Centre for Cyberspace Studies

Nasarawa State University, Keffi

CCS 714

Introduction to Ethical Hacking

Kulugh, V. E. PhD
Overview of Cybersecurity – Definition of Concepts
❑Cyberspace – separate interdependent information
Infrastructure and networks, including the Internet,
telecoms, computer systems and embedded processors
and controllers without regard to physical geography or
boundary.

❑It is a realm in which communication and interaction

between two individuals or between an individual and a
computer system is facilitated by digital data exchanged
over computer networks
Overview of Cybersecurity – Definition of Concepts
Cybersecurity
▪ It is essentially the security of the cyberspace.

▪ It refers to the practice of protecting digital systems and

sensitive information (digital assets) from attacks that
compromise, degrade, or corrupt the digital assets of entities
(individuals, organisations, nations, etc).

▪ Methods applied to ensure that information infrastructure and

resources are not compromised, damaged or abused.

▪ The ongoing effort to protect individuals, organizations and

governments from digital attacks by protecting networked
systems and data from unauthorized use or harm.
 Concepts
Any circumstance or event A deliberate exploitation of
A hardware or The action that a threat
(Intentional or unintentional) information systems and
software component performs, apart from its main
with the potential to harm an networks done by malicious
owned by an entity behaviour or is the component
information system through actors with the intention of
that forms part of its of the attack which causes
unauthorized access, disrupting or compromising the
attack surface. harm to the victim
destruction, disclosure, normal operations of the
modification of data, and/or system.
denial of service.

3 7
1 5
Attack
Assets Vulnerability Threats Cyberattack Exploit Payload
vector

2 4 6

An exploit is a piece of
Weaknesses, flaws or errors in a pathway or method used by a software, data or sequence of
technology, people or procedures hacker to illegally access a commands that takes advantage
that can be exploited by threat network or computer in an of a vulnerability to cause
actors to compromise, degrade or attempt to exploit system unintended behavior or to gain
abuse information resources. vulnerabilities. Example, unauthorized access to sensitive
malware, USB, etc data
 Concepts
Cyber Risk: the potential of loss or harm related to
technology/cyber infrastructure within an organisation.
Risk exist as a result of the
interaction/intersection between
Vulnerability vulnerability, threats and the assets.
It is expressed as the product of
Risk
vulnerability, threats and assets, i.e.

Risk = vulnerability X Threats X

Asset Threat Assets
Fundamental Principles of Protecting Information systems

The goals of securing digital assets of any entity is to ensure their confidentiality,
integrity and availability (CIA). This can be extended to cover non-repudiation and
authenticity.

Confidentiality
Non-Repudiation

Integrity

Cybersecurity
Goals

Authenticity
Availability
Fundamental Principles of Protecting Information systems
▪ Confidentiality is a set of rules that prevents sensitive information from
being disclosed to unauthorized people, resources and processes.
Methods to ensure confidentiality include data encryption, identity
proofing and two-factor authentication.
▪ Integrity ensures that system information or processes are protected
from intentional or accidental unauthorized modifications. One way to
ensure integrity is to use a hash function or checksum.

▪ Availability means that authorized users are able to access systems and
data when and where needed and those that do not meet established
conditions, are not. This can be achieved by maintaining
equipment, performing hardware repairs, keeping operating systems
and software up to date, and creating backups.
Fundamental Principles of Protecting Information systems
▪ Authenticity: The assurance that the information
communicated is genuine. It addresses the fact that
the source of the information as claimed is genuine.

▪ Non-Repudiation: Also refers to as auditability or

accountability is the assurance that the sender cannot
deny sending a message neither can the receiver deny
receiving the message
The Security Measures for Protecting Information
The people, Process and Technology (PPT) Framework is applied to address
cybersecurity wholistically from an organisational context. It addresses the
vulnerabilities that exist in 3 key elements that form the cybersecurity ecosystem,
namely: People, Process and Technology. Policy and procedure refer to the
The weaknesses in humans administrative controls that provide a
through emotions, foundation for how an organization
knowledge, greed, etc Process implements information assurance, such
constitutes a vulnerability. as incident response plans and best
This can be addressed practice guidelines.
through: Awareness,
training and education are People Technology Technology refers to the software- and
the measures put in place hardware-based solutions that are
by an organization to ensure deployed to support the organisation to
that users are efficiently and effective achieve her
knowledgeable about goals. It is inherently vulnerable to cyber
potential security threats attacks. There are technology solutions
and the actions they can
designed to protect information systems
take to protect information
such as firewalls, anti-malware, etc
Technology - Cyber Threat Environment
The totality of the cyber threat environment in organisations, regions or the entire globe

