Designing and Developing Products for Cybersecurity Report
VerifiedAdded on 2023/01/04
|15
|3419
|20
Report
AI Summary
This report delves into the realm of cybersecurity, focusing on designing and developing products to protect computer systems and data. It begins by outlining the setup of a virtual environment, detailing the hardware and software requirements. The report then explores various hacking techniques, including steps to obtain Wi-Fi passwords, network scanning methods, data sniffing and analysis, and the use of social-engineering tools. It provides solutions to counteract these threats. Furthermore, the report discusses the development of cybersecurity policies within an organization, covering aspects such as the scope, roles, responsibilities, policy framework, training, and monitoring. The report concludes with a summary of key findings and recommendations relevant to a company called TechTex, aiming to enhance the awareness of cybersecurity among its non-IT employees.
Designing and
Developing Products
for the Cyber security
Developing Products
for the Cyber security
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Table of Contents
INTRODUCTION...........................................................................................................................1
MAIN BODY...................................................................................................................................1
Task 1.....................................................................................................................................1
Set up a virtual environment.........................................................................................1
Task 2.....................................................................................................................................3
Steps hackers perform in order to get the Wi-Fi password...........................................3
Steps hacker can perform in network scanning............................................................4
How hackers can sniff, analyse, and steal sensitive data..............................................6
Process and provide solutions to counteract the threats................................................7
How hackers can use social-engineering tools for attacking........................................8
Task 3.....................................................................................................................................9
Purpose..........................................................................................................................9
Scope of the policy........................................................................................................9
Roles & responsibilities................................................................................................9
Policy framework........................................................................................................10
Distribution training & Implementation.....................................................................10
Monitoring, Feedback and reporting...........................................................................10
CONCLUSION..............................................................................................................................10
References:.....................................................................................................................................12
INTRODUCTION...........................................................................................................................1
MAIN BODY...................................................................................................................................1
Task 1.....................................................................................................................................1
Set up a virtual environment.........................................................................................1
Task 2.....................................................................................................................................3
Steps hackers perform in order to get the Wi-Fi password...........................................3
Steps hacker can perform in network scanning............................................................4
How hackers can sniff, analyse, and steal sensitive data..............................................6
Process and provide solutions to counteract the threats................................................7
How hackers can use social-engineering tools for attacking........................................8
Task 3.....................................................................................................................................9
Purpose..........................................................................................................................9
Scope of the policy........................................................................................................9
Roles & responsibilities................................................................................................9
Policy framework........................................................................................................10
Distribution training & Implementation.....................................................................10
Monitoring, Feedback and reporting...........................................................................10
CONCLUSION..............................................................................................................................10
References:.....................................................................................................................................12
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
INTRODUCTION
Cyber security is defined as the technologies and various processes which protects and
prevents the computer systems, data and software from damaging, spoiling and
attacking from the hackers. Hacking is defined as the taking over the control to another
systems and can be accessible by the hacker, this practice can be done either for the
benefits or for misusing some data(Ani, He and Tiwari, 2017). Organization here is the
TechTex, Technical textile services Limited company is one of the UK based company.
It mainly deals with the wipes and non woven fabrics. The following discussions are
made on the awareness of cyber security to the non IT employees of the firm by setting
up the virtual environment, letting them know that what can be the various steps that a
hacker can follow to hack passwords, networks and data, tools used by hackers for
attacking, solutions regarding all such issues and how can the security policies can be
developed within an organization and finally the conclusion and recommendations in
context of TechTex.
MAIN BODY
Task 1
Set up a virtual environment
Hardware requirements
Hardware is defined as the physical component of the computer systems use by the user
to give instruction to the system to perform actions or follow the instructions to present the
result. To set up the virtual environment, some of the requirements are, hard drive space
requirement is approximately 30 Gigabytes, processor required is 64-bit quad core and internet
access required is high speed connection (Carlton, Levy and Ramim, 2019).
Software requirements
Software is defined as the intellectual component in the computer systems which are
installed and are responsible for the accomplishing of the task that has giver by the user.
