This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.
Vulnerability is very essential in cyber security related mechanisms. In cyber security, vulnerability means the weak points and reduced the effectiveness of the system's standard and quality. The usage of this vulnerability is to identify the attacks over the cyber space system. Interdependencies between computer communication system and the physical infrastructure also become more complex as information technologies are further integrated into devices and networks. As information security continues to be foremost on the minds of information technology professionals, improvements in this area are critically important. One area that is very promising is penetration testing or Ethical Hacking. Due to the increasing vulnerability to hacking in today's changing security environment, the protection of an organization's information security system has become a business imperative. The most important issue now a days is the privacy of the user data, so we will be doing the comparative study of the various techniques by which we can protect our data from these attacks.
Keywords-vulnerability,Ethical Hacking,security, Denial Of Services, SQL Injection, Session Hijacking, Trojans and Backdoors, Viruses and Worms
The term of Cyber security deals with protecting the information from attackers and unauthorized persons. It can protect the information by preventing, detecting, and responding to attackers problems. Cyber security is determined with cyberspace safe from threats; it is called cyber-threats. Cyber-threats was applied the malicious use of information and communication technologies (ICT) or the behavior of the attackers.
There are various types of attacks have been detected till now. Some of them are Denial Of Services, SQL Injection, Session Hijacking, Trojans and Backdoors, Viruses and Worms. The attacks have used several techniques to crash, hang up, and the most importantly to steal the data from servers and computers. There are various kinds of techniques, mechanisms and softwares present to overcome these attacks. One of them is Penetration Testing. Penetration testing can help close the gap between safeguarding of an organization's security system and the exposure of its security risks by assessing whether the security controls are adequate and working effectively.
need of "cyber attacks and security" study
The attack surface is growing at an exponential rate
Security challenges are increasing in number and scopeâ€¦
Increased threats and compliance requirements require more automated, proactive approaches to securityâ€¦
Information security and security attacks
Various principles and practices employed to safeguard the information existing on computer machines and within computer networks against damage, misuse and modification through any attack or accident are encapsulated under information security. Whereas any unauthorized access, monitoring or mishandling of information with an intention of misusing it, can be termed as an information security attack. These security attacks are classified into two major categories
Passive attacks- Any attack on the information or system resources without making any change or damage to them is called as passive attack or interception. The term passive indicates that the attack does not attempt to perform any modifications to the data. That is why passive attacks are harder to detect. There are two categories of passive attacks: Release of data contents and monitoring the network traffic.
Active attacks- all attacks that exert a direct impact or damage to the structure, validity and availability of information can be grouped under the class of active attacks. In active attacks, the contents of the original message are modified in some manner. These attacks can be in the form of interruption (masquerade), modification and fabrication (ddos).
various attacking mechanisms
Distributed Denial of Services- In DDoS attacks, hackers may scan millions of machines connected to the Internet and look for unprotected ports, vulnerable services, and other weaknesses that will let them gain root access. Once hackers gain access, they simultaneously install daemons on intermediate machines through batch processes. The daemons then quietly listen to network traffic and wait for commands from the hacker's master machines to launch the DDoS assaults. Generally, the only way an organization can stop a DDoS attack once it starts, is to identify the addresses of all zombies sending DDoS packets and shut off traffic from them.
During the three days of last February's denial-of service attacks, overall Internet traffic slowed, based on performance measurements conducted by Keynote Systems, a provider of Internet performance-measurement and consulting services. Keynote measured Internet performance by determining the average time it took to access and download the home pages of 40 important business Web sites every 15 minutes during business hours from 66 Internet access points in 25 US metropolitan areas.
Session Hijacking- session hijacking is the man in the middle attack in which attacker listen to the traffic and sniffs all the packets on the network by using the sniffer like, wireshark, ethereal, etc. Using the captured packets attackers then tries to extract user information like usernames and passwords etc. To further the attack. All the captured information may not be useful, but if attacker retrieves any sensitive information about the user then that can be used to steal the confidential information from user's account or damage the user's account.
