ethical hacking basics and cyber crime

22
Table of Contents Ch. No. Title Page No 1. What is cyber security? 1 1.1Why do we need cyber security? 1 1.2Cyber Law India. 1 2. Internet Threats 2-15 2.1 E-mail Threats. 2-4 2.2 Website Threats. 5-8 2.3 Network Threats. 9-11 2.4 Phone Threats 12 2.5 Debit and credit card threats. 13-14 2.6 Trojans, spywares and viruses. 15-16 2.7 Wi-Fi Security. 17 3. Some common methods used in attacks. 18-19 3.1 Phishing. 18 3.2 Password Cracking. 19 4. Security on Internet. 20 5. Career in Cyber Security. 21

Upload: neeraj-negi

Post on 08-May-2015

3.387 views

Category:

Education


0 download

DESCRIPTION

This PDF provides you base for learning Ethical Hacking and how to cope with cyber crime. You can also use it as your assignment. Actually I also prepared it for my SIP.

TRANSCRIPT

Page 1: Ethical Hacking Basics and Cyber Crime

Table of Contents

Ch. No. Title Page No

1. What is cyber security? 1

1.1Why do we need cyber security? 1

1.2Cyber Law India. 1

2. Internet Threats 2-15

2.1 E-mail Threats. 2-4

2.2 Website Threats. 5-8

2.3 Network Threats. 9-11

2.4 Phone Threats 12

2.5 Debit and credit card threats. 13-14

2.6 Trojans, spywares and viruses. 15-16

2.7 Wi-Fi Security. 17

3. Some common methods used in attacks. 18-19

3.1 Phishing. 18

3.2 Password Cracking. 19

4. Security on Internet. 20

5. Career in Cyber Security. 21

Page 2: Ethical Hacking Basics and Cyber Crime

What is Cyber Security?

Cyber security is information security as applied to computers and networks. The field covers all

the processes and mechanisms by which computer-based equipment, information and services

are protected from unintended or unauthorized access, change or destruction. Computer security

also includes protection from unplanned events and natural disasters.

Why do we need cyber security?

There are many numbers of reasons. The cyber community changes in an unbelievable pace.

The nature of the Internet as a tool for communication and education has been used and misused

for personal gain, which resulted in cyber-attacks and unprecedented rise in cyber-crime rates.

These rates are expected to increase more rapidly in the coming years if cyber security is not put

in place.

1-Hackers are everywhere, they find loopholes and vulnerabilities in our system and thus they

can read or manipulate our private data or confidential information. Moreover, they can create

backdoors so that they could access our system whenever they want.

2- Internet scams and frauds are rampant. These include phishing, a very organized cyber-crime,

which deceives people into giving their banking details.

3- Viruses, worms and malwares are very harmful for our computers and systems. They can slow

down our systems and even damage it. Malwares could send our logs to other person (hacker).

4- Spyware, as the name hints, can spy on you. A computer program automatically installed on

your computer, spyware tracks personal information you entered and sends it to its creator.

Cyber Law India: With anonymously growing of internet, it has become necessary to

make a body that has controls over the internet. Because one can miss use it and can commit

crimes. India also has a cyber-law. It covers these areas:-

1. The basic of Internet Security.

2. Basic information on Indian Cyber Law.

3. Impact of technology aided crime.

4. Indian IT act on covering the legal aspect of all online activities.

5. Types of Internet policies required for an organization.

6. Minimum Hardware and software, security measures required for an organization to

protect data.

Page 3: Ethical Hacking Basics and Cyber Crime

Internet Threats:-

E-Mail Threats

Electronic mail (email) is a widely used communication mechanism that can be categorized into

two basic types of web-based service: an open web-based email service and a closed web-based

service. The first category provides web-based email accounts to anyone for free or at a fee. The

second category provides email accounts that are managed by organizations for employees,

students, and members only. Commercial and social websites rely on the security of email

accounts. Large amounts of email exchanges are occurring daily, some of which contain personal

information, company secrets, and sensitive information. This makes email accounts very

valuable and becomes one of the main causes of email hacking.

