Encryption - An Introduction

Encryption powers the modern internet. Without the ability to exchange data packets privately and securely, e-commerce would not exist, and users wouldn’t be able to safely authenticate themselves to internet sites. The HyperText Transfer Protocol Secure is the most widely used form of encryption on the web. Web servers and web browsers universally support HTTPS, so the developer can divert all traffic to that protocol and guarantee secure communication for their users. A web developer who wants to use HTTPS on their site needs only to obtain a certificate from a certificate authority and install it with their hosting provider. The ease with which you can get started using encryption belies the complexity of what is happening when a website and user agent interact over HTTPS. Modern cryptography—the study of methods of encrypting and decrypting data—depends on techniques developed and actively researched by mathematicians and security professionals. Thankfully, the abstracted layers of the Internet Protocol mean you don’t need to know linear algebra or number theory to use their discoveries. But the more you understand about the underlying algorithms, the more you will be able to preempt potential risks.

Encryption in the Internet Protocol

Recall that messages sent over the internet are split into data packets and directed toward their eventual destination via the Transmission Control Protocol (TCP). The recipient computer assembles these TCP packets back into the original message. TCP doesn’t dictate how the data being sent is meant to be interpreted. For that to happen, both computers need to agree on how to interpret the data being sent, using a higher-level protocol such as HTTP. TCP also does nothing to disguise the content of the packets being sent. Unsecured TCP conversations are vulnerable to man-in-themiddle attacks, whereby malicious third parties intercept and read the packets as they are transmitted. To avoid this, HTTP conversations between a browser and a web server are secured by Transport Layer Security (TLS), a method of encryption that provides both privacy (by ensuring data packets can’t be deciphered by a third party) and data integrity (by ensuring that any attempt to tamper with the packets in transit will be detectable). HTTP conversations conducted using TLS are called HTTP Secure (HTTPS) conversations. When your web browser connects to an HTTPS website, the browser and web server negotiate which encryption algorithms to use as part of the TLS handshake—the exchange of data packets that occurs when a TLS conversation is initiated. To make sense of what happens during the TLS handshake, we need to take a brief detour into the various types of encryption algorithms. Time for some light mathematics!

 

Encryption Algorithms, Hashing, and Message Authentication Codes

An encryption algorithm takes input data and scrambles it by using an encryption key—a secret shared between two parties wishing to initiate secure communication. The scrambled output is indecipherable to anyone without a decryption key—the corresponding key required to unscramble the data. The input data and keys are typically encoded as binary data, though the keys may be expressed as strings of text for readability. Many encryption algorithms exist, and more continue to be invented by mathematicians and security researchers. They can be classified into a few categories: symmetric and asymmetric encryption algorithms (for ciphering data), hash functions (for fingerprinting data and building other cryptographic algorithms), and message authentication codes (for ensuring data integrity).

 

Symmetric Encryption Algorithms

 A symmetric encryption algorithm uses the same key to encrypt and decrypt data. Symmetric encryption algorithms usually operate as block ciphers: they break the input data into fixed-size blocks that can be individually encrypted. (If the last block of input data is undersized, it will be padded to fill out the block size.) This makes them suitable for processing streams of data, including TCP data packets. Symmetric algorithms are designed for speed but have one major security flaw: the decryption key must be given to the receiving party before they decrypt the data stream. If the decryption key is shared over the internet, potential attackers will have an opportunity to steal the key, which allows them to decrypt any further messages. Not good.

Asymmetric Encryption

Algorithms In response to the threat of decryption keys being stolen, asymmetric encryption algorithms were developed. Asymmetric algorithms use different keys to encrypt and decrypt data. An asymmetric algorithm allows a piece of software such as a web server to publish its encryption key freely, while keeping its decryption key a secret. Any user agent looking to send secure messages to the server can encrypt those messages by using the server’s encryption key, secure in the knowledge that nobody (not even themselves!) will be able to decipher the data being sent, because the decryption key is kept secret. This is sometimes described as public-key cryptography: the encryption key (the public key) can be published; only the decryption key (the private key) needs to be kept secret.

