Cyber

Security
Hiranya Prasad Bastakoti
 • Cyberspace
• Cybersecurity
• NIST Cybersecurity Framework
• Cybersecurity Management Process
• Cybersecurity Threats and Attacks
Contents
• Cyber Kill Chain
• Vulnerability Assessment
• Penetration Testing
• Ethical Hacking
• Cyber Law: Global and Local
 Cyberspace
• Cyberspace refers to the digital world created by the
invention of the Internet.
• Cyberspace describes the virtual space people use to
communicate, share files, consume media, and exchange
information.
• The National Institute of Standards and Technology (NIST)
defines cyberspace as the global domain within the
information environment consisting of the interdependent
network of information systems infrastructures.
• This includes the internet, telecommunications networks,
computer systems, and embedded processors and
controllers.
• Cyberspace allows users to conduct business,
communicate, socialize, connect, exchange ideas,
play games, participate in social forums, and share
information.
 Components of CyberSpace
• Internet: The worldwide network of interconnected computer networks
that use the standard Internet protocol suite (TCP/IP) to link devices
globally.
• Telecommunications Networks: Infrastructure that provides voice, data,
and video communication services across long distances, including wired
and wireless networks.
• Computer Systems: Hardware and software that process and store data,
including servers, desktops, laptops, and mobile devices.
• Embedded Processors and Controllers: Specialized computing devices
integrated into other systems or products, such as industrial control
systems, medical devices, and smart appliances, that manage specific
functions.
Features of Cyberspace
• Interconnectivity: A global network of interconnected
systems enabling communication and data exchange.
• Global Reach: Access available worldwide,
transcending geographical boundaries.
• Scalability: Infrastructure that can expand to support
increasing numbers of users and devices.
• Interoperability: Seamless integration of different
systems and technologies using standardized
protocols.
• Dynamic Nature: Constant evolution with emerging
technologies, applications, and threats.
 • Security Threats: The constant and evolving nature of cyber
threats, including malware, phishing, and ransomware,
poses significant risks to data and systems.
• Privacy Concerns: Ensuring the confidentiality and privacy
of personal and sensitive information amidst widespread
data collection and sharing.
• Complexity of Systems: The complecated and diverse
Challenges nature of interconnected systems makes it difficult to
manage and secure all components effectively.
in Cyberspace • Lack of Standardization: Variability in security practices,
protocols, and technologies can lead to interoperability
issues and inconsistent protection measures.
• Regulatory and Compliance Issues: Navigating and
adhering to diverse and often conflicting regulations and
standards across different regions and industries.
Cybersecurity
• Cybersecurity involves safeguarding systems, networks, and programs from digital threats.
• “The process of protecting information by preventing, detecting and responding to attacks.”
• “Ability to protect or defend the use of cyberspace from cyber-attacks.”
• “The prevention of damage to, protection of, and restoration of computers, electronic
communication systems, and services, ensuring the availability, integrity, authentication,
confidentiality, and non-repudiation of the information contained therein.”
• Cybersecurity is the practice of defending computers, servers, mobile devices, electronic systems,
networks, and data from malicious attacks.
• It's also known as information technology security or electronic information security.
• Cybersecurity is a set of standards and practices organizations use to protect their
applications, data, programs, networks, and systems from cyberattacks and unauthorized
access.
 Categories of Cyber Security
Network Security: The First Line of Defense
• Network security involves securing the communication channels between computers and devices
within a network.
• This includes implementing firewalls, encryption, and intrusion detection systems to prevent
unauthorized access and protect against malicious activities.
Application Security: Safeguarding Software and Devices
• Application security focuses on protecting the software and devices used within an organization
from potential vulnerabilities.
• This involves regularly updating software, conducting vulnerability assessments, and implementing
measures to prevent unauthorized access to applications.
Information Security: Protecting Data Integrity :
• Information security is concerned with protecting the confidentiality, integrity, and availability of
data.
• This includes implementing access controls, encryption, and backup systems to safeguard sensitive
information from unauthorized access, alteration, and loss.
Operational Security: Ensuring Procedural Safety
• Operational security involves implementing policies and procedures to
ensure the safe operation of systems and networks.
• This includes conducting regular risk assessments, training employees on
best practices, and establishing incident response plans to minimize the
impact of potential security incidents.
Disaster Recovery and Business Continuity: Planning for the Worst
• Disaster recovery and business continuity planning are essential to ensure
the timely recovery of critical systems and data in the event of a cyber
attack or other disruptive incidents.
• This involves creating backup systems, testing recovery procedures, and
establishing contingency plans to minimize downtime and maintain
business operations.
End-User Education: The Human Factor in Cybersecurity
• End-user education plays a crucial role in enhancing cybersecurity.
• It involves raising awareness among employees and individuals about the importance of
cybersecurity and providing them with the knowledge and skills to recognize and mitigate potential
risks.
• Regular training programs and awareness campaigns help create a culture of cybersecurity.
Mobile Security: Protecting On-the-Go Information
• With the proliferation of mobile devices, mobile security has become increasingly important.
• It involves implementing security measures to protect data stored on mobile devices, securing
wireless communication channels, and controlling access to corporate resources from mobile
devices.
Cloud Security:
