Basics you need to clear: about Information Security Fundamentals - ISAA Module 1

Basics you need to clear: about Information Security Fundamentals

Topics Discussed:

Definitions & challenges of security, Attacks & services, Security policies, Security Controls, Access control structures, Cryptography, Deception, Ethical Hacking, Firewalls, Identify and Access Management (IDAM).

---

---

Heart of Computer Security 💖💻

Confidentiality: This term covers two related concepts:

• Data confidentiality:
  Assures that private or confidential information is not made available or disclosed to unauthorized individuals.
• Privacy:
  Assures that individuals control or influence what information related to them may be collected and stored and by whom and to whom that information may be disclosed.

Integrity: This term covers two related concepts:

• Data integrity:
  Assures that information and programs are changed only in a specified and authorized manner.
• System integrity:
  Assures that a system performs its intended function in an unimpaired manner, free from deliberate or inadvertent unauthorized manipulation of the system.

Availability: Assures that systems work promptly and service is not denied to

authorized users.

The Challenges of Computer Security 🥊

Computer security is both fascinating and complex. Some of the reasons follow:

1. Computer security is not as simple as it might first appear to the novice. The requirements seem to be straightforward; indeed, most of the major requirements for security services can be given self-explanatory one-word labels: confidentiality, authentication, nonrepudiation, integrity. But the mechanisms used to meet those requirements can be quite complex, and understanding them may involve rather subtle reasoning.
2. In developing a particular security mechanism or algorithm, one must always consider potential attacks on those security features. In many cases, successful attacks are designed by looking at the problem in a completely different way, therefore exploiting an unexpected weakness in the mechanism.
3. Because of point 2, the procedures used to provide particular services are often counterintuitive. Typically, a security mechanism is complex, and it is not obvious from the statement of a particular requirement that such elaborate measures are needed. It is only when the various aspects of the threat are considered that elaborate security mechanisms make sense.
4. Having designed various security mechanisms, it is necessary to decide where to use them. This is true both in terms of physical placement (e.g., at what points in a network are certain security mechanisms needed) and in a logical sense [e.g., at what layer or layers of an architecture such as TCP/IP (Transmission Control Protocol/Internet Protocol) should mechanisms be placed].
5. Security mechanisms typically involve more than a particular algorithm or protocol. They also require that participants be in possession of some secret information (e.g., an encryption key), which raises questions about the creation, distribution, and protection of that secret information. There may also be a reliance on communications protocols whose behavior may complicate the task of developing the security mechanism. For example, if the proper functioning of the security mechanism requires setting time limits on the transit time of a message from sender to receiver, then any protocol or network that introduces variable, unpredictable delays may render such time limits meaningless.
6. Computer security is essentially a battle of wits between a perpetrator who tries to find holes and the designer or administrator who tries to close them. The great advantage that the attacker has is that he or she need only find a single weakness while the designer must find and eliminate all weaknesses to achieve perfect security.
7. There is a natural tendency on the part of users and system managers to perceive little benefit from security investment until a security failure occurs.
8. Security requires regular, even constant, monitoring, and this is difficult in today’s short-term, overloaded environment.
9. Security is still too often an afterthought to be incorporated into a system after the design is complete rather than being an integral part of the design process.
10. Many users and even security administrators view strong security as an impediment to efficient and user-friendly operation of an information system or use of information.

Attack and services ⚔️

Security Attacks, Services and Mechanisms

To assess the security needs of an organization effectively, for security , it needs some systematic way of defining the requirements for security and characterization of approaches to satisfy those requirements. One approach is to consider three aspects of information security:

Security attack – Any action that compromises the security of information owned by an organization. 

Security mechanism – A mechanism that is designed to detect, prevent or recover from a security attack. 

Security service – A service that enhances the security of the data processing systems and the information transfers of an organization. The services are intended to counter security attacks and they make use of one or more security mechanisms to provide the service.

