Sie sind auf Seite 1von 45

Certified Ethical Hacker v10 https://www.ethicalhackx.com fb.

com/ethicalhackx

Certified Ethical Hacker v10 https://www.ethicalhackx.com fb.com/ethicalhackx


Certified Ethical Hacker v10 https://www.ethicalhackx.com fb.com/ethicalhackx

&KDSWHU,QWURGXFWLRQWR(WKLFDO+DFNLQJ
7HFKQRORJ\%ULHI
,QIRUPDWLRQ6HFXULW\2YHUYLHZ
7KH PHWKRGV DQG SURFHVVHV WR SURWHFW LQIRUPDWLRQ DQG LQIRUPDWLRQ V\VWHPV
IURP XQDXWKRUL]HG DFFHVV WKH GLVFORVXUH RI LQIRUPDWLRQ XVDJH RU
PRGLILFDWLRQ ,QIRUPDWLRQ VHFXULW\ HQVXUHV WKH FRQILGHQWLDOLW\ LQWHJULW\ DQG
DYDLODELOLW\ $Q RUJDQL]DWLRQ ZLWKRXW VHFXULW\ SROLFLHV DQG DSSURSULDWH
VHFXULW\ UXOHV DUH DW JUHDW ULVN DQG WKH FRQILGHQWLDO LQIRUPDWLRQ DQG GDWD
UHODWHG WR WKDW RUJDQL]DWLRQ DUH QRW VHFXUH LQ WKH DEVHQFH RI WKHVH VHFXULW\
SROLFLHV $Q RUJDQL]DWLRQ DORQJ ZLWK ZHOOGHILQHG VHFXULW\ SROLFLHV DQG
SURFHGXUHV KHOSV LQ SURWHFWLQJ WKH DVVHWV RI WKDW RUJDQL]DWLRQ IURP
XQDXWKRUL]HG DFFHVV DQG GLVFORVXUHV ,Q WKH PRGHUQ ZRUOG ZLWK WKH ODWHVW
WHFKQRORJLHV DQG SODWIRUPV PLOOLRQV RI XVHUV LQWHUDFWLQJ ZLWK HDFK RWKHU
HYHU\PLQXWH7KHVHVL[W\VHFRQGVFDQEHYXOQHUDEOHDQGFRVWO\WRWKHSULYDWH
DQG SXEOLF RUJDQL]DWLRQV GXH WR WKH SUHVHQFH RI YDULRXV W\SHV RI ROG DQG
PRGHUQ WKUHDWV DOO RYHU WKH ZRUOG 3XEOLF LQWHUQHW LV WKH PRVW FRPPRQ DQG
UDSLG RSWLRQ IRU VSUHDGLQJ WKUHDWV DOO RYHU WKH ZRUOG 0DOLFLRXV &RGHV DQG
6FULSWV 9LUXVHV 6SDPV DQG 0DOZDUH DUH DOZD\V ZDLWLQJ IRU \RX 7KDW LV
ZK\ WKH 6HFXULW\ ULVN WR D QHWZRUN RU D V\VWHP FDQ QHYHU HOLPLQDWH ,W LV
DOZD\VDJUHDWFKDOOHQJHWRLPSOHPHQWDVHFXULW\SROLF\WKDWLVHIIHFWLYHDQG
EHQHILFLDO WR WKH RUJDQL]DWLRQ LQVWHDG RI WKH DSSOLFDWLRQ RI DQ XQQHFHVVDU\
VHFXULW\LPSOHPHQWDWLRQZKLFKFDQZDVWHWKHUHVRXUFHVDQGFUHDWHDORRSKROH
IRU WKUHDWV 2XU 6HFXULW\ REMHFWLYHV DUH VXUURXQGLQJ WKHVH WKUHH EDVLF
FRQFHSWV
'DWD%UHDFK
H%D\'DWD%UHDFK
2QH RI WKH UHDOOLIH H[DPSOHV GHVFULELQJ WKH QHHG IRU LQIRUPDWLRQ DQG
QHWZRUN VHFXULW\ ZLWKLQ WKH FRUSRUDWH QHWZRUN LV H%D\ GDWD EUHDFK H%D\ LV
ZHOONQRZQRQOLQHDXFWLRQSODWIRUPWKDWLVZLGHO\XVHGDOORYHUWKHZRUOG
H%D\DQQRXQFHGLWVPDVVLYHGDWDEUHDFKLQZKLFKFRQWDLQHGVHQVLWLYH
GDWD PLOOLRQ FXVWRPHUV ZHUH HVWLPDWHG KDYLQJ GDWD ORVV LQ WKLV DWWDFN
$FFRUGLQJWRH%D\WKHGDWDEUHDFKFRPSURPLVHGWKHIROORZLQJLQIRUPDWLRQ
LQFOXGLQJ

Certified Ethical Hacker v10 https://www.ethicalhackx.com fb.com/ethicalhackx


Certified Ethical Hacker v10 https://www.ethicalhackx.com fb.com/ethicalhackx

&XVWRPHUV
QDPHV
(QFU\SWHGSDVVZRUGV
(PDLODGGUHVV
3RVWDO$GGUHVV
&RQWDFW1XPEHUV
'DWHRIELUWK
7KHVH VHQVLWLYH LQIRUPDWLRQ PXVW EH VWRUHG LQ DQ HQFU\SWHG IRUP WKDW XVHV
VWURQJHQFU\SWLRQ,QIRUPDWLRQPXVWEHHQFU\SWHGLQVWHDGRIEHLQJVWRUHGLQ
SODLQWH[WH%D\FODLPVWKDWQRLQIRUPDWLRQUHODWLQJWR6HFXULW\QXPEHUVOLNH
FUHGLW FDUGV LQIRUPDWLRQ ZDV FRPSURPLVHG DOWKRXJK LGHQWLW\ DQG SDVVZRUG
WKHIW FDQ DOVR FDXVH VHYHUH ULVN H%D\ GDWDEDVH FRQWDLQLQJ ILQDQFLDO
LQIRUPDWLRQ VXFK DV FUHGLW FDUGV LQIRUPDWLRQ DQG RWKHU ILQDQFLDO UHODWHG
LQIRUPDWLRQDUHFODLPHGWREHNHSWLQDVHSDUDWHDQGHQFU\SWHGIRUPDW
7KH 2ULJLQ RI H%D\ GDWD EUHDFK IRU KDFNHUV LV E\ FRPSURPLVLQJ D VPDOO
QXPEHURIHPSOR\HHVFUHGHQWLDOVYLDSKLVKLQJLQEHWZHHQ)HEUXDU\ 0DUFK
6SHFLILFHPSOR\HHVPD\EHWDUJHWHGWRJHWDFFHVVWRH%D\
VQHWZRUNRU
PD\ H%D\ QHWZRUN ZDV HQWLUHO\ EHLQJ PRQLWRUHG DQG WKHQ FRPSURPLVHG
7KH\FODLPHGGHWHFWLRQRIWKLVF\EHUDWWDFNZLWKLQWZRZHHNV
*RRJOH3OD\+DFN
$7XUNLVK+DFNHUߡ,EUDKLP%DOLFߢKDFNHG*RRJOH3OD\WZLFH+HFRQFHGHG
WKH UHVSRQVLELOLW\ RI WKH *RRJOH 3OD\ DWWDFN ,W ZDV QRW KLV ILUVW DWWHPSW KH
DFFODLPHG WKDW KH ZDV EHKLQG WKH $SSOH
V 'HYHORSHU VLWH DWWDFN +H WHVWHG
YXOQHUDELOLWLHV LQ *RRJOH
V 'HYHORSHU &RQVROH DQG IRXQG D IODZ LQ WKH
$QGURLG 2SHUDWLQJ 6\VWHP ZKLFK KH WHVWHG WZLFH WR PDNH VXUH DERXW LW
FDXVLQJFUDVKDJDLQDQGDJDLQ
8VLQJ WKH UHVXOW RI KLV YXOQHUDELOLW\ WHVWLQJ KH GHYHORSHG DQ DQGURLG
DSSOLFDWLRQ WR H[SORLW WKH YXOQHUDELOLW\ :KHQ WKH GHYHORSHUߞV FRQVROH
FUDVKHG XVHUV ZHUH XQDEOH WR GRZQORDG DSSOLFDWLRQV DQG GHYHORSHUV ZHUH
XQDEOHWRXSORDGWKHLUDSSOLFDWLRQV
7KH+RPH'HSRW'DWD%UHDFK
7KHIW RI LQIRUPDWLRQ IURP SD\PHQW FDUGV OLNH FUHGLW FDUGV LV FRPPRQ
QRZDGD\V,Q+RPH'HSRWߞV3RLQWRI6DOH6\VWHPVZHUHFRPSURPLVHG
$UHOHDVHGVWDWHPHQWIURP+RPH'HSRWRQWKHWKRI6HSWHPEHUFODLPHG
EUHDFKRIWKHLUV\VWHPV

Certified Ethical Hacker v10 https://www.ethicalhackx.com fb.com/ethicalhackx


Certified Ethical Hacker v10 https://www.ethicalhackx.com fb.com/ethicalhackx

7KH DWWDFNHU JDLQHG DFFHVV WR WKLUGSDUW\ YHQGRUV ORJLQ FUHGHQWLDOV DQG
DFFHVVHG WKH 326 QHWZRUNV =HUR'D\ 9XOQHUDELOLW\ H[SORLWHG LQ :LQGRZV
ZKLFK FUHDWHG D ORRSKROH WR HQWHU WKH FRUSRUDWH QHWZRUN RI +RPH 'HSRW WR
PDNH D SDWK IURP WKH WKLUGSDUW\ HQYLURQPHQW WR +RPH 'HSRWߞV QHWZRUN
$IWHU DFFHVVLQJ WKH FRUSRUDWH QHWZRUN 0HPRU\ 6FUDSSLQJ 0DOZDUH ZDV
UHOHDVHG WKHQ DWWDFNHG WKH 3RLQW RI 6DOH WHUPLQDOV 0HPRU\ 6FUDSLQJ
0DOZDUHLVKLJKO\FDSDEOHLWJUDEEHGPLOOLRQVRISD\PHQWFDUGVLQIRUPDWLRQ
+RPH'HSRWKDVWDNHQVHYHUDOUHPHGLDWLRQDFWLRQVDJDLQVWWKHDWWDFNXVLQJ
(09 &KLS 3LQ SD\PHQW FDUGV 7KHVH &KLS 3LQ SD\PHQW FDUGV KDV D
VHFXULW\FKLSHPEHGGHGLQWRLWWRHQVXUHGXSOLFLW\ZLWKPDJVWULSH
(VVHQWLDO7HUPLQRORJ\
+DFN9DOXH
7KHWHUP+DFN9DOXHUHIHUVWRDYDOXHWKDWGHQRWHVDWWUDFWLYHQHVVLQWHUHVWRU
VRPHWKLQJ WKDW LV ZRUWK\ 9DOXH GHVFULEHV WKH WDUJHWVߞ OHYHO RI DWWUDFWLRQ WR
WKHKDFNHU
=HUR'D\$WWDFN
=HUR'D\ $WWDFNV UHIHUUV WR WKUHDWV DQG YXOQHUDELOLWLHV WKDW FDQ H[SORLW WKH
YLFWLPEHIRUHWKHGHYHORSHULGHQWLI\RUDGGUHVVDQGUHOHDVHDQ\SDWFKIRUWKDW
YXOQHUDELOLW\
9XOQHUDELOLW\
7KHYXOQHUDELOLW\UHIHUVWRDZHDNSRLQWORRSKROHRUDFDXVHLQDQ\V\VWHPRU
QHWZRUNZKLFKFDQEHKHOSIXODQGXWLOL]HGE\WKHDWWDFNHUVWRJRWKURXJKLW
$Q\YXOQHUDELOLW\FDQEHDQHQWU\SRLQWIRUWKHPWRUHDFKWKHWDUJHW
'DLV\&KDLQLQJ
'DLV\ &KDLQLQJ LV D VHTXHQWLDO SURFHVV RI VHYHUDO KDFNLQJ RU DWWDFNLQJ
DWWHPSWV WR JDLQ DFFHVV WR QHWZRUN RU V\VWHPV RQH DIWHU DQRWKHU XVLQJ WKH
VDPHLQIRUPDWLRQDQGWKHLQIRUPDWLRQREWDLQHGIURPWKHSUHYLRXVDWWHPSW
([SORLW
([SORLWLVDEUHDFKRIVHFXULW\RIDV\VWHPWKURXJK9XOQHUDELOLWLHV=HUR'D\
$WWDFNVRUDQ\RWKHUKDFNLQJWHFKQLTXHV
'R[LQJ
7KH WHUP 'R[LQJ UHIHUUV WR 3XEOLVKLQJ LQIRUPDWLRQ RU D VHW RI LQIRUPDWLRQ
DVVRFLDWHGZLWKDQLQGLYLGXDO7KLVLQIRUPDWLRQLVFROOHFWHGSXEOLFO\PRVWO\
IURPVRFLDOPHGLDRURWKHUVRXUFHV

