SRINIVAS UNIVERSITY

INSTITUTE OF ENGINEERING AND

TECHNOLOGY
MUKKA, MANGALURU

DEPARTMENT OF CYBER SECURITY AND CYBER FORENSIC

ENGINEERING

NOTES
ON
ETHICAL HACKING AND NETWORK DEFENSE
SUBJECT CODE: 19SCSF73

COMPILED BY:
Mrs. SWATHI R, Assistant Professor

2023-2024
 MODULE 1
INTRODUCTION TO ETHICAL HACKING AND NETWORK
DÉFENSE

Introduction to Ethical Hacking-Understanding the concept of ethical

hacking
Ethical Hacking Defined:

 Ethical hacking involves authorized and controlled penetration testing of computer

systems, networks, and applications.
 Ethical hackers, also known as white hat hackers, identify vulnerabilities and
weaknesses before malicious hackers can exploit them.

Goals and Purpose:

 The primary goal of ethical hacking is to enhance security by proactively identifying

and mitigating potential risks.
 Ethical hackers help organizations uncover vulnerabilities that might not be apparent
through regular security assessments.

Authorized Testing:

 Ethical hacking is conducted with proper authorization from the system owner.
 Authorization ensures that ethical hackers have the right to assess and test the security
of systems, networks, and applications.

Legitimate Approach:

 Ethical hacking is a legitimate approach that helps organizations maintain a strong

security posture.
 It allows organizations to identify weaknesses, make informed decisions about
security improvements, and prevent potential breaches.

Scope and Objectives:

 Ethical hacking methodologies involve following predefined processes and

frameworks for testing.
 Objectives include identifying vulnerabilities, evaluating security measures, and
recommending solutions to enhance defense mechanisms.

ETHICAL HACKING AND NETWORK DEFENSE (19SCF73) Page 1

Differentiating Ethical Hacking from Malicious Hacking:

 Ethical hacking is authorized and aims to improve security.

 Malicious hacking is unauthorized and seeks to exploit vulnerabilities for personal
gain.

S.
Hacking Ethical Hacking
No.

Hack system to reduce

Steal valuable information of company and
vulnerabilities of company’s
individual for illegal activity
1. system

Legal practice, authorized by the

Illegal practice and considered a crime
2. company or individual

Such types of hackers are called black-hat Such types of hackers are called
3. hackers white-hat hackers

Such hackers try to access restricted networks

Such hackers create firewalls and
through illegal practices and reduce the
security protocols.
4. security of data.

They work with different

They work for themselves for dirty money. government agencies and big tech
5. companies.

Ethical Guidelines:

 Ethical hackers adhere to a set of guidelines and a professional code of conduct.

 These guidelines ensure responsible, lawful, and ethical behavior during the testing
process.

Ethical Hacker's Role:

 An ethical hacker's role is not to cause harm but to find vulnerabilities and report

ETHICAL HACKING AND NETWORK DEFENSE (19SCF73) Page 2

 them to the organization.
 They play a crucial role in preventing security breaches and safeguarding sensitive
information.

Ethical Hacking Methodologies and Objectives

Methodologies:

Ethical hacking follows a systematic approach to ensure comprehensive testing.

Common methodologies include the following phases:
 Reconnaissance: Gathering information about the target system, network, or
application.
 Scanning: Identifying active hosts, open ports, and services.
 Gaining Access: Attempting to exploit vulnerabilities to gain unauthorized access.
 Maintaining Access: Ensuring persistent control over the compromised system.
 Covering Tracks: Erasing traces of the attack to remain undetected.

Objectives:

ETHICAL HACKING AND NETWORK DEFENSE (19SCF73) Page 3

 1. Identify Vulnerabilities:

 Ethical hackers aim to uncover vulnerabilities that could potentially be

exploited by malicious hackers.
 This involves searching for weak points in software, hardware,
configurations, and security policies.

2. Evaluate Security Measures:

 Ethical hackers assess the effectiveness of an organization's security

measures.
 They test the ability of firewalls, intrusion detection systems, access controls,
and encryption methods to withstand attacks.

3. Recommend Solutions:

 After identifying vulnerabilities, ethical hackers provide recommendations to

address them.
 These recommendations guide organizations in improving their security
posture and implementing necessary safeguards.

4. Improve Incident Response:

 Ethical hacking helps organizations understand potential attack vectors and

vulnerabilities.
 This knowledge aids in developing better incident response plans to mitigate
and respond to future attacks.

