Saturday, 30 October 2021

What Are The Ethical Problems in Artificial Intelligence?

Artificial Intelligence is a new revolution in the technology industry. But nobody knows exactly how it is going to develop! Some people believe that AI needs to be controlled and monitored otherwise robots may take over the world in the future! Other people think that AI will improve the quality of life for humans and maybe make them an even more advanced species. But who knows what will actually happen until it happens!!!

Ethical Problems, Artificial Intelligence, EC-Council Prep, EC-Council Preparation, EC-Council Tutorial and Materials, EC-Council Career, EC-Council Guides, EC-Council Jobs

Currently, tech giants such as Google, Microsoft, Amazon, Facebook, IBM, etc. are all trying to develop cutting-edge AI technology. But this means that the Ethical Problems in Artificial Intelligence also need to be discussed. What are the dangers associated with developing AI? What should be their role in society? What sort of responsibilities should be given to them and what if they make mistakes? All of these questions (and more!) need to be addressed by companies before investing heavily in AI research. So now, let’s see some of these Ethical Problems that need to be dealt with in the world of Artificial Intelligence.

1. How to Remove Artificial Intelligence Bias?


It is an unfortunate fact that human beings are sometimes biased against other religions, genders, nationalities, etc. And this bias may unconsciously also enter into the Artificial Intelligence Systems that are developed by human beings. The bias may also creep into the systems because of the flawed data that is generated by human beings. For example, Amazon recently found out that their Machine Learning based recruiting algorithm was biased against women. This algorithm was based on the number of resumes submitted over the past 10 years and the candidates hired. And since most of the candidates were men, so the algorithm also favored men over women.

So the question is “How to tackle this Bias?” How to make sure that Artificial Intelligence is not racist or sexist like some humans in this world. Well, it is important that AI researchers specifically try to remove bias while developing and training the AI systems and selecting the data. There are many companies that are working towards creating unbiased AI systems such as IBM Research. IBM scientists have also created an independent bias rating system to calculate the fairness of an AI system so that the disasters given above can be avoided in the future.

2. What rights should be provided to Robots? And to what extent?


Robots are currently just machines. But what about when Artificial Intelligence becomes more advanced? There may come a time when robots not only look like human beings but may also have advanced intelligence. Then what rights should be given to robots? If robots become advanced enough emotionally, should they be given equal rights like humans or lesser rights? And what if robots kill someone. Should it be considered murder or a machine malfunction? All these are ethical questions that need to be answered as Artificial Intelligence becomes and more intelligent.

There is also the question of citizenship. Should robots be given citizenship of the country they are created in? This question was raised quite strongly in 2017 when the humanoid robot Sophia was granted citizenship in Saudi Arabia. While this was considered more of a publicity stunt than actual citizenship, it is still a question that governments may have to take seriously in the future.

3. How to make sure that Artificial Intelligence remains in Human Control?


Currently, human beings are the dominant species on Earth. And this is not because they are the fastest or the strongest species. No, human beings are dominant because of their intelligence. So the critical question is, “What happens when Artificial Intelligence becomes more intelligent than Human Beings?” This is known as “Technological singularity” or the point at which Artificial Intelligence may become more intelligent than humans and so become unstoppable. Humans could not even destroy that intelligence as it may even anticipate all our methods. This would make AI the dominant species on Earth and lead to huge changes in human existence or even human extinction.

However, is “Technological singularity” is even a possibility or just a myth? Ray Kurzweil, Google’s Director of Engineering believes it is very real and may even happen as early as 2045. However, he believes it is nothing to fear and would just lead to an expansion in the intelligence of human beings if they merge with artificial intelligence. Well, whatever the case, it is obvious that humans need to prepare for “Technological singularity” and how to deal with it. (Just in case!)

4. How to handle Human Unemployment because of Artificial Intelligence?


Ethical Problems, Artificial Intelligence, EC-Council Prep, EC-Council Preparation, EC-Council Tutorial and Materials, EC-Council Career, EC-Council Guides, EC-Council Jobs
As Artificial Intelligence becomes more and more advanced, it will obviously take over jobs that were once performed by humans. According to a report published by the McKinsey Global Institute, around 800 million jobs could be lost worldwide because of automation by 2030. But then the question arises “What about the humans that are left unemployed because of this?” Well, some people believe that many jobs will also be created because of Artificial Intelligence and that may balance the scales a bit. People could move from physical and repetitive jobs to jobs that actually require creative and strategic thinking. And people could also get more time to spend with their friends and family with less physically demanding jobs.

But this is more likely to happen to people who are already educated and fall in the richer bracket. This might increase the gap between the rich and poor even further. If robots are employed in the workforce, this means that they don’t need to be paid like human employees. So the owners of AI-driven companies will make all the profits and get richer while the humans who were replaced will get even poorer. So a new societal setup will have to be generated so that all human beings are able to earn money even in this scenario.

5. How to Handle Mistakes made by Artificial Intelligence?


Artificial Intelligence may evolve into a super-intelligence in a few years but right now it is basic! And so it makes mistakes. For example, IBM Watson partnered with Texas MD Anderson Cancer Center to detect and eventually finish cancer in patients. But this AI system failed horribly as it gave totally wrong medicine suggestions to patients. In another failure, Microsoft developed an AI chatbot that was released on Twitter. But this chatbot soon learned Nazi propaganda and racist insults from other Twitter users and it was soon destroyed. And who knows, it may make even complicated mistakes in the future. And these were relatively safe failures that were easily handled. Who knows, Artificial Intelligence may make even more complicated mistakes in the future. Then what is to be done?

The question is about relativity. Do Artificial Intelligence systems make lesser or more mistakes than humans? Do their mistakes lead to actually lose of life or just embarrassment for companies like in the above cases? And if there is a loss of life, is it more or less than when humans make mistakes? All of these questions need to be taken into account when developing AI systems for different applications so that their mistakes are bearable and not catastrophic!

Source: geeksforgeeks.org

Thursday, 28 October 2021

Is the CEH Worth It? (Costs & Alternatives Explained)

CEH, CEH Certification, CEH Practice Exam, CEH Practice Test, CEH Salary, EC-Council Certification, EC-Council Career, EC-Council Preparation, EC-Council Guides, EC-Concil Exam Preparation

Choosing a certification is a decision that must not be taken lightly. You are exchanging your and your money and want to ensure that you are making the best decision for your career development. The Certified Ethical Hacker (CEH) certification is a popular entry-level cert, but especially with the other options out there, is it worth it?

Is the CEH Worth It?

The Certified Ethical Hacker (CEH) is a popular entry-level penetration testing certification. The average salary of a Certified Ethical Hacker is $71,331. Having the CEH will help your resume get read, and will help you get your first job as a penetration tester.

While the CEH is a popular certification that looks good on your resume, we recommend that you consider your options and devote some time to really deciding whether this exam is worth your time and money.

