Unit- 3

Ethical Hacking and Social Engineering

Ethical Hacking Concepts and Scopes:

Ethical hacking, also known as penetration testing or white hat hacking, involves authorized and legal
attempts to identify vulnerabilities in computer systems, networks, or applications.
Ethical hackers use their skills and knowledge to assess the security posture of organizations, find
weaknesses, and provide recommendations for improvement.
The scope of ethical hacking typically includes testing networks, applications, infrastructure, wireless
networks, and social engineering.
It is an act of penetrating networks or systems to find out threats and vulnerabilities in that system
which the attacker would have exploited and caused the loss of data, financial loss or other major
damages to a business.
Purpose of Ethical hacking
The purpose of Ethical hacking is to build the security of the system or network by settling the
vulnerabilities which are detected while testing. Ethical hackers may use the same techniques and
mechanisms used by malicious hackers but with the permission of the authorized person, the Ethical
hackers help to develop the security and defend the systems from attacks.
Why Ethical Hacking is important?
When the Ethical hacker finds a vulnerability, he will inform the issues and advise how to fix the
problem. The company employs an Ethical hacker to protect and secure their data. The Ethical
hacker’s tests do not always mean a system is attacked by malicious attackers. Sometimes, it means
the hacker is preparing and protecting their data in precaution. Some of the advanced attacks caused
by hackers include: -
Piracy
Vandalism
Credit card theft
Theft of service
Identity theft
Manipulation of data
Denial-of-service Attacks
These types of cyberattacks, hacking cases are increased because of the huge usage of online services
and online transactions in the last decade.
Phases of Ethical Hacking: -
The phases of Ethical Hacking: -
Scanning
Footprinting & Reconnaissance
 Enumeration
System Hacking
Escalation of Privileges
Covering Track
Skills of an Ethical Hacker
A skilled Ethical Hacker should hold a collection of technical and non-technical skills.
Technical Skills
1. The Ethical Hackers must have strong knowledge in all Operating Systems like Windows,
Linux, and Mac.
2. The Ethical Hackers should be skilled with Networking and have a strong knowledge of
basic and detailed concepts in technologies, software, and hardware applications.
3. Ethical Hackers must know all kinds of attacks.
Non-Technical Skills
1. Communication Skills
2. Learning Ability
3. Problem-solving skills
4. Proficient in the security policies
5. Awareness of laws, standards, and regulations.
Scope of Ethical Hacking: -
Ethical hacking is generally used as penetration testing to detect vulnerabilities, risk and identify the
loopholes in a security system and to take corrective measures against those attacks.
Ethical hacking is a key component of risk evaluation, auditing, and counter -frauds. The scope for
the Ethical Hackers is high and it is one of the rapidly growing careers at present as many malicious
attackers cause a threat to the business and its networks. Industries like Information Technology and
Banking Sectors hire several Ethical hackers to protect their data and infrastructure. Also, in the
upcoming days, the demand for this profile is going to be high compared to other profiles due to an
increased threat of vulnerabilities.
What are Ethical Hacking Scopes?
Information Security Analyst.
Cyber Security Analyst.
Security Engineer.
Penetration Tester.
Security Analyst.
Information Security Manager.
Cyber Security Engineer.
What are Threats and Attack Vectors in cyber security?
Threats in the context of ethical hacking refer to potential risks or vulnerabilities that can be
exploited by attackers to compromise systems or networks.
Attack vectors are the specific methods or techniques used by attackers to carry out an attack. They
can include exploiting software vulnerabilities, using social engineering tactics, leveraging weak
passwords, or conducting phishing attacks.
1. An attack vector is a pathway or method used by a hacker to illegally access a network or
computer in an attempt to exploit system vulnerabilities.
2. Hackers use numerous attack vectors to launch attacks that take advantage of system
weaknesses, cause a data breach, or steal login credentials.
Passive Attack - A passive attack occurs when an attacker monitors a system for open ports
or vulnerabilities to gain or gather information about their target. Passive attacks can be
difficult to detect because they do not involve altering data or system resources.
Active Attack - An active attack vector is one that sets out to disrupt or cause damage to
an organization’s system resources or affect their regular operations. This includes attackers
launching attacks against system vulnerabilities, such as denial-of-service (DoS) attacks,
targeting users’ weak passwords, or through malware and phishing attacks.