Hash Functions

Related to encryption algorithms are cryptographic hash functions, which can be thought of as encryption algorithms whose output cannot be decrypted. Hash functions also have a couple of other interesting properties: the output of the algorithm (the hashed value) is always a fixed size, regardless of the size of input data; and the chances of getting the same output value, given different input values, is astronomically small. Why on earth would you want to encrypt data you couldn’t subsequently decrypt? Well, it’s a neat way to generate a “fingerprint” for input data. If you need to check that two separate inputs are the same but don’t want to store the raw input values for security reasons, you can verify that both inputs produce the same hashed value.

Message Authentication Codes

Message authentication code (MAC) algorithms are similar to (and generally built on top of) cryptographic hash functions, in that they map input data of an arbitrary length to a unique, fixed-sized output. This output is itself called a message authentication code. MAC algorithms are more specialized than hash functions, however, because recalculating a MAC requires a secret key. This means that only the parties in possession of the secret key can generate or check the validity of message authentication codes. MAC algorithms are used to ensure that the data packets transmitted on the internet cannot be forged or tampered with by an attacker. To use a MAC algorithm, the sending and receiving computers exchange a shared, secret key—usually as part of the TLS handshake. (The secret key will itself be encrypted before it is sent, to avoid the risk of it being stolen.) From that point onward, the sender will generate a MAC for each data packet being sent and attach the MAC to the packet. Because the recipient computer has the same key, it can recalculate the MAC from the message. If the calculated MAC differs from the value attached to the packet, this is evidence that the packet has been tampered with or corrupted in some form, or it was not sent by the original computer. Hence, the recipient rejects the data packet.

The TLS Handshake TLS uses a combination of cryptographic algorithms to efficiently and safely pass information. For speed, most data packets passed over TLS will be encrypted using a symmetric encryption algorithm commonly referred to as the block cipher, since it encrypts “blocks” of streaming information. Recall that symmetric encryption algorithms are vulnerable to having their encryption keys stolen by malicious users eavesdropping on the conversation. To safely pass the encryption/decryption key for the block cipher, TLS will encrypt the key by using an asymmetric algorithm before passing it to the recipient. Finally, data packets passed using TLS will be tagged using a message authentication code, to detect if any data has been tampered with. At the start of a TLS conversation, the browser and website perform a TLS handshake to determine how they should communicate. In the first stage of the handshake, the browser will list multiple cipher suites that it supports. Let’s drill down on what this means

Cipher Suites

A cipher suite is a set of algorithms used to secure communication. Under the TLS standard, a cipher suite consists of three separate algorithms. The first algorithm, the key-exchange algorithm, is an asymmetric encryption algorithm. This is used by communicating computers to exchange secret keys for the second encryption algorithm: the symmetric block cipher designed for encrypting the content of TCP packets. Finally, the cipher suite specifies a MAC algorithm for authenticating the encrypted messages. Let’s make this more concrete. A modern web browser such as Google Chrome that supports TLS 1.3 offers numerous cipher suites. At the time of writing, one of these suites goes by the catchy name of ECDHE-ECDSAAES128-GCM-SHA256. This particular cipher suite includes ECDHE-RSA as the key-exchange algorithm, AES-128-GCM as the block cipher, and SHA-256 as the message authentication algorithm. Want some more, entirely unnecessary, detail? Well, ECDHE stands for Elliptic Curve Diffie–Hellman Exchange (a modern method of establishing a shared secret over an insecure channel). RSA stands for the Rivest–Shamir– Adleman algorithm (the first practical asymmetric encryption algorithm, invented by three mathematicians in the 1970s after drinking a lot of Passover wine). AES stands for the Advanced Encryption Standard (an algorithm invented by two Belgian cryptographers and selected by the National Institute of Standards and Technology through a three-year review process). This particular variant uses a 128-bit key in Galois/Counter Mode, which is specified by GCM in the name. Finally, SHA-256 stands for the Secure Hash Algorithm (a hash function with a 256-bit word size)

Session Initiation

 Let’s continue where we left off. In the second stage of the TLS handshake, the web server selects the most secure cipher suite it can support and then instructs the browser to use those algorithms for communication. At the same time, the server passes back a digital certificate, containing the server name, the trusted certificate authority that will vouch for the authenticity of the certificate, and the web server’s encryption key to be used in the keyexchange algorithm. Once the browser verifies the authenticity of the certificate, the two computers generate a session key that will be used to encrypt the TLS conversation with the chosen block cipher. (Note that this session key is different from the HTTP session identifier discussed in previous chapters. TLS handshakes occur at a lower level of the Internet Protocol than the HTTP conversation, which has not begun yet.) The session key is a large random number generated by the browser, encrypted with the (public) encryption key attached to the digital certificate using the key-exchange algorithm, and transmitted to the server.

