Information Gathering

What is Information Gathering ?

The process of well knowing the target, digging details, foot printing and keep in touch with the target is called information gathering.

Types of Information Gathering

Active Information Gathering

• Information is gathered directly.
• E.g. -by phone call, interviews or by face to face meeting.

Passive Information Gathering

• Information is gathered using third party.
• E.g. - using search engine tools, websites etc.

1st Target - Person
2nd Target - Website
3rd Target - Email-id
4th Target - Web Server


Information Gathering - Website

• Before testing web application it is good to find information about that.
• WHO is Information
• Reverse IP Check
• Website Framework
• DNS Records

Information Gathering - Web Server

• Web Server provides access to internet resources

• Server Operating System
• Services running on that server
• Open Ports

Read More

Ethical Hacking

What is Hacking ?

•  Hacking is the act of finding the possible entry points that exist in a computer system or a computer network and finally entering into them.
• Hacking is usually done to gain unauthorized access to a computer system or a computer network, either to harm the systems or to steal sensitive information available on the computer.

What is Ethical Hacking ?

• Ethical Hacking is the act of doing penetration testing, finding vulnerabilities to ensure the security of an organization's information system.
• These professionals are the part of cyber security company.
• There goal in company is-
• To protect system's from attackers
• To ensure privacy of organization data
• Eliminate any potential threat 

Types of Hacker's

• Black Hat :- It is a very dangerous hacker, because there are note associate any kind of company. The actually do hacking in order to harm people or organization and also do hacking in order to steel of sensitive information.
• White Hat :- The white hat hacker the associate with particular organization and always do hacking in order to protect their company data from another hackers.
• Grey Hat :- Grey hat hacker is combination of black hat hacker and white hat hacker.So some times gray hat hacker associated with particular company and do hacking for good way but side by side they also do hacking for any legal purpose. 

Phases

• Reconnaisance
• Scanning
• Gaining Access
• Maintaining Access
• Clearing Tracks

Read More

Computer Security

Computer Security or IT security is the protection of computer systems from theft of or damage to their hardware, software or electronic data, as well as from disruption or misdirection of the service they provide.

• Hardware
• Software
• Firmware

Goals of Computer Security

1. Confidentiality
2. Data Integrity
3. Availability
4. Control
5. Audit

1. Confidentiality

Typically achieved by:

• Physical isolation
• Cryptography
• Background checks on People

2. Data Integrity

 Typically achieved by:

• Redundancy
• Backups
• Checksum & digital Signatures

3. Availability

Typically achieved by:

• Harding
• Redundancy
• Reference Checks on People

4. Control

Typically achieved by:

• Access Control lists
• Physical Security

5. Audit

Typically achieved by:

• Log Files
• Human auditors & expert systems

What to Secure? - Types of Computer Security

• Physical Security → Controlling who gets access to a computer
• OS Security → Permission controlling schemes, making sure users are authorized to perform certain actions.
• Access Control → managing who can Access what resources, from physical machines to programs to networks. 

Potential Losses due to security Attacks

Basic Computer Security Checklist

• Check if the user is password protected
• Check if the OS is updated
• Download software from reputable sources
• Check if the antivirus or antimalware is installed
• Terminate unusual service running that consumes resources
• Check if the firewall is on or not
• Check for your backups regularly
• Clear your private data from web browsers

Securing your Operating System (OS)

1. Keep your windows OS up to date
2. Update your software
3. Create a Restore point
4. Install antivirus product
5. Install a proactive security solution for multi-layered protection
6. Backup your system
7. Use a standard user account
8. Keep your user account control enabled
9. Secure your web browser before going online
10. Use an encryption software tool for your hardware

 Antivirus

→ Antivirus software, or anti-virus software (abbreviated to AV software), also known as anti-malware, is a computer program used to prevent, detect, and remove malware.

• Scanning
• Integrity
• Interception

Securing your Networks : Firewalls

A firewall i a network security system tat monitors and controls incoming and outgoing network traffic based on predetermine security rules.

• Cisco ASA Seies
• Checkpoint
• Fortinet
• Juniper
• SonicWALL
• pfSense

Securing Your  Network : IDS

An intrusion detection system (IDS) is a device or software application that monitors a network o systems for malicious activity or policy violations.

Securing Your Network : VPN

A virtual private network extends a secure and encrypted connection to share data remotely through public networks.

