Cryptography

Definition - What does Cryptographymean?

Cryptography involves creating written or generated codes that allow information to be kept secret. Cryptography converts data into a format that is unreadable for an unauthorized user, allowing it to be transmitted without unauthorized entities decoding it back into a readable format, thus compromising the data.

Information security uses cryptography on several levels. The information cannot be read without a key to decrypt it. The information maintains its integrity during transit and while being stored. Cryptography also aids in nonrepudiation. This means that the sender and the delivery of a message can be verified.

Cryptography is also known as cryptology.

Free Webinar - Getting Control of Your BYOD Program with UEM

Techopedia explains Cryptography

Cryptography also allows senders and receivers to authenticate each other through the use of key pairs. There are various types of algorithms for encryption, some common algorithms include:

• Secret Key Cryptography (SKC): Here only one key is used for both encryption and decryption. This type of encryption is also referred to as symmetric encryption.
• Public Key Cryptography (PKC): Here two keys are used. This type of encryption is also called asymmetric encryption. One key is the public key that anyone can access. The other key is the private key, and only the owner can access it. The sender encrypts the information using the receiver’s public key. The receiver decrypts the message using his/her private key. For nonrepudiation, the sender encrypts plain text using a private key, while the receiver uses the sender’s public key to decrypt it. Thus, the receiver knows who sent it.
• Hash Functions: These are different from SKC and PKC. They use no key and are also called one-way encryption. Hash functions are mainly used to ensure that a file has remained unchanged.

What is Hacking? Introduction & Types

What is Hacking?

Hacking is identifying weakness in computer systems or networks to exploit its weaknesses to gain access. Example of Hacking: Using password cracking algorithm to gain access to a system

Computers have become mandatory to run a successful businesses. It is not enough to have isolated computers systems; they need to be networked to facilitate communication with external businesses. This exposes them to the outside world and hacking. Hacking means using computers to commit fraudulent acts such as fraud, privacy invasion, stealing corporate/personal data, etc. Cyber crimes cost many organizations millions of dollars every year. Businesses need to protect themselves against such attacks.

Who is a Hacker? Types of Hackers

A Hacker is a person who finds and exploits the weakness in computer systems and/or networks to gain access. Hackers are usually skilled computer programmers with knowledge of computer security.

Hackers are classified according to the intent of their actions. The following list classifies hackers according to their intent.

Symbol	Description
	Ethical Hacker (White hat): A hacker who gains access to systems with a view to fix the identified weaknesses. They may also perform penetrationTesting and vulnerability assessments.
	Cracker (Black hat): A hacker who gains unauthorized access to computer systems for personal gain. The intent is usually to steal corporate data, violate privacy rights, transfer funds from bank accounts etc.
	Grey hat: A hacker who is in between ethical and black hat hackers. He/she breaks into computer systems without authority with a view to identify weaknesses and reveal them to the system owner.
	Script kiddies: A non-skilled person who gains access to computer systems using already made tools.
	Hacktivist: A hacker who use hacking to send social, religious, and political, etc. messages. This is usually done by hijacking websites and leaving the message on the hijacked website.
	Phreaker: A hacker who identifies and exploits weaknesses in telephones instead of computers.

What is Cybercrime?

Cyber crime is the use of computers and networks to perform illegal activities such as spreading computer viruses, online bullying, performing unauthorized electronic fund transfers, etc. Most cybercrimes are committed through the internet. Some cybercrimes can also be carried out using Mobile phones via SMS and online chatting applications.

Type of Cybercrime

• The following list presents the common types of cybercrimes:
• Computer Fraud: Intentional deception for personal gain via the use of computer systems.
• Privacy violation: Exposing personal information such as email addresses, phone number, account details, etc. on social media, websites, etc.
• Identity Theft: Stealing personal information from somebody and impersonating that person.
• Sharing copyrighted files/information: This involves distributing copyright protected files such as eBooks and computer programs etc.
• Electronic funds transfer: This involves gaining an un-authorized access to bank computer networks and making illegal fund transfers.
• Electronic money laundering: This involves the use of the computer to launder money.
• ATM Fraud: This involves intercepting ATM card details such as account number and PIN numbers. These details are then used to withdraw funds from the intercepted accounts.
• Denial of Service Attacks: This involves the use of computers in multiple locations to attack servers with a view of shutting them down.
• Spam: Sending unauthorized emails. These emails usually contain advertisements.
  
  

What is Ethical Hacking?

Ethical Hacking is identifying weakness in computer systems and/or computer networks and coming with countermeasures that protect the weaknesses. Ethical hackers must abide by the following rules.

• Get written permission from the owner of the computer system and/or computer network before hacking.
• Protect the privacy of the organization been hacked.
• Transparently report all the identified weaknesses in the computer system to the organization.
• Inform hardware and software vendors of the identified weaknesses.

Why Ethical Hacking?

• Information is one of the most valuable assets of an organization. Keeping information secure can protect an organization’s image and save an organization a lot of money.
• Hacking can lead to loss of business for organizations that deal in finance such as PayPal. Ethical hacking puts them a step ahead of the cyber criminals who would otherwise lead to loss of business.

