Skip to main content

Models and Methodologies

Source: https://draft.blogger.com/blog/post/edit/4645394287292363993/7218885967669883525#

Today would be on the ethical methodologies used in carrying out an ethical hack/attack. In every sector, there are models, ethics and procedures from law to medicine and so is the case in cybersecurity and particularly ethical hacking. There are steps an ethical hacker needs to follow because we are ethical people backed by the law to do what we do so. The processes are a six-step industry standard process which is: 

1. Reconnaissance

Upon receiving explicit and contractual consent from the organization, the reconnaissance portion of the hacking process can begin. This involves collecting as much information as possible about the “target” using the various tools at the hacker’s disposal, including the company website, internet research, and even social engineering. These are all similar to the types of behaviours that a malicious hacker would engage in when attempting to breach an organization.

2. Environmental Scanning

During this second scanning phase, the hacker moves from passive to active information gathering by looking for ways to infiltrate the network and bypass any intrusion detection systems in place.

3. Gaining System Access

When the hacker is successful in step two, they shift to step three: attacking the network. During this phase, the hacker gains access to the target, determines where the various vulnerabilities lie, and assesses just how much damage could conceivably be dealt with now that they have access.

4. Maintaining System Access

Given that it takes an average of 228 days to identify a breach (Sobers, 2021), it is safe to assume that the average cybercriminal isn’t in and out. They stick around as long as possible once they have successfully breached a network. In this fourth stage, the hacker explores ways to maintain their access.

5. Clearing Evidence of the Breach

Just as a breaking-and-entering criminal might take the time to clear any evidence of their crime, cybercriminals are likely to do the same in a digital context. In this stage, the hacker will look for any traces of their activity and remove them.

6. Provision of a Final Report

For their final deliverable, the ethical hacker compiles all the lessons learned from their mission and reports them back to the organization, including recommendations for avoiding future security incidents.

REFERENCE

Praveen (2023) Ethical hacking: Understanding the basics, Cybersecurity Exchange. Available at: https://www.eccouncil.org/cybersecurity-exchange/ethical-hacking/ethical-hacking-understanding-basics/ (Accessed: 04 June 2023).


Comments

Post a Comment

Popular posts from this blog

ESSAY (MAIN BODY)

Hi, in this blog I would be showing you my essay's main body. The body talks more about AI in endpoint security and its functionalities/application in endpoint security. It also touches on the benefits of AI in endpoint security. 
Post a Comment
Read more

INITIAL IDEA 1 - ENDPOINT SECURITY

Source: https://www.42gears.com/wp-content/uploads/2021/04/featured.jpg What is Endpoint Security? My initial idea pertains to endpoint security, which is an essential module in my cybersecurity path. Endpoint security is a cybersecurity approach used to defend endpoints such as desktops, laptops, and mobile devices from malicious activities (Crowdstrike, n.d.). According to Crowdstrike, a top endpoint security company, protecting endpoints is crucial in cybersecurity, from small businesses to large corporations. Why Secure Your Endpoints? The Ponemon Institute conducted a study that found 68% of organizations have experienced one or more endpoint attacks that successfully compromised data and/or their IT infrastructure (Expert Insights, 2021). Endpoints provide a large attack surface, and implementing endpoint security solutions can help reduce those attack surfaces. While it's impossible to completely eliminate cyberattacks, reducing the possibilities or chances of an attack occu...
Post a Comment
Read more

INTRODUCTION POST

Source: https://dm0qx8t0i9gc9.cloudfront.net/thumbnails/video/H8WuRINimqur8ud/introduction-word-intro-word-intro_bxbepgas_thumbnail-1080_01.png  Hello, in this post I will introduce my degree, Cyber Security BSc (Hons), and the university I am studying at, DMU. I chose DMU because it was the top school among five universities that offer cybersecurity at a bachelor’s level. I also liked the diversity of DMU, which has a high percentage of international students. DMU has been great so far. The computing tutors are helpful and understanding to everyone. My degree consists of three years of study, with four modules each year. The first-year modules are Foundation of Computing and Cyber Security, Endpoint Security, Secure Coding, and Business Infrastructure and Security. The second-year modules are Secure Scripting and Business Applications, Incident Response and Cyber Threat Intelligence, Penetration Testing, and Industrial Cryptography. The third-year modules are Malware and Attacker ...
Post a Comment
Read more