Emerging Trends in CO and IT (22618)

Unit-5 Basics of Hacking

Contents
5.1 Ethical Hacking
● How Hackers Beget Ethical Hackers
● Defining hacker, Malicious users
● Data Privacy and General Data Protection and Regulation(GDPR)
5.2 Understanding the need to hack your own systems
5.3 Understanding the dangers your systems face
● Nontechnical attacks
● Network-infrastructure attacks
● Operating-system attacks
● Application and other specialized attacks
5.4 Obeying the Ethical hacking Principles
● Working ethically
● Respecting privacy
● Not crashing your systems
5.5 The Ethical hacking Process
● Formulating your plan
● Selecting tools
● Executing the plan
● Evaluating results
● Moving on
5.6 Cyber Security act

5.1 Ethical Hacking

History:
Hacking developed alongside "Phone Phreaking", a term referred to exploration of the
phone network without authorization, and there has often been overlap between both
technology and participants.
Ethical hacking is the science of testing computers and network for security
vulnerabilities and plugging the holes found before the unauthorized people get a
chance to exploit them.

Maharashtra State Board of Technical Education P a g e 101 | 151

 Emerging Trends in CO and IT (22618)

Social Engineering Cycle Social Engineering Counter Measures

Fig. 5.1 Social Engineering Cycle and Counter Measures

● Gather Information: This is the first stage, the learns as much as he can about
the intended victim. The information is gathered from company websites, other
publications and sometimes by talking to the users of the target system.
● Plan Attack: The attackers outline how he/she intends to execute the attack
● Acquire Tools: These include computer programs that an attacker will use when
launching the attack.
● Attack: Exploit the weaknesses in the target system.
● Use acquired knowledge: Information gathered during the social engineering
tactics such as pet names, birthdates of the organization founders, etc. is used in
attacks such as password guessing.
Most techniques employed by social engineers involve manipulating human biases.
To counter such techniques, an organization can;
✔ To counter the familiarity exploit
✔ To counter intimidating circumstances attacks
✔ To counter phishing techniques
✔ To counter tailgating attacks
✔ To counter human curiosity
✔ To counter techniques that exploit human greed
Summary
● Social engineering is the art of exploiting the human elements to gain access to
un-authorized resources.
● Social engineers use a number of techniques to fool the users into revealing
sensitive information.
● Organizations must have security policies that have social engineering
countermeasures.
Hacker’s attitude:
A hacker-cracker separation gives more emphasis to a range of different categories,
such as white hat (ethical hacking), grey hat, black hat and script kiddies. The term
cracker refers to black hat hackers, or more generally hackers with unlawful
intentions.

Hackers are problem solvers. They get extract from understanding a problem and
sorting out a solution. Their motivation to meet challenges is internal. Hackers do what
Maharashtra State Board of Technical Education P a g e 102 | 151
 Emerging Trends in CO and IT (22618)

they do because it’s extremely satisfying to solve puzzles and fix the up-until-now
unfixable. The pleasure derived is both intellectual and practical. But one doesn’t have
to be a geek to be a hacker. Being a hacker is a mind-set. In Raymond’s
dissertation, “How to Become a Hacker”, he describes the fundamentals of a hacker
attitude.
These are very same principles apply to being innovative which are explained as below:
The world is full of fascinating problems waiting to be solved.
Innovation happens because hackers like to solve the problem rather than complaining.
If one happen to find these problems fascinating and exciting, then it won’t even feel
like hard work.
No Problem should ever have to be solved twice.
Hackers are perfectionists for clarifying the problem before they start generating ideas.
It’s easy to jump to solutions, but sometimes that means wrong problems are solved. A
little bit of accuracy on the front end of a problem solving process means one tackles
the right and real problem, so one only have to do it once.
Boredom and drudgery(more and more work) are evil.
The best way to lose touch with innovation is to become too repetitive. Innovation
requires constant and vigilant creativity. It may not be broken enough to fix, but there’s
no reason not to squeeze it and cut boredom off at the pass.
Freedom is good.
Hackers need freedom to work upon their ideas.
Attitude is no substitute for competence.
They are open-minded and they see problems as interesting opportunities. Innovators
are seeking to understand a problem more deeply, puzzling at how an unworkable idea
might become workable, increasing their skill set so that they are better problem solvers
and can better execute their ideas.
Hackers are the innovators of the Internet. Overall hackers are who have got that
relentless, curious, problem-solving attitude.

