What Is Information Security System

Published Date: 02 Nov 2017

Chapter 1

Introduction

The main focus of employment of employment of ethical hacking is strengthening the organization information security systems. Now most of the organization are facing ethical hackers are hack their company information and data’s. All organization they want to protect their confidential information’s form hackers. To protect their confidential information organization should have ethical hacker.

Chapter 2

What is Information Security System?

Information security is a process to protect available data’s in an organization or a person. It also refers to protecting any type of very important data’s. Such as personal laptop, email accounts etc…

Information security provide some very basic and practical step to protect data’s.

Password protection

Firewalls

Antivirus and malware protection

Legal liabilities

Training

Data encryption

Password protection

Password protection is the one of very basic step to improve information security. Some programs can hack with in a second by running a millions of possible coding. Some password can easily hack because some people are not knowledgeable in Information Technology so what they doing adding an unsecure password to their E-mail accounts or other confidential data’s.

Ex: Password Like: 123456, abcd, their name…..

So password is the very important and first step to improve information security.

Any individual or an organization they should create a secure password to protect their information. The way to create secure password is, create password mix with upper case, lower case and numbers. Avoid easily guessed combination (ex: phone numbers, birthdays, name…). Avoid writing passwords in papers and keeping it on public areas and should use different password to different account, Data owner or computer user should know create new password every month or every 90 days.

Firewalls

A firewall used to maintain information security by preventing unauthorized access to the network. In information security have several way to do this, Re-routing information through a proxy server to hide real ip adders of the computer. Limit incoming and outgoing different format of data’s thought the network. In essence, the firewall filter information passing through them, it only allows selected content in, specific websites, like file transfer protocol (FTP). Most computers operating system include a firewall program, but most of time that firewall should purchase to improve more security benefits. And if a computer installed antivirus software that computer firewall significantly increases information security. So can reduce hacker will gain access private data.

Antivirus and malware protection

The hacker gain access to secure information through malware. In includes computer viruses, worms, spyware and other programs. How it works is hacker will install some pieces of codes to computer through a web sites or other external devices and they can steal information easily form computer, record the user actions, or they can destroy the data. If they want to prevent form hackers they need to install best antivirus software to their computer. That antivirus software scans the system to check for any known malicious software. After the scan antivirus software will provide a report to the user in that report mentions what the harmful objects to delete form the computer.

Legal liabilities

Organization can maintain information security using privacy law. Employees in an organization they should handle organization secure data. In many organizations if any newly join employee or current employee they are working under an agreement. In that agreement they mentioned about Data Protection Act. After sign the agreement by both parties (Company and Employee) they cannot publish organization confidential information or any other company related data to outside. If any employee attempts to publish this information, organizations will have rights to file a case against employee. The benefit of the liability law is it can help to preserve their trademarks, internal processes.

Training

One of the dangers to computer data security is human error. The human is handling all data thought network connections they must sure all network operations are handling without making a single mistake. If they make any mistake hacker can easily hack computer data thought network. Basically what hacker does is they find a good way to enter to the network. So all organization what they should do is arrange a training program to employees or network administrator, by calling an expert in that area and keep update the security measures and latest technic to protect network information’s by hackers.

Encryption

The data encryption is a way to translate data’s or information into a secret code. Encryption is the most effective way to increase data security. If any person needs to read or decrypt encrypted data they must have a password to decrypt. And unencrypted data called plain text. There are two main type of encryption: symmetric encryption and asymmetric encryption.

Chapter 3

What is Ethical hacking

Ethical hacking is a process of hacking confidential or non-confidential data. This process also knows as penetration testing, intrusion testing, red teaming. The ethical hacking also give a professional certification to the certified ethical hacker.

How Hackers does works

The first step of hacker is get access to a computer network in order to read personal files in computer. After enter into the computer network the second step is get the root access. It basically requires finding weakness in network. Root access is hacker can access inner working of the system. Using root access hacker can create new user into the system, can copy delete or change any files. Can install "back door" to allow regular future access without going through login. Can add a "sniffer " to find user name and password, using the captured username and password can easily attack organization network and can access their files.

