ESSENTIAL TERMINOLOGY
Hack Value
It is the notion among hackers that something is worth doing or is intersting.
Exploits
A defined way to brach the security of an IT system through vulnerability.
Vulnerability
Existence of a weakness, design, or implementation error that can lead to an unexpected and undesirable event compromising of the system
Target of Evaluation
An IT system, product, or component that is identified/subjected to a required security evaluation.
Zero-Day Attack
An attack that exploits computer application vulnerabilities before the software developer releases a path for the vulnerability.
Daisy Chaining
Hackrs who get away with database theft usually complete their task, then backtrack to cover their tracks by destroying logs, etc.
ELEMENT OF INFORMATION SECURITY
Confidentiality
Assurance that the information is accessible only to those authorized to have access.
Interrity
The trustwothiness of data or resources in terms of preventing improper and unauthorized changes.
Availability
Assurance that the systems responsible for delivering, storing, and processing information are accessible when required by the authorized users.
Authenticity
Authenticity refers to the characteristics of a communications, document or any data that ensures the quality of being genuine.
Non-Repudation
Garantee that the sender of a message cannot later deny having sent the message and that the recipient cannot deny having recived the message.
TOP INFORMATION SECURITY ATTACK VECTORS
An attack vector is a path or means by which an attacker gains access to an information system to perform malicious activities. This attack vector enable an attacker to take adventage of the vulnerabilities present in the information system in order to carry out a particular attack.
Although there are some traditional attacks vectors from which attack can be performed, attack vectors come in many forms; one cannot predict in which form an attack vector can come.
The following are the possible top attack vectors thought which attackers can attack information systems:
- Virtualization and Cloud Computing
- Organized Cyber Crime
- Unpatched Software
- Targeted Malware
- Social Networking
- Insider Threats
- Botnets
- Lack of Cyber Security Professionals
- Network Applications
- Inadequate Secuity Policies
- Mobile Device Security
- Compliance with Govt.Laws and Regulations
- Complexity of Computer Infrastrucure
- Hacktivism
INFORMATION SECURITY THREATS
Information security threats are broadly classified into three categories, as follows:
Natural Threats
Natural Threats include natural disasters such as eathquakes, hurricane, floods or any nature-created disaster that cannot be stop. Information damage or lost due to natural threats cannot be prevented as no one knows in advance that these types of threats will occur. However, you can implement a few safeguards against natural disasters by adopting disaster recovery plans and contigency plans.
Physical Security Threats
Physical Threats may include loss or damage of system resources through fire, water, theft, and physical impact. Physical impact on resources can be due to a collision or other damage, either intentionally or unintentionally. Sometimes, power may also damage hardware used to store information.
Human Threats
Human Threats include threats of attacks performed by both insider and outsider. Insider attacks refer to attacks performed by disgruntled or malicious employees. Outsider attacks refer to attacks performed by malicious people not within the organization. Insider attackers can be the biggest threat to information system as they may know the security posture of the information systems, while outsider attackers apply many tricks such as social engineering to learn the security posture of the information system.
NETWORK THREATS
A network is defined as the collection of computers and other hardware connected by communication channels to share resources and information. As the information travels from one computer to the other through the communication channel, a malicious person may break into the communication channel and steal the information traveling over the network. The attacker can impose various threats on a target network:
- Information gathering
- Sniffing and eaversdropping
- Spoofing
- Session hijacking and man-in-the-middle attacks
- SQL injection
- ARP poisoning
- Password-base attacks
- Denial of service attack
- Compromised-key attack
HOST THREATS
Host threats are directed at a particualr system on which valuable information resides. Attackers try to breach the security of the information system resource. The following are possible threats to the host:
- Malware attacks
- Target Footprinting
- Password attacks
- Denial of service attacks
- Arbitrary code execution
- Unauthorized access
- Privilege escalation
- Back door Attacks
- Physical security threats
APPLICATION THREATS
If the proper security measures are not considered during development of the particular application, the application might be vulnerable to different types of application attacks. Attackers take advantage of vulnerabitiles present in the application to steal or damage the information. The following are possible threats to the application:
- Data/Input validation
- Authentication and Authorization attacks
- Configuration management
- Information disclosure
- Session management issues
- Buffer overflow issues
- Cryptography attacks
- Parameter manipulation
- Improper error handling and exeution management
- Auditing and logging issues
INFORMATION WARFARE
Warfare or InfoWar refers to the use of information and communication technologies (ICT) to take competitive advantages over an opponent.
Defensive Information Warfare: It refers to all strategies and actions to defend against attacks on ICT assets.
- Prevention
- Deterrence
- Alerts
- Detection
- Emergency Preparendess
- Response
Offensive Informaion Warfare: It refers to information warfare that involves attacks against ICT assets of an opponent.
- Web Application Attacks
- Web Server Attacks
- Malware Attacks
- MITM Attacks
- System Hacking
IPv6 SECURITY THREATS
Auto Configuration Threats
IPv6 enables auto-configuration of IP networks, which may leave user vulnerable to attacks if the network is not configured properly and securely from the very beginning.
Unavailability Reputation-based Protection
Current security solutions use reputation of IP addresses to filter out known sources of malware; vendors will take time to develop reputation-based protection for IPv6.
Incompatibility of Logging Systems
IPv6 uses 128-bit addresses, which are stored as a 39-digit string whereas IPv4 addresses stored in a 15-charater field; logging solutions designed for IPv4 may not work on IPv6 based networks.