Read More

Network Security

Network Security is any activity designed to protect the usability and integrity of your network and data. It includes both hardware and software technologies. Effective network security manages access to the network. It targets a variety of threats and stops them from entering or spreading on your network.

Vulnerabilities in TCP/IP

1. Transfer are done in plain text
2. Weak authentication between client and web-server
3. No solution to syn-packet flooding
4. IP layer susceptible to many vulnerabilities.

The CIA Triad

• Confidentiality part of network security makes sure that the data is available only to the intended and authorized persons.
• Make sure that the data is reliable and is not changed by unauthorized persons.
• Availability is to make sure that the data, network resources/services are continuously available to the legitimate users, whenever they require.

Achieving Network Security

ENCIPHERMENT :- 
                   This mechanism provides data confidentiality services by transforming data into not-readable forms for the unauthorized persons. This mechanism uses encryption-decryption algorithm with secret keys.

DIGITAL SIGNATURE :-
                   This mechanism is the electronic is the ordinary signatures in electronic data. It provides authenticity of the data.

ACCESS CONTROL
                  This mechanism is used to provide access control services. These mechanism may use the identification and authentication of an entity to determine and enforce the access rights of the entity.

Client-Server Architecture

Email Security

• Confidentiality :- E-mail should be read by intended recipient only.
• Authentication :- E-mail recipient should be sure of the identity of sender.
• Integrity :- E-mail recipient should be sure of the identity of sender.
• Proof of Delivery :- Sender gets a confirmation that the recipient received the message.
• Non Repudiation :- Sender gets a confirmation that the recipient received the message.
• Proof of Submission :- Confirmation that message has been submitted to the mailing server.

PGP

Read More

Top 10 Reasons to Learn Cyber Security

1. Evergreen Industry

Artificial Intelligence
Chalbot
Machine Learning
Cloud computing
Cryptocurrency
Robot Assistants
Block Chain
Deep Learning
Internet of Things (IoT)
Big Data

2. The World is Your Oyster

High transferable skills mean you can move anywhere in the world.

Top countries you could travel to:

• United States of America
• United Kingdom
• Japan
• Russia

3. Working for the Greater Good

As a rule, cyber-security professionals are not likely to be famous. On the contrary, they quietly provide committed, faithful and honourable service to their organizations, countries and society as a whole.

4. Work with Top Secret Agencies 

• National Security Agency
• Mossad
• Central Intelligence Agency
• Military Intelligence Section 6 

5. Non Concern for Maths

6. Unlimited Growth Potential

A good cyber-security professional works to understand as much about how about technologies and organizations work as possible. That's massive opportunity to stay engaged and challenged challenged. The possibilities for personal and career growth are endless.

7. Everyone Wants you

8. Variety of Industries

 Every industry is going through some sort of digitalisation. And where ever digitalisation occurs, cyber attacks are bound to happens, hence cyber-security professionals find jobs everywhere.

9. Dynamic and Challenging

All of the opportunities for growth stem from the variety of technologies and situations security professionals face. If it uses ones and zeros, it has a cyber security component, and some roles even extend to physical security!

• Never Gets Boring
• New and Interesting Problems
• Creativity is encouraged

10. Money Makes the World Go Round

Faced with online attacks, business and government are looking for experts who can protect their systems from cyber criminals - and they are willing to pay high salaries and provides training and development.

• Fastest Growing Salaries
• For Seniors, it surpasses the median
• Earning based only on merit

 

Read More

Cyber Law

"The modern thief can steal more with a computer than with a gun. Tomorrow's terrorist may be able to do more damage with a keyboard than with a bomb".
                      
                  National Research Council, U S A " Computers at Risk". 1991

Need of Cyber Law

• Internet has dramatically changed our life.
• Transition from paper to paperless world.
• Laws of real world cannot be interpreted in the light of emerging cyberspace.
• Internet requires an enabling and supportive legal infrastructure to tune with the times.

Cyber Law ?

• Cyber Law is the law governing cyber space.
• Cyber space includes computers. networks, software's, data storage devices (such as hard disks, USB disks etc), the Internet, websites, emails and even electronic devices such as cell phones, ATM.

Cyber Crime

• Any crime with the help of computer and telecommunication technology.
• Any crime where either the computer is used as an object or subject.

Categories of Cyber Crime

• Cybercrimes against persons
• Cybercrimes against property.
• Cybercrimes against government. 

