Skip to main content

Ethical Hacking & Security Against Cyber Crime

ETHICAL HACKING & SECURITY AGAINST CYBER CRIME

ETHICAL HACKING & SECURITY AGAINST CYBER CRIME

By ABHISHEK YADAV

ABSTRACT

This paper explores the fast growing Cyber world and its components over the internet. The fast growing Internet has benefited the modern society in form of e-commerce, e-mail, online banking or system, advertising, vast stores of reference material etc. But, there is also a dark side, internet become a common and easy tool for the criminal activity using the weak link and vulnerability of internet. In this paper the author concentrated over the several hacking activity that come under the Cyber crime. It is also highlights the role of ethical hacker to evacuate from the culprits and cybercrime and illustrate on proactive approach to minimize the threat of hacking and Cyber crime. Keywords: Hacking, Security, Cyber Crime, Ethical, Threat, Vulnerability.

INTRODUCTION

Security is a state of well being of information and infrastructure in which the possibility of successful yet undetected theft, tempering and disruption of information and services are kept to low tolerable.
  • Network security: Protecting a network and data, computer program, other computer system assets from unwanted intruders, and unauthorized user.
  • Information Security: Protecting information and information systems from unauthorized access, use, disclosure, disruption, modification or destruction.

    • There are following security services issues as given below.

  • Confidentiality
  • Authentication
  • Integrity
  • No repudiation
  • Access control
  • Availability
  • Authorization.

1. Hacking

The word “Hacking” term refers to the hobby/profession of working with computers. It is describe the rapid i-manager’s development of new program or reverse engineering of existing software to make code better and efficient. Hacking divided into two terms:
  • Ethical Hacking
  • Unethical Hacking
1.1 Ethical Hacking: The practice of breaking into computers without malicious intent, simply to find security hazards and report them to the people responsible. Ethical hacker refers to security professional who apply their hacking skills for defensive purpose and constructive purpose.
1.2 Unethical Hacking: Unethical Hacking is “cracking”. Cracking activities is breaking the computer security without authorization or uses technology, or tools (usually weak links of a computer, phone system or network) for vandalism, credit card fraud, identity theft, piracy, or other types of illegal activity. So, cracker is refers to person who uses hacking skills or computer system knowledge in offensive purpose.

What is Cyber Crime?

Cyber crime is the leveraging of a target's computers and information, particularly via the Internet, to cause physical, real-world harm or severe disruption of infrastructure. According to Kevin G. Coleman at al. Cyber crime is defined as “The premeditated use of disruptive activities, or the threat thereof, against computers and/or networks, with the intention to cause harm or further social, ideological, religious, political or similar objectives or to intimidate any person in furtherance of such objectives.”

2. Importance of Ethical Hacking and How Minimize The Security Threats

Ethical Hacker is network and computer security professional who apply their knowledge and skills in defensive purpose. Roles of ethical are following:
  • Evaluate the Weak links of network and computer system.
  • Find out the malicious contents from the network traffic.
  • Trace out the cyber culprits by using some tools and tracing tools etc
  • Shut down all the doors of network and operating system and information system for security pirates.
  • Ethical hacker work as security advisor of network and computer system.
  • Diagnose the security threat of the system
    • Restricts the unauthorized access of network or system by installing advanced security or IDS system.
  • Protect the information system or network from Penetrating Testing.

3. Major Disaster of Unethical Hacking

Unethical hacking is cyber crime and being use as prominent arm to make crime and cause millions harm every day.

3.1 9/11 demotion:Most cruel face of this unethical hacking, are hack the account, identity, penetrating in unauthorized network or system and sniffing the data etc not only for money but also spread terrorism. 9/11 demolition is example of such kind of hacking which shocked the whole world and challenged the USA network security. In this terrorist attack, all information are transfer over network using new technique stenography through which all the encoded textual information was hidden into funny image by advanced program.

3.2 Virus attack: The damage was not done to a person but to the masses is the case of the Melissa virus. The Melissa virus first appeared on the internet in March of 1999. It spread rapidly throughout computer systems in the United States and Europe. It is estimated that the virus caused 80 million dollars in damages to computers worldwide.

