Ethical hacking involves an authorized attempt to gain unauthorized access to a computer system, application, or data. Carrying out an ethical hack involves duplicating strategies and actions of malicious attackers. This practice helps to identify security vulnerabilities which can then be resolved before a malicious attacker has the opportunity to exploit them. Today, you can find Certified Ethical Hackers working with some of the finest and largest companies across industries like healthcare, financial, government, energy and much more!
Hacking experts follow four key protocol concepts:
- Stay legal. Obtain proper approval before accessing and performing a security assessment.
- Define the scope. Determine the scope of the assessment so that the ethical hacker’s work remains legal and within the organization’s approved boundaries.
- Report vulnerabilities. Notify the organization of all vulnerabilities discovered during the assessment. Provide remediation advice for resolving these vulnerabilities.
- Respect data sensitivity. Depending on the data sensitivity, ethical hackers may have to agree to a non-disclosure agreement, in addition to other terms and conditions required by the assessed organization.
Ethical hackers use their knowledge to secure and improve the technology of organizations. They provide an essential service to these organizations by looking for vulnerabilities that can lead to a security breach. An ethical hacker reports the identified vulnerabilities to the organization. Additionally, they provide remediation advice. In many cases, with the organization’s consent, the ethical hacker performs a re-test to ensure the vulnerabilities are fully resolved.
I have attended a session on the topic of ‘Introduction to Cyber Security’ organized by the Software Engineering Teaching Unit of the University of Kelaniya. Mr. Harsha Kalutarage presented session. Basically, Cyber security is the practice of defending computers, servers, mobile devices, electronic systems, networks, and data from malicious attacks. It’s also known as information technology security or electronic information security. The term applies in a variety of contexts, from business to mobile computing, and can be divided into a few common categories.
The session was covered under four major topics as follows:
Need for the cyber security
Cybersecurity is important because it protects all categories of data from theft and damage. This includes sensitive data, personally identifiable information (PII), protected health information (PHI), personal information, intellectual property, data, and governmental and industry information systems. Without a cybersecurity program, an organization cannot defend itself against data breach campaigns, making it an irresistible target for cybercriminals.
High-level understanding of CIA Goals
The CIA triad (also called CIA triangle) is a guide for measures in information security. It stands for Confidentiality, Integrity, and Availability. The goal of CIA triad pertaining to information security solutions especially applicable to business organizations. The CIA security triangle shows the fundamental goals that must be included in information security measures. The CIA triad serves as a tool or guide for securing information systems and networks and related technological assets.
Access control and its services
Access control is a method of guaranteeing that users are who they say they are and that they have the appropriate access to company data. At a high level, access control is a selective restriction of access to data. It consists of two main components: authentication and authorization. Authentication is a technique used to verify that someone is who they claim to be. Authentication isn’t sufficient by itself to protect data. It needs an additional layer called authorization, which determines whether a user should be allowed to access the data or make the transaction they’re attempting. Authentication and authorization can be done by numerous methods nowadays like use of passwords, voice command, bio metrics scan, fingerprints etc.
Role of machine learning in security
Machine learning has become a vital technology for cybersecurity. Machine learning preemptively stamps out cyber threats and bolsters security infrastructure through pattern detection, real-time cyber crime mapping and thorough penetration testing. A subset of artificial intelligence, machine learning uses algorithms born of previous datasets and statistical analysis to make assumptions about a computer’s behavior. The computer can then adjust its actions and even perform functions for which it hasn’t been explicitly programmed. With its ability to sort through millions of files and identify potentially hazardous ones, machine learning is increasingly being used to uncover threats and automatically squash them before they can wreak havoc.
Common security concerns related to computer-based systems
A computer system threat is anything that leads to loss or corruption of data or physical damage to the hardware and/or infrastructure. Knowing how to identify computer security threats is the first step in protecting computer systems. Mainly most of the computer-based systems have following kinds of threats and security concerns.
- Virus
- Trojans
- Worms
- Spyware
- Key loggers
- Adware
- Denial of Service Attacks
- Distributed Denial of Service Attacks
- Unauthorized access to computer systems resources such as data
- Phishing
To protect against viruses, Trojans, worms, etc. an organization can use anti-virus software. In additional to the anti-virus software, an organization can also have control measures on the usage of external storage devices and visiting the website that is most likely to download unauthorized programs onto the user’s computer. Unauthorized access to computer system resources can be prevented by the use of authentication methods. The authentication methods can be, in the form of user ids and strong passwords, smart cards or biometric, etc. Intrusion-detection/prevention systems can be used to protect against denial of service attacks. There are other measures too that can be put in place to avoid denial of service attacks.
