Main Menu

My Account
Online Free Samples
   Free sample   Ethical hacking assignment proactive and adversarial approach to secure systems

Ethical Hacking Assignment: A Proactive & Adversarial Approach To Secure Systems

Question

Task:
For the practical part of this ethical hacking assignment, you will have to build three Virtual Machines (VM):

A Linux Server

  • You could use CentOS or Ubuntu Server
  • Minimum configuration required
  • DNS
  • An additional service of your own choice (e.g. DHCP, FTP, SMTP, SNMP etc)

A Client

  • Could be either Windows (Visa, 7, 8, 10 etc) or Linux (Fedora, Ubuntu etc)
  • You could create multiple copies of the client’s VM if you require more clients to demonstrate an attack

Attacker machine

  • Kali Linux (the most recent version is highly recommended)

Assignment Tasks and Deliverables
The main submission is a single individual report consisting of two parts as follows:

Part A
In this first part of the assignment, you are required to:

  • Provide a summary of the configuration steps on the server and client. Include screenshots to evident functionality at the client-side. Discuss the rationale behind service selection and configuration.
  • Demonstrate a minimum of 2 attacks against each of the two services configured. Any further and complex attacks will attract more marks. Log all the important and offensive events against your target including attacks detected, services’ logs nature, origin of the attack and damage caused. Support your demonstration with screenshots.
  • Critically reflect on countermeasures and prevention mechanisms applied to militate against your attacks.

Part B
In the second part of the report, you are required to write a short position paper to critically analyse and reflect on recent state-of-the-art attacks and hacking techniques, followed by a discussion on possible countermeasures.

Answer

PART A

Configuration steps on client and server
Server configuration (Linux Server)
In this project on ethical hacking assignment, the Ubuntu server has been utilized as a Linux server. In order to install the Ubuntu server, at first it is important to download the Ubuntu server ISO image. In This project, the Ubuntu server has been installed on the VMware virtual machine. After installing the Ubuntu server, DNS has been installed on this server.

DNS installation and configuration procedure: The installation and configuration steps of the DNS server are shown below:

DNS server configuration

DNS server installation in ethical hacking 1

Figure 1: DNS server installation in Linux OS (Victim Machine)

The above figure shows the installation procedure of DNS server. the ‘Sudo apt-get install bind9’ command has been utilized to install the DNS package.

DNS server installation in ethical hacking 2

Figure 2: Configuring IP address for DNS server in Victim Machine

In this step, IP addresses has been configured for DNS server.

DNS server installation in ethical hacking 3

Figure 3: Restarting DNS server In Victim Machine

The above figure shows, ‘systemctl restart bind9’ command has been utilized to restart the DNS server.

DNS server installation in ethical hacking 4

Figure 4: Configuring DNS server in Victim Machine

The above figure shows DNS server has been configured properly on the Linux server.

At first, the ‘Sudo apt -get update’ command has been utilized to update the system (Petersen 2020). After that, the ‘Sudo apt-get install bind9’ command has been utilized to install the DNS package. Furthermore, sudo apt-get install dnsutils’ command has been utilized to install DNS utilities. After that, NameServer has been configured on the Ubuntu server. ‘Sudo systemctl restart bind9’ command has been utilized to restart the DNS service. Then, the primary master server has been configured by configuring the forward file zone and reverse file zone. Finally, various kind of command has been utilized to verify that all the configurations are correct.

DHCP installation and configuration procedure: The below screenshot shows the installation and configuration of DHCP in the ubuntu server:

DNS server installation in ethical hacking 5

Figure 5: DHCP server installation on Linux server (Victim Machine)

The above figure illustrates Installation procedure of DHCP server. In order to install the DHCP server on the Ubuntu server, the ‘sudo apt install isc-dhcp-server’ command has been utilized.

DNS server installation in ethical hacking 6

Figure 6: Configuring interfaces for DHCP server in Victim machine

The above figure illustrates the procedure of interface configuration for configuring the DHCP server. Here, the Interfacev4 has been configured for DHCP server.

DNS server installation in ethical hacking 7

Figure 7: Modification of main configuration

The above figures show the modification of main configuration. Here, sudo vi /etc/dhcp/dhcpd.conf’ command has been utilized to open and modify the main configuration of the file.