Basic Definitions 🔎

• Cryptography
  The art or science encompassing the principles and methods of transforming an intelligible message into one that is unintelligible, and then retransforming that message back to its original form Plaintext The original intelligible message
• Cipher Text
  The transformed message

• Cipher
  An algorithm for transforming an intelligible message into one that is unintelligible by transposition and/or substitution methods

• Encipher
  The process of converting plaintext to cipher text using a cipher and a key

• Decipher
  The process of converting cipher text back into plaintext using a cipher and a key

• Cryptanalysis
  The study of principles and methods of transforming an in intelligible message back into an intelligible message without knowledge of the key. Also called code breaking

• Cryptology
  Both cryptography and cryptanalysis

Cryptographic systems are generally classified along 3 independent dimensions:

Type of operations used for transforming plain text to cipher text

All the encryption algorithms are based on two general principles: substitution, in which each element in the plaintext is mapped into another element, and transposition, in which elements in the plaintext are rearranged.

The number of keys used

If the sender and receiver uses same key then it is said to be symmetric key (or)single key (or) conventional encryption. If the sender and receiver use different keys then it is said to be public key encryption.

The way in which the plain text is processed

A block cipher processes the input and block of elements at a time, producing output block for each input block.

A stream cipher processes the input elements continuously, producing output element one at a time, as it goes along.

More About Cryptanalysis 🛑

The process of attempting to discover X or K or both is known as cryptanalysis. The strategy used by the cryptanalysis depends on the nature of the encryption scheme and the information available to the cryptanalyst.

There are various types of cryptanalytic attacks based on the amount of information known to the cryptanalyst.

Cipher text only – A copy of cipher text alone is known to the cryptanalyst. Known plaintext – The cryptanalyst has a copy of the cipher text and the corresponding plaintext.

Chosen plaintext – The cryptanalysts gains temporary access to the encryption machine. They cannot open it to find the key, however; they can encrypt a large number of suitably chosen plaintexts and try to use the resulting cipher texts to deduce the key.

Chosen cipher text – The cryptanalyst obtains temporary access to the decryption machine, uses it to decrypt several string of symbols, and tries to use the results to deduce the key.

Steganography 🛑

A plaintext message may be hidden in any one of the two ways. The methods of steganography conceal the existence of the message, whereas the methods of cryptography render the message unintelligible to outsiders by various transformations of the text.

A simple form of steganography, but one that is time consuming to construct is one in which an arrangement of words or letters within an apparently innocuous text spells out the real message. e.g.,

(i) the sequence of first letters of each word of the overall message spells out the real (Hidden) message. (ii) Subset of the words of the overall message is used to convey the hidden

Security Policy ⚖️

Tenable security policy must be based on the results of a risk assessment:

• Identify sensitive information and critical systems.
• Incorporate local, state, and federal laws, as well as relevant ethical standards.
• Define institutional security goals and objectives.
• Set a course for accomplishing those goals and objectives.
• Ensure that necessary mechanisms for accomplishing the goals and objectives are in place.

Should Meet:

• What is the reason for the policy?
• Who developed the policy?
• Who approved the policy?
• Whose authority sustains the policy?
• Which laws or regulations, if any, are the policy based on?
• Who will enforce the policy?
• How will the policy be enforced?
• Whom does the policy affect?
• What information assets must be protected?
• What are users actually required to do?
• How should security breaches and violations be reported?
• What is the effective date and expiration date of the policy?

Security Controls 🎛️

Any type of safeguard or countermeasure used to avoid, detect, counteract, or minimize security risks to physical property, information, computer systems, or other assets is considered a security control.

Control Types

Physical controls describe anything tangible that’s used to prevent or detect unauthorized access to physical areas, systems, or assets. This includes things like fences, gates, guards, security badges and access cards, biometric access controls, security lighting, CCTVs, surveillance cameras, motion sensors, fire suppression, as well as environmental controls like HVAC and humidity controls.

Technical controls (also known as logical controls) include hardware or software mechanisms used to protect assets. Some common examples are authentication solutions, firewalls, antivirus software, intrusion detection systems (IDSs), intrusion protection systems (IPSs), constrained interfaces, as well as access control lists (ACLs) and encryption measures.