• Cloud security involves measures to protect cloud applications and infrastructure from attacks.
• These activities ensure that data remains private and secure as it is transmitted between different
internet-based applications.
 TRAID :Pillar in Cyber Securtiy(Principles)
Confidentiality
• Restricts access to information to authorized individuals only
• Methods include access controls, encryption, and data
classification.
Integrity
• Ensures information is accurate and unaltered by unauthorized
parties.
• Techniques include checksums, access controls, and audit
trails.
Availability
• Guarantees that authorized users can access information when
needed.
• Strategies include redundancy, disaster recovery plans, and
load balancing.
 Information Security – AAA services Concept
• AAA services concept refers to identification, authentication, authorization,
auditing, and accounting
• Identification:
• This is the process where a user or system claims an
identity, such as entering a username or presenting an ID
card.
• It serves as the first step in the security process, laying the
foundation for the subsequent steps. Without identification,
the system cannot determine who is attempting to access it.
• Authentication:
• This step involves verifying the claimed identity by requiring
credentials like passwords, PINs, biometric data
(fingerprints, facial recognition), or security tokens.
• Authentication ensures that the person or system claiming
an identity is actually who they say they are, preventing
unauthorized access.
• Authorization:
• Once authenticated, the user or system is granted specific permissions and access levels. This
determines what actions they can perform and which resources they can access.
• Authorization ensures that even if a user is authenticated, they can only perform actions and
access resources they are explicitly allowed to, based on their role or policy.
• Auditing:
• This involves recording logs of events and activities within the system. It tracks user actions
and system changes.
• Auditing is crucial for detecting unauthorized activities, analyzing security events, and
ensuring compliance with security policies. It provides a historical record that can be used for
forensic analysis and accountability.
• Accounting (Accountability):
• This step involves reviewing the audit logs to ensure compliance with security policies and
holding users accountable for their actions.
• Accountability ensures that all actions can be traced back to specific users or systems,
helping to identify the responsible party in case of a security breach or policy violation. It
reinforces security by ensuring that users are aware their actions are being monitored and
recorded.
 NIST Cybersecurity Framework
• The NIST Cybersecurity Framework is a comprehensive
guideline developed by the National Institute of Standards and
Technology (NIST) to help organizations manage and reduce
cybersecurity risks.
• It is designed to improve the security and resilience of critical
infrastructure and other organizations.
• The NIST Cybersecurity Framework (CSF) 2.0 offers guidance to
industry, government agencies, and other organizations for
managing cybersecurity risks.
• It provides a taxonomy of high-level cybersecurity outcomes
that any organization—regardless of size, sector, or maturity—
can use to better understand, assess, prioritize, and
communicate its cybersecurity efforts.
Cyber Security Framework
Components
 The Cyber Security Framework(CSF)Core
• The Framework Core provides a set of desired cybersecurity
activities and outcomes.
• It is organized into five high-level functions, which are further
divided into categories and subcategories.
• These outcomes are designed to be understood by a broad audience,
including executives, managers, and practitioners, regardless of their
cybersecurity expertise.
• Additionally, the outcomes are sector-, country-, and technology-neutral,
providing organizations with the flexibility needed to address their unique
risks, technologies, and mission considerations.
• The first framework
component of the NIST
Cybersecurity Framework is
the framework core.
• The framework core
mostly contains guidance
information and
cybersecurity activities.
• It presents industry
standards in a way that
helps organizations tackle
cyber risks.
• GOVERN (GV): Establishes, communicates, and
• DETECT (DE): Finds and analyzes possible
monitors the organization's cybersecurity risk
cybersecurity attacks and compromises.
management strategy, expectations, and policies.
• It enables timely discovery and analysis of
• It integrates cybersecurity into the broader
anomalies and indicators of compromise
enterprise risk management strategy.
to support incident response and recovery.
• IDENTIFY (ID): Understands the organization's
• RESPOND (RS): Takes actions regarding
current cybersecurity risks, assets, and suppliers
detected cybersecurity incidents.
to prioritize efforts consistent with the risk
management strategy and mission needs. • It includes incident management, analysis,
mitigation, reporting, and communication
• It identifies improvement opportunities for
to contain the effects of incidents.
cybersecurity risk management.
• RECOVER (RC): Restores assets and
• PROTECT (PR): Uses safeguards to manage the
operations affected by cybersecurity
organization's cybersecurity risks.
incidents.
• It focuses on securing assets to prevent or
• It supports timely restoration of normal
mitigate adverse events and includes identity
operations and effective communication
management, access control, awareness and
during recovery efforts.
training, data security, and infrastructure
resilience.
• The CSF Functions are depicted as a wheel to illustrate
their interconnection, with GOVERN at the center
guiding the implementation of the other Functions.
• IDENTIFY, PROTECT, DETECT, RESPOND, and RECOVER
should be addressed concurrently and continuously,
with RESPOND and RECOVER actions ready for incident
response.
• GOVERN, IDENTIFY, and PROTECT help prevent and
prepare for incidents, while GOVERN, DETECT,
RESPOND, and RECOVER aid in discovering and
managing them.
• Each Function is divided into Categories and
Subcategories, applicable to all ICT, including IT, IoT,
and OT, as well as various technology environments
like cloud, mobile, and AI systems, adapting to future
technological changes.
 Implementation Tiers
The NIST Framework includes four implementation
tiers that reflect the extent to which an organization’s
cybersecurity risk management practices align with
the Framework's characteristics.