 

Enabling HTTPS

 

Securing traffic for your website is a lot easier than understanding the underlying encryption algorithms. Most modern web browsers are selfupdating; the development teams for each major browser will be on the cutting edge of supporting modern TLS standards. The latest version of your web server software will support similarly modern TLS algorithms. That means that the only responsibility left to you as a developer is to obtain a digital certificate and install it on your web server. Let’s discuss how to do that and illuminate why certificates are necessary.

Digital Certificates

A digital certificate (also known as a public-key certificate) is an electronic document used to prove ownership of a public encryption key. Digital certificates are used in TLS to associate encryption keys with internet domains (such as example.com). They are issued by certificate authorities, which act as a trusted third party between a browser and a website, vouching that a given encryption key should be used to encrypt data being sent to the website’s domain. Browser software will trust a few hundred certificate authorities— for example, Comodo, DigiCert, and, more recently, the nonprofit Let’s Encrypt.

Read More

Cyber Security And Finance - An Introduction

 

The relationship between cyber security and the economy has only been growing stronger, with cyber attacks on the rise. Cyber attacks have brought a new recognition of the importance of cyber security efforts. Attacks have now become widespread, common, and expected in some firms. New attacks are emerging within weeks due to an underground economy that has seen specialists create built-to-sell malware to a waiting list of cyber criminals. The impacts of cyber attacks have been felt and there are reports that these attacks are only going to get worse. The current and forecasted impacts are a devastation to the global economy. Here, we will introduce cyber security and link it to cyber attacks and the global economy.

What is cyber security – a brief technical description

 Cyber security can be summarized as efforts aimed at preserving the confidentiality, integrity, and availability of computing systems. It's the practice of affording security to networks and systems to protect them from cyber attacks.

Cyber attacks have been on the rise and are targeted at accessing, modifying, or deleting data, money extortion, and the interruption of normal services. Cyber security is of great concern to today's businesses since there has been a high adoption of information technology to achieve efficiency and effectiveness in business operations. The current business environment is such that there are many devices, systems, networks, and users. All these are targeted by cyber criminals, and multiple techniques have been devised and used against them. Cyber attacks are only becoming more effective and sophisticated. Therefore, cyber security is becoming a survival mechanism rather than a luxury for many businesses. Cyber security has multiple layers, which cover devices, networks, systems, and users. These layers are intended to ensure that these targets are not compromised by attackers. In organizations, these layers can be compressed into three categories: people, processes, and technology.

 

People

This is the category that includes users. Users are known to be particularly weak in the cybersecurity chain. Unfortunately, cyber criminals are aware of this and often target them rather than systems during attacks. Users are the culprits in creating weak passwords, downloading attachments in strange emails, and easily falling for scams.

 

Processes

 

 This category encompasses all the processes used by the organization. These can include business processes, such as the supply chain, that could be exploited by attackers to get malware inside companies. Supply chains are, at times, targeted in organizations that are well secured against other methods of being attacked.

 

Technology

Technology relates to both the devices and software used by an organization. Technology has been a prime target for cyber criminals and they have developed many techniques to compromise it. While security companies try to keep abreast of the threats facing technology today, it seems that cyber criminals have always had the upper hand. Cyber criminals can source new types of malware from underground markets and use them in multiple attacks against different technologies.

 

The scope of cyber  security

 The importance of cyber security can't be overstated. The world is in a state of interconnection, and therefore an attack on one host or user can easily become an attack against many people. Cyber attacks can range from the theft of personal information to extortion attempts for individual targets. For companies, many things are always at stake. There is, therefore, a broad scope of what cyber security covers for both individuals and corporate organizations

 

Critical infrastructure security

Critical infrastructure is systems that are relied on by many. These include electricity grids, traffic lights, water supply systems, and even hospitals. Inevitably, these infrastructures are being digitized to meet current demands. This inadvertently makes them a target for cyber criminals. It is, therefore, necessary for critical systems to have periodic vulnerability assessments so that attacks that can be used against them can be mitigated beforehand. There have been several attacks on critical infrastructures in different countries. Commonly-targeted sectors include transport, telecom, energy, and the industrial sector. The most significant one was on Iran's nuclear facility. The facility was targeted using a speculated state-sponsored malware called Stuxnet. Stuxnet caused the total destruction of the nuclear facility. This just highlights the effect of cyber attacks against critical infrastructure.

