General Aware Ness On Cyber Security & Ethical
-
Upload
diwakar-sharma -
Category
Documents
-
view
1.092 -
download
2
description
Transcript of General Aware Ness On Cyber Security & Ethical
General Aware ness on Cyber security & Ethical Hacking training program
INNOBUZZ PUNE 1
From
Diwakar Sharma
Agenda • General awareness of Cyber security
• Hacker and Hacking
• Statistics of attacks
• Computer Threats & Attacks
• Computer Measures
• Ethics & Legality
• Cyber Crime and offence
• Cyber Law IT Act 2000 & Amended Act 2008
• Cyber Crime Investigation
• What is Ethical Hacking ?
• What do a Ethical Hacker do?
• Ethical Hacking as a career.
• How INNOBUZZ can help ?
• Placement & Project Life cycle support
INNOBUZZ PUNE-Training in Ethical Hacking & Cyber Security 2
Cyber Threats & security ?
INNOBUZZ PUNE-Training in Ethical Hacking & Cyber Security 3
Hacker and Hacking
• Hacking: An attempt to explore the existing
vulnerability of computer/ network /web
application/ web server with and without
knowledge of user.
• Hacker - A person who modifies something to
perform in a way that was different than it was
made to do. Not just to do with computer
hacking, but in this case it is.
• Cracker - Crackers are people who break into a
computer system for an offensive purpose, for
example defacement. A cracker is still a hacker.
INNOBUZZ PUNE-Training in Ethical Hacking & Cyber Security 4
What does it take to differentiate hacker& Cracker? • Methods
– Network enumeration
• Discovering information about the intended target.
– Vulnerability analysis
• Test the system.
– Exploitation
• Exploit vulnerabilities on the system.
– Accessing Tools
• Social engineering, Virus, Trojans, Worms, Key Loggers, etc.
• Attitude – White Hat
• Non-malicious reasons, enjoy learning (ex. testing their own security
system)
– Grey Hat
• Beyond the point of a malicious intend
– Black Hat/Cracker
• Malicious reasons, uses technology for a wrong end, linked to illegal
activity
– Script kiddie
• Non-expert, uses automated tools by other creators
– Hacktivist
• Defends ideological, religious or political means
INNOBUZZ PUNE-Training in Ethical Hacking & Cyber Security 5
Computer Threats & Attacks
• Spam
• Spoofing
• Phishing
• Viruses
• Worms
• Trojan horses
• Spyware
• Tampering
• Repudiation
• Information Disclosure
• Denial of Service
• Elevation of Privilege
• Pirated Software
INNOBUZZ PUNE-Training in Ethical Hacking & Cyber Security 6
Computer Measures
• Computer measures
• Security software tools
• Encryption
• Firewalls
• Network Security Protocol
• Authentication
• Intrusion detection
• Access Control
• Virtual Private Network
INNOBUZZ PUNE-Training in Ethical Hacking & Cyber Security 7
Ethics & Legality
• Companies and individuals hoping to protect
their systems and information, while also
avoiding inadvertent violations of the law
themselves, face the challenge of working
within this confusing and evolving legal
framework.
• Enacted on 17th May 2000- India became 12th
nation in the world to adopt cyber laws.
• IT Law covers mainly the digital information
(including information security and electronic
commerce) aspects and it has been described as
"paper laws" for a "paperless environment".
INNOBUZZ PUNE-Training in Ethical Hacking & Cyber Security 8
Cyber Crimes & Offences
• Hacking
• Spreading of Viruses
& Worms
• Data Theft
• Credit Card Frauds
• Cyber Terrorism
• Money Laundering
• Cyber Stalking
• Defamation
• Intellectual Property
Theft
• Identity Theft
• Invasion of Privacy
• Child Pornography
• Online Gaming
Online Gambling
• Online Frauds ( 419
Scams, Lottery
Scams)
• Sale of illegal articles
• Tampering of Source
Documents
• Financial Frauds
INNOBUZZ PUNE-Training in Ethical Hacking & Cyber Security 9
Offence& Relevant Section under IT ACT 2000 & Amended ACT2008
• Criminal Prosecution for offenses like
– Tampering of Source Documents – S.65
– Hacking with Computer Systems, Data
Alteration – S.66
– Pornography& Publishing obscene Information
– S.67
– Unauthorized Access to Protected System – Sec.
