2. 1. Hack Value: It is the notion among Hackers that something doing is interesting or
worthwhile.
2. Exploit: A piece of software that takes advantage of a bug, glitch or vulnerability
that leads to unauthorized access, privilege escalation or denial of service on
computer systems and networks.
3. Vulnerability: Existence of software flaws, logic design, implementation errors
executing bad or damaging instructions to the system.
2
3. 4. Target of Evaluation: It is the system, product or network that is the subject of
security analysis or attacks.
5. Zero Day attacks: A computer threats that tries to exploit computer application
vulnerabilities that are undisclosed to others or undisclosed to the software
developer.
6. Daisy chaining: Hackers who get away with database thefts usually complete their
task and then backtrack to cover their tracks by destroying logs etc.
3
4. 7. Attack: An action or an event that might compromise security.
8. Threat: An environment or a situation that might lead to potential breach of
security.
9. Vulnerability Research: It is the process of discovering vulnerabilities and design
weakness that lead an operating systems or its application to attacks or misuse.
10. Penetration Testing: It is the method of actively evaluating the security of a system
by simulating an attack from malicious source.
4
5. Security is a state of well being of information and infrastructure in which the
possibility of theft, tampering of disruption of services is kept low or tolerable.
It relies on the five major elements of security:
1. Confidentiality: It is the assurance that the information is easily accessible to
only those who are authorized to have access. Confidentiality breaches may occur
due to improper data handling or hacking attempt.
2. Integrity: It is the trustworthiness of data and resources in terms of preventing
improper and unauthorized changes, the assurance that the information can be
relied upon to be sufficiently accurate for its purposes
5
6. 3. Availability: It is the assurance that the systems responsible for storing,
delivering and processing information is available to authorized users when
required.
4. Authenticity: It refers to the characteristics of any communication or any data
that ensures the quality of being genuine or not corrupted from the original.
Major roles of authenticity includes that the user is claiming he or she to be. This
is done by Biometrics. Smart cards, digital certificates etc
5. Non-repudiation: It ensures that the party to a contract or a communication
cannot later deny the authenticity of their signature on a document or sending the
message that they originated. It is a way to guarantee that the sender of the
message cannot later deny having sent the message and the recipient cannot deny
having received the message. 6
7. Level of Security in any systems can be defined by the strength of the three
components:
Functionality(features)
Moving the ball towards security means
less of other two
Security(restrictions) Usability(GUI)
7
8. An attack vector is a path or means by which an attacker can gain access to an
information system to perform malicious attack.
This attack vector can enable an attacker to take advantage of the vulnerabilities
present in the information system to carry out a particular attack.
The following are the possible attack vectors by which an attacker can attack on
information system:
8
10. Information Security Threats are classified into three categories:
1. Natural Threats: such as natural disasters such as flood, earthquakes .
2. Physical Security Threats: such as errors, misconfiguration, sabotage .
3. Human Threats: such as internal threats-disgruntled employees and external
threats-malicious hackers
10
11. Human Threats are classified into three categories:
1. Network Threats: such as Sniffing, MITM attacks, Information Gathering,
Spoofing, ARP Poisoning.
2. Host Threats: such as Unauthorized access, Password Attacks, Privilege
Escalations.
3. Application Threats: Cross Site Scripting, Buffer Overflows, SQL Injections.
11
12. The Term Information Warfare or Info-War refers to the use of information and
communicative technology to take competitive advantage over an opponent.
1. Defensive Information Warfare: refers to all the strategies and actions to
defend against attacks on ICT assets.
2. Offensive Information Warfare: refers to the Information warfare that involves
attacks against ICT assets of an opponent.
12
13. Most people do not understand between hacking and Ethical hacking.
These two terms can be differentiated on the basis of the intentions of the people
who are performing hacking activity.
However, understanding the true intentions of hackers can be quite difficult.
Hacking: refers to exploitation and exploration of the computer software and
hardware to gain unauthorized access to perform malicious attacks.
Ethical Hacking: refers to exploitation and exploration of the computer software
and hardware to make it more secure and ease of use.
13
14. A hacker is a person who illegally breaks into computer system or network
without any authorization to steal or destroy data or perform malicious activities.
Hackers may be motivated by a multitude of reasons:
1. Intelligent individuals with excellent computer skills with the ability to create and
explore into computer software and hardware.
2. For some hackers, hacking is a hobby to see how many systems or network they
can compromise.
3. Their intention can either be to gain knowledge or to poke around to do illegal
things.
4. Some hack with malicious intent such as stealing business data, credit card
information and social security no.
14
15. 1. Black Hat: Individuals with extraordinary computer skills resorting to malicious
activities are known as crackers.
2. White Hat: Individuals professing hacker skills and using them for defensive
purposes are known as security consultants.
3. Grey hat: Individuals who work both offensively and defensively at various
times.
4. Suicide Hackers: Individuals who aim to bring down critical infrastructure for a
cause and are not worried about facing thirty years in jail for their actions.
15
16. 5. Spy Hackers
6. State Sponsored Hacker
7. Cyber Terrorist
Technical Level Of Hackers:
1. Neophyte: Newbie in the field of Security
2. Script Kiddies: Person depending on other hackers, skills and scripts.
3. Elite Hackers: Also Known as 1337. Advanced level of hackers.
16
17. 1. Hacktivism is an act of promoting political agenda especially by defacing or
disabling websites.
2. It thrives in the environment where information is easily accessible.
3. Aims at sending message through their hacking activities and gaining visibility
for a cause.
4. Common targets include governments, multinational corporations or any other
entity as perceived as bad or wrong by these groups of individuals. E.g.
Anonymous and Lulzsec
17