These tiers range from Partial (Tier 1) to Adaptive

(Tier 4) and represent increasing levels of rigor.

They describe how well cybersecurity risk

management is integrated into broader risk decisions
and the extent to which the organization exchanges
cybersecurity information with external parties.
Risk Management Process: The functionality and repeatability of cybersecurity risk management
•

•Integrated Risk Management Program: The extent to which cybersecurity is considered in broader risk
management decisions
•External Participation: The degree to which the organization benefits my sharing or receiving information from
outside parties
Tier 1: Partial
• Cybersecurity Risk Governance: Risk strategy is managed ad hoc, with
no formal prioritization based on objectives or threats.
• Cybersecurity Risk Management: Risk management is irregular and
case-by-case. There is limited internal information sharing and
awareness of supplier risks.
Tier 2: Risk Informed
• Cybersecurity Risk Governance: Risk management practices are
approved but not yet formalized organization-wide. Cybersecurity is
considered at some levels but not consistently.
• Cybersecurity Risk Management: Risk assessments occur but are not
repeatable. Cybersecurity information is shared informally, and
responses to supplier risks are inconsistent.
Tier 3: Repeatable
• Cybersecurity Risk Governance: Risk management practices are formalized as
policy, with defined, implemented, and reviewed processes.
• Cybersecurity Risk Management: Cybersecurity is managed organization-
wide, with consistent sharing of information and methods to respond to risks.
Supplier risks are formally addressed through agreements and monitoring.
Tier 4: Adaptive
• Cybersecurity Risk Governance: Cybersecurity risk management is integrated
into organizational culture, with clear understanding and consideration in
decision-making. Risk is monitored alongside financial risks, and budgets are
based on risk environment and tolerance.
• Cybersecurity Risk Management: Practices evolve based on lessons learned
and predictive indicators. Cybersecurity information is shared in real-time
within the organization and with third parties, adapting to new threats and
technological changes.
The Tiers outline a progression from informal, reactive responses to more agile, risk-
informed, and continuously improving approaches.

