Ethical Hacking And Attacking Computer Science Essay

Ethical Hacking And Attacking Computer Science Essay It is debatable, if hacking can be ethical or not, the term Hacking over time has been associated with destructive activity. These are some of the terms used in the context of hacking which provides better clarity, Hacker is somebody who enjoys learning hacking for a defensive purpose; an ethical hacker is the security professional who exercises his skills for a defensive purpose. The term Cracker refers to a person who uses his hacking skills for destructive purpose. The ethical question here is in regard to the physical activity of hacking which is sometimes hard to differentiate from cracking. The main difference being, Ethical hacker just identifies vulnerabilities and does not exploit them unlike a cracker. Ethical hacking is the process adopted by ethical hackers to discover the vulnerabilities existing in information systems operating environments. With the growth of internet, computer security has become a major concern for business. Organizations need ethical hackers who can think like a cracker to simulate a real life hacking scenario; they make use of same tools and techniques of that of crackers without damaging / compromising the sensitive information thereby maintaining the integrity and confidentiality of the organization. Ethical hacker should have excellent programming and networking skills. They evaluate the security of target and update the organization regarding the discovered vulnerabilities along with recommendations to mitigate them. Anatomy of a Hack Initially, Hacking meant having extraordinary skills to break into the system. However today there are lots of automated freeware tools available on internet making it possible for anybody having the desire to hack succeed in breaking into the system. These are the 5 phases every hacker must know. Figure 1: Anatomy of an Attack Reconnaissance Reconnaissance is the preparatory phase where an attacker gathers information about the target system prior to launching the attack. This phase might also involve network scanning either internal or external without any authorization. One of the ways for gathering information during this phase may involve Social engineering. A social engineer is a person who smooth-talks and persuades people to reveal personal / sensitive information such as passwords, security policies etc. Social engineering is one of the easiest ways to hack as it requires no technical skills and one of the hardest forms of attack to defend against as humans are the weakest link in the security chain. All security measures taken care by the organization goes in vain when the employees get social engineered. Detecting social engineering attacks are difficult, as there is no tool to detect such attempts, in most of the cases victim themselves are not aware having revealed sensitive information. Rebecca and Jessica are the common terms used, which refer to people who are easy target for social engineering attacks such as a receptionist or a support executive. Dumpster diving is another way of gathering information. It is the process of looking for discarded sensitive information in an organization thrash. It is one of the effective ways of gathering information as it may provide attackers with even more sensitive information such as username, password, ATM slip, social security number, Bank statements. It is important that an organization has appropriate policies in place to protect their assets and also provide proper guidance to employees on the same. Reconnaissance technique can be classified into active and passive reconnaissance. In passive reconnaissance, the attacker does not interact with the system directly but uses social engineering or dumpster diving as a mean to gather information. Where as in a active reconnaissance, the attacker makes use of tools for port scanning, network scanning to get the details of the application, operating system etc. Often reconnaissance phase overlaps with the scanning phase. Scanning Scanning precedes the actual attack and is one of the important phase of information gathering where in the attacker gathers information about the targets IP address , operating system , system architecture , services running in the system in order to find various ways to intrude into targets system. The strategy to launch the attack is based on the gathered information. The risk of an organization is considered high in the scanning phase as it enables access to the network. Different types of scanning are Port Scanning: Procedure for identifying the open ports and the services running on the target system. Network Scanning -Procedure for identifying IP addresses, active hosts on a network either to attack them or as a network security assessment. Vulnerability Scanning -Automates method to identify the known vulnerabilities present in the system and the network. Some of the important tools used during this phase are Nmap which is used for port scanning; it also offers a variety of advanced features such as remote OS detection. Nessus is a vulnerability scanner which detects the local flaws, uninstalled patches and weakness in network hosts. Nessus has a security vulnerability database which is updated on a daily basis. It carries out development of security checks for recent security holes. CEH scanning methodology The diagram below shows the sequence of steps followed in order to scan any network although scanning method may differ based on the objective of the attack. The Attacker starts with checking for the live systems in the network. Once he finds the live system, looks for any open port present in the system to identify the services running on it. The next phase is OS fingerprinting which is nothing but gathering operating system information about the target system. Post which the attacker scans for vulnerabilities present in the target operating system and exploit it. The attacker may also choose to probe the network by making use of proxies. Figure 2: CEH Scanning Methodology Gaining Access This is one of the most important phases for an attack as this is where the actual attack is planted. Therefore the business risk is highest in this phase. Although not a mandatory phase as an attacker need not always gain access to cause damage like in denial of service attacks. The main aim in this phase is to obtain elevated privileges such as system privilege to execute commands to access sensitive information. Maintaining Access Once the attacker gains access into the system or the network, he tries to retain his ownership on the compromised system and periodically attack it. Typically in this phase the attacker tries to install Key loggers to capture the keyboard strokes, sniffers to capture network traffic, rootkits at the kernel level to gain super user access and Trojan horse to gain repeated backdoor access, also download the password files to access