UNIT-2

1. Differentiate Between Black Hat ,Gray Hat and White Hat hacking.

Black Hat Hackers

> Like all hackers, black hat hackers usually have extensive knowledge about breaking into computer
networks and bypassing security protocols.

> They are also responsible for writing malware, which is a method used to gain access to these systems.

> Their primary motivation is usually for personal or financial gain, but they can also be involved in cyber
espionage, protest or perhaps are just addicted to the thrill of cybercrime

> Black hat hackers can range from amateurs getting their feet wet by spreading malware, to
experienced hackers that aim to steal data, specifically financial information, and personal information
and login credentials.

> Not only do black hat hackers seek to steal data, they also seek to modify or destroy data as well.

White Hat Hackers

> White hat hackers choose to use their powers for good rather than evil.

> Also known as “ethical hackers,” white hat hackers can sometimes be paid employees or contractors
working for companies as security specialists that attempt to find security holes via hacking.

> White hat hackers employ the same methods of hacking as black hats, with one exception- they do it
with permission from the owner of the system first, which makes the process completely legal.

> White hat hackers perform penetration testing, test in-place security systems and perform
vulnerability assessments for companies. There are even courses, training, conferences and
certifications for ethical hacking.
2) Explain internal and external penetration testing with suitable example

Internal and External Penetration Testing: External Pen-Testing

> External pen-testing is the traditional, more common approach to pen-testing.

> It addresses the ability of a remote attacker to get to the internal network.

> The goal of the pen-test is to access specific servers and crown jewels within the internal network by
exploiting externally exposed servers, clients, and people.

> Whether it’s an exploit against a vulnerable Web application or tricking a user into giving you his
password over the phone, allowing access to the VPN, the end game is getting from the outside to the
inside.

Internal Pen-Testing

> This is the approach taken to simulate an attacker on the inside.

> While the testing is in many ways like external, the major difference between internal and external
penetration testing is that with internal it is assumed the attacker already has access. Or, perhaps they
have gained access through means inside the system.

> An attack from the inside has the potential to do far greater damage compared to an outside or
external attack because some of the protection systems have already been bypassed and in many cases
the person on the inside has knowledge about the network itself.

> This means they understand where it is located and know what to do right from the start.

> This provides them with a strong advantage over an external threat.

> The results of the pen-testing, both internal and external will paint an accurate picture of the security
of your computer system.

> The report will provide insight on what can be done to change obvious weaknesses and what steps to
take which will help ensure proper security is performed in the future.

> While no computer system can be made invulnerable, the chances of successful penetration from
either external or internal threats can be reduced considerably with the proper pen-testing.
3)Describe threat modelling.

Threat Modeling

> Threat modeling is a process by which potential threats, such as structural vulnerabilities can be
identified, enumerated, and prioritized – all from a hypothetical attacker’s point of view.

> The purpose of threat modeling is to provide defenders with a systematic analysis of the probable
attacker’s profile, the most likely attack vectors, and the assets most desired by an attacker.

> Threat modeling answers questions like  “Where are the high-value assets?”  “Where am I most
vulnerable to attack?”,  “What are the most relevant threats?”  “Is there an attack vector that might
go unnoticed?”.

> Conceptually, most people incorporate some form of threat modeling in their daily life and don’t even
realize it.

> Commuters use threat modeling to consider what might go wrong during the morning drive to work
and to take preemptive action to avoid possible accidents.

> Children engage in threat modeling when determining the best path toward an intended goal while
avoiding the playground bully.

> In a more formal sense, threat modeling has been used to prioritize military defensive preparations
since antiquity.
4)Write a short note on security testing plan.

Setup security testing plan:

> Security Testing is defined as a type of Software Testing that ensures software systems and
applications are free from any vulnerabilities, threats, risks that may cause a big loss.

> Security testing of any system is about finding all possible loopholes and weaknesses of the system
which might result into a loss of information, revenue, repute at the hands of the employees or
outsiders of the Organization.

> The goal of security testing is to identify the threats in the system and measure its potential
vulnerabilities, so the system does not stop functioning or is exploited.

> It also helps in detecting all possible security risks in the system and help developers in fixing these
problems through coding.

> There are seven main types of security testing as per Open Source Security Testing methodology
manual.

They are explained as follows:

I) Vulnerability scanning

> This is done through automated software to scan a system against known vulnerability signatures. –
the automated detection of the system vulnerabilities.

> The special programs check computer systems or applications to detect the weak points.

> The drawback of vulnerability scanning is that it can accidentally end in a computer crash if a system
defines this scanning as an invasive one.

II) Security Scanning:

> It involves identifying network and system weaknesses, and later provides solutions for reducing
these risks.