Certified Ethical Hacker v10 https://www.ethicalhackx.com fb.com/ethicalhackx


Certified Ethical Hacker v10 https://www.ethicalhackx.com fb.com/ethicalhackx

3D\ORDG
7KHSD\ORDGUHIHUUVWRWKHDFWXDOVHFWLRQRILQIRUPDWLRQRUGDWDLQDIUDPHDV
RSSRVHG WR DXWRPDWLFDOO\ JHQHUDWHG PHWDGDWD ,Q LQIRUPDWLRQ VHFXULW\
3D\ORDGLVDVHFWLRQRUSDUWRIDPDOLFLRXVDQGH[SORLWHGFRGHWKDWFDXVHVWKH
SRWHQWLDOO\ KDUPIXO DFWLYLW\ DQG DFWLRQV VXFK DV H[SORLW RSHQLQJ EDFNGRRUV
DQGKLMDFNLQJ
%RW
7KH ERWV DUH VRIWZDUH WKDW LV XVHG WR FRQWURO WKH WDUJHW UHPRWHO\ DQG WR
H[HFXWH SUHGHILQHG WDVNV ,W LV FDSDEOH WR UXQ DXWRPDWHG VFULSWV RYHU WKH
LQWHUQHW7KHERWVDUHDOVRNQRZQDVIRU,QWHUQHW%RWRU:HE5RERW7KHVH
%RWV FDQ EH XVHG IRU 6RFLDO SXUSRVHV VXFK DV &KDWWHUERWV &RPPHUFLDO
SXUSRVH RU LQWHQGHG 0DOLFLRXV 3XUSRVH VXFK DV 6SDPERWV 9LUXVHV DQG
:RUPVVSUHDGLQJ%RWQHWV''R6DWWDFNV
(OHPHQWVRI,QIRUPDWLRQ6HFXULW\
&RQILGHQWLDOLW\
:H ZDQW WR PDNH VXUH WKDW RXU VHFUHW DQG VHQVLWLYH GDWD LV VHFXUH
&RQILGHQWLDOLW\PHDQVWKDWRQO\DXWKRUL]HGSHUVRQVFDQZRUNZLWKDQGVHHRXU
LQIUDVWUXFWXUHߞV GLJLWDO UHVRXUFHV ,W DOVR LPSOLHV WKDW XQDXWKRUL]HG SHUVRQV
VKRXOGQRWKDYHDQ\DFFHVVWRWKHGDWD7KHUHDUHWZRW\SHVRIGDWDLQJHQHUDO
GDWDLQPRWLRQDVLWPRYHVDFURVVWKHQHWZRUNDQGGDWDDWUHVWZKHQGDWDLVLQ
DQ\ PHGLD VWRUDJH VXFK DV VHUYHUV ORFDO KDUG GULYHV FORXG )RU GDWD LQ
PRWLRQ ZH QHHG WR PDNH VXUH GDWD HQFU\SWLRQ EHIRUH VHQGLQJ LW RYHU WKH
QHWZRUN $QRWKHU RSWLRQ ZH FDQ XVH DORQJ ZLWK HQFU\SWLRQ LV WR XVH D
VHSDUDWHQHWZRUNIRUVHQVLWLYHGDWD)RUGDWDDWUHVWZHFDQDSSO\HQFU\SWLRQ
DWVWRUDJHPHGLDGULYHVRWKDWQRRQHFDQUHDGLWLQFDVHRIWKHIW
,QWHJULW\
:H GR QRW ZDQW RXU GDWD WR EH DFFHVVLEOH RU PDQLSXODWHG E\ XQDXWKRUL]HG
SHUVRQV'DWDLQWHJULW\HQVXUHVWKDWRQO\DXWKRUL]HGSDUWLHVFDQPRGLI\GDWD
$YDLODELOLW\
$YDLODELOLW\DSSOLHVWRV\VWHPVDQGGDWD,IDXWKRUL]HGSHUVRQVFDQQRWJHWWKH
GDWD GXH WR JHQHUDO QHWZRUN IDLOXUH RU GHQLDORIVHUYLFH '26 DWWDFN WKHQ
WKDWLVWKHSUREOHPDVORQJDVWKHEXVLQHVVLVFRQFHUQHG,WPD\DOVRUHVXOWLQ
ORVVRIUHYHQXHVRUUHFRUGLQJVRPHLPSRUWDQWUHVXOWV
:H FDQ XVH WKH WHUP ߡ&,$ߢ WR UHPHPEHU WKHVH EDVLF \HW PRVW LPSRUWDQW

Certified Ethical Hacker v10 https://www.ethicalhackx.com fb.com/ethicalhackx


Certified Ethical Hacker v10 https://www.ethicalhackx.com fb.com/ethicalhackx

VHFXULW\FRQFHSWV

&,$ 5LVN &RQWURO
/RVVRISULYDF\
(QFU\SWLRQ
8QDXWKRUL]HGDFFHVVWR
&RQILGHQWLDOLW\ $XWKHQWLFDWLRQ$FFHVV
LQIRUPDWLRQ
&RQWURO
,GHQWLW\WKHIW
0DNHU&KHFNHU4XDOLW\
,QIRUPDWLRQLVQRORQJHUUHOLDEOH
,QWHJULW\ $VVXUDQFH
RUDFFXUDWH)UDXG
$XGLW/RJV
%XVLQHVVFRQWLQXLW\
%XVLQHVVGLVUXSWLRQ/RVVRI
3ODQVDQGWHVW%DFNXS
$YDLODELOLW\ FXVWRPHUߞVFRQILGHQFH/RVVRI
VWRUDJH6XIILFLHQW
UHYHQXH
FDSDFLW\
7DEOH5LVNDQG,WV3URWHFWLRQE\,PSOHPHQWLQJ&,$
$XWKHQWLFLW\
$XWKHQWLFDWLRQ LV WKH SURFHVV ZKLFK LGHQWLILHV WKH XVHU RU GHYLFH WR JUDQW
SULYLOHJHV DFFHVV DQG FHUWDLQ UXOHV DQG SROLFLHV 6LPLODUO\ $XWKHQWLFLW\
HQVXUHV WKH DXWKHQWLFDWLRQ RI FHUWDLQ LQIRUPDWLRQ LQLWLDWHV IURP D YDOLG XVHU
FODLPLQJ WR EH WKH VRXUFH RI WKDW LQIRUPDWLRQ PHVVDJH WUDQVDFWLRQV 7KH
SURFHVV RI DXWKHQWLFDWLRQ WKURXJK WKH FRPELQHG IXQFWLRQ RI LGHQWLWLHV DQG
SDVVZRUGVFDQDFKLHYH$XWKHQWLFLW\

)LJXUH(OHPHQWVRI,QIRUPDWLRQ6HFXULW\

1RQ5HSXGLDWLRQ

Certified Ethical Hacker v10 https://www.ethicalhackx.com fb.com/ethicalhackx


Certified Ethical Hacker v10 https://www.ethicalhackx.com fb.com/ethicalhackx

1RQUHSXGLDWLRQ LV RQH RI WKH ,QIRUPDWLRQ $VVXUDQFH ,$ SLOODU ZKLFK


JXDUDQWHHVWKHLQIRUPDWLRQWUDQVPLVVLRQ UHFHLYLQJEHWZHHQWKHVHQGHUDQG
UHFHLYHU YLD GLIIHUHQW WHFKQLTXHV VXFK DV GLJLWDO VLJQDWXUHV DQG HQFU\SWLRQ
1RQUHSXGLDWLRQLVWKHDVVXUDQFHWKHFRPPXQLFDWLRQDQGLWVDXWKHQWLFLW\VR
WKHVHQGHUFDQQRWGHQ\IURPZKDWKHVHQW6LPLODUO\WKHUHFHLYHUFDQQRWGHQ\
IURP UHFHLYLQJ 'LJLWDO FRQWUDFWV VLJQDWXUHV DQG HPDLO PHVVDJHV XVH
1RQUHSXGLDWLRQWHFKQLTXHV
7KH6HFXULW\)XQFWLRQDOLW\DQG8VDELOLW\7ULDQJOH
,QD6\VWHP/HYHORI6HFXULW\LVDPHDVXUHRIWKHVWUHQJWKRIWKH6HFXULW\LQ
WKHV\VWHP)XQFWLRQDOLW\DQG8VDELOLW\7KHVHWKUHHFRPSRQHQWVDUHNQRZQ
DV WKH 6HFXULW\ )XQFWLRQDOLW\ DQG 8VDELOLW\ WULDQJOH &RQVLGHU D EDOO LQ WKLV
WULDQJOHLIWKHEDOOLVFHQWHUHGLWPHDQVDOOWKUHHFRPSRQHQWVDUHVWURQJHURQ
WKH RWKHU KDQG LI WKH EDOO LV FORVHU WR VHFXULW\ LW PHDQV WKH V\VWHP LV
FRQVXPLQJPRUHUHVRXUFHVIRUVHFXULW\DQGIHDWXUHDQGIXQFWLRQRIWKHV\VWHP
DQG 8VDELOLW\ UHTXLUHV DWWHQWLRQ $ VHFXUH V\VWHP PXVW SURYLGH VWURQJ
SURWHFWLRQ DORQJ ZLWK RIIHULQJ DOO VHUYLFHV DQG IHDWXUHV DQG XVDELOLW\ WR WKH
XVHU

)LJXUH6HFXULW\)XQFWLRQDOLW\ 8VDELOLW\7ULDQJOH

,PSOHPHQWDWLRQ RI +LJK OHYHO RI 6HFXULW\ W\SLFDOO\ LPSDFWV WKH OHYHO RI
IXQFWLRQDOLW\ DQG XVDELOLW\ ZLWK HDVH 7KH V\VWHP EHFRPHV QRQXVHUIULHQGO\
ZLWK D GHFUHDVH LQ SHUIRUPDQFH :KLOH GHYHORSLQJ DQ DSSOLFDWLRQ
GHSOR\PHQW RI VHFXULW\ LQ D V\VWHP 6HFXULW\ H[SHUWV PXVW NHHS LQ PLQG WR
PDNHVXUHDERXWIXQFWLRQDOLW\ HDVHRIXVDELOLW\7KHVHWKUHHFRPSRQHQWVRI
DWULDQJOHPXVWEHEDODQFHG

Certified Ethical Hacker v10 https://www.ethicalhackx.com fb.com/ethicalhackx


Certified Ethical Hacker v10 https://www.ethicalhackx.com fb.com/ethicalhackx

,QIRUPDWLRQ6HFXULW\7KUHDWVDQG$WWDFN9HFWRUV
0RWLYHV*RDOVDQG2EMHFWLYHVRI,QIRUPDWLRQ6HFXULW\$WWDFNV
,QWKHLQIRUPDWLRQVHFXULW\ZRUOGDQDWWDFNHUDWWDFNVWKHWDUJHWV\VWHPZLWK
WKH WKUHH PDLQ FRPSRQHQWV EHKLQG LW 0RWLYH RU 2EMHFWLYH RI DQ DWWDFN
PDNHV DQ DWWDFNHU IRFXV RQ DWWDFNLQJ D SDUWLFXODU V\VWHP $QRWKHU PDMRU
FRPSRQHQWLV0HWKRGWKDWLVXVHGE\DQDWWDFNHUWRJDLQDFFHVVWRDWDUJHW
V\VWHP 9XOQHUDELOLW\ DOVR KHOSV WKH DWWDFNHU WR IXOILOO KLV LQWHQWLRQV 7KHVH
WKUHHFRPSRQHQWVDUHWKHPDMRUEORFNVRQZKLFKDQDWWDFNGHSHQGV
0RWLYH DQG 2EMHFWLYH RI DQ DWWDFNHU WR DWWDFN D V\VWHP PD\ GHSHQG XSRQ
VRPHWKLQJ YDOXDEOH VWRUHG LQ WKDW VSHFLILF V\VWHP 7KH UHDVRQ PLJKW EH
HWKLFDO RU QRQHWKLFDO +RZHYHU WKHUH PXVW EH D JRDO WR DFKLHYH IRU WKH
KDFNHU ZKLFK OHDGV WR WKH WKUHDW WR WKH V\VWHP 6RPH W\SLFDO PRWLYHV RI
EHKLQG DWWDFNV DUH LQIRUPDWLRQ WKHIW 0DQLSXODWLRQ RI GDWD 'LVUXSWLRQ
SURSDJDWLRQ RI SROLWLFDO RU UHOLJLRXV EHOLHIV DWWDFN RQ WDUJHW
V UHSXWDWLRQ RU
WDNLQJUHYHQJH0HWKRGRIDWWDFN 9XOQHUDELOLW\UXQVVLGHE\VLGH,QWUXGHU
DSSOLHVYDULRXVWRROVDQGQXPEHURIDGYDQFHG ROGHUWHFKQLTXHVWRH[SORLWD
YXOQHUDELOLW\ ZLWKLQ D V\VWHP RU VHFXULW\ SROLF\ WR EUHDFK DFKLHYH WKHLU
PRWLYHV

)LJXUH,QIRUPDWLRQ6HFXULW\$WWDFN

7RS,QIRUPDWLRQ6HFXULW\$WWDFN9HFWRUV
&ORXG&RPSXWLQJ7KUHDWV
&ORXG&RPSXWLQJLVWKHPRVWFRPPRQWUHQG SRSXODUO\LQXVHQRZDGD\V,W
GRHV QRW PHDQ WKDW WKUHDWV WR FORXG FRPSXWLQJ RU FORXG VHFXULW\ DUH IHZHU
0RVWO\WKHVDPHLVVXHVDVLQWUDGLWLRQDOO\KRVWHGHQYLURQPHQWVDOVRH[LVWLQ
WKH FORXG FRPSXWLQJ ,W LV YHU\ LPSRUWDQW WR VHFXUH &ORXG FRPSXWLQJ WR

Certified Ethical Hacker v10 https://www.ethicalhackx.com fb.com/ethicalhackx


Certified Ethical Hacker v10 https://www.ethicalhackx.com fb.com/ethicalhackx

SURWHFWVHUYLFHVDQGLPSRUWDQWGDWD

)LJXUH&ORXG&RPSXWLQJ7KUHDWV

7KHIROORZLQJDUHVRPHWKUHDWVWKDWH[LVWLQWKH&ORXG6HFXULW\
,QWKH&ORXG&RPSXWLQJ(QYLURQPHQWDPDMRUWKUHDWWRFORXGVHFXULW\LVD
VLQJOHGDWDEUHDFKWKDWFDQWRUHVXOWORVV$GGLWLRQDOO\LWDOORZVWKHKDFNHU
WR IXUWKHU KDYH DFFHVV WR WKH UHFRUGV ZKLFK DOORZV WKH KDFNHU WR KDYH
DFFHVV WR PXOWLSOH UHFRUGV RYHU WKH FORXG ,W LV WKH H[WUHPHO\ ZRUVW
VLWXDWLRQ ZKHUH FRPSURPLVLQJ RI VLQJOH HQWLW\ OHDGV WR FRPSURPLVH
PXOWLSOHUHFRUGV
'DWD/RVVLVRQHRIWKHPRVWFRPPRQSRWHQWLDOWKUHDWVWKDWLVYXOQHUDEOHWR
&ORXG VHFXULW\ DV ZHOO 'DWD ORVV PD\ EH GXH WR LQWHQGHG RU DFFLGHQWDO
PHDQV,WPD\EHODUJHVFDOHVRUVPDOOVFDOHKRZHYHUPDVVLYHGDWDORVVLV
FDWDVWURSKLF FRVWO\
$QRWKHU0DMRUWKUHDWWR&ORXGFRPSXWLQJLVWKHKLMDFNLQJRI$FFRXQWRYHU
FORXG DQG 6HUYLFHV $SSOLFDWLRQV UXQQLQJ RQ D FORXG KDYLQJ VRIWZDUH
IODZVZHDNHQFU\SWLRQORRSKROHVDQGYXOQHUDELOLWLHVDOORZVWKHLQWUXGHU
WRFRQWURO
)XUWKHUPRUHWKHUHDUHVHYHUDOPRUHWKUHDWVWR&ORXGFRPSXWLQJZKLFKDUH
,QVHFXUH$3,V
'HQLDORI6HUYLFHV
0DOLFLRXV,QVLGHUV