Computer Hacking:
Computer Hackers have been in existence for more than a century. Originally,
"hacker" did not carry the negative implications. In the late 1950s and early 1960s,
computers were much different than the desktop or laptop systems most people are
familiar with. In those days, most companies and universities used mainframe
computers: giant, slow-moving hunks of metal locked away in temperature-controlled
glass cages. It cost thousands of dollars to maintain and operate those machines, and
programmers had to fight for access time.
Because of the time and money involved, computer programmers began looking for
ways to get the most out of the machines. The best and brightest of those programmers
created what they called "hacks" - shortcuts that would modify and improve the
performance of a computer's operating system or applications and allow more tasks
to be completed in a shorter time.
Maharashtra State Board of Technical Education P a g e 103 | 151
 Emerging Trends in CO and IT (22618)

Still, for all the negative things hackers have done, they provide a necessary (and even
valuable) service, which is elaborated on after a brief timeline in the history of
computer hacking

5.1.1 How Hackers Beget Ethical Hackers:

Hacker is a word that has two meanings:
✔ Traditionally, a hacker is someone who likes to tamper with software or
electronic systems. Hackers enjoy exploring and learning how computer
systems operate. They love discovering new ways to work electronically.
✔ Recently, hacker has taken on a new meaning — someone who maliciously
breaks into systems for personal gain. Technically, these criminals are
crackers (criminal hackers). Crackers break into (crack) systems with
malicious intent. They are out for personal gain: fame, profit, and even
revenge. They modify, delete, and steal critical information, often making
other people miserable.
The good-guy (white-hat) hackers don’t like being in the same category as the bad-
guy (black-hat) hackers. Whatever the case, most people give hacker a negative
meaning. Many malicious hackers claim that they don’t cause damage but instead are
selflessly helping others. In other words, many malicious hackers are electronic
thieves.
Hackers go for almost any system they think they can compromise. Some prefer
prestigious, well-protected systems, but hacking into anyone’s system increases their
status in hacker circles.
If one need protection from hacker troubles; one has to become as savvy as the guys
trying to attack systems. A true security assessment professional possesses the skills,
mind-set, and tools of a hacker but is also trustworthy. He or she performs the hacks
as security tests against systems based on how hackers might work.

● Ethical hacker’s attitude encompasses formal and methodical penetration

testing, white hat hacking, and vulnerability testing ,which involves the same
tools, tricks, and techniques that criminal hackers use, but with one major
difference: Ethical hacking is performed with the target’s permission in a
professional setting.
The intent of ethical hacking is to discover vulnerabilities from a malicious attacker’s
viewpoint to better secure systems. Ethical hacking is part of an overall information
risk management program that allows for on-going security improvements. Ethical
hacking can also ensure that vendors’ claims about the security of their products are
genuine.

● Ethical hacking versus auditing

Many people confuse security testing via the ethical hacking approach with security
auditing, but there are big differences, namely in the objectives.
Maharashtra State Board of Technical Education P a g e 104 | 151
 Emerging Trends in CO and IT (22618)

Security auditing involves comparing a company’s security policies (or compliance

requirements) to what’s actually taking place. The intent of security auditing is to
validate that security controls exist using a risk-based approach.
Auditing often involves reviewing business processes and, in many cases, might not
be very technical. Security audits are usually based on checklists.
Equally, security assessments based around ethical hacking focus on vulnerabilities
that can be exploited. This testing approach validates that security controls do
not exist or are incompetent at best.
Ethical hacking can be both highly technical and nontechnical, and although one can
use a formal methodology, it tends to be a bit less structured than formal auditing.

● Policy considerations
If it is chosen to make ethical hacking an important part of business’s information risk
management program, one really need to have a documented security testing policy.
Such a policy outlines who’s doing the testing, the general type of testing that is
performed, and how often the testing takes place.

● What is Hacking?
Hacking is identifying weakness in computer systems or networks to exploit its
weaknesses to gain access.

● Example of Hacking:
Computers have become mandatory to run successful businesses. It is not enough to
have isolated computers systems; they need to be networked to facilitate
communication with external businesses.
✔ Using password cracking algorithm to gain access to a system.
✔ This exposes them to the outside world and hacking. Hacking means using
computers to commit fraudulent acts such as fraud, privacy invasion, stealing
corporate/personal data, etc.
✔ Cybercrimes cost many organizations millions of dollars every year.
Businesses need to protect themselves against such attacks.

Ethical Hacking is identifying weakness in computer systems and/or computer

networks and coming up with countermeasures that protect the weaknesses.
Ethical hacking is a branch of information security or information assurance which
tests an organization's information systems against a variety of attacks. Ethical
hackers are also sometimes known as White Hats.
Many people are confused when the terms "Ethical" and "Hacking" are used together.
Usually the term "hacker" has a negative connotation due to media reports using
incorrect terminology.

Ethical hackers must abide by the following rules:

✔ Get written permission from the owner of the computer system and/or
computer network before hacking.
Maharashtra State Board of Technical Education P a g e 105 | 151
 Emerging Trends in CO and IT (22618)

✔ Protect the privacy of the organization been hacked.

✔ Transparently report all the identified weaknesses in the computer system to
the organization.
✔ Inform hardware and software vendors of the identified weaknesses.

Definition:
Ethical hacking
✔ Refers to the act of locating weaknesses and vulnerabilities of computer and
information systems by duplicating the intent and actions of malicious hackers.
✔ Known as penetration testing, intrusion testing or red teaming.
An ethical hacker is a security professional who applies their hacking skills for
defensive purposes on behalf of the owners of information systems.
By conducting penetration tests, an ethical hacker looks to answer the following four
basic questions:
1. What information/locations/systems can an attacker gain access?
2. What can an attacker see on the target?
3. What can an attacker do with available information?
4. Does anyone at the target system notice the attempts?
An ethical hacker operates with the knowledge and permission of the organization for
which they are trying to defend. In some cases, the organization will neglect to inform
their information security team of the activities that will be carried out by an ethical
hacker in an attempt to test the effectiveness of the information security team. This is
referred to as a double-blind environment. In order to operate effectively and legally,
an ethical hacker must be informed of the assets that should be protected, potential
threat sources, and the extent to which the organization will support an ethical hacker's
efforts.