SQL injection - SQL injection vulnerabilities have been described as one of the most serious threats for Web applications. Web applications that are vulnerable to SQL injection may allow an attacker to gain complete access to their underlying databases. Because these databases often contain sensitive consumer or user information, the resulting security violations can include identity theft, loss of confidential information, and fraud. In some cases, attackers can even use an SQL injection vulnerability to take control of and corrupt the system that hosts the Web application. SQL injection refers to a class of code-injection attacks in which data provided by the user is included in an SQL query in such a way that part of the user's input is treated as SQL code. By lever- aging these vulnerabilities, an attacker can submit SQL commands directly to the database. These attacks are a serious threat to any Web application that receives input from users and incorporates it into SQL queries to an underlying database. Most Web applications used on the Internet or within enterprise systems work this way and could therefore be vulnerable to SQL injection. The cause of SQL injection vulnerabilities is relatively simple and well understood: insufficient validation of user input. To address this problem, developers have proposed a range of coding guidelines that promote defensive coding practices, such as encoding user input and validation. An example application that contains SQL injection vulnerability. We use this example in the next section to provide attack examples.
1. String login, password, pin, query
2. login = getParameter("login");
3. password = getParameter("pass");
3. pin = getParameter("pin");
4. Connection conn.createConnection("MyDataBase");
5. query = "SELECT accounts FROM users WHERE login='" +
6. login + "' AND pass='" + password +
7. "' AND pin=" + pin;
8. ResultSet result = conn.executeQuery(query);
9. if (result!=NULL)
Trojans and Backdoors- A new game, new free software or an electronic postal card can be a Trojan and it can harm your data or makes a backdoor and your system. Therefore we should be careful about what ever software, an unknown person offers to us. As you can guess, a backdoor is an unusual way which an attacker can use it to get into the system. Normal users use login boxes and password protected ways to use the system. Even system administrator may add some security features to this system to make it more protect, but the attacker can easily use installed backdoor to get into system without any password or authenticating. Most of attackers like to protect their backdoor on victim system. They do not like that some another attacker use the same vulnerability to get into victim system and change their configurations. That is why an expert attacker after getting access protects vulnerability which is used for getting access to the system. Although the system could be in a company and somebody else use that for working, but attacker is the owner of system and can install any application or use stored infractions which is exists on that system. Sometimes attacker makes a very secure backdoor even much safer than normal way to get into system. A normal user may use only one password for using the system but a backdoor may needs many authentications or SSH layer to let attacker use the system. Usually it is harder to get into the victim system from installed backdoor in compare with normal logging in.
Viruses and Worms- Like biological viruses, computer viruses reproduce by attaching to a normal program or document and taking over control of the execution of that program to infect other programs. Early viruses could spread slowly mostly by floppies (such as the 1986 Brain virus), but the Internet has made it much easier for viruses to move among computers and spread rapidly. Networks have created a fertile environment for worms, which are related to viruses in their ability to self-replicate but are not attached to other programs. Worms are standalone automated programs designed to exploit the network to seek out vulnerable computers.
What are potential liabilities?
Major liability may be incurred from, individual litigation, class litigation, regulatory investigation, contract dispute, loss of customers, reputation damage, data theft, denial of service, cyber-terrorism, cyber-extortion, and fraud.
Ingress and Egress filters - The Internet service providers (ISPs), universities, other organizations that provide users with dial-up Internet access, and large companies should install ingress and egress filters in their networks. These filters are designed largely to stop Internet packets with spoofed return IP addresses (which are frequently used to carry out DDoS attacks) from entering or leaving networks. In some cases, the filters also admit traffic only from authorized sources. The filters look for packets with addresses that should not be found entering or leaving a particular network. For example, traffic should not be entering a network with IP addresses that belong only on packets generated within the network or with non-routable addresses, such as those set aside for use only for transmissions within private networks. IP version 6 also offers authentication, so as more network equipment vendors support the protocol, users will have more protection against DDoS attacks.
Intrusion Detection Technique - This IDS system is based on a machine learning technique that is trained using a set of typical application queries. The technique builds models of the typical queries and then monitors the application at runtime to identify queries that do not match the model. In their evaluation. The system is able to detect attacks with a high rate of success. However, the fundamental limitation of learning based techniques is that they can provide no guarantees about their detection abilities because their success is dependent on the quality of the training set used. A poor training set would cause the learning technique to generate a large number of false positives and negatives.
