General Aware Ness On Cyber Security & Ethical

General Aware ness on Cyber security & Ethical Hacking training program

INNOBUZZ PUNE 1

From

Diwakar Sharma

Agenda • General awareness of Cyber security

• Hacker and Hacking

• Statistics of attacks

• Computer Threats & Attacks

• Computer Measures

• Ethics & Legality

• Cyber Crime and offence

• Cyber Law IT Act 2000 & Amended Act 2008

• Cyber Crime Investigation

• What is Ethical Hacking ?

• What do a Ethical Hacker do?

• Ethical Hacking as a career.

• How INNOBUZZ can help ?

• Placement & Project Life cycle support

INNOBUZZ PUNE-Training in Ethical Hacking & Cyber Security 2

Cyber Threats & security ?


Hacker and Hacking

• Hacking: An attempt to explore the existing

vulnerability of computer/ network /web

application/ web server with and without

knowledge of user.

• Hacker - A person who modifies something to

perform in a way that was different than it was

made to do. Not just to do with computer

hacking, but in this case it is.

• Cracker - Crackers are people who break into a

computer system for an offensive purpose, for

example defacement. A cracker is still a hacker.


What does it take to differentiate hacker& Cracker? • Methods

– Network enumeration

• Discovering information about the intended target.

– Vulnerability analysis

• Test the system.

– Exploitation

• Exploit vulnerabilities on the system.

– Accessing Tools

• Social engineering, Virus, Trojans, Worms, Key Loggers, etc.

• Attitude – White Hat

• Non-malicious reasons, enjoy learning (ex. testing their own security

system)

– Grey Hat

• Beyond the point of a malicious intend

– Black Hat/Cracker

• Malicious reasons, uses technology for a wrong end, linked to illegal

activity

– Script kiddie

• Non-expert, uses automated tools by other creators

– Hacktivist

• Defends ideological, religious or political means


Computer Threats & Attacks

• Spam

• Spoofing

• Phishing

• Viruses

• Worms

• Trojan horses

• Spyware

• Tampering

• Repudiation

• Information Disclosure

• Denial of Service

• Elevation of Privilege

• Pirated Software


Computer Measures

• Computer measures

• Security software tools

• Encryption

• Firewalls

• Network Security Protocol

• Authentication

• Intrusion detection

• Access Control

• Virtual Private Network


Ethics & Legality

• Companies and individuals hoping to protect

their systems and information, while also

avoiding inadvertent violations of the law

themselves, face the challenge of working

within this confusing and evolving legal

framework.

• Enacted on 17th May 2000- India became 12th

nation in the world to adopt cyber laws.

• IT Law covers mainly the digital information

(including information security and electronic

commerce) aspects and it has been described as

"paper laws" for a "paperless environment".


Cyber Crimes & Offences

• Hacking

• Spreading of Viruses

& Worms

• Data Theft

• Credit Card Frauds

• Cyber Terrorism

• Money Laundering

• Cyber Stalking

• Defamation

• Intellectual Property

Theft

• Identity Theft

• Invasion of Privacy

• Child Pornography

• Online Gaming

Online Gambling

• Online Frauds ( 419

Scams, Lottery

Scams)

• Sale of illegal articles

• Tampering of Source

Documents

• Financial Frauds


Offence& Relevant Section under IT ACT 2000 & Amended ACT2008

• Criminal Prosecution for offenses like

– Tampering of Source Documents – S.65

– Hacking with Computer Systems, Data

Alteration – S.66

– Pornography& Publishing obscene Information

– S.67

– Unauthorized Access to Protected System – Sec.

70

– Breach of Confidentiality and Privacy – Sec.72

– Publishing False Digital Signature Certificates-

Sec.73

– Apply to the offence or contravention

committed outside India – S. 75


Offence& Relevant Section under IT ACT 2000 & Amended ACT2008

Contraventions under the Act – S. 43

Whoever without permission of owner of the computer

• Secures Access

• Downloads, Copies or extracts any data, computer

database or any information

• Introduce or causes to be introduce any virus or

contaminant

• Disrupts or causes disruption

• Denies or causes denial of access to any person

• Provides any assistance to any person to facilitate access

• charges the services availed of by a person to the

account of another person by tampering with or

manipulating any computer, computer system, or

computer network,

shall be liable to pay damages by way of compensation not

exceeding one crore rupees to the person so affected


Cyber Crime Investigation

For the purpose of investigating the

offences detailed under the IT Act,

2000, police officers not below the

rank of Deputy Superintendent of

Police have been duly authorized

and have also been given the power

of entry, search and arrest without

warrant in public places.


Statistics – Cyber offences

• 49% are inside employees or

contractors on the internet

network

• 17% come from dial-up from

inside employees.

• 34% are from internet.

• The major financial loss is

internal hacking


Solution and Prevention

• “To catch a thief, think like a thief.”

• Security isn't necessarily difficult, it

just requires a bit of education and a lot

of vigilance.

• "In every other area of security, the

defender must know the tactics and

behaviour of the attacker before they

can effectively secure their assets,“

• "Only someone with a firm

understanding of hackers' tools and

tactics can make a real difference to a

company who are trying to stop hackers

breaking into their systems.


What is Ethical Hacking ?

• Ethical hacking – defined “methodology

adopted by ethical hackers to discover

the vulnerabilities existing in

information systems’ operating

environments.”

• In their search for a way to approach

the problem, organizations came to

realize that one of the best ways to

evaluate the intruder threat to their

interests would be to have independent

computer security professionals

attempt to break into their computer

systems.


What do Ethical Hacker do?

An Ethical Hacker’s evaluation of a system’s

security seeks answers to these basic

questions:

• what can a intruder see on the target systems?

• What can a intruder do with that information?

• Does anyone at the target notice the intruder’s

attempts or successes ?

• What are you trying to protect against?

• What are you trying to protect?

• How much time, effort and money are you willing

to expend to obtain protection?


Ethical Hacking as a career

An Ethical Hacker is one name given

to a Penetration Tester.

An ethical hacker is usually employed

by an organization who trusts him to

attempt to penetrate networks and/or

computer systems, using the same

methods as a hacker, for the purpose

of finding and fixing computer

security vulnerabilities.


How INNOBUZZ can Help you?

Certified Information Security Expert

• This course will immerse the student into an

interactive environment where they will be shown how

to scan, test, hack and secure their own systems. The

lab intensive environment gives each student in-depth

knowledge and practical experience with the current

essential security systems. Students will begin by

understanding how perimeter defenses work and then

be lead into scanning and attacking their own

networks, no real network is harmed. Students then

learn how intruders escalate privileges and what steps

can be taken to secure a system. Students will also

learn about Intrusion Detection, Policy Creation, Social

Engineering, DDoS Attacks, Buffer Overflows and Virus

Creation. When a student leaves this intensive 5 day

class they will have hands on understanding and

experience in Ethical Hacking.


Placement and Recruitments



Contact:

Mr. Diwakar Sharma

Ph: 020-32420175/ 9922924946

www.innobuzz.in