A

PROJECT REPORT
ON

CYBER SECURITY INNOVATIONS

Submitted by
NAMAN GROVER
21EJCEC089

Guided by
Dr. Shweta Sharda
Assistant Professor

DEPARTMENT OF ELECTRONICS & COMMUNICATIONENGINEERING

JAIPUR ENGINEERING COLLEGE AND RESEARCH CENTRE,
SHRI RAM KI NANGAL, VIA SITAPURA RIICO JAIPUR- 302 022

i
 DEPARTMENT OF ELECTRONICS AND COMMUNICATION

CERTIFICATE

This is to certify that the seminar entitled “CYBERSECURITY INNOVATIONS”

has been presented by NAMAN GROVER under my guidance during the academic year
2024-2025.

(Signature of the Guide)

SHWETA SHARDA
(Assistant Professor)
Department of ECE

ii
iii
 ABSTRACT

Today more and more software’s are developing and people are getting more
and moreoptions in their software’s. However, as more and more organizations
become partially orcompletely dependent on the internet, computer security and
the serious threat of computercriminals come to the foreground. The explosive
growth of internet has brought many goodthings like e-commerce, email, and
new avenues for advertising and information distribution,to nameafew.As with
most technical advances , there is also a dark side: criminal hackers.
Government,companies and private citizens around the world are anxious to be
a part of this revolution,but they are afraid that some hacker will break into
their web server and can hamper theirprivacy. Withthisconcern,
ethicalhackerscometo rescue.
Unfortunately, most organizations across the globe continue to remain
oblivious of the threatposed by the computer criminals, corporate espionage
and cyber terrorism. Ethical Hackingattempts to pro-actively increase security
protection by identifying and patching knownsecurity vulnerabilitiesonsystems
owned byotherparties.

iv
 KEYWORDS

1. Hacker
2. Vulnerability
3. Phishing
4. SQL
5. Stumbler
6. SNIFFING
7. Payroll
8. Intruders
9. Cryptography
10. Contrary
11. DDOS
12. Exploitation
13. Ciphertext
14. Threat
15. Forensic
16. Legitimate
17. URL
18. HTTP
19. Unix
20. GNU

v
 Contents

TableOfContents PageNo.

ACKNOWLEDGEMENT ------------------------------------------------------- iii

ABSTRACT ------------------------------------------------------------------------ iv
KEYWORDS --------------------------------------------------------------------- v

ChapterI:INTRODUCTION ------------------------------------------------------- 1-2

1.1 SECURITYAND INTEGRITY ---------------------------------- 1

1.2 NEEDFORSECURITY ------------------------------------------- 2

ChapterII:HACKINGBASICS ----------------------------------------------------- 3-8