Certified Ethical Hacker v10 https://www.ethicalhackx.com fb.com/ethicalhackx


Certified Ethical Hacker v10 https://www.ethicalhackx.com fb.com/ethicalhackx

3RRU6HFXULW\
0XOWL7HQDQF\
$GYDQFHG3HUVLVWHQW7KUHDWV
$QDGYDQFHGSHUVLVWHQWWKUHDW $37 LVWKHSURFHVVRIVWHDOLQJLQIRUPDWLRQE\
D FRQWLQXRXV SURFHVV $Q $GYDQFHG 3HUVLVWHQW 7KUHDW XVXDOO\ IRFXVHV RQ
SULYDWHRUJDQL]DWLRQVRUIRUSROLWLFDOPRWLYHV7KH$37SURFHVVUHOLHVXSRQ
DGYDQFHGVRSKLVWLFDWHGWHFKQLTXHVWRH[SORLWYXOQHUDELOLWLHVZLWKLQDV\VWHP
7KH SHUVLVWHQW WHUP GHILQHV WKH SURFHVV RI DQ H[WHUQDO FRPPDQG DQG
FRQWUROOLQJV\VWHPWKDWLVFRQWLQXRXVO\PRQLWRULQJDQGIHWFKLQJGDWDIURPD
WDUJHW 7KH WKUHDW SURFHVV LQGLFDWHV WKH LQYROYHPHQW DWWDFNHU ZLWK
SRWHQWLDOO\KDUPIXOLQWHQWLRQV
&KDUDFWHULVWLFVRI$37&ULWHULDDUH
&KDUDFWHULVWLFV 'HVFULSWLRQ
2EMHFWLYHV 0RWLYHRU*RDORIWKUHDW
7LPHOLQHVV 7LPHVSHQGLQSURELQJ DFFHVVLQJWKHWDUJHW
5HVRXUFHV /HYHORI.QRZOHGJH WRROV
5LVNWROHUDQFH WROHUDQFHWRUHPDLQXQGHWHFWHG
6NLOOV 0HWKRGV 7RROV 7HFKQLTXHVXVHGWKURXJKRXWWKH
HYHQW
$FWLRQV 3UHFLVH$FWLRQRIWKUHDW
$WWDFNRULJLQDWLRQSRLQWV 1XPEHURIRULJLQDWLRQSRLQWV
1XPEHUVLQYROYHGLQ 1XPEHURI,QWHUQDO ([WHUQDO6\VWHP
DWWDFN LQYROYHG
.QRZOHGJH6RXUFH 'LVFHUQLQIRUPDWLRQUHJDUGLQJWKUHDWV
7DEOH$GYDQFHG3HUVLVWHQW7KUHDW&ULWHULD

9LUXVHVDQG:RUPV
7HUP 9LUXV LQ 1HWZRUN DQG ,QIRUPDWLRQ VHFXULW\ GHVFULEHV PDOLFLRXV
VRIWZDUH 7KLV PDOLFLRXV VRIWZDUH LV GHYHORSHG WR VSUHDG UHSOLFDWH
WKHPVHOYHV DQG DWWDFK WKHPVHOYHV WR RWKHU ILOHV $WWDFKLQJ ZLWK RWKHU ILOHV
KHOSVWRWUDQVIHURQWRRWKHUV\VWHPV7KHVHYLUXVHVUHTXLUHXVHULQWHUDFWLRQWR
WULJJHUDQGLQLWLDWHPDOLFLRXVDFWLYLWLHVRQWKHUHVLGHQWV\VWHP
8QOLNH9LUXVHV:RUPVDUHFDSDEOHRIUHSOLFDWLQJWKHPVHOYHV7KLVFDSDELOLW\
RIZRUPVPDNHVWKHPVSUHDGRQDUHVLGHQWV\VWHPYHU\TXLFNO\:RUPVDUH

Certified Ethical Hacker v10 https://www.ethicalhackx.com fb.com/ethicalhackx


Certified Ethical Hacker v10 https://www.ethicalhackx.com fb.com/ethicalhackx

SURSDJDWLQJ LQ GLIIHUHQW IRUPV VLQFH WKH V 6RPH W\SHV RI HPHUJLQJ
ZRUPVDUHYHU\GHVWUXFWLYHUHVSRQVLEOHIRUGHYDVWDWLQJ'R6DWWDFNV
0RELOH7KUHDWV
(PHUJLQJ PRELOH SKRQH WHFKQRORJ\ HVSHFLDOO\ 6PDUWSKRQHV KDV UDLVHG WKH
IRFXVRIDWWDFNHURYHUPRELOHGHYLFHV$V6PDUWSKRQHVDUHSRSXODUO\XVHGDOO
RYHU WKH ZRUOG LW KDV VKLIWHG WKH IRFXV RI DWWDFNHUV WR VWHDO EXVLQHVV DQG
SHUVRQDO LQIRUPDWLRQ WKURXJK PRELOH GHYLFHV 7KH PRVW FRPPRQ WKUHDW WR
PRELOHGHYLFHVDUH
'DWDOHDNDJH
8QVHFXUHG:L)L
1HWZRUN6SRRILQJ
3KLVKLQJ$WWDFNV
6S\ZDUH
%URNHQ&U\SWRJUDSK\
,PSURSHU6HVVLRQ+DQGOLQJ
,QVLGHU$WWDFN
$QLQVLGHUDWWDFNLVWKHW\SHRIDWWDFNWKDWLVSHUIRUPHGRQDV\VWHPZLWKLQD
FRUSRUDWH QHWZRUN E\ D WUXVWHG SHUVRQ 7UXVWHG 8VHU LV WHUPHG DV ,QVLGHU
EHFDXVH ,QVLGHU KDV SULYLOHJHV DQG LW LV DXWKRUL]HG WR DFFHVV WKH QHWZRUN
UHVRXUFHV

)LJXUH,QVLGHU7KUHDWV

%RWQHWV

Certified Ethical Hacker v10 https://www.ethicalhackx.com fb.com/ethicalhackx


Certified Ethical Hacker v10 https://www.ethicalhackx.com fb.com/ethicalhackx

&RPELQDWLRQ RI WKH IXQFWLRQDOLW\ RI 5RERW DQG 1HWZRUN GHYHORS D


FRQWLQXRXVO\ZRUNLQJ%RWQHWRQDUHSHWLWLYHWDVN,WLVWKHEDVLFIXQGDPHQWDO
RI D ERW 7KH\ DUH NQRZQ DV WKH ZRUNKRUVHV RI WKH ,QWHUQHW 7KHVH ERWQHWV
SHUIRUP UHSHWLWLYH WDVNV 7KH PRVW RIWHQ RI ERWQHWV DUH LQ FRQQHFWLRQ ZLWK
,QWHUQHW5HOD\&KDW7KHVHW\SHVRIERWQHWVDUHOHJDODQGEHQHILFLDO
$ ERWQHW PD\ XVH IRU SRVLWLYH LQWHQWLRQV EXW WKHUH DOVR VRPH ERWQHWV ZKLFK
DUHLOOHJDODQGLQWHQGHGIRUPDOLFLRXVDFWLYLWLHV7KHVHPDOLFLRXVERWQHWVFDQ
JDLQDFFHVVWRWKHV\VWHPVXVLQJPDOLFLRXVVFULSWVDQGFRGHVHLWKHUE\GLUHFWO\
KDFNLQJ WKH V\VWHP RU WKURXJK 6SLGHU 6SLGHU SURJUDP FUDZOV RYHU WKH
LQWHUQHWDQGVHDUFKHVIRUKROHVLQVHFXULW\%RWVLQWURGXFHWKHV\VWHPRQWKH
KDFNHUߞV ZHE E\ FRQWDFWLQJ WKH PDVWHU FRPSXWHU ,W DOHUWV WKH PDVWHU
FRPSXWHU ZKHQ WKH V\VWHP LV XQGHU FRQWURO $WWDFNHU UHPRWHO\ FRQWUROV DOO
ERWVIURP0DVWHUFRPSXWHU
,QIRUPDWLRQ6HFXULW\7KUHDW&DWHJRULHV
,QIRUPDWLRQ6HFXULW\7KUHDWVFDWHJRULHVDUHDVIROORZV
1HWZRUN7KUHDWV
7KHSULPDU\FRPSRQHQWVRIQHWZRUNLQIUDVWUXFWXUHDUHURXWHUVVZLWFKHVDQG
ILUHZDOOV 7KHVH GHYLFHV QRW RQO\ SHUIRUP URXWLQJ DQG RWKHU QHWZRUN
RSHUDWLRQVEXWWKH\DOVRFRQWURODQGSURWHFWWKHUXQQLQJDSSOLFDWLRQVVHUYHUV
DQGGHYLFHVIURPDWWDFNVDQGLQWUXVLRQV7KHSRRUO\FRQILJXUHGGHYLFHRIIHUV
LQWUXGHU WR H[SORLW &RPPRQ YXOQHUDELOLWLHV RQ WKH QHWZRUN LQFOXGH XVLQJ
GHIDXOW LQVWDOODWLRQ VHWWLQJV RSHQ DFFHVV FRQWUROV :HDN HQFU\SWLRQ
3DVVZRUGVDQGGHYLFHVODFNLQJWKHODWHVWVHFXULW\SDWFKHV7RSQHWZRUNOHYHO
WKUHDWVLQFOXGH
,QIRUPDWLRQJDWKHULQJ
6QLIILQJ (DYHVGURSSLQJ
6SRRILQJ
6HVVLRQKLMDFNLQJ
0DQLQWKH0LGGOH$WWDFN
'16 $533RLVRQLQJ
3DVVZRUGEDVHG$WWDFNV
'HQLDORI6HUYLFHV$WWDFNV
&RPSURPLVHG.H\$WWDFNV
)LUHZDOO ,'6$WWDFNV

Certified Ethical Hacker v10 https://www.ethicalhackx.com fb.com/ethicalhackx


Certified Ethical Hacker v10 https://www.ethicalhackx.com fb.com/ethicalhackx

+RVW7KUHDWV
+RVW WKUHDWV DUH IRFXVHG RQ V\VWHP VRIWZDUH $SSOLFDWLRQV DUH EXLOW RU
UXQQLQJ RYHU WKLV VRIWZDUH VXFK DV :LQGRZV 1(7 )UDPHZRUN 64/
6HUYHUDQGRWKHUV7KH+RVW/HYHO7KUHDWVLQFOXGHV
0DOZDUH$WWDFNV
)RRWSULQWLQJ
3DVVZRUG$WWDFNV
'HQLDORI6HUYLFHV$WWDFNV
$UELWUDU\FRGHH[HFXWLRQ
8QDXWKRUL]HG$FFHVV
3ULYLOHJH(VFDODWLRQ
%DFNGRRU$WWDFNV
3K\VLFDO6HFXULW\7KUHDWV
$SSOLFDWLRQ7KUHDWV
%HVW SUDFWLFH WR DQDO\]H DSSOLFDWLRQ WKUHDWV LV E\ RUJDQL]LQJ WKHP LQWR
DSSOLFDWLRQYXOQHUDELOLW\FDWHJRU\0DLQWKUHDWVWRWKHDSSOLFDWLRQDUH
,PSURSHU'DWD,QSXW9DOLGDWLRQ
$XWKHQWLFDWLRQ $XWKRUL]DWLRQ$WWDFN
6HFXULW\0LVFRQILJXUDWLRQ
,QIRUPDWLRQ'LVFORVXUH
%URNHQ6HVVLRQ0DQDJHPHQW
%XIIHU2YHUIORZ,VVXHV
&U\SWRJUDSK\$WWDFNV
64/,QMHFWLRQ
,PSURSHU(UURUKDQGOLQJ ([FHSWLRQ0DQDJHPHQW
7\SHVRI$WWDFNVRQD6\VWHP
2SHUDWLQJ6\VWHP$WWDFNV
,Q 2SHUDWLQJ 6\VWHP $WWDFNV $WWDFNHUV DOZD\V VHDUFK IRU DQ RSHUDWLQJ
V\VWHP
V YXOQHUDELOLWLHV ,I WKH\ IRXQG DQ\ YXOQHUDELOLW\ LQ DQ 2SHUDWLQJ
6\VWHP WKH\ H[SORLW WR DWWDFN DJDLQVW WKH RSHUDWLQJ V\VWHP 6RPH PRVW
FRPPRQYXOQHUDELOLWLHVRIDQRSHUDWLQJV\VWHPDUH
%XIIHURYHUIORZYXOQHUDELOLWLHV
%XIIHU2YHUIORZLVRQHRIWKHPDMRUW\SHVRI2SHUDWLQJ6\VWHP$WWDFNV,W
LV UHODWHG WR VRIWZDUH H[SORLWDWLRQ DWWDFNV ,Q %XIIHU RYHUIORZ ZKHQ D