DNS server installation in ethical hacking 8

Figure 8: Evidence of DHCP server configuration in Victim machine

The above figure illustrates that the DHCP server has been configured properly and it is active. Moreover, the DHCP is running and it is ready to provide dynamic IP addresses to the client devices.

In order to install the DHCP server on the Ubuntu server, the ‘sudo apt install isc-dhcp-server’ command has been utilized. After the completion of the DHCP server installation, a file has been edited to define the interfaces of the DHCP. Then, ‘sudo vi /etc/dhcp/dhcpd.conf’ command has been utilized to open and modify the main configuration of the file (LaCroix 2018). After that, an IP address has been provided to set up the DHCP server. Moreover, in this way, the DHCP server has been configured on the Ubuntu server.

Client
For this project, Windows XP has been utilized as a client. Enabling DHCP in the client machine are shown in the below figure:

DNS server installation in ethical hacking 9

Figure 9: Client Machine gets dynamic IP addresses from DHCP server

The above figure shows that the client device gets dynamic IP addresses from the DHCP server. The client computer has been mainly utilized to demonstrate the attack. At first, Windows XP has been downloaded from Microsoft. After that, VMware virtual machine has been launched for installing Windows XP. After the installation of Windows XP, it gets dynamic IP from the DHCP server of the Ubuntu server. In this project, the client machine is attacked by the attacker machine to identify the vulnerabilities of the DHCP and DNS service of the ubuntu server (Matotek, Turnbull and Lieverdink 2017). Multiple copies of the client virtual machine have been created to demonstrate the attacks.

Attacker Machine (Kali Linux)

DNS server installation in ethical hacking 10

Figure 10: Configuring attacker Machine (Kali Linux)

For this project, the kali Linux operating system has been utilized as an attacker machine. For the project, the most recent version of Kali Linux has been downloaded. Kali Linux is one type of open-Source Linux-based operating system that is mainly utilized for various information security tasks like reverse engineering, computer forensics, security research, and penetration testing. After installing the Kali Linux operating system, VMware has been launched to start the installation of Kali Linux. Furthermore, disk capacity and RAM have been increased to finish the installation procedure faster. After that, the BIOS mode of the Kali Linux operating system has been opened where the ‘graphical option’ has been selected. Furthermore, proper language and location have been selected. Moreover, after the completion of the installation, the Kali Linux operating system is ready for attack demonstration. BY utilizing the kali Linux application, brute force attack, open port attack, and penetration testing will be performed and demonstrated in this report. All these attacks are

The rationale behind service selection and configuration

DNS server installation in ethical hacking 11

Figure 11: Victim machine (Ubuntu Server)

In this experiment, the victim machine is Ubuntu server that is shown in above figure. The Ubuntu server is a Linux based server where DNS and DHCP has been configured.

DNS server installation in ethical hacking 12

Figure 12: Attacker machine (Attacker Machine)

Here, the attacker machine is Kali Linux that is shown in above figure. The kali Linux OS is utilized to exploit the victim machine.

In this project, the DHCP service is mainly selected and configured on the Linux server. The DHCP server is mainly utilized to dynamically assign the IP addresses to the client machine. The DHCP service is very easy to implement and reduces the static IP address configuration time. The DHCP service also prevents invalid or duplicate assignment of IP addresses. Hence, it simplifies the administration of the network. Along with the several benefits, the DHCP server also has some vulnerabilities. The DHCP service of the Ubuntu server has no secure mechanism for client authentication. Therefore, by performing various kinds of attacks, attackers can gain unauthorized access to IP addresses that belong to DHCP clients. Moreover, the service has been selected and configured to demonstrate the vulnerability of the DHCP services. The DHCP server is vulnerable because it runs over the user datagram protocol and one side of this UDP communication does not comprise any IP address during the conversation.

Demonstration of attacks
In this project, the kali Linux operating system has been utilized to demonstrate the attack. At first, an open port scan has been performed to identify the open port of the ubuntu server. After that, on the basis of an open port, attacks have been performed. The screenshots of the open port scan are provided below:

DNS server installation in ethical hacking 13

Figure 13: nmap scanning using Kali Linux

DNS server installation in ethical hacking 14

Figure 14: nmap scanning using Kali Linux

The above screenshots illustrates that the Nmap command has been utilized to identify the open port of the server. From the analysis, 53 port is found open. Therefore, all the attacks have been performed on the 53 port. The DNS server of the ubuntu server utilizes this port for performing all the UDP activities. DNS server of the ubuntu server is mainly designed to utilize both the TCP and UDP port 53.

