable Web application, particularly one using Ajax (Asynchronous JavaScriptand XML). Nearly all major Ajax applications have been found vulnerable.
Router - a networking device that forwards data packets between computer networks.
Countermeasures
Different techniques are used to surface such security vulnerabilities at different stages of an applications lifecycle such design, development, deployment, upgrade, maintenance.Actions taken to ensure application security are sometimes called countermeasures. The most basic software countermeasure is an application firewall that limits the execution of files or the handling of data by specific installed programs.
The most common hardware countermeasure is a router that can prevent the IP address of an individual computer from being directly visible on the Internet. Some basic techniques used for application security are: Input parameter validation, User/Role Authentication & Authorization, Session management, parameter manipulation & exception management, and Auditing and logging.
Other countermeasures include conventional firewalls, encryption/decryption programs, anti-virus programs, spywaredetection/removal programs and biometric authentication systems.
Security measures built into applications and a sound application security routine minimize the likelihood that unauthorized code will be able to manipulate applications to access, steal, modify, or delete sensitive data.
Next Information Security
Information Security
Information security ("IS" “InfoSec” "data security") is the practice of preventing unauthorized access, use, disclosure, disruption, modification, inspection, recording or destruction of information. Its primary concern is for the confidentiality, integrity, and availability of your data. (This is often referred to as the “CIA.”)Ensuring that information is not compromised in any way when critical issues arise. These issues include but are not limited to natural disasters, computer/server malfunction and physical theft.
Helpful terms
Authentication - The process that affirms an entity’s credentials, thus proving an identity.CIA - CIA triad (or C/I/A), these three security aspects have long been held as the fundamental principles of Information Security.
Confidentiality: describes the need for information to be accessible only to those that are authorised to view it.
Integrity: describes the need for information to be protected from modification by those that are not authorised to change it.
Availability: describes the need for information to be available to those that require it, when they require it.
Cryptography - or cryptology is the practice and study of techniques for secure communication. Cryptography involves creating written or generated codes that allow information to be kept secret.
Digital Certificate - An electronic identifier that establishes your credentials when doing business or other transactions on the Web.
Digital Signature - A tool used to provide the authentication of the sender of a message, as well as the origin of the message and identity of the sender. It is unique for every transaction and created with a private key.
Hash Functions - These are different from SKC and PKC. They use no key and are also called one-way encryption. Hash functions are mainly used to ensure that a file has remained unchanged.
Public Key Cryptography - (PKC): Here two keys are used. This type of encryption is also called asymmetric encryption. One key is the public key that anyone can access. The other key is the private key.
Secret Key Cryptography - (SKC): Here only one key is used for both encryption and decryption. This type of encryption is also referred to as symmetric encryption.
User Identification - (User ID, UID) Information (aka credential) that is used to uniquely identify or define attributes about an individual's or entity's identity.
Information security handles risk management. Anything that can act as a risk or a threat to the CIA triad must be kept - it cannot be changed, altered or transferred without permission. For example, a message could be modified during transmission by someone intercepting it before it reaches the intended recipient. Good cryptography tools can help mitigate this security threat. Digital signatures can improve information security by enhancing authenticity processes and prompting individuals to prove their identity before they can gain access to computer data.
Next Network Security
Network Security
Network security consists of the policies and practices adopted to prevent and monitor unauthorized access, misuse, modification, or denial of a computer network and network-accessible resources.Network security includes activities to protect the usability, reliability, integrity and safety of the network. Effective network security targets a variety of threats and stops them from entering or spreading on the network. Network security components include: a) Anti-virus and anti-spyware, b) Firewall, to block unauthorized access to your network, c)Intrusion prevention systems (IPS), to identify fast-spreading threats, such as zero-day or zero-hour attacks, and d) Virtual Private Networks (VPNs), to provide secure remote access.
Helpful terms
Anti-spyware software- designed to detect and remove unwanted spyware programs. Spyware is a type of malware that is installed on a computer without the user's knowledge in order to collect information.Anti-virus software - utility that detects, prevents, and removes viruses, worms, and other malware from a computer.
(IDS)Intrusion Detection System - Software that detects an attack on a network or computer system.
(IPS) Intrusion prevention system - a system that monitors a network for malicious activities such as security threats or policy violations.
Penetration test - pen test is an authorized simulated attack on a computer system, performed to evaluate the security of the system.
(VPN) Virtual private network - is a private network that is built over a public infrastructure.
The role of network security is to protect the organization’s IT infrastructure from all types of cyber threats including:
Viruses, worms and Trojan horses
Zero-day attacks
Hacker attacks
Denial of service attacks
Spyware and adware
A network malfunction, hacker or virus can cause your entire computer system to shut down and can even permanently destroy all the information on the system.
