Reply to thread

Message: <blockquote data-quote="Jolly_Roger" data-source="post: 8584665" data-attributes="member: 197784">Ethical Hacking හෙවත් White Hat Hacking ගැන ඉගෙනගන්න කැමති අයට පුංචි මගපෙන්වීමක්.<img src="http://sites.google.com/site/itworldtricks/_/rsrc/1255526963626/hackers-types/White_hat1.jpg" alt="" class="fr-fic fr-dii fr-draggable " style="" />Introduction This lesson introduces you to the world of ethical hacking. Ethical  hacking is a form of legal hacking that is done with the permission of  an organization to help increase its security. This lesson discusses  many of the business aspects of penetration (pen) testing. Information  about how to perform a pen test, what types can be performed, what are  the legal requirements, and what type of report should be delivered are  all basic items that you will need to know before you perform any type  of security testing. However, first, you need to review some security  basics. This lesson starts with a discussion of confidentiality,  integrity, and availability. Finally, the lesson finishes up with the  history of hacking and a discussion of some of the pertinent laws. NOTE Nothing learned in this class is intended to teach or encourage the use  of security tools or methodologies for illegal or unethical purposes.  Always act in a responsible manner. Make sure that you have written  permission from the proper individuals before you use any of the tools  or techniques described within. Always obtain permission before  installing any of these tools on a network. Security Fundamentals Security is about finding a balance, as all systems have limits. No one  person or company has unlimited funds to secure everything, and we  cannot always take the most secure approach. One way to secure a system  from network attack is to unplug it and make it a standalone system.  Although this system would be relatively secure from Internet-based  attackers, its usability would be substantially reduced. The opposite  approach of plugging it in directly to the Internet without any  firewall, antivirus, or security patches would make it extremely  vulnerable, yet highly accessible. So, here again, you see that the job  of security professionals is to find a balance somewhere between  security and usability. Figure 1.1 demonstrates this concept.To find this balance, you need to know what the goals of the  organization are, what security is, and how to measure the threats to  security. The next section discusses the goals of security.   Goals of Security Objective:Understand the security triangle, also known as CIA (confidentiality, integrity, and availability). There are many ways in which security can be achieved, but it’s  universally agreed that the security triad of confidentiality,  integrity, and availability (CIA) form the basic building blocks of any  good security initiative. Confidentiality addresses the secrecy and privacy of information.  Physical examples of confidentiality include locked doors, armed guards,  and fences. Logical examples of confidentiality can be seen in  passwords, encryption, and firewalls. In the logical world,  confidentiality must protect data in storage and in transit. For a  real-life example of the failure of confidentiality, look no further  than the recent news reports that have exposed how several large-scale  breaches in confidentiality were the result of corporations, such as  Time Warner and City National Bank, misplacing or losing backup tapes  with customer accounts, names, and credit information. The simple act of  encrypting thebackup tapes could have prevented or mitigated the  damage. Integrity is the second piece of the CIA security triad. Integrity  provides for the correctness of information. It allows users of  information to have confidence in its correctness. Correctness doesn’t  mean that the data is accurate, just that it hasn’t been modified in  storage or transit. Integrity can apply to paper or electronic  documents. It is much easier to verify the integrity of a paper document  than an electronic one. Integrity in electronic documents and data is  much more difficult to protect than in paper ones. Integrity must be  protected in two modes: storage and transit. Information in storage can be protected if you use access and audit  controls. Cryptography can also protect information in storage through  the use of hashing algorithms. Real-life examples of this technology can  be seen in programs such as Tripwire, MD5Sum, and Windows File  Protection (WFP). Integrity in transit can be ensured primarily by the  protocols used to transport the data. These security controls include  hashing and cryptography. Availability is the third leg of the CIA triad. Availability simply  means that when a legitimate user needs the information, it should be  available. As an example, access to a backup facility 24x7 does not help  if there are no updated backups from which to restore. Backups are one  of the ways that availability is ensured. Backups provide a copy of  critical information should files and data be destroyed or equipment  fail. Failover equipment is another way to ensure availability. Systems  such as redundant array of inexpensive disks (RAID) and subscription  services such as redundant sites (hot, cold, and warm) are two other  examples. Disaster recovery is tied closely to availability, as it’s all  about getting critical systems up and running quickly. Denial of  service (DoS) is an attack against availability. Although these attacks  might not give access to the attacker, they dodeny legitimate users the  access they require. උපුටා ගැනීමකි <img src="/styles/default/xenforo/smilies/default/D.gif"  class="smilie" loading="lazy" alt=":D" title="Big grin    :D" data-shortname=":D" /></blockquote>

Verification: Dawasata paya keeyak thibeda?

Top Bottom