DNS lookup attack
The first attack is performed DNS lookup attack. Kali Linux operating system has been utilized to perform this attack. In order to perform this attack, the ‘Dig’ command has been utilized. By the utilization of this command, it is possible to get the list of the Root DNS servers. This attack helps to get the IP address of the server. The below screenshot shows the evidence of a DNS lookup attack:

DNS server installation in ethical hacking 15

Figure 15: DNS lookup attack

The above figure illustrates the evidence of DNS lookup attack. By performing this attack, the list of root DNS servers has been identified. The attack has been performed to bypass the web-browsers same origin policy. By performing this kind of attack, an attacker is able to gain total control of a home network. Therefore, it is important to prevent this of attack by properly configuring the DNS name server.

Reverse DNS lookup attack
This attack is mainly performed to get the hostname of the server. By performing the reverse DNS lookup attack, it is possible to convert the IP address into its hostname. In order to perform this attack, the IP address has been written in the reverse order and then “.in-addr.arpa” command has been append with it. After that, a query has been made for the PTR record through the utilization of DIG. The below screenshot shows the evidence of the reverse DNS lookup attack:

DNS server installation in ethical hacking 16

Figure 16: Reverse DNS Lookup attack

In order to perform this attack, the IP address has been written in the reverse order and then “.in-addr.arpa” command has been append with it. After that, a query has been made for the PTR record through the utilization of DIG. The above screenshot shows the evidence of the reverse DNS lookup attack. By performing this attack, it is possible to exploit the DNS server of the victim machine.

DNS zone transfer attack
In order to demonstrate the attack, fierce.pl tool has been utilized to demonstrate the attack. Fierce is one of the best and renowned tools that have been utilized for DNA analysis. “perl fierce.pl -dns ns1.internal.example.org” command has been utilized for this attack. The zone transfer is the biggest security issue as it reveals various kinds of confidential information about the domain. Therefore, the information about the domain increases the attack vector. In order to safeguard the nameserver from leaking sensible information, it is important to allow the zone transfer to different nameservers of the identical domains only. The below screenshot shows the details of the DNS zone transfer attack:

DNS server installation in ethical hacking 17

Figure 17: DNS zone transfer attack

The above figure demonstrates the DNS zone transfer attack by using the fierce.pl tool in Kali Linux and after scanning it found 0 entries for the same. By performing this attack, various kind of confidential information regarding the domain has been retrieved. By utilizing the information about domain, The DNS nameserver has been exploited. The above figure illustrates that the attacker machine performs total 1917 tests and from the test various subnets has been found. Furthermore, the subnets have been utilized to exploit the DNS nameserver.

Brute Force attack
Brute force attack is one of the dangerous attacks. This attack is mainly a cryptographic attack that continuously guesses a probable combination of targeted passwords until it discovers the correct password (Ahmed, Kim and Park 2017). In order to perform this attack, dnsenum -h command has been utilized. This command is very useful for automatic identification of basic DNS records like domain name servers, NS, mail exchange servers, MX, and many more. The evidence of this attack is shown in below figure:

DNS server installation in ethical hacking 18

Figure 18: Brute force attack in Kali

In order to perform this attack, dnsenum -h command has been utilized. This command is very useful for automatic identification of basic DNS records like domain name servers, NS, mail exchange servers, MX, and many more. The evidence of this attack is shown the above figure. In this experiment, brute force attack has been performed to hijack the system for malicious activity. By hijacking the system, the DNS records has been identified and further the data has been utilized to exploit the victim machine. Therefore, the cybercriminals also perform this kind of attack, to spreading malware that causes disruption. The ‘dnsenum -h’ command also shows all NS records for zone transfer, check for wildcard resolution, and further perform a PTR record lookup.