Choosing a Tier helps define how an organization will handle its cybersecurity risks.

These Tiers are meant to enhance, not replace, an organization's existing risk management
methods.

For example, they can serve as a benchmark for managing cybersecurity risks across the
entire organization.

Moving to higher Tiers is encouraged when risks increase, mandates change, or when a
cost-benefit analysis shows it is both feasible and cost-effective to improve risk
management.
 Profile
Profiles align the Framework Core with the business requirements, risk
tolerance, and resources of the organization.

They help organizations prioritize and measure progress toward the

target state of cybersecurity.

The Profile component helps organizations develop a plan to reduce

cyber risks while aligning with their goals.

By developing multiple profiles, organizations can identify weaknesses

and find opportunities to enhance their cybersecurity posture.
 Contd..
• A CSF Organizational Profile outlines an organization's current and target cybersecurity
status based on Core outcomes.
• It helps to understand, tailor, assess, prioritize, and communicate these outcomes by
considering mission goals, stakeholder needs, threats, and requirements.
Profiles include:
• Current Profile: Shows the outcomes currently achieved and their extent.
• Target Profile: Defines desired outcomes and considers future changes like new
requirements or technology.
• Community Profile: Provides a baseline of outcomes for shared interests among multiple
organizations, often specific to a sector or threat type. Organizations can use this as a basis
for their own Target Profile. Examples are available on the NIST CSF website.
Example:Organizational Profile to help inform continuous improvement of its
cybersecurity.
• Scope the Organizational Profile: Define the scope by documenting key facts and
assumptions.
• An organization can have multiple profiles with different scopes, such as covering the entire
organization or focusing on specific systems or threats.
• Gather Information: Collect relevant data such as policies, risk management priorities,
business impact analyses, cybersecurity requirements, and existing practices and tools.
• Create the Organizational Profile: Determine and document the necessary information for
the chosen CSF outcomes.
• Use insights from the Current Profile to guide Target Profile planning and consider using a
Community Profile for reference.
• Analyze Gaps and Create an Action Plan: Perform a gap analysis to identify differences
between the Current and Target Profiles and develop a prioritized action plan to address these
gaps.
• Implement and Update: Execute the action plan to close the gaps and move towards the
Target Profile.
• Regularly update the Profile and repeat the process as needed to ensure continuous
improvement.
Cybersecurity Management Process
 Contd..
The Cybersecurity Management Process is a structured approach to managing and improving
an organization's cybersecurity posture.
It typically involves several key steps:
• Identify: Understand and document the organization's assets, vulnerabilities, and threats.
Develop an inventory of assets, perform risk assessments, and define security
requirements based on business needs and regulatory obligations.
• Protect: Implement safeguards to secure assets and manage risks. This includes deploying
security controls, such as firewalls, encryption, and access controls, to protect against
identified threats.
• Detect: Establish mechanisms to identify and monitor cybersecurity events and anomalies.
This involves setting up detection systems, such as intrusion detection systems (IDS) and
security information and event management (SIEM) tools, to recognize potential security
incidents.
• Respond: Develop and execute incident response plans to address and manage
cybersecurity incidents. This includes defining response procedures, roles and
responsibilities, and communication strategies to handle and mitigate the impact
of security breaches.
• Recover: Plan and execute recovery efforts to restore normal operations after an
incident. This involves implementing recovery strategies, such as data backups
and restoration processes, and assessing the impact of the incident on the
organization.
• Review and Improve: Continuously evaluate and improve the cybersecurity
management process. This includes conducting regular reviews, updating policies
and procedures, and integrating lessons learned from incidents to strengthen the
overall cybersecurity posture
 Cyber Security Management Process: Best practice for Organization
• Understand Your IT Assets and Environment
• Know your IT resources, including data, devices, systems, networks, third-
party services, and technologies.
• Continuously assess and monitor your IT environment to identify
vulnerabilities.
• Deploy a Risk Management Strategy
• Create and maintain a cybersecurity risk management strategy.
• Define risk tolerance, create a risk profile, and include roles, incident