Type of Hackers

White hat hackers:

A this kind of hackers (White hat) if someone who has non-malicious intent and he breaks into security systems. These white hat hackers are basically computer security experts and if they want to push the boundaries of own computer security shields and ciphers or penetration testers’ particularly hired to test how the impenetrable and vulnerable a present protective setup currently is. White hat hacker’s doers penetration test and vulnerability assessment is also knows as a ethical hacker.

Black hat hackers:

These kinds of hackers known as cracker. This type of hackers that has malicious intent and they goes to braking computer security system with of technology. Ex: computer network system, phone, computer and without authorization. he may or not utilize questionable tactics such as malicious and deploying worms site to meet his end. His or her malevolent purposes can range all short of cybercrimes such as identity theft, piracy, vandalism and credit card fraud.

Grey hat hacker:

These kind of hackers (Gray hat hackers) if any who exhibits traits from both black hat and white hat. This type of hackers isn’t deep testers but they will go and surf the internet for the purpose of vulnerabilities system could exploit. Like black hat hackers and unlike pen tester, they hack websites and without any authorization form owners. They even offer to repair the vulnerable websites and they exposed in the first place for a small fee .Like white hat hackers, they will inform to the administrator about the website of the vulnerabilities they find after hacking through the website.

Chapter 4

Type of hacking

Website hacking

Email hacking

Network hacking

Password hacking

Online banking hacking

Computer hacking

Website hacking

The main purpose of website hacking is collapse the all or important information in the website and focus vulnerable loops. Mostly what hacker doing they try to attack the website database by using "SQL INJECTION" if they use it they may can access organization website database and collapse the information and collect most information about the organization this mostly happen on "e-commerce" websites. Basically in "e-commerce" website have many product information and client information in their database. Suddenly if someone hack their website what will happen is all information in the database and the website is collapsed so that website will crashed. If the organization forgot take day to day backups they may under risk. If they can ignore this risk by maintaining daily backup of the website and make a perfect information security system to their website. And even hackers can hack websites by sending "SPAM" emails.

Ex: Now in Sri Lanka hacker hacked Sri Lankan most popular Government websites like "Sri Lanka Board of Investment"

Email hacking

The main purpose of email hacking is to collect very important details in the organization. Basically many organizations they make their deals by sending and receiving mails. Even in many organizations they provide an email account to their employees so every employee has one email. So all employees are deal their information and data’s by sending emails. So hackers will hack the email and they can gather all business information and can transfer that business information to their competitor.

Network hacking

The main purpose of network hacking is access the all information and private data in the organization. Most organizations are connecting their all computers in one or more network connections. So if any hacker hacked the network connection they can simply access the company details and attack it.

Computer hacking

The main purpose of network hacking is hacker will seal information in the computer and they misuse it. And hackers can access the computer by using remote desktop connection they can access their computer by remotely.

Online banking hacking

The main purpose of online bank hacking is hackers create fake online transaction websites and collect others credit card information’s and misuse it by without knowing credit card holder.

Password hacking

The main purpose of password hacking is attack information on the computer, email, network connections, servers. Mostly many password are creating not stronger

ex: 1234, name, etc…, so all password should create stronger that should change every 90 days.

Chapter 5

Attacks

The hacking attacks is now become most critical risk and threats for webmasters and system administrators and they should have a good knowledge about hacking attacks and how to protect against it.

There are five types of hacking attacks used against networks and computer.

Trojan horse

Virus

Distributed denial of service (DDoS)

Worm

Websites

Chapter 6

Hacking tools

Hacking tools used to make more efficiency. If hackers used this tool they hack the system perfectly and little easily. Following are some hacking tool used by hackers.

NMAP (Network mapper)

NMAP is an open source tool for discover networks and security auditing. "NMAP uses for IP packets on novel way to determine what host is available in network"

Wireshark

Wierhark is a analyzer for network protocols. This allow hackers to capture and interactively analyze the traffic running on the network.

NICTO2

NICTO2 is also is a open source hacking tool. This allow to perform comprehensive test against servers for multiple items.