Similar certifications to the CEH, like the OSCP, eLearnSecurity PTS, and the Pentest+ may be better for your unique situation. In this article, we lay out all the options so you can be best informed when making this decision.

What Is the Certified Ethical Hacker Certification?

The CEH is an entry-level penetration testing certification that is issued by EC Council. The CEH measures the candidate’s ability to perform reconnaissance, enumeration, gain access, maintain access (persistence), and cover their tracks.

What Is Ethical Hacking?

Ethical Hacking is the process of testing one’s own computers, network, or devices to determine if vulnerabilities exist and to develop preventive, corrective, and protective countermeasures before an actual compromise to the system takes place.

What is the Job Outlook for Ethical Hackers?

As with all jobs in cyber security, there is a lot of anticipated growth in the ethical hacking space. More and more organizations are understanding the importance of testing their systems. For this, orgs will either have internal penetration testing teams or they will hire consultants.

What Jobs Can You Get with the CEH?

The CEH certification will open you up to many lucrative job positions. Below are some of the roles you can get into with a CEH and the corresponding salaries provided by EC-Council Edusum.com.

◉ Information security analyst: $70,721

◉ Penetration tester: $80,334

◉ Information security manager: $108,352

◉ Security engineer: $88,062

◉ Cyber security analyst: $74,360

◉ Information security engineer: $91,075

What Are the Prerequisites for the CEH?

To attempt the CEH you have two options, you can either take the official training path provided by EC council, or you can attempt the self-taught method. Each of these approaches has its own benefits and downsides.

EC Council Approved Training

The EC Council approved training costs around $850 and will provide you everything you need to know to prep for the exam. This approach is pricey, but you can go into the exam confidently knowing that you have covered all of the exam material.

CEH Self Study Approach

You can also take the CEH exam without taking the EC Council approved training, but this approach has some requirements you must first meet.

◉ You must have two or more years of documented information security experience

◉ Pay a non-refundable $100 application fee.

◉ Submit the EC-Council Eligibility Form

◉ Purchase the CEH exam voucher and your study materials

How Much Does It Cost to Get CEH Certified?

The total cost that you will have to pay to obtain the CEH certification varies whether you are taking the EC-Council certified training or taking the self-taught route.

EC-Council Training Approach: For this approach, the total cost will be around $2049 depending on the specific training you take. This cost breaks down into the cost of the exam voucher ($1,199) and the training ($850)

Self-Study Costs: The Self Study approach will cost around a total of $1499. This cost breaks down into the cost of the exam voucher ($1,199), application fee ($100), and estimated cost of study materials ($200).

Do I Have to Renew The CEH?

The Certified Ethical Hacker is valid for three years from the date of your successful completion. After this period has passed you will need to earn 120 CEU’s (continuing education units). EC-Council refers to these CEU’s as ECEs (electrical and computer engineering credits).

CEH, CEH Certification, CEH Practice Exam, CEH Practice Test, CEH Salary, EC-Council Certification, EC-Council Career, EC-Council Preparation, EC-Council Guides, EC-Concil Exam Preparation

In addition to the ECEs, you will need to pay an annual membership fee of $80. This is a massive downside of the exam and should be considered before you invest your time and money in studying for it. Other comparable certifications like the CompTIA Pentest+ do not have an annual fee.

CEH vs The OSCP and The Pentest+

While I do think that the CEH is a good certification, I think that your money and time would be better spent studying for either the OSCP or The CompTIA Pentest+. Even with the recent price increase of the OSCP, both the OSCP and Pentest+ are more affordable than the CEH. In addition to being more affordable, they encompass more real-world scenarios and all for all will provide you a better education than the CEH.

CEH Alternatives:

CEH – $1499-$2049

OSCP – $999-$1349

Pentest+ – $359(+ Study Materials)

eLearnSecurity PTS – $399-$499

After Weighing the Options, Is the CEH Worth It?

On paper, the CEH looks like a great certification, but when you do more research and analyze the alternatives it is not the best option unless you are specifically going for a job that requires the certification.

Our Recommendations:

If you have previous penetration testing experience, we recommend that you take the OSCP. The OSCP is the best way to show you hands-on skills. If you are newer to penetration testing you should go with the Pentest+ or the eLearnSecurity PTS.

Final Thoughts:

This article is not meant to speak down on the CEH, our goal here is to provide an honest review on whether the CEH is worth it while considering the other options that are available. Hopefully, after reading this you are able to choose which certification is right for your unique situation and goal career path.

Source: cybercareerschool.com

Tuesday, 26 October 2021

What Are the Different Types of Cyber Security?

In this day and age, information technology security is crucial. We spend most of our time online and connected through various different devices. So, how do you know if your business or sensitive personal information is secure? This is where your cybersecurity infrastructure comes in.

It never hurts to hear third-party expert advice, which is why we created this guide to arm you with the information to fight any cyber attack.

What is Cyber Security?

EC-Council Cybersecurity, Cybersecurity, EC-Council Certification, EC-Council Guides, EC-Council Preparation, EC-Council Career, EC-Council Jobs, EC-Council Exam Preparation

Cybersecurity is the process of implementing different security measures to protect your network, computer systems, cloud infrastructure, and online personal data from cyber threats.


Cyber attacks are aimed at stealing personal information, such as credit card data, passwords, social security numbers, or other sensitive data. The term cybersecurity refers to both personal and business devices that are connected to the internet.

Overview of the Types of Cyber Security


Network Security

EC-Council Cybersecurity, Cybersecurity, EC-Council Certification, EC-Council Guides, EC-Council Preparation, EC-Council Career, EC-Council Jobs, EC-Council Exam Preparation

This type of security refers to the protection of your computer network from attacks inside and outside of the network. It employs numerous different techniques to prevent malicious software or other data breaches from occurring. Network security uses many different protocols to block attacks but allows authorized user access to the secure network.

One of the most important layers to secure your network is a firewall, which acts as a protective barrier between your network and external, untrusted network connections. A firewall can block and allow traffic to a network based on security settings.

Since phishing attacks are the most common form of cyberattack, email security is the most important factor in creating a secure network. Email security might consist of a program designed to scan incoming and outgoing messages to monitor for potential phishing attacks.

Application Security

This is the process of protecting sensitive information at the app-level. Most of these security measures should be implemented before the application is deployed. Application security might involve tactics like requiring a strong password from the user.

It might also include features such as two-step authentication, security questions, and other protective measures to ensure a user is who they say they are.

Cloud Security

EC-Council Cybersecurity, Cybersecurity, EC-Council Certification, EC-Council Guides, EC-Council Preparation, EC-Council Career, EC-Council Jobs, EC-Council Exam Preparation

Most of our online life is stored in the cloud. To be honest, I haven’t saved anything to my personal hard drive in quite some time. Most people use online systems such as Google Drive, Microsoft OneDrive, and Apple iCloud for storage. It is important for these platforms to remain secure at all times due to the massive amounts of data stored on them.