Next Disaster Recovery
Disaster recovery
Disaster recovery planning is a process that includes performing risk assessment, establishing priorities, developing recovery strategies in case of a disaster. Any business should have a concrete plan for disaster recovery to resume normal business operations as quickly as possible after a disaster.IT disaster recovery control measures can be classified into the following three types:
Preventive measures – Controls aimed at preventing an event from occurring.Detective measures – Controls aimed at detecting or discovering unwanted events.
Corrective measures – Controls aimed at correcting or restoring the system after a disaster or an event.
Good disaster recovery plan measures dictate that these three types of controls be documented and exercised regularly using so-called "DR tests".
Helpful Terms
(RTO) recovery time objective - the maximum tolerable length of time that a computer, system, network, or application can be down after a failure or disaster occurs.(RPO) Recovery Point Objective - indicates the maximum ‘age’ of files that an organization must recover from backup storage for normal operations to resume after a disaster.
A Disater Recovery Plan can include:
Diagram of the entire IT network and the recovery site.Identifying the most critical IT assets and determining the maximum outage time. Get to know the terms Recovery Point Objective (RPO) and Recovery Time Objective (RTO). RPO indicates the maximum ‘age’ of files that an organization must recover from backup storage for normal operations to resume after a disaster.
List of software, license keys and systems that will be used in the recovery effort.
Technical documentation from vendors on recovery technology system software.
Summary of insurance coverage.
Proposals for dealing with financial and legal issues, as well as media outreach.
Typically, IT disaster recovery plans take into consideration factors including data integrity and availability, network connectivity, voice and email communications channels, IT servers and services, backup power sources, and more.
Next End-User Education
End-User Education
“People are the weakest link in the cybersecurity chain.”
Mainly due to a lack of awareness, users and employees frequently open the virtual gates to attackers.An end user is the human individual that uses any computing-enabled device or appliance.
The majority of security incidents are the result of human errors and human ignorance and not malicious intent. Therefore, it is critical that significant effort is focused on education and awareness to reduce these occurrences
Best practices in this area include:
Awareness programs including some basic training combined with ongoing awareness campaigns.Promote an incident reporting culture
Online courses covering the essentials of security awareness
Consider flash cyber threat advisories to potentially targeted end users.
Perform simulating phishing then use it as a learning tool.
Gamify your security awareness training and make it mobile friendly.
End-user feedback. If users are expected to become good cybersecurity citizens, then the security team should keep them up to date on how they are doing.
Helpful Terms
Phishing - attempt to obtain sensitive information such as usernames, passwords, and credit card details, often for malicious reasons, by disguising as a trustworthy entity in an electronic communication(BCM))Business continuity management - Preparing for and maintaining continued business operations following disruption or crisis.
Spyware - Malware that passes information about a computer user’s activities to an external party.
Virus - Malware that is loaded onto a computer and then run without the user’s knowledge
End users cannot be made 100 perfect as an IT risk, but they can be trained and helped with awareness and regular information guidance.
If you have stuck along this far you have learned a good introduction to Cybersecurity. Now for the fun parts!!!
Up Next Hacking!!!
Hacking
What is Hacking?
Hacking - refers to the practice of modifying or altering computer software and hardware to accomplish a goal that is considered to be outside of the creator's original objective.Hacking is the gaining of access(wanted or unwanted) to a computer and viewing, copying, or creating data without the intention of destroying data or maliciously harming the computer.
A computer hacker is any skilled computer expert that uses their technical knowledge to overcome a problem.
Types of Hackers
Black hats - hack to take control over the system for personal gains.White hats - professionals who hack to check security systems to make it more hack-proof. This process is typically referred to as penetration testing.
Grey hats - differ from black hats in the sense that they notify the admin of the network system about the weaknesses discovered in the system instead of exploiting for personal gains.
Ethical hacker - is an individual hired to hack into a system to identify and repair potential vulnerabilities
Script kiddies - or skids are people breaking into computers using programs written by others, with very little knowledge about the way they work.
Blue hats - hacker is someone outside computer security consulting firms who is used to bug-test a system prior to its launch, looking for exploits so they can be closed.
Crackers - find exploits for system vulnerabilities and often use them to their advantage by either selling the fix to the system owner or selling the exploit to other black hat hackers
Hacktivist - is someone who uses their hacking skills for political ends.
Red team - an independent group that challenges an organization to improve its effectiveness by assuming an adversarial role or point of view.
Green hats - are the amateurs in the online world of hacking.
Cracking is a method by which a person who gains unauthorized access to a computer with the intention of causing damage.
