A GUIDE FOR FINANCIAL FRAUD INVESTIGATION & PRECAUTION - SHIVANI SHARMA (i love reading books .TXT) 📗
- Author: SHIVANI SHARMA
Book online «A GUIDE FOR FINANCIAL FRAUD INVESTIGATION & PRECAUTION - SHIVANI SHARMA (i love reading books .TXT) 📗». Author SHIVANI SHARMA
The following list classifies the physical threats into three (3) main categories;
Internal: The threats include fire, unstable power supply, humidity in the rooms housing the hardware, etc. External: These threats include Lightning, floods, earthquakes, etc. Human: These threats include theft, vandalism of the infrastructure and/or hardware, disruption, accidental or intentional errors.To protect computer systems from the above mentioned physical threats, an organization must have physical security control measures.
The following list shows some of the possible measures that can be taken:
Internal: Fire threats could be prevented by the use of automatic fire detectors and extinguishers that do not use water to put out a fire. The unstable power supply can be prevented by the use of voltage controllers. An air conditioner can be used to control the humidity in the computer room. External: Lightning protection systems can be used to protect computer systems against such attacks. Lightning protection systems are not 100% perfect, but to a certain extent, they reduce the chances of Lightning causing damage. Housing computer systems in high lands are one of the possible ways of protecting systems against floods. Humans: Threats such as theft can be prevented by use of locked doors and restricted access to computer rooms.What are Non-physical threats?
A non-physical threat is a potential cause of an incident that may result in;
Loss or corruption of system data Disrupt business operations that rely on computer systems Loss of sensitive information Illegal monitoring of activities on computer systems Cyber Security Breaches OthersThe non-physical threats are also known as logical threats. The following list is the common types of non-physical threats;
Virus Trojans Worms Spyware Key loggers Adware Denial of Service Attacks Distributed Denial of Service Attacks Unauthorized access to computer systems resources such as data Phishing Other Computer Security RisksTo protect computer systems from the above-mentioned threats, an organization must have logical security measures in place. The following list shows some of the possible measures that can be taken to protect cyber security threats
To protect against viruses, Trojans, worms, etc. an organization can use anti-virus software. In additional to the anti-virus software, an organization can also have control measures on the usage of external storage devices and visiting the website that is most likely to download unauthorized programs onto the user’s computer.
Unauthorized access to computer system resources can be prevented by the use of authentication methods. The authentication methods can be, in the form of user ids and strong passwords, smart cards or biometric, etc.
Intrusion-detection/prevention systems can be used to protect against denial of service attacks.There are other measures too that can be put in place to avoid denial of service attacks.
Summary
A threat is any activity that can lead to data loss/corruption through to disruption of normal business operations. There are physical and non-physical threats Physical threats cause damage to computer systems hardware and infrastructure. Examples include theft, vandalism through to natural disasters. Non-physical threats target the software and data on the computer systems.
Skills Required to Become a Ethical Hacker
Skills allow you to achieve your desired goals within the available time and resources. As a hacker, you will need to develop skills that will help you get the job done. These skills include learning how to program, use the internet, good at solving problems, and taking advantage of existing security tools.
In this article, we will introduce you to the common programming languages and skills that you must know as a hacker.
Topics covered in this tutorial
What is a programming language? Why should you learn how to program? What languages should you learn? Other skills SummaryWhat is a programming language?
A programming language is a language that is used to develop computer programs. The programs developed can range from operating systems; data based applications through to networking solutions.
Why should you learn how to program?
Hackers are the problem solver and tool builders, learning how to program will help you implement solutions to problems. It also differentiates you from script kiddies. Writing programs as a hacker will help you to automate many tasks which would usually take lots of time to complete. Writing programs can also help you identify and exploit programming errors in applications that you will be targeting. You don’t have to reinvent the wheel all the time, and there are a number of open source programs that are readily usable. You can customize the already existing applications and add your methods to suit your needs.What languages should I learn?
The answer to this question depends on your target computer systems and platforms. Some programming languages are used to develop for only specific platforms. As an example, Visual Basic Classic (3, 4, 5, and 6.0) is used to write applications that run on Windows operating system. It would, therefore, be illogical for you to learn how to program in Visual Basic 6.0 when your target is hacking Linux based systems.
Programming languages that are useful to hackers
SR NO. COMPUTERLANGUAGES DESCRIPTION PLATFORM PURPOSE 1 HTML
Language used to write web pages. *Cross platform Web hacking
Login forms and other data entry methods on the web use HTML forms to get data. Been able to write and interpret HTML, makes it easy for you to identify and exploit weaknesses in the code. 2 JavaScript
Client side scripting language *Cross platform Web Hacking
JavaScript code is executed on the client browse. You can use it to read saved cookies and perform cross site scripting etc. 3 PHP
Server side scripting language *Cross platform Web Hacking
PHP is one of the most used web programming languages. It is used to process HTML forms and performs other custom tasks. You could write a custom application in PHP that modifies settings on a web server and makes the server vulnerable to attacks. 4 SQL
Language used to communicate with database *Cross platform Web Hacking
Using SQL injection, to by-pass web application login algorithms that are weak, delete data from the database, etc. 5 Python
Ruby
Bash
Perl
High level programming languages *Cross platform Building tools & scripts
They come in handy when you need to develop automation tools and scripts. The knowledge gained can also be used in understand and customization the already available tools. 6 C & C++
High level programming *Cross platform Writing exploits, shell codes, etc.