 

Importance of cyber security and its impacts on the global economy

 Cyber security has of vital importance today ever since the world was networked. Many processes in organizations are enabled by interlinked technologies. However, the penetration of technology into normal lives and organizational processes has introduced people to cyber threats. With every improvement in technology, the threat of cyber attacks increases. New technology, such as IoT, have met the harsh reality of cybercrime. However, current cyber security efforts ensure that the use of technology is not hindered by cyber criminals. There are several reasons why organizations and individuals are emphasizing cyber security; they are outlined here.

 

The number of cyber attacks is growing

With the rapid development of technology, the number of cyber attacks has been growing exponentially. Cyber security reports show that, each year, there is a rise in the number of threats that have been detected for the first time. There are specialists in underground markets that have focused on creating new types of malware that they sell to hackers. Cyber criminals are spending long hours doing background research on individuals and organizations to find weaknesses that they can target. Social engineers are perfecting their manipulation tactics to help them net more victims. At the same time, users have not significantly improved or taken individual responsibility for their own security or that of the companies they work for. The only hope in securing individuals' data, money, and systems lies in enhancing cyber security.

Cyber attacks are getting worse

Cyber crime has evolved from what it used to be. The aftermath of a cyber attack today is often devastating, as can be seen from the companies that have fallen prey to cyber criminals. Yahoo lost its value after it was confirmed that cyber criminals had penetrated its systems and stolen the data of 3,000,000,000 users. Ubiquiti Networks lost over $40,000,000 to cyber criminals that executed a social-engineering attack on its employees. Many other top companies have lost sensitive data to hackers. Individuals are not spared either. The WannaCry ransomware indiscriminately encrypted individuals' and organization' computers in over 150 countries. In general, cybercrime is getting worse. More money is involved, and huge chunks of sensitive data are being stolen. The targets are not limited to small organizations, since big companies, such as Uber and Yahoo, have already fallen victim. Cyber security is therefore essential for organizations and individuals.

 

Impacts on the global economy

The economic implications of cyber attacks are being felt on a global scale. Organizations are losing billions of dollars to attacks every year. Forbes has estimated that with the current pattern, cyber crime will cost the globe $2,000,000,000,000,000,000 in 2019. In 2015, this number was only at $400,000,000. Prior to the estimate from 2015, early estimates done in 2013 reported that cyber crime only costs $100,000,000 globally. As can be seen, the pattern has been such that the cost keeps growing. The World Economic Forum has taken note of this, and with concern. It has warned that the figures could be higher since a large percentage of cyber crime goes undetected. It has identified industrial espionage as one crime where many victims don't even know that they're victims.

Estimation of financial losses related to cyber crime

The financial losses related to cyber crime are incomparable to the cost of cyber security. While cyber security costs remain almost constant, cyber crime costs increase every year. In 2017, it was estimated that annual breaches had increased by 27.4%.

 

The time it takes to resolve a cyber attack is becoming longer than ever. It now takes an average of 23 days to recover from a ransomware attack. Insider threat attacks take up to 50 days to recover from. DDoS attacks take only a few days to recover from, but by then a lot of damage will have been done. In general, the attack duration has increased and that adds to the effects on the victims. The financial consequences can only go higher with more exposure time to an attacker. Globally, the US has witnessed the highest average cost of cyber attacks. The country's average has been higher than the global average since 2017, when it was estimated at $21,000,000. This estimate has grown from $17,000,000 in 2016. The second country in the ranking of those with the highest cost of cyber crime is Germany; it jumped from $7,800,000 in 2016 to $11,500,000 in 2017. Japan is third, with an estimated cyber crime cost of $10,000,000. The UK, France, and Italy follow with estimates of $8,000,000, $7,900,000, and $6,300,000, respectively.

 

Finance and cyber security

There is a strong relationship between finance and cyber security. Finance can be viewed in two perspectives in line with cyber security. Finance is used to procure cyber security products that can be used to prevent cyber crime. Finance is also a direct victim of cyber attacks. Therefore, it continues to be linked to cyber security. There have been attacks targeted specifically at the finance departments in organizations. Other than this, Chief Finance Officers (CFOs) are having to work closely with Chief Information Security Officers (CISOs) in organizations to ensure that they adequately fund their cyber security endeavors. Today, the links between finance and IT are closer than ever.