Statistics of Cyber Crimes

IT ACT - 2000

• The Information Technology Act, 2000 (IT Act), came into force on 17 October 2000.
• The primary purpose of the Act is to provide legal recognition to electronic commerce and to facilitate filing of electronic records with the Government.
• Information Technology Act 2000 consisted of 94 sections segregated into 13 chapters.

IT ACT-2000 : Objectives

• To provide legal recognition for transactions
• To facilitate electronic filing of documents with the Government agencies.
• To amend the Indian Penal Code, The Indian Evidence Act, 1872, The Banker's Book Act, 1891 and the Reserve Bank of India Act, 1934.
• Aims to provide the legal framework to all electronic records.

IT ACT Amendment - 2008

• The Information Technology Amendment Act, 2008 (IT Act 2008) has been passed by the parliament on 23rd December 2008.
• It received the assent of President of India on 5th February, 2009.
• The IT Act 2008 has been notified on October 27, 2009.
• ITA-2008, is a new version of IT Act 2000.
• Provides additional focus on Information Security.
• Added several new sections on offences including Cyber Terrorism and Data Protection.
• 124 sections and 14 chapters.
• Schedule I and II have been replaced ^ Schedules III and I are deleted.

Importance of Cyber Law

• We are living in highly digitalized world.
• All companies depend upon their computer networks and keep their Valuable data in electronic form.
• Government forms including income tax returns company law forms etc are now filled in electronic form.
• Consumers are increasingly using credit cards for shopping.
• Most people are using email, cell phones and SMS messages for communication.
• Even in "non-cyber crime" cases, important evidence is found in computers / cell phones e.g. in cases of divorce, murder, kidnapping, organized crime, terrorist operations, counterfeit currency etc.
• Since it touches all the aspects of transactions and activities on and concerning the Internet, the World Wide Web( WWW) and Cyberspace therefore Cyber Law is extremely important.

Read More

A basic Encryption Decryption System

Encryption

• Transforming information from readable format to unreadable format.
• Encryption Algorithms can be used to encrypt data.

Decryption

• Transforming from unreadable format to readable format
• Decryption Algorithms can be used to decrypt data.

Key

• A string of bits used by a cryptography algorithm to transform plain text into cipher text or vice versa.
• Key remains private and secures communication.

Plain text 

 The original message (before encrypting) is called as plain text

Cipher text

   The transformed message (after encrypting) is called as Cipher text.

Cryptanalysis

• Techniques used for decrypting a message without any knowledge of the encryption details.
• "Breaking the code"

Brute force attack

• Trying every possible key until an intelligible translation of the ciphertext into plaintext is obtained.

Two Techniques

1. Symmetric Cryptography

• Also called secret key/private key cryptography
• Same key used for Encryption & Decryption.

2. Asymmetric Cryptography.

• Also called public key cryptography
• A pair of keys is used for encryption and decryption.

Read More

Virus Damage Scenarious in OS Security

Virus

• Blackmail
• Denial of service as long as virus runs
• Permanently damage hardware
• Target a competitor's computer

            - Do harm
            - Espionage

• Intra-corporate dirty tricks

            - Practical joke
            - Sabotage another corporate officer's files

Worms vs Viruses

• Viruses require other programs to run
• Worms are self-running (separate process)
• The 1988 Internet Worm

            - Consisted of two programs
                   Bootstrap to upload worm
                   The worm itself
            - Exploited bugs in sendmail and finger
            - Worm first hid its existence
            - Next replicated itself on new machines
            - Brought the Internet (1988 version) to a screeching halt.

Read More

Cyber Security Paperback – 2011 by Nina Godbole (Author), Sunit Belapure (Author)

Cyber Security Paperback – 2011
by Nina Godbole (Author), Sunit Belapure (Author)

This book, focusing on cyberthreats and cybersecurity, provides the much needed awareness in the times of growing cybercrime episodes. · Comprehensive treatment of important topic - cybersecurity to help readers understand the implications of cybercrime. · The book provides adequate orientation on laws in reference to cybercrime and cybersecurity taking into account the Indian as well as global scenario. · Awareness created through simple practical tips and tricks, educates readers to learn how to avoid becoming victims of cybercrime. · Written by InfoSec domain SME and co-authored by qualified ethical hacking professional who is also a security certified. · Well-presented case illustrations and examples from real life to underline the significance of topics addressed in each chapter.

