3CS204ME24

Ethical Hacking and Vulnerability

Assessment
You will learn :
• What is information security and cybersecurity?
• Objectives of information security, using the CIA triad
• Key elements of cybersecurity
• Risk and the methods to manage risk
• Common misconceptions about the cybersecurity industry
• Importance of laws and ethical considerations for the
cybersecurity industry
• Understanding of Certifications and core skills
• Job Markets
Consider the following instances:
• What if a fraudster sends an email to a person claiming to be
from their bank and asking for their personal identification
number (PIN). Is that a cybersecurity concern?
• What if a private investigator calls an employee of a company to
ask him to print some confidential files and leave the papers in
the mail room them to collect. Is that a cybersecurity concern?
Information Security
• So, In the real world, most attacks typically have some digital
elements as well as some human factors and occasionally a physical
element too.
• Information security focuses on the value of the information we are
trying to protect rather than how we protect it.
Information Security
• Physical security is the practice of
physically protecting assets like
buildings, security cameras,
equipment, and property from
physical threats such as theft,
vandalism, fire, and natural
disasters.
• Cybersecurity is the practice of
protecting and recovering
networks, devices, and programs
from any type of malicious cyber
attack.
• Good security cannot have one
without the other and both must
work towards the same objectives.
Information Security
• According to the National Institute of Standards and Technology
(NIST), information security is: "The protection of information and
information systems from unauthorized access, use, disclosure,
disruption, modification, or destruction in order to provide
confidentiality, integrity, and availability.“
• information security’s objectives are often defined using the CIA
triad as a good starting point.
• C- Confidentiality
• I – Integrity
• A- Availability
CIA triad
• Confidentiality means preventing
information from falling into the
hands of people who do not have
authorization to access the
information.
• Integrity means making sure the
information stays accurate and
consistent, and ensuring that
unauthorized people cannot makes
any changes to the information.
• Availability means timely and
reliable access to and use of the
information when required.
• Confidentiality may be the most important objective for government
intelligence agencies. Think about the lengths they go to in order to keep
information private, such as using bespoke encryption or even lead-lined
brief cases that sink if thrown into a body of water.
• Integrity may be the most important objective for banks. Think about if you
spent USD $10 on a pizza. You would not be particularly concerned about
this transaction being confidential. However, if the transaction is altered
and you end up spending USD $10,000 instead, then you would be in
serious financial trouble.
• Availability may be the most important objective for a website. Think about
if you have a blog. You would not be particularly concerned if it was
confidential or an editor helps correct your spelling. You want it to be there
and available to you any time you want to update and publish it.
Asset
• In cybersecurity, an asset is defined as something that has a value to
its owner.
• Assets can be digital, such as a program, or physical, such as a server,
sensitive information such as databases, research, or records can also
be called information assets.
Key elements
 Undesirable user
Technological leap Business benefit Perceived drawback responses
Automated patch All software is up-to-date Interruptions to use of User does not power
management device down devices

High complexity Harder for attackers to Tedious to use P@ssw0rd!

mandatory passwords guess passwords

Mandatory passwords Passwords cannot be Predictably repetitive PasswordJan to then

expire after 30 days compromised for long PasswordFeb
periods of time

Encrypted emails Attackers cannot read Additional configuration Disable encryption

emails in transit and complexity feature
Risk Management
• A risk is the possibility of something happening with a negative
consequence.
• Managing risk is at the heart of most businesses and the core of many
industries, such as the insurance industry.
• Good businesses understand and manage risks effectively to give
them a competitive advantage.
Risk value = Consequence x Likelihood

• Consequence is the impact and associated damages.