 

Critical dependency of business, processes, and IT infrastructure

 Today, business is run through computer systems that coordinate processes from different business lines, while making the individual processes more efficient and effective. For instance, in a production company, the supplies department has to be linked with the production department, which then has to be linked with the sales department. This type of chain will ensure that the supply department has already procured input before the production department depletes the ones it has. The production department will control its output depending on the sales such that there is no over-production. To ensure that these three departments continue to operate smoothly, the organization might acquire enterprise resource planning (ERP) systems that will be integrated. The ERPs will ensure that the supplies department automatically gets notified when the production department needs more input. The production department will get actual and forecasted sales to ensure that it doesn't overproduce products that may go to waste. The ERP solution will be the backbone of all this coordination between departments.

Economic loss

As a consequence of the increasing cost of cyber crime, there has been a resultant loss in global and local economies. Based on estimates from McAfee, it is expected that 2018 will see 0.8% of the global economy gross domestic product being lost to cyber crime. This is estimated at $600,000,000,000. Estimates for 2019 show that the economic loss will hit the trillion-dollar mark. This shows that the economic impact of cyber crime is only getting worse. In 2014, the estimated loss was at 0.7% of the global economy. The US has seen a relatively constant increase in the number of cyber crimes reported. Europe, however, has seen the highest rise in cyber crime. It might appear that cyber criminals were once not particularly focused outside the US market. With time, there has been an influx of hacking activity, and the hacks have sporadically grown in the previously-unexplored Europe region. Also, since the US has seen consistent cyber crime, organizations have been preparing themselves for the attacks. Europe is now facing the highest economic loss to cyber crime. An estimated 0.84% of its regional gross domestic product has been lost to cyber crime. In the US, the percentage is at 0.78%

Read More

Session Hijacking - An Introduction

 

When a website successfully authenticates a user, the browser and the server open a session. A session is an HTTP conversation in which the browser sends a series of HTTP requests corresponding to user actions, and the web server recognizes them as coming from the same authenticated user without requiring the user to log back in for each request. If a hacker can access or forge session information that the browser sends, they can access any user’s account on your site. Thankfully, modern web servers contain secure session-management code, which makes it practically impossible for an attacker to manipulate or forge a session. However, even if there are no vulnerabilities in a server’s session-management capabilities, a hacker can still steal someone else’s valid session while it’s in progress; this is called session hijacking. 

Session hijacking vulnerabilities are generally a bigger risk than the authentication vulnerabilities discussed in the previous chapter, because again, they allow an attacker to access any of your users’ accounts. This is such a tantalizing prospect that hackers have found many ways to hijack sessions. 

How Sessions Work

To understand how an attacker hijacks a session, you first need to understand what happens when a user and a web server open a session. When a user authenticates themselves under HTTP, the web server assigns them a session identifier during the login process. The session identifier (session ID)—typically a large, randomly generated number—is the minimal information the browser needs to transmit with each subsequent HTTP request so the server can continue the HTTP conversation with the authenticated user. The web server recognizes the session ID supplied with each request, maps it to the appropriate user, and performs actions on their behalf. 

Note that the session ID must be a temporarily assigned value that’s different from the username. If the browser used a session ID that was simply the username, hackers could pretend to be any user they pleased. By design, only a very small minority of possible session IDs should correspond to a valid session on the server at any given time.  

Besides the username, the web server typically stores other session state alongside the session ID, containing relevant information about the user’s recent activity. The session state might, for example, contain a list of pages the user has visited, or the items currently sitting in their shopping basket. Now that we understand what happens when users and web servers open a session, let’s look at how websites implement these sessions. There are two common implementations, typically described as server-side sessions and client-side sessions. Let’s review how these methods work, so you can see where the vulnerabilities occur. 

Server-Side Sessions

In a traditional model of session management, the web server keeps the session state in memory, and both the web server and browser pass the session identifier back and forth. This is called a server-side session. 