Network security Mobile security

Application security Cloud security

Operating system
End point security security

Data security Physical security

Critical information
Identity management infrastructure security
Technology - Threats Categorisation – Network Threats
▪ Information gathering
▪ Sniffing and eavesdropping
▪ Spoofing
▪ Session hijacking and man-in-the-middle attack
▪ DNS and ARP Poisoning
▪ Password-based attacks
▪ Denial-of-Service attack
▪ Compromised-key attack
▪ Firewall and IDS attacks
Technology - Threats Categorisation – End-Points Threats
▪ Malware attacks
▪ Footprinting
▪ Password attacks
▪ Denial-of-Service
▪ attacks
▪ Arbitrary code
▪ execution
▪ Unauthorized access
▪ Privilege escalation
▪ Backdoor attacks
▪ Physical security threats
Technology - Threats Categorisation – Applications and OS Threats
▪ Improper data/input validation
▪ Authentication and Authorization attacks
▪ Security misconfiguration
▪ Information disclosure
▪ Broken session management
▪ Buffer overflow issues
▪ Cryptography attacks
▪ SQL injection
▪ Improper error handling and exception management
Network Basics Benefits of a Computer
Network Network
▪A network is a connection ▪ Cost-effective resource
sharing.
of two or more computing
devices through a media. ▪ Improving storage efficiency
and volume.

▪Internetwork ▪ Access flexibility.

Is the interconnection of ▪ Utilize a Centralized
two or more networks to Database.
form a bigger network.
▪ Securing valuable
information.
Types of Networks – cont’d

Types of Computer
Local Area Networks
Network
Metropolitan
Area Network

LAN CAN WAN MAN SAN

Wide Area Storage Area

Campus Area Network Network
Network
Types of Networks – LAN
LAN is a group of computers connected to each other in a small area such as
building or an office. Communication in LAN is through medium such as twisted
pair, coaxial cable, etc. it is built with inexpensive hardware such as hubs,
network adapters, and ethernet cables. Data transferred rate is extremely fast
in LAN and provides higher security.
Local Area Network
Types of Networks – CAN
CAN is a network that spans a limited geographic area, usually;
bigger than a LAN but smaller than the WAN and MAN.
▪ CANs interconnect multiple LANs within an educational or corporate
campus.
▪ Unlike LANs, most CANs connect to the public Internet.
▪ Typically, the organization that owns the campus also owns and
operates all the networking equipment and infrastructure for the CAN.
▪ In contrast, MANs and WANs may combine infrastructure operated by
several different providers.
Types of Networks – MAN
MAN is a network that covers a LAN -1

larger geographic area, like an

LAN -4
entire city or metropolis. It is
formed by connecting several LANs
through telecommunication
infrastructure (telephone exchange
line). Data transmission rate is not
as fast as in LAN and is less secured LAN -2
compared to LAN
LAN -3
Types of Networks – WAN
WAN is a network that extends over a wide area network
large geographical area such as across
cities, states or countries. It is bigger
than LAN and MAN and involves the
connection of several LANs/MANs via
telephone line, fibre optic cable or
satellite links, etc. WAN is used in
business, government, education, etc.
The internet is one of the biggest WAN
in the world.
Types of Networks – SAN
SAN is a specialized, high-speed
network that provides network access
to storage devices. They composed of
hosts, switches, storage elements, and
storage devices that are interconnected
using a variety of technologies,
topologies, and protocols.
SAN presents storage devices to a host
in a manner that the storage appears to
reside on the host.
Network Topologies

Network
Topologies

Point-to- Daisy
point BUS Star Ring Tree Chain Hybrid
Mesh
Network Topology – point-to-point

Point-to-point networks contains exactly two hosts such as

computer, switches or routers, servers connected back to back
using a single piece of cable. Often, the receiving end of one host
is connected to sending end of the other and vice-versa.
If the hosts are connected point-to-point logically, they may have
multiple intermediate devices. But the end hosts are unaware of
underlying network and see each other as if they are connected
directly.
Network Topology – Bus
▪ All connected nodes share single
communication line.
▪ There is problem of collision when multiple
hosts send data at the same time.
▪ To resolve this problem, Bus topology uses:
▪ CSMA/CD technology,
▪ or recognizes one host as Bus Master.
▪ Failure of one node does not affect the other
devices.
▪ However, failure of the shared
communication line can disrupt the entire
network
 Network Topology – star
All hosts in Star topology are connected to a central
device. The hub device can be any of the following:
hub or repeater; switch or bridge; router or gateway

As in Bus topology, hub acts as single point of failure.

If hub fails, connectivity of all hosts to all other hosts
fails.

Communication between hosts takes place through

only the hub.

Star topology is inexpensive, to connect one more

host, only one cable is required and configuration is
simple.
 Network Topology – Ring
In ring topology, each node connects to exactly two
other nodes, creating a circular network structure.

When one host tries to communicate or send message

to a host which is not adjacent to it, the data travels
through all intermediate hosts. To connect one more
host in the existing structure, the administrator may
need only one more extra cable.

Failure of any host results in failure of the whole ring.

Thus, every connection in the ring is a point of failure.
To resolve this point of failure issue, one more backup
ring is used
 Network Topology – Mesh
This supports the connection one node to one or multiple hosts.
This topology has hosts in point-to-point connection with every

other host may also have hosts which are in point-to-point

connection to few hosts only. It comes in two variants:

•Full Mesh: All hosts have a point-to-point connection to every

other host in the network. It provides the most reliable network
structure among all network topologies.