Administrative controls refer to policies, procedures, or guidelines that define personnel or business practices in accordance with the organization's security goals. These can apply to employee hiring and termination, equipment and Internet usage, physical access to facilities, separation of duties, data classification, and auditing. Security awareness training for employees also falls under the umbrella of administrative controls.

Physical security controls include such things as data center perimeter fencing, locks, guards, access control cards, biometric access control systems, surveillance cameras, and intrusion detection sensors.

Digital security controls include such things as usernames and passwords, two-factor authentication, antivirus software, and firewalls.

Cybersecurity controls include anything specifically designed to prevent attacks on data, including DDoS mitigation, and intrusion prevention systems.

Cloud security controls include measures you take in cooperation with a cloud services provider to ensure the necessary protection for data and workloads. If your organization runs workloads on the cloud, you must meet their corporate or business policy security requirements and industry regulations.

Control Functions

Preventative controls describe any security measure that’s designed to stop unwanted or unauthorized activity from occurring. Examples include physical controls such as fences, locks, and alarm systems; technical controls such as antivirus software, firewalls, and IPSs; and administrative controls like separation of duties, data classification, and auditing.

Detective controls describe any security measure taken or solution that’s implemented to detect and alert to unwanted or unauthorized activity in progress or after it has occurred. Physical examples include alarms or notifications from physical sensor (door alarms, fire alarms) that alert guards, police, or system administrators. Honeypots and IDSs are examples of technical detective controls.

There are several types of security controls that can be implemented to protect hardware, software, networks, and data from actions and events that could cause loss or damage. For example:

Corrective controls include any measures taken to repair damage or restore resources and capabilities to their prior state following an unauthorized or unwanted activity. Examples of technical corrective controls include patching a system, quarantining a virus, terminating a process, or rebooting a system. Putting an incident response plan into action is an example of an administrative corrective control.

Security Centers:

• Enforces IT security policies through security controls
• Educates employees and users about security guidelines
• Meets industry and compliance regulations
• Achieves operational efficiency across security controls
• Continually assesses risks and addresses them through security controls

Access Control 🧏🏼‍♀️

Access Control is a security technique that regulates who or what can view or use resources in a computing environment. It is a fundamental concept in security that minimizes risk to the business or organization.

There are two types of access control: physical and logical. Physical access control limits access to campuses, buildings, rooms and physical IT assets. Logical access control limits connections to computer networks, system files and data.

To secure a facility, organizations use electronic access control systems that rely on user credentials, access card readers, auditing and reports to track employee access to restricted business locations and proprietary areas, such as data centers. Some of these systems incorporate access control panels to restrict entry to rooms and buildings, as well as alarms and lockdown capabilities, to prevent unauthorized access or operations.

Access control systems perform identification authentication and authorization of users and entities by evaluating required login credentials that can include passwords, personal identification numbers (PINs), biometric scans, security tokens or other authentication factors. Multifactor authentication (MFA), which requires two or more authentication factors, is often an important part of a layered defense to protect access control systems.

Types of access control

The main models of access control are the following:

Mandatory access control (MAC). This is a security model in which access rights are regulated by a central authority based on multiple levels of security. Often used in government and military environments, classifications are assigned to system resources and the operating system (OS) or security kernel. It grants or denies access to those resource objects based on the information security clearance of the user or device. For example, Security Enhanced Linux (SELinux) is an implementation of MAC on the Linux OS.

Discretionary access control (DAC). This is an access control method in which owners or administrators of the protected system, data or resource set the policies defining who or what is authorized to access the resource. Many of these systems enable administrators to limit the propagation of access rights. A common criticism of DAC systems is a lack of centralized control.

Role-based access control (RBAC). This is a widely used access control mechanism that restricts access to computer resources based on individuals or groups with defined business functions -- e.g., executive level, engineer level 1, etc. -- rather than the identities of individual users. The role-based security model relies on a complex structure of role assignments, role authorizations and role permissions developed using role engineering to regulate employee access to systems. RBAC systems can be used to enforce MAC and DAC frameworks.