Proxy Filters- Security Gateway is a proxy filtering system that enforces input validation rules on the data flowing to a Web application. Using their Security Policy Descriptor Language (SPDL), developers provide constraints and specify transformations to be applied to application parameters as they flow from the Web page to the application server. Because SPDL is highly expressive, it allows developers considerable freedom in expressing their policies. However, this approach is human-based and, like defensive programming, requires developers to know not only which data needs to be filtered, but also what patterns and filters to apply to the data.
Virtual Private Network- it is a type of private network which is implemented over the public channel to connect to the remote host. By enabling this technique we can protect any resources that will access the infrastructure from outside via internet in an encrypted manner using various cryptography technologies.
Signatures- Before using software you should be in sure about the application which you want to run. Many of developers use MD5 algorithm to make a hash string from their final application. After downloading any application and before running you can calculate the hash string of executable application and compare it with given hash string which is exists on developer's website. If hash strings were same you can understand nobody changes executable file and you can execute it. But before execution you should have trust to developer. There are many third-party companies, like VeriSign, which they give some keys for signing applications to the developers. If any application had this signature you can be in sure that the company is trusted and application is valid and safe for execution. If you do not know all of trusted software companies, you can trust to your trusted third-party company which guarantees the software company.
Ethical Hacking & Penetration Testing
Definition- Ethical hacking and penetration testing is a preventative measure which consists of a chain of legitimate tools that identify and exploit a company's security weaknesses. It uses the same or similar techniques of malicious hackers to attack key vulnerabilities in the company's security system, which then can be mitigated and closed. In other words, penetration testing can be described as not "tapping the door", but "breaking through the door". These tests reveal how easy an organization's security controls can be penetrated, and to obtain access to its confidential and sensitive information asset by hackers.
Penetration Testing: "Red Team"- Penetration testing generally consists of small group of teams from external auditors or consulting firms that provide penetration testing services. These teams are also known as "red teams". Internal staff should not be part of the red team because it violates the basic principle of self-reviewing one's own system. Thus, it is expected that external personnel have minimal or no previous knowledge of the system and can conduct a closer and more realistic simulation as malicious hackers. Nevertheless, background checks, such as qualifications, good reputation, and experience, should be performed because the team will be dealing with confidential and sensitive information. They should also be supervised by someone who will be held responsible for any failures. Thus, the main objective of the red team is to simulate the same or similar hacker activities by exploiting security vulnerabilities under a controlled testing environment. By doing so, these security gaps can be eliminated by the organization before unauthorized users can truly exploit them.
Penetration Testing Techniques- There are various technical and non-technical techniques that can be utilized as part of the penetration testing process to address the internal and external threats. The following is a list of the most common tools used in a penetration test:-
Denial of Service- This testing depends on the organization's commitment of having continuous availability of the information system. The red team evaluates the system's vulnerability to attacks that will either cause the system to deny service from legitimate access, or to become totally unavailable due the inability to handle high volume of traffic, such as instantly sending millions of spam messages to the organization's mail server.
War dialing- This testing consists of systematically calling numerous telephone numbers in order to identify "modems, remote access devices and maintenance connections that are present in an organization's network. Once identified, exploitation techniques, such as strategic attempts to guess the username and password, are performed to assess whether the connection can be used as a way to penetrate into its information security system.
Wireless Network- Penetration testers will drive or walk around the office buildings to identify opened wireless networks of the organization that should have not been present in the first place. The purpose is to identify security gaps or errors in the "design, implementation and operation" of a company's wireless network system.
Social Engineering- Penetration testers would attempt to deceive the organization's employees and suppliers in order to gather sensitive information and penetrate into an organization's systems, such as claiming to be an IT representative and asking for the users' login and passwords. Even though this is a non-technical testing which involves human-related features, it is viewed as equally important to determine whether unauthorized users can gain access to the information system.
Google Hacking- Since Google is the one of the most common search engines widely used by organizations, penetration testers should consider Google hacking as an effective web security practice. It uses the search engine to locate personal or sensitive information by taking advantage of Google's function of optimizing the search results anywhere in the websites. For instance, tests have found a directory with the social insurance number of more than 70 million deceased persons, and passport documents.
Benefits of Penetration Testing- Penetration testing can help close the gap between safeguarding of an organization's security system and the exposure of its security risks by assessing whether the security controls are adequate and working effectively. As IT attacks are always changing in "nature, complexity and method", penetration testing can be viewed as a solution to the evolving security threat environment and assist the organization's IT system to stay constantly attentive and updated as part of the its overall security strategy.