Rated Limited Problem
Administrators use rate limiting strategy to slow down the automated attack tool; however, it is impractical to rate limit at the 128-bit address level.
Default IPv6 Activation
IPv6 may be activated without the administrator's knowledge, which wil leave IPv4-base security controls ineffective.
Complexity of Network Management Tasks
Administrators may adopt easy-to-remember address (::10, ::20, ::F00D,::C5C0 so simply IPv4 last octet for dual stack) leading to a potential vulnerability.
Complexity in Vulnarability Assessment
IPv6's 128-bit address space makes active scanning of infrastructure for unauthorized or vulnerable systems more complex.
Overloading of Perimeter Security Controls
IPv6 has a 40-byte fixed header with an add-on "extension headers" that may be chained, which required complex processing by various security controls systems such as routers, security gateways, firewalls and IDS.
IPv4 to IPv6 Translation Issues
Translating IPv4 traffic to IPv6 may result in poor implementation and may provide a potential attack vector.
Security Information and Event Management (SIEM) Problems
Every IPv6 host can have multiple IPv6 addresses simultaneously, which leads to complexity of log or event correlation.
Denial-of-Service (DOS)
Overloading of network security and control devices can significantly reduce the availability theshold of network resources, leading to DoS attacks.
Trespassing
IPv6's advanced network discovery features can be exploted by attackers who can traverse through your network and access the restricted resources.
HACKING VS. ETHICAL HACKING
- Hacking refers to exploiting system vulnerabilities and compromising secure controls to gain unauthorized or inappropriate access to the system resources.
- It involves modifying system or application features to achive a goal outside of the creator's original purpose.
- Ethical hacking involes the use of hacking tools, tricks and techniques to identify vulnerabilities so as to ensure syste security.
- It focuses on simulating techniques used by attackers to verify the existence of exploitable vulnerabilities in the system security.
WHO IS A HACKER?
A hacker is a person who illegally breaks into a system or network without any authorizatin to destroy, steal sensitive data, or perform malicious attacks. Hackers may be motivated by a multitude of reasons:
- Intelligent individuals with excellent computer skills, with the ability to create and explore the computer's software and hardware.
- For some hackers, hacking is a hobby to see how many computers or networks they can compromise.
- Their intention can either be to gain knowledge or to poke around doing illegal things.
- Some hack with malicious intent, such as stealing business data, credit card information, social security numbers, email passwords, etc.
HACKER CLASSES
BLACK HATS
Black hats are individuals with extraordiary computing skills, resorting to malicious or disctructive activities and are also known as crackers. These individuals mostly use their skills for only desctructive activities, causing huge losses for companies as well as individuals. They use their skills in finding vulnerabilities in the various networks including defense and goverment websites, banking and finance etc. Some do it to cause damage, steal information, destroy data, or earn money easily by hacking IDs of bank customers.
WHITE HATS
White hats are individuals who possess hacking skills and use them for defensive purposes; they are also known as security analysts. These days, almost every company has security analysts. These days, almost every company has security analysts to defend their systems against the malicious attacks. White hats help companies secure their networks from outside intruders.
GRAY HATS
Gray hats are the individuals who work both offensively and defensively at various times. Gray hats fall between white and black hats. Gray hats might help hackers by finding various vulnerabilities of a system or network and at the same time help vendors to improve products (software or hardware) by checking limitations and making them more secure, etc.
SUICIDE HACKERS
Suicide hackers are individuals who aim to bring down critical infrastructure for a "cause" and are not worried about facing 30 years in jail for their actions. Suicide hackers are closely related to suicide bombers, who sacrifice their life for the attack and are not concerned with the consequences of their actions. There has been a rise in cyber terrorism in recent years.
SCRIPT KIDDIES
Script kiddies are the unskilled hackers who compromise systems by running scripts, tools, and software developed by real hackers. They utilize small, easy-to-use programs or scripts as well as distinguished techniques to find and exploit the vulnerabilities of a machine. Script kiddies usually focus on the quantity of attacks rather than the quality of the attacks.
SPY HACKERS
Spy hackers are individuals who are employed by an organization to penetrate and gain trade secrets of the competitor. These insiders can take advantage of the privileges they have to hack a system or network.
CYBER TERRORISTS
Cyber terrorists could be people, organized groups, formed by terrorist organizations, that have a wide range of skills, motivated by religious or political beliefs, to create fear by large-scale disruption of computer networks. This type of hackers is more dangerous as they can hack not only a website but whole Internet zones.
STATE SPONSORED HACKERS
State sponsored hackers are individuals employed by the government to penetrate and gain top-secret information and to damage information systems of other government.
HACKTIVISM
Hacktivism is an act of promoting a political agenda by hacking, especially by defacing or disabling website. The person who does these things is known as a hacktivist.
- Hacktivism thrives in an enviroment where information is easily accessible.
- It aims to send a message through hacking activities and gain visibility for a cause.
- Common targets include government agencies, multinational corporations, or any other entity perceived as "bad" or "wrong" by these groups or individuals.
- It remains a fact, howerver, that gainig unauthorized access is a crime, no matter what the intention is.
- Hacktivism is motivated by revenge, political or social reasons, ideology, vandalism, protest, and a desire to humiliate victims.
HACKING PHASES
The various phases involved in hacking are:
- Reconnaissance
- Scanning
- Gainin Access
- Maintainig Access
- Clearing Tracks
Комментариев нет:
Отправить комментарий