•Partially Mesh: Not all hosts have point-to-point connection to

every other host. Hosts connect to each other in some arbitrarily
fashion. This topology exists where we need to provide reliability
to some hosts out of all.
Network Topology – Tree or Hierarchical
This is built as an extended Star topology and
inherits some properties of bus topology. It
supports the division of a network into multiple
layers. Mainly in LANs, a network is bifurcated
into three types of network devices. The
lowermost is access-layer where computers are
attached. The middle layer is known as
distribution layer, which works as mediator
between upper layer and lower layer. The
highest layer is known as core layer, and is
central point of the network, i.e. root of the tree
Network Topology – Daisy Chain

The daisy chain connects nodes in a linear pattern. Similar to

Ring topology, each host is connected to two hosts only, except
the end hosts. Means, if the end hosts in daisy chain are
connected then it forms a Ring topology.
Each link in daisy chain represents single point of failure. Every
link failure splits the network into two segments. Every
intermediate host works as relay for its immediate hosts.
Network Topology – hybrid
A combination of multiple network
topologies to build a single network.
It inherits the advantages and
disadvantages of the various
topologies forming the hybrid topology
network. WANs, MANs and the Internet
are built on this model.
 Open System Interconnection (OSI) Reference Model
The OSI reference model was created by the
International organisation for standardization for
the following purposes:

i. standardize data networking protocols to

allow communication between all networking
devices
ii. Provides a model for software/hardware
vendors to create products that can
interoperate on the networks. E.g. IBM
products communicate with CISCO
equipment
iii. Help network administrators determine easily
the hardware/software requirements for
building a network.
iv. Provide a teaching/learning tool that enables
the understanding of the communication
process used between networking
components
v. Makes troubleshooting easier for network
administrators
Application - Physical - All People Seem To Need Data Processing Physical – Application - Please Do Not Throw Sausage Pizza Away
 Open System Interconnection (OSI) Reference Model
# Layer Function Data units Hardware Protocols
7 Application Provides network interface for application Message/Data Gateway DHCP, HTTP, HTTPS, FTP,
telnet, SMTP, SNMTP, etc.
6 Presentation Translates data format to ensure that Message/Data Gateway, TLS, SSL, AFP
applications layer data of one system can be redirector
identified and understood by the application
later data of another system.
5 Session Establishes, manages and terminates sessions Message/Data Gateway NetBIOS, RPC, SMB, socks
between communicating parties
4 transport Establishes, maintains and cancels end-to-end TCP segment; Gateway TCP, UDP, SCTP
data transmission process. Controls UDP segment
transmission speed and adjust data sequences.
3 Network Defines logical addresses and transfers data Packet/ Router, Brouter IP, IPSec, ARP, NAT, ICMP,
from source to destinations. Datagram ICMP(ping)
2 Data link Encapsulates packets into frames, transmits Frames, Cells Switch, Bridge, MAC, ARP, ethernet,
frames in point-to-point or point-to-multipoint NIC VLAN, L2TP
mode and implements error detection
1 Physical Transmits bitstreams over transmission media Bit, Frame Cables, modems, Ethernet, IEEE802.11,
and defines electrical and physical hubs, repeaters, ISDN, USB, Bluetooth
specifications NIC,
multiplexers
Mapping of TCP/IP Model and the OSI Model
OSI TCP/IP

Application Layer
Application Layer
Presentation Layer TELNET, FTP, SMTP, POP3, SNMP, NNTP, DNS,NIS, NFS,
HTTP, etc.
Session Layer

Transport Layer Transport Layer

TCP , UDP, etc.

Network Layer Internet Layer

IP , ICMP, ARP, RARP, etc.

Data Link Layer

Link Layer
FDDI, Ethernet, ISDN, X.25, etc.
Physical Layer
 TCP/IP Protocols – Application Layer Protocols – HTTPS
HTTP (HyperText Transfer Protocol) is the foundation of data communication on the
World Wide Web.
Protocol: HTTP is a protocol used for transmitting hypermedia documents, such as
HTML.
Stateless: Each HTTP request from a client to server is independent; the server does
not retain any state information about the client after the request is completed.

HTTP Server
HTTP
Internet .COM
Client

www.binghamuni.edu.ng

HTML files of the page are returned

 TCP/IP Protocols – Application Layer Protocols - HTTPS
HTTPS (HyperText Transfer Protocol secure): Provides Secure HTTP channel.

The Transport Layer Security (TLS) protocol is added to HTTPS based on HTTP to enable:
▪ identify authentication,
▪ data encryption and integrity verification,
HTTPS uses port number 443 and HTTP uses port number 80

Plain text .COM Cyber-text

communication .COM
communication

HTTP Client HTTP Server HTTP Client HTTP Server

HTTP HTTP
▪ Identity authentication
TCP TLS
▪ Data encryption
▪ Integrity verification
IP TCP

IP
 TCP/IP Protocols – Application Layer Protocols - DNS
▪ The Domain Name server (DNS) maps human readable domains or
website addresses unto machine readable IP addresses and maintains a
database of this mapping.

▪ A Domain Name Server (DNS) translates human-readable domain names

(like www.example.com) into machine-readable IP addresses (like
192.168.1.1).

▪ This system allows users to access websites using easy-to-remember

names instead of numerical IP addresses, facilitating easier navigation
and connectivity on the internet.

▪ DNS is classified into static and dynamic domain name resolution.

