1. INTRODUCTION:

The protection of information and infrastructure is that security in which the chance of successful yet undetected theft, modification and disturbance of information and services are kept to low endurable[9].

Network Security: Protecting a network and data, computer program, other computer system assets from unwanted intruders, and unauthorized user[9].

Fig.1. Information Security

Information Security: Protecting information and information systems from interdicted access, use, declaration, interference, modification or destruction [7-9].

There are following security services issues as given below [8-9]

· Confidentiality

· Authentication

· Integrity

· No repudiation

· Access control

· Availability

· Authorization

Hacking and challenges:

A hacker is an individual who uses his technical skills with the help of computer and network to process the task. Hacker is a person who uses his efforts to gain unauthorized access to systems and networks in order to commit cyber-crime. He may steal all the important information like all bank accounts, all personal data and use it to exploit the victim and ask for ransom wares to give data back [13].

Types of hackers in the present world[11]:

(i) White Hat Hackers:

Hacking for finding out the loop holes in the security system [11]. White hat hackers, sometimes referred to as ethical hackers, assist system owners in detecting and fixing security systems vulnerabilities. They are referred to as ethical hackers because they do not violate laws, even though they use many of the same tools used by Black Hat hackers [1].

Table.1. White Hat Hackers [1][11]

White Hat Hackers
Mission	Personality Trait	Purpose
To protect organization	Ethical	White Hat Hackers are hired to find security holes or vulnerabilities in existing cyber systems, so they can be patched and security test.

(ii) Black Hat Hackers:

Hacking for illegal or malicious purposes[11]. Black Hat hackers, sometimes called crackers, are typically motivated by the personal gain they receive from illegally breaching computer systems, though they might also be social mischief-makers that are in it for the thrill of the attack, for revenge or to seek notoriety [1].

Table.3. Black Hat Hackers [1]

Black Hat Hackers
Mission	Personality Trait	Purpose
To profit from data breaches	Malicious	Black Hat Hackers conduct unauthorized and illegal cyber-attacks for stealing personal or organization information or data to sell for profit or personal use.

(iii) Grey Hat Hackers:

Hacking sometimes legally and sometimes not but has no malicious intentions [11]. Grey Hats can have ideological motivations that translate to hacking attacks against an adversarial political position, a company policy that they do not agree with or even a nation-state. They are often referred to as activists. Grey Hat hackers can be White Hats by day and work for organizations and system owners to detect flaws in systems and mitigate them, but they sometimes engage in ideological hacking activities to correct a perceived wrong [1].

Table.4. Gray Hat Hackers [1]

Gray Hat Hackers
Mission	Personality Trait	Purpose
To challenge themselves	Ambitious	Gray Hat Hackers search for and exploit security vulnerabilities without profit and without authorization.

Ethical hacking:

Ethical Hacking has been used for software and network security [5]. Ethical hacking is performed with the target’s permission. Such type of hacking is intended to discover vulnerabilities from various types of future malicious attacks for betterment of secured system. It is the part of security enhancement program that cover risks and allowing cyber security improvement penetrations legally. Ethical hacking can also used for testing the security by vendors. Ethical hacking is performed in controlled environment by performing ethical attacks. This helps better to understand the working of malicious codes and their range dangerous area. Generally, the ethical hacking term is used for security professionals for using their skills for defensive purpose to identify future security attacks in the system with good intension.

The term ‘hacker’ originated at MIT in the 1960’s to describe someone who had the ability to understand and manipulate technology. Although this is still true of hackers, their skills have evolved outside of just technical capabilities to include the ability to manipulate people. Additionally, hackers are now categorized into three distinct categories that identify their motives[7].

Process of ethical hacking:

The preplanning is arranged in various steps for performing ethical attack to the system security testing legally. All technical, management and strategic issues must be considered. Proper planning is very crucial for security testing from simple password security test to all high level network penetration tests. Back up of data and information should be kept before committing ethical hacking. So, a well defined scope involves the following information[5][7-11]:

1. Specific systems to be tested.

2. Risks that are involved.

3. A proper test schedule is prepared over time.

4. Use knowledge or experiences to explore security threats.

5. What is done and when vulnerability are discovered?

6. Assessment report of security for high level counter measures and start with most crucial cyber tests.

The hacking methodology has some steps that are followed by hackers. These are listed below:

Step-1: Reconnaissance

Step-2: Scanning the system

Step-3: Enumeration

Step-4: Gaining Access or penetrating the system

Step-5: Maintaining Access for long time attack

Step-6: Creating Tracks

During this phase, an ethical hacker can collect the following information

Fig.5. List of information collected by Hackers

WHAT IS CYBER ?