Rule-based access control. This is a security model in which the system administrator defines the rules that govern access to resource objects. Often, these rules are based on conditions, such as time of day or location. It is not uncommon to use some form of both rule-based access control and RBAC to enforce access policies and procedures.

Attribute-based access control (ABAC). This is a methodology that manages access rights by evaluating a set of rules, policies and relationships using the attributes of users, systems and environmental conditions.

Cryptography 🔑

Cryptography involves the use of mathematical concepts and a set of rule-based calculations, called algorithms, to transform messages in ways that are hard to decipher.

These algorithms are then used for cryptographic key generation, digital signing, verification to protect data privacy, web browsing on the internet, and confidential communication like credit card transactions and emails.

Three types of cryptography?

Secret Key Cryptography (SKC)

This type of cryptography is sometimes referred to as symmetric encryption, as it uses the same digital key for encryption and decryption. SKC is leveraged in use cases where privacy and confidentiality are priorities.

Public Key Cryptography (PKC)

Also called asymmetric encryption, PKC uses two different keys for encryption and decryption, which makes it suitable for authentication, non-repudiation, and key exchange.

Hash Functions

Hashing utilises mathematical algorithms to permanently encrypt information. Only systems that use the same algorithm can decrypt these messages. Ha

Cryptography is an important aspect when we deal with network security. ‘Crypto’ means secret or hidden. Cryptography is the science of secret writing with the intention of keeping the data secret. Cryptanalysis, on the other hand, is the science or sometimes the art of breaking cryptosystems. These both terms are a subset of what is called as Cryptology.

Classification – The flowchart depicts that cryptology is only one of the factors involved in securing networks. Cryptology refers to study of codes, which involves both writing (cryptography) and solving (cryptanalysis) them. Below is a classification of the crypto-terminologies and their various types.

Cryptography – Cryptography is classified into symmetric cryptography, asymmetric cryptography and hashing. Below are the description of these types.

1. Symmetric key cryptography – It involves usage of one secret key along with encryption and decryption algorithms which help in securing the contents of the message. The strength of symmetric key cryptography depends upon the number of key bits. It is relatively faster than asymmetric key cryptography. There arises a key distribution problem as the key has to be transferred from the sender to receiver through a secure channel.
2. Assymmetric key cryptography – It is also known as public key cryptography because it involves usage of a public key along with secret key. It solves the problem of key distribution as both parties uses different keys for encryption/decryption. It is not feasible to use for decrypting bulk messages as it is very slow compared to symmetric key cryptography.
3. Hashing – It involves taking the plain-text and converting it to a hash value of fixed size by a hash function. This process ensures integrity of the message as the hash value on both, sender\’s and receiver\’s side should match if the message is unaltered.

Cryptanalysis –

1. Classical attacks – It can be divided into a)Mathematical analysis and b) Brute-force attacks. Brute-force attacks runs the encryption algorithm for all possible cases of the keys until a match is found. Encryption algorithm is treated as a black box. Analytical attacks are those attacks which focuses on breaking the cryptosystem by analysing the internal structure of the encryption algorithm.
2. Social Engineering attack – It is something which is dependent on the human factor. Tricking someone to reveal their passwords to the attacker or allowing access to the restricted area comes under this attack. People should be cautious when revealing their passwords to any third party which is not trusted.
3. Implementation attacks – Implementation attacks such as side-channel analysis can be used to obtain a secret key. They are relevant in cases where the attacker can obtain physical access to the cryptosystem.

**

Deception 🙉

Deception Technology Defined

The aim of deception technology is to prevent a cybercriminal that has managed to infiltrate a network from doing any significant damage. The technology works by generating traps or deception decoys that mimic legitimate technology assets throughout the infrastructure. These decoys can run in a virtual or real operating system environment and are designed to trick the cybercriminal into thinking they have discovered a way to escalate privileges and steal credentials. Once a trap is triggered, notifications are broadcast to a centralized deception server that records the affected decoy and the attack vectors that were used by the cybercriminal.

Why Use Deception Technology?