Static domain name is first used to resolve a domain name, if the
TCP/IP Protocols – Application Layer Protocols - DNS

Client Local DNS server Internet

Send a request for the address of

www.binghamuni.edu.ng

Returned the IP address xx.xxx.x.x

Access internet xx.xxx.x.x

 TCP/IP Protocols – Application Layer Protocols - FTP
▪ File Transfer Protocol (FTP) is a standard network protocol used to transfer files
between a client and a server on a computer network.

▪ FTP operates over TCP/IP and typically uses port 21 for control commands and
port 20 for data transfer.

▪ It allows users to upload, download, and manage files on remote servers,

supporting operations such as creating directories, deleting files, and changing
permissions.

▪ FTP can operate in active or passive modes to accommodate different network

configurations. The difference between the two is whether data connection is
initiated by server or client.

▪ FTP is inherently insecure, leading to the development of secure alternatives like

FTPS (FTP Secure) and SFTP (SSH File Transfer Protocol).
▪ FTP is a dual channel protocol with control and data channel.
 TCP/IP Protocols – Application Layer Protocols - FTP
Passive mode is when the client initiates both the control and data connections. In
this mode, the client sends a PASV command to the server. The server then responds
with an IP address and port number for the client to use to establish the data
connection. Passive mode is typically used to handle issues with firewalls and NAT
(Network Address Translation) that block incoming connections. By allowing the client
to initiate both connections, passive mode facilitates smoother file transfers in
restricted network environments.

proactive mode is when the client initiates the control connection, but the server
initiates the data connection. In this mode, the client sends the server the PORT
command, which includes the client's IP address and a port number that the client has
opened for the data connection. The server then uses this information to establish
the data connection back to the client. Active mode can be problematic when the
client is behind a firewall or NAT (Network Address Translation) because these often
block incoming connections, making it difficult for the server to initiate the data
connection.
 TCP/IP Protocols – Application Layer Protocols - SFTP
▪ Secure file transfer protocol (SFTP) transfer files securely based on the secure shell
SSH
▪ SFTP encrypts the authentication information and data to be transmitted. With
higher security compared to FTP.
▪ SFTP is a single channel protocol and its default destination port is 22
▪ The client and server are securely connected using SSH to securely transfer files.

FTP SFTP
 TCP/IP Protocols – Application Layer Protocols - TELNET
▪ Telnet is a network protocol used to provide a command-line interface for
communication with remote devices over a TCP/IP network

▪ It allows users to remotely access and manage devices such as servers, routers, and
switches.

▪ Telnet operates on port 23 by default and enables users to execute commands as if

they were physically present at the device.

▪ Despite its usefulness, Telnet transmits data, including passwords, in plaintext,

making it highly
 TCP/IP Protocols – Application Layer Protocols - STELNET
▪ Stelnet secured telnet implemented based on SSH with port
number 22. negotiation between an Stelnet server and Stelnet
client involves the following stages:
• Version negotiation – server and client negotiates which version
of SSH to use (SSHv1 or SSHv2).

• Algorithm negotiation – The server and client negotiate the

encryption algorithm to be used from the multiple algorithms
supported by SSH.

• Key exchange – session key is generated using key exchange

algorithms, the session is used to encrypt the session between the
client and server.

• User authentication – the SSH client sends an authentication

request to the server and the server authenticates client.

• Session interaction – after a successful authentication, the server

and client exchange data.
Introduction to TCP/IP
TCP (Transmission Control Protocol) is a set of rules (protocol)
used along with the Internet Protocol (IP) to send data in the
form of message units between computers over the Internet.
While IP takes care of handling the actual delivery of the data,
TCP takes care of keeping track of the individual units of data
(called packets) that a message is divided into for efficient
routing through the Internet.

User Datagram Protocol (UDP) is one of the core protocols of

the Internet protocol suite. Using UDP, programs on networked
computers can send short messages sometimes known as
datagrams (using Datagram Sockets) to one another. UDP is
sometimes called the Universal Datagram Protocol or
Unreliable Datagram Protocol.
Internet Protocol (IP) Addressing

▪ An IP address uniquely identifies each device on

an IP network so that data can be sent correctly to
those locations. For example: Address on a letter,
Telephone number.

▪ Every host (computer, networking device,

peripheral) must have a unique address.
Parts of the IP Address
▪ Each IP address consists of:

▪ Network ID
▪Identifies the network to which the host belongs
▪Assigned by registry authority and cannot be
changed

▪ Host ID
▪Identifies the individual host
▪Assigned by organizations to individual devices
 IP Address Format: Dotted Decimal Notation
32 bits, with 8 bit groupings

Example 172.16.128.17

Each number between the dots can be

between 0 and 255

Allocated in groups called address

blocks

3 sizes, based on the class of the

address

Class A, Class B, and Class C

IP Address Classes: The First Octet
IP Addresses Classes cont’d
Class A:
Owned giant organizations like ISPs, Large Internet companies like
Google, CNN, etc
All IP addresses are of the form:
0 – 126.x.x.x
x can be between 0 and 255
The first octet is assigned to the owner, the remaining 3 are freely
distributable to the nodes. Thus, It Has a 24 bit address space
Uses up to half of the total IP addresses available
Class B:
All Class B Addresses are of the form:
128 - 191.x.x.x
Where x can take any number between 0 and 255
The first two octets are assigned to the address block owner, with the last
two freely distributable
Has 16-bit address space
IP Addresses Classes cont’d
Class C:
All Class C Addresses have the following format:
192-223.x.x.x
The first three octets are assigned, with the last being freely
distributable
Only 253 distributable addresses within a Class C Address

