The Security And Ethical Hacking Assignment Sample

The Security And Ethical Hacking

Introduction - The Security And Ethical Hacking

Want the Best Assignment Help in the UK? Look to Native Assignment Help for unparalleled expertise and support. Our dedicated team of professionals goes above and beyond to ensure you receive top-quality assignments that exceed your expectations.

In this essay work, the concern has been given on evaluating the security and ethical hacking. It was understood that ethical hackers tend to utilize the knowledge to develop and secure the technology used in the organization. They indulge in giving vital services to the organization by observing the vulnerabilities that enable further security breaches. Ethical hackers tend to report the recognized vulnerabilities to the firm. It was seen that at the time of assessing the security of the firm`s IT assets the work of the ethical hacking is to mimic the attacker. For this purpose, ethical hackers tend to look for the attack vectors in opposition to the target. The main concern was to undertake reconnaissance, acquiring as much data as possible. After this, as ethical hackers acquire significant data, they utilize it for looking for vulnerabilities that took place against the asset. They tend to undertake the work by amalgamating the automated along with the manual testing. In concern to this in order to understand the security and ethical hacking, the focus will be given on evaluating certain vital aspects associated with it with the tool they use for performing the ethical hacking.

In consideration of this, it was understood that foot printing and reconnaissance are associated with the security of and ethical hacking. It is a method utilized for acquiring the data about the computer systems and also of the entities they resemble. In order to acquire this data, the hacker tends to use different kinds of tools and technologies. The information acquired from this is vital for hackers who intend to crack the entire system (Boyanov, 2019). In general, there are two kinds of foot printing: active and passive foot printing. Active foot printing enables one to undertake foot printing by acquiring a direct connection with the target machine. The passive foot printing depicts accumulating data of the process located at a distance from the attackers. It enables the acquisition of data like the operating system of the target machine, firewall, network map, IP address, email id password, URLs, VPN, server configuration, and others. In the process, one tool used is NeoTrace. It is a powerful tool for acquiring path data. In this, it was seen that the graphical display tends to depict the connection between the person and the remote site. It incorporates the intermediate nodes and their data. NeoTrace regarded a sufficient GUI route tracer system. It not only depicts the graphical route but also depicts the data on each node like IP address, location, and contact information (Ushmani, 2018). This particular took to tend to act in the form of the entire-blown, belled and even had whittled GUI for troubleshooting commands such as traceroute, whols, pings, and others for certain primary networks. It tends to depict the graphical representation of the route from the local machine to the remote location.

Scanning network is also a vital aspect of ethical hacking as it involves a range of methods for recognizing the live posts, services, and even ports, recognizing the operating process and architecture for the target process (Wang and Yang, 2017). Even it involved identifying the vulnerabilities and threats present in the network. The process of network scanning is being utilized to form a profile of the target firm. In simple words, it is being utilized for acquiring all kinds of possible vulnerable points in the networks from which one can hack the networks. Relying on the kinds of data the scan recognizes, the network scanning can be regarded as two sorts: port scanning and vulnerability scanning. In port scanning, the focus is given to finding active ports on the considered network. The port scanner tends to send requests of clients to the range of ports on the concentrated network and after this; the details are being secured which gives back the response. The port scanning includes TCP scanning, window scanning, ACK scanning, and others. The vulnerability scanning includes finding the weakness available in the network. It enables us to recognize the vulnerabilities that are caused due to irrelevant programming. One of the tools used in network scanning is Nmap which is free and even open-source of the network scanner. In this one can scan the network with help of Nmap or by utilizing the IP address of the targeted host. But in this, the network of the firm cannot be scanned without any significant authorization of the firm (Devi and Kumar, 2020). The Nmap tools are being used by the network administrator for recognizing the device that is running on the adjustments and recognizing the host available and the kind of service it gives, recognizing open ports and security risks. It tends to run on all sorts of the major computer operating processes and even on the significant binary packers present for Windows, Mac OS X, and even for Linux. This tool is flexible, powerful, portable, and even easy to use. It enables the scanning of a wide range of networks of nearly a hundred to thousands of machines.

