Report on

Hacking
➢ Grey Hat Hacking: Grey hat hackers
1. Introduction : fall somewhere between black and
white hat hackers. They may break
into systems without permission
Hacking refers to the unauthorized
but do not have malicious intent.
intrusion into a computer system or
Often, they expose vulnerabilities to
network. While the term has often been
the system owner without causing
associated with malicious activities, it can
harm.
also encompass ethical hacking, where
individuals are authorized to penetrate
➢ Script Kiddies: These are amateur
systems to identify and fix security
hackers who use pre-written scripts
vulnerabilities. Hacking has evolved over
or tools to break into systems. They
the decades, becoming one of the most
lack the expertise to create their
pressing concerns in the field of
own hacking tools and often engage
cybersecurity.
in hacking for thrill or attention
rather than for malicious purposes.
2. Types of Hacking:
➢ Hacktivism: Hacktivists use hacking
Hacking can be categorized based on intent to promote political or social
and methodology. The most common types agendas. Their activities can range
include: from website defacements to
large-scale distributed denial of
➢ Black Hat Hacking: This involves service (DDoS) attacks.
malicious hackers who break into
systems to steal data, disrupt ➢ State-Sponsored Hacking:
operations, or gain financial profit. Governments or state-sponsored
Black hat hackers use various groups conduct hacking activities
methods such as malware, for espionage, sabotage, or to
phishing, and exploiting system influence political outcomes. These
vulnerabilities. groups often target other nations'
critical infrastructure or private
➢ White Hat Hacking: Also known as industries.
ethical hacking, white hat hacking is
conducted with the permission of 3. Common Hacking
the system owner. Ethical hackers
aim to find and fix security Techniques:
loopholes before black hat hackers
can exploit them. Phishing: Phishing involves tricking
individuals into revealing sensitive
information, such as passwords or credit
card numbers, by pretending to be a Reputational Damage: Data breaches and
legitimate entity. cyber-attacks can tarnish the reputation of
organizations, leading to loss of customer
Malware: Malware includes viruses, trust and potential legal liabilities.
worms, ransomware, and other malicious
software designed to damage, disrupt, or Data Loss and Privacy Violations: Hacking
gain unauthorized access to computer can result in the unauthorized access and
systems. exposure of sensitive data, including
personal, financial, and proprietary
Social Engineering: Social engineering information.
manipulates people into divulging
confidential information. Techniques National Security Threats:
include pretexting, baiting, and tailgating. State-sponsored hacking and cyber
espionage pose significant risks to national
SQL Injection: SQL injection involves security, potentially compromising critical
inserting malicious code into a query to infrastructure, military operations, and
manipulate databases. This technique can intelligence.
allow hackers to access, modify, or delete
data in a database. 5. Defense Against Hacking:
DDoS Attacks: Distributed Denial of Service
To protect against hacking, organizations
(DDoS) attacks overwhelm a target system
and individuals should implement robust
with traffic, rendering it inaccessible to
cybersecurity measures, including:
legitimate users.

Regular Software Updates: Keeping

Man-in-the-Middle (MitM) Attacks: In
software and systems up-to-date with the
MitM attacks, hackers intercept
latest patches helps mitigate
communication between two parties to
vulnerabilities.
eavesdrop or alter the transmitted
information.
Strong Password Policies: Implementing
complex passwords and multi-factor
4. Impact of Hacking: authentication (MFA) reduces the risk of
unauthorized access.
The consequences of hacking can be severe,
affecting individuals, businesses, and Employee Training: Educating employees
governments. Key impacts include: on cybersecurity best practices, such as
recognizing phishing attempts and
Financial Loss: Hacking can lead to securing sensitive data, is crucial.
significant financial damage through theft
of funds, disruption of operations, and Network Security: Firewalls, intrusion
costs associated with responding to and detection systems (IDS), and virtual private
recovering from attacks. networks (VPNs) can help secure networks
from unauthorized access.
Data Encryption: Encrypting sensitive data ensures that even if it is intercepted, it cannot be
easily read or used by unauthorized parties.

Regular Security Audits: Conducting regular security assessments and penetration tests can
identify vulnerabilities before they can be exploited by hackers.

6. Conclusion

Hacking is a complex and evolving threat in the digital age. While it poses significant risks, a
comprehensive cybersecurity strategy can mitigate these risks and protect systems from
malicious activities. As technology advances, the importance of staying vigilant and proactive
in defending against hacking cannot be overstated. Ethical hacking, when used responsibly,
can be a powerful tool in enhancing cybersecurity and safeguarding the digital landscape.

—------------------------------------------------------------------------

Kindly Refer to the next page for the Assignment Questions along with their answers.
 CA2 Assignment QnA

1. How is Encryption Different from Hashing?

Encryption and hashing are both cryptographic techniques, but they serve different purposes
and operate differently:

● Purpose:
○ Encryption: Used to securely transmit data by converting it into a form that can
only be read by someone with the correct decryption key. It is reversible,
meaning that the encrypted data (ciphertext) can be decrypted back to its
original form (plaintext).
○ Hashing: Used to verify data integrity by producing a fixed-size string (hash)
from an input, which is unique to that input. Hashing is a one-way process,
meaning it cannot be reversed to retrieve the original data.
● Reversibility:
○ Encryption: Reversible with the appropriate key, allowing the original data to be
retrieved.
○ Hashing: Irreversible; the original data cannot be obtained from the hash value.
● Use Cases:
○ Encryption: Used for secure communication, such as in SSL/TLS (HTTPS), email
encryption, and data storage encryption.
○ Hashing: Used for verifying data integrity, password storage, and digital
signatures.

2. What is a Firewall and Why is it Used?

A firewall is a network security device or software that monitors and controls incoming and
outgoing network traffic based on predetermined security rules. Its primary function is to
establish a barrier between a trusted internal network and untrusted external networks, such
as the internet.

● Purpose:
○ To prevent unauthorized access to or from a private network.
○ To protect against cyber threats, such as malware, phishing, and unauthorized
intrusions.
○ To filter traffic based on criteria such as IP addresses, domain names, protocols,
and ports.
● Types of Firewalls:
○ Packet-Filtering Firewalls: Inspect packets and allow or deny them based on
predefined rules.
○ Stateful Inspection Firewalls: Track the state of active connections and make
decisions based on the context of the traffic.
 ○ Proxy Firewalls: Act as an intermediary between users and the internet, filtering
requests and responses.
○ Next-Generation Firewalls (NGFWs): Include additional features like deep
packet inspection, intrusion prevention, and application awareness.

3. What is a Three-Way Handshake?

A three-way handshake is a process used in the TCP/IP protocol suite to establish a reliable
connection between a client and a server before data transmission begins. It involves three
steps:

1. SYN: The client sends a synchronization (SYN) packet to the server, indicating the
desire to establish a connection.
2. SYN-ACK: The server responds with a synchronization acknowledgment (SYN-ACK)
packet, indicating that it is ready to establish a connection.
3. ACK: The client sends an acknowledgment (ACK) packet back to the server, confirming
the connection is established.

This process ensures that both the client and server are ready for data transfer and helps in
synchronizing the sequence numbers used in the communication.

4. Describe Various Types of Cyber-Attacks

Cyber-attacks are malicious attempts to disrupt, damage, or gain unauthorized access to

computer systems, networks, or data. Common types include:

● Phishing: Deceptive emails or messages that trick individuals into revealing sensitive
information, such as passwords or credit card numbers.
● Malware: Malicious software that infects systems, including viruses, worms,
ransomware, and spyware. It can damage systems, steal data, or take control of devices.
● DDoS (Distributed Denial of Service) Attack: An attack where multiple compromised
systems are used to flood a target with traffic, overwhelming it and causing it to be
inaccessible.
● SQL Injection: A code injection technique that exploits vulnerabilities in an
application's database by injecting malicious SQL queries, potentially giving the
attacker access to sensitive data.
● Man-in-the-Middle (MitM) Attack: An attack where the attacker intercepts and
possibly alters the communication between two parties without their knowledge.
● Zero-Day Exploit: An attack that targets a previously unknown vulnerability in
software or hardware before the vendor has issued a patch.
● Ransomware: A type of malware that encrypts the victim's data and demands a ransom
for the decryption key.
5. With the Differential Parameters, Differentiate Between HTTP and
HTTPS

HTTP (Hypertext Transfer Protocol) and HTTPS (Hypertext Transfer Protocol Secure) are
protocols used for transmitting data over the web. Here's how they differ:

Parameter HTTP HTTPS

Security No encryption; data is sent Encrypted using SSL/TLS; data is secure.

in plaintext.

Port Uses port 80 by default. Uses port 443 by default.

Data Integrity Vulnerable to interception Ensures data integrity through encryption.

and modification.

Performance Faster since it doesn’t Slightly slower due to encryption overhead.

encrypt data.

Certificate Does not require an Requires an SSL/TLS certificate to validate

SSL/TLS certificate. the server's identity.

Use Case Suitable for non-sensitive Essential for sensitive transactions, such as
data transmission. online banking, shopping, and login pages.

SEO Impact Neutral effect on SEO HTTPS is favored by search engines,

rankings. potentially improving rankings.

In summary, HTTPS is the secure version of HTTP, adding a layer of encryption and
authentication to protect data transmission, making it essential for websites handling
sensitive user information.

—------------------------------------------------------------------------