2.1 HACKINGAND HACKERS -------------------------------- 3

2.2 TYPESOF HACKERS ---------------------------------------- 3

2.2.1 White HatHackers --------------------------------------- 3

2.2.2 Black HatHackers --------------------------------------- 4

2.2.3 GreyHatHackers ---------------------------------------- 4

2.3 BENEFITSOF ETHICALHACKING -------------------------- 4

2.4 TYPESOF ETHICALHACKING --------------------------------4-5

2.4.1 Web ApplicationHacking ---------------------------------- 5

2.4.2 System Hacking --------------------------------------------- 5

2.4.3 Web Server Hacking ---------------------------------------- 5

vi
 2.4.4 Hacking WirelessNetworks --------------------------------- 5

2.4.5 Social Engineering -------------------------------------------- 5

2.5 SKILLSREQUIRED -------------------------------------------------- 6-8

2.5.1 Computer Networking --------------------------------------- 6

2.5.2 Computer Skills ---------------------------------------------- 6

2.5.3 Linux Skills ---------------------------------------------------- 6

2.5.4 Programming Skills--------------------------------------------- 7

2.5.5 Basic HardwareKnowledge ------------------------------------- 7

2.5.6 Reverse Engineering-----------------------------------------------7

2.5.7 Cryptography Skills ---------------------------------------------- 8

2.5.8 Database Skills ---------------------------------------------------- 8

2.5.9 Problem Solving Skills ------------------------------------------- 8

ChapterIII:TOOLSANDTECHNIQUES 9-14

3.1 TOOLS --------------------------------------------------------- 9-11

3.1.1 Nmap --------------------------------------------------- 9

3.1.2 Metasploit-----------------------------------------------9

3.1.3 BurpSuit ------------------------------------------------ 10

3.1.4 Cain And Abel ----------------------------------------- 10

3.1.5 Net Stumbler ------------------------------------------- 11

3.2 TECHNIQUES ------------------------------------------------11-14

vii
 3.2.1 Sniffing ----------------------------------------------- 11

3.2.2 SQLInjection --------------------------------------- 12

3.2.3 InformationGathering -------------------------- 13

3.2.4 Vulnerability Scanning ------------------------ 13

3.2.5 Exploitation ------------------------------------- 13

3.2.6 PenTesting ----------------------------------------14

ChapterIV:ROLES , RESPONSIBILITIES AND CHALLENGES OF

ETHICALHACKERS ----------------15-16

4.1 THEIRROLESANDRESPONSIBILITY --------15

4.2 CHALLENGES 15-

16ChapterV:WHAT’SNEXT 17

5.1CAREER OPPORTUNITIES --------------------- 17

Chapter VI:FAQs 18-

19Chapter VII:Conclusion 20

viii
REFERENCES21APPENDICES22-34APPENDIX-I-

MEANINGOFKEYWORDS ------------------------------------------------- 22-25

APPENDIX-II–HACKINGTERMINOLOGIES ---------------------------- 26-29

APPENDIX-III–FACTSRELATEDTOHACKING ------------------------- 30-34

CHAPTER-
ix
 IINTRODUCTIO

Ethical Hacking also known as penetration testing or white hat hacking , involves the
sametools and tricks that hackers use. The major difference is that Ethical Hacking is legal.
EthicalHacking is performed with target permission. The intent of Ethical Hacking is to
discovervulnerabilities from a hacker’s viewpoint so system can be better secured. This type
ofHackingalsoensuresthat vendorclaims about security oftheir productsarelegitimate.

1.1 SECURITYANDINTEGRITY

It is the condition of being protected from danger or loss. Generally , security is a

conceptsimilar tosafety.Withreferencetonetworks,itiscalledInformationSecurity,meaning
protecting information and information systems from unauthorized access, use,
disclosure,disruption, modification or destruction. Usually, it is defined in terms of CIA
Triads. TheCIA are the basic principles of security in which C denotes the confidentiality, I
representsintegrity, and A represents availability. For example, in case of a credit card
transaction, theauthorized person should see the credit card number and he should see the
data. Nobodycould see that data as they may use it for some other activities. Thus the
confidentiality isvery important. Confidentiality is necessary for maintaining the privacy of
people whosepersonal informationof asystemholds.

INTEGRITY

It means data cannot be modified without authorization. This means that the
data seen by theauthorizedpersonsshouldbecorrectorhedata
shouldmaintainthepropertyofintegrity.
Integrity is violated when a computer virus infects a computer like when
someone is able tocast a large number of votes in online poll, an employee is
able to modify his own salary in apayroll database and so on. In such cases the
data is modified and we can say that there is abreach in security.

x
protecting information and information systems from unauthorized access,
use, disclosure,disruption, modification or destruction. Usually, it is defined in
terms of CIA Triads. TheCIA are the basic principles of security in which C
denotes the confidentiality, I representsintegrity, and A represents availability.
For example, in case of a credit card transaction, theauthorized person should
see the credit card number and he should see the data. Nobodycould see that
data as they may use it for some other activities. Thus the confidentiality
isvery important. Confidentiality is necessary for maintaining the privacy of
people whosepersonal informationof asystemholds.

INTEGRITY

It means data cannot be modified without authorization. This means that the
data seen by theauthorizedpersonsshouldbecorrectorhedata
shouldmaintainthepropertyofintegrity.
Integrity is violated when a computer virus infects a computer like when
someone is able tocast a large number of votes in online poll, an employee is
able to modify his own salary in apayroll database and so on. In such cases the
data is modified and we can say that there is abreach in security.

1.2 NEEDFORSECURITY

Computer security is required because most organizations can be damaged by

hostilesoftware or intruders. Moreover security is directly related to business.
This is because if acompany loses a series of credit card numbers of it’s
customers then many customers wouldbe hesitant to go back to the same
company. It will result to company losing it’s customersand business. Several
damages can also be done by some intruders. Hence the security isabsolute
necessary.

xi
CHAPTER-II

HACKINGBASICS

2.1 HACKINGANDHACKERS

The activity of using a computer to access information stored on another

computer systemwithout permission,or to spread acomputervirus.

Ethical Hacking: An authorized attempt to gain unauthorized access to

computer system ,application or data
It is also called penetration testing. It is legally breaking into computers and
devices to test anorganization’sdefences.
Hacker:Personwhousescomputertogainunauthorizedaccess toacomputer.