Combination of hardware and software makes a systems which collectively performs the tasks
that has assigned by the user and display the results accordingly. To set up the virtual
1
Cyber security is defined as the technologies and various processes which protects and
prevents the computer systems, data and software from damaging, spoiling and
attacking from the hackers. Hacking is defined as the taking over the control to another
systems and can be accessible by the hacker, this practice can be done either for the
benefits or for misusing some data(Ani, He and Tiwari, 2017). Organization here is the
TechTex, Technical textile services Limited company is one of the UK based company.
It mainly deals with the wipes and non woven fabrics. The following discussions are
made on the awareness of cyber security to the non IT employees of the firm by setting
up the virtual environment, letting them know that what can be the various steps that a
hacker can follow to hack passwords, networks and data, tools used by hackers for
attacking, solutions regarding all such issues and how can the security policies can be
developed within an organization and finally the conclusion and recommendations in
context of TechTex.
MAIN BODY
Task 1
Set up a virtual environment
Hardware requirements
Hardware is defined as the physical component of the computer systems use by the user
to give instruction to the system to perform actions or follow the instructions to present the
result. To set up the virtual environment, some of the requirements are, hard drive space
requirement is approximately 30 Gigabytes, processor required is 64-bit quad core and internet
access required is high speed connection (Carlton, Levy and Ramim, 2019).
Software requirements
Software is defined as the intellectual component in the computer systems which are
installed and are responsible for the accomplishing of the task that has giver by the user.
Combination of hardware and software makes a systems which collectively performs the tasks
that has assigned by the user and display the results accordingly. To set up the virtual
1
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
environment, some of the requirements are, hyper visor is required as virtual box or VMware
player and Kali as a Linux or windows.
Set up
Metasploitable is defined as the international Linux VM that are responsible for the
conducting of training on security, testing of security tools and practising the techniques of
testing common penetration. It can run on the VMware products and other technologies such as
virtual box. Once the virtual machine is downloaded, ZIP file needs to be extracted, then open
the .vmx file with the help of VMware products and power them on. Then after some time, the
system will be booted and be prepared for the action. It has the default login and password that is
msfadmin:msfadmin (Handa, Sharma and Shukla, 2019).
2
player and Kali as a Linux or windows.
Set up
Metasploitable is defined as the international Linux VM that are responsible for the
conducting of training on security, testing of security tools and practising the techniques of
testing common penetration. It can run on the VMware products and other technologies such as
virtual box. Once the virtual machine is downloaded, ZIP file needs to be extracted, then open
the .vmx file with the help of VMware products and power them on. Then after some time, the
system will be booted and be prepared for the action. It has the default login and password that is
msfadmin:msfadmin (Handa, Sharma and Shukla, 2019).
2
Task 2
Steps hackers perform in order to get the Wi-Fi password
Usage of controlling equipment
Hackers use their own systems to hack, systems which they can control and own because
they find more easier to access the other systems if they have their own systems will all the
configuration required to scan the others Wi-Fi at their own place to test the security and
software features (Handa, Sharma and Shukla, 2019).
Gathering materials
They try to attack the WEP encryption for breaking down which includes the various
technologies like Kali Linux, home router which is wireless on the which the WEP is running,
aircrack-ng program that is attached with Kali, USB network card which is wireless in nature and
other devices which are wireless through which the router is connected.
Verification
3
Steps hackers perform in order to get the Wi-Fi password
Usage of controlling equipment
Hackers use their own systems to hack, systems which they can control and own because
they find more easier to access the other systems if they have their own systems will all the
configuration required to scan the others Wi-Fi at their own place to test the security and
software features (Handa, Sharma and Shukla, 2019).
Gathering materials
They try to attack the WEP encryption for breaking down which includes the various
technologies like Kali Linux, home router which is wireless on the which the WEP is running,
aircrack-ng program that is attached with Kali, USB network card which is wireless in nature and
other devices which are wireless through which the router is connected.
Verification
3
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
Hackers then verifies the USB card which is wireless that is associated with the Kali
Linux software. They verifies that the USB is either even recognised or identifies or not, and if
recognised then is it at it's functional state or not.
Packet capturing
This is the stage where hackers initiates the attack by capturing the packets from other
wireless devices using dump command in their own systems. Network will definitely try to make
a difference between the inaccessible and accessible packets but it will not be able to due to
technique used by the hackers (Jarmakiewicz, Parobczak and Maślanka, 2017).