Email spam

As rules that govern unsolicited emails tighten, spammers attempt to find new ways around

them. Attackers often send massive email broadcasts with a hidden or misleading incoming IP

address and email address. Some users may open the spam, read it, and possibly be tempted by

whatever wares or schemes are offered. If the spammer were to get a hold of a company‘s

sending email and IP address, the impact on the company's business would be devastating. The

Page 4: Ethical Hacking Basics and Cyber Crime

company‘s Internet connection would be terminated by its Internet Service Provider (ISP) if its

email and IP address are added to the black list of known spamming addresses. Effectively, this

would shut down the company‘s online business because none of the emails would reach their

destination.

Virus

Some emails incorporate a virus as a means of transportation. The Sobig virus is an example of

such technology, creating a spamming infrastructure by taking over unwilling participants‘ PC.

This was a major threat to email security as spam will continue to spread and trigger dangerous

viruses for malicious intent.

Phishing

This type of attack uses email messages from legitimate businesses that the user may be

associated with. Although the messages look authentic with all the corporate logos and similar

format as the official emails, they ask for verification of personal information such as the account

number, password, and date of birth. 20% of unsuspecting victims respond to them, which may

result in stolen accounts, financial loss, and even worse, identity theft.

Page 5: Ethical Hacking Basics and Cyber Crime

Email Privacy

To maintain privacy of your Email and to Protect our Email ID from being hacked

we must follow some basic steps as follows,

1. Enable two step verification in your Email accounts.

2. Enable Login-notification for your email and get notification in your mobile whenever

you login.

3. Set a strong password with a mix of alphabets, numbers and special characters.

4. Enable login- notification for you Facebook accounts to prevent unauthorized

access.

5. Enable HTTPS in your email settings and your Facebook account settings.

6. Never share your password with anyone. Even to your closest person.

7. Setup a recovery question which is difficult to answer and never setup an easy &

guessable answer to your security question.

8. Never click on any links sent through mail or chat. It may be a link which can steal

your cookie or inject any viruses.

9. Always check your address bar for proper website address before logging in.

10. Whenever you Need to Forward an Email to More than One Person use the BCC

Option to Write Addresses.

11. If you are Unable to Access Your Email Account Immediately Report it to the

Service

Provider. They Give You a Option of Forgot Password/Account Hacked etc.

12. Avoid Using FREE WIFI Access At Public Places.

Page 6: Ethical Hacking Basics and Cyber Crime

Website Threats:-

Website is set of related webpages hosted by a webserver, accessible via a network such as the

Internet or a private local area network through an Internet address known as a Uniform resource

locator. All publicly accessible websites collectively constitute the World Wide Web. A website

is scripted or written in languages like HTML, PHP, .net, XHTML, CSS, java script, J query etc.

Most used webservers are:-

Apache

IIS

Google

NGINX

Authentication Process of websites:

Most of the websites today requires the user to sign up for their services. And then we have to

sign-in each time when we need the service. Some common examples are Facebook, Gmail,

twitter, forums, shopping websites, internet banking, online storage, etc. Each website gets the

username and password from the user and sends it to the server, where it is verified by

comparing it with the details in its database and then the user is allowed to use the specific

service offered by the website. All these things happen in few seconds over the internet.

Page 7: Ethical Hacking Basics and Cyber Crime

Attacks on Websites & Web Applications

There are several Attacks performed on websites and web-based applications every minute, and

most of the attacks are due to improper coding and poor programming skills.

Some of the common attacks performed on website / web-

applications are as follows

1. SQL Injection

2. XSS

3. RFI & LFI Attacks

SQL Injection Attacks- An SQL injection is probably the most abundant programming

flaw that exists on the internet at present. It is the vulnerability through which an unauthorized

person can access various critical and private data. The SQL injection is not a flaw in the web or

DB server, but is a result of the poor and inexperienced programming practices. And it is one of

the deadliest as well as easiest attacks to execute from a remote location.