Historically, web servers have experimented with transferring session IDs in multiple ways: either in the URL, as an HTTP header, or in the body of HTTP requests. By far, the most common (and reliable) mechanism the web development community has decided upon is to send session IDs as a session cookie. When using session cookies, the web server returns the session ID in the Set-Cookie header of the HTTP response, and the browser attaches the same information to subsequent HTTP requests using the Cookie header.

Cookies have been part of the HyperText Transfer Protocol since they were first introduced by Netscape in 1995. Unlike HTTP-native authentication, they’re used by pretty much every website under the sun. (Because of European Union legislation, you’ll be well aware of this fact: websites are required by European law to inform  you that they’re using cookies.)

Server-side sessions have been widely implemented and are generally very secure. They do have scalability limitations, however, because the web server has to store the session state in memory. That means that at authentication time, only one of the web servers will know about the established session. If subsequent web requests for the same user gets directed to a different web server, the new web server needs to be able to recognize the returning user, so web servers need a way of sharing session information.

 

Client-Side Sessions

Because server-side sessions have proven difficult to scale for large sites, web server developers invented client-side sessions. A web server implementing client-side sessions passes all session state in the cookie, instead of passing back just the session ID in the Set-Cookie header. The server serializes session state to text before the session state is set in the HTTP header. Often, web servers encode the session state as JavaScript Object Notation  (JSON)—and deserialize it when returning it to the server. 

Client-side sessions do create an obvious security problem, however. With a naive implementation of client-side sessions, a malicious user can easily manipulate the contents of a session cookie or even forge them entirely. This means the web server has to encode the session state in a way that prevents meddling. One popular way to secure client-side session cookies is to encrypt the serialized cookie before sending it to the client. The web server then decrypts the cookie when the browser returns it. This approach makes the session state entirely opaque on the client side. Any attempt to manipulate or forge the cookie will corrupt the encoded session and make the cookie unreadable. The server will simply log out the malicious user and redirect them to an error page. Another, slightly more lightweight approach to securing session cookies is to add a digital signature to the cookie as it’s sent. A digital signature acts as a unique “fingerprint” for some input data—in this case, the serialized session state—that anyone can easily recalculate as long as they have the signing key originally used to generate the signature. Digitally signing cookies allows the web server to detect attempts to manipulate the session state, since it’ll calculate a different signature value and reject the session if there has been any tampering.

 

How Attackers Hijack Sessions

Now that we’ve discussed sessions and how websites implement them, let’s look at how attackers hijack sessions. Attackers use three main methods to hijack sessions: cookie theft, session fixation, and taking advantage of weak session IDs.

Cookie Theft

With the use of cookies being so widespread nowadays, attackers normally achieve session hijacking by stealing the value of a Cookie header from an authenticated user. Attackers usually steal cookies by using one of three techniques:

injecting malicious JavaScript into a site as the user interacts with it (cross-site scripting), sniffing network traffic in order to intercept HTTP headers (a man-in-the-middle attack), or triggering unintended HTTP requests to the site when they’ve already authenticated (cross-site request forgery). Fortunately, modern browsers implement simple security measures that allow you to protect your session cookies against all three of these techniques. You can enable these security measures simply by adding keywords to the Set-Cookie header returned by the server.

 

Cross-Site Scripting

Attackers often use cross-site scripting to steal session cookies. An attacker will try to use JavaScript injected into a user’s browser to read the user’s cookies and send them to an external web server that the attacker controls. The attacker will then harvest these cookies as they appear in the web server’s log file, and then cut and paste the cookie values into a browser session—or more likely, add them to a script—to perform actions under the hacked user’s session. 

Read More

Introduction to Ethical Hacking

 

What are the Objectives of Ethical Hacking?

If hacking per se today is bent on stealing valuable information, ethical hacking on the other hand is used to identify possible weak points in your computer system or network and making them secure before the bad guys (the black hat hackers) use them against you. It’s the objective of white hat hackers or ethical hackers to do security checks and keep everything secure.

That is also the reason why some professional white hat hackers are called penetration testing specialists. One rule of thumb to help distinguish penetration testing versus malicious hacking is that white hat hackers have the permission of the system’s owner to try and break their security.

In the process, if the penetration testing is successful, the owner of the system will end up with a more secure computer system or network system. After all the penetration testing is completed, the ethical hacker, the one who’s doing the legal hacking, will recommend security solutions and may even help implement them.