the system at a later time. Once the Trojans are in place, the attacker can assume to have gained total control of the system. During this phase the attackers might even harden the system against other attackers by fixing the vulnerability which allowed them to access the system or the network. Clearing Tracks This is where the attacker tries to cover the evidence of his activities for various reasons like maintaining access or legal actions. During this phase the attacker deletes the system logs preventing the system administrator from monitoring the unusual activity, Rootkits are installed as they are effective in covering tracks and also because in some cases they disable logging. Other techniques like Steganography which is used to hide the data in a image or a file, are made used by the attacker in order to cover tracks Typical Hacking Techniques There are several ways an attacker can gain access into the system such as Operating system attacks Application Level attacks Shrink wrap code error Misconfiguration attacks Google Hacking Google Hacking is the art of creating complex search queries in order to gather information of the target system. Google is the primary tool used for Google hacking. Advanced Google operators are used to filter information. Google hacking database identifies files containing password, sensitive directories, vulnerable web pages, error messages containing sensitive information, pages containing firewall logs etc Figure 3: Google advanced search option Basics of Google Hacking Below are some of the basic ways Google is used for hacking Directory Listing Attack: Webpage often accidentally displays files and directories that exist on the web server when top level index file is missing or invalid as directory listing is not taken care of. Most of the times they do not prevent users from downloading files or accessing sensitive information without authorization. Locating directory listing in Google is very straight forward. A query of Intitle: Index.of is the universal search for directory listing Figure 4: Google hacking for Directory Listing An attacker can make use of this information to access sensitive information of the application. Information Disclosure Error messages can disclose a lot of sensitive information about the target like the operating system, network architecture, user information etc. A query of intitle: error fetched 4,070,000 results Figure 5: Google hacking for Information Disclosure Below is the error message displayed by an application. Figure 6: Error message displayed from Google hacking query The error message reveals sensitive information about the target system such as the application is built in asp.net, IIS 4.0, MYSQL database. An attacker can now launch attacks that are vulnerable to these technologies. Sensitive Information: Here are some of the Google search syntaxs to crawl for Sensitive information such as passwords filetype: xls inurl: password.xls -Looks for username and password in ms excel format. intitle: Index of master.passwd -index the master password page index of / backup- Looks for the index backup file on server) intitle: index.of passwd.bak Looks for the index backup password files. intitle: Index of pwd.db- Looks for database password files inurl: user.xls intext: password- Looks for url that save username and passwords in spread sheet files Site Digger, which explores Googles cache to look for susceptibilities ,errors, security loopholes on website and Gooscan which automates queries against Google search engine are some of the other tools used for Google hacking. Certified Ethical Hacker Certification Course (CEH) CEH is the professional certification provided by the international council E-Commerce consultants (EC-Council). Figure 6: CEH Process Apart from EC council, there are other certified hacking course taken by some well known Hackers like Ankit Fadia Certified Ethical Hacker (AFCEH) and also some other vendors like karROX Certified Ethical Hacker Course. Ethical Hacking Services As part of ethical hacking services, Penetration testing which is nothing but creating a real life hacking scenario and trying to break into the system is offered by various vendors. Different tools, technique and methodologies are used to gain entry into that application. The service offered could be either a black box testing (where only the application URL is given) or a grey box testing (where a dummy user account with least privilege is created for the pen testers).Penetration testing will be carried over by a team of dedicated ethical hackers. Some of the key benefits of penetration testing are Find security loopholes which cannot be found through functional testing. Identify business logic flaws which cannot be detected by Code Review. Real world simulation of hacking thereby revealing soft targets for possible attacks. Meet Regulatory Compliance like PCI, HIPAA, GLBA and ISO regulatory compliance. Reduction in web application development security flaws. Development of effective mitigation strategies based on your specific environment The Pen test report provides recommended remediations for the identified attack. Follows the industry standards for security such as OWASP TOP 10 and SANS 25. Commercial tools like Cenzic, Acunetix, and IBM Rational Appscan are some of the widely used tools for Pen Test. Social Engineering Testing is offered as complementary service by some vendors which tests the organizations human firewall by gaining access to an organization and its assets by tricking key personnel over communications medium such as telephone, email, chat, bulletin boards, etc. Acknowledgement Vikram 😛 Related Knowledge Briefs or References Have to check. Summary In recent times Web applications are the target of various forms of attacks. According to a Gartner report 70% of the security attacks are targeted on the web application. Competition is so high that enterprises cant ignore the risk associated with their vulnerable application. Loss incurred could vary from monetary losses to loss of credibility. In certain cases it could mean end of business. You cannot stop an attacker from hacking, the only thing you can do is make it harder to get in. Ethical hackers are the security professionals who use their hacking skills for defensive purpose. The process of ethical hacking would depend on, what is that organization is trying to protect, against whom and how much or resources the organization is ready to spend. The hacking tools are meant for research and educational purpose only and should not be used for destructive purpose. Your Name then enter a short two or three line biography, including your BU/practice and location. Was the information contained in this Knowledge Brief useful? We strive to improve our content by continuously refining it. You can discuss the document, or download the most recent version, from the details page of this Knowledge Brief. Your feedback is appreciated!