Certified Ethical Hacker v10 https://www.ethicalhackx.com fb.com/ethicalhackx


Certified Ethical Hacker v10 https://www.ethicalhackx.com fb.com/ethicalhackx

SURJUDP RU DSSOLFDWLRQ GRHV QRW KDYH ZHOOGHILQHG ERXQGDULHV VXFK DV


UHVWULFWLRQVRUSUHGHILQHGIXQFWLRQDODUHDUHJDUGLQJWKHFDSDFLW\RIGDWDLW
FDQ KDQGOH RU WKH W\SH RI GDWD FDQ EH LQSXWWHG %XIIHU RYHUIORZ FDXVHV
SUREOHPV VXFK DV 'HQLDO RI 6HUYLFH 'R6 UHERRWLQJ DFKLHYHPHQW RI
XQUHVWULFWHGDFFHVVDQGIUHH]LQJ
%XJVLQWKHRSHUDWLQJV\VWHP
,Q VRIWZDUH H[SORLWDWLRQ DWWDFN EXJV LQ VRIWZDUH WKH DWWDFNHU WULHV WR
H[SORLW WKH YXOQHUDELOLWLHV LQ VRIWZDUH 7KLV YXOQHUDELOLW\ PLJKW EH D
PLVWDNH E\ WKH GHYHORSHU ZKLOH GHYHORSLQJ WKH SURJUDP FRGH $WWDFNHUV
FDQGLVFRYHUWKHVHPLVWDNHVXVHWKHPWRJDLQDFFHVVWRWKHV\VWHP
8QSDWFKHGRSHUDWLQJV\VWHP
8QSDWFKHG 2SHUDWLQJ 6\VWHP DOORZV PDOLFLRXV DFWLYLWLHV RU FRXOG QRW
FRPSOHWHO\EORFNPDOLFLRXVWUDIILFLQWRDV\VWHP6XFFHVVIXOLQWUXVLRQFDQ
LPSDFW VHYHUHO\ LQ WKH IRUP RI FRPSURPLVLQJ VHQVLWLYH LQIRUPDWLRQ GDWD
ORVVDQGGLVUXSWLRQRIUHJXODURSHUDWLRQ
0LVFRQILJXUDWLRQ$WWDFNV
,Q D FRUSRUDWH QHWZRUN ZKLOH LQVWDOODWLRQ RI QHZ GHYLFHV WKH DGPLQLVWUDWRU
PXVW KDYH WR FKDQJH WKH GHIDXOW FRQILJXUDWLRQV ,I GHYLFHV DUH OHIW XSRQ
GHIDXOWFRQILJXUDWLRQXVLQJGHIDXOWFUHGHQWLDOVDQ\XVHUZKRGRHVQRWKDYH
WKHSULYLOHJHVWRDFFHVVWKHGHYLFHEXWKDVFRQQHFWLYLW\FDQDFFHVVWKHGHYLFH
,W LV QRW D ELJ GHDO IRU DQ LQWUXGHU WR DFFHVV VXFK W\SH RI GHYLFH EHFDXVH
GHIDXOWFRQILJXUDWLRQKDVFRPPRQZHDNSDVVZRUGVDQGWKHUHDUHQRVHFXULW\
SROLFLHVDUHHQDEOHGRQGHYLFHVE\GHIDXOW
6LPLODUO\ SHUPLWWLQJ DQ XQDXWKRUL]HG SHUVRQ RU JLYLQJ UHVRXUFHV DQG
SHUPLVVLRQWRDSHUVRQPRUHWKDQKLVSULYLOHJHVPLJKWDOVROHDGWRDQDWWDFN
$GGLWLRQDOO\ 8VLQJ WKH RUJDQL]DWLRQ LQ 8VHUQDPH SDVVZRUG DWWULEXWHV
PDNHLWHDVLHUIRUKDFNHUVWRJDLQDFFHVV
$SSOLFDWLRQ/HYHO$WWDFNV
%HIRUHUHOHDVLQJDQDSSOLFDWLRQWKHGHYHORSHUPXVWPDNHVXUHWHVW YHULI\
IURPLWVHQGPDQXIDFWXUHVRUIURPGHYHORSHUߞVHQG,QDQ$SSOLFDWLRQOHYHO
DWWDFNDKDFNHUFDQXVH
%XIIHURYHUIORZ
$FWLYHFRQWHQW
&URVVVLWHVFULSW

Certified Ethical Hacker v10 https://www.ethicalhackx.com fb.com/ethicalhackx


Certified Ethical Hacker v10 https://www.ethicalhackx.com fb.com/ethicalhackx

'HQLDORIVHUYLFH
64/LQMHFWLRQ
6HVVLRQKLMDFNLQJ
3KLVKLQJ
6KULQN:UDS&RGH$WWDFNV
6KULQN:UDSFRGHDWWDFNLVWKHW\SHRIDWWDFNLQZKLFKKDFNHUXVHVWKHVKULQN
ZUDS FRGH PHWKRG IRU JDLQLQJ DFFHVV WR D V\VWHP ,Q WKLV W\SH RI DWWDFN
KDFNHU H[SORLWV KROHV LQ XQSDWFKHG 2SHUDWLQJ V\VWHPV SRRUO\ FRQILJXUHG
VRIWZDUHDQGDSSOLFDWLRQ7RXQGHUVWDQGVKULQNZUDSYXOQHUDELOLWLHVFRQVLGHU
DQ RSHUDWLQJ V\VWHP KDV D EXJ LQ LWV RULJLQDO VRIWZDUH YHUVLRQ 7KH YHQGRU
PD\ KDYH UHOHDVHG WKH XSGDWH EXW LW LV WKH PRVW FULWLFDO WLPH EHWZHHQ WKH
UHOHDVHRIDSDWFKE\YHQGRUWLOOFOLHQWߞVV\VWHPVXSGDWHV'XULQJWKLVFULWLFDO
WLPHXQSDWFKHGV\VWHPVDUHYXOQHUDEOHWRWKH6KULQNZUDSDWWDFN6KULQNZUDS
DWWDFN DOVR LQFOXGHV YXOQHUDEOH WR WKH V\VWHP LQVWDOOHG ZLWK VRIWZDUH WKDW LV
EXQGOHGZLWKLQVHFXUHWHVWSDJHVDQGGHEXJJLQJVFULSWV7KHGHYHORSHUPXVW
KDYHWRUHPRYHWKHVHVFULSWVEHIRUHUHOHDVH
,QIRUPDWLRQ:DUIDUH
,QIRUPDWLRQZDUIDUHLVDFRQFHSWRIZDUIDUHWRJHWLQYROYHGLQWKHZDUIDUHRI
LQIRUPDWLRQ WR JDLQ WKH PRVW RI LQIRUPDWLRQ 7KH WHUP ߡ,QIRUPDWLRQ
:DUIDUHߢ RU ߡ,QIR :DUߢ GHVFULEHV WKH XVH RI LQIRUPDWLRQ DQG
FRPPXQLFDWLRQ WHFKQRORJ\ ,&7 7KH PDMRU UHDVRQ RU IRFXV RI WKLV
LQIRUPDWLRQ ZDU LV WR JHW D FRPSHWLWLYH DGYDQWDJH RYHU WKH RSSRQHQW RU
HQHP\ 7KH IROORZLQJ LV WKH FODVVLILFDWLRQ RI ,QIRUPDWLRQ ZDUIDUH LQWR WZR
FODVVHV
 'HIHQVLYH,QIRUPDWLRQ:DUIDUH
'HIHQVLYH ,QIRUPDWLRQ ZDUIDUH WHUP LV XVHG WR UHIHU WR DOO GHIHQVLYH
DFWLRQV WKDW DUH WDNHQ WR GHIHQG IURP DWWDFNV WR VWHDO LQIRUPDWLRQ DQG
LQIRUPDWLRQEDVHG SURFHVVHV 'HIHQVLYH ,QIRUPDWLRQ ZDUH IDUH DUHDV
DUH
3UHYHQWLRQ
'HWHUUHQFH
,QGLFDWLRQ :DUQLQJ
'HWHFWLRQ
(PHUJHQF\3UHSDUHGQHVV
5HVSRQVH

Certified Ethical Hacker v10 https://www.ethicalhackx.com fb.com/ethicalhackx


Certified Ethical Hacker v10 https://www.ethicalhackx.com fb.com/ethicalhackx

 2IIHQVLYH,QIRUPDWLRQ:DUIDUH
7KHRIIHQVLYHWHUPLVDVVRFLDWHGZLWKWKHPLOLWDU\2IIHQVLYHZDUIDUHLV
DQ DJJUHVVLYH RSHUDWLRQ WKDW LV WDNHQ DJDLQVW WKH HQHPLHV G\QDPLFDOO\
LQVWHDGRIZDLWLQJIRUWKHDWWDFNHUVWRODXQFKDQDWWDFN$FFHVVLQJWKHLU
WHUULWRU\WRJDLQLQVWHDGRIORVLQJWHUULWRU\LVWKHIXQGDPHQWDOFRQFHSWRI
RIIHQVLYH ZDUIDUH 7KH PDMRU DGYDQWDJH RI RIIHQVLYH ZDUIDUH LV WR
LGHQWLI\ WKH RSSRQHQW VWUDWHJLHV RI WKH RSSRQHQW DQG RWKHU
LQIRUPDWLRQ 2IIHQVLYH ,QIRUPDWLRQ ZDUIDUH SUHYHQWV RU PRGLILHV WKH
LQIRUPDWLRQIURPEHLQJLQXVHE\FRQVLGHULQJLQWHJULW\DYDLODELOLW\DQG
FRQILGHQWLDOLW\

Certified Ethical Hacker v10 https://www.ethicalhackx.com fb.com/ethicalhackx


Certified Ethical Hacker v10 https://www.ethicalhackx.com fb.com/ethicalhackx

+DFNLQJ&RQFHSWV7\SHVDQG3KDVHV
+DFNHU
+DFNHU LV WKH RQH ZKR LV VPDUW HQRXJK WR VWHDO WKH LQIRUPDWLRQ VXFK DV
%XVLQHVV GDWD SHUVRQDO GDWD ILQDQFLDO LQIRUPDWLRQ FUHGLW FDUG LQIRUPDWLRQ
XVHUQDPH 3DVVZRUG IURP WKH V\VWHP KH LV XQDXWKRUL]HG WR JHW WKLV
LQIRUPDWLRQ E\ WDNLQJ XQDXWKRUL]HG FRQWURO RYHU WKDW V\VWHP XVLQJ GLIIHUHQW
WHFKQLTXHVDQGWRROV+DFNHUVKDYHJUHDWVNLOODELOLW\WRGHYHORSVRIWZDUHDQG
H[SORUH VRIWZDUH DQG KDUGZDUH 7KHLU LQWHQWLRQ FDQ EH HLWKHU GRLQJ LOOHJDO
WKLQJVIRUIXQRUVRPHWLPHVWKH\DUHSDLGWRKDFN

)LJXUH7\SHVRI+DFNHU

+DFNLQJ
7KH 7HUP +DFNLQJ LQ LQIRUPDWLRQ VHFXULW\ UHIHUV WR H[SORLWLQJ WKH
YXOQHUDELOLWLHV LQ D V\VWHP FRPSURPLVLQJ WKH VHFXULW\ WR JDLQ XQDXWKRUL]HG
FRPPDQG DQG FRQWURO RYHU WKH V\VWHP UHVRXUFHV 3XUSRVH RI KDFNLQJ PD\
LQFOXGHPRGLILFDWLRQRIV\VWHPUHVRXUFHVGLVUXSWLRQRIIHDWXUHVDQGVHUYLFHV
WR DFKLHYH JRDOV ,W FDQ DOVR EH XVHG WR VWHDO LQIRUPDWLRQ IRU DQ\ XVH OLNH
VHQGLQJ LW WR FRPSHWLWRUV UHJXODWRU\ ERGLHV RU SXEOLFL]LQJ WKH VHQVLWLYH
LQIRUPDWLRQ
+DFNLQJ3KDVHV

Certified Ethical Hacker v10 https://www.ethicalhackx.com fb.com/ethicalhackx


Certified Ethical Hacker v10 https://www.ethicalhackx.com fb.com/ethicalhackx

7KHIROORZLQJDUHWKHILYHSKDVHVRIKDFNLQJ
 5HFRQQDLVVDQFH
 6FDQQLQJ
 *DLQLQJ$FFHVV
 0DLQWDLQLQJ$FFHVV
 &OHDULQJ7UDFNV
5HFRQQDLVVDQFH
5HFRQQDLVVDQFHLVDQLQLWLDOSUHSDULQJSKDVHIRUWKHDWWDFNHUWRJHWUHDG\IRU
DQ DWWDFN E\ JDWKHULQJ WKH LQIRUPDWLRQ DERXW WKH WDUJHW EHIRUH ODXQFKLQJ DQ
DWWDFN XVLQJ GLIIHUHQW WRROV DQG WHFKQLTXHV *DWKHULQJ RI LQIRUPDWLRQ DERXW
WKHWDUJHWPDNHVLWHDVLHUIRUDQDWWDFNHUHYHQRQDODUJHVFDOH6LPLODUO\LQ
ODUJHVFDOHLWKHOSVWRLGHQWLI\WKHWDUJHWUDQJH
,Q 3DVVLYH 5HFRQQDLVVDQFH WKH KDFNHU LV DFTXLULQJ WKH LQIRUPDWLRQ DERXW
WDUJHW ZLWKRXW LQWHUDFWLQJ WKH WDUJHW GLUHFWO\ $Q H[DPSOH RI SDVVLYH
UHFRQQDLVVDQFH LV SXEOLF RU VRFLDO PHGLD VHDUFKLQJ IRU JDLQLQJ LQIRUPDWLRQ
DERXWWKHWDUJHW
$FWLYH 5HFRQQDLVVDQFH LV JDLQLQJ LQIRUPDWLRQ E\ DFTXLULQJ WKH WDUJHW
GLUHFWO\([DPSOHVRIDFWLYHUHFRQQDLVVDQFHDUHYLDFDOOVHPDLOVKHOSGHVNRU
WHFKQLFDOGHSDUWPHQWV
6FDQQLQJ
6FDQQLQJ SKDVH LV D SUHDWWDFN SKDVH ,Q WKLV SKDVH DWWDFNHU VFDQV WKH
QHWZRUNE\LQIRUPDWLRQDFTXLUHGGXULQJWKHLQLWLDOSKDVHRIUHFRQQDLVVDQFH
6FDQQLQJ WRROV LQFOXGH 'LDOOHU 6FDQQHUV VXFK DV 3RUW VFDQQHUV 1HWZRUN
PDSSHUVFOLHQWWRROVVXFKDVSLQJDVZHOODVYXOQHUDELOLWLHVVFDQQHU'XULQJ
WKHVFDQQLQJSKDVHDWWDFNHUILQDOO\IHWFKHVWKHLQIRUPDWLRQRISRUWVLQFOXGLQJ
SRUW VWDWXV RSHUDWLQJ V\VWHP LQIRUPDWLRQ GHYLFH W\SH OLYH PDFKLQHV DQG
RWKHULQIRUPDWLRQGHSHQGLQJXSRQVFDQQLQJ
*DLQLQJ$FFHVV
*DLQLQJ DFFHVV SKDVH RI KDFNLQJ LV WKH SRLQW ZKHUH WKH KDFNHU JHWV WKH
FRQWURO RYHU DQ RSHUDWLQJ V\VWHP DSSOLFDWLRQ RU FRPSXWHU QHWZRUN &RQWURO
JDLQHGE\WKHDWWDFNHUGHILQHVWKHDFFHVVOHYHOVXFKDVRSHUDWLQJV\VWHPOHYHO
DSSOLFDWLRQ OHYHO RU QHWZRUN OHYHO DFFHVV 7HFKQLTXHV LQFOXGH SDVVZRUG
FUDFNLQJ GHQLDO RI VHUYLFH VHVVLRQ KLMDFNLQJ RU EXIIHU RYHUIORZ DQG RWKHUV
DUHXVHGWRJDLQXQDXWKRUL]HGDFFHVV$IWHUDFFHVVLQJWKHV\VWHPWKHDWWDFNHU