Early Post-Breach Detection

No security solution can stop all attacks from occurring on a network, but deception technology helps to give attackers a false sense of security by making them believe they have gained a foothold on your network. From here you can monitor and record their behavior secure in the knowledge that they can do no damage on your decoy systems. The information you record about attacker behavior and techniques can be used to further secure your network from attack.

Reduced False Positives and Risk

Dead ends, false positives and alert fatigue can all hamper security efforts and put a drain on resources if they are even analyzed at all. Too much noise can result in IT teams becoming complacent and ignoring what could potentially be a legitimate threat. Deception technology reduces the noise with fewer false positives and high fidelity alerts packed full of useful data.

Deception technology is also a low risk as it has no risk to data or impact on resources or operations. When a hacker accesses or attempts to use part of the deception layer, a real and accurate alert is generated that tells admins they need to take action.

Scale and Automate at Will

While the threat to corporate networks and data is a daily growing concern, security teams rarely get an increase in their budget to handle the deluge of new threats. For this reason, deception technology can be a very welcome solution. Automated alerts eliminate the need for manual effort and intervention while the design of the technology allows it to be scaled easily as the organization and threat level grows.

From Legacy to IoT

Deception technology can be used to provide breadcrumbs for a vast range of different devices, including legacy environments, industry-specific environments and even IoT devices.

The Importance of Dynamic Deception

One of the most important requirements for successful deception technology implementation is that it must stay indistinguishable and fresh to the attacker. If the attacker suspects they are being deceived they will do what they can to evade traps and scale up their efforts in getting to your real assets.

Many deception security solutions have machine learning and AI built into their core. These features not only ensure deception techniques are kept dynamic but also help to reduce operational overheads and the impact on security teams by freeing them from constantly creating new deception campaigns.

What Is Deception Technology?

Deception technology is a cybersecurity defense practice that aims to deceive attackers by distributing a collection of traps and decoys across a system's infrastructure to imitate genuine assets. If an intruder triggers a decoy, then the server will log and monitor the attack vectors utilized throughout the duration of the engagement.

Importance of Deception Technology

As attack vectors become increasingly complex, organizations need to be able to detect suspicious activity earlier in the attack chain and respond accordingly. Deception technology provides security teams with a number of tactics and resulting benefits to help:

• Decrease attacker dwell time on their network
• Expedite the average time to detect and remediate threats
• Reduce alert fatigue
• Produce metrics surrounding indicators of compromise (IOCs) and tactics, techniques, and procedures (TTPs).

In incident detection and response, time and context are crucial. And yet many detection solutions wait until critical assets have been compromised to send an alert, while others—like those that only analyze log and network data—can’t provide important details, such as how the attacker got in, or where they're headed next. Kind of makes planning a response, well, pretty darn impossible.

Weave intruder traps into your larger monitoring strategy:

Pick your poison: InsightIDR offers four types of intruder traps to detect attackers earlier during network recon and lateral movement—before critical data is stolen. All four – honeypots, honey users, honey credentials, and honey files – are quick to set up and built using continuous attacker research from the Metasploit project, as well as our pen-testers and 24/7 Security Operations Center (SOC). And since InsightIDR combines this deception technology with user behavior analytics (UBA) and endpoint detection, you can be sure it will detect intruders across the entire attack chain.

Deploy and manage multiple honeypots with ease

When an attacker first lands on your network, it's a beautiful thing. Why? It’s one of the rare moments you actually have the upper hand. And InsightIDR’s honeypots can help you make the most of it. Here’s how it works: Attackers use internal reconnaissance, such as network scans, to determine where to laterally move next. Honeypots, decoy machines/servers set to listen on the network, detect the use of nMap and other scanning tools to alert you to an attacker’s presence. Traditionally, honeypots have been difficult to set up and centrally manage, but with InsightIDR, it’s easy to deploy one or multiple across your network.

Detect password guessing attempts with honey users

Once an attacker has internal access to your network, they’ll likely try a vertical bruteforce, querying Active Directory to see the full list of users and try a small number of commonly used passwords across those accounts. Would your monitoring solution detect this today? InsightIDR helps detect password guessing attempts by enabling you to define a honey user, such as PatchAdmin, and get alerted on any authentications to that decoy account.