Storing packet capturing
After capturing the packets, they store the packets in some file and they collect at least
10,000 packets and stop scanning the packet capturing process. They save such packets in their
local hard drive disks using a most common file name method is .airdump-ng mon0 -[file-name].
Run Aircrack-ng
It is the software that is used to crack the passwords for the Wi-Fi used by the hackers
and they are well trained in suing such software. In this stage, they run this software against the
packets data collected to crack the passwords, this is done by running the command and plug in
the file which was saved to capture the packets data that is .aircrack-ng [file-name].cap.
Steps hacker can perform in network scanning
Nmap
It is defined as the free network scanner which is openly sourced. Network can be
scanned either by using the IP address like $ nmap 1.2.3.4 or can use the name of the host that is
$ nmap example.com. Scanning the network is illegal of an organization until and unless an
organization has not given the authorization to scan the network. That is why this work is done
by the hacker because they are well trained and have the knowledge about the network scanning
and easily can gain the authorization of a particular network in an organization (Li and Liao,
2018).
4
Linux software. They verifies that the USB is either even recognised or identifies or not, and if
recognised then is it at it's functional state or not.
Packet capturing
This is the stage where hackers initiates the attack by capturing the packets from other
wireless devices using dump command in their own systems. Network will definitely try to make
a difference between the inaccessible and accessible packets but it will not be able to due to
technique used by the hackers (Jarmakiewicz, Parobczak and Maślanka, 2017).
Storing packet capturing
After capturing the packets, they store the packets in some file and they collect at least
10,000 packets and stop scanning the packet capturing process. They save such packets in their
local hard drive disks using a most common file name method is .airdump-ng mon0 -[file-name].
Run Aircrack-ng
It is the software that is used to crack the passwords for the Wi-Fi used by the hackers
and they are well trained in suing such software. In this stage, they run this software against the
packets data collected to crack the passwords, this is done by running the command and plug in
the file which was saved to capture the packets data that is .aircrack-ng [file-name].cap.
Steps hacker can perform in network scanning
Nmap
It is defined as the free network scanner which is openly sourced. Network can be
scanned either by using the IP address like $ nmap 1.2.3.4 or can use the name of the host that is
$ nmap example.com. Scanning the network is illegal of an organization until and unless an
organization has not given the authorization to scan the network. That is why this work is done
by the hacker because they are well trained and have the knowledge about the network scanning
and easily can gain the authorization of a particular network in an organization (Li and Liao,
2018).
4
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Nikto
It is a network scanner which used through web server that is used for testing the files
which are dangerous and the service software which are outdated. These are the details that can
be exploited and and it can be used in network scanning or cracking the network using such
scanners used by the hackers. It has a quick speed function and is mainly designed to scan the
web server. This especially used to gain the knowledge of the weaknesses of the network which
makes for the hacker to hack the network.
5
It is a network scanner which used through web server that is used for testing the files
which are dangerous and the service software which are outdated. These are the details that can
be exploited and and it can be used in network scanning or cracking the network using such
scanners used by the hackers. It has a quick speed function and is mainly designed to scan the
web server. This especially used to gain the knowledge of the weaknesses of the network which
makes for the hacker to hack the network.
5
Nessus
It is one of the tool of network scanner which is considered as the most powerful
vulnerable scanners. This is needed to install because this does not comes with the Kali Linux as
a pre installed software. There are various steps to follow the installation procedure and then it is
required to create and register the account and then can start scanning the network. There are
different settings that is needed to be configured before using such network scanner (Moşteanu,
2020).
6
It is one of the tool of network scanner which is considered as the most powerful
vulnerable scanners. This is needed to install because this does not comes with the Kali Linux as
a pre installed software. There are various steps to follow the installation procedure and then it is
required to create and register the account and then can start scanning the network. There are
different settings that is needed to be configured before using such network scanner (Moşteanu,
2020).
6
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
How hackers can sniff, analyse, and steal sensitive data
Sniffing
It is defined as the capturing of data from the computer networks when they flow from
one path to another. It has a device known as the packet sniffer used for the purpose for the
sniffing attack. They are also known as the network protocol analyser. Data can move in the
network medium but it is not safe until it is being protected otherwise any one can access and
misuse the data especially the hackers and then they analyse for hacking the data with the help of
sniffing attack. There are various tools and types of sniff that is used by hackers for attacking the
data throughout the network medium (Newhouse, Keith, Scribner and Witte, 2017).