2.2 TYPESOFHACKERS

Hackersareofdifferenttypesandarenamedbasedontheirintentofthehackingsystem.

a) WhiteHatHackers

b) BlackHatHackers

c) GreyHatHackers

2.2.1 WhiteHatHacker

Ethical Hackers or White Hat Hackers do not intend to harm the system or
organization butthey do so , officially , to penetrate and locate the
vulnerabilities, providing solutions to fixthem and ensure safety. Companies
like Facebook , Microsoft and Google use white hathackers.

xii
Contrary to an ethical hacker , Black Hat Hackers or non-ethical hackers
perform hacking tofulfil theirselfishintentionsto collectmonetarybenefits.

2.2.2 GreyHatHacker

They are the combination of white and black hat hackers. They hack without
any
maliciousintentforfun.Theyperformhackingwithoutanyapprovalfromthetargete
dorganization.

2.3 BENEFITSOFETHICALHACKING

The primary benefit of ethical hacking is to prevent data from being stolen
and misused bymaliciousattackers, as wellas,

i) Discovering vulnerabilities from an attackers POV so that weak

points can befixed.
ii) Implementingasecurenetworkthatpreventsecuritybreaches.

iii) Defendingnationalsecuritybyprotecting datafromterrorists.

iv) Gaining the trust of customers and investors by ensuring the

security of theirproductsand data
v) Helpingprotectnetworkwithrealworldassessment.

2.4 TYPESOFETHICALHACKING

It is no big secret that any system , process, website, device

canbe hacked.Typesof EthicalHackingareas follows :

xiii
2.4.1 WebApplicationHacking

It refers to exploitation of applications via HTTP which can be done by

manipulatingapplication via it’s graphical web interface, tampering the URL or
tampering HTTP elementsnot containedin theURL.

2.4.2 SystemHacking

It is defined as the compromise of computer systems and software to

access the targetcomputer andsteal or misusetheirsensitiveinformation.

2.4.3 WebServerHacking

Web content is generated in real time by a software application running at

server side. Sphackers attack on the web servers to access passwords, etc.,
by using DDOS attacks , portscanandsocialengineeringattacks.

2.4.4 HackingWirelessNetworks

Wireless networks are accessible to anyone within the router’s

transmissions radius. Thismakesthemvulnerableto attacks.

2.4.5 SocialEngineering

It is the art of exploiting human psychology , rather than technical hacking

techniques to gainaccessto systems, buildingor data.

2.5 SKILLSREQUIRED

2.5.1 ComputerNetworkingSkills

Thecomputernetworkisnothingbuttheinterconnectionofmultipledevices,generall
ytermedasHostsconnectedusingmultiplepathstosend/receivedataormedia.
xiv
UnderstandingnetworkslikeDHCP,Superwetting,Subnetting,andmorewillprovid
eethicalhackerstoexplorethevariousinterconnectedcomputersinanetworkandthep
otentialsecuritythreatsthatthismightcreate,aswellashowtohandlethosethreats.

2.5.2 ComputerSkills

Computerskillsareknowledgeandabilitywhichallowonetousecomputersandrelatedt
echnology.Typically,basiccomputerskillsincludedataprocessing,managingcomput
erfiles,andcreatingpresentations.Advancedcomputerskillsincludemanagingdataba
ses,programming,andrunningcalculationsinspreadsheets.Someofthemostessential
.computerskillsareMSOffice,Spreadsheets,Email,DatabaseManagement,SocialMe

dia,Web,Enterprisesystems,etc.Anethicalhackerneedstobeacomputersystemsexpe
rt.

2.5.3 LinuxSkills

Linuxisacommunityofopen-
sourceUnixlikeoperatingsystemsthatarebasedontheLinuxKernel.Itisafreeandope
n-
sourceoperatingsystemandthesourcecodecanbemodifiedanddistributedtoanyonec
ommerciallyornoncommerciallyundertheGNUGeneralPublicLicense.Themainre
asontolearnLinuxforanethicalhackeris,intermsofsecurity,Linuxismoresecurethan
anyotheroperatingsystem.ItdoesnotmeanthatLinuxis100percentsecureithassome
malwareforitbutislessvulnerablethananyotheroperatingsystem.So,itdoesnotrequir
eanyanti-virussoftware.

xv
2.5.4 ProgrammingSkills

AnothermostimportantskilltobecomeanethicalhackerisProgrammingSkills.Sow
hatdoesthewordprogramminginthecomputerworldactuallymeans?Itmeans,“The
actofwritingcodeunderstoodbyacomputationaldevicetoperformvariousinstructio
ns.”So,togetbetteratprogramming,onewillbewritingalotofcode!Beforeonewrites
codehe/shemustchoosethebestprogramminglanguageforhis/herprogramming.He
reisthelistofprogramminglanguagesusedbyethicalhackers

1. Python

2. SQL

3.C++

4. Java

5. C

6. PHP

7. Ruby
8. Pearl

2.5.5 BasicHardwareKnowledge

Computerhardwarecomprisesthephysicalpartsofacomputer,likethecentralprocessi
ngunit(CPU),monitor,mouse,keyboard,computerdatastorage,graphicscard,soundc
ard,speakersandmotherboard,etc.

