Introduction to Ethical Hacking
Download as PPTX, PDF0 likes40 views
This document provides an introduction to ethical hacking. It discusses key concepts like security fundamentals, risks, assets, threats and vulnerabilities. It defines exploits and risk assessment. It also covers topics like backup risks, quantitative risk assessment processes, and security testing which is a core responsibility of ethical hackers. The goal is to teach students how to protect enterprise data, applications and networks from hackers by developing cyber defense capabilities through ethical hacking techniques and methods.
Introduction to Ethical Hacking
- 1. Master Ethical System Hacking By Mohsin Baig
- 4. Learn How To Protect Enterprise Data, Applications and Networks From Hackers
- 6. Module 1 : Introduction to Ethical Hacking
- 7. 1.0 Introduction to Security Fundamentals • Modern businesses face many challenges from the threat of sophisticated cyber criminals to persistently advanced level threats • Confidentiality, Integrity and Availability form the basic building blocks of effective security measures. • Scope of confidentiality encompasses secrecy and privacy of information. • Physical example of confidentiality: Armed Guards, Locked doors etc • Logical example of confidentiality: Protection of Data in storage and transit
- 8. 1.1 Security Fundamentals • Scope of Integrity encompasses correctness of information • Correctness project’s confidence that the data hasn’t been tampered with or modified to suit certain interests • Integrity of data is projected by two modes: storage and transit • Access and audit controls can protect information in storage controls • Cryptography usage of algorithms can also protect information in storage
- 9. 1.2 Risk, Asset, Threats and Vulnerabilities • Security professionals must have comprehensive understanding about the relationship between Risk, Threats, Assets and Vulnerabilities • Risk can be defined as a measure which highlights the probability of an unwanted event or threat to materialise • Elements of risks encompass: assets, threats and vulnerabilities • Asset can be defined as a item which has economic value and ownership is upheld by an individual or enterprise • Assets can be categorised into the following types: routers, servers, hard drives, laptops etc or virtual such as databases, trade secrets etc
- 10. 1.3 Backup Data Risk • Ethical attackers must also have knowledge in how to protect data • Data can be protected through backup • Backing up data is typically influenced by the following types of factors within the organisation: 1. What will be the Frequency of backups? 2. How much volume of data is to be backed up? 3. What will be the Storage method and transmission method ? 4. How much time is available to perform backup every day
- 11. 1.4 Definition of an Exploit Exploit can be coherently defined as a tool, software, techniques or process which capitalises on a vulnerability that enables access, loss of integrity or denial of service on a computer system. Software by large all have vulnerabilities to some extent and most hackers are aware about the potential vulnerabilities. Many organisations address the vulnerabilities and patches some however are not capable of fixing them due to lack of funding.
- 12. 1.5 Risk Assessment • Process of identifying all the possible security risks, hazards and perform evaluation in order to measure the potential impact if the hazard and risks materialised. • Risk Assessment can be pursued either as Qualitative or Quantitative • Scope of Qualitative risk assessment methods comprise of establishing scenarios to prioritise and identify list of all critical concerns based on scalability. ie “high”, “medium”, “low” risks • Scope of Quantitative risk assessment allocates the financial impact to the asset if the risk or hazard materialises or isn’t managed effectively.
- 13. 1.6 Quantitative Risk Assessment Process QRA utilises the following steps when assigning the monetary value to the asset: Step 1: Investigate the single loss expectancy (SLE) Step 2: Calculate the annual rate of occurrence (ARO) Step 3: Calculate the annual loss expectancy (ALE) (ALE = SLE x ARO)
- 14. 1.7 Security Testing • Core responsibility performed by ethical hackers • Tests are established in a unique process to ensure ethical hackers have no means of having any knowledge or partial knowledge with regards to the IT product or system which is the subject of an target of evaluation (TOE) • Core intent of the ethical hacker to comprehensively test the TOE with encompassing it security controls and identify all levels of vulnerabilities within the TOE.