Class D:
Multicast addresses *127 (011111111) is a Class A address reserved for
loopback testing and cannot be assigned to a network.
224 – 247.x.x.x

Class E:
248 – 255.x.x.x
Experimental purposes
IP Address Ranges
Class Range Number of Possible Networks Number of Possible Number of Usable
Hosts in One Hosts in One
Network Network

A 1-126
126 16,777,216 16,777,214
B 128 -191
16,382 65,536 65,534
C 192-223
2,097,150 256 254
▪ Number of Possible networks is = 2x-y, Where x = number of network bits,
▪ y = number of fix bits in the network bits. Note that y depends on the IP
address Class,
▪ Number of Possible Hosts in one network = 2x where x is the number of hosts
bits
▪ Number of usable hosts in one network is = 2x – 2, where x is the number of
host bits
Reserved IP Addresses
Private Networks (no public connections)
• 10.x.x.x – Class A
• 172.16.x.x – Class B
• 192.168.x.x – Class C

Local Network
• 127.x.x.x – local network (loopback)
Multicast
• 255.255.255.255 – broadcast – sends to everyone on the network
IP Address Shortage
▪ IPv4 has potential for 4 billion IP addresses, However, with increased
Internet Connectivity, this number is running out.

▪ Applications increasing Demand

▪ Applications in IoTs
▪ Mobile devices
▪ It is projected that by the year 2030, there will be tens of billions of
connections

▪ A solution has been created through the 128 bits IPv6 but majority of
Internet users are yet to adopt IPv6 due to compatibility issues between
IPv4 and IPv6

▪ Thus, leading to shortage in IPv4 addresses and increase in their cost/IP

IP Address Shortage – Solution
Network Address Translation (NAT) - Hides many nodes behind limited set of public
addresses
❖ Block of addresses are located to ISPs and organisations
❖ This is based on classes of IP addresses
❖ What if we have a class C allocation that allows for 254 IPs and we have 500
computing devices to connect?
Use a gateway/router to map invalid (reserved) addresses to valid IP addresses
Translates your local address to a routable address
Router receives one IP Address
Either dynamically assigns addresses to all the nodes behind the router, or it is
assigned statically using non-routable addresses
If dynamic, uses DHCP (Dynamic Host Configuration Protocol)
When someone inside the network wants to access a computer outside the local
network (the internet), the request is sent to the router, which uses NAT to send
the request to the internet.

NB: This has potentials to increase security as these IPs are not visible outside
IPv4 and IPv6
IPv6 was developed by the Internet Engineering Task Force (IETF) to
provide a long term solution to the problem of IP exhaustion in IPv4.

It is 128-bits IP addressing Scheme and has address space of 2128 bigger

than IPv4 with 232

340,282,366,920,938,463,463,374,607,431,768,211,456 Ips
340 undecillion, approximately 3.4×1038

There are 8 groups separated by colon, each group is represented by 2

bytes (16bits) written in hexadecimal form
 IPv4 and IPv6 – cont’d
An IPv6 address is 128 bits in length and consists of eight, 16-bit fields, with each field
bounded (separated) by a colon. Each field must contain a hexadecimal number, in
contrast to the dotted-decimal notation of IPv4 addresses. In the next figure, the x's
represent hexadecimal numbers.
X:X:X:X:X:X:X:X, Note that each X represents a 16-bits field unlike the 4-
8bits field in IPv4

2001:0DB8:3C4D:0015:0000:0000:1A2F:1A2B

Most IPv6 addresses do not occupy all of their possible 128 bits. This
condition results in fields that are padded with zeros or contain only zeros
 IPv4 and IPv6 – Abbreviating IPv6 addresses

Most IPv6 addresses do not occupy all of their possible 128 bits. This condition
results in fields that are padded with zeros or contain only zeros
The IPv6 addressing architecture allows one to use the two-colon (::) notation to
represent contiguous 16-bit fields of zeros. For example, you might abbreviate the
IPv6 address:

2001:0DB8:3C4D:0015:0000:0000:1A2F:1A2B to:

2001:0DB8:3C4D:0015::1A2F:1A2B leading zeros in the fields can also be

removed. For example: 0DB8 can become DB8 and 0015 can become 15, the new
address becomes: 2001:DB8:3C4D:15::1A2F:1A2B
Subnetworks
Subnet – Logical division of IP networks
into 2 or more networks

Purpose
❖ Reduce network congestions
❖ Improve network performance
❖ Improve security