Countermeasures and prevention mechanisms to mitigate the attacks
After configuring the DHCP and DNS on the Linux server, a few attacks have been performed to demonstrate the vulnerabilities of the system so that proper mitigation steps can be taken to prevent various types of cyber-attacks. Cyberattacks are the technique used by hackers for taking advantage of the victim's machine through various means such as phishing, viruses, malware, and many other sources. The main intention of this is to steal personal information or minimize the functionality of the victim’s computer. The attacks that have been demonstrated in the previous section can be mitigated through Pentest Approach, which is a simulated attack that is carried out on the systems for identifying the potential vulnerabilities. The approach performs multiple breaches such as backend servers or APIs on the available systems. There are multiple phases of this Pentest approach, which are discussed below:

Planning: In this phase of the Pentest approach, both the scope and strategy of the testing are determined

Identification: In this phase, the system information is gathered for carrying out the vulnerability testing of the system.

Attacking: The professional performs some simulated attacks on the system to exploit certain vulnerabilities

Reporting: In this phase, the professional generates a detailed report on various risks that are recognized during the attacks.

In order to mitigate Brute force attack, there are multiple countermeasures that can be implemented. Some of the countermeasures include the following:

  • Configuring the SSH so that the root user becomes inaccessible
  • Changing the default port by using the sshd_config file
  • Using CAPTCHA will make the automated bots ineffective
  • The login attempt to a specific IP address should be limited to overcome the forcefully access
  • Implementing 2FA or 2-factor authentication will significantly minimize the data breaches.
  • The Login URLs should be unique
  • The server logs should be monitored diligently for maintaining the system.

On the other hand, the DNS Zone transfer attack can also be prevented by the following steps:

  • The zone transfer must be allowed form the trusted IPs only

The following code can be implemented in the BIND DNS server that can be accessed through etc/named.conf

DNS server installation in ethical hacking 19

  • Moreover, TSIG or Transaction Signatures should be used for the Zone Transfer
  • Regular audits of the DNS Zones should be carried out
  • The DNS servers should be updated regularly
  • The BIND version should be hidden by modifying the named.conf that could be found in /etc/named.conf
  • Restricting the Zone transfers by modifying the main configuration file of the BIND and add the new configuration that is mentioned below:

DNS server installation in ethical hacking 20

Various insights from this approach could be utilized for fine-tuning the overall security policies of an organization. Five types of Pentest can be performed on the systems for the identification of vulnerabilities, which includes a web application, social engineering, network services, wireless, and client-side. These approaches can be used for vulnerability testing as this is one of the oldest security testing approaches in which ethical hackers are allowed to simulate real scenario cyber-attacks for testing various systems. After completing the Pentest, a detailed report is generated that includes all the weaknesses of the organizations, which contains different actionable and clear steps to mitigate the security risks. The risks are recognized as per their priorities and help to mitigate the vulnerabilities according to their priority.

Sometimes Brute force attacks steal the credentials for gaining the administrative accounts. Brute force attack has also been demonstrated in the report. Sometimes brute force attacks can include a botnet for carrying out DDoS attacks. There are various types of brute force attacks and only software updates are not enough to protect against these types of attacks. However, these attacks could be mitigated by taking multiple steps such as using strong passwords, restricting access for authenticating the URLs, restricting the login attempts, using Captchas, and implementing two-factor authentication.

Moreover, the report has demonstrated some open ports after performing the open port scanning on the target machine. Any service that is internet-connected needs particular ports to get opened for functioning. On the other hand, when authentic services get exploited using code, malicious services could get introduced through malware and cybercriminals could utilize these services in combination with the open ports for accessing sensitive data. Some of the known ports and services include Port 80, Port 20, 21, Port 20, Port 53, and Port 110. The majority of cyber attackers check for various open ports to access the network and carry out malicious activities. Some recommendations to mitigate the risks of open ports are discussed below:

Identifying the open ports: This is the first step towards scanning the open ports that include various applications and other devices that are connected to the network. It also helps in understanding whether the configurations are accurate.

Comprehending the port usage: An organization does not need all the ports to get opened and it needs to be understood for checking its usage. Different scanning tools can be used to check for the open ports and their usage.

Identifying services: Various services will get connected with different ports across the network the and if any protocol or process does not get recognized, it could be considered as a security vulnerability.

Closing the risky ports: The identified open ports need to be closed according to their users so that they cannot be exploited.

