PREVENTIVE SECURITY AND REACTIVE SECURITY - ULTIMATE BEGINNER HANDBOOK TO COMPUTER HACKING ESSENTIALS: LEARN ETHICAL HACKING, PENETRATION TESTING AND BASIC SECURITY: 50+ FREE RESOURCES TO HELP YOU MASTER THE ART OF HACKING (2015)

ULTIMATE BEGINNER HANDBOOK TO COMPUTER HACKING ESSENTIALS: LEARN ETHICAL HACKING, PENETRATION TESTING AND BASIC SECURITY: 50+ FREE RESOURCES TO HELP YOU MASTER THE ART OF HACKING (2015)

PREVENTIVE SECURITY AND REACTIVE SECURITY

There are two methods of security that every Ethical Hacker is concerned with most of the time, and that’s how to prevent hackers from getting in and what to do on the happenstance that they do manage to get in.

PREVENTIVE SECURITY

Preventive Security or Proactive security, which are really the same thing only one sounds better to businesses, is the practice of attempting to prevent things from tampering with the network. This involves setting up firewalls, scripts, and similar programs to prevent hackers from getting into the network. Hackers are not the only concern to Ethical Hackers, but they are the primary concern. There are a few other attackers that any person, including an Ethical Hacker, must be aware of to ensure the safety of their system.

ENCRYPTIONS AND KEY-FILES

The first bit of business to set up an encryption. There are several different types of encryptions, too much to cover here, but it is important that you know what they are and how they work. An encryption is literally a re-distribution of values to ensure that your information cannot be hacked You will often use a program for your encryption and only that program can unlock that encrypted file for you. A popular discontinued program was Truecrypt, which is still popular for basic encryption needs, and it allowed several different types of encryptions, including three-way encryptions. To grab a basic idea of what an encryption is doing, we will take a word and encrypt it.

Basic = CiZ@B

If you notice, this is a rather bad encryption, but it gets the point across. Another bit that you may need to know is the existence of a “Key-file.” Key files are extremely useful and ensure that no matter what you have that’s encrypted can’t be accessed without the file, as it is the key needed to open the file. Encryption is used to protect sensitive data from not only being stolen but also broken into. Additionally, nearly everything can be encrypted and it all runs on mathematics. The better the encryption, the more difficult it is for others to get into it, but, most often, it can be problematic to encrypt everything.

NOTE: Employers tend to not like having to jump through holes to get into their files, which is why encryption is really mostly used in technology businesses where the employers actually understand why encryption is useful. This is not to say that all businesses are like this, but you will find a lot of businesses who think this part is just unnecessary paranoia.

PAPER OVER DATA

The biggest protection against the average hacker is paper. The problem with this is that this is not seen as good practice inside of a business, as an account program is faster and less likely to make calculation mistake than an actual accountant is just as a machine is less likely to drip coffee on an important blueprint. However, the best way to utilize this protection is to have old important files be put on paper and locked away when they are no longer being used. This will not only save on a lot of data storage, but it will ensure that hackers can only obtain the most recent information from a business if they get in. Some businesses will actually just put the files on a standalone server that can only be accessed from the computer dashboard that has been placed on top. However, this is rare since these types of computers are expensive because they must be customized for the business.

WHAT DO WE DETECT? A LOT. WHEN DO WE DETECT IT? ALL THE TIME.

There are four different software elements you will need to know how to detect to prevent a compromise within the system. Often times, these software elements only get on the computer when a user unknowingly downloads it through allowing advertisements, going to a specific website, and there’s just a whole manner of ways they can get them.

TROJAN

A Trojan is usually packaged and hidden from the user along with whatever they have chosen to download. These programs often hide in the registry, collect information, and are programmed to hide themselves away until they are detected by one or several virus programs. Once they have been detected, then they begin to damage and alter the system to prevent its eventual removal. These are ones you will want to be out on the look for because they will contain such things as bitcoin mining and ram collection, which can often destroy the system they are in and are effective at stealing nearly everything in the system. If they are a program intended to collect information, they will often push that information to the outside world and that is where it is the easiest to detect them. However, most virus protecting software will detect them before they do any real damage, but you still have to watch for them in case they are not in the software’s library yet.

MALWARE

Literally, it means Bad-Ware, and it does exactly what you think it does. You will notice it immediately because it will try to shut down computers with the blue screen, it will lock you out of the screen, it will make sure you can get on the internet, and it may encrypt all of your files. There’s no end to the havoc that Malware will cause on your computer’s life and they are most common viruses you will ever receive. Beware of cookies and downloads, because Malware is practically everywhere there is a loading screen for your internet on a website that is not run by an organization or the government.

