Introduction about Ethical Hacking | Ethical Hacking | Information of hacking

Introduction about ethical hacking

Information Security.
The methods and processes to protect information and information systems from unauthorized access, the disclosure of information, usage or modification. Information security ensures the confidentiality, integrity, and availability. An organization without security policies and appropriate security rules are at great risk, and the confidential information and data related to that organization are not secure in the absence of these security policies.
Our security objectives are surrounding these three basic concepts:
1- Data Breach.
2- Google Play Hack
3- The Home Depot Data Breach

1- Data Breach.
The data breach compromised the following information including:
Customer's Names
Encrypted Passwords
Email Address
Postal Address
Contact Numbers
Date of Birth
These sensitive information mush be stored in an encrypted form that uses strong encryption. Information must be encrypted, instead of being stored in plain text.

2- The Home Depot Data Breach.
Theft of information from payment cards, like credit cards is common today. The attacker gained access to third-party vendors login credentials and accesses the POS networks.

Essential Terminology.
               There are some essential terminologies for ethical hacking.
1- Hack Value.
The term Hack Value refers to a value that denotes attractiveness, interest or something that is worthy. Value describes the targets level of attraction to the hacker.
2- Zero-Day Attack.
Zero-Day Attack refers to threats and vulnerabilities that can exploit the victim before the developer identity or address and release any patch fot that vulnerability.
3- Vulnerability.
The vulnerability refers to a weak point, loophole or a cause in any system or network which can be helpful and utilized by the attackers to go through it. Any vulnerability can be an entry point for them to reach the target.
4- Daisy Chaining.
Daisy Chaining is a sequential process of several hacking or attacking attempts to gain access to network or systems, one after another, using the same info and the information obtained from the previous attempt.
5- Exploit.
Exploit is a breach of security of a system through Vulnerabilities, Zero-Day Attacks or any other hacking techniques.
6- Doxing.
The term Doxing refers to Publishing information or a set of information associated with an individual. This information is collected publicly, mostly from social media or other sources.
6- Payload.
The payload refers to the actual section of information or data in a frame as opposed to automatically generated metadata. In information security, Payload is a section or part of a malicious and exploited code that causes the potentially harmful activity and actions such as exploit, opening backdoors, and hijacking.
7- Bot.
The Bots are software that is used to control the target remotely and to execute predefined tasks. It is capable to run automated scripts over the internet. The Bots are also known as for Internet Bot or Web Robot. These Bots can be used for Social purposes such as Chatterbots, Commercial purpose or intended Malicious Purpose such as Spambots, Viruses, and Worms spreading, Botnets, DDoS attacks.

Elements of Information Security.

Confidentiality.
We want to make sure that our secret and sensitive data is secure.
Confidentiality means that only authorized persons can work with and see our infrastructure's digital resources. It also implies that unauthorized persons should not have any access to the data. The are two types of data in general: data in motion as it moves across the network and data at rest, when data is in any media storage (Such as servers, local hard drives, cloud).
Integrity.
We do not want our data to be accessible or manipulation by authorized persons. Data integrity ensures that only authorized parties can modify data.
Availability.
Availability applies to systems and data. If authorized persons cannot get the data due to general network failure or DOS attack. It may also result in lost of revenues or recording some important results.
Authenticity.
Authenticity is the process which identifies the user, or device to grant privileges, access and certain rules and policies.
Non-Repudiation.
Non-Repudiation is one of the Information Assurance (IA) pillar which guarantees the information transmission and receiving between the server and receiver via different techniques such as digital signatures and encryption.

Information Security Threats and Attack Vector.
In the information security world, an attack depends on three components that are the major blocks.
These three components are as follows.
Motive.
Method.
Vulnerability.
Attack = Motive + Method + Vulnerability