PART B Abstract
Technology is rapidly evolving. However, due to cyber-attacks, several corporate organizations and its user are finding it difficult to protect their devices. As the private and public organization relocates a greater amount of their general capacities to the Internet, the criminals are getting greater chances to encourage and force to access confidential information through various web applications. Hence, the requirement of protecting the systems from aggravation of hacking developed by hackers is to improve the system professionals who will fight back the illicit attacks on computing systems. In this way, in order to overcome these actual problems, the white cap hackers or ethical hackers appeared. Therefore, for identifying the corresponding vulnerabilities, in-depth knowledge of several types of state-of-art attacks and threats are mandatory. The specific report has been aimed at analyzing some of the major recent state-of-art attacks and hacking procedures in digital technologies. Therefrom some of these arts, the cyber-attacks are one of them. Moreover, some prevention mechanisms and possible countermeasures have been discussed in the report as well.

Introduction
Cyber-attacks are becoming common in the world of digital technology. Therefore, one of the impacted devices is the devices of the Internet of Things (IoT) like commonly used computers, smart automobiles, and typical corporate servers. In this way, the attacks and their related techniques have been selected in this study. In this case, the analysis will be done based on the present attacks related to these devices. The report will explain that it will provide awareness on similar as well as measures, which required to be put in the place to increase the device security. Although, by the study, robust information plus suggestion will be delivered on how to make improvements on information security.

The present solutions for protecting the networks are the Intrusion Detection system. Penetration testing, application layer gateways (ALG), and packet filters (PF). The ALG and PF are utilized to monitor traffic that penetrates a network and leaves that network based on information packets (Baloch 2017). Smart devices have several types of connectivity options like LTE, Bluetooth, Wi-Fi, and universal computing features, which makes them a vital portion of a human’s regular life. Recent technologies such as Voice over Internet Protocol (VoIP) and smartphone messengers like Skype, Viper, and WhatsApp offers free-of-charge facilities of expensive cellular network services. The professionals that work for the cybersecurity domain are challenged by the upsetting impacts of DNS servers, DDoS and wireless attacks.

Discussion
Analysis of the latest attacks and techniques of hackers
In this study, certain state-of-art attacks have recently occurred. One of the basic attacks is the botnet attack based on IoT that managed to compromise several IoT devices. The attack was referred to compromise between various devices of IoT. The attack was referred to consist of malwares around 78%. Certain malicious activities involve in the attacks consist of data theft, illegal access, and credential leaks as well as distributed Denial of Services. The owner of the bot monitored to gain the access to numerous devices, where they performed illegal activities (Nicholson 2019). It made the utilization of special Trojan viruses in order to attack the systems of computer security along with Internet of Things devices before executing control software and commands. It enabled them to perform malicious activities on a wide scale. For instance, in August, in the year 2020, a credential shifting was reported where a botnet that includes 13000 members has sent almost 2, 70, 000 login requests per hour against the number of clients of Akamai company.

It seems to appear that ethical hacking is the preferred way to find vulnerabilities in the system by the acceptance of an organization. This paper, will be considering a look at data reference to the ethical hacker (Patil et al. 2017). Moreover, the techniques of hacking along with hurdles can occur across the work and therefore certain things must be avoided by the hackers in order to remain secure.

Method of attacks
With regards to penetration tests, it is probably the best strategy for a great assault that can be applied to find if there are any vulnerabilities in the IT foundation. It is an open test that is utilized for assessing the degree of client adherence to the association strategies of the security. This test assaults the workers, Web applications, cell phones, network gadgets, and others; and when the framework is obliged, at that point the programmer will start another later advance for accomplishing the more elevated level of getting to the inward resources and data of the framework (Wallingford, Peshwa and Kelly 2019). It is now the consequence of an assault that should be gotten by the IT and organization chiefs to control these vulnerabilities.

This test is vital to shielding the framework from any hacking that can occur because of the framework vulnerabilities. This need due to the extreme misfortunes that may occur by the break that has happened by tainting the framework that has the monetary data. "The sole reason for infiltration testing is to quantify the achievability of frameworks or end-client bargain and assess all connected outcomes such occurrences may have on the elaborate assets or tasks.

Types of Attacks
With regards to assaults there are a few kinds of assaults that can be applied to hack this framework; like social designing, listening in, malware, and phishing. These fall under the category of impacts over DNS server attacks, Wireless and VoIP attacks.