Let's see an example, where the username ‗admin‘ with the password ‗i3indya‘ can log into the

site. Suppose the SQL query for this is carried out as below:

SELECT USER from database WHERE username=' admin' AND password='amity'

Page 8: Ethical Hacking Basics and Cyber Crime

If the above SELECT command evaluates true, the user will be given access to the site otherwise

disallowed. Think what we could do if the script is not sanitized.. This opens a door for the

hackers to gain illegal access to the site.

In this example, the attacker can enter the following user data in the login form:

Username: a or 1=1—

Password: blank

So, this would make our query as:

SELECT USER from database WHERE username=' a' or 1=1-- ' AND password=''

Cross Site Scripting Attack ( XSS )

Cross Site Scripting or XSS is an attack which allows a hacker to insert malicious codes into the

webpage either temporarily or permanently. These codes which are inserted mostly run on client

side ( The end-user or victim ) and some on the server side ( Affecting all users of that website ).

It is a common vulnerability found in several web applications , Due to breaches of browser

security, XSS enables attackers to inject client-side script into Web pages viewed by other users.

There are two types of XSS,

1. Persistent XSS ( Stored XSS )

2. Non-Persistent XSS ( Reflected XSS )

Stored XSS

Stored XSS vulnerability is a more devastating variant of a cross-site scripting flaw, it occurs

when the data provided by the attacker is saved by the server, and then permanently displayed on

"normal" pages returned to other users who normally visit that page. A classic example of this is

with online message boards where users are allowed to post HTML formatted messages for other

users to read. This is a severe threat to the users of that website.

Reflected XSS

Reflected XSS vulnerability is the most common type of XSS. These vulnerabilities show up

when the data provided by a web client, most commonly in HTTP query parameters or in HTML

form submissions, is used immediately by server-side scripts to parse and display a page of

results for and to that user, without properly sanitizing the request.

Page 9: Ethical Hacking Basics and Cyber Crime

It is most commonly found in the search box of several websites which doesn‘t sanitize the input

given by the users. Which means it accepts special characters and other variables and allow

script to be run using the search box or other holes.

RFI & LFI Attacks

Remote File Inclusion ( RFI )

Remote File Inclusion (RFI) is a type of vulnerability of website which allows an attacker to

include a remote file, usually through a script on the web server. The vulnerability occurs due to

the use of user-supplied input without proper validation. This can be used just to display contents

of a file and can also be used for the following attacks-

A. Code execution on the web server

B. Code execution on the client-side such as JavaScript which can lead to other attacks such

as cross site scripting (XSS).

C. Denial of Service (DoS)

D. Data Theft/Manipulation

Local File Inclusion ( LFI )

Local File Inclusion ( LFI ) is a vulnerability where the local files of the webserver can be

accessed by anybody by using their website in a browser. The attacker can traverse the entire

directory of the webserver therefore allowing access to sensitive data and password files.

The LFI can be exploited by using ―../‖ to traverse one directory up in a webserver. Therefore if

multiple ―../‖ is used then the attacker can access the root directory of the webserver and view

sensitive files such as the passwords. Usually in Unix servers the folder containing the passwords

is in ―etc/passwords‖ file.Suppose if a site is vulnerable to LFI , then the example below will

display the contents of the password file of a Unix server.

www.examplesite.com/index.php?page=../../../../../../../etc/password

This is the RFI & LFI Attacks these can be prevented by restricting the access to folders and by

sanitizing the user inputs.

Page 10: Ethical Hacking Basics and Cyber Crime

Countermeasures:-

1- Secure Programming is needed for programmers to prevent website and website users from

being attacked

2-Users must be careful not to click on any unwanted links in websites.

3-Never use same password for different websites, even if one is compromised, you are safe.

4-Inputs must be sanitized in the web applications and web forms.

Page 11: Ethical Hacking Basics and Cyber Crime

Network Attacks:-

A computer network or data network is a telecommunications network that allows computers to

exchange data. In computer networks, networked computing devices (network nodes) pass data

to each other along data connections. The connections (network links) between nodes are

established using either cable media or wireless media. The best-known computer network is the

Internet.

Footprinting

Footprinting is the act of gathering information about a computer system and the companies it

belongs to. Footprinting is the first step hackers take in their hacking process. Footprinting is

important because to hack a system the hacker must first know everything there is to know about

it.First, a hacker would start gathering information on the targets website. Things a hacker would

look for are e-mails and names. This information could come in handy if the hacker was

planning to attempt a social engineering attack against the company.