Routers are used to communicate between

subnets. However, a subnet allows its linked
devices to communicate with each other.
Number of Subnets Available
To determine the number of subnets:
✓Borrow bits from the host ID portion of the IP
address
✓Number of subnets available depends on the
number of bits borrowed.
✓One address is still reserved as the network
address.
✓One address is still reserved as broadcast
address.
✓Available number of subnets = 2s where ‘s’ is the
number of bits borrowed.
If we have a class C address, the number of
possible subnets is as shown in the table.
Possible Subnets and Hosts for a Class A Network
Building subnets from a network
You are required to create four networks for faculties of science and tech,
agriculture, engineering and medicine with each faculty having 60
systems.
Since we need 60 systems per network, we require a class C IP address:
192.168.4.0
Network ID subnet ID Host ID
Although, we have discussed previously that an IP address has two IDs - network and host, as we want to create
a subnet, a third ID is introduced between the network and host IDs – i.e subnet ID. The subnet ID is taken from
the Host ID, that is, bits are borrowed from the host ID depending on the number of subnets that are to be
created. For example we need 4 subnets, therefore, we borrow 2 bits from the host ID. the subnet IDs for the
subnets based on borrowed bits will be: 00, 01, 10 and 11. Thus:

Our first network commences from 00000000-01000000 (0 – 63), 2nd subnet 0100000000-01111111 (64-127), 3rd
network from 10000000 – 10111111(128-190) and 4th network from 11000000 – 11111111 (192-255)

Note that the number of bits borrowed is a function of the number of subnets required, for example, if we
need 8 subnets, we will borrow 3 bits, if we need 16 subnets, we will borrow 4 bits, etc.
 Building subnets from a network - Example
You are given a network 192.168.4.0/24 to create three networks for department of
finance, engineering and manufacturing
Step 1: Create a Subnetting Table and identify the column that gives you the number of subnets
Subnet 1 2 4 8 16 32 64 128 256
Host 256 128 64 32 16 8 4 2 1
Subnet /24 /25 /26 /27 /28 /29 /30 /31 /32
Mask

Here, 4 represents the number of subnets, 64 is the number of possible host (host IDs)
and /26 is the new subnet mask.
Building subnets from a network

Network ID Host ID range Number of Usable Host Broadcast ID

IDs

192.168.4.0 192.168.4.1 – 192.168.4.62 62 63

192.168.4.64 192.168.4.65 – 192.168.4.126 62 127

192.168.4.128 192.168.4.129 – 192.168.4.190 62 191

192.168.4.192 192.168.4.193 – 192.168.4.254 62 255

 First host ID is reserved for network
Building subnets from a network ID and last host ID reserved for
Broadcast ID

Network ID Subnet Host ID range Number of Usable Host IDs Broadcast

Mask ID

192.168.4.0 /26 192.168.4.1 – 192.168.4.62 62 63

192.168.4.64 /26 192.168.4.65 – 192.168.4.126 62 127

192.168.4.128 /26 192.168.4.129 – 192.168.4.190 62 191

192.168.4.192 /26 192.168.4.193 – 192.168.4.254 62 255

Network Management – NIC and MAC Addresses
▪ Network Interface (NI) is an interface to a network
from a computer, server, printer or any device that
connects to a network. All modern computing devices
have network interfaces, either wired (ethernet cable)
or wireless to connect to a wireless access point (WAP).

▪ Traditionally, NI came on a separate card thus are

referred as network interface cards (NIC). In recent
times, NI are built-in on the motherboard
Uses of the NIC
❖ Provides connection to the network media/Medium
(ethernet cables, blue tooth, wi-fi, satellite, etc).

❖ They have physical addresses referred to as the MAC

address

❖ Enable communication with other devices on the

network

❖ Takes data from the OS, Encapsulates it into frames and

makes it suitable for transport on the network.
Differences Between MAC and IP Addresses
❖ MAC addresses Identifies the device, IP addressed provides the location
of the device on the network

❖ MAC addresses are permanent identifiers of devices, a device IP address

may change.

❖ Example – IP addresses are like mailing addresses of people living in a

house, MAC addresses are the actual names of the individuals living in
the house.
All device manufacturers must contact IEEE to give them block of MAC
addresses which they burn into the NIC cheap of all devices such that no
two devices on earth would have the same MAC addresses
MAC Addresses
A MAC address also referred to as physical or hardware address is a 48-bits
number coded in 12 hexadecimal numbers with each hex character
representing 4 bits. The hex characters are grouped in twos separated by
hyphen. MAC Address

00-BB-BC 83-95-A2

Manufacturer’s ID Device ID

The first 6 characters represent the device manufacture’s ID

also referred to as Organisational Unique Identifier (OUI).
The second block of 6 digits is referred to as the device ID
Hacking
▪ Hacking involves Identifying and exploiting the vulnerabilities in
a system (e.g. network, application, operating system, etc) by
compromising the system’s security controls to gain unauthorised
access to the system’s resources.

▪ It involves modifying system’s features to achieve goals other

than those intended by the creator(s) of the system.