5. Verify Compliance:

 Ethical hacking can help organizations ensure compliance with industry

standards and regulations.
 By identifying security gaps, organizations can take corrective actions to meet
compliance requirements.

6. Enhance Security Awareness:

 Ethical hacking activities can raise security awareness among employees and
stakeholders.
 Organizations can use findings from ethical hacking to educate staff about the
importance of following security best practices.

7. Prevent Data Breaches:

 By identifying and addressing vulnerabilities, ethical hackers contribute to

preventing data breaches.
 This protects sensitive information from falling into the wrong hands.

8. Build Trust:

ETHICAL HACKING AND NETWORK DEFENSE (19SCF73) Page 4

  Ethical hacking helps organizations build trust with customers, partners, and
stakeholders.
 Demonstrating proactive efforts to secure systems enhances an organization's
reputation.

Networking Basics:

 Network: A group of devices interconnected to share resources and communicate.

 Devices: Computers, servers, routers, switches, printers, and more.
 Topology: Physical arrangement of devices and connections (e.g., star, bus, mesh).

Protocols and Communication:

 Protocol: A set of rules governing data exchange between devices.

 IP Addressing: Unique numerical identifier for devices on a network.
 Subnetting: Dividing larger networks into smaller segments for efficient management.
 Routing: Directing data between networks based on IP addresses.
 Ports: Numerical identifiers for different services on a device.
 Common Networking Protocols:

 TCP/IP (Transmission Control Protocol/Internet Protocol): Foundation of the Internet,

responsible for data transmission.
 HTTP (Hypertext Transfer Protocol): Used for web browsing.
 HTTPS (HTTP Secure): Encrypted version of HTTP, ensuring secure communication.
 FTP (File Transfer Protocol): Used for transferring files between systems.
 SMTP (Simple Mail Transfer Protocol): Sending emails between servers.
 POP3 (Post Office Protocol 3): Retrieving emails from a server.
 IMAP (Internet Message Access Protocol): Managing emails on a mail server.
 DNS (Domain Name System): Translates domain names into IP addresses.

IP Addressing:

 IPv4 (Internet Protocol version 4): 32-bit address written as four decimal numbers
(e.g., [Link]).
 IPv6 (Internet Protocol version 6): 128-bit address using hexadecimal notation (e.g.,
[Link]).

Subnetting:

 Subnet: A portion of a larger network.

 Subnet Mask: Divides an IP address into network and host portions.

ETHICAL HACKING AND NETWORK DEFENSE (19SCF73) Page 5

  CIDR (Classless Inter-Domain Routing): A way to specify IP addresses and their
subnet masks.

Routing:

 Router: Device that directs data between networks.

 Default Gateway: Router used to send data to other networks.
 Static Routing: Manual configuration of routing paths.
 Dynamic Routing: Routers exchange routing information to determine paths.

Ports and Protocols:

 Port: Logical endpoint for communication.

 Well-Known Ports: Ranges from 0 to 1023, reserved for standard services.
 Registered Ports: Ranges from 1024 to 49151, used for various applications.
 Dynamic/Private Ports: Ranges from 49152 to 65535, used for temporary purposes.

OSI Model (Open Systems Interconnection)

Overview:

Framework for understanding and standardizing networking functions. Divides networking into
seven distinct layers, each with specific tasks.

Layer Breakdown:

1. Physical Layer:

 Deals with physical connections and media.

 Transmits raw binary data over a physical medium.

2. Data Link Layer:

 Manages data frames, error detection, and MAC addresses.

 Provides a reliable link between directly connected nodes

3. Network Layer:

 Focuses on routing and forwarding data packets.

 Uses IP addresses for device addressing and routing.

4. Transport Layer:

 Manages end-to-end communication.

 Segments and reassembles data, provides error checking.
 Common protocols: TCP (reliable) and UDP (connectionless).

ETHICAL HACKING AND NETWORK DEFENSE (19SCF73) Page 6

5. Session Layer:

 Manages communication sessions between devices.

 Establishes, maintains, and terminates connections.

6. Presentation Layer:

 Translates data between the application and network formats.

 Handles data encryption, compression, and data format conversion.

7. Application Layer:

 Provides user interfaces and application services.

 Includes protocols like HTTP, FTP, SMTP, and more.

TCP/IP Suite (Transmission Control Protocol/Internet Protocol)

Overview:

Foundation of the modern internet and networking. Simplified model with four layers that
map to the OSI model.