Steps
Attack scenarios
There are various scenarios that are used in attacking the data with the help of sniffing,
some of the scenarios are network using hubs which states that the hackers attacks the host and
various nodes which are attached to the network. Other scenarios are switched based LANs,
WLAN network and sniffing packets on the internet. They all have common thing in functioning
that they attack the nodes and hosts connected but difference is that they choose the different
paths to hack the different data packets on the network. These are the scenarios which the
hackers use mostly for attacking the data either open or private.
Analysing
There are various networks which is needed to be analysed by the hacker to perform the
sniff attacking such as hub networks which means that the hackers try to attack the central point
so that other clients which are connected with the hub can also be attacked. Other networks are
switched networks, wireless networks and BGP networks (Sen, 2018).
Process and provide solutions to counteract the threats
Ping method
It is a method where ping request of the IP address for the affected machine is sent to the
sniffer machine which detects the suspects and if the suspects respond and it it is still running
then the suspect can be found easily. It cannot be considered as the most reliable method.
ARP method
7
Sniffing
It is defined as the capturing of data from the computer networks when they flow from
one path to another. It has a device known as the packet sniffer used for the purpose for the
sniffing attack. They are also known as the network protocol analyser. Data can move in the
network medium but it is not safe until it is being protected otherwise any one can access and
misuse the data especially the hackers and then they analyse for hacking the data with the help of
sniffing attack. There are various tools and types of sniff that is used by hackers for attacking the
data throughout the network medium (Newhouse, Keith, Scribner and Witte, 2017).
Steps
Attack scenarios
There are various scenarios that are used in attacking the data with the help of sniffing,
some of the scenarios are network using hubs which states that the hackers attacks the host and
various nodes which are attached to the network. Other scenarios are switched based LANs,
WLAN network and sniffing packets on the internet. They all have common thing in functioning
that they attack the nodes and hosts connected but difference is that they choose the different
paths to hack the different data packets on the network. These are the scenarios which the
hackers use mostly for attacking the data either open or private.
Analysing
There are various networks which is needed to be analysed by the hacker to perform the
sniff attacking such as hub networks which means that the hackers try to attack the central point
so that other clients which are connected with the hub can also be attacked. Other networks are
switched networks, wireless networks and BGP networks (Sen, 2018).
Process and provide solutions to counteract the threats
Ping method
It is a method where ping request of the IP address for the affected machine is sent to the
sniffer machine which detects the suspects and if the suspects respond and it it is still running
then the suspect can be found easily. It cannot be considered as the most reliable method.
ARP method
7
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
It is a methods where machines always caches the ARP and capture it. So if the suspect
machines responds to such ARP then it can be possible for the person to identify the suspect
machine using broadcast ping method as well.
On local host
It is used to find out the machine is running even after the sniffer attack or not. It is not
that much relevant process because it sometime does not provide the accurate results so the
confusion can only be left with the person who is trying to identify the suspect.
Latency method
It is used with the ping method because the responding time of ping is too much short but
if the network is overloaded and then it takes the time, at this point of time, latency method starts
functioning to cover the long time period of heavy load ping response (Sharevski, Trowbridge
and Westbrook, 2018).
ARP watch
This method is generally used to set and trigger the alarms if the host machine is found to
be handling the duplicate cache of the ARP. It rectifies the same and protect the system from the
double faced cache, thereby alarms are useful if someone is noticing the systems cache
behaviour.
How hackers can use social-engineering tools for attacking
Exploiting Familiarity
People who are using the internet and websites are most likely to browse and surf the
internet on a regular or daily basis in order to gain knowledge. Hackers tries to provide some
links which can be familiar to the user so that they can open that link and hacker can gain the
access control over their systems (Vitunskaite, He, Brandstetter and Janicke, 2019).
Creating circumstances
Hackers usually create the circumstances for the user to provide them the systems
information. This is generally done over the call or on the chatting site which the users mostly
used and makes them in favour of giving them the information by gaining some trust.
Phishing
In this technique, hackers tries to find out out the user's personal information like any ID
or password, credit card information and many more. They use the well known sites like Yahoo
8
machines responds to such ARP then it can be possible for the person to identify the suspect
machine using broadcast ping method as well.