response, and escalation strategies.
• Integrate Cybersecurity into Company Culture
• Ensure cybersecurity policies and processes are implemented firm-wide.
• Communicate plans and procedures to all employees and stakeholders,
making cybersecurity a core company value.
• Use Continuous, Adaptive, and Actionable Risk Assessments
• Regularly assess and adjust to changing risks.
• Identify current vulnerabilities and emerging threats through ongoing
risk assessments.
• Implement Strict Security Protocols
• Use web application firewalls, secure personal devices, and enforce
strict security measures for remote workers.
• Apply automatic patching, strict access controls, and reliable backup
systems.
• Consolidate systems and data for easier management and security.
• Enhance Network Visibility
• Maintain real-time visibility into all areas of your network.
• Monitor for insider threats, third-party vulnerabilities, and human
errors to prevent and mitigate incidents.
 • A cybersecurity threat is a malicious and deliberate
attempt by an individual or organization to gain
unauthorized access to another's network to damage,
disrupt, or steal IT assets, computer networks,
intellectual property, or any other form of sensitive
data.
• Cybercrime: Involves individuals or groups targeting
systems for financial gain or disruption.
Cyber • Cyber-Attacks: A cyber attack is a deliberate and
Security Thre malicious attempt by an individual or organization
to breach the information systems of another
at and Attacks entity.
• These attacks aim to steal, alter, or destroy data,
disrupt operations, or compromise the
confidentiality, integrity, and availability of
information.
• Cyberterrorism: Aims to undermine electronic
systems to cause panic or fear.
 Threat Types
• Malware: Includes viruses, ransomware, and spyware. These malicious programs disrupt operations,
steal information, or damage systems.
• Social Engineering: Exploits human interactions to gain unauthorized access to valuable information
and systems. Phishing, a common form, tricks users into divulging sensitive data.
• Insider Threats: Originating within an organization, these threats can be accidental or malicious.
They are particularly dangerous as they bypass traditional security measures with legitimate access.
• Advanced Persistent Threats (APTs): Complex, stealthy, and prolonged attacks aimed at specific
targets to steal data or disrupt operations, often remaining undetected for long periods.
• Distributed Denial of Service (DDoS) Attacks: Overload systems with floods of internet traffic,
disrupting services and potentially serving as a smokescreen for more invasive attacks.
• Ransomware: Involves encrypting the victim’s data and demanding payment for decryption keys,
paralyzing critical systems and requiring significant financial payouts.
• Man-in-the-Middle (MitM) Attacks: Intercept communications between two parties to steal or
manipulate information.
• Supply Chain Attacks: Compromise software or hardware before it reaches the consumer, exploiting
trusted relationships.
Phishing is a cyber attack where attackers impersonate legitimate sources to
trick individuals into revealing sensitive information, such as passwords or
financial details, often via fraudulent emails, websites, or messages.
Email Phising: Cybercriminals send malicious emails that seem to come from
legitimate resources.
The user is then tricked into clicking the malicious link in the email, leading
to malware installation or disclosure of sensitive information like credit card
details and login credentials.
Spear phishing is a more sophisticated form of a phishing attack in which
cybercriminals target only privileged users such as system administrators
DNS Attack :A DNS Attack is a cyberattack in which cybercriminals exploit
vulnerabilities in the Domain Name System (DNS).
• The attackers leverage the DNS vulnerabilities to divert site visitors to
malicious pages (DNS Hijacking) and remove data from compromised
systems (DNS Tunneling).
 Cyber Kill Chain
• A cyber kill chain is a framework for analyzing and preventing cyber attacks.
• It breaks down attacks into phases, helping to understand and respond to threats like
ransomware or advanced persistent threats (APTs).
• This model helps you evaluate and improve your network and system security.
• Companies can use the cyber kill chain to proactively defend against cyber attacks by
understanding and addressing each attack phase.
• For example, during reconnaissance, monitoring network traffic and using threat
intelligence tools can help detect potential threats.
• Effective defensive measures, like email filters and web gateways, can block malicious
payloads, while the kill chain framework aids in incident response and investigation.
• Since hackers continually evolve their tactics, organizations should also use additional
defenses like network segmentation, user training, and ongoing monitoring to
complement the cyber kill chain.
STEP 1: RECONNAISSANCE

THE ATTACKER COLLECTS INFORMATION ABOUT THE TARGET BEFORE LAUNCHING THE ATTACK,
TYPICALLY BY SEARCHING FOR PUBLICLY AVAILABLE DATA ON THE INTERNET.
STEP 2: WEAPONIZATION

THE ATTACKER CREATES A MALICIOUS PAYLOAD USING AN EXPLOIT. THIS PREPARATION OCCURS
WITHOUT DIRECT CONTACT WITH THE VICTIM.
STEP 3: DELIVERY

THE ATTACKER SENDS THE MALICIOUS PAYLOAD TO THE VICTIM VIA EMAIL OR OTHER METHODS,
REPRESENTING ONE OF VARIOUS INTRUSION TECHNIQUES.
STEP 4: EXPLOITATION

THE EXPLOIT IS EXECUTED TO TAKE ADVANTAGE OF A VULNERABILITY, ALLOWING THE ATTACKER TO GAIN
ACCESS. THIS STEP IS ONLY RELEVANT WHEN AN EXPLOIT IS USED.
Step 5: Installation
• After gaining access, the hacker installs tools or malware to keep control of
the system.
• They might create processes or accounts to stay hidden, making recovery
expensive and complex. In severe cases, replacing all affected hardware
might be necessary.
Step 6: Command and Control
• The attacker establishes a command and control channel to manage the
compromised system remotely.
• This stage is crucial throughout the attack, not just when malware is
involved.
Step 7: Action on Objectives
• The attacker takes actions to achieve their goals within the victim’s network.
• This final phase involves a complex and extended attack process, often
involving numerous steps over an extended period.
 Vulnerability Assessment
What Is a Vulnerability?
• Vulnerabilities refer to errors or weaknesses within a system’s security protocols, structure,
execution, or internal management that could potentially breach the system’s security
policies.
What is a Vulnerability Assessment?
• A vulnerability assessment is the process of identifying, evaluating, and mitigating security
weaknesses in an information system’s infrastructure.
• It aims to find vulnerabilities, document them for future reference, and guide the
development of threat mitigation solutions.
• Regular assessments are crucial, especially when new equipment, ports, or services are
introduced.
• They help prevent attacks such as injection attacks ( SQL), weak default settings, malware,
faulty authentication, and unencrypted data.
 Objectives of Vulnerability Assessment:
• Identify all vulnerabilities
• Document vulnerabilities for future identification and solutions
• Provide guidance for developing threat solutions
Features ofVulnerability Assessment
• Scanning: Uses automated tools to scan for known vulnerabilities.
• Identifying Weaknesses: Identifies and prioritizes security
weaknesses.
• No Exploitation: Focuses on identification and reporting, not
exploiting vulnerabilities.
• Remediation Recommendations: Provides recommendations for
remediation and mitigation.
1.Asset and Vulnerability Identification:
• Identify scannable assets such as mobile devices, IoT devices, and cloud-based programs.
• Scan the infrastructure using automated tools or manually by security analysts.
• Populate a vulnerability assessment report outlining identified weaknesses.
2. Analysis:
• Determine the source and cause of each vulnerability.
• Verify and further analyze the components responsible for vulnerabilities.
• Use vulnerability scanners and databases to pinpoint weaknesses and analyze root causes.
3. Risk Assessment and Prioritization:
• Conduct a risk assessment based on vulnerability reports.
• Assign severity scores to each vulnerability, prioritizing the most dangerous ones.
• Rank vulnerabilities based on affected systems, information at risk, ease of attack, and potential damage.
4. Remediation and Mitigation:
• Security professionals and operations teams focus on alleviating weaknesses.
• Develop plans to prevent reoccurring vulnerabilities.
• Address the most severe and public-facing vulnerabilities first, followed by employee-owned devices and sensitive
information.
• Run assessments after patches or new systems are installed to identify and remedy new vulnerabilities.
Penetration Testing
• Penetration testing involves identifying vulnerabilities in computer systems
or networks by simulating attacks.
• The goal is to find weaknesses in security measures and exploit them to
access sensitive data.
• This process uses various tools, techniques, and software to simulate real-
world attacks and uncover potential security flaws.
• It involves attempting to exploit potential vulnerabilities in a controlled
environment to confirm their existence and potential impact on an application or
network.
• Penetration testing employs both automated and manual techniques to uncover
vulnerabilities.
• These weaknesses are then analyzed by researchers to develop specific
protections and defenses.
• However, penetration testing alone is not sufficient; it should be followed by a
comprehensive vulnerability assessment for a thorough evaluation.
 Features of Penetration Testing
• Active Exploitation: Involves actively exploiting vulnerabilities to
assess their impact.
• Realistic Scenarios: Simulates real-world attack scenarios to
identify potential entry points and damage.
• Manual and Automated Testing: Uses both manual techniques
and automated tools.
• Limited Scope: Focuses on specific target systems or components.
• Actionable Insights: Provides insights into the effectiveness of
security measures and the impact of successful attacks.
Planning
• In the planning phase, the consultant defines the project’s scope, objectives, and budget. They also
determine the target audience and establish the communication method.
Preparation
• Following plan approval, the consultant prepares for the test by gathering necessary tools,
equipment, documentation, and materials.
Execution
• The test commences once all preparations are complete. During execution, the consultant
conducts activities such as vulnerability scanning, enumeration, exploitation, mapping, re-
configuration, and monitoring.
Reporting
• After the test, security professionals compile a report outlining findings and recommendations.
This report includes details on identified vulnerabilities, affected systems, and proposed
remediation steps.
Ethical Hacking
• Ethical hacking involves the authorized and
legal practice of probing computer systems,
networks, or applications to identify
vulnerabilities and weaknesses that could
be exploited by malicious attackers.
• Ethical hackers, often referred to as "white
hat" hackers, perform these activities with
explicit permission from the system owner
and follow legal and ethical guidelines.
Benefits of Ethical Hacking
• Preventing Data Theft: Ethical hacking helps safeguard sensitive data from
being stolen or misused by malicious attackers.
• Identifying Vulnerabilities: By simulating attacks, ethical hackers uncover
vulnerabilities from an attacker’s perspective, allowing for the correction of
weak points.
• Enhancing Network Security: It supports the creation of a robust network
infrastructure that mitigates security breaches and strengthens defenses.
• Protecting National Security: Ethical hacking contributes to national
security by safeguarding critical data from potential terrorist threats.
• Building Trust: It fosters confidence among customers and investors by
demonstrating a commitment to protecting their data and ensuring
product security.
• Real-World Assessments: Provides practical, real-world evaluations of
network security, helping to effectively protect against potential threats.
Phases of Ethical Hacking
Phases of Ethical Hacking
Reconnaissance: The first phase involves gathering information about the target system or network. This can be done through a
variety of methods, such as open-source intelligence (OSINT), social engineering, and network scanning.

Scanning: Once the ethical hacker has gathered enough information, they will begin scanning the target system or network for
vulnerabilities. This can be done using a variety of tools, such as vulnerability scanners (Nessus, Nikto), port scanners (Nmap), and
network sniffers (Tcpdump, Wireshark).

Gaining access (Exploitation): Once the ethical hacker has identified a vulnerability, they will attempt to exploit it to gain access to the
target system or network. This can be done using a variety of methods, such as SQL injection, cross-site scripting (XSS), and password
cracking.