Layer Breakdown:

1. Network Interface Layer:

 Equivalent to OSI Physical and Data Link layers.

 Handles physical connection and addressing using MAC addresses.

2. Internet Layer:

 Equivalent to OSI Network layer.

 Manages IP addressing, routing, and packet forwarding.
 Includes IP (IPv4 and IPv6) and ICMP.

ETHICAL HACKING AND NETWORK DEFENSE (19SCF73) Page 7

3. Transport Layer:

 Equivalent to OSI Transport layer.

 Manages end-to-end communication and data segmentation.
 Includes TCP (reliable) and UDP (connectionless).

4. Application Layer:

 Combines aspects of the OSI Session, Presentation, and Application layers.

 Provides application services and user interfaces.
 Includes protocols like HTTP, FTP, SMTP, and more.

Understanding network architecture

Computer Network Architecture is defined as the physical and logical design of the software,
hardware, protocols, and media of the transmission of data. Simply we can say that how
computers are organized and how tasks are allocated to the computer.

The two types of network architectures are :

o Peer-To-Peer network
o Client/Server network

ETHICAL HACKING AND NETWORK DEFENSE (19SCF73) Page 8

Peer-To-Peer network

 Peer-To-Peer network is a network in which all the computers are linked together
with equal privilege and responsibilities for processing the data.
 Peer-To-Peer network is useful for small environments, usually up to 10 computers.
 Peer-To-Peer network has no dedicated server.
 Special permissions are assigned to each computer for sharing the resources, but this
can lead to a problem if the computer with the resource is down.

Advantages of Peer-To-Peer Network:

 It is less costly as it does not contain any dedicated server.

 If one computer stops working but, other computers will not stop working.
 It is easy to set up and maintain as each computer manages itself.

Disadvantages Of Peer-To-Peer Network:

 In the case of Peer-To-Peer network, it does not contain the centralized system .
Therefore, it cannot back up the data as the data is different in different locations.
 It has a security issue as the device is managed itself.

Client/Server Network

 Client/Server network is a network model designed for the end users called clients, to
access the resources such as songs, video, etc. from a central computer known as
Server.
 The central controller is known as a server while all other computers in the network
are called clients.
 A server performs all the major operations such as security and network management.
 A server is responsible for managing all the resources such as files, directories,
printer, etc.

ETHICAL HACKING AND NETWORK DEFENSE (19SCF73) Page 9

  All the clients communicate with each other through a server. For example, if client1
wants to send some data to client 2, then it first sends the request to the server for the
permission. The server sends the response to the client 1 to initiate its communication
with the client 2.

Advantages of Client/Server network:

 A Client/Server network contains the centralized system. Therefore we can back up

the data easily.
 A Client/Server network has a dedicated server that improves the overall performance
of the whole system.
 Security is better in Client/Server network as a single server administers the shared
resources.
 It also increases the speed of the sharing resources.

Disadvantages of Client/Server network:

 Client/Server network is expensive as it requires the server with large memory.

 A server has a Network Operating System(NOS) to provide the resources to the
clients, but the cost of NOS is very high.
 It requires a dedicated network administrator to manage all the resources.

Legal and Ethical Aspects- Laws and regulations related to ethical hacking

Laws and Regulations:

1. Computer Fraud and Abuse Act (CFAA): U.S. federal law that addresses
unauthorized access to computers and computer systems.
2. EU General Data Protection Regulation (GDPR): European regulation ensuring the
protection of personal data and privacy.

ETHICAL HACKING AND NETWORK DEFENSE (19SCF73) Page 10

 3. Cybercrime Laws: Various countries have laws addressing hacking, unauthorized
access, data breaches, and cybercrimes.
4. Digital Millennium Copyright Act (DMCA): U.S. law protecting digital content from
unauthorized access and distribution.
5. Health Insurance Portability and Accountability Act (HIPAA): U.S. law regulating the
protection of health information.

Authorization and Consent:

 Written Consent: Ethical hackers must obtain written permission from system
owners before conducting any testing.
 Scope of Testing: The scope of authorized testing should be well-defined to avoid
legal issues.
 Penetration Testing Agreements: Formal agreements outlining the scope, rules, and
limitations of testing.

Reporting and Documentation

 Detailed Reporting: Ethical hackers should provide thorough reports of findings

and vulnerabilities.
 Non-Disclosure Agreements (NDAs): Some testing engagements might involve
signing NDAs to protect sensitive information.