On local host
It is used to find out the machine is running even after the sniffer attack or not. It is not
that much relevant process because it sometime does not provide the accurate results so the
confusion can only be left with the person who is trying to identify the suspect.
Latency method
It is used with the ping method because the responding time of ping is too much short but
if the network is overloaded and then it takes the time, at this point of time, latency method starts
functioning to cover the long time period of heavy load ping response (Sharevski, Trowbridge
and Westbrook, 2018).
ARP watch
This method is generally used to set and trigger the alarms if the host machine is found to
be handling the duplicate cache of the ARP. It rectifies the same and protect the system from the
double faced cache, thereby alarms are useful if someone is noticing the systems cache
behaviour.
How hackers can use social-engineering tools for attacking
Exploiting Familiarity
People who are using the internet and websites are most likely to browse and surf the
internet on a regular or daily basis in order to gain knowledge. Hackers tries to provide some
links which can be familiar to the user so that they can open that link and hacker can gain the
access control over their systems (Vitunskaite, He, Brandstetter and Janicke, 2019).
Creating circumstances
Hackers usually create the circumstances for the user to provide them the systems
information. This is generally done over the call or on the chatting site which the users mostly
used and makes them in favour of giving them the information by gaining some trust.
Phishing
In this technique, hackers tries to find out out the user's personal information like any ID
or password, credit card information and many more. They use the well known sites like Yahoo
8
or google where people mostly create their accounts and register themselves with their personal
information.
Exploiting curiosity
Hackers take an advantage of the user's curiosity in hacking their systems. They generally
provides those links which create thrill in the user's mind and try to to eye catch the user so that
they open up those links and through this, hackers can gain the access to the user's systems.
Exploiting greed
Hackers generally provides those links which creates the greed in the user's mind. For
example, any contest, prize winning competition, for any high paid jobs and many more. User's
click on those links for more information and there hackers can get a chance in controlling the
the user's systems.
Task 3
Purpose
Purpose of the policy is to develop the security policy for the employees and the visitors
in an organization. Security against the hacking and hackers. Purpose is to aware the people that
what practices they must adopt and what not to tackle the hackers attacks on their systems.
Providing dome knowledge of IT so that they can be more clever of using the systems and the
network in an organization.
Scope of the policy
Scope of the policy is that an organization would be able to prevent and protect their
systems, data, informations, technical devices from a severe loss against from any outsider or
hacker. Providing IT information to all the employees in the company apart of the IT people can
benefit the company more on saving their systems because if more and more people knows that
how they can tackle such problems then it can be better for the firm to handle their operation in a
more effective manner.
Roles & responsibilities
Roles and responsibilities of the employees and visitors must be that they should delete
any request which arrives on the systems in accordance of the financial statements. They must
9
information.
Exploiting curiosity
Hackers take an advantage of the user's curiosity in hacking their systems. They generally
provides those links which create thrill in the user's mind and try to to eye catch the user so that
they open up those links and through this, hackers can gain the access to the user's systems.
Exploiting greed
Hackers generally provides those links which creates the greed in the user's mind. For
example, any contest, prize winning competition, for any high paid jobs and many more. User's
click on those links for more information and there hackers can get a chance in controlling the
the user's systems.
Task 3
Purpose
Purpose of the policy is to develop the security policy for the employees and the visitors
in an organization. Security against the hacking and hackers. Purpose is to aware the people that
what practices they must adopt and what not to tackle the hackers attacks on their systems.
Providing dome knowledge of IT so that they can be more clever of using the systems and the
network in an organization.
Scope of the policy
Scope of the policy is that an organization would be able to prevent and protect their
systems, data, informations, technical devices from a severe loss against from any outsider or
hacker. Providing IT information to all the employees in the company apart of the IT people can
benefit the company more on saving their systems because if more and more people knows that
how they can tackle such problems then it can be better for the firm to handle their operation in a
more effective manner.
Roles & responsibilities
Roles and responsibilities of the employees and visitors must be that they should delete
any request which arrives on the systems in accordance of the financial statements. They must
9
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
1 out of 15
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
Copyright © 2020–2026 A2Z Services. All Rights Reserved. Developed and managed by ZUCOL.