Elements of Information Security:
Confidentiality:
Assurance that the
information is accessible only to those authorized to have access.
Confidentiality breaches may occur due to improper data handling or a
hacking attempt.
Integrity:
The trustworthiness
of data or resources in terms of preventing improper and unauthorized
access. Assurance that information can be relied upon to be
sufficiently accurate for its purpose.
Availability:
Assurance that the
systems responsible for delivering, storing and processing
information are accessible when required by the authorized users.
Level of security in
any system can be defined by the strength of three components,
Security
Functionality
Usability
Effects of Hacking:
Damage to
information and theft of information
Attackers may steal
corporate secrets and sell them to competitors, compromise critical
financial information, and leak to the rivals.
Who is a Hacker?
Intelligent
individuals with excellent computer skills, with the ability to
create and explore into the computer’s software and hardware.
For some hackers,
hacking is a hobby to see how many computers or networks they can
compromise.
Their intention can
either be to gain knowledge or to poke around to do illegal things.
Some do hacking with
malicious intent behind their escapades, like stealing business data,
credit card information, social security numbers, email passwords
etc.
Hacker Classes:
Black Hats:
Individuals with extraordinary computing skills, resorting to
malicious or destructive activities and are also known as crackers.
White Hats:
Individuals professing hacker skills and using them for defensive
purpose and are also known as security analysts.
Gray Hats:
Individuals who work both offensively and defensively at various
times.
Suicide Hackers:
Individuals who aim to bring down critical infrastructure for a
“cause” and are not worried about facing 30 years in jail for
their actions.
Hacktivism:
Hacktivism is an act
of promoting a political agenda by hacking, especially by defacing or
disabling website.
Common targets
include government agencies, multinational corporations, or any other
entity perceived as bad or wrong by these groups or individuals.
It remain a fact,
however, that gaining unauthorized access is a crime, no matter what
the intention is.
Hacking Phases:
Reconnaissance:
- Reconnaissance
refers to the preparatory phase where an attacker seeks to gather
information about a target prior to launching an attack.
- Reconnaissance
target range may include the target organization’s clients,
employees, operations, network and systems.
- Passive
Reconnaissance: Passive reconnaissance involves acquiring
information without directly interacting with the target. Eg.,
Searching public records or news releases.
- Active
Reconnaissance: Active reconnaissance involves interacting with the
target directly by any means. Eg., Telephone calls to the help desk
or technical department.
Scanning
- Pre-Attack Phase:
Scanning refer to the pre-attack phase when the attacker scans the
network for specific information on the basis of information gathered
during reconnaissance.
- Port Scanner:
Scanning can include use of dialers, port scanners, network mapping,
sweeping, vulnerability scanners, etc.
- Extract Information:
Attackers extract information such as computer name, IP address and
user accounts to launch attack.
Gaining Access
- Gaining access
refers to the point where the attacker obtains access to the
operating system or applications on the computer or network.
- The attacker can
escalate privileges to obtain complete control of the system. In the
process, intermediate systems that are connected to it are also
compromised.
- The attacker can
gain access at the operating system level, application level, or
network level.
Maintaining Access
- Maintaining access
refers to the phase when the attacker tries to retain his or her
ownership of the system.
- Attackers may
prevent the system from being owned by the other attackers by
securing their exclusive access with Backdoors, Rootkits, or Trojans.
- Attackers use the
compromised system to launch further attacks.
Clearing Track
- Covering tracks
refers to the activities carried out by an attacker to hide malicious
acts.
- The attacker’s
intentions include: Continuing access to the victim’s system,
remaining unnoticed and uncaught, deleting evidence that might lead
to his prosecution.
- The attacker
overwrites the server, system and application logs to avoid
suspicion.
Why Ethical hacking
is necessary?
As hacking involves
creating thinking, vulnerability testing and security audits cannot
ensure that the network is secure.
To achieve this,
organizations need to implement a “defense in depth” strategy by
penetrating into their network to estimate vulnerabilities and expose
them.
Ethical hacking is
necessary because it allows the countering of attacks from malicious
hackers by anticipating methods they can use to break into a system.
Scope and
Limitations of Ethical Hacking:
- Ethical hacking is a
crucial component of risk assessment, auditing, counterfraud, best
practices and good governance.
- It is used to
identify risks and highlight the remedial actions and also reduces
information and communications technology costs by resolving those
vulnerabilities.
- An ethical hacker
thus can only help the organization to better understand their
security system, but it is up to the organization to place the right
guards on the network.
- However, unless the
business first know what it is at that they are looking for and why
they are hiring outside vendor to hack systems in the first place,
chances are there would not be much to gain from the experience.
Essential Terminologies:
Hack Value: It is
the notion among hackers that something is worth doing or is
interesting.
Target of
Evaluation:
An IT system,
product, or component that is identified/subjected to a required
security evaluation.
Attack:
An assault on the
system security derived from an intelligent threat. An attack is any
action violating security.
Exploit:
A defined way to
breach the security of an IT system through vulnerability.
A zero-day:
A computer threat
that tries to exploit computer application vulnerabilities that are
unknown to others or undisclosed to the software developer.
Security:
A state of
well-being of information and infrastructure in which the possibility
of theft, tempering and disruption of information and services is
kept low or tolerable.
Threat:
An action or event
that might compromise security. A threat is a potential violation of
security.
Vulnerability:
Existence of a
weakness, design or implementation error that can lead to an
unexpected and undesirable event compromising the security of the
system.
Daisy Chaining:
Hackers who get away
with database theft usually complete their task, then backtrack to
cover their tracks by destroying logs, etc.