Social engineering: This is likely one of the simplest hacking ways, in a request of utilizing exceptionally touchy data from the most vulnerable connection (who are the representatives) in the organization. This strategy for hacking may utilize the representation that there is a crisis matter. This assault is known since all the associated resources might be secured, and human nature likes to help any individual who needs that.

Phishing: which is utilizing the produced messages to deceive the clients to open this counterfeit connection, when the client feels that this is a genuine email comes from the genuine monetary establishment

Eaves-dropping: it is the seeing of the corresponding data that might be found in the organization traffic or the remote organization traffic, and utilizing the information sent by the messages, sessions of web browsing, transfer of files, and others. This sort of assault is known as sniffing which includes Wireless network sniffing, packet sniffing, and more.

Malicious code: It is known as Malware, and it works by misusing the shortcomings (vulnerabilities) in the working framework programming. "While malevolent code spreads through .exe documents and email, most noxious code is moved by means of internet browsers. Vulnerabilities in internet browser projects and end-client working frameworks have brought about a flood of sites with worked in vindictive code that is downloaded to clueless casualties who visit those locales.

Injection: It happens when input untrusted information into the translator of inquiries, for example, the SQL inquiries. The programmer misuses this focused on a translator, and afterward he/she can take, make, erase, or alter the information (Meghana 2019). To shield all and any data from these vulnerabilities to ensure from the information prior to contributing it (Wallingford, JPeshwa and Kelly 2019). Additionally, there is a need to utilize a safe boundary or stay away from the mediator by utilizing the defined interface. For instance, of the characters that nearly utilized for assaulting the backtick ('), the two-fold scramble (- -), and the semicolon (;), for example, the closure of the data set distantly: Username: ‘xxxxxxxxxxxxxxxx' Password: '; closure.

Difficulties that should expect by the ethical hackers
Within ethical hacking, an individual should be aware of complexities with other’s work in this field such as system staff adherence and all the staff with core policy and rule of the company. When closely looking, there was no hole in the systems to be attacked by an attacker. Therefore, on either side, it can be because of protective techniques that were found on the system, which cause it to be difficult moving to be seized (Yaacoub et al. 2021). Hence, it could be due to various network types, proxies, hence, it must follow certain rules by a professional hacker in order to be successful in being accomplishing the mission.

Avoidance by ethical hackers
Certain avoidance can be done by professional hackers like:

  • Avoiding the utilization of Windows Operating Systems: Windows has various vulnerability types, which can be exploited by attackers.
  • Avoiding the utilization of direct Internet connection: It is because, all the Internet access across doesn’t have VPN access, which helps a system using encryption technology in order to secure data (Khokhar and Tran 2019). Therefore, IP address discovery is the only way to track the systems.
  • Avoiding the utilization of an actual e-mail address: An email address can be a victim of attacks and therefore, it is recommended to apply a fake email address as most of the system doesn’t contain Virtual private network mechanisms. Therefore, the record of an illegal attacker can accomplish the information of email regarding ethical hacker.
  • Avoid using public Wi-Fi: Professional hackers should avoid the usage of public hotspots (Saha et al. 2019). The ethical hacker should stay far from public router access because a legal system can be affected by router access.
  • Utilizing Google: Google server and its website make it easy to track everything a user does to serve the adverts that the user might execute to click on. Therefore, there are some ways to access the site without compromising the user’s identity.

Countermeasures
To take measures against botnet assaults, you need to comprehend that a botnet is only an assortment of web associated gadgets which are under the order and control of a botnet proprietor. The proprietor may be a programmer. Accordingly, a botnet can be used to dispatch a few sorts of assaults. Consequently, one of the procedures to secure against this assault is to apply profound figuring out how to recognize and moderate this assault that objectives IoT organizations. Profound learning accompanies calculations that can be used best to relieve this assault. Then again, cloud security answers for recognizing and ensuring frameworks against this assault can be used. Bot directors can be used, whereby they help in location, recognizable proof, and the executives of botnets at the edge before they even reach your gadgets server farms (Khan 2020). Bot director is coordinated with different security arrangements, for example, dispersed refusal of administration insurance just as web application firewall hence making it the security of an extensive and successful application.

It is vital to organize a comprehensive set of inventory resources and classify entire resources based on risk and sensitivity. It is vital to:

  • Configure access controls with the least privilege in mind.
  • Continuously applying patch vulnerabilities based on risk evaluation
  • Using preventive technology of protection like email spam filtering, anti-malware, and anti-virus tools (Patil et al. 2017)
  • Conduct awareness training of security between contractors and staffs
  • Make regular back-ups in systems.

Hence, when it comes to evaluating the leading vulnerabilities of security faced by recent corporate firms.

Conclusion
When it comes to ethical hacking, it is an event of a long way in finding the vulnerabilities in the systems by corporate firms. In this specific research report, the meaning of ethical hacking and the professional has been explored as well as explained. The best way to explore this technique of hacking is the penetration testing methods. The particular report has explained and explored numerous hurdles, which could occur possibly through various types of attacks. The countermeasures of those attacks have also been described in this report along with pointed out the things that should be avoided by professional ethical hacker’s stay concealed before appearing.

References
Ahmed, M.E., Kim, H. and Park, M., 2017, October. Mitigating DNS query-based DDoS attacks with machine learning on software-defined networking. In MILCOM 2017-2017 IEEE Military Communications Conference (MILCOM) (pp. 11-16). IEEE.

Baloch, R., 2017. Ethical hacking and penetration testing guide. CRC Press.

Khan, U.P., 2020. Ethical Hacking and Countermeasures Web Applications and Data Servers. Cyberpolitik Journal, 5(10), pp.309-311.

Khokhar, U.M. and Tran, B., 2019, September. Fundamentals of Ethical Hacking and Penetration Testing. In Proceedings of the 20th Annual SIG Conference on Information Technology Education (pp. 149-150).

Meghana, K.R., 2019. Ethical Hacking and Penetration Testing Using A mini computer.

LaCroix, J., 2018. Mastering Ubuntu Server: Master the art of deploying, configuring, managing, and troubleshooting Ubuntu Server 18.04. Packt Publishing Ltd.

Matotek, D., Turnbull, J. and Lieverdink, P., 2017. Infrastructure Services: NTP, DNS, DHCP, and SSH. In Pro Linux System Administration (pp. 417-471). Apress, Berkeley, CA.

Nicholson, S., 2019. How ethical hacking can protect organisations from a greater threat. Computer Fraud & Security, 2019(5), pp.15-19.

Patil, S., Jangra, A., Bhale, M., Raina, A. and Kulkarni, P., 2017, September. Ethical hacking: The need for cyber security. In 2017 IEEE International Conference on Power, Control, Signals and Instrumentation Engineering (ICPCSI) (pp. 1602-1606). IEEE.

Petersen, R., 2020. Ubuntu 20.04 LTS Server: Administration and Reference. Surfing Turtle Press.

Saha, S., Das, A., Kumar, A., Biswas, D. and Saha, S., 2019, August. Ethical hacking: redefining security in information system. In International Ethical Hacking Conference (pp. 203-218). Springer, Singapore.

Wallingford, J., Peshwa, M. and Kelly, D., 2019. Towards understanding the value of ethical hacking. In International Conference on Cyber Warfare and Security (pp. 639-XIV). Academic Conferences International Limited.

Wallingford, J., Peshwa, M. and Kelly, D., 2019. Towards understanding the value of ethical hacking. In International Conference on Cyber Warfare and Security (pp. 639-XIV). Academic Conferences International Limited.

Yaacoub, J.P.A., Noura, H.N., Salman, O. and Chehab, A., 2021. A Survey on Ethical Hacking: Issues and Challenges. arXiv preprint arXiv:2103.15072.

NEXT SAMPLE

Related Samples

Question Bank

Looking for Your Assignment?

Search Assignment
Plagiarism free Assignment

FREE PARAPHRASING TOOL

PARAPHRASING TOOL
FREE PLAGIARISM CHECKER

FREE PLAGIARISM CHECKER

PLAGIARISM CHECKER
FREE PLAGIARISM CHECKER

FREE ESSAY TYPER TOOL

ESSAY TYPER
FREE WORD COUNT AND PAGE CALCULATOR

FREE WORD COUNT AND PAGE CALCULATOR

WORD PAGE COUNTER



AU ADDRESS
9/1 Pacific Highway, North Sydney, NSW, 2060
US ADDRESS
1 Vista Montana, San Jose, CA, 95134
ESCALATION EMAIL
support@totalassignment
help.com