▪ Hacking can be used to degrade, destroy, abuse (e.g. networks,

applications, etc), pilfer, redistribute, steal system’s resources e.g.
personal information, intellectual property.
A Hacker
01
02
Intelligent individuals 03
with excellent Some hackers take
computing skills, with The intention of
to hacking as a
the ability to create hackers could
hobby to see how
and explore into the either be to gain
many computers or
computer’s software knowledge or to
networks they can
or hardware areas. poke around to
compromise.
do illegal or
A kind of show or
malicious
test of capabilities
activities
 Classes of Hackers
Hackers are categorised into Black Hat, Whitehat or Gray Hat or hackers
▪ Black Hat: Are malicious entities (bad guys) who hunt vulnerabilities in computer
systems, networks and software to exploit them for differs motivations, namely:
financial gain, reputation, corporate espionage, hacktivism or as nation-state
hacking campaign.

▪ White Hat: The good guys who carryout proactive hacking to prevent the success
of the Black Hat hackers. They break into systems for the purpose of assessing
and testing the level of network security in those systems. Thus, exposing the
vulnerabilities in systems before black hat hackers can detect and exploit them.

▪ Grey Hat: The activities of this group are sandwich between the Black and the
White Hats. They have unauthorised access to computers and networks with a
view to identify weaknesses and reveal them to the system owner.
 Hackers’ Motivations
Motivation is the perception that the targeted system stores, processes or transmit
valuable assets and the attacker will gain while the victim loses.

▪ Financial gain: The primary motivation for some hackers is the money they can steal
by obtaining victim’s passwords, electronic payment details, etc.

▪ Revenge: hackers that are motivated by anger or hurt and use their skills to attack
the system of individuals, groups or company.

▪ Hacktivists: hackers that are motivated by politics or religion and use their hacking
capabilities harass victims by defacing their websites or causing other forms of
damage.

▪ Cyber Terrorists: motivated by religious or political persuasions and create fear and
chaos by disrupting critical infrastructures. The cascading effects of CI disruption
may cause huge effects in the form of wide spread fear, terror and deaths.
Hackers’ Motivations – cont’d
▪ State Sponsored: State actors across the world have use the cyberspace
as a force multiplier to further their national interest through espionage
and sometimes outright disruptions corporate, government and critical
infrastructure of other nations.

▪ Challenge: These are hackers driven by the opportunity to break the

unbreakable system and gaining the recognition from their peers as a
form of competition and show of superior skills. While they compete
among their pears, they cause the victim damage that disrupts their
businesses.

▪ Spy Hackers: hackers hired by companies to infiltrate the competition

and steal trade secrets. They may hack from outside or gain
employment in this organisation for the purpose of accessing the
corporate infrastructure and stealing information.
Hacking Phases
▪ Hacking is an operation, thus, for the hacker(s) to achieve
success, it be carefully planned in distinct phases.

▪ These phases are the same for either ethical or malicious

(white or black hate hacking.

▪ Phase 6 may not be necessary for black hat (malicious

hackers)
Planning and Gaining Privilege Clearing Analysis and
Scanning Report writing
Reconnaissance Access escalation Tracks

Note that not

necessary in black
hat hacking
1. Hacking Phases: planning and Reconnaissance
▪ Reconnaissance refers to the preparatory phase where an attacker seeks to gather information about
a target prior to lunching an attack.
▪ Could be the future point of return, noted for ease of entry for an attack when more about the
target is known on a broad scale.
▪ Points of reconnaissance may include organisation’s clients, employees, partners, operations,
network, systems, etc.
▪ Reconnaissance could be passive or active
Passive Active
o Passive reconnaissance involves acquiring o Active reconnaissance involves interacting with
information without directly interacting the target directly by any means.
with the target. o For example, telephone calls to the help desk or
o For example, searching public records from technical department, visiting the work
organisations website or social media environment of the target, using instant messaging
accounts of targets applications to interact with them.
2. Hacking Phases: Scanning
▪ Scanning refers to the pre-attack phase when the attacker scans
the network for specific information on the basis of information
gathered during reconnaissance

▪ Attackers extract information such as live machines, port numbers,

port status, OS details, device type, system uptime, etc. to launch
attack.

▪ Scanning can include use of diallers, port scanners, network

mappers, ping tools, vulnerability scanners, etc.
▪ Tools that can be used at this stage include: Nmap, WireShark,
angry IP scanner, Netcat, etc.
3. Hacking Phases: Gaining Access
▪ Gaining access refers to the point where the attacker obtains
access to the operating system or applications on the
computing device or network

▪ Access can be gained at the operating system level, application

level or network level

▪ The attacker can escalate privileges to obtain complete control

of the system in the process, intermediate systems that are
connected to it are also compromised.

▪ Examples include password cracking, buffer overflows, denial of

service, session hijacking, brute force attack, use of an exploit
to take advantage of a vulnerability, etc.
4. Hacking Phases: Maintaining Access
▪ Maintaining access refers to the phase when the attacker tries
to retain his or her ownership of the system.
▪ Attackers may prevent the system from being owned by other
attackers by securing their exclusive access with backdoors,
Rootkits, or Trojans

▪ Attackers can upload, download, or manipulate data,

applications, and configurations on the owned system

▪ Attackers use the compromised system to launch further

attacks
5. Hacking Phases: Clearing Tracks
▪ Covering tracks refers to the activities carried out by a
hacker to hide malicious activities to evade attribution for
the purpose of repudiation

▪ The attacker’s intentions include: continuing access to the

victim’s system, remaining unnoticed and uncaught,
deleting evidence that might lead to his prosecution.