Port Scanning

The point of port scanning a server is to detect its open ports the port‘s listening services. Once a

hacker knows all the services running on your server, he could search for possible vulnerabilities

they may have and exploit them to take control of our website. Along with finding out what ports

are running, the hacker needs to also find out what operating system the server is running. There

Page 12: Ethical Hacking Basics and Cyber Crime

are always a lot of operating system vulnerabilities out there to choose from. So by knowing the

operating system, the hacker‘s chances of taking over the server go up.

Denial-of-Service (DoS) – There are many types of DoS attacks, but they all have one

purpose: to make the target server unavailable for legitimate users. The most common type of

DoS attack is when the hacker sends a flood of information to the target server causing it to use

up all of its resources, and in return pushing it offline, or causing it to deny requests from

legitimate users trying to access it.

Buffer Overflow (BoF) – A buffer overflow happens when a program attempts to store

more data into a buffer, or a data storage area, then it was meant to hold. Because the buffer was

only meant to hold a certain amount of data, the extra information overflows into other buffers

causing them to be overwritten with malicious code created by the hacker. Once this code is

executed, the hacker can receive full control of the server.

ARP spoofing- It is a technique whereby an attacker sends fake (―spoofed‖) Address

Resolution Protocol (ARP) messages onto a Local Area Network. Generally, the aim is to

associate the attacker‘s MAC address with the IP address of another host (such as the default

gateway), causing any traffic meant for that IP address to be sent to the attacker instead.

ARP spoofing may allow an attacker to intercept data frames on a LAN, modify the traffic, or

stop the traffic altogether. Often the attack is used as an opening for other attacks, such as denial

of service, man in the middle, or session hijacking attacks.[2]The attack can only be used on

networks that make use of the Address Resolution Protocol (ARP), and is limited to local

network segments.

There are a few things we can do to stay secure from network hacking attempts-

1. Keep all your software up to date. There will always be new vulnerabilities coming out, and

your responsibility is to patch them immediately after a patch comes out.

2. Implement a firewall. This will keep most of the bad data out and good data in.

3. Install anti-virus software.

4. Scan your system with a vulnerability scanner. This may reveal possible vulnerabilities in your

system.

Page 13: Ethical Hacking Basics and Cyber Crime

Phone Hacking:-

Phone hacking is the practice of intercepting telephone calls or voicemail messages, often by

accessing the voicemail messages of a mobile phone without the consent of the phone's owner.

All smartphones, as computers, are preferred targets of attacks. These attacks exploit weaknesses

related to smartphones that can come from means of communication like SMS, MMS, wifi

networks, and GSM.

Malware Apps -Just as malware downloaded from the Internet can crack open our computer,

malware apps can leave our phone exposed. The major app stores usually try to prevent malware

apps from getting spread through their platforms, but malware apps do get through and can even

be distributed through Web pages as a download. Common sense is a fair barrier against

malware. Right now, the true extent of malware app penetration is unknown and may be

exaggerated.

Phishing-Phishing may be actually more effective on a mobile Internet browser because the

smaller address bar makes it less likely that a user will carefully check the address before

entering information. The best way to protect yourself from phishing is to enter important

addresses – those for sites where you will be entering private information – from scratch.

GSM encryption Algorithm –Sometimes algos used by GSM services could be cracked and

lead to voicemail hacking. Nohl working with others around the Internet -- has created a

guidebook for cracking the Global System for Mobile communication's 64-bit A5/1 algorithm,

which was adopted in 1988. 3G networks use 128-bit encryption to protect Relevant

Products/Services caller privacy and the new A5/3 algorithm is being "phased in," GSM

Association.

Countermeasures:-

Being skeptical-A user should not believe everything that may be presented, as some

information may be phishing or attempting to distribute a malicious application. It is therefore

advisable to check the reputation of the application that you want to buy before actually

installing it.