2.5.6 ReverseEngineering

ReverseEngineeringisaprocessofrecoveringthedesign,requirementspecification
s,andfunctionsofaproductfromananalysisofitscode.Itbuildsaprogramdatabasean
dgeneratesinformationfromthis.Theobjectiveofreverseengineeringistoexpeditet
hemaintenanceworkbyimprovingtheunderstandabilityofasystemandtoproducet
henecessarydocumentsforalegacysystem.Insoftwaresecurity,reverseengineerin
xvi
 giswidelyusedtoensurethatthesystemlacksanymajorsecurityflawsorvulnerabiliti
es.

2.5.7 CryptographySkills

Cryptographyisthestudyandapplicationoftechniquesforreliablecommunicationi
nthepresenceofthirdpartiescalledadversaries.Itdealswithdevelopingandanalyzin
gprotocolsthatpreventmaliciousthirdpartiesfromretrievinginformationbeingshar
edbetweentwoentitiestherebyfollowingthevariousaspectsofinformationsecurity.
Cryptographydealswithconvertinganormaltext/messageknownasplaintexttoanon-
readableformknownasciphertextduringthetransmissiontomakeitincomprehensiblet
ohackers.Anethicalhackermustassurethatcommunicationbetweendifferentpeople
withintheorganizationdoesnotleak.

2.5.8 DatabaseSkills

DBMSisthecruxofcreatingandmanagingalldatabases.Accessingadatabasewhere
alltheinformationisstoredcanputthecompanyinatremendousthreat,soensuringtha
tthis
softwareishack-
proofisimportant.Anethicalhackermusthaveagoodunderstandingofthis,alongwit
hdifferentdatabaseenginesanddataschemastohelptheorganizationbuildastrongD
BMS.

2.5.9 ProblemSolvingSkills

Problem-
xvii
solvingskillshelponetodeterminethesourceofaproblemandfindaneffectivesolutio
n.Apartfromthetechnicalskillspointedabove,anethicalhackeralsomustbeacriticalt
hinkeranddynamicproblemsolver.Theymustbewantingtolearnnewwaysandensur
eallsecuritybreachesarethoroughlychecked.Thisrequirestonsoftestingandaninge
niouspenchanttodevicenewwaysofproblem-solving.

xviii
 CHAPTER-

IIITOOLSANDTECHNIQU

3.1 TOOLS

3.1.1 Nmap

It stands for Network Mapper. It is an open source tool that is used widely for
networkdiscovery and security auditing. Nmap was originally designed for
large networks but it canworkequallywellfor singlehosts.

NmapusesrawIPpackets todetermine−

 whathostsareavailableonthenetwork,

 whatservices thosehostsareoffering,

 whatoperatingsystems theyarerunningon,

 whattypeoffirewallsareinuse,andothersuchcharacteristics.

NmaprunsonallmajorcomputeroperatingsystemssuchasWindows,MacOSX,andLi
nux.

3.1.2 Metasploit

Metasploitisoneofthemostpowerfulexploittools.It’s aproductofRapid7andmost
xix
 ofitsresources can befound..Itcomes in twoversions
−commercialandfreeedition.MetasploitcanbeusedwithcommandpromptorwithWe
bUI.

WithMetasploit,youcanperformthefollowingoperations−

 Conductbasicpenetrationtestsonsmallnetworks

 Runspotchecks ontheexploitabilityofvulnerabilities

 Discoverthenetworkorimportscandata

 Browseexploitmodules andrunindividualexploitsonhosts
.

3.1.1 BurpSuit

Burp Suite is a popular platform that is widely used for performing security
testing of webapplications. It has various tools that work in collaboration to
support the entire testingprocess, from initial mapping and analysis of an
application's attack surface, through tofinding and
exploitingsecurityvulnerabilities.

Burp is easy to use and provides the administrators full control to combine
advanced
manualtechniqueswithautomationforefficienttesting.Burpcanbeeasilyconfigure
danditcontainsfeaturestoassisteventhemost experienced testerswith their work.