5.1.2 Defining hacker, Malicious users:

Definition of Hacker: A Hacker is a person who finds and exploits the weakness in
computer systems and/or networks to gain access. Hackers are usually skilled
computer programmers with knowledge of computer security.
An Ethical Hacker, also known as a whitehat hacker, or simply a whitehat, is a
security professional who applies their hacking skills for defensive purposes on behalf
of the owners of information systems.
Nowadays, certified ethical hackers are among the most sought after
informationsecurity employees in large organizations such
as Wipro, Infosys, IBM, Airtel and Reliance among others.

What Is a Malicious User?

Malicious users (or internal attackers) try to compromise computers and sensitive
information from the inside as authorized and “trusted” users. Malicious users go for
systems they believe they can compromise for fraudulent gains or revenge.
Maharashtra State Board of Technical Education P a g e 106 | 151
 Emerging Trends in CO and IT (22618)

✔ Malicious attackers are, generally known as both, hackers and malicious users.
✔ Malicious user means a rogue employee, contractor, intern, or other user who
abuses his or her trusted privileges .It is a common term in security circles.

Users search through critical database systems to collect sensitive information, e-mail
confidential client information to the competition or elsewhere to the cloud, or delete
sensitive files from servers that they probably do not have access.
There’s also the occasional ignorant insider whose intent is not malicious but who
still causes security problems by moving, deleting, or corrupting sensitive
information. Even an innocent “fat-finger” on the keyboard can have terrible
consequences in the business world.

Malicious users are often the worst enemies of IT and information security
professionals because they know exactly where to go to get the goods and don’t need
to be computer savvy to compromise sensitive information. These users have the
access they need and the management trusts them, often without question. In short
they take the undue advantage of the trust of the management.
Hackers are classified according to the intent of their actions.
The following list classifies hackers according to their intent.

Symbol Description

Ethical Hacker (White hat): A hacker who

gains access to systems with a view to fix the
identified weaknesses.
They may also perform
penetration Testing and vulnerability
assessments.

Cracker (Black hat): A hacker who gains

unauthorized access to computer systems for
personal gain.
The intent is usually to steal corporate data,
violate privacy rights, transfer funds from
bank accounts etc.

Grey hat: A hacker who is in between

ethical and black hat hackers. He/she breaks
into computer systems without authority with
a view to identify weaknesses and reveal
them to the system owner.

Maharashtra State Board of Technical Education P a g e 107 | 151

 Emerging Trends in CO and IT (22618)

Symbol Description

Script kiddies: A non-skilled person who

gains access to computer systems using
already made tools.

Hacktivist: A hacker who use hacking to

send social, religious, and political, etc.
messages. This is usually done by hijacking
websites and leaving the message on the
hijacked website.

Phreaker: A hacker who identifies and

exploits weaknesses in telephones instead of
computers.

Figure 5.2: classification of hackers according to their intent

Why Ethical Hacking?

● Information is one of the most valuable assets of an organization. Keeping
information secured can protect an organization’s image and save an
organization a lot of money.
● Hacking can lead to loss of business for organizations that deal in finance such
as PayPal. Ethical hacking puts them a step ahead of the cyber criminals who
would otherwise lead to loss of business.

Legality of Ethical Hacking

Ethical Hacking is legal if the hacker abides by the rules stipulated as above.
The International Council of E-Commerce Consultants (EC-Council) provides a
certification program that tests individual’s skills. Those who pass the examination
are awarded with certificates. The certificates are supposed to be renewed after some
time.

Maharashtra State Board of Technical Education P a g e 108 | 151

 Emerging Trends in CO and IT (22618)

Figure 5.3: Penetration Testing Stages

5.1.3 Data Privacy and General Data Protection and Regulation (GDPR):

5.1.1 Data Privacy:

Data privacy is a guideline for how data should be collected or handled, based on its
sensitivity and importance. Data privacy is typically applied to personal health
information (PHI) and personally identifiable information (PII). This includes financial
information, medical records, social security or ID numbers, names, birthdates, and
contact information.
Data privacy concerns apply to all sensitive information that organizations handle,
including that of customers, shareholders, and employees. Often, this information plays
a vital role in business operations, development, and finances.
Data privacy helps ensure that sensitive data is only accessible to approved parties. It
prevents criminals from being able to maliciously use data and helps ensure that
organizations meet regulatory requirements.

5.1.2 Data Protection:

Data protection is a set of strategies and processes you can use to secure the privacy,
availability, and integrity of your data. It is sometimes also called data security.
A data protection strategy is vital for any organization that collects, handles, or stores
sensitive data. A successful strategy can help prevent data loss, theft, or corruption and
can help minimize damage caused in the event of a breach or disaster.