Permissions given to applications-The mass distribution of applications is accompanied by the

establishment of different permissions mechanisms for each operating systems. It is necessary to

clarify these permissions mechanisms to users, as they differ from one system to another, and are

not always easy to understand.

Mobile Antivirus- Many antiviruses for cell phones are available. E.g. Avast Mobile Security,

Quick Heal, Kasper Sky, etc.

Page 14: Ethical Hacking Basics and Cyber Crime

Credit Card & Debit Card Hacking:-

Nowadays Internet banking and credit cards are very common methods of funds transfer and

online shopping. And the most interesting thing is that it is done over SSL. So people always

have a misconception that their accounts cannot be hacked as their transactions are secured by

extra security Layer i.e. SSL but its quite easy to break the SSL. So its always better to secure

your computer and internet connection rather than depending on payment sites.

The fatal flaw that enabled the sensitive information to be stolen is possible when an end-user is

not properly educated on an easy to do and well-known SSL exploit – SSL MITM. The hackers

take benefit of that to get access your sensitive data. Hacker runs a series of utilities to redirect

other user‘s data through his machine. He runs a number of other utilities to sniff the data, act as

an SSL Certificate Server and to be the Man-the-Middle. He send us a fake SSL certificate, thus

we actually connect to his machine instead of bank‘s system. In this case, our credentials are

being transmitted between our browser and the hacker‘s machine. The hacker is able to grab that

traffic, and, because he gave us the certificate to encrypt the data/credentials, he can use that

same certificate to decrypt our data/credentials.

Page 15: Ethical Hacking Basics and Cyber Crime

Phising is also used to steal credentials.

Countermeasures:-

Educate the end-user on the Security Alert and how to react to it.

Utilize One Time Passwords, such as RSA Tokens, to prevent the reuse of sniffed credentials.

When using SSL VPN, utilize mature products with advanced features, such as Juniper‘s Secure

Application Manager or Network Connect functionality.

Page 16: Ethical Hacking Basics and Cyber Crime

Trojans, Spywares and Viruses

A Trojan or a Trojan Horse is a is a malicious application that acts like a legitimate file or

helpful program but whose real purpose is, for example, to grant a hacker unauthorized access to

a computer. Trojans do not attempt to inject themselves into other files like a computer virus.

Trojan horses may steal information, or harm their host computer systems.

Trojans are mostly embedded with legitimate software or downloaded from websites by some

Ads etc., It is a very dangerous form of Malware which can perform advanced operations like the

following,

1. Use of the machine as part of a botnet (e.g. to perform automated spamming or to

distribute Denial-of-service attacks)

2. Electronic money theft

3. Data theft (e.g. retrieving passwords or credit card information)

4. Installation of software, including third-party malware

5. Downloading or uploading of files on the user's computer

6. Modification or deletion of files

7. Keystroke logging

8. Watching the user's screen

9. Crashing the computer

10. Anonymizing internet viewing

Viruses

A computer virus is a type of malware that, when executed, replicates by inserting copies of

itself (possibly modified) into other computer programs, data files, or the boot sector of the hard

drive; when this replication succeeds, the affected areas are then said to be "infected".

Your computer may be infected if you recognize any of these malware symptoms:

Slow computer performance

Erratic computer behavior

Unexplained data loss

Frequent computer crashes

Page 17: Ethical Hacking Basics and Cyber Crime

Spywares

Spyware is software that aids in gathering information about a person or organization without

their knowledge and that may send such information to another entity without the consumer's

consent, or that asserts control over a computer without the consumer's knowledge. Spyware can

collect almost any type of data, including personal information like Internet surfing habits, user

logins, and bank or credit account information. Spyware can also interfere with user control of a

computer by installing additional software or redirecting Web browsers. Some spyware can

change computer settings, which can result in slow Internet connection speeds, un-authorized

changes in browser settings, or changes to software settings.

Worms

A computer worm is a standalone malware computer program that replicates itself in order to

spread to other computers. Often, it uses a computer network to spread itself, relying on security

failures on the target computer to access it. Unlike a computer virus, it does not need to attach

itself to an existing program. Worms almost always cause at least some harm to the network,

even if only by consuming bandwidth, whereas viruses almost always corrupt or modify files on

a targeted computer.

