UNIT I INTRODUCTION 6

Ethical Hacking Overview - Role of Security and Penetration

Testers .- Penetration-Testing Methodologies- Laws of the Land
- Overview of TCP/IP- The Application Layer - The Transport
Layer - The Internet Layer - IP Addressing - Network and
Computer Attacks - Malware - Protecting Against Malware
Attacks.- Intruder Attacks - Addressing Physical Security
Malware Protection Best Practices :
• 1. Strong passwords and software updates
• 2. Back up your data and your test restore procedures
• 3.Protect against malware
• 4.Educate users on malware threats
• 5.Partition your network
• 6.Deploy advanced email security
• 7.Use security analytics
• 8.Create instructions for your IT staff
• 9.Deploy a zero-trust security framework
Malware Protection Best Practices :
Here are several best practices to consider when implementing
malware protection:
• 1.Strong passwords and software updates—ensure all users
create strone, unique passwords, and regularly change
passwords. Use a password manager to make it easier for users
to use and remember secure passwords.
• 2.Back up your data and your test restore procedures—backup
is a critical practice that can help to protect against data loss. It
can help ensure that normal operations can be maintained even
if the organization is attacked by network-based ransom ware
worms or other destructive cyber attacks.
• 3.Protect against malware—you should employ a layered
approach that employs a combination of endpoint protection
tools. For example, you can combine endpoint protection with
next-generation firewalls (NGFW), and also implement an
intrusion prevention system (IPS). This combination can help
you ensure security is covered from endpoints to emails to the
DNS layer.
• 4.Educate users on malware threats—train your users on
techniques that can help them avoid social engineering
schemes, such as phishing attacks, and report suspicious
communication or system behavior to the security team.
• 5.Partition your network—you should use network
segmentation to isolate important parts of your network from
each other. This can significantly reduce the “blast radius” of
successful attacks, because attackers will be limited to a
specific network segment, and cannot move laterally to other
parts of the network.
• 6.Deploy advanced email security—the majority of
ransomware infections are spread via malicious downloads or
email attachments. You should implement a layered security
approach; one that can prevent advanced threats from reaching
your end users as well as a company-sanctioned file-sharing
solution that is scanned, and endpoint protection on user
devices.
• 7.Use security analytics—continuously monitor network traffic, and
use real-time threat intelligence feeds to add context to security
alerts. This can help you gain extended visibility into threats
affecting your network, understand their severity and how to
respond effectively.
• 8.Create instructions for your IT staff—develop an incident response
plan, which tells security staff and other stakeholders what they
should do to detect, contain, and eradicate a cyber attack.
• 9.Deploy a zero-trust security framework—in this security
approach, all access requests, whether coming from outside or inside
the network, must be verified for trustworthiness before they can
gain access to a system. The goal is to secure access by end-user
devices, users, APIs, micro services, IoT, and containers, all of
which may be compromised by attackers.
Intruder Attacks:
• An attack is defined as any attempt by an
unauthorized person to access, damage, or use
network resources or computer systems.
• 1.Denial-of-Service Attacks
• 2.Distributed Denial-of-Service Attacks
• 3.Buffer Overflow Attacks
• 4.Ping of Death Attacks
• 5.Session Hijacking
1.Denial-of-Service Attacks :
• DoS attacks occur when an attacker floods a website or
network with traffic or requests, causing it to crash or become
inaccessible to users.
• To defend against DoS attacks, IT teams can use specialized
software and hardware to detect unusual traffic patterns and
mitigate the effects of an attack.
• Regularly updating software systems and maintaining strong
access controls can also help decrease the risk of successful
DoS attacks.
2.Distributed Denial-of-Service Attacks:
• A DDoS attack involves multiple connected online devices,
collectively known as a botnet, which are used to overwhelm a
target website with fake traffic.
• DDoS Attack is a cybercrime in which the attacker floods a
server with internet traffic to prevent users from accessing
connected online services and sites.
• dos attacks are done from many different locations using many
systems.
3.Buffer Overflow Attacks
• A buffer overflow attack works when an attacker manipulates
coding errors to overwrite computing memory.
• They can then carry out malicious actions like stealing data
and compromising systems.
• Real-life examples of buffer overflow vulnerabilities

• The first key example of a widespread buffer overflow attack

is the Morris worm.
• In 1988, this worm traveled across the nascent internet to
bring down 10% of the then “internet” in just two days. Across
two years, this computer worm affected 60,000 computers.
4.Ping of Death Attacks
• To enable a Ping of Death attack, criminals use the ping
command to send oversized data packets to their target to
destabilize or crash it.
• An Internet Control Message Protocol (ICMP) echo-reply
message, also known as “ping”, is a network utility that serves
for testing a network connection.
5.Session Hijacking
• session hijacking attack is a type of cyber attack in which a
malicious hacker places himself between your computer and
the website’s server while you are active in order to steal it.
Addressing Physical Security: