01-Induction cyber security and etical hacking

INTRODUCTION TO INFORMATION SECURITY & ETHICAL HACKING

INDEX

What is Cyber Security? Cyber Security is the art of protecting networks, devices, and data from unauthorized access or criminal use and the practice of ensuring confidentiality, integrity, and availability of information. Cyber Security refers to a set of techniques used to protect the integrity of networks, programs and data from attack, damage or unauthorized access. Introduction to Cyber Security & Ethical Hacking CONFIDENTIAL : The information in this document belongs to Boston Institute of Analytics LLC. Any unauthorized sharing of this material is prohibited and subject to legal action under breach of IP and confidentiality clauses.

CONFIDENTIAL : The information in this document belongs to Boston Institute of Analytics LLC. Any unauthorized sharing of this material is prohibited and subject to legal action under breach of IP and confidentiality clauses.

Cont … The use of cyber security can help prevent cyber attacks, data breaches, and identity theft and can aid in risk management. So when talking about Cyber Security, one might wonder, “ What are we trying to protect ourselves against? ” Well, there are three main aspects we are trying to control, name: Un- Authorised Access Un- Aauthorised Deletion Un- Authorised Modification

Core Fundamental Concepts of Security In Cyber Security, the factors to consider are endless. The three core fundamental concepts of security: Vulnerabilities, Threats and Risk.

Ethical Hacking

What is Ethical Hacking?

Phases of Ethical Hacking Reconnaissance , also known as the preparatory phase, is where the hacker gathers information about a target before launching an attack In Scanning phase , the hacker identifies a quick way to gain access to the network and look for information. The Hacker gains access to the system, applications, and network, and escalates their user privileges to control the systems connected to it. Here, the Hacker secures access to the organization’s Rootkits and Trojans and uses it to launch additional attacks on the network. Once the Hacker gains access, they cover their tracks to escape the security personnel. They do this by clearing the cache and cookies, tampering the log files, and closing all the open ports. This step is important because it clears the system information making hacking a great deal harder to track.

What is CIA Triad? The three letters in "CIA triad" stand for Confidentiality , Integrity , and Availability . The CIA triad is a common design model that forms the basis for the development of security systems. The components of the triad are considered to be the most important and fundamental components of security CIA Triad CONFIDENTIAL : The information in this document belongs to Boston Institute of Analytics LLC. Any unauthorized sharing of this material is prohibited and subject to legal action under breach of IP and confidentiality clauses.

CIA Triad Confidentiality Confidentiality is the protection of personal information. Confidentiality means keeping a client’s information between you and the client, and not telling others including co-workers, friends, family, etc. Integrity Integrity, in the context of computer systems, refers to methods of ensuring that data is real, accurate and safeguarded from unauthorized user modification. Availability Availability, in the context of a computer system, refers to the ability of a user to access information or resources in a specified location and in the correct format.

What is a Vulnerability? A vulnerability is a specific weakness or flaw within a software, hardware, or network system that can be exploited by an attacker to compromise its security. Vulnerability can further be classified as: Human Error Design Flaws Configuration Issues Third-party Components Unpatched Software Zero-day Vulnerabilities

Difference between Vulnerability and Exploit Vulnerability : A vulnerability is a weakness in a system, network or application. Exploit : A tool used to take advantage of the vulnerability. Example of Vulnerability : A common vulnerability is a SQL injection attack. This occurs when an attacker is able to inject malicious code into a database query, which allows them to access or manipulate sensitive data stored in the database. Example of Exploit : An exploit for an SQL Injection vulnerability would be a specific code or technique used to take advantage of that vulnerability. For instance, an attacker might use an SQL Injection exploit to steal usernames and passwords from a database.

What is CVE ? CVE stands for Common Vulnerability and Exposure. CVE is a standardized, unique identifier assigned to security vulnerabilities or exposures in software and hardware products. The CVE system facilitates accurate tracking and management of security issues across diverse platforms, vendors, and technologies, empowering users, vendors, and regulatory authorities to efficiently identify, catalog, prioritize, and remediate potential cybersecurity threats. Common Vulnerability Exposure (CVE) CONFIDENTIAL : The information in this document belongs to Boston Institute of Analytics LLC. Any unauthorized sharing of this material is prohibited and subject to legal action under breach of IP and confidentiality clauses.

What is CVSS ? The Common Vulnerability Scoring System (CVSS) is a free and open industry standard for assessing the severity of computer system security vulnerabilities. CVSS attempts to assign severity scores to vulnerabilities, allowing responders to prioritize responses and resources according to threat. Common Vulnerability Scoring System(CVSS) CONFIDENTIAL : The information in this document belongs to Boston Institute of Analytics LLC. Any unauthorized sharing of this material is prohibited and subject to legal action under breach of IP and confidentiality clauses.

CVSS Framework Scores are calculated based on a formula that depends on several metrics that approximate ease and impact of an exploit. Scores range from 0 to 10, with 10 being the most severe. While many utilize only the CVSS Base score for determining severity, temporal and environmental scores also exist, to factor in availability of mitigations and how widespread vulnerable systems are within an organization, respectively

Security Testing CONFIDENTIAL : The information in this document belongs to Boston Institute of Analytics LLC. Any unauthorized sharing of this material is prohibited and subject to legal action under breach of IP and confidentiality clauses.

Main Goals of Security Testing

Types of Security Testing

Security Testing Approaches Black Box Testing In black box testing, the security tester evaluates a system’s security from the outside without knowing the internal processes generating responses. White Box Testing In white box testing, the tester designs test cases and tests based on the software’s source code. Gray Box Testing Gray box testing is a hybrid of white box and black box testing – black box testing involves a test object with an unknown internal structure; white box testing requires the application’s internal structure to be fully known.

What is a network? A network is two or more computers (or other electronic devices) that are connected together, usually by cables or Wirelessly. Using a network allows you to share: Hardware, such as a printer Software, allowing multiple users to run the same programs on different computers Data, so that other people can access shared work and you can access your data from any computer on the network Introduction to Networks & Network Topology CONFIDENTIAL : The information in this document belongs to Boston Institute of Analytics LLC. Any unauthorized sharing of this material is prohibited and subject to legal action under breach of IP and confidentiality clauses.

Network Topology Topology defines the structure of the network of how all the components are interconnected to each other. There are two types of topology: physical and logical topology. Types of Network Topology Physical Topology Logical Topology Both these types can be further classified.

Types of Physical Topology Bus Topology A single communication line or cable is shared among all devices in this type of topology. If a failure is encountered in the communication line, all devices connected to it are affected and eventually stop functioning. Mesh topology One host gets connected to several other hosts, thus having a point-to-point connection. Mesh topology is utilized in large buildings with a wireless network for internet access.

Types of Physical Topology Star topology A central device, known as a hub device, is involved in a star topology. This includes Ethernet, which is family-based and uses cables to send and receive data in a local network area. Ring topology This topology involves connecting one host device to two other devices, which creates a ring or circular network layout. A failure of one host in ring topology leads to the collapse of the whole structure.

Types of Logical Topology Broadcast topology This topology allows a host to send data to all other hosts available in that network. No order or restrictions are observed among the hosts regarding sharing data. Token-passing topology This topology only allows the sharing of data to hosts through the access of an electronic token. If one host has no data to share, the electronic token is passed to the next host in the sequence.

What is a Computer network? A computer network is a set of computers sharing resources located on or provided by network nodes. Computers use common communication protocols over digital interconnections to communicate with each other. These interconnections are made up of telecommunication network technologies based on physically wired, optical, and wireless radio-frequency methods that may be arranged in a variety of network topologies. Computer Networks CONFIDENTIAL : The information in this document belongs to Boston Institute of Analytics LLC. Any unauthorized sharing of this material is prohibited and subject to legal action under breach of IP and confidentiality clauses.

Types of Computer Networks LAN (Local Area Network) A Local Area Network (LAN) is a group of connected devices that are in a limited area such as a school, office, building, or home. It is a network mostly used for sharing hardware resources such as printers, files, scanners, etc There are two types of LAN: Wired LAN– In this type of LAN, wired cables such as twisted pair or coaxial cables are used for the connection and transmission of data. Wireless LAN– In this type of LAN, devices are connected by wireless cables such as radio, and light waves.

Types of Computer Networks MAN (Metropolitan Area Network) A Metropolitan Area Network or MAN is a network connecting devices across an entire town, entire city, or any other small region. This is a network larger than LAN but smaller than the WAN.

Types of Computer Networks WAN (Wide Area Network) WAN stands for Wide Area Network is a type of computer network which can cover a large geographical area such as a continent, or a country. The size of the WAN network is larger than the LAN and MAN network.

Understanding Computer network Architecture Computer Network Architecture is defined as the physical and logical design of the software, hardware, protocols, and media of the transmission of data. Simply we can say that how computers are organized and how tasks are allocated to the computer The Architecture is further classified into two Categories Computer Network Architecture CONFIDENTIAL : The information in this document belongs to Boston Institute of Analytics LLC. Any unauthorized sharing of this material is prohibited and subject to legal action under breach of IP and confidentiality clauses.

Types of Computer Network Architecture Peer-To-Peer network Peer-To-Peer network is a network in which all the computers are linked together with equal privilege and responsibilities for processing the data. Peer-To-Peer network is useful for small environments, usually up to 10 computers. Peer-To-Peer network has no dedicated server. Special permissions are assigned to each computer for sharing the resources, but this can lead to a problem if the computer with the resource is down .

Types of Computer Network Architecture Client/Server Network Client/Server network is a network model designed for the end users called clients, to access the resources such as songs, video, etc. from a central computer known as Server. The central controller is known as a server while all other computers in the network are called clients. A server performs all the major operations such as security and network management. A server is responsible for managing all the resources such as files, directories, printer, etc. All the clients communicate with each other through a server

Career Opportunities As the threat of cyberattacks grows, so does the demand for cybersecurity experts. Cyber security is a growing industry that is still in need of skilled professionals Market Size and Growth Cyber security is a method of protecting systems, networks, and programs from digital attacks. The cyber security market size was valued at USD 153.65 billion in 2022 and is projected to grow from USD 172.32 billion in 2023 to USD 424.97 billion in 2030, exhibiting a 13.8% CAGR during the forecast. Career & Placement CONFIDENTIAL : The information in this document belongs to Boston Institute of Analytics LLC. Any unauthorized sharing of this material is prohibited and subject to legal action under breach of IP and confidentiality clauses.

Emerging Cyber Security Diving Factors Increase in Remote and Hybrid work Rising adoption of Application Security Shift to Cloud-based delivery Models Focus on Consumer Security Challenges Ransomware Evolution, Wipers and Destructive Malware Cloud Third-Party Threats & Mobile Malware Global Attacks on Business Blockchain Revolution & AI Expansion IoT Threats Keeping Abreast of Technological Advancements

Industrial Opportunities Cyber Security already has spread out in all the Major industries that include Banking & Finance Industries Healthcare Industry Entertainment Industry Business and Retail Industries With this growing pace, there comes a lot of opportunities for various kinds of jobs that include: Cyber Security Expert Mobile/Web Application Security Engineer Penetration Tester/Vulnerability Assessor Malware Analyst Cloud Security Engineer Network Security Manager/Consultant Ethical Hacker, and many more…

Placement and Income Opportunities Cybersecurity analyst - Average annual salary: ₹5,10,203 Security tester - Average annual salary: ₹7,24,297 Network security engineer - Average annual salary: ₹6,13,536 Chief information security officer (CISO) - Average annual salary: ₹19L Ethical hacker - Average annual salary: ₹51,251 In-Demand Cyber Security Skills: Cloud security Programming (especially scripting) languages Encryption Risk assessment Intrusion detection Problem-solving Analytical thinking

Questions ? CONFIDENTIAL : The information in this document belongs to Boston Institute of Analytics LLC. Any unauthorized sharing of this material is prohibited and subject to legal action under breach of IP and confidentiality clauses.

THANK YOU !!!

01-Induction cyber security and etical hacking

About This Presentation

Slide Content

Tags

Categories

Download

Quick Actions

Statistics

Related Slideshows

01-Induction cyber security and etical hacking

About This Presentation

Slide Content

Slide 1

Slide 2

Slide 3

Slide 4

Slide 5

Slide 6

Slide 7

Slide 8

Slide 9

Slide 10

Slide 11

Slide 12

Slide 13

Slide 14

Slide 15

Slide 16

Slide 17

Slide 18

Slide 19

Slide 20

Slide 21

Slide 22

Slide 23

Slide 24

Slide 25

Slide 26

Slide 27

Slide 28

Slide 29

Slide 30

Slide 31

Slide 32

Slide 33

Slide 34

Slide 35

Slide 36

Slide 37

Slide 38

Tags

Categories

Download

Quick Actions

Statistics

Related Slideshows

8-top-ai-courses-for-customer-support-representatives-in-2025.pptx

7-essential-ai-courses-for-call-center-supervisors-in-2025.pptx

25-essential-ai-courses-for-user-support-specialists-in-2025.pptx

8-essential-ai-courses-for-insurance-customer-service-representatives-in-2025.pptx

Know for Certain

PPT OPD LES 3ertt4t4tqqqe23e3e3rq2qq232.pptx