Legality of Ethical Hacking

Ethical Hacking is legal if the hacker abides by the rules stipulated in the above section on the definition of ethical hacking. The International Council of E-Commerce Consultants (EC-Council) provides a certification program that tests individual’s skills. Those who pass the examination are awarded with certificates. The certificates are supposed to be renewed after some time.

                                               Mohd Anas

About the Online Penetration Testing and Ethical Hacking Training

If you are considering working in the cyber security industry, then this training will benefit you greatly. With Cybrary’s free online Penetration Testing and Ethical Hacking course, you will learn how to protect users from cyber attackers by becoming an ethical hacker and learning to exploit networks yourself.

As the internet continues to advance, cybercrimes do as well. Criminals no longer need to leave their homes to commit crimes, they can do so easily with a few clicks of a mouse and an internet connection. While current technology has given us access to huge amounts of information on the web and mobile devices and simplified tasks like shopping, paying bills, and banking services, it has also given rise to the need for ethical hackers to battle cyber criminals. There is no better time than now to begin a career in the cyber security industry.

Ethical hackers are able to help private businesses, public organizations, and government agencies infiltrate their secure systems to identify flaws and weaknesses within those systems. They determine which system areas are safe and which need additional security to help prevent attackers from penetrating vulnerable networks. In the Penetration Testing and Ethical Hacking training, you will master objectives including Intrusion Detection, Policy Creation, Social Engineering, DDoS Attacks, Buffer Overflows and Virus Creation. Upon completion of this online training, students will have all the tools required for the development and application of an effective vulnerability prevention strategy to prevent the attackers from entering key systems.

What is Ethical Hacking and Penetration Testing?

Ethical hacking involves penetration testing in that the networking expert methodically attempts to penetrate a network or computer system as a service to the owner of the system to find security vulnerabilities that a malevolent hacker may be able to exploit.

While ethical hackers often use the same techniques and methods to test and penetrate systems as their criminal counterparts, they do so to document vulnerabilities and provide system owners with advice on how to fix them, rather than taking advantage of the weaknesses.

Learning ethical hacking allows “white hat” hackers to evaluate the security of a system or network’s infrastructure. It involves identifying and attempting to exploit any weaknesses to conclude if the potential for unauthorized access or other malicious or criminal activities exists. Weaknesses are often found in improper or poor system configuration, unknown and known software or hardware flaws, and operational process weaknesses or technical countermeasures.

By learning to hack ethically, security professionals in the industry are able to identify and overcome these vulnerabilities and provide system owners with solutions, security, and peace of mind.

What Jobs Are Available for Ethical Hackers?

The cyber security job market is thriving, and it isn’t expected to slow down anytime soon. Expectations predict a growth from $75 billion in 2015 to a whopping $170 billion by the year 2020. Obtaining work in this industry can mean a great income, job security, and advancement potential. In 2017, nearly a quarter of a million jobs in the cyber security industry in the U.S. are unfilled and the growth of job postings in this area is up almost 75% over the last several years. There are many business opportunities, including management positions, available for professional hackers in today’s workforce.

Some common job titles for professional hacking experts include: security consultant, ethical hacker, penetration tester, information security analyst, cyber security analyst, security engineer, security analyst, data security engineer, information security manager, computer forensics analyst, site administrator, network security specialist, and IT auditor. In addition to careers in the corporate sector, there is ample opportunity for lucrative cyber security positions in top government agencies as well. The National Security Agency (NSA), Department of Defense (DoD) and the Committee on National Security Systems (CNSS) are all federal agencies who use ethical hacking to maintain privacy and prevent unauthorized access to sensitive government information.

How Do I Obtain Certification?

Once you complete the Penetration Testing and Ethical Hacking training (and any other applicable courses), you may consider moving ahead and obtaining a certification. The first step toward certification may be some advanced study on penetration testing and ethical hacking strategies, depending on your experience, skills level, and overall knowledge. You can obtain resources to help you prepare for certification. When you are ready, you may opt to take the exam for the Certified Ethical Hacker (CEH) certificate, by the EC-Council, which is the most sought-after and recognizable certification available in this field.

While not all ethical hacking positions require that you have certifications, it is a valuable credential to present to new or potential employers, as it shows that you have a fundamental knowledge of how to protect their systems using ethical hacking and penetration testing as the cornerstone of your methodology. The CEH certification involves an exam with 125 questions that you have four hours to complete, and terms require that you have passing score of at least 70% to receive your certificate. You can contact the EC-Council for more information.

No longer will money have dominion over our ability to learn. Penetration testing and ethical hacking are skill sets as in-demand as anything else in the Cyber Security industry. Previous to Cybrary, this type of training was very expensive, and now it is free. Anyone who wants to become a penetration tester, ethical hacker (CEH), now has the opportunity to learn and do so, at no cost. To best prepare for the exam, check out our free CEH study guide, practice exam, and virtual lab.

     

                                                               Mohd. Anas