Skip to main content

INTRODUCTION TO ETHICAL HACKING


 Technology Brief

Information Security Overview

Information security ensures the confidentiality, integrity, & availability.

An organization without security policies & appropriate security rules are at great risk, & the confidential information & data related to that organization are not secure in the absence of these security policies.

An organization along well-defined security policies & procedures helps in protecting the assets of that organization from unauthorized access & disclosures.

Essential Terminologies

HACK VALUE – This is a value that denotes attractiveness, interest or something that is worthy.

ZERO-DAY ATTACK – This refers to threats & vulnerabilities that can exploit the victim before the developer identify or address & release patch for that vulnerability.

VULNERABILITY – IT refers to a week point, loophole or a cause in any system, software, or network which can be helpful & utilized by the attackers to go through it.

DAISY CHAINING – This is a sequential (logical order) process of several hacking or attacking attempts to gain access to network or systems, one after another, using the same information & the information obtained from the previous attempt.

EXPLOIT – This is a breach of security of a system through vulnerability, zero-day attack or any other hacking techniques.

DOXING – This refers to publishing information or a set of information associated with an individual.

PAYLOAD – In information security, payload is a section or part of a malicious & exploited code that causes potentially harmful activities & actions such as exploit, opening back door, & hijacking.

BOT – These are software that is used to control the target remotely to execute predefined tasks.

Elements of Information Security

CONFIDENTIALITY

Confidentiality means that only authorized user ca work with & see our infrastructure’s digital resources.

It also means that unauthorized user should not have any access to the data.

They are 2 to 3 types of data:

  1. Data at rest which can be encrypted at the storage level.
  2. Data in motion which can also be encrypted before transmission.
  3.  Data in processing which can be protected with access control.

INTEGRITY

Integrity means only authorized parties can modify data, systems, or network.

AVAILABILITY

Data & systems must be available to the authorized users.

If authorized users cannot get the data due to general network failure or denial-of-service (DOS) attack, then that is a problem as long as the business is concerned.

AUTHENTICITY

Authenticity is the process which identifies the user or device to grant privileges, access, & certain rules & policies.

The process of authentication through the combined function of identities & passwords can achieve authenticity.

NON-REPUDIATION

Non-repudiation is one of the Information Assurance (AS) pillars which guarantee the information transmission & receiving between the sender & receiver via different techniques such as digital signature & encryption.

Labels:

Comments

Post a Comment

Popular posts from this blog

CISM-: INFORMATION SECURITY GOVERNANCE (LESSON ONE PART ONE)

      CERTIFIED INFORMATION SECURITY MANAGER (CISM) CERTIFICATION TRAINING DOMAIN ONE: INFORMATION SECURITY GOVERNANCE LESSON ONE: PART ONE DOMAIN DEFINITION Establish &/or maintain an information security governance framework & supporting processes to ensure that the information security strategy is aligned with organization goals & objectives. LEARNING OBJECTIVES ·         Understand the purpose of information security governance, what it consists of & how to accomplish it ·         Understand the purpose of an information security strategy, its objectives, & the reasons & steps required to develop one ·         Understand the meaning, content, creation & use of policies. Standards, procedures & guidelines & how they relate to each other ·         Develop business cases & gain commitment from ...
Post a Comment
Read more

CERTIFIED ETHICAL HACKER v10

  C|EHv10 CERTIFICATION DESCRIPTION The Certified Ethical Hacker (C|EHv10) certification program is a trusted & respected ethical hacking certification program that any information security professional will need. Certified Ethical Hacker (C|EH) didn’t gain the reputation & value it has by being easy to attain. It’s challenging examination that tests more than just simple memorization. It’s worth has elevated it as one of the top certifications a technician can attain. This certification actually means something to employers because they know the effort it takes to attain it. C|EH is used as a hiring standard & is a core sought after certification by many of the Fortune 500 organizations, governments, cybersecurity practices, & a cyber staple in education across many of the most prominent degree programs in top universities around the globe. Hundreds of thousands of InfoSec Professionals as well as career Starter have challenged the exam & for thos...
Post a Comment
Read more