Certified Ethical Hacker v10 https://www.ethicalhackx.com fb.com/ethicalhackx


Certified Ethical Hacker v10 https://www.ethicalhackx.com fb.com/ethicalhackx

HVFDODWHVWKHSULYLOHJHVWRREWDLQFRPSOHWHFRQWURORYHUVHUYLFHVDQGSURFHVV
DQGFRPSURPLVHWKHFRQQHFWHGLQWHUPHGLDWHV\VWHPV
0DLQWDLQLQJ$FFHVV(VFDODWLRQRI3ULYLOHJHV
0DLQWDLQLQJDFFHVVSKDVHLVWKHSRLQWZKHQDQDWWDFNHULVWU\LQJWRPDLQWDLQ
WKH DFFHVV RZQHUVKLS FRQWURO RYHU WKH FRPSURPLVHG V\VWHPV 6LPLODUO\
DWWDFNHUSUHYHQWVWKHRZQHUIURPEHLQJRZQHGE\DQ\RWKHUKDFNHU7KH\XVH
%DFNGRRUV5RRWNLWVRU7URMDQV WR UHWDLQ WKHLU RZQHUVKLS ,Q WKLV SKDVH DQ
DWWDFNHU PD\ VWHDO LQIRUPDWLRQ E\ XSORDGLQJ WKH LQIRUPDWLRQ WR WKH UHPRWH
VHUYHUGRZQORDGDQ\ILOHRQWKHUHVLGHQWV\VWHPDQGPDQLSXODWHWKHGDWDDQG
FRQILJXUDWLRQ 7R FRPSURPLVH RWKHU V\VWHPV WKH DWWDFNHU XVHV WKLV
FRPSURPLVHGV\VWHPWRODXQFKDWWDFNV
&OHDULQJ7UDFNV
$QDWWDFNHUPXVWKLGHKLVLGHQWLW\E\FRYHULQJWKHWUDFNV&RYHULQJWUDFNVDUH
WKRVH DFWLYLWLHV ZKLFK DUH FDUULHG RXW WR KLGH WKH PDOLFLRXV DFWLYLWLHV
&RYHULQJ WUDFN LV PRVW UHTXLUHG IRU DQ DWWDFNHU WR IXOILOO WKHLU LQWHQWLRQV E\
FRQWLQXLQJWKHDFFHVVWRWKHFRPSURPLVHGV\VWHPUHPDLQXQGHWHFWHG JDLQ
ZKDW WKH\ ZDQW UHPDLQ XQQRWLFHG DQG ZLSH DOO HYLGHQFH WKDW LQGLFDWHV KLV
LGHQWLW\7RPDQLSXODWHWKHLGHQWLW\DQGHYLGHQFHWKHDWWDFNHURYHUZULWHVWKH
V\VWHPDSSOLFDWLRQDQGRWKHUUHODWHGORJVWRDYRLGVXVSLFLRQ

Certified Ethical Hacker v10 https://www.ethicalhackx.com fb.com/ethicalhackx


Certified Ethical Hacker v10 https://www.ethicalhackx.com fb.com/ethicalhackx

(WKLFDO+DFNLQJ&RQFHSWVDQG6FRSH
(WKLFDO+DFNLQJ
(WKLFDO KDFNLQJ DQG SHQHWUDWLRQ WHVWLQJ DUH FRPPRQ WHUPV SRSXODU LQ
LQIRUPDWLRQ VHFXULW\ HQYLURQPHQW IRU D ORQJ WLPH ,QFUHDVH LQ F\EHUFULPHV
DQG KDFNLQJ FUHDWH D JUHDW FKDOOHQJH IRU VHFXULW\ H[SHUWV DQG DQDO\VW DQG
UHJXODWLRQV RYHU WKH ODVW GHFDGH ,W LV D SRSXODU ZDU EHWZHHQ KDFNHUV DQG
VHFXULW\SURIHVVLRQDOV
)XQGDPHQWDO&KDOOHQJHVWRWKHVHVHFXULW\H[SHUWVDUHRIILQGLQJZHDNQHVVHV
DQGGHILFLHQFLHVLQUXQQLQJDQGXSFRPLQJV\VWHPVDSSOLFDWLRQVVRIWZDUHDQG
DGGUHVVLQJWKHPSURDFWLYHO\,WLVOHVVFRVWO\WRLQYHVWLJDWHSURDFWLYHO\EHIRUH
DQDWWDFNLQVWHDGRILQYHVWLJDWLQJDIWHUIDOOLQJLQWRDQDWWDFNRUZKLOHGHDOLQJ
ZLWKDQDWWDFN)RUVHFXULW\DVSHFWSUHYHQWLRQDQGSURWHFWLRQRUJDQL]DWLRQV
KDYH WKHLU SHQHWUDWLRQ WHVWLQJ WHDPV LQWHUQDOO\ DV ZHOO DV FRQWUDFWHG RXWVLGH
SURIHVVLRQDOH[SHUWVZKHQDQGLIWKH\DUHQHHGHGGHSHQGLQJRQWKHVHYHULW\
DQGVFRSHRIWKHDWWDFN
:K\(WKLFDO+DFNLQJLV1HFHVVDU\
7KH ULVH LQ PDOLFLRXV DFWLYDWHV F\EHUFULPHV DQG DSSHDUDQFH RI GLIIHUHQW
IRUPVRIDGYDQFHGDWWDFNVUHTXLUHWRQHHGRISHQHWUDWLRQWHVWHUZKRSHQHWUDWH
WKH VHFXULW\ RI V\VWHP DQG QHWZRUNV WR EH GHWHUPLQHG SUHSDUH DQG WDNH
SUHFDXWLRQDQGUHPHGLDWLRQDFWLRQDJDLQVWWKHVHDJJUHVVLYHDWWDFNV

7KHVHDJJUHVVLYHDQGDGYDQFHGDWWDFNVLQFOXGH
'HQLDORI6HUYLFHV$WWDFNV
0DQLSXODWLRQRIGDWD
,GHQWLW\7KHIW
9DQGDOLVP
&UHGLW&DUGWKHIW
3LUDF\
7KHIWRI6HUYLFHV
,QFUHDVHLQWKHVHW\SHRIDWWDFNVKDFNLQJFDVHVDQGF\EHUDWWDFNVEHFDXVHRI
LQFUHDVHRIXVHRIRQOLQHWUDQVDFWLRQDQGRQOLQHVHUYLFHVLQWKHODVWGHFDGH,W
EHFRPHVPRUHDWWUDFWLYHIRUKDFNHUVDQGDWWDFNHUVWRWHPSWWRVWHDOILQDQFLDO
LQIRUPDWLRQ&RPSXWHURU&\EHUFULPHODZKDVVORZHGGRZQSUDQNDFWLYLWLHV

Certified Ethical Hacker v10 https://www.ethicalhackx.com fb.com/ethicalhackx


Certified Ethical Hacker v10 https://www.ethicalhackx.com fb.com/ethicalhackx

RQO\ZKHUHDVUHDODWWDFNVDQGF\EHUFULPHVULVH,WIRFXVHVRQWKHUHTXLUHPHQW
RI 3HQWHVWHU D VKRUWHQHG IRUP RI 3HQHWUDWLRQ WHVWHU IRU WKH VHDUFK IRU
YXOQHUDELOLWLHVDQGIODZZLWKLQDV\VWHPEHIRUHZDLWLQJIRUDQDWWDFN
,I\RXZDQWWREHDWWKHDWWDFNHUDQGKDFNHU\RXKDYHWREHVPDUWHQRXJKWR
WKLQNOLNHWKHPDQGDFWOLNHWKHP$VZHNQRZKDFNHUVDUHVNLOOHGZLWKJUHDW
NQRZOHGJHRIKDUGZDUHVRIWZDUHDQGH[SORUDWLRQFDSDELOLWLHV,WHQVXUHVWKH
QHHG DQG LPSRUWDQFH RI HWKLFDO KDFNLQJ ZKLFK DOORZV WKH HWKLFDO KDFNHU WR
FRXQWHUWKHDWWDFNIURPPDOLFLRXVKDFNHUVE\DQWLFLSDWLQJPHWKRGV$QRWKHU
PDMRU DGYDQWDJH DQG QHHG IRU HWKLFDO KDFNLQJ DUH WR XQFRYHU WKH
YXOQHUDELOLWLHV LQ V\VWHPV DQG VHFXULW\ GHSOR\PHQWV WR WDNH DFWLRQ WR VHFXUH
WKHPEHIRUHWKH\DUHXVHGE\DKDFNHUWREUHDFKVHFXULW\
6FRSHDQG/LPLWDWLRQVRI(WKLFDO+DFNLQJ
(WKLFDO +DFNLQJ LV DQ LPSRUWDQW DQG FUXFLDO FRPSRQHQW RI ULVN DVVHVVPHQW
DXGLWLQJFRXQWHUIUDXGV(WKLFDOKDFNLQJLVZLGHO\XVHGDVSHQHWUDWLRQWHVWLQJ
WR LGHQWLI\ WKH YXOQHUDELOLWLHV ULVN DQG KLJKOLJKW WKH KROHV WR WDNH UHPHGLDO
DFWLRQVDJDLQVWDWWDFNV+RZHYHUWKHUHLVDOVRVRPHOLPLWDWLRQVZKHUHHWKLFDO
KDFNLQJ LV QRW HQRXJK RU MXVW WKURXJK HWKLFDO KDFNLQJ WKH LVVXH FRXOG QRW
UHVROYH$QRUJDQL]DWLRQPXVWILUVWNQRZZKDWLWLVORRNLQJIRUEHIRUHKLULQJ
DQH[WHUQDOSHQWHVWHU,WKHOSVIRFXVWKHJRDOVWRDFKLHYHDQGVDYHWLPH7KH
WHVWLQJWHDPGHGLFDWHGLQWURXEOHVKRRWLQJWKHDFWXDOSUREOHPLQUHVROYLQJWKH
LVVXHV7KHHWKLFDOKDFNHUDOVRKHOSVWRXQGHUVWDQGWKHVHFXULW\V\VWHPRIDQ
RUJDQL]DWLRQEHWWHU,WLVXSWRWKHRUJDQL]DWLRQWRWDNHUHFRPPHQGHGDFWLRQV
E\WKH3HQWHVWHUDQGHQIRUFHVHFXULW\SROLFLHVRYHUWKHV\VWHPDQGQHWZRUN
3KDVHVRI(WKLFDO+DFNLQJ
(WKLFDO+DFNLQJLVWKHFRPELQDWLRQRIWKHIROORZLQJSKDVHV
 )RRWSULQWLQJ 5HFRQQDLVVDQFH
 6FDQQLQJ
 (QXPHUDWLRQ
 6\VWHP+DFNLQJ
 (VFDODWLRQRI3ULYLOHJHV
 &RYHULQJ7UDFNV
6NLOOVRIDQ(WKLFDO+DFNHU
$VNLOOHGHWKLFDOKDFNHUKDVDVHWRIWHFKQLFDODQGQRQWHFKQLFDOVNLOOV

Certified Ethical Hacker v10 https://www.ethicalhackx.com fb.com/ethicalhackx


Certified Ethical Hacker v10 https://www.ethicalhackx.com fb.com/ethicalhackx

7HFKQLFDO6NLOOV
 (WKLFDO+DFNHUKDVLQGHSWKNQRZOHGJHRIDOPRVWDOORSHUDWLQJV\VWHPV
LQFOXGLQJ DOO SRSXODU ZLGHO\ XVHG RSHUDWLQJ V\VWHPV VXFK DV
:LQGRZV/LQX[8QL[DQG0DFLQWRVK
 7KHVH HWKLFDO KDFNHUV DUH VNLOOHG DW QHWZRUNLQJ EDVLF DQG GHWDLOHG
FRQFHSWV WHFKQRORJLHV DQG H[SORULQJ FDSDELOLWLHV RI KDUGZDUH DQG
VRIWZDUH
 (WKLFDO KDFNHUV PXVW KDYH D VWURQJ FRPPDQG RYHU VHFXULW\ DUHDV
UHODWHGLVVXHVDQGWHFKQLFDOGRPDLQV
 7KH\ PXVW KDYH GHWDLOHG NQRZOHGJH RI ROGHU DGYDQFHG VRSKLVWLFDWHG
DWWDFNV
1RQ7HFKQLFDO6NLOOV
 /HDUQLQJDELOLW\
 3UREOHPVROYLQJVNLOOV
 &RPPXQLFDWLRQVNLOOV
 &RPPLWWHGWRVHFXULW\SROLFLHV
 $ZDUHQHVVRIODZVVWDQGDUGVDQGUHJXODWLRQV