Enumeration tends to resemble the first phase of the process of ethical hacking depicting the accumulation of the data. This is a method in which the attackers tend to form an active relationship with the victim and tend to identify as many attack vectors as it can be that can be later utilized for exploiting the process even further (Kathrine et al. 2019). The process can be utilized for acquiring the data on the IP tables, the username of variant process, password policies range, SNMP data in case it is not secured significantly and others. Enumeration tends to rely on the services that the process provides like DNS enumeration, SMB enumeration, Linux/Windows enumeration, SNMP enumeration, and others. In relation to the process of enumeration for conducting ethical hacking NTP-Suite is a vital tool. In the NTP Suite, there is the utilization of the NTP enumeration. This is vital as in the network surrounding there can be the detection of the other primary servers that can be helpful for the hosts for updating their times. This can be done without authenticating the system. It was understood that the NTP enumeration is the kind of protocol that enables synchronizing the time across the networks, this is generally vital at the time of utilizing the directory services. It can be used in different models such as peer-to-peer, client-server. The recent version of the NTP can be stated as the ntpv4 and tends to make use of the user datagram protocol along with the port number 123. By making use of the NTP enumeration one can accumulate data like a host connected to the NTP server, OSs running on the client process.

It can be regarded that vulnerability hacking is the next level of ethical hacking that enables it to recognize the holes in the interpreted security or any kind of vulnerabilities present in the system. The vulnerability assessment can be regarded as the method of elaborating, recognizing, classifying and even prioritizing the occurred vulnerabilities in the process, network infrastructures, and even the applications (Ding et al. 2019). It can be regarded that vulnerability is the problem developed in the software code that the hacker intends to exploit to damage the records. In this, the vulnerability analysis tends to help the identification and assessment of the threat description. This enables them to form the resolution to secure it from hackers. It intends to recognize the vulnerabilities, document them, and form the guidance of resolving the vulnerabilities. This process to acquire a deep idea about the security problem and support in recognizing the risk interlinked with the overall ecosystem. In concern to this, the vulnerability scanning tools tend to enable the detection of the vulnerabilities in the application. The code analysis vulnerability tools help in interpreting the coding bugs. While the audit vulnerability tools tend to detect the significant rootkits, trojans, and others. One of such tools is Nikto2. The Nikto2 is regarded as the open-source software that is used for vulnerability scanning. It enables one to concentrate on web application security. The Nikto2 can delete nearly 6700 harmful files that tend to form problems to the web servers and specify the outdated server-reliant aspects of baked versions. Nikto2 tends to form the alert on the server configuration problem and undertake the web server scanning writing for a limited time. Nikto2 does not provide any sort of countermeasures for the developing vulnerabilities and does not give any risk assessment elements. It was seen that the nikto2 is a continuously updated tool that enables the formation of a greater range of vulnerabilities. It is regarded as the open-source web server scanner which is free to be used and enabled to undertake the scanning of the vulnerabilities against the available web servers from the various sources that incorporate harmful programs and files along with monitoring and checking the old version of the web server software. It can scan any kind of web server like Litespeed, Apache, Lighttpd, and others. It enables scanning of different kinds of ports on the server and even acquires SSL certificate scanning. 

It was understood that system hacking is the process by which hackers acquire access to one's computer on the network. System hacking is regarded as the process of compromising among the computer system and the software to acquire access to the targeted computer and misuse the sensitive data available in it (Kumar and Agarwal, 2018). In this, the attacker tends to recognize and even exploit the vulnerabilities of the computer process to acquire unauthorized access. System hacking acquires five steps like reconnaissance, scanning, acquiring access, managing the access, and covering the tracks. In relation to this one of the most effective tools in this is Netsparker that enables the recognition of vulnerabilities. After this, it is enabled to ensure that the exploitation can be undertaken safely at the time of scanning the web vulnerabilities. This proof associated with the concept is regarded as the real exploit that tends to prove the vulnerabilities for the developers. It was seen that the Netspartker was formed by the penetration tester and is generally considered to improve constantly by the security team as all the ethical hackers intend to work in the automatic web application security and support the significant activity rather than adversity and malicious activity (Hartley et al. 2017). In this step by using this tool one can also contribute strongly to the community of cyber security by addressing the vulnerabilities in the open-source web applications under the program of Netsparker.

In the present situation enhancing security and ethical hacking has become vital. It was understood that the malware is regarded as malicious software which, when intended to enter the targeted hosts, provides the attacker entire or very limited control on the set target. This depicts that it may destruct or change the functionalities of the targeting host that help the attacker to acquire any data or destroy it (Georg et al. 2018). There are different kinds of malware threats like trojans, rootkits, spyware, virus, worms, ransomware, and others. It was understood that the malware threats are regarded as different kinds of software utilized for undertaking the malicious incidents and recent threats associated with the malware that tend to cause damage of millions of dollars, data security issues, and even become a threat to the reputation. In consideration of this, it became vital for ethical hackers to use different processes by which they can recognize the overall malware threats and mitigate it. This one can make use of the LogRhythm NextGem SIEM platform. This is a tool that enables us to focus on the risk from the starting to the end in an individual unified structure. LogRhythm helps to provide the user an idea about the security incident and thus ultimately helps to manage the malicious threat fast.

