2. Information Security Triad
The three letters in "CIA triad" stand for Confidentiality, Integrity, and
Availability. The CIA triad is a common model that forms the basis for the
development of security systems. They are used for finding vulnerabilities
and methods for creating solutions.
Confidentiality
Integrity
Availability
3. CONFIDENTIALITY
Confidentiality involves the efforts of an organization to make sure data is
kept secret or private. To accomplish this, access to information must be
controlled to prevent the unauthorized sharing of data.
This may involve direct attacks aimed at gaining access to systems the
attacker does not have the rights to see. It can also involve an attacker
making a direct attempt to infiltrate an application or database so they can
take data or alter it.
These direct attacks may use techniques such as man-in-the-middle
(MITM) attacks, where an attacker positions themselves in the stream of
information to intercept data and then either steal or alter it.
4. INTEGRITY
Data must not be changed in transit, and steps must be taken to ensure
data cannot be altered by unauthorized people (for example, in a breach of
confidentiality).
Integrity involves making sure your data is trustworthy and free from
tampering. The integrity of your data is maintained only if the data is
authentic, accurate, and reliable.
Compromising integrity is often done intentionally. An attacker may
bypass an intrusion detection system (IDS), change file configurations to
allow unauthorized access, or alter the logs kept by the system to hide the
attack. Integrity may also be violated by accident. Someone may
accidentally enter the wrong code or make another kind of careless
mistake.
5. Availability
Availability means information should be consistently and readily
accessible for authorized parties. This involves properly maintaining
hardware and technical infrastructure and systems that hold and display
the information.
his means that systems, networks, and applications must be functioning as
they should and when they should.
Also, individuals with access to specific information must be able to
consume it when they need to, and getting to the data should not take an
inordinate amount of time.
To ensure availability, organizations can use redundant networks, servers,
and applications. These can be programmed to become available when the
primary system has been disrupted or broken.
6. FIVE STAGE OF ETHICAL HACKING
The aim of ethical hacking is to mimic the actions of hackers and identify both
existing and potential vulnerabilities that may arise in the future. To
accomplish this, an ethical hacker undertakes multiple stages of assessment to
gain as much in-depth knowledge of the system as possible.
While the phases discussed in the webinar are from the perspective of a
hacker, King explains that these are the same phases used by a white hat
hacker to test an organization’s network. To put it simply, an attacker uses this
approach to breach the network, while the ethical hacker uses it to protect it.
The following Phases of hacking are as follows:
1. Reconnaissance
2. Scanning
3. Gaining Access
4. Maintaining Access
5. Clearing tracks
7. Reconnaissance
The first phase of ethical hacking is called Reconnaissance. This phase
hacker gathers information about a target before launching an attack.
It is during this phase that the hacker finds valuable information such as
old passwords, names of important employees.
There are two types of reconnaissance methods that has been used by
hackers are as follows:
Active: Directly interacting with the target to gather information about the
target.
Passive: Trying to collect the information about the target without directly
accessing the target. To this purpose, hacker can use social media, public
websites etc.
8. Scanning
hackers are probably seeking any information that can help them perpetrate attack such as
computer names, IP addresses, and user accounts. In fact, hacker identifies a quick way to
gain access to the network and look for information.
This phase includes usage of tools like dialers, port scanners, network mappers, sweepers,
and vulnerability scanners to scan data.
Basically, at this stage, four types of scans are used:
Pre-attack: Hacker scans the network for specific information based on the information
gathered during reconnaissance.
Port scanning/sniffing: This method includes the use of dialers, port scanners, and other
data-gathering equipment.
Vulnerability Scanning: Scanning the target for weaknesses/vulnerabilities.
Information extraction: In this step, hacker collects information about ports, live machines
and OS details, topology of network, routers, firewalls, and servers.
9. Gaining Access
Once ethical hackers expose vulnerabilities through the process’s first and
second hacking phases, they now attempt to exploit them for administrative
access. The third phase involves attempting to send a malicious payload to the
application through the network, an adjacent sub network, or physically using
a connected computer.
An attacker can gain access various attack such as:
Phishing attacks
Brute force attack
Spoofing attack
Man in the middle attack
Dos attack
Session hijacking
Buffer overflow attacks
10. Maintaining Access
Hacker may just hack the system to show it was vulnerable or he can be so
mischievous that he wants to maintain or persist the connection in the
background without the knowledge of the user.
This can be done using Trojans, Rootkits or other malicious files. The aim is
to maintain the access to the target until he finishes the tasks he planned
to accomplish in that target.
A white-hat hacker continuously exploits the system for further
vulnerabilities and escalates privileges to understand how much control
attackers can gain once they pass security clearance.
11. Covering Tracks
Once a hacker has obtained access, they leave no trace to prevent detection by the security
team.
They execute this by deleting cache and cookies, interfering with log files, and closing all
open ports.
This incorporates some of the steps an ethical hacker uses to cover and eliminate their
footprint.
Deleting/corrupting all logs
Changing the values of logs or registries
Removing all of the folders established by the ethical hacker
Uninstalling all the applications
12. Introduction to Cyber Attacks
Brute force attack
Phishing
Phishing 2
DOS
DDOS
Man in the Middle attacks
SQL Injection
Password attack
Insider Threats