It is the goal of ethical hackers to hack into a system (the one where they were permitted and hired to hack, specifically by the system’s owner) but they should do so in a non-destructive way. This means that even though they did hack into the system, they should not tamper with the system’s operations.

Part of their goal is to discover as much vulnerability as they can. They should also be able to enumerate them and report back to the owner of the system that they hacked. It is also their job to prove each piece of vulnerability they discover. This may entail a demonstration or any other kind of evidence that they can present.

Ethical hackers often report to the owner of the system or at least to the part of a company’s management that is responsible for system security.  They work hand in hand with the company to keep the integrity of their computer systems and data. Their final goal is to have the results of their efforts implemented and make the system better secured.

As part of ethical hacking, you should also know the actual dangers and vulnerabilities that your computer systems and networks face. Next time you connect your computer to the internet or host a WiFi connection for your friends, you ought to know that you are also opening a gateway (or gateways) for other people to break in.

Network Infrastructure Attacks

Network infrastructure attacks refer to hacks that break into local networks as well as on the Internet.

A lot of networks can be accessed via the internet, which is why there are plenty out there that can be broken into. One way to hack into a network is to connect a modem to a local network. The modem should be connected to a computer that is behind the network’s firewall.

Another method of breaking into a network is via NetBIOS, TCP/IP, and other transport mechanisms within a network. Some tricks include creating a denial of service by flooding the network with a huge load of requests.

Network analyzers capture data packets that travel across a network. The information they capture is then analyzed and the information in them is revealed. Another example of a fairly common network infrastructure hack is when people piggyback on WiFi networks that aren’t secured. You may have heard of stories of some people who walk around the neighborhood with their laptops, tablets, or smartphones looking for an open WiFi signal coming from one of their neighbors. 

Non-Technical Attacks

Non-technical attacks basically involve manipulating people into divulging their passwords, willingly or not. The term social engineering comes to mind and it is the tool used in these kinds of attacks. An example of this is by duping (or even bribing) a coworker to divulge passwords and usernames. We’ll look into social engineering a little later on.

Another form of non-technical attack is simply walking into another person’s room where the computer is, booting the computer, and then gathering all the information that you need – yes it may sound like Tom Cruise and his mission impossible team, but in reality these non-technical attacks are a serious part of hacking tactics. 

Attacks on an Operating System

Operating system attacks are one of the more frequent hacks performed per quota. Well, it’s simply a numbers game. There are many computers out there and a lot of them don’t even have ample protection. There are a lot of loopholes in many operating systems – even the newest ones around still have a few bugs that can be exploited.

One of the avenues for operating system attacks is password hacking or hacking into encryption mechanisms. Some hackers are just obsessed with hacking other people’s passwords just for the sheer thrill of it.

Attacks on Applications

Apps, especially the ones online and the ones that deal with connectivity, get a lot of attacks.

Examples of which include web applications and email server software applications. Some of the attacks include spam mail (remember the Love Bug or ILOVEYOU virus back in 2000?). Spam mail can carry pretty much anything that can hack into your computer system. 

Malware or malicious software is also another tool in the hands of a hacker when they try to attack pretty much everything, especially apps. These software programs include Trojan horses, worms, viruses, and spyware. A lot of these programs can gain entry into your computer system online. Another set of applications that get attacked frequently are SMTP applications (Simple Mail Transfer Protocols) and HTTP applications (Hypertext Transfer Protocols). Most of these applications are usually allowed to get by firewalls by the computer users themselves. They are allowed access simply because they are needed by the users or a company for its business operations. 

Compromising Physical Security Flaws

Physical security is actually a vital part of information security. Hackers can eventually find access to one of your computers. They can’t get past your company’s firewall but they can install a hardware or software within your network inside your firewall by simply walking in the door and connecting a device into one of your employee’s computers.

Smaller companies that have few employees will have very little to worry about. These employees usually don’t allow a stranger to use their computers. Larger companies have a bigger problem – they have more employees, more computer hardware, and plenty of other access points that hackers can use.

Hackers may not always want to just install a piece of hardware and have a point of entry from the inside. They may just need to access a computer, steal some important documents, or grab anything that seems to contain some vital information. They will usually have an alibi when asked. They will try to enter a building through any door including outside smoking areas where employees go to, cafeteria doors, fire escapes, or any entry point that is available. They may even just tailgate employees reentering a building and all they need to say to get in is “thank you for keeping the door open.”

Read More