Hacking and Cracking is a crime when the perpetrators access systems without the owner's permission.
Next up Threats
Threats or Attacks
A Threat or Cyberattack is deliberate exploitation of computer systems, technology-dependent enterprises and networks.Common Threats can include
Botnets - A collection of computers compromised by malicious code and controlled across a network.(DoS)Denial of Service - An attack that prevents or impairs the authorized use of information system resources or services.
(DDoS)Distributed Denial of Service - A denial of service technique that uses numerous systems to perform the attack simultaneously.
Malware - Software that compromises the operation of a system
(MITM) Man-in-the-middle attack - is an attack where the attacker secretly relays and possibly alters the communication between two parties who believe they are directly communicating with each other.
Phishing - A digital form of social engineering to deceive individuals into providing sensitive information.
Ransomware - is a type of malware that prevents users from accessing their system or personal files and demands ransom payment in order to regain access.
Spoofing - Faking the sending address of a transmission to gain illegal entry. The deliberate inducement of a user or resource to take incorrect action. Impersonating, masquerading, piggybacking, and mimicking are forms of spoofing.
Spyware - Software that is secretly or surreptitiously installed into an information system.
(SQLi)SQL injection - is a code injection technique, used to attack data-driven applications.
Trojan horse - A computer program that appears to have a useful function, but also has a hidden and potentially malicious function.
Virus - A computer program that can replicate itself infect a computer and then spread.
Worm - A self-replicating, self-propagating, self-contained program that uses networking mechanisms to spread itself.
(XSS)Cross-Site Scripting - is a common attack that injects malicious code into a vulnerable web application.
The process of keeping up with new technologies, security trends and threat intelligence is a challenging task.
Next Penetration Test
Penetration Testing
A penetration test or pen test, is an authorized simulated attack on a computer system, performed to evaluate the security of the system.Pen testers aka ethical hackers essentially get paid to legally break into computers or devices.
Pen tests can be automated with software applications or they can be performed manually.
Ethical hacking steps
1. Planning and reconnaissance - Get documented permission and gather information.2. Scanning - inspect code and how the system works.
3. Exploitation - get into the system and back out with information without being noticed.
4. Maintaining access - The goal of this step is to see if the vulnerability can be used to achieve a persistent presence in the exploited system.
5. Analysis - compile a report detailing:
-Specific vulnerabilities that were exploited
-Sensitive data that was accessed
-The amount of time the pen tester was able to remain in the system undetected
Penetration Testing Methods
External Testing - target the assets of a company that are visible on the internet.Internal Testing - test with access to an application behind its firewall.
Blind Test - a tester is only given the name of the enterprise that’s being targeted. This gives security personnel a real-time look into how an actual application assault would take place.
Double Blind Test - security personnel have no prior knowledge of the simulated attack.
Targeted Testing - In this scenario, both the tester and security personnel work together and keep each other appraised of their movements.
The main objective of penetration testing is to determine security weaknesses.
Next Encryption
Encryption
Encryption is the process of converting data to an unrecognizable or "encrypted" form.In encryption the information or message, referred to as plaintext, is encrypted using an encryption algorithm – a cipher – generating ciphertext that can be read only if decrypted.
Cryptography
Cryptography or Cryptology is from the Greek words κρυπτός kryptós, "hidden, secret"; and γράφειν graphein, "to write", or -λογία -logia, "study" Cryptology is the study of codes, or the art of writing and solving them.Cryptanalysis
Cryptanalysis (from the Greek kryptós, "hidden", and analýein, "to loosen" or "to untie") is the study of analyzing information systemsin order to study the hidden aspects of the systems. Cryptanalysis is used to breach cryptographic security systems and gain access to the contents of encrypted messages.Encryption
Encryption is the process of converting plain text into something that appears to be random sometimes called ciphertext.Decryption
Decryption is the process of converting ciphertext back into plaintext. A Key is often used to create secret codes.Types of Encryption
Asymmetric-key - or Public Key the encryption key is published or public for anyone to use and encrypt messages. However, only the receiving party has access to the decryption key that is private and enables messages to be read.Symmetric-key - Private or Secret Key the encryption and decryption keys are the same. Communicating parties must have the same key in order to achieve secure communication.
Examples of asymmetric systems include RSA (Rivest-Shamir-Adleman), and ECC (Elliptic Curve Cryptography). Symmetric models include AES (Advanced Encryption Standard) and DES (Data Encryption Standard).
Hashing - or a Hash Function is the transformation of a string of characters into a usually shorter fixed-length value or key it is always a one-way operation.
(MACs) Message authentication codes - are much like cryptographic hash functions, except that a secret key can be used to authenticate the hash value.