> This scanning can be performed for both Manual and Automated scanning. – the definition of the
weak points in the security of network and system.

>It is aimed to assess the general security level of the system.

> Such programs simplify the automated analysis of a program/website/application.

III) Penetration testing:

> This testing involves analysis of a particular system to check for potential vulnerabilities to an external
hacking attempt. – the imitation of malicious outside attacks.

> It is conducted to determine the system security.

> This type of testing consists of the following phases: inspection, scanning, getting access, controlling
access, embracing tracks.

IV) Risk Assessment:

> This testing involves analysis of security risks observed in the organization. Risks are classified as Low,
Medium and High.

> This testing recommends controls and measures to reduce the risk. – the process of reviewing and
analyzing the potential risks that later will be prioritized and the possible way of their preventing will be
created.

> The components that carry the highest risks must take extensive testing.

> The successful risk assessment testing depends on the formalization of the process.

V) Security Auditing:

> This is an internal inspection of Applications and Operating systems for security flaws.

> An audit can also be done via line by line inspection of code – the procedure of defining the security
flaws.

> In some cases, one code line can be checked separately.

> It is one of the main types of security verification.

> Security auditing analyzes security of the system’s configuration and working conditions.

VI) Ethical hacking:

> It's hacking an Organization Software systems.

> Unlike malicious hackers, who steal for their own gains, the intent is to expose security flaws in the
system – the attempts of the classified specialist to penetrate the system in the same way as the
malicious hackers may do that.

> An ethical or a white hat hacker is the security professional who uses his skills in a legitimate manner
to reveal the system/program defects.
VII) Posture Assessment:

> This combines Security scanning, Ethical Hacking and Risk Assessments to show an overall security
posture of an organization – the combination of three checks to get the full picture of the system or
organization security.

> These checks are the risk assessment, ethical hacking, and security scanning.

5)What is NDA? What is roll of it in organizational security planning?

Non-disclosure agreement (NDA):-

> A non-disclosure agreement (NDA), also known as a confidentiality agreement, is a legally binding
contract in which one party agrees to give a second party confidential information about its business or
products and the second party agrees not to share this information with anyone else for a specified
period of time.

> NDAs are used to protect sensitive information and intellectual property (IP) by outlining in detail
what information must remain private and what information can be shared or released to the public.

> NDAs are typically signed at the beginning of a business relationship.

> The information covered by a NDA can be unlimited, ranging from test results to system specifications
to customer lists and sales figures.

> If the NDA is broken and information is leaked, it is considered a breach of contract.

> Key elements of a NDA include:  Identification of the participants  Definition of what is considered
to be confidential  Duration of the confidentiality commitment  Exclusions from confidential
protection

> NDAs are commonly used at technology companies when products are jointly developed.

> In such a case, the NDA is often mutual or two-way.

> An NDA can also be useful when a company seeks venture capital from potential backers.

> In this scenario, the NDA ensures that investors can access the information they need to make a
financial decision, but not exploit it.

> In addition to an NDA, potential investors may be asked to sign a non-compete agreement (NCA)
which prevents the investor from using information acquired during negotiation to gain a competitive
advantage.
> Such considerations are especially important when patents have been applied for but have not yet
been issued.

6)Write a short note on Manual Penetration testing

Manual Penetration Testing:

> Manual penetration testing is the testing that is done by human beings.

> In such type of testing, vulnerability and risk of a machine is tested by an expert engineer.

> Generally, testing engineers perform the following methods

− I) Data Collection –

> Data collection plays a key role for testing.

> One can either collect data manually or can use tool services (such as webpage source code analysis
technique, etc.) freely available online.

> These tools help to collect information like table names, DB versions, database, software, hardware,
or even about different third party plugins, etc

II) Vulnerability Assessment – > Once the data is collected, it helps the testers to identify the security
weakness and take preventive steps accordingly

III) Actual Exploit – > This is a typical method that an expert tester uses to launch an attack on a target
system and likewise, reduces the risk of attack.

IV) Report Preparation – > Once the penetration is done, the tester prepares a final report that
describes everything about the system.

> Finally the report is analyzed to take corrective steps to protect the target system. Types of Manual
Penetration Testing

> Manual penetration testing is normally categorized in two following ways –

I) Focused Manual Penetration Testing – > It is a much focused method that tests specific vulnerabilities
and risks.

> Automated penetration testing cannot perform this testing; it is done only by human experts who
examine specific application vulnerabilities within the given domains.

II) Comprehensive Manual Penetration Testing –

> However, the function of this testing is more situational, such as investigating whether multiple lower-
risk faults can bring more vulnerable attack scenario, etc