Catch the use of stolen credentials, including pass-the-hash

Once an attacker compromises an endpoint, they can extract password hashes and even cleartext credentials, no outside malware required. While endpoint detection and response solutions may be able to identify privilege escalation and other malicious exploits, the question remains: What did the attacker do from there? InsightIDR not only provides real-time endpoint detection, but also injects fake honey credentials on your endpoints to deceive attackers. If this credential is used anywhere else on the network, such as with pass-the-hash, you’ll be automatically alerted.

Get file-level visibility without the management headache

Once an attacker has access to confidential materials, the next step is getting it off the network—typically by zipping and copying the files to an external drop server or stolen cloud storage account. As this exfiltration often goes over HTTP/HTTPS, it’s difficult to detect with firewalls and existing monitoring solutions. With InsightIDR, you can specify a honey file in a critical directory. All actions taken on this file – including opening, editing, and copying – are monitored, giving you file-level visibility without the effort of deploying a standalone File Integrity Monitoring solution.

Ethical Hacking ☠️

What is Ethical Hacking?

Suppose, you have launched an application and established all the security controls to protect it. But, how can you be so sure that your application is fully secure and nobody can bypass the security systems?

You’ll definitely have to test it against all security breaches and check whether the security controls protect your system or not.

Well, this process of testing the system against all possible security breaches is known as Ethical Hacking.

Ethical Hacking is part of Cyber Security, which mainly deals with finding vulnerabilities in a system and solving them before any malicious or black-hat hacker exploits them.

It is the process of testing and validating the system to discover the weaknesses present in it and inform the organization about all those weaknesses. Later, the organization will hire some Cyber Security professionals to recommend measures that will help prevent the data from any kind of theft or fraud.

These cybersecurity professionals are also known as penetration testers.

Summarizing, Ethical Hacking is the process of bypassing the security system of an organization to find loopholes in the system and resolve them. There are various benefits of Ethical Hacking, which are listed below.

Benefits of Ethical Hacking

• Weak points of a system can be easily found and resolved by performing penetration testing.
• You can implement solutions for vulnerabilities to prevent security breaches.
• Ethical Hacking protects data from being stolen by ‘black-hat hackers.’
• It helps protect networks with continuous assessments.
• Customers and investors will trust your company if the security of the data and the system is well maintained.

Now, you might be thinking that Ethical Hacking and Cyber Security are the same as their purpose of protecting the system from malicious attacks is similar. However, there is indeed a difference between Ethical Hacking and Cyber Security. We will be discussing Ethical Hacking vs Cyber Security in detail in the next section.

Cyber Security vs Ethical Hacking

After understanding the meaning of Ethical Hacking and Cyber Security, now, it is time to discuss Cyber Security vs Ethical Hacking. Although both of their objectives are the same – i.e., to keep the system and the data secure – there are certain differences between the two.

Cyber Security is a vast subject that includes a lot of network and information security mechanisms, such as data security, digital forensics, Ethical Hacking, and much more. Therefore, we can say that Ethical Hacking is a subpart of Cyber Security.

Ethical Hacking is performed by ‘white-hat hackers’ whose work of hacking the system is the same as that of ‘black-hat’ hackers, but the intention is different. In the case of ethical hacking, the hacker hacks to protect the system.

Cyber Security experts, on the other hand, don’t have to hack into the system. Their job is to protect the system by taking all possible protective measures.

In the simplest of terms, Ethical Hackers make use of offensive security measures, aand Cyber Security experts use defensive security measures.

Let’s take an example here. Suppose, you have launched an application like Uber, and your app is generating and storing a lot of customer data per day. These records can be used by any malicious hacker for performing dubious acts, including generating huge amounts of false requests, accessing users’ account details who pay online, and many more.

Here, the Cyber Security expert will try to defend the application by taking appropriate protective measures, or moreover, he/she will just inform the owner about the attack.

Meanwhile, an Ethical Hacker will try to attack the application with permission and will inform you about how he could hack the system, and then, he may also provide a solution for the issue.