• Likelihood is how often the risk impact occurs.
Risk Management
• Likelihood = Adversary capability x Adversary motivation x
Vulnerability severity
• An adversary is a general term used to describe an entity who wishes
to compromise an information system.
• Vulnerabilities are potential weaknesses within a system that could be
exploited to compromise it.
Common vulnerabilities in computer systems
and networks
Software Vulnerabilities Network Vulnerabilities
Buffer Overflow Man-in-the-Middle (MitM) Attack
SQL Injection Denial of Service (DoS) and Distributed Denial of
Service (DDoS)
Cross-Site Scripting (XSS) IP Spoofing
Cross-Site Request Forgery (CSRF) DNS Spoofing
Command Injection Sniffing/Eavesdropping
Remote Code Execution (RCE) Rogue Access Points
Privilege Escalation
Risk Management
• Let's imagine a bank is being targeted by a criminal gang who is
interested in stealing users' banking login details and passwords.
• The adversary capability could be assessed as medium because the
criminals could use a range of tools and develop their own tools if
required.
• Their motivation could be assessed as high because they could
attempt multiple attacks over a period of time.
• An identified vulnerability could be assessed as high because it is
comparatively easy to exploit.
Misconceptions
• Ethical Hackers are Criminals.
• Ethical Hacking is Easy
• All Hackers are the Same:
• Ethical Hacking is Only About Breaking Into Systems
• Ethical Hackers Have Absolute Knowledge
• Ethical Hacking is Just About Tools
• Ethical Hacking is Illegal.
• Ethical Hackers Only Work for Large Corporations
• Anyone Can Become an Ethical Hacker Quickly
• IT Act, 2000
• Objective: To provide legal recognition for electronic records and
digital signatures, and to facilitate e-commerce in India.
• Key Features:
• Legal Recognition of Electronic Records: Electronic documents and digital
signatures are recognized as valid and enforceable.
• Regulation of Certifying Authorities: Establishes a framework for certifying
authorities that issue digital certificates to authenticate electronic
transactions.
• Cyber Crimes and Penalties: Defines and prescribes penalties for various
cyber crimes, including hacking, identity theft, and cyber fraud.
• IT Act, 2008 (Amendment)
• Objective: To address emerging cyber threats and enhance the
regulatory framework established by the original IT Act.
• Key Features:
• Data Protection and Privacy: Mandates data protection practices and
provides guidelines for handling sensitive personal data.
• Cyber Crimes: Introduces new categories of cyber crimes, such as cyber
terrorism, identity theft, and child pornography, with updated penalties.
• Intermediary Liability: Provides conditions under which intermediaries (e.g.,
ISPs, social media platforms) are granted immunity from liability for third-
party content.
• Corporate Responsibility: Holds companies accountable for failing to protect
sensitive data and inadequate cybersecurity measures.
• Adjudicating Officers and Cyber Appellate Tribunal: Establishes mechanisms
for resolving disputes and appeals related to violations of the Act.
Understanding certifications
• There are a lot of cybersecurity related certifications out there and
many are being developed. Staying on top of these qualifications
might require studying itself!
• Major certification are:
• CompTIA (The Computing Technology Industry Association) Security
• CompTIA CySA+
• The IT-Infrastructure Library certification
• Certified Ethical Hacker(CEH)
• CISSP (Certified Information Systems Security Professional)
• CISM (Certified Information Security Manager)
Understanding Certifications
• CompTIA Security+ is the best certification for entry level
cybersecurity job roles.
• CompTIA Security+ certification is targeted at these job roles:
• systems administrator, network administrator, security administrator, junior
IT auditor or penetration tester, security specialist, security consultant, and
security engineer.
• CySA+ is an IT workforce certification that applies behavioral
analytics to networks and devices to prevent, detect, and combat
cybersecurity threats.
• CompTIA CySA+ certification is targeted at these job roles:
• IT security analyst, SOC analyst, vulnerability analyst, cybersecurity specialist,
threat intelligence analyst, security engineer, cybersecurity analyst, and
security monitoring.
Understanding Certifications
• ITIL is a globally accepted framework of best practice for IT Service
Management (ITSM).
• The ITIL certification scheme provides a modular approach to the ITIL
framework. There is a tiered structure of multiple certifications, for
instance from Foundation to Master level.
• A Certified Ethical Hacker(CEH) is a skilled professional who understands
and knows how to look for weaknesses and vulnerabilities in target systems
and uses the same knowledge and tools as a malicious hacker, but in a
lawful and legitimate manner to assess the security posture of a target
system(s).
• The CEH credential certifies individuals in the specific network security
discipline of Ethical Hacking from a vendor-neutral perspective.
Understanding Certifications
• The CISSP certification validates a practitioner's skills and expertise to
effectively design, implement, and manage a cybersecurity program.
• It is ideal for experienced security practitioners, managers, and executives
interested in proving their knowledge across a wide array of security
practices and principles, including those in the following positions: chief
information security officer, director of security, security analyst, security
architect, security consultant, and many more.
• ISACA offers the CISM certification for practitioners to demonstrate their
proven, multifaceted expertise and ability to understand complex,
challenging security management issues for enterprises.
• Recent independent studies consistently rank CISM as one of the highest
paying and sought after IT certifications.
Core
attributes
and Skills

Source: IBM SkillBuild

US Job Markets
• Cybersecurity job opportunities will grow 35% from 2021 to 2031,
much faster than the average growth rate for all occupations.
• – US Bureau of Labor Statistics
• It's estimated that there are 4.19 million cybersecurity professionals
worldwide, which is an increase of more than 700,000 compared to
2020 data.
• – 2021 (ISC)2 Cybersecurity Workforce Study
• There will be 3.5 million unfilled cybersecurity jobs globally by 2025.
Of these open positions, India is expected to have more than 1.5
million job vacancies in cybersecurity by 2025.
• – Cybersecurity Ventures
Job Roles
• All organizations have some form of information security needs. Data
needs to be protected everywhere! Cybersecurity crosses all
industries.

