Ethical hacking

K.G.C.Chathuranga
3 min readMay 29, 2021

--

First of all, do you know what is ethical hacking? Simply we can say Ethical hacking involves an authorized attempt to gain unauthorized access to a computer system, application, or data. Carrying out an ethical hack involves duplicating strategies and actions of malicious attackers. This practice helps to identify security vulnerabilities which can then be resolved before a malicious attacker can exploit them.

What are the key concepts of ethical hacking?

Hacking experts follow four key protocol concepts:

  1. Stay legal. Obtain proper approval before accessing and performing a security assessment.
  2. Define the scope. Determine the scope of the assessment so that the ethical hacker’s work remains legal and within the organization’s approved boundaries.
  3. Report vulnerabilities. Notify the organization of all vulnerabilities discovered during the assessment. Provide remediation advice for resolving these vulnerabilities.
  4. Respect data sensitivity. Depending on the data sensitivity, ethical hackers may have to agree to a non-disclosure agreement, in addition to other terms and conditions required by the assessed organization.

CIA in Cybersecurity

When we are talking about cybersecurity, we should look about CIA. This is not Central Intelligence Agency. Confidentiality, integrity and availability, also known as the CIA triad, is a model designed to guide policies for information security within an organization. Although elements of the triad are three of the most foundational and crucial cybersecurity needs, experts believe the CIA triad needs an upgrade to stay effective.

The following is a breakdown of the three key concepts that form the CIA triad:

  • Confidentiality is roughly equivalent to Confidentiality measures are designed to prevent sensitive information from unauthorized access attempts. It is common for data to be categorized according to the amount and type of damage that could be done if it fell into the wrong hands. More or less stringent measures can then be implemented according to those categories.
  • Integrity involves maintaining the consistency, accuracy and trustworthiness of data over its entire lifecycle. Data must not be changed in transit, and steps must be taken to ensure data cannot be altered by unauthorized people (for example, in a breach of confidentiality).
  • Availability means information should be consistently and readily accessible for authorized parties. This involves properly maintaining hardware and technical infrastructure and systems that hold and display the information

This is a very simple idea of the CIA. So, lets move to our next part. Machine learning in cybersecurity.

Machine learning in cybersecurity

In security, machine learning continuously learns by analyzing data to find patterns so we can better detect malware in encrypted traffic, find insider threats, predict where “bad neighborhoods” are online to keep people safe when browsing, or protect data in the cloud by uncovering suspicious user behavior. The cyber threat landscape forces organizations to constantly track and correlate millions of external and internal data points across their infrastructure and users. It simply is not feasible to manage this volume of information with only a team of people. This is where machine learning shines, because it can recognize patterns and predict threats in massive data sets, all at machine speed. By automating the analysis, cyber teams can rapidly detect threats and isolate situations that need deeper human analysis.

How machine learning helps security

  • Find threats on a network
  • Keep people safe when browsing
  • Provide endpoint malware protection
  • Protect data in the cloud
  • Detect malware in encrypted traffic

not only hacking, computer virus, Trojan horse, Adware and spyware, Computer worm, and lots of thigs are there today world. how ever I think you got some idea from this article. Thank you for reading.

--

--

K.G.C.Chathuranga
K.G.C.Chathuranga

Written by K.G.C.Chathuranga

Undergraduate student of Software engineering-University of Kelaniya.