3.1.2 CainandAbel

Cain & Abel is a password recovery tool for Microsoft Operating Systems. It

xx
helps in easyrecovery ofvariouskindsofpasswords byemploying any
ofthefollowingmethods−

 sniffingthenetwork,

 crackingencryptedpasswordsusingDictionary,Brute-
ForceandCryptanalysisattacks,

 recordingVoIPconversations,

 decodingscrambledpasswords,

 recoveringwirelessnetworkkeys,

 revealing passwordboxes,

 uncoveringcachedpasswordsandanalyzing routingprotocols.
Cain&Abelisausefultoolforsecurityconsultants,professionalpenetrationtest
ersand everyoneelsewhoplansto useitfor ethical reasons.

3.1.3 NetStumbler

Network stumbler is a Wi-Fi scanner and monitoring tool for Windows. It

allows networkprofessionals to detect WLANs. It is widely used by networking
enthusiasts and hackersbecause ithelps youfind non-
broadcastingwirelessnetworks.

Network Stumbler can be used to verify if a network is well configured, its

signal strength orcoverage, and detect interference between one or more
wireless networks. It can also be usedto non-authorizedconnections.

xxi
3.2 TECHNIQUES

3.2.1 Sniffing
Sniffing is the process of monitoring and capturing all the packets passing
through a givennetwork using sniffing tools. It is a form of “tapping phone
wires” and get to know about theconversation. It isalsocalledwiretapping
applied tothecomputernetworks.

In other words, Sniffing allows you to see all sorts of traffic, both protected
and
unprotected.Intherightconditionsandwiththerightprotocolsinplace,anattackin
gpartymaybeableto gather information that can be used for further attacks or
to cause other issues for thenetwork or systemowner.

3.2.2 SQLInjection

SQL injection is a set of SQL commands that are placed in a URL string or in
data structuresin order to retrieve a response that we want from the databases
that are connected with theweb applications. This type of attacks generally
takes place on webpages developed usingPHPor ASP.NET.

AnSQLinjectionattackcanbedonewiththefollowingintentions −

 Todumpthewholedatabaseofasystem,

 Tomodifythe contentofthedatabases,or

 Toperformdifferentqueries that arenotallowedbytheapplication.

xxii
This type of attack works when the applications don’t validate the inputs
properly, beforepassing them to an SQL statement. Injections are normally
placed put in address bars, searchfields, or datafields.

The easiest way to detect if a web application is vulnerable to an SQL injection

attack is tousethe"‘"characterinastring andseeifyou getanyerror.

SQLMAP

SQLMAP is one of the best tools available to detect SQL injections. It can be
downloadedfromhttp://sqlmap.org/

It comes pre-compiled in the Kali distribution. You can locate it at −

Applications →Database Assessment→ Sqlmap.

3.2.3 InformationGathering

Information Gathering is the act of gathering different kinds of information

against
thetargetedvictimorsystem.ItisthefirststeporthebeginningstageofEthicalHacking,
where the penetration testers or hackers (both black hat or white hat) performed
this stage;this is a necessary and crucialstep to be performed. The more the
informationgatheredabout the target, the more the probability to obtain relevant
results. Information gathering isnot just a phase of security testing; it is an art
that every penetration-tester (pen-tester) andhacker should master for a better
experience in penetration testing. There are various tools,techniques, and
websites, including public sources such as Whois, nslookup that can
helphackersgatherinformation.Thisstepisnecessarybecauseyoumayneedanyinfor
mation.(suchashispetname,bestfriend'sname,age,orphonenumbertoperformpassw
ordguessingattackorotherkindsofattacks) while performing attacksonanytarget.

xxiii
3.2.4 VulnerabilityScanner

Vulnerability scanners allow you to connect to a target system and check for
suchvulnerabilities as configuration errors and system vulnerabilities. A
popular vulnerabilityscanner is the freely available open source tool Nessus.
Nessus is an extremely powerfulnetwork scanner that can be configured to run
a variety of scans. While a Windows graphicalfront-endis available,thecore
Nessus productrequiresLinux to run.

3.2.5 Exploitation

Exploitation is a piece of programmed software or script which can allow

hackers to takecontrol over a system, exploiting its vulnerabilities. Hackers
normally use vulnerabilityscannerslike Nessus,Nexpose,OpenVAS,etc.
tofindthesevulnerabilities

3.2.6 PenTesting

Penetration Testing is a method that many companies follow in order to

minimize theirsecurity breaches. This is a controlled way of hiring a
professional who will try to hack yoursystem and show you
theloopholesthatyou should fix.