It was understood that sniffing is a method that enables one to monitor and capture all sorts of data packets with the help of the networks. Sniffers are being used by system administrators for monitoring and troubleshooting network traffic. The attackers tend to make use of the sniffers for capturing the data packets that enable them to make use of the sensitive data like acquiring the password, account details, and others. Sniffers installation can be in the form of both hardware and software. On the network the placement of the sniffer in the precocious range, the malicious attacker tends to acquire and analyze all the traffic in the network. The sniffing can be of two variants. One is active sniffing in which a switch is involved. The switch is to the market network device (Florez Cardenas, and Acar, 2021). The switch tends to manage the transport of the information among its ports through actively observing the MAC address on every port that enables it to pass information only to the focused target. Passive sniffing is another form that includes the hub. The traffic transforming from the non-switched area can be depicted by all sorts of segments. It tends to work at the data link range of the network. One of the most commonly known sniffing tools is Better CAP. It is regarded as a powerful and flexible tool that can easily port and be formed to undertake different sorts of MITM attacks against the network and it intends to manipulate the HTTP, HTTPS, and others actual time. In this when one connects to a certain network, the switch is conducted for transferring all the packers to the significant designation at the time of the MITM attack (Hawamleh et al. 2020). In this attack, one can force the network to consider the device in the form of a router. As this began to take palace all the network traffic transfers through the computer and not form th legit switch and at this time one can do anything they wish from the process of sniffing for certain information to significantly intercept along with proxying all sorts of the request of the certain protocol of the overall websites that are being opened by different people, killing the connection and others. Bettercap has been responsible for providing the security researcher with all sorts of things that are required in the individual tools that generally operate on the GNU, OpenBSD, and Mac OS X.

Social engineering is a process that is being utilized by hackers for manipulating the end-users and acquiring data about the firm or even of any computer system. In the process of securing the networks, IT security professionals intend to understand social engineering. It is regarded as the talent of making people convinced to show confidential data. Social engineering and to attack in the three ways like the attack that is reliant on the human baked, mobile-based or the computer based. Social engineering has been considered a popular suspect in ethical hacking as it is an effective strategy to test the rate of vulnerability that the firm staff actually is. In consideration of the ethical process, social engineering enables one to recognize the weaknesses to significantly address the staff associated issues that are based on security (Dan and Gupta, 2019). If social engineering is being utilized in an ethical way it is understood that it enables one to recognize the weakness to significantly manage the staff-associated security issues. Another significant advancement of social engineering is that it forms a solution to exceed the global range of confidentiality, presence and even integrity of the corporate data. Social engineering tends to work and it makes use of one's own behavior against them only. Phishing emails are considered a significant tool. The recipient tends to acquire the email, seemingly from the bank. But this is regarded as a phishing email as it intends to steal the login credentials and even the data of the other person. The phishing emails are able to exploit the behavior of any specific human behavior to ensure that the scam is working or not. It is reliant on trust, urgency, and great uncertainty and doubt.

Further another vital aspect associated with ethical hacking is Denial-of-Service. It is regarded as the attack formed against computers or the network that enable it to minimize, restrict or even prevent the accessibility of the system resources along with the authorized users (Hernández et al. 2018). There is another form regarded as the distributed denial of service. In this the attack is done by a different computer to the individual system and thus forming the Denial-of-Service attack for the targeted users. There are two kinds of Denial-of-Service. One is volumetric attacks in which the overall bandwidth of the network is acquired thus the authorized clients' role not be capable of acquiring the resources. This is acquired by the flooding network drives. Another one is syn flooding in which the attacker tends to compromise the different zombies and floods the target user with variant SYN packets (Olushola, 2018). Low orbit Ion Cannon is regarded as the effective tool of the Denial-of-Service that can be used for free. The much known group of hackers has not only made use of the tool but also tend to request the suppliers of intern to indulge in the DoS attract through the IRC. The tool LOIC can be utilized by the individual user to base the DoS attack on not larger servers. The tool is very handy in use even for beginners. This tool operates in the form of the DoS attack by sending the request like HTTP, UDP, TCP and others to the server of the victim. One only needs to understand the IP address or URL of the server and the remaining work will be conducted by this tool itself.