Buy Link: 

https://amzn.to/2Qn4IXp

About the Author

Nina Godbole is an author of the book Information Systems Security: Security Management, Metrics, Frameworks and Best Practices published by Wiley India in January 2009. She is also on the Editorial Board of IEEE Computer Society. She has published numerous articles on topics in leading IT magazines. She has a vast work experience in the IT industry in Software Quality Assurance, systems analysis and design, application support services as well as application audit and IS audit. Nina is a CIPP/IT - a privacy professional certified by the IAPP USA (International Association of Privacy Professional) as well as a CISA (Certified Information Systems Auditor) certified by ISACA USA (Information Systems Audit and Control Association). Nina is also an ITIL foundation certified professional, a PMP, CQA and CSTE from QAI, USA (Quality Assurance Institute). Sunit Belapure has more than 8 years experience in Information Security domain out of his total industry experience of more than 18 years. He works in the domain of ISRM (Information Security and Risk and Management) and Information System Audit. Sunit has respective international certifications to his credit - CISA (Certified Information Systems Auditor) from ISACA-USA, IRCA certified ISO 27001:2005 Lead Auditor, Certified Ethical Hacker (CEH v5.0) from EC-Council-USA and CISM (Certified Information Security Manager) from ISACA-USA. He is a member of ISACA, USA. He engages into Compliance and Assurance assignments (for ERP as well as for Non-ERP applications) under IS security and IT Governance domain. Sunit is a noted speaker on Information Security domain at reputed institutes in and around Pune.

Read More

User Authentication in OS Security

Problem: how does the computer know who you are?

Solution: use authentication to identify

• Something the user knows
• Something the user has
• Something the user is

This must be done before user can use the system

Important: from the computer's point of view...

• Anyone who can duplicate your ID is you
• Fooling a computer isn't all that hard...

There are two types of authentication

• External : verify the user

             Usually username/password combination
       May require two passwords or other identification

• Internal : verify the process

               Don't allow one users process to appear to be that of another user


Dealing with Passwords

Password should be memorable

• Users shouldn't need to write them down!
• Users should be able to recall them easily

Solution: use hashing to hide "real" password

• One-way function converting password to meaningless string of digits (UNIX password hash, MD5, SHA-1)
• Difficult to find another password that hashes to the same random-looking string
• Knowing the hashed value and hash function gives no clue to the original password.

Authentication using bio-metrics

Use basic body properties to prove identity

Examples include

• Fingerprints
• Voice
• Hand size
• Retina patterns
• Iris Patterns
• Facial features

Potential problems

• Duplicating the measurement
• Stealing it from its original owner?

Read More

System & Network Threats Security

• Worms - use spawn mechanism; standalone program
• Internet worm

 - Exploited UNIX networking features (remote access) and bugs in finger and send-mail programs. (See next slide)

          - Grappling hook program uploaded main worm program

• Port scanning

          - Automated attempt to connect to a range of ports on one or a range of IP addresses

• Denial of Service

           - Overloaded the targeted computer preventing it from doing any useful work.
           - Distributed denial-of-service (DDOS) come from multiple sites at once.

Read More

Security Environment and Program Threats in OS Security

Security Environment

Security Problem

• Security must consider external environment of the system, and protect the system resources.
• Intruders (crackers) attempt to breach security.
• Threat is potential security violation.
• Attack is attempt to breach security.
• Attack can be accidental or malicious.
• Easier to protect against accidental than malicious misuse.

Intruders

• Snooping by insiders
• Determined attempt to make money
• Casual prying by nontechnical users
• Commercial or military espionage

Accidental Data Loss

• Hardware or Software error

            - CPU malfunction
            - Disk crash
            - Program bugs

• Human errors

           - Data entry
           - Wrong tape mounted

• Acts of God

           - Fires
           - Earthquakes
           - Wars


Program Threats

• Trojan Horse

         - Code segment that misuses its environment
         - Exploits mechanisms for allowing programs written by users to be executed by other users.
         - Spyware, pop-up browser windows, convert channels

• Trap Door

         - Specific user identifier or password that circumvents normal security procedures.
         - Could be included in a compiler.

• Logic Bomp

          - Program that initiates a security incident under certain circumstances

• Stack and Buffer Overflow

          - Exploits a bug in a program (overflow either the stack or memory buffers)

• Viruses

         - Code fragment embedded in legitimate program
         - Very specific to CPU architecture, operating system, applications
         - Usually borne via email or as a macro
              * Visual Basic Macro to reformat hard drive
                     Sub AutoOpen( )
                      Dim oFS
                         set oFS = CreateObject("Scripting.FileSystemObject")
                           vs = Shell("c:command.com/kformat  c:" ,vbHide)
                                End Sub

Read More

Security Attacks: Cryptography

Attacks can be of two types.