0LQG0DS

Certified Ethical Hacker v10 https://www.ethicalhackx.com fb.com/ethicalhackx


Certified Ethical Hacker v10 https://www.ethicalhackx.com fb.com/ethicalhackx

,QIRUPDWLRQ6HFXULW\&RQWUROV
,QIRUPDWLRQ$VVXUDQFH ,$
,QIRUPDWLRQ$VVXUDQFHLQVKRUWNQRZQDV,$GHSHQGVXSRQWKHFRPSRQHQWV
WKDW DUH ,QWHJULW\ $YDLODELOLW\ &RQILGHQWLDOLW\ DQG $XWKHQWLFLW\ :LWK WKH
FRPELQDWLRQRIWKHVHFRPSRQHQWVDVVXUDQFHRILQIRUPDWLRQDQGLQIRUPDWLRQ
V\VWHPVDUHHQVXUHGDQGSURWHFWHGGXULQJWKHSURFHVVHVXVDJHVWRUDJHDQG
FRPPXQLFDWLRQ7KHVHFRPSRQHQWVDUHGHILQHGHDUOLHULQWKLVFKDSWHU
$SDUWIURPWKHVHFRPSRQHQWVVRPHPHWKRGVDQGSURFHVVHVDOVRKHOSLQWKH
DFKLHYHPHQWRILQIRUPDWLRQDVVXUDQFHVXFKDV
3ROLFLHVDQG3URFHVVHV
1HWZRUN$XWKHQWLFDWLRQ
8VHU$XWKHQWLFDWLRQ
1HWZRUN9XOQHUDELOLWLHV
,GHQWLI\LQJSUREOHPVDQGUHVRXUFHV
,PSOHPHQWDWLRQRIDSODQIRULGHQWLILHGUHTXLUHPHQWV
$SSOLFDWLRQRILQIRUPDWLRQDVVXUDQFHFRQWURO

,QIRUPDWLRQ6HFXULW\0DQDJHPHQW3URJUDP
,QIRUPDWLRQ 6HFXULW\ 0DQDJHPHQW SURJUDPV DUH WKH SURJUDPV WKDW DUH
VSHFLDOO\ GHVLJQHG WR IRFXV RQ UHGXFLQJ WKH ULVN DQG YXOQHUDELOLWLHV WRZDUGV
LQIRUPDWLRQVHFXULW\HQYLURQPHQWWRWUDLQWKHRUJDQL]DWLRQDQGXVHUVWRZRUN
LQ WKH OHVV YXOQHUDEOH VWDWH 7KH ,QIRUPDWLRQ 6HFXULW\ 0DQDJHPHQW LV D
FRPELQHGPDQDJHPHQWVROXWLRQWRDFKLHYHWKHUHTXLUHGOHYHORILQIRUPDWLRQ
VHFXULW\ XVLQJ ZHOOGHILQHG VHFXULW\ SROLFLHV SURFHVVHV RI FODVVLILFDWLRQ
UHSRUWLQJ DQG PDQDJHPHQW DQG VWDQGDUGV 7KH GLDJUDP RQ WKH QH[W SDJH
VKRZV WKH (&&RXQFLO GHILQHG ,QIRUPDWLRQ 6HFXULW\ 0DQDJHPHQW
)UDPHZRUN

Certified Ethical Hacker v10 https://www.ethicalhackx.com fb.com/ethicalhackx


Certified Ethical Hacker v10 https://www.ethicalhackx.com fb.com/ethicalhackx

)LJXUH,QIRUPDWLRQ6HFXULW\0DQDJHPHQW)UDPHZRUN

7KUHDW0RGHOLQJ
7KUHDW0RGHOLQJLVWKHSURFHVVRUDSSURDFKWRLGHQWLI\GLDJQRVHDQGDVVLVW
WKH WKUHDWV DQG YXOQHUDELOLWLHV RI WKH V\VWHP ,W LV DQ DSSURDFK WR ULVN
PDQDJHPHQWZKLFKGHGLFDWHGO\IRFXVHVRQDQDO\]LQJWKHV\VWHPVHFXULW\DQG
DSSOLFDWLRQVHFXULW\DJDLQVWVHFXULW\REMHFWLYHV7KLVLGHQWLILFDWLRQRIWKUHDWV
DQG ULVNV KHOSV WR IRFXV DQG WDNH DFWLRQ RQ DQ HYHQW WR DFKLHYH WKH JRDOV
&DSWXULQJ GDWD RI DQ RUJDQL]DWLRQ LPSOHPHQWLQJ LGHQWLILFDWLRQ DQG
DVVHVVPHQW SURFHVVHV RYHU WKH FDSWXUHG LQIRUPDWLRQ WR DQDO\]H WKH
LQIRUPDWLRQ WKDW FDQ LPSDFW WKH VHFXULW\ RI DQ DSSOLFDWLRQ $SSOLFDWLRQ
RYHUYLHZ LQFOXGHV WKH LGHQWLILFDWLRQ SURFHVV RI DQ DSSOLFDWLRQ WR GHWHUPLQH
WKH WUXVW ERXQGDULHV DQG GDWD IORZ 'HFRPSRVLWLRQ RI DQ DSSOLFDWLRQ DQG
LGHQWLILFDWLRQRIDWKUHDWKHOSHGWRDGHWDLOHGUHYLHZRIWKUHDWVLGHQWLILFDWLRQ
RIWKUHDWWKDWLVEUHDFKLQJWKHVHFXULW\FRQWURO7KLVLGHQWLILFDWLRQDQGGHWDLOHG
UHYLHZ RI HYHU\ DVSHFW H[SRVH WKH YXOQHUDELOLWLHV DQG ZHDNQHVVHV RI WKH
LQIRUPDWLRQVHFXULW\HQYLURQPHQW

Certified Ethical Hacker v10 https://www.ethicalhackx.com fb.com/ethicalhackx


Certified Ethical Hacker v10 https://www.ethicalhackx.com fb.com/ethicalhackx

)LJXUH7KUHDW0RGHOOLQJ

(QWHUSULVH,QIRUPDWLRQ6HFXULW\$UFKLWHFWXUH (,6$
(QWHUSULVH ,QIRUPDWLRQ 6HFXULW\ $UFKLWHFWXUH LV WKH FRPELQDWLRQ RI
UHTXLUHPHQWV DQG SURFHVVHV WKDW KHOS LQ GHWHUPLQDWLRQ LQYHVWLJDWLRQ
PRQLWRULQJ WKH VWUXFWXUH RI EHKDYLRU RI LQIRUPDWLRQ V\VWHP 7KH IROORZLQJ
DUHWKHJRDOVRI(,6$

)LJXUH(,6$

1HWZRUN6HFXULW\=RQLQJ
0DQDJLQJGHSOR\LQJDQDUFKLWHFWXUHRIDQRUJDQL]DWLRQLQGLIIHUHQWVHFXULW\
]RQHVLVFDOOHG1HWZRUN6HFXULW\=RQLQJ7KHVHVHFXULW\]RQHVDUHWKHVHWRI
QHWZRUN GHYLFHV KDYLQJ D VSHFLILF VHFXULW\ OHYHO 'LIIHUHQW VHFXULW\ ]RQHV
PD\ KDYH D VLPLODU RU GLIIHUHQW VHFXULW\ OHYHO 'HILQLQJ GLIIHUHQW VHFXULW\
]RQHV ZLWK WKHLU VHFXULW\ OHYHOV KHOSV LQ PRQLWRULQJ DQG FRQWUROOLQJ RI

Certified Ethical Hacker v10 https://www.ethicalhackx.com fb.com/ethicalhackx


Certified Ethical Hacker v10 https://www.ethicalhackx.com fb.com/ethicalhackx

LQERXQGDQGRXWERXQGWUDIILFDFURVVWKHQHWZRUN

)LJXUH1HWZRUN6HFXULW\=RQLQJ

,QIRUPDWLRQ6HFXULW\3ROLFLHV
,QIRUPDWLRQ 6HFXULW\ 3ROLFLHV DUH WKH IXQGDPHQWDO DQG WKH PRVW GHSHQGHQW
FRPSRQHQW RI WKH LQIRUPDWLRQ VHFXULW\ LQIUDVWUXFWXUH )XQGDPHQWDO VHFXULW\
UHTXLUHPHQWV FRQGLWLRQV UXOHV DUH FRQILJXUHG WR EH HQIRUFHG LQ DQ
LQIRUPDWLRQ VHFXULW\ SROLF\ WR VHFXUH WKH RUJDQL]DWLRQ
V UHVRXUFHV 7KHVH
SROLFLHV FRYHU WKH RXWOLQHV RI PDQDJHPHQW DGPLQLVWUDWLRQ DQG VHFXULW\
UHTXLUHPHQWVZLWKLQDQLQIRUPDWLRQVHFXULW\DUFKLWHFWXUH

Certified Ethical Hacker v10 https://www.ethicalhackx.com fb.com/ethicalhackx


Certified Ethical Hacker v10 https://www.ethicalhackx.com fb.com/ethicalhackx

)LJXUH6WHSVWRHQIRUFH,QIRUPDWLRQ6HFXULW\

7KHEDVLFJRDOVDQGREMHFWLYHVRIWKH,QIRUPDWLRQ6HFXULW\3ROLFLHVDUH
&RYHU6HFXULW\UHTXLUHPHQWVDQGFRQGLWLRQVRIWKHRUJDQL]DWLRQ
3URWHFWRUJDQL]DWLRQVUHVRXUFHV
(OLPLQDWHOHJDOOLDELOLWLHV
0LQLPL]HWKHZDVWDJHRIUHVRXUFHV
3UHYHQWDJDLQVWXQDXWKRUL]HGDFFHVVPRGLILFDWLRQHWF
0LQLPL]HWKHULVN
,QIRUPDWLRQ$VVXUDQFH

Certified Ethical Hacker v10 https://www.ethicalhackx.com fb.com/ethicalhackx


Certified Ethical Hacker v10 https://www.ethicalhackx.com fb.com/ethicalhackx

7\SHVRI6HFXULW\3ROLFLHV
7KHGLIIHUHQWW\SHVRIVHFXULW\SROLFLHVDUHDVIROORZV
 3URPLVFXRXVSROLF\
 3HUPLVVLYHSROLF\
 3UXGHQWSROLF\
 3DUDQRLG3ROLF\
3URPLVFXRXVSROLF\
7KHSURPLVFXRXVSROLF\KDVQRUHVWULFWLRQRQXVDJHRIV\VWHPUHVRXUFHV
3HUPLVVLYHSROLF\
7KH SHUPLVVLYH SROLF\ UHVWULFWV RQO\ ZLGHO\ NQRZQ GDQJHURXV DWWDFNV RU
EHKDYLRU
3UXGHQW3ROLF\
7KH SUXGHQW SROLF\ HQVXUHV PD[LPXP DQG VWURQJHVW VHFXULW\ DPRQJ WKHP
+RZHYHU LW DOORZV NQRZQ QHFHVVDU\ ULVNV EORFNLQJ DOO RWKHU VHUYLFH EXW
LQGLYLGXDOO\HQDEOHGVHUYLFHV(YHU\HYHQWLVORJLQSUXGHQWSROLF\
3DUDQRLG3ROLF\
3DUDQRLG3ROLF\GHQLHGHYHU\WKLQJOLPLWLQJLQWHUQHWXVDJH

,PSOLFDWLRQVIRU6HFXULW\3ROLF\(QIRUFHPHQW
+5 /HJDO,PSOLFDWLRQRI6HFXULW\3ROLFLHV
+5 GHSDUWPHQW KDV WKH UHVSRQVLELOLW\ RI PDNLQJ VXUH WKH RUJDQL]DWLRQ LV
DZDUH UHJDUGLQJ VHFXULW\ SROLFLHV DV ZHOO DV SURYLGLQJ VXIILFLHQW WUDLQLQJ

Certified Ethical Hacker v10 https://www.ethicalhackx.com fb.com/ethicalhackx


Certified Ethical Hacker v10 https://www.ethicalhackx.com fb.com/ethicalhackx

:LWK WKH FRRSHUDWLRQ RI WKH PDQDJHPHQW RU DGPLQLVWUDWLRQ ZLWKLQ DQ


RUJDQL]DWLRQ WKH +5 GHSDUWPHQW PRQLWRUV WKH HQIRUFHPHQW RI VHFXULW\
SROLFLHV GHDOVZLWKDQ\YLRODWLRQLVVXHVDULVHLQWKHGHSOR\PHQW
/HJDO LPSOLFDWLRQ RI VHFXULW\ SROLFLHV HQIRUFHV XQGHU WKH VXSHUYLVLRQ RI WKH
SURIHVVLRQDOV7KHVHSURIHVVLRQDOVDUHOHJDOH[SHUWVFRQVXOWDQWZKLFKFRPSO\
ZLWK ODZV HVSHFLDOO\ ORFDO ODZV DQG UHJXODWLRQV $Q\ YLRODWLRQ RI OHJDO
LPSOLFDWLRQOHDGVWRODZVXLWVDJDLQVWWKHUHVSRQVLEOH

Certified Ethical Hacker v10 https://www.ethicalhackx.com fb.com/ethicalhackx


Certified Ethical Hacker v10 https://www.ethicalhackx.com fb.com/ethicalhackx

3K\VLFDO6HFXULW\
3K\VLFDO 6HFXULW\ LV DOZD\V WKH WRS SULRULW\ LQ VHFXULQJ DQ\WKLQJ ,Q
,QIRUPDWLRQ6HFXULW\LWLVDOVRFRQVLGHUHGLPSRUWDQWDQGUHJDUGHGDVWKHILUVW
OD\HURISURWHFWLRQ3K\VLFDOVHFXULW\LQFOXGHVSURWHFWLRQDJDLQVWKXPDQPDGH
DWWDFNV VXFK DV WKHIW GDPDJH XQDXWKRUL]HG SK\VLFDO DFFHVV DV ZHOO DV
HQYLURQPHQWDOLPSDFWVVXFKDVUDLQGXVWSRZHUIDLOXUHDQGILUH

)LJXUH3K\VLFDO6HFXULW\

3K\VLFDOVHFXULW\LVUHTXLUHGWRSUHYHQWVWHDOLQJWDPSHULQJGDPDJHWKHIWDQG
PDQ\ PRUH SK\VLFDO DWWDFNV 7R VHFXUH WKH SUHPLVHV DQG DVVHWV VHWXS RI
IHQFHV JXDUGV &&79 FDPHUDV LQWUXGHU PRQLWRULQJ V\VWHP EXUJODU DODUPV
GHDGORFNVWRVHFXUHVWKHSUHPLVHV,PSRUWDQWILOHVDQGGRFXPHQWVVKRXOGEH
DYDLODEOH RQ DQ\ XQVHFXUHG ORFDWLRQ HYHQ ZLWKLQ DQ RUJDQL]DWLRQ RU NHHS
ORFNHG DYDLODEOH WR DXWKRUL]HG SHUVRQV RQO\ )XQFWLRQ DUHD PXVW EH
VHSDUDWHG ELRPHWULFDOO\ SURWHFWHG &RQWLQXRXV RU IUHTXHQW PRQLWRULQJ VXFK
DVPRQLWRULQJRIZLUHWDSSLQJFRPSXWHUHTXLSPHQW+9$&DQGILUHILJKWLQJ
V\VWHPVKRXOGDOVREHGRQH