Cloud security can also include business services that are stored in a data center. To ensure appropriate cloud security measures are in place, you should consider the end-user interface, data storage security, backup plans, and human error that exposes the network.

Operational Security

This term refers to the risk management process for all internal cybersecurity. This type of management usually employs a number of risk management officers to ensure there is a backup plan in place if a user’s data becomes compromised. Operational security includes ensuring that employees are educated on the best practices for keeping personal and business information secure.

What Are the Types of Cyber Security Threats, and How Do You Prevent Them?


Phishing Attacks

EC-Council Cybersecurity, Cybersecurity, EC-Council Certification, EC-Council Guides, EC-Council Preparation, EC-Council Career, EC-Council Jobs, EC-Council Exam Preparation

Did you know that in the first half of 2020 there were approximately 146,994 reported phishing attacks?

These attacks are mainly executed by sending a large number of emails to different users requesting them to click a fake link or provide sensitive information.

Sometimes a phishing email will be disguised as a legitimate and trustworthy software program like Office 365 or Apple. The sender will often request you to click a link and type in your password, which they will steal and use to hack into your accounts.

The best way to prevent phishing attacks is to monitor your emails closely by viewing the sender’s email address before clicking on anything. If it appears to be slightly different than a typical email address, such as with many letters after it, then it is likely a scam email.

You can also hover over the link to see the actual destination website. You should install an anti-phishing email security program that will scan incoming emails for viruses, malicious code, or suspicious links.

Denial-of-Service Attacks

A denial-of-service (DoS) attack is a type of cyber attack often conducted on a business or large computer systems.

These cyber-attacks are carried out by flooding a network or data center with large amounts of traffic to slow down their systems, so they cannot perform their normal services for legitimate users.

Once the system becomes unusable, a cyber attacker might employ other methods of gaining access to sensitive information.
The best way to prevent these attacks is to implement different types of network security protocols.

This might include firewalls, VPNs, content filters, email scanning programs, and other load-balancing techniques.

You should attempt to eliminate as much human error as possible to prevent unauthorized access to the servers.

Malware

Malware is short for malicious software, and there are many different types that can affect your computer system. You might have heard the terms trojan, worm, and virus. These terms explain how malware infects your computer.

◉ Worm – This type of malware is a singular piece of software that reproduces and spreads from computer to computer.

◉ Trojan – This type of malicious code does not reproduce, but it is disguised as a type of program the user would normally install. Once the user clicks on the fake executable file, the program is implanted into the hard drive and causes damage from there.

◉ Virus – This type of malware attack uses a standalone software program as its vehicle. The virus implants a piece of malicious code into the program and forces it to take malicious actions against the user’s computer system.

◉ Spyware – This type of cyber threat spies on an unsuspecting user and gathers information from their computer systems without them knowing. Sometimes spyware will log your keystrokes or monitor the information you send and receive online.

The best way to prevent malware attacks on your computer system is to be diligent when surfing the internet. Never click on any suspicious website, popup, or email. You should also install anti-malware software and keep it up to date.

SQL Injection

Malware is short for malicious software, and there are many different types that can affect your computer system. You might have heard the terms trojan, worm, and virus. These terms explain how malware infects your computer.

◉ Worm – This type of malware is a singular piece of software that reproduces and spreads from computer to computer.

◉ Trojan – This type of malicious code does not reproduce, but it is disguised as a type of program the user would normally install. Once the user clicks on the fake executable file, the program is implanted into the hard drive and causes damage from there.

◉ Virus – This type of malware attack uses a standalone software program as its vehicle. The virus implants a piece of malicious code into the program and forces it to take malicious actions against the user’s computer system.

◉ Spyware– This type of cyber threat spies on an unsuspecting user and gathers information from their computer systems without them knowing. Sometimes spyware will log your keystrokes or monitor the information you send and receive online.

The best way to prevent malware attacks on your computer system is to be diligent when surfing the internet. Never click on any suspicious website, popup, or email. You should also install anti-malware software and keep it up to date.

Man-in-the-Middle Attack

A man-in-the-middle (MITM) attack is executed by a program or threat being placed between the victim and the intended entity the victim is trying to access.

For example, if a user is trying to login to their Google Drive for Business account and a MITM attack program is placed in between, then the user will accidentally type their Google credentials into the malicious program. The malicious program will then gain access to their account.

One simple way to prevent these attacks is to make sure that every website you visit starts with HTTPS. The ‘S’ is the most important character because it indicates the website is secure. Another preventative technique is to never connect to public WiFi routers.

Since they don’t require a security key for logging in, many attackers can intercept your personal information.

Drive-By Downloads

This is one of the most dangerous attacks because it is often not due to any user error or input. These attacks can happen without the user knowing or clicking on anything suspicious.

A drive-by download is usually accidentally picked up from a webpage. The user visits the webpage, and a program is implanted in their system without them even knowing.

The best way to prevent this attack is to install anti-virus software that can detect these programs before they are downloaded to the user’s computer.

The most popular types of anti-virus programs will identify the threat and quarantine it before it does any damage.

Password Attack

The most common type of security that every user employs is a password. We use them to log in to our computers, phones, and music devices.

One common type of password attack is to use social engineering to hack into a user’s account. This could be sending a phishing email, monitoring social media accounts, and even simply looking over your shoulder as you type.

The best way to prevent a password attack is to maintain strong passwords and change them often. Your passwords should include special characters, numbers, and lower and upper case letters.

You should never have the same password for more than one account.

Source: triadanet.com

Saturday, 23 October 2021

5 Mistakes to Avoid While Learning Artificial Intelligence

Artificial Intelligence, EC-Council Certification, EC-Council Tutorial and Material, EC-Council Preparation, EC-Council Career, EC-Council Skills, EC-Council Jobs

Artificial Intelligence imitates reasoning, learning, and perception of human intelligence towards the simple or complex tasks performed. Such intelligence is seen in industries like healthcare, finance, manufacturing, logistics, and many other sectors. But there is a thing common – mistakes while using the AI concepts. Making mistakes is quite generic and one can’t hide himself/herself from the consequences. So, instead of paying attention to its repercussions, we need to understand the reason why such mistakes may occur and then, modify the practices we usually perform in real-time scenarios.

Let’s spare some time in knowing about the mistakes we must be avoiding while getting started with learning Artificial Intelligence:

1. Starting Your AI Journey Directly with Deep Learning

Deep Learning is a subpart of Artificial Intelligence whose algorithms are inspired by the function, structure of our brain. Are you trying to link our brain’s structure and its functioning with neural networks? Yes, you can (in the context of AI) because there are neurons present in our brains that collect signals and split them into structures residing in the brain. This lets our brain understand what the task is and how it must be done. Now, you may try to begin your AI journey with Deep Learning (or DL) directly after knowing a bit about neural networks!!  