Write common types of cyber attack vectors?
1. Malicious Insiders
A malicious insider is an employee who exposes private company information and/or exploits
company vulnerabilities.
2. Missing or Poor Encryption
Data encryption translates data into another form that only people with access to a secret key or
password can read. Encrypted data is commonly referred to as ciphertext, while unencrypted data is
called plaintext. The purpose of data encryption is to protect digital data confidentiality.
Missing / poor encryption leads to sensitive information including credentials being transmitted either
in plaintext, or using weak cryptographic ciphers or protocols.
3. Weak and Stolen Credentials
Weak passwords and password reuse make credential exposure a gateway for initial attacker access
and propagation.
Apps and protocols sending login credentials over your network pose a significant security threat. An
attacker connected to your network can easily locate and utilize these credentials for lateral
movement.
For example, in the Target attack, adversaries were able to steal Active Directory credentials and
propagate their attack into the enterprise payment network.
4. Phishing
Phishing is a cybercrime tactic in which the targets are contacted by email, telephone or text message
by someone posing as a legitimate institution to lure individuals into providing sensitive data such as
personally identifiable information, banking and credit card details, and passwords.
5. Ransomware
Ransomware is a form of cyber-extortion in which users are unable to access their data until a ransom
is paid. Users are shown instructions for how to pay a fee to get the decryption key.
6. Misconfiguration
Misconfiguration is when there is an error in system configuration.
What is Information Assurance (IA)?
Information assurance focuses on protecting the confidentiality, integrity, and availability of
information and ensuring its reliability.
It involves implementing security controls, policies, and procedures to mitigate risks and protect
sensitive data from unauthorized access, modification, or disclosure.
1. Information Assurance (IA) is the practice of managing information-related risks and the
steps involved to protect information systems such as computer and network systems.
2. Information assurance is the practice of assuring information and managing risks related
to the use, processing, storage, and transmission of information.
3. Information assurance includes protection of the integrity, availability, authenticity and
confidentiality of user data.
pillars of Information Assurance:
1. Integrity
2. Availability
3. Authentication
4. Confidentiality
5. Non repudiation
Integrity
Integrity involves assurance that all information systems are protected
Availability
Availability means those who need access to information, are allowed to access it. Information should
be available to only those who are aware of the risks associated with information systems.
Authentication
Authentication involves ensuring those who have access to information are who they say they are.
authentication include methods such as two-factor authentication, strong passwords, biometrics, and
other devices.
Confidentiality
IA involves the confidentiality of information, meaning only those with authorization may view
certain data.
Non repudiation
Assurance that the sender of information is provided with proof of delivery and the recipient is
provided with proof of the sender's identity
Threat Modelling:
Threat modelling is a systematic approach used to identify and analyze potential threats and
vulnerabilities to a system or application.
It involves identifying potential attackers, their motivations, and the methods they might use to
compromise security.
By understanding the threats, organizations can design and implement appropriate security controls
to mitigate the risks effectively.
Enterprise Information Security Architecture:
Enterprise information security architecture refers to the design and structure of an organization's
security infrastructure.
It involves creating a comprehensive framework that defines the security controls, policies, and
technologies used to protect the organization's assets and systems.
The architecture should align with the organization's goals, comply with relevant regulations, and
provide a robust defense against threats.
What is vulnerability assessment in cyber security?
Vulnerability assessment involves identifying and assessing vulnerabilities in systems, networks, or
applications.
It typically involves scanning systems for known vulnerabilities, analyzing the results, and providing
recommendations for remediation.
A vulnerability assessment is the testing process used to identify and assign severity levels to as many
security defects as possible in a given timeframe.
A vulnerability assessment is a systematic review of security weaknesses in an information system.
It evaluates if the system is susceptible to any known vulnerabilities, assigns severity levels to those
vulnerabilities, and recommends remediation or mitigation, if and whenever needed.
Penetration Testing in cyber security?
A penetration test (pen test) is an authorized simulated attack performed on a computer system to
evaluate its security. Penetration testing goes a step further by simulating real-world attacks to test
the effectiveness of security controls and identify potential weaknesses. Penetration testers use the
same tools, techniques, and processes as attackers to find and demonstrate the business impacts of
weaknesses in a system.
