Skip to main content

INTRODUCTION TO ETHICAL HACKING


 Technology Brief

Information Security Overview

Information security ensures the confidentiality, integrity, & availability.

An organization without security policies & appropriate security rules are at great risk, & the confidential information & data related to that organization are not secure in the absence of these security policies.

An organization along well-defined security policies & procedures helps in protecting the assets of that organization from unauthorized access & disclosures.

Essential Terminologies

HACK VALUE – This is a value that denotes attractiveness, interest or something that is worthy.

ZERO-DAY ATTACK – This refers to threats & vulnerabilities that can exploit the victim before the developer identify or address & release patch for that vulnerability.

VULNERABILITY – IT refers to a week point, loophole or a cause in any system, software, or network which can be helpful & utilized by the attackers to go through it.

DAISY CHAINING – This is a sequential (logical order) process of several hacking or attacking attempts to gain access to network or systems, one after another, using the same information & the information obtained from the previous attempt.

EXPLOIT – This is a breach of security of a system through vulnerability, zero-day attack or any other hacking techniques.

DOXING – This refers to publishing information or a set of information associated with an individual.

PAYLOAD – In information security, payload is a section or part of a malicious & exploited code that causes potentially harmful activities & actions such as exploit, opening back door, & hijacking.

BOT – These are software that is used to control the target remotely to execute predefined tasks.

Elements of Information Security

CONFIDENTIALITY

Confidentiality means that only authorized user ca work with & see our infrastructure’s digital resources.

It also means that unauthorized user should not have any access to the data.

They are 2 to 3 types of data:

  1. Data at rest which can be encrypted at the storage level.
  2. Data in motion which can also be encrypted before transmission.
  3.  Data in processing which can be protected with access control.

INTEGRITY

Integrity means only authorized parties can modify data, systems, or network.

AVAILABILITY

Data & systems must be available to the authorized users.

If authorized users cannot get the data due to general network failure or denial-of-service (DOS) attack, then that is a problem as long as the business is concerned.

AUTHENTICITY

Authenticity is the process which identifies the user or device to grant privileges, access, & certain rules & policies.

The process of authentication through the combined function of identities & passwords can achieve authenticity.

NON-REPUDIATION

Non-repudiation is one of the Information Assurance (AS) pillars which guarantee the information transmission & receiving between the sender & receiver via different techniques such as digital signature & encryption.

Labels:

Comments

Post a Comment

Popular posts from this blog

WHY BECOME A CISSP

  CISSP means Certified Information Systems Security Professional CISSP is an (ISC)2 Certification (ISC)2 means The International Information System Security Certification Consortium (ISC)2 said CISSP is  THE WORLD PREMIER CYBERSECURITY CERTIFICATION Jobs that Typically Use or Require CISSP are as follows: Chief Information Officer Chief Information Security Officer Director of Security IT Director/Manager Network Architect Security Analyst Security Architect Security Auditor Security Consultant Security Manager Security Systems Engineer  As the Internet continues to change the world, corporations and other organizations are desperate to identify and recruit talented and experienced security professionals. They do this to protect the resources on which they depend to run their businesses in other to remain competitive. Some of the main reasons for becoming a CISSP are as follows: You will b...
Post a Comment
Read more

THE C|EHv10 (PRACTICAL) EXAM

  The C|EH (Practical) is a 6-hours practical exam built to exacting specifications by subject matter experts in the Ethical Hacking field. Professionals that posses the C|EH credential will be able to sit for an exam that will test their limits in unearthing vulnerabilities across major: ü Operating Systems ü Databases ü Networks To those who meet & exceed the skills level set, they will earn the new industry required certification – the C|EH (Practical) certification. C|EH (Practical) is available fully proctored (meaning you are being invigilated), online with remote facilities globally. The combined benefit of a practical exam that is fully proctored anywhere in the world will provide organizations with a skills-validated & trusted credential when employing cybersecurity professionals. With its global availability, organizations can now quickly train, test & deploy a cyber-ready workforce effectively. You can check EC-Council website for applic...
Post a Comment
Read more

AFTER PASSING THE CISSP EXAM

  After passing the CISSP exam, (ISC)2 will ask CISSP test taker to supply their endorsement documentation supported by an endorser/sponsor. For the endorsement, the application must be endorsed & digitally signed by an (ISC)2 certified professional. The (ISC)2 certified professional is anyone who: ü Is able to attest to test taker professional experience ü Is an active (ISC)2 credential holder in good standing. This will proof that the test taker indeed has the type of experience required to obtain this certification. The endorser/sponsor must sign the test taker endorsement document vouching for the security experience the test taker is submitting. The endorsed/sponsor will attest that the test taker assertions regarding professional experience are true to the best of the endorser’s/sponsor’s knowledge, & that the test taker are in good standing within the cybersecurity industry. So, the test taker has to be sure about his/her endorser/sponsor prior to r...
Post a Comment
Read more