No doubt there will be a lot of fun, but the point is that it’s better not to introduce DL initially because it fails to achieve higher performance while working with smaller datasets. Also, practicing DL isn’t only harder but expensive too, as the resources and computing power required for creating and monitoring DL algorithms are available at higher costs, thereby creating overheads while managing the expenses. Even at times when you try to begin interpreting the network designs and hyper-parameters involved with DL Algorithms, you feel like banging your heads because it is quite difficult to interpret the exact interpretation of the sequence of actions that a DL Algorithm wants to convey. All such challenges will come amidst the path of your AI journey and thus, it is beneficial not to introduce Deep Learning directly.          

2. Making Use of an Influenced AI Model

An Influenced AI model will always be biased in an unfair manner as the data garnered by it will be inclined towards the existing prejudices of reality. Such an inclination won’t let the artificially intelligent algorithms identify the relevant features which reciprocate better analysis and decision-making for real-life scenarios. As a result, the datasets (trained or untrained) will map unfair patterns and never adopt egalitarian perspectives somewhere supporting fairness and loyalty in the decision-making process followed by AI-based systems.  

To understand the negative impact of an influenced AI Model, we may take a look at the COMPAS case study. COMPAS is an AI-influenced tool whose full form is Correctional Offender Management Profiling for Alternative Sanctions. It is used by the US courts for predicting if or not the defendant may become a recidivist (criminal reoffending different sorts of crimes). When this tool examined the data, the results were really shocking. It predicted false recidivism by concluding that 45 percent of black defendants were recidivists, while 23 percent of white defendants were classified as recidivists. This case study questioned the overall accuracy of the AI model used by the tool and clearly describes how such bias invites race discrimination amongst the people of the United States. Henceforth, it is better not to use a biased AI model as it may worsen the current situation by creating an array of errors in the process of making impactful decisions.

3. Trying to Fit Accuracy of AI Algorithms with Every Biz. Domain

Every biz. (business) domain won’t try to fit accuracy in every of its ongoing or forthcoming AI processes either related to software development or customer service. This is because there are other traits business ventures consider, like robustness, flexibility, innovation, and so on. Still thinking what the reason could be!! The answer is – Accuracy is foremost, but interpretability has its own potential!  

For instance, clients responsible for generating good revenue for business ventures check accuracy at a limit of say 90 percent, but they also check the robustness and flexibility of the AI algorithms while understanding the current business problem and then, predicting the outcomes much closer to their actual values. If the algorithms fail to factorize problems and do not realize the importance of data interpretation at times they are predicting the conclusions, clients straightaway reject such analysis. Here, what they are actually looking for is that AI algorithms are interpreting the input datasets well and showcasing robustness and flexibility in evaluating the decision-matrix suitably. Henceforth, you prefer not to fit accuracy with every domain generating visibility for businesses in the current or futuristic times.

4. Wasting Time in Mugging Up the AI Concepts  

Mugging up the AI concepts won’t let you acquire a deeper understanding of the AI algorithms. This is because those theoretical concepts are bound to certain conditions and won’t reciprocate the same explanation in real-time situations. For example, when you enroll yourself for a course, say Data Science course, there are various terminologies embedded in the curriculum. But do they behave the same when applied to real-time scenarios?  

Of course not! Their results vary because the terminologies when exposed to situations are affected by various factors whose results one can only understand after being involved in how these practical techniques fit well into a larger context and the way they work. So, if you keep mugging up the AI concepts, it would be difficult to remain connected with its practical meaning for a longer period. Consequently, solving the existing real-world problem will become challenging and this will negatively impact your decision-making process.  

5. Trying to Snap Up all Swiftly

Snapping up swiftly here means hurrying up learning a maximum number of AI concepts practically and trying to create AI models (consisting of different characteristics) in a shorter span. Such a hurry won’t be advantageous. Rather, this will be forcing you to jump to conclusions without validating the current datasets modeled for understanding the business requirements well. Besides, such a strategy will be landing your minds in utter confusion and you will be having more problems, instead of solutions, in your pocket.  

We may understand this through a real-life example. Suppose you are in the kitchen and preparing your meal. Now, your brother enters and asks you to prepare snacks within 20 minutes. Thinking if I am trapped or confused!! Yes, you will face endless confusion in deciding if you should be preparing your meal or the snacks for your brother. As a result, this will impact your accuracy of preparing quality meals/snacks because now, you have a time-boundation of 20 minutes. Such a situation occurs when one tries to snap up all the terminologies and notions embedded within an AI-based system/model. Therefore, instead of trying to grab everything quickly, you need to follow the SLOW AND STEADY principle. It will be helping you solve the existing AI challenge by selecting appropriately validated datasets not bound to non-accurate results.

Source: geeksforgeeks.org

Thursday, 21 October 2021

How Artificial Intelligence (AI) and Machine Learning(ML) Transforming Endpoint Security?

Endpoint security refers to a methodology of protecting devices like laptops, mobiles and other wireless devices that are used as endpoint devices for accessing the corporate network. Although such devices create potential entry points for security threats still endpoints are becoming a more common way to compute and communicate than local or fixed machines. Such attacks tend to occur because a lot of data is outside the corporate firewall that exposes it to security threats. Some such threats to which our system is exposed constantly are phishing, spoofing, vishing, etc.

Artificial Intelligence (AI), Machine Learning(ML), Endpoint Security, EC-Council Certification, EC-Council Guides, EC-Council Preparation, EC-Council Career, EC-Council Prep

Below you will find in detail description about the security attacks and the solutions provided by both Machine Learning and Artificial Intelligence.

1. Social Engineering


In such types of attacks, a person pretends to be someone else in order to trick users into disclosing confidential data, information or both. In order to prevent any kind of unauthorized access gain to confidential information, a cloud-based stack can protect against highly targeted script-based attacks including malware. ML and AI enhance the capabilities of this cloud network by supporting real-time blocking of new and unknown threats.

2. Phishing


It is one of the most common types of attacks aimed at stealing the victim’s personal information like banking account details. Attackers usually use spoofed emails that contain links directing the user to a malware-infected site. Such sites replicate genuine sites and trick the user into entering confidential details like passwords. AI and ML co-ordinate very well with each other in order to identify potential anomalies in emails. By analyzing the metadata, content, context of emails the system makes suitable decisions on how to tackle the malicious email. Using words like urgent and promotion in an email are picked by the AI systems as suspicious but the final decision is made after analyzing the email as a whole based on the following parameters. Whether there was a previous conversation, a connection between the subject and the content of the email, along with misspelled domains if any. ML-based protection continuously learns from such scenarios along with feedback data given to it by the user making the protection more accurate day by day.

3. Spear Phishing


It is a type of phishing but done in a more planned way by the attacker. The attacker first tends to do a background check on the user and then according to the users’ most common interests, most common visited websites and social media feeds the user is analyzed and is sent so-called credible mails which ultimately lead the target to open up little by little. Ultimately the user ends up downloading the malicious file. However, ML and AI make consistent efforts to tackle such kind of attacks. AI is used to understand the communication patterns which take place and if the system identifies an attack the ML-powered AI system block it before they cause any damage.