Penetration Testing is the method to evaluate the security of an application or network by safely
exploiting any security vulnerabilities present in the system. These security flaws can be present in
various areas such as system configuration settings, login methods, and even end-users risky
behaviors.
Insider Attack:
Insider attacks refer to security breaches or malicious activities conducted by individuals who have
authorized access to systems or networks.
Insiders may abuse their privileges, steal data, compromise systems, or cause damage from within
the organization.
An insider threat is a security risk that originates from within the targeted organization. It typically
involves a current or former employee or business associate who has access to sensitive information
or privileged accounts within the network of an organization, and who misuses this access.
Preventing Insider Threats:
Preventing insider threats involves implementing security measures and controls to detect and
mitigate the risks associated with trusted individuals within the organization.
This includes implementing access controls, monitoring user activities, conducting background
checks, enforcing separation of duties, and providing security awareness training.
1. Security Policy: One of the best ways to prevent insider threats is to include procedures in your
security policy to prevent and detect misuse.
2. Physical Security: One of the best ways to prevent insider theft is to physically keep employees
away from your critical infrastructure. Giving your employees a place to lock up their sensitive
information.
3. Use Multifactor Authentication: Implementing strong, multifactor authentication measures to
extremely sensitive applications within your company.
4. Segment LANs: It can be very difficult to find the many choke points inside LANs so instead,
segment LANs with firewalls which will create a zone of trust at all points that each LAN connects
with the corporate LAN.
5. Seal Information Leaks: can also use software that will scan your policy and alert you when
employees violate this policy on your network. There is also software available that will scan the text
of outgoing emails to ensure that your employees are not sharing company secrets.
6. Investigate Unusual Activities: Many times, an employee betrays a company’s trust, they don’t
expect to get cause because most companies are too busy looking for outside threats. there are
monitoring laws so make sure you familiarize yourself with these laws before you break any of them.
7. Implement Perimeter Tools & Strategies: Make sure you patch web and email servers and get
rid of any unused services. Also, try locking down configurations to increase your security protocol.
Types of Social Engineering:
Social engineering is a technique used by attackers to manipulate individuals and trick them into
revealing sensitive information or performing actions that could compromise security.
Social engineering is a manipulation technique that exploits human error to gain private information,
access, or valuables. social engineering attackers have one of two goals:
1. Sabotage: Disrupting or corrupting data to cause harm or inconvenience.
2. Theft: Obtaining valuables like information, access, or money.
Common types of social engineering include phishing, pretexting, baiting, tailgating, and shoulder
surfing.
Social Engineering Targets/ Attacks and Defence Strategies:
Social engineering targets individuals' psychology and exploits their trust, curiosity, or willingness
to help.
1. Pretexting: Pretexting is another form of social engineering where attackers focus on creating a
pretext, or a fabricated scenario, that they can use to steal someone’s personal information.
2. Phishing: Phishing is a cybercrime tactic in which the targets are contacted by email, telephone or
text message by someone posing as a legitimate institution to lure individuals into providing sensitive
data such as personally identifiable information, banking and credit card details, and passwords.
3. Baiting: Baiting attacks may leverage the offer of free music or movie downloads to trick users
into handing their login credentials.
4. Quid Pro Quo: quid pro quo attacks promise something in exchange for information.
5. Tailgating (piggybacking): It is a type of physical security breach in which an unauthorized person
follows an authorized individual to enter secured premises.
Defence strategies against social engineering include employee awareness and training programs,
strict access controls, multifactor authentication, incident response plans, and regular security
assessments.
Organizations should also implement strong policies regarding information sharing, privacy, and
employee conduct to mitigate the risks associated with social engineering attacks.
1. Educate Yourself
2. Be Aware of The Information You’re Releasing
3. Determine Which of Your Assets Are Most Valuable to Criminals
4. Write A Policy and Back It Up with Good Awareness Training
5. Keep Your Software Up to Date
6. Give Employees A Sense of Ownership When It Comes to Security
7. When Asked for Information, Consider Whether the Person You’re Talking to Deserves the
Information They’re Asking About