Some roles may require travel while others

are at a fixed location such as a security
operations center (SOC).
SOC analyst
• In the company's security operations center (SOC), there is an entry
level job role called the SOC analyst.
• It is also known as a cybersecurity analyst or triage analyst.
• Skills : Computer networking and systems administration skills
• What do they do on a typical day?
• Monitor computer network traffic to detect suspicious activity that may indicate the
presence of hackers or malware such as trojans and ransomware.
• Investigate alerts that are triggered by a security incident and event monitoring
(SIEM) tool (such as IBM Security QRadar) when it detects suspicious events to
determine if the alert is a false positive (a false alarm) or a true positive (a real-life
security incident that needs to be addressed). If a true positive alert, then this
involves identifying the context, cause, and impacted user(s).
• Evaluate the severity of security incident and assign the appropriate risk rating to
these incidents (e.g., low or high severity).
• Escalate high severity incidents to the incident responder.
Incident responder
• It is also known as incident response analyst.
• Skills
• Computer networking and systems administration skills
• Familiarity with the company and corporate policies (e.g., data, privacy, legal)
• Remediation skills to select the right technical and non-technical corrective actions
• What do they do on a typical day?
• Scope the extent of a cybersecurity incident.
• For example, if malware is detected on one person's workstation computer in a human
resources department, then has it spread to any other computers in that department? Has it
spread to other parts of the company? Has its malicious behavior been contained by
automated defenses (such as anti-virus software and firewalls) or has it compromised
company assets?
• Plan remediation based on the scope of the cybersecurity incident.
• This involves researching the nature of the incident (e.g., what type of malicious behavior is
targeted by malware) and determining how best to respond to it.
• Implement remediation with appropriate teams such as opening IT tickets to re-image
infected computers, educating end users on how to avoid clicking on phishing email
attachments, or communicating the extent of a data breach to appropriate executives in a
timely manner.
Threat hunter
• It is also known as a threat analyst.
• Skills:
• Computer networking and systems administration skills
• Understanding sources of threat intelligence information and implementing
automation to detect suspicious behavior
• What do they do on a typical day?
• Proactively research the "threat landscape" by continuously monitoring various
threat resources, such as IBM X-Force Exchange.
• Evaluate which new and emerging threats are highest risk to their organization based
on criteria such as the industries targeted, vulnerabilities exploited, and tactics
employed by the threats.
• Respond to these threats by:
• Implementing system configuration changes.
• Programming automation in security tools to automatically detect activity that is
characteristic of these threats.
• Sensitizing the organization to potential attacks.
 Additional Job Roles
Additional Jobs Major Tasks and Responsibility
Cybersecurity analyst Monitor systems for unusual activities or potential security breaches,
create defensive strategies
Cybersecurity engineer To design, build, and maintain security architectures to protect sensitive
information from cyberthreats,
Do the routine testing and simulations to identify and mitigate
vulnerabilities
Network security architect designs a secure computer network that can withstand various
cyberthreats, help to recover the network if a security breach occurs.
Security software Integrate security measures into all stages of the software development
developer lifecycle (SDLC), updating and patching existing software to reinforce its
defenses as new threats emerge.
Penetration tester (Ethical Simulate real hacking techniques to find vulnerabilities in an organization’s
Hacker) digital systems that attackers can exploit, They report their findings to the
organization so that it can address discovered vulnerabilities
Malware analyst Investigates suspicious files or programs that they think might be malware
Digital forensics Use forensic tools to retrieves, examines, and analyses digital evidence to
investigator investigate cybercrimes
Ethical Hacking and Vulnerability Assessment
• Ethical hacking, also known as penetration testing or white-hat hacking,
refers to the practice of intentionally probing computer systems, networks,
and applications to find security vulnerabilities that could be exploited by
malicious hackers.
• The goal of ethical hacking is to identify and fix these vulnerabilities before
they can be used for unauthorized purposes.
• Vulnerability Assessment is the process of identifying, quantifying, and
prioritizing (or ranking) the vulnerabilities in a system.
• The goal is to determine the weaknesses that could be exploited by threats
and to assess the potential impact on the system.
• Key components: {Asset, Threat, Vulnerability} Identification, Risk
Assessment, Prioritization of Vulnerabilities, Reporting.