General Aware Ness On Cyber Security & Ethical

General Aware ness on Cyber security &
Ethical Hacking training program

From
Diwakar Sharma
INNOBUZZ PUNE 1

Agenda
• General awareness of Cyber security
• Hacker and Hacking
• Statistics of attacks
• Computer Threats & Attacks
• Computer Measures
• Ethics & Legality
• Cyber Crime and offence
• Cyber Law IT Act 2000 & Amended Act 2008
• Cyber Crime Investigation
• What is Ethical Hacking ?
• What do a Ethical Hacker do?
• Ethical Hacking as a career.
• How INNOBUZZ can help ?
• Placement & Project Life cycle support
INNOBUZZ PUNE-Training in Ethical Hacking & Cyber Security 2

Cyber Threats & security ?


Hacker and Hacking
• Hacking: An attempt to explore the existing
vulnerability of computer/ network /web
application/ web server with and without
knowledge of user.
• Hacker - A person who modifies something to
perform in a way that was different than it was
made to do. Not just to do with computer
hacking, but in this case it is.
• Cracker - Crackers are people who break into a
computer system for an offensive purpose, for
example defacement. A cracker is still a hacker.


What does it take to differentiate
hacker& Cracker?
• Methods
– Network enumeration
• Discovering information about the intended target.
– Vulnerability analysis
• Test the system.
– Exploitation
• Exploit vulnerabilities on the system.
– Accessing Tools
• Social engineering, Virus, Trojans, Worms, Key Loggers, etc.
• Attitude
– White Hat
• Non-malicious reasons, enjoy learning (ex. testing their own security
system)
– Grey Hat
• Beyond the point of a malicious intend
– Black Hat/Cracker
• Malicious reasons, uses technology for a wrong end, linked to illegal
activity
– Script kiddie
• Non-expert, uses automated tools by other creators
– Hacktivist
• Defends ideological, religious or political means
5
INNOBUZZ PUNE-Training in Ethical Hacking & Cyber Security

Computer Threats & Attacks
• Spam
• Spoofing
• Phishing
• Viruses
• Worms
• Trojan horses
• Spyware
• Tampering
• Repudiation
• Information Disclosure
• Denial of Service
• Elevation of Privilege
• Pirated Software


Computer Measures
• Computer measures
• Security software tools
• Encryption
• Firewalls
• Network Security Protocol
• Authentication
• Intrusion detection
• Access Control
• Virtual Private Network


Ethics & Legality
• Companies and individuals hoping to protect
their systems and information, while also
avoiding inadvertent violations of the law
themselves, face the challenge of working
within this confusing and evolving legal
framework.

• Enacted on 17th May 2000- India became 12th
nation in the world to adopt cyber laws.

• IT Law covers mainly the digital information
(including information security and electronic
commerce) aspects and it has been described as
"paper laws" for a "paperless environment".


Cyber Crimes & Offences
• Hacking • Online Gaming
• Spreading of Viruses Online Gambling
& Worms • Online Frauds ( 419
• Data Theft Scams, Lottery
• Credit Card Frauds Scams)
• Cyber Terrorism • Sale of illegal articles
• Money Laundering • Tampering of Source
Documents
• Cyber Stalking
• Financial Frauds
• Defamation
• Intellectual Property
Theft
• Identity Theft
• Invasion of Privacy
• Child Pornography

Offence& Relevant Section under
IT ACT 2000 & Amended ACT2008
• Criminal Prosecution for offenses like
– Tampering of Source Documents – S.65
– Hacking with Computer Systems, Data
Alteration – S.66
– Pornography& Publishing obscene Information
– S.67
– Unauthorized Access to Protected System – Sec.
70
– Breach of Confidentiality and Privacy – Sec.72
– Publishing False Digital Signature Certificates-
Sec.73
– Apply to the offence or contravention
committed outside India – S. 75


Offence& Relevant Section under
IT ACT 2000 & Amended ACT2008
Contraventions under the Act – S. 43
Whoever without permission of owner of the computer
• Secures Access
• Downloads, Copies or extracts any data, computer
database or any information
• Introduce or causes to be introduce any virus or
contaminant
• Disrupts or causes disruption
• Denies or causes denial of access to any person
• Provides any assistance to any person to facilitate access
• charges the services availed of by a person to the
account of another person by tampering with or
manipulating any computer, computer system, or
computer network,
shall be liable to pay damages by way of compensation not
exceeding one crore rupees to the person so affected

Cyber Crime Investigation

For the purpose of investigating the
offences detailed under the IT Act,
2000, police officers not below the
rank of Deputy Superintendent of
Police have been duly authorized
and have also been given the power
of entry, search and arrest without
warrant in public places.


Statistics – Cyber offences

• 49% are inside employees or
contractors on the internet
network
• 17% come from dial-up from
inside employees.
• 34% are from internet.
• The major financial loss is
internal hacking


Solution and Prevention
• “To catch a thief, think like a thief.”
• Security isn't necessarily difficult, it
just requires a bit of education and a lot
of vigilance.
• "In every other area of security, the
defender must know the tactics and
behaviour of the attacker before they
can effectively secure their assets,“
• "Only someone with a firm
understanding of hackers' tools and
tactics can make a real difference to a
company who are trying to stop hackers
breaking into their systems.

What is Ethical Hacking ?

• Ethical hacking – defined “methodology
adopted by ethical hackers to discover
the vulnerabilities existing in
information systems’ operating
environments.”
• In their search for a way to approach
the problem, organizations came to
realize that one of the best ways to
evaluate the intruder threat to their
interests would be to have independent
computer security professionals
attempt to break into their computer
systems.

What do Ethical Hacker do?

An Ethical Hacker’s evaluation of a system’s
security seeks answers to these basic
questions:
• what can a intruder see on the target systems?
• What can a intruder do with that information?
• Does anyone at the target notice the intruder’s
attempts or successes ?
• What are you trying to protect against?
• What are you trying to protect?
• How much time, effort and money are you willing
to expend to obtain protection?


Ethical Hacking as a career

An Ethical Hacker is one name given
to a Penetration Tester.
An ethical hacker is usually employed
by an organization who trusts him to
attempt to penetrate networks and/or
computer systems, using the same
methods as a hacker, for the purpose
of finding and fixing computer
security vulnerabilities.


How INNOBUZZ can Help you?
Certified Information Security Expert
• This course will immerse the student into an
interactive environment where they will be shown how
to scan, test, hack and secure their own systems. The
lab intensive environment gives each student in-depth
knowledge and practical experience with the current
essential security systems. Students will begin by
understanding how perimeter defenses work and then
be lead into scanning and attacking their own
networks, no real network is harmed. Students then
learn how intruders escalate privileges and what steps
can be taken to secure a system. Students will also
learn about Intrusion Detection, Policy Creation, Social
Engineering, DDoS Attacks, Buffer Overflows and Virus
Creation. When a student leaves this intensive 5 day
class they will have hands on understanding and
experience in Ethical Hacking.


Placement and Recruitments


Contact:
Mr. Diwakar Sharma
Ph: 020-32420175/ 9922924946
www.innobuzz.in


General Aware Ness On Cyber Security & Ethical

Recomendados

Recomendados

Más contenido relacionado

La actualidad más candente

La actualidad más candente (20)

Similar a General Aware Ness On Cyber Security & Ethical

Similar a General Aware Ness On Cyber Security & Ethical (20)