Certified Ethical Hacker v10 https://www.ethicalhackx.com fb.com/ethicalhackx


Certified Ethical Hacker v10 https://www.ethicalhackx.com fb.com/ethicalhackx

,QFLGHQW0DQDJHPHQW
,QFLGHQW5HVSRQVH0DQDJHPHQWLVWKHSURFHGXUHDQGPHWKRGRIKDQGOLQJDQ
LQFLGHQW WKDW RFFXUV 7KLV LQFLGHQW PD\ EH DQ\ VSHFLILF YLRODWLRQ RI DQ\
FRQGLWLRQ SROLFLHV RU HOVH 6LPLODUO\ LQ LQIRUPDWLRQ VHFXULW\ LQFLGHQW
UHVSRQVHV DUH WKH UHPHGLDWLRQ DFWLRQV RU VWHSV WDNHQ DV WKH UHVSRQVH RI DQ
LQFLGHQW GHSHQGLQJ XSRQ LGHQWLILFDWLRQ RI DQ HYHQW WKUHDW RU DWWDFN WR WKH
UHPRYDO RU HOLPLQDWLRQ ZKHQ V\VWHP EHFRPH VWDEOH VHFXUH DQG IXQFWLRQDO
DJDLQ ,QFLGHQW UHVSRQVH PDQDJHPHQW GHILQHV WKH UROHV DQG UHVSRQVLELOLWLHV
RI SHQHWUDWLRQ WHVWHUV XVHUV RU HPSOR\HHV RI DQ RUJDQL]DWLRQ $GGLWLRQDOO\
LQFLGHQW UHVSRQVH PDQDJHPHQW GHILQHV DFWLRQV UHTXLUHG ZKHQ D V\VWHP LV
IDFLQJ D WKUHDW WR LWV FRQILGHQWLDOLW\ LQWHJULW\ DXWKHQWLFLW\ DYDLODELOLW\
GHSHQGLQJXSRQWKHWKUHDWOHYHO,QLWLDOO\WKHLPSRUWDQWWKLQJWRUHPHPEHULV
ZKHQDV\VWHPLVGHDOLQJZLWKDQDWWDFNLWUHTXLUHVVRSKLVWLFDWHGGHGLFDWHG
WURXEOHVKRRWLQJ E\ DQ H[SHUW :KLOH UHVSRQGLQJ WR WKH LQFLGHQW WKH
SURIHVVLRQDOFROOHFWVWKHHYLGHQFHLQIRUPDWLRQDQGFOXHVWKDWDUHKHOSIXOIRU
SUHYHQWLRQ LQ IXWXUH WUDFLQJ WKH DWWDFNHU DQG ILQGLQJ WKH KROHV DQG
YXOQHUDELOLWLHVLQWKHV\VWHP
,QFLGHQW0DQDJHPHQW3URFHVV
,QFLGHQW5HVSRQVH0DQDJHPHQWSURFHVVHVLQFOXGH
 3UHSDUDWLRQIRU,QFLGHQW5HVSRQVH
 'HWHFWLRQDQG$QDO\VLVRI,QFLGHQW5HVSRQVH
 &ODVVLILFDWLRQRIDQLQFLGHQWDQGLWVSULRULWL]DWLRQ
 1RWLILFDWLRQDQG$QQRXQFHPHQWV
 &RQWDLQPHQW
 )RUHQVLF,QYHVWLJDWLRQRIDQLQFLGHQW
 (UDGLFDWLRQDQG5HFRYHU\
 3RVW,QFLGHQW$FWLYLWLHV
5HVSRQVLELOLWLHVRI,QFLGHQW5HVSRQVH7HDP
7KH,QFLGHQW5HVSRQVHWHDPLVFRQVLVWVRIWKHPHPEHUVZKRDUHZHOODZDUH
RIGHDOLQJZLWKLQFLGHQWV7KLV5HVSRQVHWHDPLVFRQVLVWVRIWUDLQHGRIILFLDOV
ZKR DUH H[SHUW LQ FROOHFWLQJ WKH LQIRUPDWLRQ DQG VHFXUH DOO HYLGHQFH RI DQ
DWWDFNIURPWKHLQFLGHQWV\VWHP$VIDUDVWKHPHPEHURI,QFLGHQWUHVSRQVH
WHDP LV FRQFHUQHG WKLV WHDP LQFOXGHV ,7 SHUVRQQHO +5 3XEOLF 5HODWLRQ
RIILFHUV/RFDO/DZHQIRUFHPHQWDQG&KLHI6HFXULW\RIILFHU

Certified Ethical Hacker v10 https://www.ethicalhackx.com fb.com/ethicalhackx


Certified Ethical Hacker v10 https://www.ethicalhackx.com fb.com/ethicalhackx

7KH PDMRU UHVSRQVLELOLW\ RI WKLV WHDP LV WR WDNH DFWLRQ DFFRUGLQJ WR
,QFLGHQW5HVSRQVH3ODQ ,53 ,I,53LVQRWGHILQHGQRWDSSOLFDEOHRQ
WKDW FDVH WKH WHDP KDV WR IROORZ WKH OHDGLQJ H[DPLQHU WR SHUIRUP D
FRRUGLQDWHGRSHUDWLRQ
([DPLQDWLRQ DQG HYDOXDWLRQ RI HYHQW GHWHUPLQDWLRQ RI GDPDJH RU
VFRSHRIDQDWWDFN
'RFXPHQWWKHHYHQWSURFHVVHV
,I UHTXLUHG WDNH WKH VXSSRUW RI H[WHUQDO VHFXULW\ SURIHVVLRQDO RU
FRQVXOWDQW
,IUHTXLUHGWDNHWKHVXSSRUWRIORFDOODZHQIRUFHPHQW
)DFWV&ROOHFWLRQ
5HSRUWLQJ

0LQG0DS

Certified Ethical Hacker v10 https://www.ethicalhackx.com fb.com/ethicalhackx


Certified Ethical Hacker v10 https://www.ethicalhackx.com fb.com/ethicalhackx

Certified Ethical Hacker v10 https://www.ethicalhackx.com fb.com/ethicalhackx


Certified Ethical Hacker v10 https://www.ethicalhackx.com fb.com/ethicalhackx

9XOQHUDELOLW\$VVHVVPHQW
9XOQHUDELOLW\DVVHVVPHQWLVWKHSURFHGXUHRIH[DPLQDWLRQLGHQWLILFDWLRQDQG
DQDO\VLV RI V\VWHP RU DSSOLFDWLRQ DELOLWLHV LQFOXGLQJ VHFXULW\ SURFHVVHV
UXQQLQJ RQ D V\VWHP WR ZLWKVWDQG DQ\ WKUHDW 7KURXJK YXOQHUDELOLW\
DVVHVVPHQW \RX FDQ LGHQWLI\ ZHDNQHVVHV DQG WKUHDW WR D V\VWHP VFRSH D
YXOQHUDELOLW\ HVWLPDWH WKH UHTXLUHPHQW DQG HIIHFWLYHQHVV RI DQ\ DGGLWLRQDO
VHFXULW\OD\HU
7\SHVRI9XOQHUDELOLW\$VVHVVPHQW
7KHIROORZLQJDUHWKHW\SHVRIYXOQHUDELOLW\DVVHVVPHQW
 $FWLYH$VVHVVPHQW
 3DVVLYH$VVHVVPHQW
 +RVWEDVHG$VVHVVPHQW
 ,QWHUQDO$VVHVVPHQW
 ([WHUQDO$VVHVVPHQW
 1HWZRUN$VVHVVPHQW
 :LUHOHVV1HWZRUN$VVHVVPHQW
 $SSOLFDWLRQ$VVHVVPHQW
1HWZRUN9XOQHUDELOLW\$VVHVVPHQW0HWKRGRORJ\
1HWZRUN 9XOQHUDELOLW\ $VVHVVPHQW LV DQ H[DPLQDWLRQ RI SRVVLELOLWLHV RI DQ
DWWDFN YXOQHUDELOLWLHV WR D QHWZRUN 7KH IROORZLQJ DUH WKH SKDVHV RI
9XOQHUDELOLW\$VVHVVPHQW
 $FTXLVLWLRQ
 ,GHQWLILFDWLRQ
 $QDO\]LQJ
 (YDOXDWLRQ
 *HQHUDWLQJ5HSRUWV

Certified Ethical Hacker v10 https://www.ethicalhackx.com fb.com/ethicalhackx


Certified Ethical Hacker v10 https://www.ethicalhackx.com fb.com/ethicalhackx

)LJXUH1HWZRUN9XOQHUDELOLW\$VVHVVPHQW0HWKRGRORJ\

$FTXLVLWLRQ
7KH DFTXLVLWLRQ SKDVH FRPSDUHV DQG UHYLHZ SUHYLRXVO\ LGHQWLILHG
YXOQHUDELOLWLHVODZVDQGSURFHGXUHVWKDWDUHUHODWHGWRQHWZRUNYXOQHUDELOLW\
DVVHVVPHQW
,GHQWLILFDWLRQ
,Q WKH ,GHQWLILFDWLRQ SKDVH LQWHUDFWLRQ ZLWK FXVWRPHUV HPSOR\HHV
DGPLQLVWUDWLRQ RU RWKHU SHRSOH WKDW DUH LQYROYHG LQ GHVLJQLQJ WKH QHWZRUN
DUFKLWHFWXUHWRJDWKHUWKHWHFKQLFDOLQIRUPDWLRQ
$QDO\]LQJ
$QDO\]LQJSKDVHUHYLHZVWKHJDWKHUHGFROOHFWHGLQIRUPDWLRQLQWKHIRUPRID
FROOHFWLRQ RI GRFXPHQWDWLRQ RU RQHWRRQH LQWHUDFWLRQ $QDO\]LQJ SKDVH LV
EDVLFDOO\
5HYLHZLQIRUPDWLRQ
$QDO\]LQJSUHYLRXVO\LGHQWLILHGYXOQHUDELOLWLHVUHVXOWV
5LVN$VVHVVPHQW
9XOQHUDELOLW\DQG5LVN$QDO\VLV
(YDOXDWLRQRIWKHHIIHFWLYHQHVVRIH[LVWLQJVHFXULW\SROLFLHV
(YDOXDWLRQ

Certified Ethical Hacker v10 https://www.ethicalhackx.com fb.com/ethicalhackx


Certified Ethical Hacker v10 https://www.ethicalhackx.com fb.com/ethicalhackx

(YDOXDWLRQSKDVHLQFOXGHV
,QVSHFWLRQRI,GHQWLILHG9XOQHUDELOLWLHV
,GHQWLILFDWLRQRIIODZVJDSVLQH[LVWLQJ UHTXLUHG6HFXULW\
'HWHUPLQDWLRQ RI 6HFXULW\ &RQWURO UHTXLUHG UHVROYLQJ LVVXHV
9XOQHUDELOLWLHV
,GHQWLI\PRGLILFDWLRQDQG8SJUDGHV
*HQHUDWLQJ5HSRUWV
5HSRUWLQJ SKDVH LV GRFXPHQWDWLRQ RI GUDIW UHSRUW UHTXLUHG IRU IXWXUH
LQVSHFWLRQ7KLVUHSRUWKHOSVLGHQWLI\YXOQHUDELOLWLHVLQWKHDFTXLVLWLRQSKDVH
$XGLWDQG3HQHWUDWLRQDOVRUHTXLUHWKHVHSUHYLRXVO\FROOHFWHGUHSRUWV:KHQ
DQ\ PRGLILFDWLRQ LQ VHFXULW\ PHFKDQLVP LV UHTXLUHG WKHVH UHSRUWV KHOS WR
GHVLJQVHFXULW\LQIUDVWUXFWXUH&HQWUDO'DWDEDVHVXVXDOO\KROGVWKHVHUHSRUWV
5HSRUWVFRQWDLQ
7DVNGLGE\HDFKPHPEHURIWKHWHDP
0HWKRGV WRROVXVHG
)LQGLQJV
5HFRPPHQGDWLRQV
&ROOHFWHGLQIRUPDWLRQIURPGLIIHUHQWSKDVHV0LQG0DS

Certified Ethical Hacker v10 https://www.ethicalhackx.com fb.com/ethicalhackx


Certified Ethical Hacker v10 https://www.ethicalhackx.com fb.com/ethicalhackx

Certified Ethical Hacker v10 https://www.ethicalhackx.com fb.com/ethicalhackx


Certified Ethical Hacker v10 https://www.ethicalhackx.com fb.com/ethicalhackx

3HQHWUDWLRQ7HVWLQJ
7HFKQRORJ\2YHUYLHZ
,QWKH(WKLFDO+DFNLQJHQYLURQPHQWWKHPRVWFRPPRQWHUPWKDWRIWHQXVHVLV
SHQWHVWHU3HQWHVWHUVDUHWKHSHQHWUDWLRQWHVWHUWKDWKDVSHUPLVVLRQWRKDFND
V\VWHPE\RZQHU3HQHWUDWLRQWHVWLQJLVWKHSURFHVVRIKDFNLQJDV\VWHPZLWK
WKH SHUPLVVLRQ IURP WKH RZQHU RI WKDW V\VWHP WR HYDOXDWH VHFXULW\ +DFN
9DOXH 7DUJHW RI (YDOXDWLRQ 72( DWWDFNV H[SORLWV ]HURGD\ YXOQHUDELOLW\
RWKHUFRPSRQHQWVVXFKDVWKUHDWVYXOQHUDELOLWLHVDQGGDLV\FKDLQLQJ