Ethical Hacking is like you are intentionally trying to hack into a system just to test how the system would respond to such malicious activities.

Now, let’s move ahead and understand the key differences between Ethical Hacking and Cyber Security.

Difference Between Ethical Hacking and Cyber Security

Untitled

Now, you know the major differences between Ethical Hacking and Cyber Security. Let’s move ahead and understand the various roles of Cyber Security experts and Ethical Hackers.

Roles of a Cyber Security Expert and an Ethical Hacker

Well, Ethical Hacking is done by ‘ethical’ hackers who are the legitimate or legal hackers, and their job is to do hacking with the permission of the owner and provide a report about the hack.

Whereas, Cyber Security is managed by Cyber Security experts whose main goal is to defend the system from malicious activities. Their job is to monitor the system regularly and take defensive measures when someone tries to bypass the security system.

Below are the roles of a Cyber Security expert:

• The main role of a Cyber Security expert is to perform regular audits and discover inefficiencies in the system.
• A Cyber Security expert has to implement the most efficient technologies to improve the security system.
• He/she should keep the security system updated by performing regular maintenance.
• The professional must assign only appropriate access privileges for advanced system protection.
• He/she has to explain to the organization about the consequences of malicious attacks.
• A Cyber Security expert’s job is to provide various suggestions for improving the security system.

Now, let’s check out the roles of an Ethical Hacker:

• An Ethical Hacker evaluates the performance of a system by testing it for various security breaches.
• The professional has to test the security system of the company and also suggest solutions to enhance it.
• He/she should perform regular pen tests on the system, web application, and/or the network to check whether it is possible to violate the security system.
• He/she should generate reports after finding the vulnerabilities and also provide feedback once the issues are resolved.
• The professional also has to inform the organization about how the attack can affect its operations and users.
• He/she should use the technique of hacking to provide solutions for the weaknesses found in the system.

After understanding the roles of a Cyber Security expert and an Ethical Hacker, you can say that their objective to protect the system might be the same, but they use different methods for doing it. Let’s move further in this Cyber Security vs Ethical Hacking blog and understand which is better, Ethical Hacking or Cyber Security.

IDAM 📌

• Identity and access management (IAM or IdAM for short) is a way to tell who a user is and what they are allowed to do.
• IAM is like the bouncer at the door of a nightclub with a list of who is allowed in, who isn't allowed in, and who is able to access the VIP area.
• IAM is also called identity management (IdM).
• In more technical terms, IAM is a means of managing a given set of users' digital identities, and the privileges associated with each identity.
• Within an organization, IAM may be a single product, or it may be a combination of processes, software products, cloud services, and hardware that give administrators visibility and control over the organizational data that individual users can access.
• Identity in the context of computing
  • A person's entire identity cannot be uploaded and stored in a computer, so "identity" in a computing context means a certain set of properties that can be conveniently measured and recorded digitally.
  • Think of an ID card or a passport: not every fact about a person is recorded in an ID card, but it contains enough personal characteristics that a person's identity can quickly be matched to the ID card.
• Identity in the context of computing
  • To verify identity, a computer system will assess a user for characteristics that are specific to them.
  • If they match, the user's identity is confirmed. These characteristics are also known as "authentication factors,“.
  • The three most widely used authentication factors are:
    • Something the user knows
    • Something the user has
    • Something the user is

### Identity in the context of computing

- **Something the user has:**
    - This factor refers to possession of a physical token that is issued to authorized users.
    - The most basic example of this authentication factor is the use of a physical house key to enter one's home. The assumption is that only someone who owns, rents, or otherwise is allowed into the house will have a key.

- **Something the user is:**
    - This refers to a physical property of one's body.
    - A common example of this authentication factor in action is Face ID, the feature offered by many modern smartphones. Fingerprint scanning is another example.
    - Less common methods used by some high-security organizations include retina scans and blood tests.

### Access management

- "Access" refers to what data a user can see and what actions they can perform once they log in.
- Once John logs into his email, he can see all the emails he has sent and received.
- However, he should not be able to see the emails sent and received by Tracy, his coworker.