SPYWARE

Key loggers, Screen Capturers, and Camera Peekers galore. Spyware is extremely difficult to detect and will even throw false flag detections to ensure that you have a difficult time determining where it is. This type of virus is specifically built for spying and the worst ones can hide inside of the RAM, which lets them stay there while you try to figure out how to get them. Worst yet, they will disappear into the computer once it is shut off and some are so horrible that you have to reinstall the entire operating system on a different disk just to get rid of them.

PORTALS

Very difficult to put on the computer and almost impossible to detect. Portals or Worms literally just sit there and funnel information disguised as a registered connection to wherever they may be sending the connection. The reason why they are difficult to detect is that they are often registered, which means they become Windows Registered and are then inside of the Registry. They are extremely rare because only a building full of people in the world can make them nowadays for the new Operating Systems, but they were extremely popular before Spyware.

CHOOSE YOUR SECURITY TOOLS

When choosing how you want your system to pick up on these viruses you will need to take a few things into consideration. Can your processors still detect the viruses and clean them while the people are working? Does it run as a background operation or is it strictly foreground? How often do they update their libraries? The answers you want for these are; Yes, Background, and Every couple of Days. The reason for this is that your protections from these viruses are often dependent on how fast it can operate, how un-cumbersome it is to the business, and whether the viruses are known in its databases.

REACTIVE SECURITY

Reactive Security is when you get attacked, none of your preventive measures worked, and now you are trying to react to it.

WHEN IN DOUBT

When you think that they have already one, it’s time to unplug the internet and shut down. This has happened before, especially within popular websites or programs that get hacked. An example of this is the recent Sony Network hack, which was shut down in mid-process to stop the hack from fully getting in. So long as the device is off and not connected to the internet, it’s almost impossible to get back into it. However, this is only if the hackers are not part of the NSA, who have a back door into almost every processor.

DATA BACK UP

It is always important to have what’s called a RAW data back up, which is to say that all of the raw information about projects are held on a drive that isn’t connected to the internet and is only updated in intervals. The most popular set up is USB Storage filing, which allows the separation of information into separate USB flash drives so that even if one of the flash drives is corrupt, not all of the flash drives will be corrupted.

Another popular consumer option s RAID, but RAID is not an Enterprise option. This falls underneath what is known as Redundancy Back Up, which is to say that you have another file size matching the original size that holds ghost files of the original files. This is not an enterprise option because it’s twice as expensive and can take days for just 500 GB to recover depending on how cheaply your computers are built, which they will be the minimum unless you are working for a technical company.

The last option is Web or Wireless Back Up, which is not an Enterprise option either. This is because it primarily relies on your internet connection and how fast it can deposit the file into the storage area. When working on the Enterprise level, having over a hundred files being uploaded at the same time can take up a lot of the internet.

DATA RECOVERY

Data Recovery is frighteningly easy and this is because of how hard drives are designed. There are several ways to recover the information that has been lost from an attack, as it will often still be on your computer. However, when the data that is recovered from the drive looks as though it was tampered with, it is important to notify everyone that the company has been hacked so that they can change their information and affirm that their lives are in order. Most of the time you will be dealing with stolen account details like standard credit card theft, but occasionally you may have to deal with identity theft. It is important to notify the authorities when this is discovered because a Forensic Technician will need to come in and gather all the details. Either way, you will need to determine the source of the attack by finding the very first file that was transferred and every file after that to see which one is the common IP address.

STUDY THE DATA

If you have the Forensic Tools from before on the computer, you will want to see what went wrong, what simply didn’t work, how long it took them to get in, and what can you do to improve the security of the network. This is the most important part of Reactive Security, since Preventative Security is where you will ensure that this cannot take place again and you can only gather that information as part of your reaction. Skipping this step could mean the entire shut down of an enterprise, so it is extremely important to make sure that you utilize every bit of data to prevent it from happening again.

It is rare that a hacker is able to shut down an entire business and it usually deals with the topology of the network. The topology of the network refers to how the network interacts with itself on the hardware lines that they are provided. The most common topologies are a ring topology and a mesh topology, which simply mean that they are connected to each other so that when one line fails another line can still carry the information. You will always want to have a ring or mesh topology for workstations, but have a single entry point for your internet. This is the ideal setup but you will not get it most of the time.