4. Watering Hole


Such attacks are based on the principle that a hunter uses for the prey to fall into the trap. In such attacks, the attacker tends to exploit the vulnerabilities of a website that is visited again and again by the user. ML and AI her us the path traversal algorithms for detecting any kind of malicious data. These traversal algorithms analyze if a user is directed to any kind of malicious website. For plotting such kind if attacks a lot of data from email traffic, proxy and pocket are required which is thoroughly scanned by the ml systems.

5. Network Sniffing


Artificial Intelligence (AI), Machine Learning(ML), Endpoint Security, EC-Council Certification, EC-Council Guides, EC-Council Preparation, EC-Council Career, EC-Council Prep
It is the process of capturing and analyzing the data packets that travel across the network. The network sniffer monitors all the data with the use of clear and readable messages being transmitted over a network. The best countermeasure to prevent sniffing is the use of encrypted communication between the hosts. VPNs are particularly used for encrypting the data. ML and AI-powered VPNs have however taken the protection to another level. ML-powered VPNs are equipped with a sophisticated learning algorithm that creates a private tunnel in the open networks like WiFi encapsulating and encrypting all the data sent on the network. This is done to prevent an attacker from deciphering the contents even if the data packets have been intercepted

6. DDOS Attack(Distributed Denial of Service Attack)


The principle of this attack although remains too straightforward but still, is effective today. It aims at causing interruption or suspension of a specific host or server by flooding it with large quantities of useless traffic(data) so that the server is not able to respond. Such flooding is done by multiple botnets(infected systems) simultaneously. DDOS is very effective because they are of lower bandwidth and hence they tend to bypass the detection quite easily and are often mixed with other attacks that also prevent them from the detection. However, AI-powered ML systems can instantaneously distinguish good traffic from bad traffic. This detection takes place within a few seconds that is the reason that such systems are preferred because they are quick, accurate and can analyze huge chunks of data in a very short interval of time.

Although Machine learning and Artificial intelligence have revolutionized the security systems there is no denying the fact that they have drawbacks in certain areas. One of the drawbacks is that dealing with AI AND ML systems requires a lot of financial resources which a medium scale industry cannot bear to spend. Sometimes hackers may exploit artificial intelligence and use it against the user if a hacker is successfully able to foil the system tricking it into misidentifying or misclassifying certain objects due to modified inputs by an attacker. In simple terms, the attacker may trick the system into thinking about the absence of a particular security check and manage to open a device without a face id or a password. Certain ML-powered software can also mimic a person’s voice after listening to the voice for just some time. Such software is used for vishing. Vishing is a technique in which phishing is combined with voice. This attack involves caller ID spoofing that masks the real phone number with that similar to the target, making them believe in the genuineness of the caller and thus successfully carrying out the attack. Thus we can say AI AND ML act as double-edged swords while transforming the endpoint security.

Source: geeksforgeeks.org

Tuesday, 19 October 2021

The role of Artificial Intelligence in Internet of Things

Imagine a smart future! A future where machines are not merely dumb devices but intelligent creations that can work in tandem with human beings. A future that looks remarkably like the robotic utopia in I, Robot (Well, except the homicidal robots!). This future is not merely an imagination but a natural consequence of the two most dynamic technologies of today – Artificial Intelligence and Internet of Things.

Artificial Intelligence, Internet of Things, EC-Council Certification, EC-Council Career, EC-Council Preparation, EC-Council Learning, EC-Council Guides

Now the question arises…What is Artificial Intelligence and the Internet of Things?

Well, Artificial Intelligence deals with the creation of systems that can learn to emulate human tasks using their prior experience and without any manual intervention. (Basically Intelligent Systems!). Internet of Things, on the other hand, is a network of various devices that are connected over the internet and they can collect and exchange data with each other.

Why is Artificial Intelligence required for IoT?


According to Business Insider, there will be more than 64 billion IoT devices by 2025, up from about 9 billion in 2017. All these IoT devices generate a lot of data that needs to be collected and mined for actionable results. This is where Artificial Intelligence comes into the picture. Internet of Things is used to collect and handle the huge amount of data that is required by the Artificial Intelligence algorithms. In turn, these algorithms convert the data into useful actionable results that can be implemented by the IoT devices.

This can be best summed in the words of Maciej Kranz, Vice President of Corporate Strategic Innovation at Cisco. “Without AI-powered analytics, IoT devices and the data they produce throughout the network would have limited value. Similarly, AI systems would struggle to be relevant in business settings without the IoT-generated data pouring in. However, the powerful combination of AI and IoT can transform industries and help them make more intelligent decisions from the explosive growth of data every day. IoT is like the body, and AI the brains, which together can create new value propositions, business models, revenue streams and services.”

Applications of Artificial Intelligence in Internet of Things


Artificial Intelligence and the Internet of Things is like a match made in Tech Heaven!!

While both of these disciplines have individual value, their true potential can only be realized together. There are many different applications across multiple industries that require Artificial Intelligence and Internet of Things. Some of these are given as follows:

1. Collaborative Robots

Ever wanted the help of a robot? Well, that’s exactly what you will get with Collaborative Robots or Cobots. These Cobots are highly complex machines that are designed to help humans in a shared workspace with environments ranging from office to industrial. They can be a robot arm designed to perform tasks or even a complex robot designed to fulfill tough tasks.

2. Drones

Drones are aircraft without a human pilot (The piloting is done by the software!). They are extremely useful as they can navigate unknown surroundings(even those beyond the reach of the internet) and reach areas hazardous for humans such as offshore operations, mines, war zones or burning buildings.

3. Smart Cities

When everything is getting smart, why not whole cities? Smart cities can be created with a network of sensors that are attached to the physical city infrastructure. These sensors can be used to monitor the city for various civic factors such as energy efficiency, air pollution, water use, noise pollution, traffic conditions, etc.

4. Digital Twins

Digital Twins are twin (obviously!) objects in which one is a real-world object and the other is its digital replica. These objects can range from airplane engines to wind turbines. Digital Twins are mainly used to analyze the performance of the objects without using the traditional testing methods and so reducing the costs required for testing.

5. Smart Retailing

This is shopping made smart! AI and IoT can be used by retailers to understand the customer behavior (by studying the consumer online profile, in-store inventory, etc.) and then send real-time personalized offers while the customer is in the store.

Real World Examples


While Artificial Intelligence in the Internet of Things is a relatively new concept, it has already been successfully applied in many real-world applications. (Yeah, this world is more tech-savvy than we thought!) Some of these applications are given as follows:

Tesla Motors – Self Driving Cars: Self-driving cars sound like futuristic science-fiction yet they are very much a part of today’s reality. The Tesla Motors self-driving cars use the latest advancements in Artificial Intelligence and the Internet of Things. While these cars are still in the testing phase (With multiple legal and ethical concerns as baggage!) they are still one of the easier innovations of IoT.
A unique feature of the Tesla self-driving cars is that all of them act like a connected network. Whenever one car learns some new information, that is passed on to all the other cars. And that is used to predict the behavior of cars and pedestrians on the road in various circumstances.