4. Social Awareness and Precaution During Net Surfing

  • Should not click any hyperlink if you are not sure about the link.
  • Should not create unnecessarily many email account.
  • Should not use anonymous user id and password for net surfing.
  • System should be password protected and should automatically lock when system is idle for long time.
  • Destroy all the important material related to system, network, or id so that dumpster diving cannot be done.
  • User id and password should be strong with special character and should be change periodically.
  • We should not provide your personal information unnecessarily to unknown sites or we are not sure about sites credibility.
  • Use encryption and digital signature etc. techniques to transfer the important data.
  • We should always avoid checking unknown greetings, downloading screen saver, free software.
  • We should avoid to uses of pirated software.
  • Vendor-supplied software should be free from bugs, missing operating system patches, vulnerable services, and insecure choices for default configurations.

5. Some System and Devices for Network Security

5.1 Intrusion Detection Systems (IDS):14 i-manager’s Journal on Information Technology, Vol. 5  No. 1  December 2015 – January 2016
An IDS monitors network traffic and monitors for suspicious activity and alerts the system or network administrator. IDS may also respond to anomalous or malicious traffic by taking action such as blocking the user or source IP address from accessing the network. There are Network based (NIDS) and Host based (HIDS) Intrusion Detection Systems. Host Intrusion Detections Systems (HIDS) are run on individual hosts or devices on the network and Network Intrusion Detection systems (NIDS) are placed at a strategic point within the network to monitor traffic to and from all devices on the network.
5.2 Firewall: A firewall is a system that is set up to control traffic flow between two networks. Firewall is effective means of protecting network system from the threats and a single choke point that keeps unauthorized user out of the protect network, prohibits potentially vulnerable services from entering and leaving the services.

5.3 Packet Filtering Firewall:A packet filtering firewall applies a set of rules to each incoming packets and then forwarding or discarding them. These rules are based on source IP, port no, UDP, TCP etc.

5.4 Port Scanning:A port scanner is a program which attempts to determine a list of or range of open TCP, UDP, etc. ports on a list or range of IP addresses. Port scanners are used for network mapping and for network security assessments. So, we have knowledge to disable (close) all doors (port) to prohibit the pirates to enter in network.

5.5 IPSec:IPSec is a protocol suite which is used to secure communication at the network layer between two peers. When end-to-end security is required, it is recommended that additional security mechanisms such as IPSec or TLS, be used inside the tunnel, in addition to L2TP tunnel security.

5.6 ISAKMP:“Internet Security Association and Key Management Protocol” is a protocol for establishing Security Associations (SA) and cryptographic keys in an Internet environment. ISAKMP defines the procedures for authenticating a communicating peer, creation and management of Security Associations, key generation techniques, and threat mitigation e.g. denial of service and replay attacks.

6. Network Security Essentials and Tools

6.1 Network Auditing: Network auditing software is an important security tool. It provides IT administrators with a two-pronged approach to network security. First, it provides an accurate view of the entire network and subnets, making it easier to spot any open ports, unaccounted for components or other discrepancies. Second, it allows prompt action to protect against any open vulnerability. Network security is not just about protecting an individual computer; it is also about identifying and correcting vulnerability found in the entire network. Network auditing is fast becoming an indispensable tool in the maintenance of a healthy network.

6.2 Network Scanning Strengths:A network-based scanning assessment might detect extremely critical vulnerabilities such as miss configured firewalls or vulnerable web servers in a DMZ that could provide a stepping stone to an intruder and allow them to quickly compromise an organization's security. Network scanners provide a comprehensive view of all operating systems and services running and available on your network.

6.3 Host-based Scanners:Host-based scanners detect signs that an intruder has already infiltrated a system. These hacker traces include suspicious file names, unexpected new files, device files found in unexpected places. Network and host-based scanning technologies provides the best vulnerability assessment for measuring an organization's security risks.