Clearing tracks is achieved by clearing cache and cookies,

tempering with server, systems and application logs; and
closing all ports.
6. Hacking Phases: Analysis and Reporting
This phase may ne be relevant in malicious hacking operations
but relevant in ethical hacking. Here the Ethical Hacker analyse
his findings and compiles a detailed report showing his findings
with respect to:

▪ The job done at each phase

▪ The tools used,
▪ The success rate,
▪ Vulnerabilities found,
▪ The exploit processes and
▪ Recommended solutions
Ethical Hacking (EH)
▪ In EH organisations engage professionals to apply hacking tools,
tactics, techniques, and procedures (TTP) to identify vulnerabilities
within their systems so they (vulnerabilities) can be addressed to
strengthen the defences of those systems.

▪ The Ethical hacker will test the strength of the network,

applications, OS and the personnel (using phishing ). When
done, the ethical hacker submits a report to the organisation.

▪ Note that ethical hackers may perform vulnerability

assessment of systems of interest without necessarily been
engaged by organisation

▪ When they find vulnerabilities, they report them to the system

Rationale for Ethical Hacking (EH)
EH supports organisations to take proactive actions against malicious
parties that would want to violate their systems by using the same tools,
tactics, techniques and procedures the malicious actors may use for
attacks.

▪ EH helps organisation identify weaknesses in their systems before they

are discovered and exploited by malicious parties.

▪ Helps strengthen organisation security posture by addressing

vulnerabilities in the areas they are discovered (e.g. people, process,
technology).

▪ Prevent attackers from having access to enterprise systems.

Rationale for Ethical Hacking (EH) cont’d
▪ Identifying Vulnerabilities: Ethical hacking involves probing systems to
discover security weaknesses that could be exploited by malicious
hackers. This helps organizations strengthen their defenses.

▪ Improving Security Posture: By simulating real-world cyberattacks,

ethical hackers help organizations enhance their security measures,
policies, and practices.

▪ Compliance and Risk Management: Ethical hacking ensures that

organizations comply with industry regulations and standards, such as
GDPR, HIPAA, and PCI-DSS, by identifying and addressing security gaps.

▪ Training and Awareness: Ethical hacking promotes cybersecurity

awareness and educates employees and IT teams about potential
Skills of an Ethical Hacker (Technical)
▪ Network Protocols and Security: Proficiency in TCP/IP, DNS, HTTP, and other protocols is essential
for identifying and exploiting network vulnerabilities. Understanding network security measures like
firewalls, VPNs, and intrusion detection systems is crucial.

▪ Operating System Exploits: In-depth knowledge of operating systems, especially Linux and Windows,
including how to exploit and secure them, is vital. This includes familiarity with OS-specific tools and
techniques.

▪ Penetration Testing Tools: Expertise in using penetration testing tools such as Metasploit, Nmap, Burp
Suite, Wireshark, and Nessus to identify, analyze, and exploit security weaknesses.

▪ Cryptography: Understanding encryption algorithms, cryptographic protocols, and methods to ensure

data confidentiality, integrity, and authenticity. Skills in breaking weak encryption and implementing
strong cryptographic measures are essential.

▪ Web Application Security: Knowledge of web technologies and vulnerabilities like SQL injection,
XSS, CSRF, and other common web application attacks. Proficiency in using tools and techniques to
test and secure web applications.
Skills of an Ethical Hacker (Non-Technical)
▪ Problem-Solving Ability: Ethical hackers must think creatively to identify and solve
complex security challenges, often devising unique approaches to breach systems
ethically.

▪ Attention to Detail: Identifying subtle vulnerabilities and ensuring comprehensive

security assessments require meticulous attention to detail and precision.

▪ Communication Skills: Clear and effective communication is essential for

documenting findings, writing reports, and conveying technical information to non-
technical stakeholders.

▪ Ethical Judgment: Strong moral principles guide ethical hackers to use their skills
responsibly and legally, maintaining trust and integrity in their professional activities.

▪ Continuous Learning: Cybersecurity is a constantly evolving field. Ethical hackers

need a commitment to continuous learning and staying updated with the latest threats,
Network Security Zones
Network security zones are logical segments within a network, each with its own security
requirements and controls. Here are some key network security zones:
▪ Demilitarized Zone (DMZ)
• Purpose: Hosts public-facing services such as web servers, email servers, and DNS
servers.
• Security: Isolated from the internal network and protected by firewalls, providing an
additional layer of security against external threats.
▪ Internal Network:
• Purpose: Houses the core business systems, databases, and internal applications used by
employees.
• Security: Highly secured with strict access controls, monitoring, and encryption to protect
sensitive data.
▪ External Network (Internet):
o Purpose: Represents the untrusted public network, including the internet and other external
Network Security Zones – cont’d
▪ Guest Network
• Purpose: Provides internet access to visitors and guests without giving them
access to the internal network.
• Security: Isolated from the internal network, typically using VLANs or
separate physical networks to prevent unauthorized access.

▪ Management Network
• Purpose: Dedicated to administrative tasks and management of network
devices, servers, and security systems.
• Security: Restricted access to authorized personnel only, often with
additional authentication mechanisms and logging for auditing purposes.