Data privacy defines who has access to data, while data protection provides tools and
policies to actually restrict access to the data.

5.1.3 Data Protection Principles:

Data protection principles help protect data and make it available under any
circumstances. It covers operational data backup and business continuity/disaster
recovery (BCDR) and involves implementing aspects of data management and data
availability.
Maharashtra State Board of Technical Education P a g e 109 | 151
 Emerging Trends in CO and IT (22618)

Here are key data management aspects relevant to data protection:

● Data availability—ensuring users can access and use the data required to perform
business even when this data is lost or damaged.
● Data lifecycle management—involves automating the transmission of critical data to
offline and online storage.
● Information lifecycle management—involves the valuation, cataloging, and protection
of information assets from various sources, including facility outages and disruptions,
application and user errors, machine failure, and malware and virus attacks.

5.1.4 GDPR:
The GDPR is a legal standard that protects the personal data of European Union (EU)
citizens and affects any organization that stores or processes their personal data, even if
it does not have a business presence in the EU.
Because there are hundreds of millions of European Internet users, the standard affects
almost every company that collects data from customers or prospects over the Internet.
GDPR non-compliance carries severe sanctions, with fines up to 4% of annual revenue
or €20 million.
GDPR legislators aimed to define data privacy as a basic human right, and standardize
the protection of personal data while putting data subjects in control of the use and
retention of their data.

There are two primary roles in the GDPR: the GDPR Data Controller is an entity that
collects or processes personal data for its own purposes, and a GDPR Data
Processor is an entity that holds or processes this type of data on behalf of another
organization.

Finally, the Data Protection Officer is a role appointed by an organization to monitor

how personal data is processed and ensure compliance of the GDPR.

What is personal data according to the GDPR?

“Personal data”, according to the legal definition of the GDPR legislation, is any
information about an identified or identifiable person, known as a data subject.

Personal data includes any information that can be used, alone or in combination with
other information, to identify someone.

This includes: name, address, ID or passport number, financial info, cultural details, IP
addresses, or medical data used by healthcare professionals or institutions.

Other special data you may not process or store: Race or ethnicity, sexual
orientation, religious beliefs, political beliefs of memberships, health data (unless the
explicit concern is granted or there is substantial public interest).

Maharashtra State Board of Technical Education P a g e 110 | 151

 Emerging Trends in CO and IT (22618)

5.1.5 GDPR data privacy rights:

The GDPR aims to protect the following rights of data subjects with respect to their
personal data.
Data subjects have the following basic rights under the GDPR:

● Collecting data from children — requires parental consent until children are between
13-16 years old.
● Data portability and access — data subjects must be able to access their data as stored
by the Data Controller, know-how and why it is being processed, and where it is being
sent.
● Correcting and objecting to data — data subjects should be able to correct incorrect
or incomplete data, and data controllers must notify all data recipients of the change.
They should also be able to object to the use of their data, and Data Controllers must
comply unless they have a legitimate interest that overrides the data subject’s interest.
● Right to erasure — data subjects can ask data controllers to “forget” their personal
data. Organizations may be permitted to retain the data, for example, if they need it to
comply with a legal obligation or if it is in the public interest, for example in the case
of scientific or historical research.
● Automated decision-making — data subjects have the right to know that they were
subject to an automated decision based on their private information, and can request
that the automated decision is reviewed by a person, or contest the automated decision.
● Notification of breaches — if personal data under the responsibility of a data controller
is exposed to unauthorized parties, the controller must notify the Data Protection
Authority in the relevant EU country within 72 hours, and in some cases also needs to
inform individual data subjects.
● Transferring data outside the EU — if personal data is transferred outside the EU,
the data controller should ensure there are equivalent measures to protect the data and
the rights of data subjects.

5.1.6 Data Protection Technologies and Practices to Protect Your Data:

When it comes to protecting your data, there are many storage and management options
you can choose from. Solutions can help you restrict access, monitor activity, and
respond to threats. Here are some of the most commonly used practices and
technologies:

1. Data discovery—a first step in data protection, this involves discovering which
data sets exist in the organization, which of them are business critical and which
contains sensitive data that might be subject to compliance regulations.
2. Data loss prevention (DLP)—a set of strategies and tools that you can use to
prevent data from being stolen, lost, or accidentally deleted. Data loss prevention
solutions often include several tools to protect against and recover from data loss.
3. Storage with built-in data protection—modern storage equipment provides
built-in disk clustering and redundancy.
4. Backup—creates copies of data and stores them separately, making it possible
to restore the data later in case of loss or modification. Backups are a critical
strategy for ensuring business continuity when original data is lost, destroyed, or
damaged, either accidentally or maliciously.
Maharashtra State Board of Technical Education P a g e 111 | 151
 Emerging Trends in CO and IT (22618)