WildTrack – Endangered Species Preservation: There are many animals that are endangered or going extinct in various countries (No thanks to human of course!). Also, the traditional methods of tracking these animals with collars are stressful and dangerous (Both to the animals and researchers). So WildTrack’s footprint identification technique (FIT) uses IoT and AI algorithms to identify the species, individual, age and gender of an animal from its unique footprint. Then this data can be used to recognize patterns relating to animal movements, species population, etc. that help in preserving various endangered species.

Nest Labs – Smart thermostat: The Smart Thermostat (everything is becoming smart these days!) by Nest Labs uses IoT to allow temperature checking and controls from anywhere using smartphone integration. It is also quite simple to use, which is one of the primary reasons for its success (apart from AI and IoT of course!).

Artificial Intelligence, Internet of Things, EC-Council Certification, EC-Council Career, EC-Council Preparation, EC-Council Learning, EC-Council Guides

Artificial Intelligence plays a big role in the Nest Labs thermostat. It is used to understand the temperature preferences of the users and also their daily schedule. Then it adapts accordingly for optimal temperature and also maximum energy savings.

Automated vacuum cleaner – iRobot Roomba: When everything else is becoming smart, why not a smart vacuum cleaner? The iRobot Roomba is developed by three members of MIT’s Artificial Intelligence Lab and it uses IoT and AI to clean a room as efficiently as possible. It is a robotic vacuum cleaner that uses a set of sensors to detect obstacles, dirty spots on the floor or even steep drops such as stairs.

So, it essentially remembers the layout of the living space (As much as machines can anyway!) and then uses the most efficient and economical movements for cleaning. A smartphone app can be used to adjust the performance requirements with “Clean” mode, “Spot” mode, “Dock” mode, etc.

The Future Ahead


This is an exciting new time to live in (both for humans and machines!). With multiple advances in artificial intelligence, light-speed communications, and analytics, IoT is even more convenient and high-performance IoT devices are taking over almost every domain of technology. Moreover, the declining hardware costs make it feasible to embed sensors and connectivity in just about any device imaginable.

Taken together, Artificial Intelligence and Internet of Things are ushering in a new era where “smart” is just the normal state of being and the robotic utopia in the future appears more and more attainable in the present.

Source: geeksforgeeks.org

Saturday, 16 October 2021

How to Set Up a Personal Lab for Ethical Hacking?

Ethical Hacking Exam Prep, Ethical Hacking Tutorial and Materials, Ethical Hacking Career, Ethical Hacking Certification, Ethical Hacking Materials, Ethical Hacking Guides

Ethical hacking is a skill that is learned over time. It requires practice and patience to get to a decent skill level in this field. Having a lab setup handy can help you a lot in your learning. A lab lets you practice your skills in a controlled environment, reducing the risks that arise from practicing on real systems. Having your virtual lab will help you in many ways:

◉ You can practice anytime as per your convenience.

◉ You don’t have to put your data under the dangers of getting wiped because of malware infection.

◉ You are also saved from legal troubles that may result from testing on a real website that you do not own.

◉ You get the freedom to experiment and tweak around (mostly impossible with online labs).

The requirements for setting up the lab are hardware and software tools. Let’s go through the hardware requirements first.

1. Hardware Requirements:

◉ A laptop or a desktop with as much RAM and processor power you can arrange.

◉ A large HDD or SSD to store your tools and other important files.

◉ A host OS for your computer system. It can be Windows, Linux( any family, any flavor) or Mac OS depending on your choice.

◉ Latest security patches must be installed on your guest OS before you start.

◉ A WiFi adapter that supports monitor mode. (Optional)

2. Software Requirements:

◉ Virtual Machine Player or Hypervisor: This will be used to host all the guest operating systems, vulnerable virtual machines, and test servers. There are many free and paid options for hypervisors provided by many vendors. For example, VMware has VMWare workstation, Oracle has Oracle VirtualBox and Microsoft has HyperV. You can choose any of these depending on your choice and budget.

◉ Guest Operating Systems: Guest operating systems will include unpatched versions of Windows and Linux. These will be installed to test for zero-days and other vulnerabilities for which patches, as well as exploits, have been released.

◉ Vulnerable VMs: Vulnerable Virtual Machines are developed intentionally for being highly vulnerable. Most of the VMs are parts of hacking events and are released later online. These VMs are usually CTFs with hidden strings that are to be found after compromising (pwning) the VM. Some popular vulnerable VMs are Metasploitable, OWASP broken web application, DVWA(Damn Vulnerable Web Application), BadStore, De-Ice, and Multidae, etc.

3. Essential Tools:

Once you have found and installed your favorite vulnerable assets, it is now time to get the tools required for pwning them. Install these tools on your computer to get started.

◉ Metasploit Framework (MSF): An open-source version of the Metasploit tool is used extensively for exploiting known vulnerabilities in systems and software. The exploit list is updates regularly with exploits of most recent findings that went public.

◉ WireShark: It is a tool used by network administrators but you can use it to supplement your hacking tools arsenal. For you as a hacker(ethical, of course) this tool will help in network pentesting by the same basic feature of network monitoring :it can help you harvest sensitive data like plaintext passwords over unencrypted connections(http, telnet), analyze malware behavior by figuring out the endpoints it tries to connect, and many more.

◉ Nmap: One tool to rule ’em all, it is used by almost every penetration tester. It is a port scanner with a set of additional utilities like OS detection and network mapping(nmap stands for “network mapper” ). It can be automated by writing scripts in NSE(nmap scripting environment). Port scans are used to enumerate services and applications on the target. These enumeration data can be really useful in some cases for pwning the target.

◉ John The Ripper: It is a free and open-source password cracking tool which is highly popular among penetration testers. Popularity is the reason why it is available on fifteen platforms. The tools were initially designed for cracking UNIX password hashes. However, the latest stable release from May 2019 supports Windows NTLM, Kerberos and hundreds of other hashes.

◉ Burpsuite or OWASP ZAP: Both are great all in one tool for penetration testing web applications. Learning about hacking web applications is crucial for an aspiring (ethical) hacker since most of the services are provided online. These two tool-sets contain all the tools you will need for hacking (ethically) into a web application.

◉ Kali Linux: It is an operating system developed primarily for white hat hackers and penetration testers. This OS has a wide array of tools for almost every task before, during and after a penetration testing session. It contains all the tools mentioned above (No need for installing them manually).

Source: geeksforgeeks.org

Thursday, 14 October 2021

Introduction to Password Attacks | Ethical Hacking

Ethical Hacking, Ethical Hacking Exam Prep, Ethical Hacking Preparation, Ethical Hacking Career, Ethical Hacking Tutorial and Materials, Ethical Hacking Guides, Ethical Hacking Learning

Password cracking is one of the imperative periods of framework hacking. Password cracking is the way toward recuperating passwords from the information sent by a PC or mainframe or put away in it. The motivation behind password cracking is to assist a client with recuperating a failed, to remember or lost password, as a preventive measure by framework chairmen to check for effectively delicate passwords, or an assailant can utilize this cycle to acquire unapproved framework access.