Security Against Malwares

1. Install a good antivirus. Free or Paid is good, but don‘t used cracked or pirated versions.

2. Install real-time anti-spyware protection

3. Update your Anti-virus programs daily.

4. Perform scans on your computer daily.

5. Disable autorun to prevent infection from pendrives.

Page 18: Ethical Hacking Basics and Cyber Crime

Wi-Fi Security.

Wireless/Wi-Fi is a technology which allows devices to connect with each other to exchange

data in a computer network or for connecting to high speed internet. It is also called WLAN. Wi-

Fi devices can connect to each other or to an access point to connect with each other and to the

internet. Wi-Fi devices works are based on IEEE 802.11 standards.

There are three types of Wi-Fi securities available-

1- Open Wi-Fi.

2- WEP.

3- WPA/WPA2.

WEP Cracking- Wired Equivalent Privacy (WEP) is a security algorithm for IEEE 802.11

wireless networks. WEP, recognizable by the key of 10 or 26 hexadecimal digits, was at one

time widely in use and was often the first security choice presented to users by router

configuration tools. WEP can be easily hacked using sniffing. Packet sniffing allows individuals

to capture data as it is transmitted over a network. Packet sniffer programs are commonly used

by network professionals to help diagnose network issues and are also used by malicious users to

capture unencrypted data like passwords and usernames in network traffic. Once this information

is captured, the user can then gain access to the system or network. Tools like Aircrack-ng and

Backtrack OS are capable of hacking any WEP encrypted network easily.

WPA/WPA2- It is an advancement to WEP . WPA2 also improves the security of Wi-Fi

connections by requiring use of stronger wireless encryption than what WPA requires.

Specifically, WPA2 does not allow use of an algorithm called TKIP (Temporal Key Integrity

Protocol) that has known security holes (limitations) in the original WPA implementation.

Several different forms of WPA2 security keys exist. WPA2 Pre-Shared Key (PSK) utilizes keys

that are 64 hexadecimal digits long and is the method most commonly used on home networks.

Security Tips:-

1. Change Default Administrator Passwords (and Usernames).

2. Turn on (Compatible) WPA / WEP Encryption.

3. Change the Default SSID.

4. Enable MAC Address Filtering.

5. Disable SSID Broadcast.

6. Assign Static IP Addresses to Devices.

7. Enable Firewalls On Each Computer and the Router

8. Turn Off the Network During Extended Periods of Non-Use.

Page 19: Ethical Hacking Basics and Cyber Crime

Some Common methods used in attacks

1- Phishing

Phishing is the act of attempting to acquire information such as usernames, passwords, and

credit card details (and sometimes, indirectly, money) by masquerading as a trustworthy

entity in an electronic communication. Communications purporting to be from popular social

web sites, auction sites, banks, online payment processors or IT administrators are commonly

used to lure unsuspecting public.

1. Attacker convinces the victim to click on the link of fake login page which resembles a

genuine login page.

2. Victim enters his credentials in fake login page that goes to attacker.

3. Victim is then redirected to an error page or genuine website depending on attacker.

Countermeasures:-

Do not reply to emails that request financial information, even if it appears to

be from a trusted source.

Do not reply to emails from unrecognized senders.

Secure websites are indicated by a lock on the browser's status bar or the prefix

"Https://" instead of Http://. "

Information from an email is temporarily stored on a computer's local disk and

can be retrieved by another user if it is not properly deleted.

If your browser has a pop-up blocker, enable it.

Do not copy any website addresses from a pop-up window into your browser.

Page 20: Ethical Hacking Basics and Cyber Crime

Password Cracking

Nowadays, passwords are the only form of security on most websites and computer systems. It

has become one of the most common and easiest ways for a hacker to gain unauthorized access

to your computer or network.

Social Engineering – Social engineering is when a hacker takes advantage of trusting human

beings to get information from them.

Dictionary Attack- A dictionary attack is when a text file full of commonly used passwords, or

a list of every word from the dictionary is used against a password database. Strong passwords

usually aren‘t vulnerable to this kind of attack.

