BECOME A CYBER SECURITY ANALYST
EduCBA
Summary
- Tutor is available to students
Overview
What is Hacking?
Hacking is the process of finding loopholes in a website, intrude into it and take control of the site or make it crash. To prevent malicious hackers from intruding into computer systems and networks causing severe harm, trained hackers are employed by companies to find loopholes or weaknesses in existing websites, computer networks and take measures to solve them. It is called ethical hacking.
About Hacking Training Course
EduCBA’s Hacking Training course is intended to help software professionals get an overview of hacking methods with practical examples. It will provide insights into hacking techniques, strategies, study configuration, topology, understand network types and enhance skills to effectively use ethical hacking for corporates. It will enhance your skills and knowledge to convince the industry or employers about your capability in handling internet security. The course is spread into 105 lectures with 19 hours of HD video.
Description
General Hacking Methods:
This chapter introduces the learner to hacking methods employed by hackers and information security professionals.
Port Scanning: Port scanning is the process by which hackers send messages to ports to see which are open and susceptible to vulnerabilities. Just as a burglar looks for a open window, door or ventilation to make his entry into a house, hackers send messages to ports to check weaknesses.
ICMP Sweep/Scanning: basic network scanning to find out which IP addresses map to live hosts or computers. Internet Control Message Protocol (ICMP) – ping is an ICMP ECHO to multiple hosts, a return ICMP echo is received if port is live.
Tools for ICMP Echo- fping, gping, nmap for UNIX, Pinger Software- Rhino9, Ping Sweep for Windows
Netbios Hacking – getting entry into a computer system through Network Basic Input Output System (NETBIOS). This is how computers in a LAN or WAN is targeted- sniffing – ip addresses-local subnet
Internet Application Security and Vulnerability: Security breach, proactive,defensive strategies, Authenitcation, authorization. Common flaws – injection flaws-passing unfiltered data to the sQL server, to the browser, preventing injection flaws, Cross Site scripting, insecure direct object references, security misconfiguration. Sensitive data exposure, missing function level acess control, cross site request forgery. Components with vulnerabilities, unvalidated redirects and forwards.
Introduction to attack techniques, classes of attacks-passive attack, active attack, distributed attack, insider attack, close-in attack, phishing attack, hijack attack, spoof attack, buffer overflow, exploit attack, password attack. Online identity-location, birth date, family connections, hacking , banking, financial transactions.
Protecting online identity:
Protecting identity of user, tips for protecting online identy- social media, profiles, privacy settings,usage of multiple passwords,phishing emails, https for online transactions – s stands for security.
Reducing risk of online identity theft: Stealing personal information, impersonating, social security number, signature, name, address, phone number, mobile number,financial details- bank,credit card info.-committing fraud.
Reducing Risk of online identify theft- online transactions- ask companies how data will be used, Secure Socket Layer (SSL), Site security certificate,, data encryption, credit card info – storage and use. Destroy papers containing credit card info.
Action taken- Online identity theft- contact, credit bureaus- Experian, Equifax, TransuUnion, fraud alert, thief may not be able to open bank account on time.; monitor credit reports.security freeze, child identity theft, FTC Identity Theft Affidavit. ATM/Debt cards, social security number misuse,victim statement, reporting to police, legal support, keeping records.
Phishing- Introduction to phishing- sending email to user falsely claiming to be a genuine enterprises – get personal information for identity theft- directing to a site-updating password, credit cards , account information-bogus website, stealing information. Anti-Phishing-
Type of Phishing email/spam
fraudsters sent same email to millons of users seeking personaliinformaiton, account verification, urgency, web based delivery- hacker – intermediary between website and phising system.- Instant messaging, Trojan hosts, link manipulation, key loggers, session hacking, system reconfiguration, content injection, phishing through search engines, phone phishing, malware phishing. Anti-phishing-steps to protect computer- using firewalls, anti-virus software, Secure Socket Layer (SSL), bank,credit care statements. Summary of approaches.
Introduction to computer security and cyber crime:
Computer crime refers to stealing data, intrusioin into websites and systems- examples- cyber terrorism, cyber bullying, denial of service attack, espionage, fraud- manipulating data, changing banking records, creating malware,spoofing, unauthorized access, spamming, harvesting, salami slicing.
Cyber Security-IT security aims to protect computers, programs, networks, unauthorized access, modification or alteration. Importance of cyber security– government organizations, companies, corporates,financial institutions, hospitals- integrity of data,confidiential information,privacy, data transmission and theft, cyber attacks.
Types of hacker attacks, spoofing- unauthorized access to user’s system impersonation, steal personal data, bank account, passwords,credit card info.- email spoofing,caller ID, URL spoof attacks- fraudulent website to obtain info from users, install viruses.credit card info.
Web spoofing, session hijacking- allows hackers to see and modify pages sent to victim’s machine. JavaScript and web server plugins, malicious web pages, web browers don’t prevent spoofing.
Session hijacking –exploitation of web session control mechanism, by exposing the session token by means of predicting a valid session token to get unauthorized entry to the web server- methods- predicting session token, session sniffing,IP snooping, client side attacks, man-in-the-middle attack,man-in-the-browser attack.
DOS and Buffer over Flow Attack- takes advantage of a program awaiting on user’s input –Stack based and heap based attacks. Heap based- floods memory reserved for a progam execution- buffer over run, memory object or stack. When user inputs data, the stack which empty until then writes a return memory address to the stack putting the user’s input on top of it. When the stack is processed, user data is sent to return address mentio
Questions and answers
hello, how much time do we have to complete the course. Is it a lifetime access course? thanks jose luis
Answer:Hello Jose-Luis, Yes. It is Lifetime access. Thanks
This was helpful.Do you receive a certificate
Answer:Hello, Yes, Once you have completed your courses. You will receive a certificate of completion. Thanks
This was helpful.
Reviews
Currently there are no reviews for this course. Be the first to leave a review.
Legal information
This course is advertised on reed.co.uk by the Course Provider, whose terms and conditions apply. Purchases are made directly from the Course Provider, and as such, content and materials are supplied by the Course Provider directly. Reed is acting as agent and not reseller in relation to this course. Reed's only responsibility is to facilitate your payment for the course. It is your responsibility to review and agree to the Course Provider's terms and conditions and satisfy yourself as to the suitability of the course you intend to purchase. Reed will not have any responsibility for the content of the course and/or associated materials.