Before doing a penetration test, it is mandatory to have an agreement that will

explicitlymentionthefollowingparameters−

 whatwillbethetimeofpenetration test,

 wherewill bethe IPsourceoftheattack,and

 whatwillbethepenetrationfieldsofthesystem.

xxiv
Penetration testing is conducted by professional ethical hackers who mainly
use commercial,open-source tools, automate tools and manual checks. There
are no restrictions; the mostimportantobjectivehereis touncover as
manysecurity flaws aspossible.

TypesofPenetrationTesting

Wehavefivetypesofpenetrationtesting−

 Black Box − Here, the ethical hacker doesn’t have any information
regarding theinfrastructure or the network of the organization that he is
trying to penetrate. Inblack-box penetration testing, the hacker tries to
find the information by his ownmeans.

 Grey Box − It is a type of penetration testing where the ethical hacker

has a partialknowledge of theinfrastructure,like its domainname server.

 White Box − In white-box penetration testing, the ethical hacker is

provided with
allthenecessaryinformationabouttheinfrastructureandthenetworkoftheorg
anization thatheneeds topenetrate.

 External Penetration Testing − This type of penetration testing mainly

focuses
onnetworkinfrastructureorserversandtheirsoftwareoperatingundertheinfra
structure. In this case, the ethical hacker tries the attack using public
networksthrough the Internet. The hacker attempts to hack the company
infrastructure byattacking their webpages,
webservers,publicDNSservers, etc.

 Internal Penetration Testing − In this type of penetration testing, the

ethical hackerisinside thenetwork of thecompany and conductshis
xxv
 testsfromthere.

Penetration testing can also cause problems such as system malfunctioning,

system crashing,or data loss. Therefore, a company should take calculated risks
before going ahead withpenetration testing. The riskiscalculatedasfollowsandit
isamanagementrisk.

RISK=Threat×Vulnerability

xxvi
 CHAPTER-IV
ROLES,RESPONSIBILITIESANDCHALLENGESOFETHICALHAC
KERS

4.1ROLESANDRESPONSIBILITIES

Ethical hackers are similar to penetration testers, but the role of an ethical
hacker is broaderand involves a greater range of duties. Like penetration
testers, ethical hackers break intosystems legally and ethically. However,
ethical hackers are also responsible for fixing
thevulnerabilitiestheyidentify.Responsibilitiesofethicalhackers include:

 Find open ports and implement corrective measures to

prevent potentialattacks
 Evade intrusion prevention systems, intrusion detection systems,
firewalls, andhoneypotstoensurethey areeffectiveandreinforced
whennecessary
 Search digital trash bins and other deep corners of a network
to find anypasswords or other sensitive information that
could be used to attack anorganization
 Identify and fix sniffing networks, cracked wireless encryption,
hijacked webservers,and hijackedweb application
 Ensurepatchinstallations areuptodate
 Help handle issues related to online employee fraud and digital
informationtheft

xxvii
4.2CHALLENGES

The professional issues of ethical hacking include possible ineffective

performance on thejob. Ethical hacking may be limited by the sensitivity of
information involved in the clientorganization. Clients tend to impose
requirements and limits on the activities of the ethicalhacker.

For the ethical hacker to perform properly, access to the entire system or
network might beneeded. Because of the need for professionalism, the ethical
hacker must not violate the limitsimposed by theclientso that
professionalissuesareminimized.
Penetration testing is conducted by professional ethical hackers who mainly
use commercial,open-source tools, automate tools and manual checks. There
are no restrictions; the mostimportantobjectivehereis touncover as
manysecurity flaws aspossible.
Ethical hacking is conducted by hackers as well but their intention behind
hacking is notfor malicious purposes. Ethical hackers are referred to as White
Hats, who end up provideprotection from the Black Hats who are the unethical
hackers. Ethical hacking is adopted bymany almostevery organization.Chief
InformationSecurity Officer, Application Security Tester, Chief Application
Security Officer, etc. offerexciting prospects. They can work in Defense
organizations, law enforcement organizations,forensic organizations, detective
companies, investigative organizations, etc.Growing at a rate that is outpacing
all other areas of IT, cybersecurity has emerged as a high-growth-field of 2017,
and possibly of the entire decade. During the 5 years between 2012 and2017,
listings for cybersecurity jobs increased by a whopping 75% according to the
analysismade by the Bureau of Labor Statistics. This has led to a lot of unfilled
positions so jobs areplenty and theypay welltoo.