Responsible Disclosure:

 Disclosure Process: Ethical hackers should follow a responsible disclosure

process when reporting vulnerabilities to the affected party.
 Coordination with Vendors: Collaboration with software vendors to address
vulnerabilities before public disclosure.

Professional Code of Conduct:

 EC-Council Code of Ethics: Guidelines for ethical hackers to follow,

emphasizing integrity, confidentiality, and professionalism.
 (ISC)² Code of Ethics: Sets ethical standards for information security
professionals, including ethical hacking.

Industry Standards and Certifications:

 Certified Ethical Hacker (CEH): A certification that emphasizes ethical hacking skills
and knowledge.

ETHICAL HACKING AND NETWORK DEFENSE (19SCF73) Page 11

  Certified Information Systems Security Professional (CISSP): A certification covering
various domains of information security, including ethical considerations.

National and International Regulations:

 National Legislation: Laws and regulations may vary between countries, so ethical
hackers should understand the legal landscape in their jurisdiction.
 International Agreements: Cross-border hacking activities could fall under
international agreements on cybercrime.

Avoiding Harm and Damage:

 No Harm Principle: Ethical hackers should not cause harm, data loss, or disruptions
during testing.
 Exercising Caution: It's essential to consider the potential consequences of your
actions on systems and networks.

Continuous Learning and Compliance:

 Staying Updated: Laws and regulations evolve, so ethical hackers need to stay
informed about changes.
 Ongoing Compliance: Regularly reviewing and complying with relevant laws and
regulations is crucial.

Ethical guidelines and professional code of conduct

Ethical hacking involves a commitment to adhere to specific guidelines and a code of

conduct that ensures responsible and ethical behavior. These guidelines help ethical
hackers maintain integrity, protect privacy, and contribute positively to cybersecurity.
Here's an overview:

1. Respect for Privacy:

 Ethical hackers should respect the privacy of individuals and organizations while
conducting assessments.
 Sensitive information and data should be handled with utmost care and
confidentiality.
2. Obtain Proper Authorization:

 Ethical hackers must always obtain written permission from system owners or
authorized personnel before conducting any testing or assessment.
 Testing should be limited to the scope defined in the authorization to avoid legal
consequences.
3. Professionalism and Integrity:

ETHICAL HACKING AND NETWORK DEFENSE (19SCF73) Page 12

  Ethical hackers should conduct themselves with professionalism, honesty, and
integrity.
 Engaging in any malicious activities or exploiting vulnerabilities for personal gain
is strictly prohibited.
4. Disclosure and Reporting:

 Ethical hackers must report their findings accurately and promptly to the
authorized party.
 Vulnerabilities and weaknesses should be reported responsibly and securely.
5. Responsible Disclosure:

 Ethical hackers should follow a responsible disclosure process when reporting

vulnerabilities to the affected party.
 Coordination with software vendors and affected organizations is crucial to ensure
timely mitigation.
6. No Unauthorized Access:

 Ethical hackers should not access systems or data beyond the scope of authorized
testing.
 Attempting unauthorized access is unethical and potentially illegal.
7. Continuous Learning:
 Ethical hackers should stay updated with the latest security trends, tools, and
techniques.
 Continuous learning helps maintain expertise and ensures ethical practices.

8. Respect for Laws and Regulations:

 Ethical hackers should adhere to relevant laws and regulations related to hacking and
cybersecurity.
 Compliance with legal requirements is essential to avoid legal consequences.

Importance of Obtaining Proper Authorization:

1. Legal Compliance:

 Unauthorized hacking is illegal and can lead to severe legal consequences,

including criminal charges and lawsuits.
 Obtaining proper authorization demonstrates compliance with the law and ethical
standards.
2. Preventing Misunderstandings:

 Unauthorized testing can be misinterpreted as a malicious attack by network

administrators or security personnel.
 Proper authorization ensures that your actions are understood as ethical and
intentional.

ETHICAL HACKING AND NETWORK DEFENSE (19SCF73) Page 13

 3. Scope and Limitations:

 Authorization defines the scope, limitations, and objectives of testing.

 It prevents accidental disruption of critical systems or networks.
4. Building Trust:

 Obtaining proper authorization fosters trust between ethical hackers and system
owners.
 Trust is essential for effective collaboration and responsible disclosure.
5. Ethical Practices:

 Ethical hacking is about improving security, not causing harm.

 Proper authorization ensures that ethical hackers follow responsible and ethical
practices.

ETHICAL HACKING AND NETWORK DEFENSE (19SCF73) Page 14