CEH TOPIC 1 Introduction To Ethical Hacking ,Ethics And Legality • Information Security • Element of Information security and attacks • what is hacking • what is ethical hacking • phase of ethical hacking • hacking and cracking • how hacking is ethical • types of hacker • ethical hacking terminology • IT ACT (cyber law in india) Information Security Information: Data of organization Information security :Information security covers the tools and processes that organizations use to protect information. ELEMENT OF INFORMATION SEC. • CONFIDENTIALITY: need to keep information secret from other third parties that want to have access to it. • INTEGRITY: preventing unauthorized and improper changes • AVALIBILITY: Availability refers to the ability to access data of a resource when it is needed. SECURITY • PHYSICAL: CAMERA,SECURITY GUARD • SYSTEM Antivirus,firewall,other security • PROCESS: log entry in pc Common cyber attack • 1. Phishing • 2. Malware • 3. Ransomware • 4. Denial of ServiceDOS& (DDoS) Attacks • 5. Compromised Credentials • 7. Mis-configuration • 8. A Lack of Encryption • 9. Web Application Attacks What Is Hacking • Any attempt to intrude into a computer or a network without authorization is called hacking. This involves changing of system or security features in a bid to accomplish a goal that differs from the intended purpose of the system. It can also refer to non-malicious activities, usually involving unusual or improvised alterations to equipment or processes. • An individual who involves themselves in hacking activities is known as a hacker, and some companies employ hackers as part of their support staff CRACKING • Whereas hacking is the process of intruding computer systems without authorization in order to gain access to them, for good or bad purposes, cracking is the same practice though with criminal intention. However, cracking is generally less harmful than hacking. • A cracker is someone who breaks into a network; • bypasses passwords or licenses in computer programs; • intentionally breaches computer security. • by gaining access to the accounts of people maliciously and misusing this information across networks. • They can steal credit card information, they can destroy important files, • disclose crucial data and information or personal details and sell them for personal gains. How Hacking Is Ethical • Ethical hacking is a process of detecting vulnerabilities in an application, system, or organization's infrastructure that an attacker can use to exploit an individual or organization. • They use this process to prevent cyber attacks and security breaches by lawfully . Types of Ethical Hacking? • Web application hacking • System hacking • Social eng. hacking • Network hacking • Web server hacking What Is Ethical Hacker Do 1 penetration testing & cyber security 2 Legally breaking into systems 3 Secure the organization 4 Defeating bad hacker Types Of Hacker • black hat hacker • White hat hacker • Gray hat hacker FIVE PHASE OF ETHICAL HACKING • Phase 1: Reconnaissance and info. Gathering PASSIVE ACTIVE • Phase 2: Scanning. • Phase 3: Gaining Access. • Phase 4: Maintaining Access. • Phase 5: Clearing Tracks. PENETRATION TESTING CONCEPT • WHAT IS PENETRATION TESTING • DIFFERENCE B/W PENETRATION TESTING, BUG BOUNTY HUNTING AND HACKING Prevention from Getting Hacked • Software Update • Camera off • Use Unique Passwords for Different Accounts • Use HTTPS Encryption website • Open extension in laptop • Avoid Clicking on Ads or Strange Links • Change the Default Username and Password on Your Router and Smart Devices • Bluetooth off • Download application from authentic Sources • Install Antivirus Software • Use a VPN • Do Not Login as an Admin by Default • Use Two-factor Authentication • Must know Anti-phishing Techniques(vt) Use mobile devices safely Considering how much we rely on our mobile devices and how susceptible they are to attack, you'll want to make sure you are protected: • Lock your device with a PIN or password - and never leave it unprotected in public. • Only install apps from trusted sources (Apple AppStore, Google Play). • Check given permission • Keep the device's operating system up-to-date. • Don't click on links or attachments from unsolicited emails or texts. • Don’t use open wi-fi. • Avoid transmitting or storing personal information on the device. like card details. • Use Apple's apple cloud or the Android google drive to help prevent loss or theft. IT ACT (cyber law in india) • Law • It act 2000 • 65b of Indian evidence act • Personal data protection bill 2019