1. Active attacks :

           - Attempts to change and modify the information.
           - Easy to detect.
    
     2.  Passive attacks :

            - Attempts to obtain the information and not to modify.
            - Difficult to detect.

Passive Attacks

1. Release of Message Content.
      - Transmitted data may contain confidential information.
      - Monitors / listens the information.

2. Traffic Analysis.
       - Monitoring and observing the pattern of data transmission.


Active Attacks

1. Masquerade
         - One entity pretends to be a different entity.

2. Replay 
       - Passive capture of a data unit.
       - And it is retransmitted later.

3. Modification of Message

• A legitimate message is altered.
• And then it is retransmitted later.

4. Denial of Service.

• Break down a communication system or network.
• And making it unavailable to its intended users.

Read More

Principles of Security: Cryptography

Data Confidentiality

• Privacy
• Protect the information from any unauthorized disclosure

Data Integrity

• Data received should be exactly same as the data sent.
• There should be no modification.

Data Availability

• Data must be available to the authorized parties.

Authentication

• Ensure communication is authentic
• Verifying the identity of sender/receiver.

Non Repudiation

• Sender/receiver can not deny of transmitted data.

Read More

Introduction to Cryptography

Why need Cryptography?

 But Is internet secure?

→ This message can be corrupted by intruders.
      To provide the security and protect the valuable information, we can use cryptography.

What is Cryptography?

Bob wants to send a message to Alice.

His message can be sent securely by transforming the whole content into a new form others can't understand.
(Hello Alice! .........> 6EB6957008E03CE4)

The art of protecting information by transforming it into an unreadable format, is called CRYPTOGRAPHY.


Encryption and Decryption

Encryption 
    Transforming information from readable format to unreadable format.

Decryption
    Transforming information from unreadable format to readable format.

Key 
   A string of bits used by a cryptographic algorithm transform plain text into cipher text or vice versa. 
 Key remains private and secures communication.

Read More

Introduction of Information Security

Introduction

• Information security a "well-informed sense of assurance that the information risks and controls are in balance." - Jim Anderson, Inovant (2002)
• Security professionals must review the origins of this field to understand its impact on our understanding of information security today.

The History of Information Security

• Computer security began immediately after the first mainframes were developed.

           - Groups developing code-breaking computations during World War 2 created the first modern computers.

           - Multiple levels of security were implemented: Badges, key, and facial recognition of authorized personnel controlled access to sensitive military locations.

• Physical controls to limit access to sensitive military locations to authorized personnel.
• In contrast, information security during these early years was rudimentary and mainly composed of simple document classification schemes.
• There were no application classification projects for computers or operating systems at this time,because the primary threats to security were physical theft of equipment, espionage against the products of the systems, and sabotage. 

The 1960s

• During the 1960s, the Department of Defense's Advanced Research Procurement Agency (ARPA) began examining the feasibility of a redundant networked communications system designed to support the military's need to exchange information.
• Larry Roberts, known as the founder of the internet, developed the project from its inception.

The 1970s and 80s

• ARPANET grew in popularity as did its potential for misuse.
• Fundamental problems with ARPANET security were indentified

             - No safety procedures for dial-up connections to ARPANET

             - Nonexistent user identification and authorization to system

• Late 1970s: microprocessor expanded computing capabilities and security threats
• Information security began with Rand Report R-609 (paper that started the study of computer security)
• Scope of computer security grew from physical security to include:

          - Safety of data

          - Limiting unauthorized access to data

          - Involvement of personnel from multiple levels of an organization 

What is Security?

• "The quality or state to being secure - to be free from danger"
• A successful organization should have multiple layers of security in place:

         - Physical security

         - Personal security

         - Operations security

         - Communications security

         - Network security

         - Information security

• A successful organization should have the following multiple layers of security in place for the protection of its operations:

         - Physical security :- To protect the physical items, objects, or areas of an organization from unauthorized access and misuse.

         - Personal security :- To protect the individual or group of individuals who are authorized to access the organization and its operations.

         - Operations security :- To protect the details of a particular operation or series of activities.

         - Communications security :- To protect an organization's communications media, technology, and content.

         - Network security :- To protect networking components, connections, and contents.

Read More