Brute-force attack- Brute-force attacks can crack any passwords. Brute-force attacks try every

possible combination of letters, numbers, and special characters until the right password is found.

Brute-force attacks can take a long time. The speed is determined by the speed of the computer

running the cracking program and the complexity of the password.

Rainbow Tables- A Rainbow table is a huge pre-computed list of hash values for every possible

combination of characters. A password hash is a password that has gone through a mathematical

algorithm that transformed it into something absolutely foreign. A hash is a one way encryption

so once a password is hashed there is no way to get the original string from the hashed string. A

very common hashing algorithm used as security to store passwords in website databases is

MD5.Well when we login and submit our username and password, a script takes our password

and runs it through the md5 algorithm. The outcome hash is compared to the hash stored in the

database. If they are the same, we are admitted.

If I were to run the word ―cheese‖ through the md5 algorithm, the outcome would be

fea0f1f6fede90bd0a925b4194deac11.

Countermeasures:-

Use strong passwords upto atleast 10 characters with combinations of uppercase,

lowercase, numbers and symbols. E.g. – P@5$w0rD_)(*

Never ever use name, pet name, any relative‘s name, phone number, car number in

password which could be easily guessed.

Never use any password in more than one account or IDs.

Never click on any unknown link sent by any person, it could be phishing or cookie-

grabbing.

Never share password with any person.

Page 21: Ethical Hacking Basics and Cyber Crime

Security on Internet.

Hacking is another side of Cyber. Some people are very notorious and net savvy. They love to

keep, update themselves and bring innovative ideas. Hacker is one of them, spending almost all

time on internet and doing illegal activities and spreading it all over the world. Thus infecting the

internet and making people to do like those ultimately increasing cybercrimes.

Staying Safe on Internet

Internet is the playground of Hackers and Malicious programs, To be safe on the internet we

have to follow some basic rules.

1. Always Use Genuine Antivirus/Internet Security Software Regularly Updated with

Internet.

2. Keep your Firewall ON and Updated.

3. The Browser should be kept free from toolbars which get automatically installed on your

browser.

4. Never Save Your Passwords on your Browsers and Instant Messengers like Yahoo,

Google, and Skype etc.

5. Keep your Browser Temporary Cache, Cookies Clear on Regular Basis.

6. While Browsing Don't Install Shortcuts and Toolbars from Pop Ups and Ads.

7. Don't Download Pirated Stuff from Untrusted Sites. (e.g. Music, Videos, Free Software)

8. Always Install Software's Available at the Parent Sites.

9. Don't Click on Suspicious Links/Hyperlinks Which Are Luring and Tempting.

Page 22: Ethical Hacking Basics and Cyber Crime

Career in Cyber security

According to naukri.com there are 5800 vacancies in field of cyber security and

network security. Cybersecurity is one of the hottest fields in technology today

and the trend will continue for the foreseeable future. As noted in a ―Best Jobs‖

article on the CNN Money website, cyber security is among the top ten fastest

growing careers in America, with a 27% growth rate. All industries, from retail

sales to hospitals to power plants, are dependent on information technology

(IT), and cybersecurity is critical to ensuring IT assets are protected.

The Certified Ethical Hacker is a professional certification provided by the

International Council of E-Commerce Consultants (EC-Council.)

An ethical hacker is usually employed by an organization who trusts him or her

to attempt to penetrate networks and/or computer systems, using the same

methods as a hacker, for the purpose of finding and fixing computer security

vulnerabilities. Unauthorized hacking (i.e., gaining access to computer systems

without prior authorization from the owner) is a crime in most countries, but

penetration testing done by request of the owner of the victim system(s) or

network(s) is not.

A Certified Ethical Hacker has obtained a certification in how to look for the

weaknesses and vulnerabilities in target systems and uses the same knowledge

and tools as a hacker.

Companies like Google, Yahoo, IBM, etc. always look for people who can find

vulnerability and bugs in their systems and pay a lot of money.

Government organizations like CBI, NIA, Indian Army and other defense

services hire many cyber security analysts every year and an ethical hacker can

always build his own career as a white hat.

By:-

Neeraj Negi ([email protected])