5. Snapshots—a snapshot is similar to a backup, but it is a complete image of a

protected system, including data and system files. A snapshot can be used to
restore an entire system to a specific point in time.
6. Replication—a technique for copying data on an ongoing basis from a protected
system to another location. This provides a living, up-to-date copy of the data,
allowing not only recovery but also immediate failover to the copy if the primary
system goes down.
7. Firewalls—utilities that enable you to monitor and filter network traffic. You
can use firewalls to ensure that only authorized users are allowed to access or
transfer data.
8. Authentication and authorization—controls that help you verify credentials
and assure that user privileges are applied correctly. These measures are typically
used as part of an identity and access management (IAM) solution and in
combination with role-based access controls (RBAC).
9. Encryption—alters data content according to an algorithm that can only be
reversed with the right encryption key. Encryption protects your data from
unauthorized access even if data is stolen by making it unreadable.
10. Endpoint protection—protects gateways to your network, including ports,
routers, and connected devices. Endpoint protection software typically enables
you to monitor your network perimeter and to filter traffic as needed.
11. Data erasure—limits liability by deleting data that is no longer needed. This can
be done after data is processed and analyzed or periodically when data is no
longer relevant. Erasing unnecessary data is a requirement of many compliance
regulations, such as GDPR.
12. Disaster recovery—a set of practices and technologies that determine how an
organization deals with a disaster, such as a cyber attack, natural disaster, or
large-scale equipment failure. The disaster recovery process typically involves
setting up a remote disaster recovery site with copies of protected systems, and
switching operations to those systems in case of disaster.

5.2 Understanding the need to hack your own systems:

To catch a thief, think like a thief. That’s the basis for ethical hacking.
The law of averages works against security. With the increased numbers and
expanding knowledge of hackers combined with the growing number of system
vulnerabilities and other unknowns, the time will come when all computer systems
are hacked or compromised in some way. Protecting your systems from the bad guys
and not just the generic vulnerabilities that everyone knows about is absolutely
critical. When the hacker tricks are known, one can see how vulnerable the systems
are.
Hacking targets on weak security practices and undisclosed vulnerabilities. Firewalls,
encryption, and virtual private networks (VPNs) can create a false feeling of safety.
These security systems often focus on high-level vulnerabilities, such as viruses and
traffic through a firewall, without affecting how hackers work. Attacking your own
systems to discover vulnerabilities is a step to making them more secure.

Maharashtra State Board of Technical Education P a g e 112 | 151

 Emerging Trends in CO and IT (22618)

This is the only proven method of greatly hardening your systems from attack. If
weaknesses are not identified, it’s a matter of time before the vulnerabilities are
exploited.

As hackers expand their knowledge, one should also gain the required knowledge of
it. You must think like them to protect your systems from them. As the ethical hacker,
one must know activities hackers carry out and how to stop their efforts. One should
know what to look for and how to use that information to spoil hackers’ efforts.
One cannot protect the systems from everything. The only protection against
everything is to unplug computer systems and lock them away so no one can touch
them , not even you.
That’s not the best approach to information security. What’s important is to protect
your systems from known vulnerabilities and common hacker attacks. It’s impossible
to support all possible vulnerabilities on all systems. One can’t plan for all possible
attacks, especially the ones that are currently unknown.
However, the more combinations you try — the more you test whole systems instead
of individual units ,the better your chances of discovering vulnerabilities that affect
everything as a whole.
Building the Foundation for Ethical Hacking:
One should not forget about insider threats from malicious employees. One’s overall
goals as an ethical hacker should be as follows:
✔ Hack your systems in a non-destructive fashion.
✔ Enumerate vulnerabilities and, if necessary, prove to upper management that
vulnerabilities exist.
✔ Apply results to remove vulnerabilities and better secure your systems.

5.3 Understanding the dangers your systems face

Systems are generally under fire from hackers around the world. It’s another to
understand specific attacks against your systems that are possible.
There are some well-known attacks. Many information-security vulnerabilities
aren’t critical by themselves. However, exploiting several vulnerabilities at the same
time can take its toll.
For example, a default Windows OS configuration, a weak SQL Server administrator
password, and a server hosted on a wireless network may not be major security
concerns separately. But exploiting all three of these vulnerabilities at the same time
can be a serious issue as:
● Nontechnical attacks
● Network-infrastructure attacks
● Operating-system attacks
● Application and other specialized attacks

Maharashtra State Board of Technical Education P a g e 113 | 151

 Emerging Trends in CO and IT (22618)

5.3.1 Nontechnical attacks:

Exploits that involve manipulating people or end users and even yourself are the
greatest vulnerability within any computer or network infrastructure. Humans are
trusting by nature, which can lead to social-engineering exploits. Social engineering
is defined as the exploitation of the trusting nature of human beings to gain
information for malicious purposes.
Other common and effective attacks against information systems are physical.
Hackers break into buildings, computer rooms, or other areas containing critical
information or property. Physical attacks can include dumpster diving (searching
through trash cans and dumpsters for intellectual property, passwords, network
diagrams, and other information).

5.3.2 Network-infrastructure attacks:

Hacker attacks against network infrastructures can be easy, because many networks
can be reached from anywhere in the world via the Internet.
Here are some examples of network-infrastructure attacks:
✔ Connecting into a network through a rogue modem attached to a computer
behind a firewall
✔ Exploiting weaknesses in network transport mechanisms, such as TCP/IP and
NetBIOS.
✔ Flooding a network with too many requests, creating a Denial of Service (DoS)
for legitimate requests
✔ Installing a network analyzer on a network and capturing every packet that
travels across it, revealing confidential information in clear text
✔ Piggybacking onto a network through an insecure wireless configuration.