Jhone the riper

This is a fast password cracker tool, now this tool available for Windows, Unix, DOS, OpenVMS and BeOS. Main purpose is to detect weak Unix passwords.

 Ettercap

This is a comprehensive suite for man in the middle attacks. It features is sniffing of live connections, filter content on the fly and many more. This supports to active and passive dissection of many protocols and includes more features for host and network analytics.

Chapter 7

Employment of ethical hacking

Information security is becomes major concern these days, it’s not only happen in physical space it also take a part in cyber space. Breaking it into computer information system which one was a pastime for gooks, it now becomes fully fledged employment option also. These day increasing number of cybercrime cases on the internet like hacking email account, abusive emails ,interception and stealing sensitive data’s, password attacks etc. Hacking is an offense, this is considered ethical only and this is working under contract, this contract signed with two parties such as organization and hacker. But basically ethical hackers are little fear to come in to organization. Normally ethical hackers also known as "White hat". If some hacker hack with legal permission to strengthen system and can make them penetration proof. Ethical hackers are computer or network experts they help to find loopholes in information technology system to seek vulnerabilities.so the system can safe any malicious hacker. Ethical hacking also known as intrusion testing this is used to find loops in an information technology system.

Normally these ethical hackers are technically skilled information technology professionals, ethical hackers know how to solve problems and how to prevent from malicious hacker attacks like damaging network and server systems. Ethical hackers they know how to protect and provide right and perfect solutions to organization network. Ethical hackers are penetrate networks and try to detect vulnerabilities in security systems and they fix all them before any one take advantage of it.

An ethical hacker normally appointed by big corporate organizations to ensure safety and their privacy of the data. Computer information security is a huge issue and a job of an ethical hacker to make cyber space safe.

Ethical hacker personal attributes

The professional ethical hacker also required motivation, analytical thinking, initiative, dedication, problem solving ability, investigate nature and some advance training in ethical hacking. Integrity and trust also want in this field. Ethical hacker should have resourcefulness and adaptability to troubleshoot any snag during any software and system testing. They should also want very good software and hardware knowledge. They must have very keen knowledge in internet and must have a little understanding in computer programing and networking. If any person have above attributes they can become a certified ethical hacker, and also an ethical hacker must update their skills day to day and training.

And also an ethical hacker wants knowledge in some programming languages such as c, C, C++, Perl, Python, and Ruby. Can working with web applications, PHP, and Microsoft .NET. They must have some knowledge in assembly languages and who want to analyze disassembled binaries, good knowledge in computer operating systems (Windows, Linux, Unix etc…). They should very experience in various network systems such as routers, firewalls and switches also important in ethical hacking employment. An ethical hacker also should have basic understanding in about TCP/IP protocols such as ICMP, HTTP and SMTP in addition to technical skills.

Chapter 8

How to strength ethical hacking in an organization

These days the main problem facing by the organization is protecting their confidential information from outside ethical hackers. So this kind of problem facing organizations should use ethical hackers as employee. And they can maintain following operations.

Protecting confidential data in an organization

Protecting the information about client

Protect the hacking and malware

Protection confidential data in an organization

Organization can use SDB (Statistical databases) this use to analyze information’s from many sources. This data can be divided to sales, customer data, employee records, product details etc…. because database security require to many controls and processes. It presents big security challenges to the organizations. With the computerized databases in telecommunications and other fields. And organization should appoint a system administrator or other person to take day to day company database backups.

Protecting the information about client

Organization should protect their customer information. If we take a small organization they don’t need keep their all customer details they can keep their only big customer details. But if we take a huge organization they should keep day to day customer details. By maintain a data warehousing.

Protect the hacking and malware

We already discuss about this topic on employment of ethical hacking. So finally we can take decisions to organization must take employment of ethical hacking.

Chapter 9

Research of the project

Information technology facing many kind of security problems. One of the very important problem is Ethical hacking. So many organizations should protect their confidential information form ethical hackers. so what organization should do is create a new job space for ethical hackers. if organization creates new job for ethical hackers they protect their confidential information. Because ethical hackers know what is the weakness in organization security system and they know how to protect form outside hackers.