A Practical Guide to SharePoint 2013

A Practical Guide to SharePoint 2013
A Practical Guide to SharePoint 2013 - Book by Saifullah Shafiq

Wednesday, February 8, 2023

Ethical Hacking

With the escalation of global conflict, a number of subversive minded groups and individuals have emerged, threatening the national security systems of countries by funding and backing cyberpunks. Organizations are intimidated by these hackers too, who try their utmost to access and extort their data by means of malware. All the organizations, government/intelligence agencies, and national defense councils have to put in effort because viruses, malware and worms are active and making their way to their systems. To nip them from gaining access to networks they must work on new strategies, update their technologies and introduce hack preventing tactics. 

What is Ethical Hacking?

Ethical hacking is the lawful way of gaining an authorized access into the network or systems by penetrating into it. It is mainly done to improve and safeguard network security and shield against potential threats. During the process of intrusion, ethical hackers look for the weak points, identify threats from the system and later fix the vulnerabilities. All this is essential because if malicious attackers gain access to your network, it can result in data loss, sabotage the organization or institution and even result in financial losses.

Furthermore, there are few rules that ethical hackers must follow while performing their duties:

1.     Follow legal requirements: Before doing the security assessment, they must take prior approval from the relevant department of the organization.

2.     Determine the scope: They must give a detail account of the scope of assessment they will conduct so that everyone knows the parameters within which the ethical hacking is being performed. This will make sure that the work is done legally and with their approval.

3.     Inform about the vulnerabilities: After analyzing and determining the vulnerability, ethical hackers must keep the organization in the loop by reporting them about the vulnerabilities that they found out. Also, propose and give recommendations as to what corrective actions can be taken to resolve and deal with those vulnerabilities.

4.     Keep data confidential: There are certain agreements to which ethical hackers must abide. They should accept all the terms and conditions since data is sensitive and must not be disclosed. 

     There are some skills that certified ethical hackers should possess which include: 

       1. In-depth knowledge of information security

       2. Strong grasp over scripting language

       3. Network proficiency

       4. Competency in terms of operating systems

Other than that, there are many benefits of ethical hacking, the main ones include:

1.     Helps to combat attacks from cyber terrorists so that data cannot be misused, breached or stolen.

2.     Preventative action can be taken after finding the weak points and detecting the vulnerabilities from hackers POV

3.     Shields national security from external and internal threats or terrorists.

4.     Enhances the company's image in the eyes of customers and investors when company protects their personal data and provides them product security.

Now let’s move on to the different phases of ethical hacking that saves companies from attacker’s exploitation and falling in their trap.

1.     Reconnaissance: This is the first stage where all the information is gathered, prior to the launch of an attack. This information is mainly related to the target e.g. their password or job profile etc. Tools such as Maltego and Nmap are used to scan individual's network or to search about them.

2.     Scanning: In this stage the hackers try to access and gain the information of that target individual through different means such as exploring and searching for their IP addresses, essential records, accounts or credentials. To quickly go through their data, tools including sweeper, dialers, network mappers and even vulnerability scanners are used.

3.     Gaining access: Third step is about using means to get access to the person or organization's application, network or system. Attackers might install soft wares, applications or tools to exploit and steal sensitive data by getting access to the systems. Metasploit is one such tool. Certified ethical hackers will make sure that such vulnerable parts of the systems are protected by passwords and they use firewall to protect network infrastructure. They even check who are the gullible employees (can easily be targeted by hackers) by sending them fake emails.

4.     Maintaining Access: Once the hackers hijack the system, he continues to make DDOS attacks to gain access to the whole data base until they are fully successful in their malicious actions. The target in most cases doesn’t know about these activities. Penetration testers get to the depth of the system to find the susceptible areas by scanning the infrastructure of that company.

5.     Covering Tracks: Attackers try their best not to leave any traces behind. Thus, they remove and clear each and every clue and evidence through which they can be caught. Ethical hackers have to keep connections within the system. They use ICMP tunnels and HTTP Shells etc. In order to remove digital footprints, they delete all logs, history and cache so that they cannot be identified or traced back.

Businesses and nations must remain watchful at all times, since attackers are keeping an eye on their sensitive data. A strong ethical hacking system is mandatory in these times where everything is achievable through technology.


No comments:

Post a Comment