70
– Breach of Confidentiality and Privacy – Sec.72
– Publishing False Digital Signature Certificates-
Sec.73
– Apply to the offence or contravention
committed outside India – S. 75
INNOBUZZ PUNE-Training in Ethical Hacking & Cyber Security 10
Offence& Relevant Section under IT ACT 2000 & Amended ACT2008
Contraventions under the Act – S. 43
Whoever without permission of owner of the computer
• Secures Access
• Downloads, Copies or extracts any data, computer
database or any information
• Introduce or causes to be introduce any virus or
contaminant
• Disrupts or causes disruption
• Denies or causes denial of access to any person
• Provides any assistance to any person to facilitate access
• charges the services availed of by a person to the
account of another person by tampering with or
manipulating any computer, computer system, or
computer network,
shall be liable to pay damages by way of compensation not
exceeding one crore rupees to the person so affected
INNOBUZZ PUNE-Training in Ethical Hacking & Cyber Security 11
Cyber Crime Investigation
For the purpose of investigating the
offences detailed under the IT Act,
2000, police officers not below the
rank of Deputy Superintendent of
Police have been duly authorized
and have also been given the power
of entry, search and arrest without
warrant in public places.
INNOBUZZ PUNE-Training in Ethical Hacking & Cyber Security 12
Statistics – Cyber offences
• 49% are inside employees or
contractors on the internet
network
• 17% come from dial-up from
inside employees.
• 34% are from internet.
• The major financial loss is
internal hacking
INNOBUZZ PUNE-Training in Ethical Hacking & Cyber Security 13
Solution and Prevention
• “To catch a thief, think like a thief.”
• Security isn't necessarily difficult, it
just requires a bit of education and a lot
of vigilance.
• "In every other area of security, the
defender must know the tactics and
behaviour of the attacker before they
can effectively secure their assets,“
• "Only someone with a firm
understanding of hackers' tools and
tactics can make a real difference to a
company who are trying to stop hackers
breaking into their systems.
INNOBUZZ PUNE-Training in Ethical Hacking & Cyber Security 14
What is Ethical Hacking ?
• Ethical hacking – defined “methodology
adopted by ethical hackers to discover
the vulnerabilities existing in
information systems’ operating
environments.”
• In their search for a way to approach
the problem, organizations came to
realize that one of the best ways to
evaluate the intruder threat to their
interests would be to have independent
computer security professionals
attempt to break into their computer
systems.
INNOBUZZ PUNE-Training in Ethical Hacking & Cyber Security 15
What do Ethical Hacker do?
An Ethical Hacker’s evaluation of a system’s
security seeks answers to these basic
questions:
• what can a intruder see on the target systems?
• What can a intruder do with that information?
• Does anyone at the target notice the intruder’s
attempts or successes ?
• What are you trying to protect against?
• What are you trying to protect?
• How much time, effort and money are you willing
to expend to obtain protection?
INNOBUZZ PUNE-Training in Ethical Hacking & Cyber Security 16
Ethical Hacking as a career
An Ethical Hacker is one name given
to a Penetration Tester.
An ethical hacker is usually employed
by an organization who trusts him to
attempt to penetrate networks and/or
computer systems, using the same
methods as a hacker, for the purpose
of finding and fixing computer
security vulnerabilities.
INNOBUZZ PUNE-Training in Ethical Hacking & Cyber Security 17
How INNOBUZZ can Help you?
Certified Information Security Expert
• This course will immerse the student into an
interactive environment where they will be shown how
to scan, test, hack and secure their own systems. The
lab intensive environment gives each student in-depth
knowledge and practical experience with the current
essential security systems. Students will begin by
understanding how perimeter defenses work and then
be lead into scanning and attacking their own
networks, no real network is harmed. Students then
learn how intruders escalate privileges and what steps
can be taken to secure a system. Students will also
learn about Intrusion Detection, Policy Creation, Social
Engineering, DDoS Attacks, Buffer Overflows and Virus
Creation. When a student leaves this intensive 5 day
class they will have hands on understanding and
experience in Ethical Hacking.
INNOBUZZ PUNE-Training in Ethical Hacking & Cyber Security 18
Placement and Recruitments
INNOBUZZ PUNE-Training in Ethical Hacking & Cyber Security 19
INNOBUZZ PUNE-Training in Ethical Hacking & Cyber Security 20
Contact:
Mr. Diwakar Sharma
Ph: 020-32420175/ 9922924946
www.innobuzz.in