They come in handy when you need to write your own shell codes, exploits, root kits or understanding and expanding on existing ones. 7 Java
CSharp
Visual Basic
VBScript
Other languages
Java & CSharp are *cross platform. Visual Basic is specific to Windows Other uses
The usefulness of these languages depends on your scenario.
* Cross platform means programs developed using the particular language can be deployed on different operating systems such as Windows, Linux based, MAC etc.
Other skills
In addition to programming skills, a good hacker should also have the following skills:
Know how to use the internet and search engines effectively to gather information. Get a Linux-based operating system and the know the basics commands that every Linux user should know. Practice makes perfect, a good hacker should be hard working and positively contribute to the hacker community. He/she can contribute by developing open source programs, answering questions in hacking forums, etc.Summary
Programming skills are essential to becoming an effective hacker. Network skills are essential to becoming an effective hacker SQL skills are essential to becoming an effective hacker. Hacking tools are programs that simplify the process of identifying and exploiting weaknesses in computer systems.
Top 20 Tools for Ethical hacking in 2019What are Hacking Tools?Hacking Tools are computer programs and scripts that help you find and exploit weaknesses in computer systems, web applications, servers and networks. There is a variety of such tools available on the market. Some of them are open source while others are commercial solution.
In this list we highlight the top 20 tools for Ethical Hacking of web applications, servers and networks1) Netsparker
Netsparker is an easy to use web application security scanner that can automatically find SQL Injection, XSS and other vulnerabilities in your web applications and web services. It is available as on-premises and SAAS solution.
Features
2) Acunetix
Acunetix is a fully automated ethical hacking solution that mimics a hacker to keep one step ahead of malicious intruders. The web application security scanner accurately scans HTML5, JavaScript and Single-page applications. It can audit complex, authenticated webapps and issues compliance and management reports on a wide range of web and network vulnerabilities.
Features:
Scans for all variants of SQL Injection, XSS, and 4500+ additional vulnerabilities Detects over 1200 WordPress core, theme, and plugin vulnerabilities Fast & Scalable – crawls hundreds of thousands of pages without interruptions Integrates with popular WAFs and Issue Trackers to aid in the SDLC Available On Premises and as a Cloud solution.3) Probely
Probely continuously scans for vulnerabilities in your Web Applications. It allows its customers to manage the life cycle of vulnerabilities and provides them with some guidance on how to fix them. Probely is a security tool built having Developers in mind.
Features:
Scans for SQL Injections, XSS, OWASP TOP10 and over 5000 vulnerabilities, including 1000 WordPress and Joomla vulnerabilities Full API - All features of Probely are also available through an API Integration with your CI tools, Slack and Jira Unlimited team members PDF Reports to showcase your security Diverse scanning profiles (ranging from safe to aggressive scans) Multiple Environment Targets - Production (non-intrusive scans) and Testing (intrusive and complete scans)4) SaferVPN
SaferVPN is an indispensable tool in an Ethical hackers arsenal. You may need it to check target in different geographies, simulate nonpersonalized browsing behavior, anonymized file transfers, etc.
Features:
5) Burp Suite:
Burp Suite is a useful platform for performing Security Testing of web applications. Its various tools work seamlessly together to support the entire pen testing process. It spans from initial mapping to analysis of an application's attack surface.
Features:
It can detect over 3000 web application vulnerabilities.
Scan open-source software and custom-built applications An easy to use Login Sequence Recorder allows the automatic scanning Review vulnerability data with built-in vulnerability management. Easily provide wide variety of technical and compliance reports Detects Critical Vulnerabilities with 100% Accuracy Automated crawl and scan Advanced scanning feature for manual testers Cutting-edge scanning logicDownload link: https://portswigger.net/burp/freedownload
6) Ettercap:
Ettercap is an ethical hacking tool. It supports active and passive dissection includes features for network and host analysis.
Features:
It supports active and passive dissection of many protocols Feature of ARP poisoning to sniff on a switched LAN between two hosts Characters can be injected into a server or to a client while maintaining a live connection Ettercap is capable of sniffing an SSH connection in full duplex Allows sniffing of HTTP SSL secured data even when the connection is made using proxy Allows creation of custom plugins using Ettercap's APIDownload link: https://ettercap.github.io/ettercap/downloads.html
7) Aircrack:
Aircrack is a trustable ethical hacking tool. It cracks vulnerable wireless connections. It is powered by WEP WPA and WPA 2 encryption Keys.
Features:
More cards/drivers supported Support all types of OS and platforms New WEP attack: PTW Support
Comments (0)