Information Security Series: Part 1

 

Information Security controls : Special Tools and rules which guards our data to ensure it is not exposed publicly and protects them from black hat hackers.

Types of Security Controls

  1. Firewall: provides a barrier between trusted & untrusted network. Firewall can be classified into 2 types hardware & software. Hardware firewall can be configured into switches, routers & hubs which protects all devices connected to this components by acting as a traffic guard from the outside world. In other case software firewall works on individual device level which scans for inbound & outbound traffics.
  2. Antivirus: Detects harmful software, virus & malware.
  3. Password encryption: Useful in encrypting the password with public key, private key or both to enable seamless secure transfer and storage of passwords.
  4. 2 Factor Authentication: Adding an extra layer of protection between application and user by using unique code for authentication.

Always ensure regular updates, backup of important data and recovery options to protect from data loss & regular application updates protects from newer threats for the application.

Five Stages of System Penetration & Control

  1. Reconnaissance: The hacker attempts to gather information about the victim during this initial stage. Finding the target’s IP address range, network, DNS data, and other details may be part of it. Assume for the moment that a hacker is going to compromise a website’s contacts.
  2. Scanning: During this stage, data is scanned using tools such as vulnerability scanners, network mappers, dialers, port scanners, and sweepers. These days, hackers are most likely looking for any information that will enable them to carry out attacks, including user accounts, IP addresses, and computer names. The hacker advances to the next stage and starts testing the network for additional attack vectors now that they have some basic knowledge.
  3. Gaining Access: Using the information gathered in Reconnaissance & Scanning, the hacker creates the target network’s blueprint during this step. After completing the network’s enumeration and scanning, the hacker determines that they have a few alternatives for gaining access.
  4. Maintaining Access: After gaining access, a hacker wants to maintain it for potential future attacks and exploitation. The hacker can use the system as a base from which to conduct more attacks once they have it.
  5. Clearing Tracks: To help conceal their identity, the attacker would run the assaulting machine via at least one VPN and modify their MAC address before the attack. They will not use any scanning methods that could be considered “noisy” or launch a frontal attack.
    After gaining access and elevating privileges, the hacker tries to hide their activities. This entails deleting temporary files, server logs, sent emails, and more. Additionally, the hacker will search for any signs that the user has been alerted by the email provider or that their account may have been accessed without authorization.

There are various types of network attacks that can be performed by a hacker to disrupt the day to day activities of the business or an individual.

  1. DOS: DOS attack or a Denial of Service attack is targeted to a specific website. It involves sending so much traffic in form of packets that the it exceeds the limit of the server handling request which causes legitimate users to be locked out of the website.
  2. MITM: MITM or Man In The Middle Attack gets the attacker in between the communication channel between 2 users or between a user and a service and intercept the packets data and change of data. This data then can be changed or used by the hacker to his purpose without the target person’s knowledge.
  3. Eavesdropping: Listening of the data lines between a user or a service to pickup useful information on the go in data sent in between packets. If no harm is caused this is also called Sniffing.
  4. Ransomware: This is powerful type of malware which when gain access to the system takes over the data stored in the system and encrypts it and asks for money or some service to unlock them.
  5. Malware: Malware in general is a malicious software written to perform some sort of hidden work or harmful activity when run. They enter the system in a number of ways in addition to free downloads, selecting a dubious link, opening maliciously sourced emails, visiting websites that are malicious, failing to update the system’s antivirus software. Types include virus, worm, trojan, ransomware, botnet, spyware, adware etc. This is a vast topic on types of malwares so it requires an article on its own. Stay tuned.

Along with this we will look at few social engineering which may also lead to network and PII ( Personally Identifiable Information) compromise.

1. Phishing Attack: Phishing is named after the word “phish,” which means fish. Placing bait in order to trap fish is a widespread practice. Phishing operates in a similar way. It is an unethical method of tricking the victim or user into clicking on dangerous websites. The malicious website is created by the attacker so that the victim believes it to be legitimate and falls for it. Sending spam emails that look real in order to steal the victim’s credentials is the most popular kind of phishing.

2. Baiting: A form of social engineering known as “baiting” occurs when the offender entices the victim with alluring incentives or promises. The victim is tricked into unintentionally downloading malware into their system or disclosing private information about themselves or their company.
Online advertisements that offer free software but trick the recipient into installing malware or financial offers that persuade them to perform a “urgent” activity are common examples. Through a variety of platforms, including email, SMS, physical letters, and USB drives, baiting can occur both online and offline. The objective is to obtain direct financial gain, sensitive information, or network access.

3. Spear Phishing: This technique is employed to target a member of a particular organization. and they use social media and other publicly accessible information to target the individual. For certain restaurants, the email type that the target or specific user receives may be connected to the menu. Therefore, malware may be placed on the user’s device when they click on the link to view the restaurant’s menu that was included in the email advertisement. They will attempt to cause as much damage as they can with this.

4. Vishing: Vishing is a type of “Voice + Phishing” that is combined. The majority of the time, an automatic recording is utilized, although there have also been reports of human operators actively participating. To make the victim believe the call is coming from a trustworthy source, it employs “Caller ID Spoofing.” Additionally, it uses “Social Engineering” approaches to coerce the target into divulging private information. Identity theft is then committed using the victim’s private information. Furthermore, there are more negative effects of identity fraud than one may imagine.

5. Whaling: The Whaling assault, sometimes referred to as Whaling Phishing, is a particular kind of phishing assault that uses phony emails that look authentic to target senior executives. The goal of this type of fraud is to deceive the victim into performing a secondary action, such sending money, by using social engineering techniques.

Comments

Post a Comment

Popular posts from this blog

Python Asyncio Implementation

  We will be discussing the basics of using asyncio in python. Lets us first discuss this using an example. from time import perf_counter,sleep def function1 (): print ( "Call made to the second function....\n" ) sleep( 2 ) print ( "Second function1 execution completed...\n" ) s=perf_counter() print ( "The main function is starting...\n" ) function1() print ( "Hello World \n" ) print ( "The main function ending ...\n" ) print ( f"The total time taken is : {perf_counter()-s} " ) Now we will see the output of the program for us to see what has happened. The main function is starting... Call made to the second function .... Second function1 execution completed... Hello World The main function ending ... The total time taken is : 2.0017361999925924 Lets see the code execution one by one : The first function which is the main function is called. Then the 2nd function called function1() has been called, it st...
Read more

Information Security : Finding Documents Metadata

  Information Security : Finding Documents Metadata A vast quantity of information is embedded in document files by the tools that corporations employ to create their papers. Naturally, the contents of the file comprise a large portion of this information. However, the file also contains a significant amount of metadata, which is information about information or information that describes other information. A large portion of the formatting and presentation of the other data in the file are related to this information. In addition to this formatting information, many applications for creating and modifying files contain other metadata items that penetration testers may find helpful during our reconnaissance stage, for example we can look at below information For password-guessing and exploitation assaults, penetration testers frequently require usernames which may be embedded in the metadata.  Understanding the entire trajectory of the original file at the time of creatio...
Read more