5.3.3 Operating-system attacks Hacking

Operating Systems (OSs) is a preferred method of the bad guys(hackers). Operating
systems comprise a large portion of hacker attacks simply because every computer
has one and so many well-known exploits can be used against them.
Occasionally, some operating systems that are more secure out of the box, such as
Novell NetWare and the flavor’s of BSD UNIX are attacked, and vulnerabilities turn
up.
But hackers prefer attacking operating systems like Windows and Linux because they
are widely used and better known for their vulnerabilities.
Here are some examples of attacks on operating systems:
✔ Exploiting specific protocol implementations
✔ Attacking built-in authentication systems
✔ Breaking file-system security
✔ Cracking passwords and encryption mechanisms

5.3.4 Application and other specialized attacks:

Maharashtra State Board of Technical Education P a g e 114 | 151
 Emerging Trends in CO and IT (22618)

Applications take a lot of hits by hackers. Programs such as e-mail server

software and Web applications often are beaten down:
✔ Hypertext Transfer Protocol (HTTP) and Simple Mail Transfer Protocol
(SMTP) applications are frequently attacked because most firewalls and other
security mechanisms are configured to allow full access to these programs
from the Internet.
✔ Malicious software (malware) includes viruses, worms, Trojan horses, and
spyware. Malware clogs networks and takes down systems.
✔ Spam (junk e-mail) is wreaking havoc on system availability and storage
space. And it can carry malware. Ethical hacking helps reveal such attacks
against computer systems.
5.4 Obeying the Ethical Hacking Commandments:
Every ethical hacker must abide by a few basic commandments. If not, bad things
can happen.
5.4.1 Working ethically:
The word ethical in this context can be defined as working with high professional
morals and principles. While performing ethical hacking tests against own systems or
for someone who has hired for, everything one need to do as an ethical hacker must
be above board and must support the company’s goals. No hidden agendas are
allowed. Trustworthiness is the ultimate principle. The misuse of information is
absolutely forbidden. That’s what the bad guys or hackers do.

5.4.2 Respecting privacy:

Treat the information gathered with the greatest respect. All information obtained
during testing from Web-application log files to clear-text passwords must be kept
private. This information shall not be used to watch into confidential corporate
information or private lives. If you sense or feel that someone should know there’s a
problem, consider sharing that information with the appropriate manager.
Involve others in process. This is a “watch the watcher” system that can build trust
and support ethical hacking projects.

5.4.3 Not crashing your systems:

One of the biggest mistakes seen when people try to hack their own systems is
inadvertently crashing their systems. The main reason for this is poor planning. These
testers have not read the documentation or misunderstand the usage and power of the
security tools and techniques.
DoS-Denial of Service conditions on the systems are easily created when testing.
Running too many tests too quickly on a system causes many system lockups. Things
should not be rushed and assumed that a network or specific host can handle the
beating that network scanners and vulnerability assessment tools can be useless.
Many security-assessment tools can control how many tests are performed on a
system at the same time. These tools are especially handy if one needs to run the tests

Maharashtra State Board of Technical Education P a g e 115 | 151

 Emerging Trends in CO and IT (22618)

on production systems during regular business hours. One can even create an account
or system lockout condition by social engineering, changing a password, not realizing
that doing so might create a system lockout condition.

5.5 The Ethical Hacking Process:

Like practically any IT or security project, ethical hacking needs to be planned in
advance. Strategic and tactical issues in the ethical hacking process should be
determined and agreed upon. Planning is important for any amount of testing from a
simple password-cracking test to an all-out penetration test on a Web application.

5.5.1 Formulating your plan:

Approval for ethical hacking is essential. What is being done should be known and
visible at least to the decision makers. Obtaining sponsorship of the project is the first
step. This could be the manager, an executive, a customer, or even the boss. Someone
is needed to back up and sign off on the plan. Otherwise, testing may be called off
unexpectedly if someone claims they never authorized one to perform the tests.
The authorization can be as simple as an internal memo from the senior-most person
or boss if one is performing these tests on own systems. If the testing is for a customer,
one should have a signed contract in place, stating the customer’s support and
authorization. Get written approval on this sponsorship as soon as possible to ensure
that none of the time or effort is wasted. This documentation works as a proof as what
one is doing when someone asks or demands.
A detailed plan is needed, but that doesn’t mean that it needs volumes of testing
procedures. One slip can crash your systems.

A well-defined scope includes the following information:

✔ Specific systems to be tested
✔ Risks that are involved
✔ When the tests are performed and your overall timeline
✔ How the tests are performed
✔ How much knowledge of the systems you have before you start testing
✔ What is done when a major vulnerability is discovered
✔ The specific deliverables — this includes security-assessment reports and a
higher-level report outlining the general vulnerabilities to be addressed, along
with countermeasures that should be implemented.
✔ When selecting systems to test, start with the most critical or vulnerable
systems. For instance, one can test computer passwords or attempt social
engineering attacks before drilling down into more detailed systems.
What if one is assessing the firewall or Web application, and one takes it
down? This can cause system unavailability, which can reduce system
performance or employee productivity. Even worse, it could cause loss of data
integrity, loss of data, and bad publicity.