6.4 DMZ (Demilitarized Zone):web server, data server, mail server and protect our i-manager’s DMZ is a firewall configuration for securing LAN. DMZ is a buffered zone that placed between the trusted network (LAN) and un-trusted network (WAN or Internet). This consider as Screened subnet or separate network. DMZ is additional firewall rules, meaning that incoming requests reach the firewall directly. In a true DMZ, incoming requests must first pass through a DMZ computer before reaching the firewall. So, DMZ is technique to protect our network from pirates.

7. Wi-Fi Network Security

802.11 wireless LAN protocols (i.e. Wi-Fi protocol) have become the most popular protocol for wireless networking. So Wi-Fi network are most vulnerable if network administrator is completely aware about the security issues. So hacker can penetrate in our network with hiding their identity. Two WEP and WPA are used to protect the wi-fi network. WEP (Wireless Equivalent Privacy) is an optional encryption standard for Wi-Fi network, implemented in the MAC layer. WEP uses a secret 40 or 64-bit key to encrypt and decrypt datagram. Wi-Fi Protected Access (WPA) is a certification(Authentication) program created by the Wi-Fi Alliance. WPA improves on the authentication and encryption features of WEP. One of the key technologies behind WPA is the Temporal Key Integrity Protocol (TKIP). TKIP addresses the encryption weaknesses of WEP.

Conclusion

Internet is serving the modern society in several ways. But, It has several security breaches. These security breaches can be misused by black hats for offensive purpose. So, it is mandatory to determine the vulnerable points of the information system. There are various tools like firewall, gateways, IPSec, DMZ, network auditing, etc. evaluating the breaches and mitigating them by using tools and taking proactive action against them for averting from disaster. Our some precaution and proactive action can eliminate the hazard and cyber terrorism.
Copyright © 2018-2019 Abhishek Yadav
For Downloading this webpage:-Click Here
For Downloading this webpage written in HTML5 language:-Click here
Download the file for android(made by me) by kali Linux:-venom.apk

Comments

Post a Comment

Popular posts from this blog

Dragon Blood-Dragon Fly WPA3 Vulnurability-Explained | Network Security | Ethical Hacking

Currently, all modern Wi-Fi networks use WPA2 to protect transmitted data. However, because WPA2 is more than 14 years old, the Wi-Fi Alliance recently announced the new and more secure WPA3 protocol. One of the main advantages of WPA3 is that, thanks to its underlying Dragonfly handshake, it's near impossible to crack the password of a network. Unfortunately, we found that even with WPA3, an attacker within range of a victim can still recover the password of the network. This allows the adversary to steal sensitive information such as credit cards, password, emails, and so on, when the victim uses no extra layer of protection such as HTTPS. Fortunately, we expect that our work and coordination with the Wi-Fi Alliance will allow vendors to mitigate our attacks before WPA3 becomes widespread. The Dragonfly handsh ake, which forms the core of WPA3, is also used on certain Wi-Fi networks that require a username and password for access control. That is, Dragonfly is
1 comment
Read more

KV NTPC Deeptinagar Library Application

It is a Application builted on Java and XML in Android Studio mainly for Android OS. This is an educational purpose application. This is builted on WebView Method of Android Application. Donwload App:- Download Now Download Source Code:- Source Code Link used as WebView:- Visit KV Library For more information visit my YouTube Channel:- YouTube Channel
1 comment
Read more

HTML 5 and CSS3 Fundamentals,Making Webpages-Computer Markup Language-Fundamentals of Computer Science

HTML5 and CSS3 Fundamentals HTML5 and CSS3 Fundamentals Home About Contact Background Every Web Developer Needs to Know Introduction In this article I'll describe the World Wide Web from a high level perspective, focusing on how a web page is request and delivered from a web server to a web browser. Then, I want to talk about web browsers, how they interpret the HTML you write, differences between browsers, what are standards and to paraphrase the old joke "if Standards are so great, why are there so many of them?" Finally, I'll talk about the thought process behind HTML5 and CSS3, why they were introduced and what they hope to achieve. A Brief Technical Overview of the World Wide Web The World Wide Web started out as a means for sharing scientific resources like research documentation between governmental and academic institutions. It took time for the technologies and practices to evolve beyond its original pu
2 comments
Read more