Sorts of Password Attacks :

Password cracking parts consistently maltreatment regardless of legal expects to secure unapproved framework access, for instance, recovering a customer’s inability to recollect password. This hack arrangement depends upon aggressors exercises, which are ordinarily one of four sorts:

1. Non-Electronic Attacks –

This is most likely the hacker’s first effort to acquire target system passwords. These sorts of password cracking hacks don’t need any specialized ability or information about hacking or misuse of frameworks. Along these lines, this is a non-electronic hack. A few strategies used for actualizing these sorts of hacks are social engineering, dumpster jumping, shoulder surfing, and so forth.

2. Active Online Attacks – 

This is perhaps the most straightforward approach to acquire unapproved manager-level mainframe access. To take the passwords, a hacker needs to have correspondence with the objective machines as it is obligatory for password access. A few techniques used for actualizing these sorts of hacks are word reference, brute-forcing, password speculating, hash infusion, phishing, LLMNR/NBT-NS Poisoning, utilizing Trojan/spyware/keyloggers, and so forth.

3. Passive Online Attacks –

An uninvolved hack is a deliberate attack that doesn’t bring about a change to the framework in any capacity. In these sorts of hacks, the hacker doesn’t need to speak with the framework. In light of everything, he/she idly screens or records the data ignoring the correspondence channel to and from the mainframe. The attacker by then uses the critical data to break into the system. Techniques used to perform passive online hacks incorporate replay attacks, wire-sniffing, man-in-the-middle hack, and so on.

4. Offline Attacks –

Disconnected hacks allude to password attacks where an aggressor attempts to recuperate clear content passwords from a password hash dump. These sorts of hacks are habitually dreary yet can be viable, as password hashes can be changed due to their more modest keyspace and more restricted length. Aggressors utilize preprocessed hashes from rainbow tables to perform disconnected and conveyed network hacks.

Some of the best practices protecting against password cracking include :

  1. Perform data security reviews to screen and track password assaults.
  2. Try not to utilize a similar password during the password change.
  3. Try not to share passwords.
  4. Do whatever it takes not to use passwords that can be found in a word reference.
  5. Make an effort not to use clear content shows and shows with weak encryption.
  6. Set the password change technique to 30 days.
  7. Try not to store passwords in an unstable area.
  8. Try not to utilize any mainframe’s or PC’s default passwords.
  9. Unpatched computers can reset passwords during cradle flood or Denial of Service assaults. Try to refresh the framework.
  10. Empower account lockout with a specific number of endeavors, counter time, and lockout span. One of the best approaches to oversee passwords in associations is to set a computerized password reset.
  11. Ensure that the computer or server’s BIOS is scrambled with a password, particularly on devices that are unprotected from real perils, for instance, centralized servers and PCs.

Source: geeksforgeeks.org

Saturday, 9 October 2021

Top 5 Places to Practice Ethical Hacking

The practice is essential for mastery of an art. Hacking is mostly an art since it’s more about how you use the tools you know and less about how many tools you know. While it might be easy to get a basic idea of what a certain technique is about during introductory phases, getting comfortable with that technique is highly improbable without hands-on practice.

Ethical Hacking, EC-Council Certification, EC-Council Preparation, EC-Council Guides, EC-Council Career, EC-Council Tutorial and Materials

Setting up a system for practicing will require download and installation of tools. To setting up your virtual lab for practicing ethical hacking, go through this Article.


1. PortSwigger’s Web Security Academy Labs


You must have heard of BurpSuite, the tool used for penetration testing of web applications. The developers of BurpSuite now provide free of cost online training in web application security. The training contains tutorials and labs on almost every vulnerability commonly found in modern web applications. Once you are good enough, you can compete with others in solving a newly added challenge before others. They have a HOF for expert hackers and provide swag for top performers.

2. HackTheBox


HackTheBox is a collection of vulnerable applications called “machines”. Each of the machines is unique and contains a set of vulnerabilities, the hacker has to compromise it and gain the required privileges. The good thing about HTB is that a large number of machines are already there for practice and walkthrough tutorials are available in case you are stuck. New ones are added regularly containing most recently found vulnerabilities. The free version offers access to “live” machines only, old machines and walkthroughs are available on a paid subscription.

3. HackThisSite:


This one is very famous among hackers, probably because its founder got arrested for illegal cyber activities. The negative fame has helped well in marketing HackThisSite without significant efforts. HackThisSite is versatile. The hacking challenges on this site are called “missions” and are classified like:

◉ Basic missions
◉ Realistic missions
◉ Application missions
◉ Programming missions
◉ Phone phreaking missions
◉ Javascript missions
◉ Forensic missions
◉ Extbasic missions
◉ Stego missions
◉ Irc missions

As quoted on hackthissite.org, “You should Tune in to the hacker underground and get involved with the project”.

4. PentesterLab


One of the biggest platforms for web application security, PnetesterLabs hosts tutorials and labs on a very wide range of vulnerabilities of the web. But its quality content costs more than a decent sum. We advise you to keep checking the website for promos, as the courses can be grabbed at as little as 25% of the original price during certain promo events. PentesterLab has exercised on XSS, SQLi, XXE, CSRF, SAML related vulnerabilities, cross-site leakage, and many more.

5. HellBound Hackers


The name sounds badass, and the site lives to its name. It has articles, tutorials, hacking challenges, and a forum. You can practice web hacking, email tracking, software cracking, encryption challenges(which are decryption challenges), steganography, and even social engineering. Hell Bound Hackers have been under controversy for allegedly distributing “hacking tools”. However, this page on their site clarifies that they are providing security-related material in a legal manner.

Ethical Hacking, EC-Council Certification, EC-Council Preparation, EC-Council Guides, EC-Council Career, EC-Council Tutorial and Materials

Bonus:

Vulnhub is the hub of vulnerable virtual machines. It indexes intentionally vulnerable machines created by experts from different places. The vulnerable VMs are downloadable and can be installed on your VM hosting platform. VulnHub is popular because of its high quality and real-world application based VMs. VulnHub is diverse, as it hosts VMs based on banking web apps to basic level CTFs.

Source: geeksforgeeks.org

Thursday, 7 October 2021

Advantages and Disadvantages of Ethical Hacking

Ethical Hacking Exam Prep, Ethical Hacking Preparation, Ethical Hacking Tutorial and Material, Ethical Hacking Certification, Ethical Hacking Guides, Ethical Hacking Career, Ethical Hacking Prep

In this article, we will discuss the overview of ethical hacking and will also discuss the ethical hacking process and then finally will focus on the advantages and disadvantages. Let’s discuss it one by one.