what woen could have been :: essays research papers

What Women Could Have Been? At the start of the 1900’s women’s separation was seen at every turn. In fact it was a long road of change that many females faced and many tried to persevere. It was impossible for these women to break down these walls and barriers. For if they had accomplished female change in America the roles of females would have been much more different in society today. For these women I see a future full of opportunity, had women been successful in their push to vote, their need for education, and proving their worth during the war effort. If any or all of these events happened that the women were so adamant about seeing change in, then their lives would have been drastically enhanced with changed. I feel that women’s struggle for equality in today’s society comes out of the inability to vote. Throughout Susan Ware’s novel Letter to the World, voting is seen as catapult for fairness and equality. It is said that if women had the right to vote that they would have voice and be able to involve themselves on the same playing field as men in the political arena. The fellow First Lady Eleanor Roosevelt said it best when she stated that â€Å"Women must learn to play the games as men do†Ã¢â‚¬ ¦Ã¢â‚¬ Throwing mud from the outside won’t help.† If this message had successfully been seeded in the female publics mind and taken root then a true political movement would have taken place. In retrospect this would have given women the right to form groups, change laws, and become more then just the male society’s doormat they. Education is another aspect vital for women’s growth and if it had worked it would have almost entirely changed every facet of today’s work force. If the average women would have got involved in helping make education a top priority, then education for women would have been entirely possible. If there were big groups and rallies of women behind the education reform, than there would have been a gradual acceptance for education. Instead the reform was put into the hands of very few women such as Eleanor Roosevelt, Dorothy Thompson, and Margaret Mead. These women worked hard to push for their right to education in a world of male dominance and they would have succeeded had the rest of America got on board for the fight.

Discussing psychologist perspectives and their use Essay

Cognitive- This approach is portrayed by two theorists; Jean Piaget and George Kelly. This perspective refers to age-related changes in knowledge and acts of knowing plus understanding. Research shows that this approach is the best treatment practised for almost every single disorder, another positive point to this perspective is that it’s really quick with lasting changes; it also helps people become more confident and boost people with learning difficulties self-esteem. It’s also very easy and works for a majority of people. The negatives to this perspective are that it can be seen as non-person centred, it’s not effective for lower functioning clients, and some clinicians feel that it doesn’t address other issues. This can be used in health and social care through helping individuals who misread situations, as this approach mainly helps people with learning difficulties so it can help certain individuals come to terms with some irrational thoughts they may have. Biological- This perspective is about the view of personality that focuses on the way behaviour and personality are influenced by neuro-anatomy, biochemistry, genetics or evolution. This perspective also helps people understand how and why we have a certain diseases. The positives to this approach; the more we know about the brain, the more we should be able to explain how we operate and to understand what makes us ‘tick’. Also the main strength to the biological approach is that chemotherapy, ECT and psychosurgery can be used to treat the symptoms of abnormal behaviour directly and in a very short time. The negatives to this approach are the risk of side effects- e. g. in case of chemotherapy there is the risk that patients may become psychologically and physically dependent on the drugs involved. Symptoms often recur when the treatment stops, so many patients have to be re-admitted to hospital. It also raises serious ethical issues. Other things people look upon as negative is the fact that it’s hard to determine the extent to which genetic inheritance influences behaviour. This perspective can be used in health and social care through the use of developmental norms, this means making sure that a young child is developing properly, so that their behaviour and understanding matches that if their chronological age.

Controversial Essay on Space Exploration

The Benefits of Space Exploration Since the Wright Brothers took off from the ground during the dawn of the last century, mankind’s gaze has turned towards the skies and beyond. People were no longer earth bound. The year 1969 was another great landmark, as back then man left earth and set foot on another celestial body. A few years later, two unmanned probes were launched to leave the solar system and go in search of other civilizations. All of these great leaps in space exploration have showcased the relentless pursuit of man in furthering his understanding of the universe that he lives in. There have been some people who have criticized the government for making use of billions of tax payers’ dollars in space exploration. They feel that the money could have been used for other more urgent and needy issues. But what they may not realize is that space exploration has a lot of relevance to things on earth. The study of meteorology, for instance, has received a major boost from our ability to launch satellites into orbit and monitor the earth’s atmosphere through them. We are, therefore, able to make better weather forecasts with the help of the eye in the sky. Another very relevant use of satellites is the