Maintaining access: Once the ethical hacker has gained access to the target system or network, they will need to maintain access in
order to complete their test. This can be done by installing malware, creating backdoors, or escalating their privileges.

Covering tracks: Once the ethical hacker has completed their test, they will need to cover their tracks to avoid being detected. This
can be done by deleting logs, removing malware, and restoring the system to its original state.
Types of Ethical Hacking
Web Application Hacking: Exploits security weaknesses in web applications to alter data,
gain unauthorized access, or perform other malicious actions.

System Hacking: Involves breaking into a computer system or network by exploiting its
vulnerabilities.

Web Server Hacking: Targets web servers to steal data, take control, or disrupt services.

Hacking Wireless Networks: Attacks wireless networks to access sensitive information like
Wi-Fi passwords and admin credentials, exploiting the fact that wireless networks transmit
data via radio waves.

Social Engineering: Tricks people into revealing confidential information or performing

actions that benefit the attacker. This method often plays on natural trust rather than
technical vulnerabilities.
 Types of Hackers
• Black Hat Hackers: These hackers exploit
vulnerabilities for malicious purposes, such as
stealing data or damaging systems. They are
not ethical and operate outside the law.
• Grey Hat Hackers: Hackers who may breach
systems without permission but do so without
malicious intent. They typically report
vulnerabilities to the organization after
discovering them, sometimes expecting a
reward or acknowledgment.
• White Hat Hackers: Ethical hackers who use
their skills to find and fix security
vulnerabilities. They work with organizations
to enhance their security systems and prevent
malicious attacks.
Cyber Law: Global and Local

• Cyber law, sometimes referred to as internet or

digital law, encompasses the legal rules and
frameworks that regulate digital activities.
• Cyber law addresses the legal aspects of
cyberspace, including the internet and computing.
• It covers a range of issues such as intellectual
property, contracts, jurisdiction, data protection,
privacy, and freedom of expression in the digital
realm.
• It addresses a wide array of issues, including online
communication, e-commerce, digital privacy, and
the prevention and enforcement of laws against
cybercrimes.
 Global Cyber Law:
• General Data Protection Regulation (GDPR) - EU: Regulates data protection and
privacy for individuals in the EU, setting strict rules on how personal data is collected,
used, and protected.
• California Consumer Privacy Act (CCPA) - U.S.: Provides California residents with
rights to know what personal data is being collected, how it is used, and the ability to
request its deletion.
• Digital Millennium Copyright Act (DMCA) - U.S.: Addresses copyright infringement
on the internet, including provisions for removing infringing content and safe harbor
protections for internet service providers.
• Computer Fraud and Abuse Act (CFAA) - U.S.: Criminalizes unauthorized access to
computers and networks, targeting cybercrimes such as hacking and data theft.
• Personal Information Protection and Electronic Documents Act (PIPEDA) -
Canada: Governs how private-sector organizations collect, use, and disclose personal
information, ensuring privacy protection for Canadian citizens.
• Data Protection Act 2018 (DPA 2018): This UK law complements the GDPR and
regulates how personal data is collected, used, and stored. It provides individuals with
rights regarding their personal data and sets out the responsibilities for organizations
handling this data.
Nepal's Cyber Related Law:
• Electronic Transactions Act (ETA) 2008
• National Cyber Security Policy,2080
• Cyber Security Byelaw, 2077 (2020)
• Online Child Safety Guidelines-2076
• National Information Technology Emergency Response
Team (NITERT) and Management Guide, 2075
 Global Cyber Security Index
• The Global Cybersecurity Index (GCI) is a reliable benchmark that
evaluates countries' commitment to cybersecurity on a global
scale.
• It aims to highlight the significance and various aspects of
cybersecurity.
• Given the extensive application of cybersecurity across different
industries and sectors, the GCI assesses each country's
development and engagement through five key pillars: (i) Legal
Measures, (ii) Technical Measures, (iii) Organizational Measures,
(iv) Capacity Development, and (v) Cooperation.
• These assessments are then compiled into an overall score.
• Nepal ranks 109th
out of 160 countries
on the National
Cyber Security Index,
and 94th on the
Global Cyber
Security Index.