Maharashtra State Board of Technical Education P a g e 116 | 151

 Emerging Trends in CO and IT (22618)

Handle social-engineering and denial-of-service attacks carefully. Determine

how they can affect the systems you’re testing and entire organization.
Determining when the tests are performed is something that one must think
long and hard about. Do the tester test during normal business hours? How
about late at night or early in the morning so that production systems aren’t
affected? Involve others to make sure they approve tester’s timing.
The best approach is an unlimited attack, wherein any type of test is possible.
The hackers aren’t hacking the systems within a limited scope. Some
exceptions to this approach are performing DoS, social engineering, and
physical-security tests.

One should not stop with one security hole. This can lead to a false sense of
security. One should keep going to see what else he/she can discover. It’s not
like to keep hacking until the end of time or until one crash all his/ her systems.
Simply pursue the path he/she is going down until he//she can’t hack it any
longer.
One of the goals may be to perform the tests without being detected.
For example, one may be performing his/her tests on remote systems or on a
remote office, and he/she doesn’t want the users to be aware of what they are
doing. Otherwise, the users may be on to him/her and be on their best
behaviour.
Extensive knowledge of the systems is not needed for testing . Just a basic
understanding is required to protect the tested systems.
Understanding the systems which are being tested shouldn’t be difficult if one
is hacking his/her own in-house systems. If hacking a customer’s systems, one
may have to dig deeper. In fact, Most people are scared of these assessments.
Base the type of test one will perform on his/her organization’s or customer’s
needs.

5.5.2 Selecting tools:

If one don’t have the right tools for ethical hacking, to accomplish the task is
effectively difficult. just using the right tools doesn’t mean that all
vulnerabilities will be discovered.
Know the personal and technical limitations.
Many security-assessment tools generate false positives and negatives
(incorrectly identifying vulnerabilities). Some tools may miss vulnerabilities.
Many tools focus on specific tests, but no one tool can test for everything. This
is why a set of specific tools are required that can call on for the task at hand.
The more are the tools , the easier ethical hacking efforts are.
Make sure the right tool is being used for the task :
● To crack passwords, one needs a cracking tool such as LC4, John the Ripper,
or pwdump.

Maharashtra State Board of Technical Education P a g e 117 | 151

 Emerging Trends in CO and IT (22618)

A general port scanner, such as SuperScan, may not crack passwords.

● For an in-depth analysis of a Web application, a Web-application assessment
tool (such as Whisker or WebInspect) is more appropriate than a network
analyzer (such as Ethereal).
When selecting the right security tool for the task, ask around. Get advice from
the colleagues and from other people online. A simple Groups search on
Google (www.google.com) or perusal of security portals, such as
SecurityFocus.com, SearchSecurity.com, and ITsecurity.com, often produces
great feedback from other security experts.
Some of the widely used commercial, freeware, and open-source security
tools:
● Nmap
● EtherPeek
● SuperScan
● QualysGuard
● WebInspect
● LC4 (formerly called L0phtcrack)
● LANguard Network Security Scanner
● Network Stumbler
● ToneLoc
Here are some other popular tools:
● Internet Scanner
● Ethereal
● Nessus
● Nikto
● Kismet
● THC-Scan
The capabilities of many security and hacking tools are often misunderstood.
This misunderstanding has shed negative light on some excellent tools, such
as SATAN (Security Administrator Tool for Analysing Networks) and Nmap
(Network mapper).
Some of these tools are complex. Whichever tools are being used, one should
be familiarized with them before starting to use them.

Here are ways to do that:

✔ Read the readme and/or online help files for tools.
✔ Study the user’s guide for commercial tools.
✔ Consider formal classroom training from the security-tool vendor or
another third-party training provider, if available.
✔ One should Look for these characteristics in tools for ethical hacking:
✔ Adequate documentation.

Maharashtra State Board of Technical Education P a g e 118 | 151

 Emerging Trends in CO and IT (22618)