xxviii
 CHAPTER-

VWHAT’SNEX

5.1CAREEROPPRTUNITIES

The professional issues of ethical hacking include possible ineffective

performance on thejob. Ethical hacking may be limited by the sensitivity of
information involved in the clientorganization. Clients tend to impose
requirements and limits on the activities of the ethicalhacker.
For the ethical hacker to perform properly, access to the entire system or
network might beneeded. Because of the need for professionalism, the ethical
hacker must not violate the limitsimposed by theclientso that
professionalissuesareminimized.
Certified ethical hackers make an average annual income of $80,074, according
to PayScale.The average starting salary for a certified ethical hacker is
$95,000, according to EC-Councilsenior director Steven Graham. The founder
ofNoWiresSecurity , Eric Geier, estimates amoreconservative $50,000
to$100,000 per year inthefirst yearsof work
dependingonyouremployer,experienceandeducation.Thosewithafewyearsofexp
eriencecanpull
$120,000andupwardsperyear,particularlythosewhoworkasindependentconsult
ants. Ethical hacking is conducted by hackers as well but their intention behind
hacking is notfor malicious purposes. Ethical hackers are referred to as White
Hats, who end up provideprotection from the Black Hats who are the unethical
hackers. Ethical hacking is adopted bymany almostevery organization.Chief
InformationSecurity Officer, Application Security Tester, Chief Application
Security Officer, etc. offerexciting prospects. They can work in Defense

xxix
organizations, law enforcement organizations,forensic organizations, detective
companies, investigative organizations, etc.

xxx
 Source:GoogleTrends

Growing at a rate that is outpacing all other areas of IT, cybersecurity has
emerged as a high-growth-field of 2017, and possibly of the entire decade.
During the 5 years between 2012 and2017, listings for cybersecurity jobs
increased by a whopping 75% according to the analysismade by the Bureau of
Labor Statistics. This has led to a lot of unfilled positions so jobs areplenty and
theypay welltoo.

Howmuchmoneydoesanethicalhackermake?

Certified ethical hackers make an average annual income of $80,074, according

to PayScale.The average starting salary for a certified ethical hacker is $95,000,
according to EC-Councilsenior director Steven Graham. The founder
ofNoWiresSecurity , Eric Geier, estimates amoreconservative $50,000
to$100,000 per year inthefirst yearsof work
dependingonyouremployer,experienceandeducation.Thosewithafewyearsofexper
iencecanpull
$120,000andupwardsperyear,particularlythosewhoworkasindependentconsulta
nts.

xxxi
 CHAPTER-VI

Q1. Howmuchtimeittakestobreakintoasystem?

The government jobs for ethical hackers in different organizations basically

require thehacker to make use of hacking tools, tactics and techniques to breach
the existing securityprotocols by finding small loopholes, assessing the security
of these networks/ website/application and to execute the measures that can
prevent such unwanted intrusions. They testand develop security systems. Jobs
as Network Security Administrator, Chief InformationSecurity Officer,
Application Security Tester, Chief Application Security Officer, etc.
offerexciting prospects. They can work in Defense organizations, law
enforcement organizations,forensic organizations, detective companies,
investigative organizations, etc.

Q2.Whatisthedifferencebetweenethicalhackersandhackers ?

Ans: Ethical hacking is conducted by hackers as well but their intention behind
hacking is notfor malicious purposes. Ethical hackers are referred to as White
Hats, who end up provideprotection from the Black Hats who are the unethical
hackers. Ethical hacking is adopted bymany almostevery organization.The
average time it took ethical hackers to get to the internal network was four
days,but in onecaseitwas possiblein just thirtyminutes .
Q3.RoleofEthicalHackersinGovernmentAgencies.

Ans: The government jobs for ethical hackers in different organizations

basically require thehacker to make use of hacking tools, tactics and techniques
to breach the existing securityprotocols by finding small loopholes, assessing
the security of these networks/ website/application and to execute the measures
xxxii
that can prevent such unwanted intrusions. They testand develop security
systems. Jobs as Network Security Administrator, Chief InformationSecurity
Officer, Application Security Tester, Chief Application Security Officer, etc.
offerexciting prospects. They can work in Defense organizations, law
enforcement organizations,forensic organizations, detective companies,
investigative organizations, etc.
The average time it took ethical hackers to get to the internal network was
four days,but in onecaseitwas possiblein just thirtyminutes.
Ethical hacking is conducted by hackers as well but their intention behind
hacking is notfor malicious purposes. Ethical hackers are referred to as White
Hats, who end up provideprotection from the Black Hats who are the unethical
hackers. Ethical hacking is adopted bymany almostevery organization.

Q4.Areaswhereethical hackersareemployed.