The term cyber and cyberspace are modernized due to spread of computer and internet connectivity. Anything related to the internet also falls under the cyber category [2]. Some popular words that use the cyber prefix include the following: Cyber-crime, Cyberspace, Cyber forensics, Cyber bully, Cyber buck, Cyber security and Cyber punk [3-4].

CYBER ATTACKS AND CYBER SECURITY:

Cyber-attacks cause unauthorized access or manipulation, destruction, interruption in software in terms of malware intentionally to cause loss through electronic information or other physical infrastructure. There is a way to protect from these attacks is social awareness about cyber-crimes. It can be described as a process of applying information security measures or techniques to protect the confidentiality, integrity, and availability (CIA) of information. Hackers can compromise the confidentiality, integrity, and availability (CIA) of information by using social engineering attacks to naïve users. Information security management is concerned with countermeasures to protect the CIA of information assets from various threats, using principles, best practices, and technologies. Once hackers access a system, they can steal, delete or alter the information stored on it, or corrupt its operations [4] [12-14].

B. TRENDS CHANGING CYBER SECURITY:

The various impact of cyber security attacks on the communication infrastructures:

• Web servers:

Web applications are used to extract data or information by using malicious code on servers. Such cyber criminals distribute their malicious code via their compromised web servers. Now we have to focus on the protection of web servers and web applications because web server contains the valuable information and data.

We should also use the safe web browser for financial transactions [10].

Cloud computing and its services:

The world is slowly moving towards the cloud. This latest trend presents a big challenge for cyber security against cyber attacks, as traffic can go around traditional points of inspection. Additionally, as the number of applications available in the cloud grows, policy controls for web applications and cloud services will also need to progress in order to prevent the loss of important information. however cloud services are developing their own models still a lot of issues are being brought up about their security. Loud may provide immense opportunities but it should always be noted that as the cloud evolves so as its security concerns increase [10].

· APT’s and targeted attacks :

APT (Advanced Persistent Threat) is a whole new level of cyber-attack war. For years network security capabilities such as web filtering or IPS (intrusion prevention system) have played a key part in identifying such targeted attacks (mostly after the initial compromise). As attackers grow bolder and employ more vague techniques, network security must integrate with other security services in order to detect cyber-attacks. Hence one must improve our security techniques in order to prevent more threats coming in the future [10].

· Mobile Networks:

Today we are able to connect to anyone, anytime in any part of the world with the help of mobile networks. But for these communication networks security is a very big concern. These days firewalls and other security measures are becoming porous as people are using devices such as tablets, mobile, laptops etc all of which again require extra securities apart from those present in the applications used. We must always think about the security issues of these networks. Further mobile networks are highly prone to these cyber-crimes a lot of care must be taken in case of their security issues [10].

INITIAL CYBERCRIME LEGISLATION:

Criminal laws have been enacted by the U.S. Congress that outlaws uncertified access to protected computers by individuals. Protected computers are defined under. S.Code Title 18, Section 1030 and there is a number of state and federal statutes that focus on unauthorized computer access which are related to computer crimes. One example is the Computer system Fraud and Abuse Act (CFAA) that was originally passed in 1986 and has been amended numerous times since then to simplify and increase the scope of an existing computer fraud law. According to Alexander in 2007, the CFAA was designed to protect government classified information and financial institution information that was stored on computers. If the computer was connected to the internet, this Act makes it a criminal offense for an individual to access it without proper authority or in an attempt to obtain financial information illegally. However, according to Taylor et al. in 2015, this Act appears very vague, and has been amended to include computer hacking offenses and the transmission of classified information in or outside the United States. The CFFA was originally designed by Congress to criminalize unauthorized access to computers [12].

D. COMMAN CYBER ATTACK:

· Un-targeted Attacks[14]

· In un-targeted attacks, attackers randomly target as many devices, services or users as possible. They do not care about who the victim is as there will be a number of machines or services with weakness. To do this security issue, they use techniques that take advantage of the openness of the Internet, which include:

· Phishing - sending emails to large numbers of people asking for sensitive information(such as bank details) or encouraging them to visit a fake website.

· Water holding-setting up a fake website or compromising a legitimate one in order to exploit visiting users.