✔ Detailed reports on the discovered vulnerabilities, including how they

may be exploited and fixed.
✔ Updates and support when needed.
✔ High-level reports that can be presented to managers or non-techie
types.
✔ These features can save time and effort when writing the report.
5.5.3 Executing the plan:
Ethical hacking can take persistence. Time and patience are important. One
should be careful when performing ethical hacking tests. A hacker in network
or a seemingly gentle employee looking over one’s shoulder may watch what’s
going on. This person could use this information against tester.
It’s not practical to make sure that no hackers are on one’s systems before
starting. Just one has to make sure to keep everything as quiet and private as
possible. This is especially critical when transmitting and storing own test
results. If possible, one should encrypt these e-mails and files using Pretty
Good Privacy (PGP) or something similar. At a minimum, password-protect
them.
In an investigation mission, attach as much information as possible about the
organization and systems, which is what malicious hackers do.
Start with a broad view and narrow down the focus:
1. Search the Internet for own organization’s name, computer and network
system names, and the IP addresses.
Google is a great place to start for this.
2. Narrow the scope, targeting the specific systems to be tested or being
tested.
Whether physical-security structures or Web applications, a casual
assessment can turn up much information about the systems.
3. Further narrow down focus with a more critical eye. Perform actual scans
and
other detailed tests on the systems.
4. Perform the attacks, if that’s what one choose to do.
5.5.4 Evaluating results:
Assess the results to see what has been uncovered, assuming that the
vulnerabilities haven’t been made obvious before now. This is where
knowledge counts. Evaluating the results and correlating the specific
vulnerabilities discovered is a skill that gets better with experience. One will
end up knowing his/her own systems as well as anyone else. This makes the
evaluation process much simpler moving forward.
Submit a formal report to upper management or to the customer, outlining
results. Keep these other parties in the loop to show that efforts and their money
are well spent.
Maharashtra State Board of Technical Education P a g e 119 | 151
 Emerging Trends in CO and IT (22618)

5.5.5 Moving on:

When finished with ethical hacking tests, one still need to implement his/her
analysis and recommendations to make sure that the systems are secure.
New security vulnerabilities continually appear. Information systems
constantly change and become more complex. New hacker exploits and
security vulnerabilities are regularly uncovered. Security tests are a snapshot
of the security posture of the systems.
At any time, everything can change, especially after software upgrades, adding
computer systems, or applying patches. Plan to test regularly (for example,
once a week or once a month).

5.6 Cyber Security act:

Cyber law Act 2000:
The Act provides a legal framework for electronic governance by giving recognition
to electronic records and digital signatures. It also defines cyber crimes and prescribes
penalties for them. The Act directed the formation of a Controller of Certifying
Authorities to regulate the issuance of digital signatures.

Amendments:

A major amendment was made in 2008. It introduced Section 66A which penalized
sending "offensive messages". It also introduced Section 69, which gave authorities the
power of "interception or monitoring or decryption of any information through any
computer resource". Additionally, it introduced provisions addressing
- pornography, child porn, cyber terrorism and voyeurism. The amendment was passed
on 22 December 2008 without any debate in Lok Sabha. The next day it was passed by
the Rajya Sabha. It was signed into law by President Pratibha Patil, on 5 February 2009.
Offences:
List of offences and the corresponding penalties

Section Offence Penalty

Tampering with computer source Imprisonment up to three years,
65
documents or/and with fine up to ₹200,000
Imprisonment up to three years,
66 Hacking with computer system
or/and with fine up to ₹500,000
Receiving stolen computer or Imprisonment up to three years,
66B
communication device or/and with fine up to ₹100,000
Imprisonment up to three years,
66C Using password of another person
or/and with fine up to ₹100,000
Maharashtra State Board of Technical Education P a g e 120 | 151
 Emerging Trends in CO and IT (22618)

Imprisonment up to three years,

66D Cheating using computer resource
or/and with fine up to ₹100,000
Imprisonment up to three years,
66E Publishing private images of others
or/and with fine up to ₹200,000
66F Acts of cyberterrorism Imprisonment up to life.
Publishing information which Imprisonment up to five years,
67
is obscene in electronic form. or/and with fine up to ₹1,000,000
Publishing images containing sexual Imprisonment up to seven years,
67A
acts or/and with fine up to ₹1,000,000
Imprisonment up to three years,
67C Failure to maintain records
or/and with fine.
Imprisonment up to 2 years, or/and
68 Failure/refusal to comply with orders
with fine up to ₹100,000
Imprisonment up to seven years and
69 Failure/refusal to decrypt data
possible fine.
Securing access or attempting to secure Imprisonment up to ten years, or/and
70
access to a protected system with fine.
Imprisonment up to 2 years, or/and
71 Misrepresentation
with fine up to ₹100,000
Imprisonment up to 2 years, or/and
72 Breach of confidentiality and privacy
with fine up to ₹100,000
Disclosure of information in breach of Imprisonment up to 3 years, or/and
72A
lawful contract with fine up to ₹500,000
Publishing electronic signature Imprisonment up to 2 years, or/and
73
certificate false in certain particulars with fine up to ₹100,000
Imprisonment up to 2 years, or/and
74 Publication for fraudulent purpose
with fine up to ₹100,000

References
● https://www.dynamicchiropractic.com/mpacms/dc/article.php?id=18078)
● Hacking For Dummies, 5th Edition By Kevin Beaver
● http://cdn.ttgtmedia.com/searchNetworking/downloads/hacking_for_dummie
s
● http://wiki.cas.mcmaster.ca/index.php/Ethical_Hacking
● https://www.dummies.com/programming/networking/what-is-a-malicious-
user/
● https://www.guru99.com/what-is-hacking-an-introduction.html#2
● http://cdn.ttgtmedia.com/searchNetworking/downloads/hacking_for_dummie
s.pdf
● 2600 — The Hacker Quarterly magazine (www.2600.com)
● (IN)SECURE Magazine (www.net-security.org/insecuremag.php)

Maharashtra State Board of Technical Education P a g e 121 | 151