In this work there have been accumulated different ideas about ethical hacking but there is a certain limitation. The ethical hacker may not have proper scope, even the resources issues can also develop. The malicious hackers have no boundation of time but the ethical hackers have time constraints. There are even other limitations like computing power and budget. It was seen that certain firms ask experts to neglect the test cast that can crash the server like the attacks of Denial of Service. Apart from the listed limitation it was understood in this work that presently the undertaking of ethical hacking has become vital and even different aspects associated with ethical hacking have been elaborated.

References

Journals

Boyanov, P.K., 2019. IMPLEMENTATION OF THE WEB BASED PLATFORMS FOR COLLECTING AND FOOTPRINTING IP INFORMATION OF HOSTS IN THE COMPUTER NETWORK AND SYSTEMS. Space Research and Technology Institute-BAS, Bulgaria Konstantin Preslavsky University-Faculty of Technical Sciences Association Scientific and Applied Research, 16, p.42.

?isar, P. and ?isar, S.M., 2018. Ethical hacking of wireless networks in kali linux environment. Annals of the Faculty of Engineering Hunedoara, 16(3), pp.181-186.

Cisar, P. and Pinter, R., 2019. Some ethical hacking possibilities in Kali Linux environment. Journal of Applied Technical and Educational Sciences, 9(4), pp.129-149.

Dan, A. and Gupta, S., 2019. Social engineering attack detection and data protection model (SEADDPM). In Proceedings of International Ethical Hacking Conference 2018 (pp. 15-24). Springer, Singapore.

Devi, R.S. and Kumar, M.M., 2020, June. Testing for Security Weakness of Web Applications using Ethical Hacking. In 2020 4th International Conference on Trends in Electronics and Informatics (ICOEI)(48184) (pp. 354-361). IEEE.

Ding, A.Y., De Jesus, G.L. and Janssen, M., 2019, September. Ethical hacking for boosting IoT vulnerability management: a first look into bug bounty programs and responsible disclosure. In Proceedings of the Eighth International Conference on Telecommunications and Remote Sensing (pp. 49-55).

Ding, A.Y., De Jesus, G.L. and Janssen, M., 2019, September. Ethical hacking for boosting IoT vulnerability management: a first look into bug bounty programs and responsible disclosure. In Proceedings of the Eighth International Conference on Telecommunications and Remote Sensing (pp. 49-55).

Florez Cardenas, M. and Acar, G., 2021. Ethical Hacking of a Smart Fridge: Evaluating the cybersecurity of an IoT device through gray box hacking.

Georg, T., Oliver, B. and Gregory, L., 2018. Issues of implied trust in ethical hacking. The ORBIT Journal, 2(1), pp.1-19.

Gupta, A. and Anand, A., 2017. Ethical hacking and hacking attacks. Int. J. Eng. Comput. Sci, 6(6), pp.2319-7242.

Hartley, R., Medlin, D. and Houlik, Z., 2017. Ethical hacking: Educating future cybersecurity professionals. In Proceedings of the EDSIG Conference ISSN (Vol. 2473, p. 3857).

Hawamleh, A.M.A., Alorfi, A.S.M., Al-Gasawneh, J.A. and Al-Rawashdeh, G., 2020. Cyber Security and Ethical Hacking: The Importance of Protecting User Data. Solid State Technology, 63(5), pp.7894-7899. 

Hernández, M., Baquero, L. and Gil, C., 2018. Ethical Hacking on Mobile Devices: Considerations and practical uses. International Journal of Applied Engineering Research, 13(23), pp.16637-16647.

Kathrine, G.J., Baby, R.T. and Ebenzer, V., 2019, COMPARATIVE ANALYSIS OF SUBDOMAIN ENUMERATION TOOLS AND STATIC CODE ANALYSIS.

Kumar, S. and Agarwal, D., 2018. Hacking attacks, methods, techniques and their protection measures. International Journal of Advance Research in Computer Science and Management, 4(4), pp.2253-2257.

Olushola, O.B., 2018. The legality of ethical hacking. IOSR Journal of Computer Engineering (IOSR-JCE), 20(1), pp.61-63.

Ushmani, A., 2018. Ethical Hacking. Western Governor University. Salt Lake City, Utah. Recuperado de: https://www. researchgate. net/publication/331481853.

Wang, Y. and Yang, J., 2017, March. Ethical hacking and network defense: choose your best network vulnerability scanning tool. In 2017 31st International Conference on Advanced Information Networking and Applications Workshops (WAINA) (pp. 110-113). IEEE.