· Ransomware - which could include disseminating disk encrypting extortion malware .

· Scanning - attacking wide swathes of the Internet at random

· Targeted Attacks[14]

In a targeted cyber-attack, your organization is singled out because the attacker has a specific interest in your business, or has been paid to target you. The groundwork for the cyber-attack could take months so that they can find the best route to deliver their exploit directly to your systems (or users). A targeted attack is often more damaging than an un-targeted one because it has been specifically tailored to attack your systems, processes or personnel, in the office and sometimes at home. Targeted attacks may include:

· Spear-phishing: sending emails to targeted individuals that could contain an attachment with malicious software, or a link that downloads malicious software.

· deploying a botnet: to deliver a DDOS (Distributed Denial of Service) attack.

· subverting the supply chain: to attack equipment or software being delivered to the organisation.

CONCLUSION:

Ethical hacking is not a criminal activity but malicious unethical hacking is a computer crime or cyber-crime. The main goal of ethical hacking is to provide data and information security from being stolen and fraudulent use by malicious attackers. The concept of security and trust is very changeable because cyber threats can attack from any level of your organization. The cyber-crime is growing day to day in a new innovation of crimes made by a class of intellectual and experienced cyber criminals. The cyber-crime is a great danger to the human rights in the digital world. Now-a-days the number of new security attacks being designed to steal personal information is increasing with accelerating pace. The attackers are targeting personal information to make a profit out of their operation.

ACKNOWLEDGMENT:

We express our heartily thanks to SoS in Computer Science andIT, Pt. Ravishankar Shukla University, Raipur for providing us the various resource to publish the work.

REFERENCES:

1. J. Gaia and G. L. Sanders, “Psychological Profiling of Hacking Potential 1,” vol. 3, pp. 2230–2239, 2020.

2. V. S. Padilla and F. F. Freire, “A Contingency Plan Framework for Cyber-Attacks,” J. Inf. Syst. Eng. Manag., vol. 4, no. 2, pp. 2–7, 2019.

3. M. G. Porcedda and D. S. Wall, “Cascade and Chain Effects in Big Data Cybercrime: Lessons from the TalkTalk hack,” Proc. - 4th IEEE Eur. Symp. Secur. Priv. Work. EUROS PW 2019, pp. 443–452, 2019.

4. F. Kwadade-cudjoe, “Effect of Cyber Security on Networks Operations ( A case study of Vodafone Ghana ),” vol. 7, no. 6, pp. 16–32, 2019.

5. A. Y. Ding, G. L. De Jesus, and M. Janssen, “Ethical hacking for boosting IoT vulnerability management: A first look into bug bounty programs and responsible disclosure,” ACM Int. Conf. Proceeding Ser., pp. 49–55, 2019.

6. P. K. Paul and S. Aithal, “Network security: threat and management,” no. November, 2019.

7. G. Thomas, O. Burmeister, and G. Low, “The Importance of Ethical Conduct by Penetration Testers in the Age of Breach Disclosure Laws.,” Australas. J. Inf. Syst., vol. 23, pp. 1–14, 2019.

8. Ding, Aaron Yi, Gianluca Limon De Jesus, and Marijn Janssen. “Ethical Hacking for Boosting IoT Vulnerability Management.” Proceedings of the Eighth International Conference on Telecommunications and Remote Sensing - ICTRS ’19 (2019).

9. N. Rathore, “Ethical Hacking and Security against Cyber Crime,” i-manager’s Journal on Information Technology, vol. 5, no. 1, pp. 7–11, 2016.

10. World Health Organizaton, “WHO Information Note on the Use of Dual HIV / Syphilis Rapid Diagnostic Tests ( RDT),” 2019

11. R. Nath, A. Mukhopadhyay, “Ethical Hacking: Scope and challenges in 21st century,” , vol. 1, pp. 2349-2163, 2019.

12. Pavlik, Kimberly, “Cybercrime, Hacking, And Legislation,”, , vol. 2, no. 1, pp. 13-16, 2019

13. Garg, N. kumar, D. khera,Y. Jain, and Prateek, “Towards the Impact of Hacking on Cyber Security,”, vol. 9, no. 1, pp. 61-77, 2019.

14. Attacks, cyberpaper, white,”Common cyber attacks : reducing the impact,” 2016.

Received on 24.05.2020 Accepted on 21.06.2020

Int. J. Tech. 2020; 10(1):83-87.

DOI: 10.5958/2231-3915.2020.00016.4