Ans:TheyHelpInEducatingTheOtherEmployees

Skilled ethical hackers are aware of the actions on the part of employees which
createsvulnerabilities.Thus,theycanwarnemployeesagainstvulnerableactionswhil
eusingcompany computing systems. An aware and educated workforce acts as a
fence to secure thenetwork of theorganization.

xxxiii
 Chapter-

VIICONCLUSI

ON

Hacking has both its benefits and risks. Hackers are very diverse. They may
bankrupt
acompanyormayprotectthedata,increasingtherevenuesforthecompany.Thebattle
between the ethical or white hat hackers and the malicious or black hat hackers
is a long war,which has no end. While ethical hackers help to understand the
companies’ their securityneeds, the malicious hackers intrudes illegally and
harm the network for their personalbenefits. which may allow a malicious
hacker to breach their security system. EthicalHackers help organizations to
understand the present hidden problems in their servers andcorporate
network.[3] Ethical Hacking is a tool, which if properly utilized, can prove
usefulfor understanding the weaknesses of a network and how they might be
exploited.[2]This alsoconcludes that hacking is an important aspect of
computer world. It deals with both sides ofbeing good and bad. Ethical hacking
plays a vital role in maintaining and saving a lot ofsecret information, whereas
malicious hacking can destroy everything. What all depends isthe intension of
the hacker. It is almost impossible to fill a gap between ethical and
malicioushackingashuman mindcannot beconquered,butsecurity
measurescanbetighten[3].

So the conclusion is this that we can use Artificial Intelligence to prevent

hackers to accessour network either it is a computer network or Internet of
Things. In this process we need totaught AI that “How to prevent Hacker to
bypass our network”. Besides making our lifecomfortable networks can also be
used to compromise it so, it depends upon how smartly andsecurely weuseit

xxxiv
becausedoesn’tmatterwhatit is nothing is unhackable.

References

[1] Wikipedia.

[2] C.Palmer,"EthicalHacking,"IBMSystems,vol.40,no.3,pp.769-780,2001.

[3] K.Utkarsh,"SystemSecurityandEthical Hacking".

[4] G. K.Juneja, "Ethical Hacking:A technique to enhance information

security,"International Journals of Computer Applications, vol. 2, no.
12,december 2013, p. 3297,2007.
[5] Y. W. D. D. Smith B, Ethical Hacking : The Security Justification Redux
in Technologyandsoceity,2002.

xxxv
 APPENDIX
HackingTerminologies

Followingisalistofimportantterms usedinthefield ofhacking.

 Adware−Adwareissoftwaredesignedtoforcepre-
chosenadstodisplayonyoursystem.
 Attack − An attack is an action that is done on a system to get its access
and extractsensitive data.

 Back door − A back door, or trap door, is a hidden entry to a computing

device
orsoftwarethatbypassessecuritymeasures,suchasloginsandpasswordprotec
tions.

 Bot − A bot is a program that automates an action so that it can be done

repeatedly
atamuchhigherrateforamoresustainedperiodthanahumanoperatorcoulddoi
t.For example, sending HTTP, FTP or Telnet at a higher rate or calling
script to createobjectsatahigherrate.

 Botnet − A botnet, also known as zombie army, is a group of computers

controlledwithout their owners’ knowledge. Botnets are used to send
spam or make denial ofservice attacks.

 Brute force attack − A brute force attack is an automated and the

simplest kind ofmethodtogain access toa system or website.It
triesdifferentcombinationofusernamesand passwords,over andoveragain,
until itgetsin.

 Buffer Overflow − Buffer Overflow is a flaw that occurs when more

data is writtento ablockof memory, or buffer, than the buffer

xxxvi
 isallocatedto hold.

 Clone phishing − Clone phishing is the modification of an existing,

legitimate emailwith afalselink totrick therecipientintoproviding
personalinformation.

 Cracker − A cracker is one who modifies the software to access the

features whichare considered undesirableby the person cracking the
software, especiallycopyprotectionfeatures.

 Denial of service attack (DoS) − A denial of service (DoS) attack is a

maliciousattempt to make a server or a network resource unavailable to
users, usually
bytemporarilyinterruptingorsuspendingtheservicesofahostconnectedtothe
Internet.

 DDoS−Distributeddenialofserviceattack.

 Exploit Kit − An exploit kit is software system designed to run on web

servers, withthe purpose of identifying software vulnerabilities in client
machines communicatingwithit andexploitingdiscoveredvulnerabilities.

xxxvii
xxxviii
xxxix
xl
xli
xlii
xliii
xliv
xlv
xlvi