Overview :

The term “ethical hacking” is defined as the method followed by ethical hackers, to hack into a system with prior permission to find out vulnerabilities so that they can be fixed before a person with malicious intent perform some disallowed task. These professionals are part of a cybersecurity company. They are hired by companies to perform hacking tasks. The goal of ethical hacking in a company is to protect the systems from attackers, to ensure the privacy of organization data, to eliminate any potential threat.

Ethical hacking process :

There is six-step usually performed by ethical hackers in the ethical hacking process.

Read More: 312-50: Certified Ethical Hacker (CEH)

1. Reconnaissance –

It is the principal stage where the Hacker attempts to gather data about the objective. It incorporates Identifying the Target, discovering the objective’s IP Address Range, DNS records, Network, and so on.

2. Scanning – 

In this stage, the hacker starts to effectively test an objective machine or organization for weaknesses that can be abused. It incorporates the utilization of apparatuses like dialers, network mappers, sweepers, port scanners, and weakness scanners to check information.

3. Gaining Access – 

In this stage, the hacker plans the outline of the organization of the objective with the assistance of information gathered during observation and checking. The hacker has got done with identifying and checking the organization and now concludes that they have a few alternatives to access the organization.

4. Maintaining Access – 

It is the interaction where the hacker has effectively gotten entrance into a framework. By getting entrance, the hacker introduces a few secondary passages to go into the framework when he needs access in this possessed framework in the future. Metasploit is the favored apparatus in this cycle.

5. Clearing Tracks – 

This process is basically an unethical activity. It has to do with the erasure of logs of the multitude of exercises that occur during the hacking interaction.

6. Reporting – 

It is the last step of finishing the ethical hacking process. In this the Ethical Hacker aggregates a report with his discoveries and the work that was done, for example, the instruments utilized, weaknesses found, the achievement rate, and the endeavor measures.

Advantages of Ethical Hacking :

Following are the advantages of Ethical Hacking as follows.

◉ This helps to fight against cyber terrorism and to fight against national security breaches.

◉ This helps to take preventive action against hackers.

◉ This helps to build a system that prevents any kinds of penetration by hackers.

◉ This offers security to banking and financial establishments.

◉ This helps to identify and close the open holes in a computer system or network.

Disadvantages of Ethical Hacking :

Following are the disadvantages of Ethical Hacking as follows.

◉ This may corrupt the files or data of an organization.

◉ They might use information gained for malicious use. Subsequently, trustful programmers are expected to have achievement in this framework.

◉ By hiring such professionals will increase costs to the company.

◉ This technique can harm someone’s privacy.

◉ This system is illegal.

Source: geeksforgeeks.org

Tuesday, 5 October 2021

Worm, Virus & Trojan Horse: Ethical Hacking

Some of the skills that hackers have are programming and computer networking skills. They often use these skills to gain access to systems. The objective of targeting an organization would be to steal sensitive data, disrupt business operations or physically damage computer controlled equipment. Trojans, viruses, and worms can be used to achieve the above-stated objectives.

Read More: 312-50: Certified Ethical Hacker (CEH)

In this article, we will introduce you to some of the ways that hackers can use Trojans, viruses, and worms to compromise a computer system. We will also look at the countermeasures that can be used to protect against such activities.

What is a Trojan horse?

A Trojan horse is a program that allows the attack to control the user’s computer from a remote location. The program is usually disguised as something that is useful to the user. Once the user has installed the program, it has the ability to install malicious payloads, create backdoors, install other unwanted applications that can be used to compromise the user’s computer, etc.

The list below shows some of the activities that the attacker can perform using a Trojan horse.

◉ Use the user’s computer as part of the Botnet when performing distributed denial of service attacks.

◉ Damage the user’s computer (crashing, blue screen of death, etc.)

Stealing sensitive data such as stored passwords, credit card information, etc.

Modifying files on the user’s computer

Electronic money theft by performing unauthorized money transfer transactions

Log all the keys that a user presses on the keyboard and sending the data to the attacker. This method is used to harvest user ids, passwords, and other sensitive data.

◉ Viewing the users’ screenshot

◉ Downloading browsing history data

What is a worm?

Worm, Virus & Trojan Horse, Ethical Hacking, Ethical Hacking Exam Prep, Ethical Hacking Tutorial and Materials, Ethical Hacking Career, Ethical Hacking Preparation

A worm is a malicious computer program that replicates itself usually over a computer network. An attacker may use a worm to accomplish the following tasks;

Install backdoors on the victim’s computers. The created backdoor may be used to create zombie computers that are used to send spam emails, perform distributed denial of service attacks, etc. the backdoors can also be exploited by other malware.

◉ Worms may also slowdown the network by consuming the bandwidth as they replicate.

◉ Install harmful payload code carried within the worm.

What is a Virus?


Worm, Virus & Trojan Horse, Ethical Hacking, Ethical Hacking Exam Prep, Ethical Hacking Tutorial and Materials, Ethical Hacking Career, Ethical Hacking Preparation

◉ A virus is a computer program that attaches itself to legitimate programs and files without the user’s consent. Viruses can consume computer resources such as memory and CPU time. The attacked programs and files are said to be “infected”. A computer virus may be used to;
   ◉ Access private data such as user id and passwords
   ◉ Display annoying messages to the user
   ◉ Corrupt data in your computer
   ◉ Log the user’s keystrokes

Computer viruses have been known to employ social engineering techniques. These techniques involve deceiving the users to open the files which appear to be normal files such as Word or Excel documents. Once the file is opened, the virus code is executed and does what it’s intended to do.

Trojans, Viruses, and Worms counter measures


Worm, Virus & Trojan Horse, Ethical Hacking, Ethical Hacking Exam Prep, Ethical Hacking Tutorial and Materials, Ethical Hacking Career, Ethical Hacking Preparation

◉ To protect against such attacks, an organization can use the following methods.

◉ A policy that prohibits users from downloading unnecessary files from the Internet such as spam email attachments, games, programs that claim to speed up downloads, etc.

◉ Anti-virus software must be installed on all user computers. The anti-virus software should be updated frequently, and scans must be performed at specified time intervals.

◉ Scan external storage devices on an isolated machine especially those that originate from outside the organization.

◉ Regular backups of critical data must be made and stored on preferably read-only media such as CDs and DVDs.

◉ Worms exploit vulnerabilities in the operating systems. Downloading operating system updates can help reduce the infection and replication of worms.

◉ Worms can also be avoided by scanning, all email attachments before downloading them.

Trojan, Virus, and Worm Differential Table

  Trojan Virus  Worm 
Definition Malicious program used to control a victim’s computer from a remote location. Self replicating program that attaches itself to other programs and files Illegitimate programs that replicate themselves usually over the network
Purpose  Steal sensitive data, spy on the victim’s computer, etc. 

Disrupt normal computer usage, corrupt user data, etc.

Install backdoors on victim’s computer, slow down the user’s network, etc. 

Counter Measures

Use of anti-virus software, update patches for operating systems, security policy on usage of the internet and external storage media, etc.

Source: guru99.com