)LJXUH&RPSDULQJ3HQWHVWLQJ

,PSRUWDQWIRU3HQHWUDWLRQWHVWLQJ
,I\RXZDQWWREHUHDG\IRUDQDWWDFN\RXPXVWEHVPDUWWRWKLQNOLNHWKHP
DFWOLNHWKHP+DFNHUVDUHVNLOOHGKDYLQJGHWDLOHGLQIRUPDWLRQRIKDUGZDUHߞV
VRIWZDUHQHWZRUNLQJDQGRWKHUUHODWHGLQIRUPDWLRQ7KHQHHGDQGLPSRUWDQFH
RISHQHWUDWLRQWHVWLQJLQWKHPRGHUQZRUOGZKHUHYDULRXVO\DGYDQFHGWKUHDW
VXFK DV 'HQLDORIVHUYLFH ,GHQWLW\ WKHIW WKHIW RI VHUYLFHV VWHDOLQJ
LQIRUPDWLRQLVFRPPRQV\VWHPSHQHWUDWLRQHQVXUHWRFRXQWHUWKHDWWDFNIURP
PDOLFLRXVWKUHDWE\DQWLFLSDWLQJPHWKRGV6RPHRWKHUPDMRUDGYDQWDJHVDQG
QHHG IRU SHQHWUDWLRQ WHVWLQJ LV WR XQFRYHU WKH YXOQHUDELOLWLHV LQ V\VWHPV DQG
VHFXULW\GHSOR\PHQWVLQWKHVDPHZD\DQDWWDFNHUJDLQVDFFHVV

Certified Ethical Hacker v10 https://www.ethicalhackx.com fb.com/ethicalhackx


Certified Ethical Hacker v10 https://www.ethicalhackx.com fb.com/ethicalhackx

7RLGHQWLI\WKHWKUHDWVDQGYXOQHUDELOLWLHVWRRUJDQL]DWLRQVDVVHWV
7RSURYLGHDFRPSUHKHQVLYHDVVHVVPHQWRISROLFLHVSURFHGXUHVGHVLJQ
DQGDUFKLWHFWXUH
7R VHW UHPHGLDWLRQ DFWLRQV WR VHFXUH WKHP EHIRUH WKH\ DUH XVHG E\ D
KDFNHUWREUHDFKVHFXULW\
7RLGHQWLI\ZKDWDQDWWDFNHUFDQDFFHVVWRVWHDO
7RLGHQWLI\ZKDWLQIRUPDWLRQFDQEHWKHIWDQGLWVXVH
7RWHVWDQGYDOLGDWHWKHVHFXULW\SURWHFWLRQ LGHQWLI\WKHQHHGIRUDQ\
DGGLWLRQDOSURWHFWLRQOD\HU
0RGLILFDWLRQ DQG XSJUDGDWLRQ RI FXUUHQWO\ GHSOR\PHQW VHFXULW\
DUFKLWHFWXUH
7RUHGXFHWKHH[SHQVHRI,76HFXULW\E\HQKDQFLQJ5HWXUQRQ6HFXULW\
,QYHVWPHQW 526, 

)LJXUH&RPSDULQJ%OXH 5HG7HDPLQJ

7\SHVRI3HQHWUDWLRQ7HVWLQJ
7KUHHW\SHVRI3HQHWUDWLRQWHVWLQJDUHLPSRUWDQWWREHGLIIHUHQWLDWHGEHFDXVHD
SHQHWUDWLRQWHVWHUPD\KDYHDVNHGWRSHUIRUPDQ\RIWKHP
%ODFN%R[
7KHEODFNER[LVDW\SHRISHQHWUDWLRQWHVWLQJLQZKLFKWKHSHQWHVWHULVEOLQG
WHVWLQJRUGRXEOHEOLQGWHVWLQJLHSURYLGHGZLWKQRSULRUNQRZOHGJHRIWKH

Certified Ethical Hacker v10 https://www.ethicalhackx.com fb.com/ethicalhackx


Certified Ethical Hacker v10 https://www.ethicalhackx.com fb.com/ethicalhackx

V\VWHP RU DQ\ LQIRUPDWLRQ RI WKH WDUJHW %ODFN ER[LQJ LV GHVLJQHG WR
GHPRQVWUDWHDQHPXODWHGVLWXDWLRQDVDQDWWDFNHULQFRXQWHULQJDQDWWDFN
*UD\ER[
*UD\ ER[ LV D W\SH RI SHQHWUDWLRQ WHVWLQJ LQ ZKLFK WKH SHQWHVWHU KDV YHU\
OLPLWHGSULRUNQRZOHGJHRIWKHV\VWHPRUDQ\LQIRUPDWLRQRIWDUJHWVVXFKDV
,3DGGUHVVHV2SHUDWLQJV\VWHPRUQHWZRUNLQIRUPDWLRQLQYHU\OLPLWHG*DU\
ER[LQJLVGHVLJQHGWRGHPRQVWUDWHDQHPXODWHGVLWXDWLRQDVDQLQVLGHUPLJKW
KDYH WKLV LQIRUPDWLRQ DQG WR FRXQWHU DQ DWWDFN DV WKH SHQWHVWHU KDV EDVLF
OLPLWHGLQIRUPDWLRQUHJDUGLQJWDUJHW
:KLWHER[
7KH ZKLWH ER[ LV D W\SH RI SHQHWUDWLRQ WHVWLQJ LQ ZKLFK WKH SHQWHVWHU KDV
FRPSOHWH NQRZOHGJH RI V\VWHP DQG LQIRUPDWLRQ RI WKH WDUJHW 7KLV W\SH RI
SHQHWUDWLRQ LV GRQH E\ LQWHUQDO VHFXULW\ WHDPV RU VHFXULW\ DXGLWV WHDPV WR
SHUIRUPDXGLWLQJ


3KDVHVRI3HQHWUDWLRQ7HVWLQJ
3HQHWUDWLRQWHVWLQJLVDWKUHHSKDVHSURFHVV
3UH$WWDFN3KDVH
$WWDFN3KDVH
3RVW$WWDFN3KDVH

Certified Ethical Hacker v10 https://www.ethicalhackx.com fb.com/ethicalhackx


Certified Ethical Hacker v10 https://www.ethicalhackx.com fb.com/ethicalhackx

)LJXUH3HQHWUDWLRQ7HVWLQJ3KDVHV

6HFXULW\7HVWLQJ0HWKRGRORJ\
7KHUH DUH VRPH PHWKRGRORJLFDO DSSURDFKHV WR EH DGRSWHG IRU VHFXULW\ RU
SHQHWUDWLRQWHVWLQJ,QGXVWU\OHDGLQJ3HQHWUDWLRQ7HVWLQJ0HWKRGRORJLHVDUH
2SHQ:HE$SSOLFDWLRQ6HFXULW\3URMHFW 2:$63
2SHQ6RXUFH6HFXULW\7HVWLQJ0HWKRGRORJ\0DQXDO 266700
,QIRUPDWLRQ6\VWHPV6HFXULW\$VVHVVPHQW)UDPHZRUN ,6$)
(&&RXQFLO/LFHQVHG3HQHWUDWLRQ7HVWHU /37 0HWKRGRORJ\

0LQG0DS

Certified Ethical Hacker v10 https://www.ethicalhackx.com fb.com/ethicalhackx


Certified Ethical Hacker v10 https://www.ethicalhackx.com fb.com/ethicalhackx

Certified Ethical Hacker v10 https://www.ethicalhackx.com fb.com/ethicalhackx


Certified Ethical Hacker v10 https://www.ethicalhackx.com fb.com/ethicalhackx

,QIRUPDWLRQ6HFXULW\/DZVDQG6WDQGDUGV
3D\PHQW&DUG,QGXVWU\'DWD6HFXULW\6WDQGDUG 3&,'66
3D\PHQW &DUG ,QGXVWU\ 'DWD 6HFXULW\ 6WDQGDUG 3&,'66 LV D JOREDO
LQIRUPDWLRQ VHFXULW\ VWDQGDUG E\ ߡ3&, 6HFXULW\ 6WDQGDUGV &RXQFLOߢ
DYDLODEOHIRURUJDQL]DWLRQVWRGHYHORSHQKDQFHDQGDVVHVVVHFXULW\VWDQGDUGV
IRU KDQGOLQJ FDUGKROGHU LQIRUPDWLRQ DQG VHFXULW\ VWDQGDUG IRU SD\PHQW
DFFRXQWVHFXULW\3&,6HFXULW\6WDQGDUGV&RXQFLOGHYHORSVVHFXULW\VWDQGDUGV
IRU SD\PHQW FDUG LQGXVWU\ DQG SURYLGHV WRROV UHTXLUHG IRU HQIRUFHPHQW RI
WKHVHVWDQGDUGVOLNHWUDLQLQJFHUWLILFDWLRQDVVHVVPHQWDQGVFDQQLQJ
)RXQGLQJPHPEHUVRIWKLVFRXQFLODUH
$PHULFDQ([SUHVV'LVFRYHU)LQDQFLDO6HUYLFHV
-&%,QWHUQDWLRQDO
0DVWHU&DUG
9LVD,QF
3&, GDWD VHFXULW\ VWDQGDUG GHDOV ZLWK EDVLFDOO\ FDUGKROGHU GDWD VHFXULW\ IRU
GHELWFUHGLWSUHSDLGHSXUVH$70DQG326FDUGV$KLJKOHYHORYHUYLHZRI
3&,'66SURYLGH
6HFXUH1HWZRUN
6WURQJ$FFHVV&RQWURO
&DUGKROGHUGDWDVHFXULW\
5HJXODU0RQLWRULQJDQG(YDOXDWLRQRI1HWZRUN
0DLQWDLQLQJ9XOQHUDELOLW\SURJUDP
,QIRUPDWLRQVHFXULW\SROLF\
,62,(&
,QWHUQDWLRQDO 2UJDQL]DWLRQ IRU 6WDQGDUGL]DWLRQ ,62 DQG ,QWHUQDWLRQDO
(OHFWUR7HFKQLFDO&RPPLVVLRQ ,(& DUHRUJDQL]DWLRQVWKDWJOREDOO\GHYHORS
DQG PDLQWDLQ WKHLU VWDQGDUGV ,62,(& VWDQGDUG HQVXUHV WKH
UHTXLUHPHQW IRU LPSOHPHQWDWLRQ PDLQWHQDQFH DQG LPSURYHPHQW RI DQ
LQIRUPDWLRQ VHFXULW\ PDQDJHPHQW V\VWHP 7KLV VWDQGDUG LV D UHYLVHG HGLWLRQ
VHFRQG RIWKHILUVWHGLWLRQ,62,6(,62,(&FRYHU
WKHIROORZLQJNH\SRLQWLQLQIRUPDWLRQVHFXULW\
,PSOHPHQWDWLRQDQGPDLQWDLQLQJ6HFXULW\UHTXLUHPHQWV
,QIRUPDWLRQVHFXULW\PDQDJHPHQWSURFHVVHV
$VVXUDQFHRI&RVWHIIHFWLYHULVNPDQDJHPHQW

Certified Ethical Hacker v10 https://www.ethicalhackx.com fb.com/ethicalhackx


Certified Ethical Hacker v10 https://www.ethicalhackx.com fb.com/ethicalhackx

6WDWXVRI,QIRUPDWLRQ6HFXULW\0DQDJHPHQW$FWLYLWLHV
&RPSOLDQWZLWKODZV
+HDOWK,QVXUDQFH3RUWDELOLW\DQG$FFRXQWDELOLW\$FW +,3$$
+HDOWK,QVXUDQFH3RUWDELOLW\DQG$FFRXQWDELOLW\$FW +,3$$ ZDVSDVVHGLQ
 E\ &RQJUHVV +,3$$ UXQV ZLWK 'HSDUWPHQW RI +HDOWK DQG +XPDQ
6HUYLFHV ++6 WR GHYHORS DQG PDLQWDLQ UHJXODWLRQ WKDW DVVRFLDWHV ZLWK
SULYDF\ DQG VHFXULW\ RI KHDOWK LQIRUPDWLRQ +,3$$ 6HFXULW\ UXOHV HQVXUH
ZKDWLQIRUPDWLRQLVSURWHFWHGDGGLWLRQDOO\WKHVDIHJXDUGVWKDWPXVWDSSO\WR
VHFXUH HOHFWURQLF SURWHFWHG KHDOWK LQIRUPDWLRQ +,3$$ GHILQHV (OHFWURQLF
SURWHFWHG LQIRUPDWLRQ JHQHUDO UXOHV ULVN DQDO\VLV DQG PDQDJHPHQW
$GPLQLVWUDWLYH VDIHJXDUGV LQFOXGLQJ SK\VLFDO VDIHJXDUGV WHFKQLFDO
VDIHJXDUGVHQVXUHWKHFRQILGHQWLDOLW\LQWHJULW\DQGDYDLODELOLW\RIHOHFWURQLF
SURWHFWHGKHDOWKLQIRUPDWLRQ H3+, 
7KHPDMRUGRPDLQVLQLQIRUPDWLRQVHFXULW\ZKHUH+,3$$LVGHYHORSLQJDQG
PDLQWDLQVWDQGDUGVDQGUHJXODWLRQVDUH
(OHFWURQLF7UDQVDFWLRQDQG&RGH6HWV6WDQGDUGV
3ULYDF\5XOHV
6HFXULW\5XOHV
QDWLRQDO,GHQWLILHU5HTXLUHPHQWV
(QIRUFHPHQW5XOHV
6DUEDQHV2[OH\$FW 62;
6DUEDQHV 2[OH\ $FW 62; NH\ UHTXLUHPHQWV RU SURYLVLRQV RUJDQL]HV LQ WKH
IRUPRIWLWOHVZKLFKDUHDVIROORZV
7LWOH 0DMRUV
7LWOH, 3XEOLFFRPSDQ\DFFRXQWLQJRYHUVLJKWERDUG
7LWOH,, $XGLWRULQGHSHQGHQFH
7LWOH,,, &RUSRUDWHUHVSRQVLELOLW\
7LWOH,9 (QKDQFHGILQDQFLDOGLVFORVXUHV
7LWOH9 $QDO\VWFRQIOLFWVRILQWHUHVW
7LWOH9, &RPPLVVLRQUHVRXUFHVDQGDXWKRULW\
7LWOH9,, 6WXGLHVDQGUHSRUWV
7LWOH9,,, &RUSRUDWHDQGFULPLQDOIUDXGDFFRXQWDELOLW\
7LWOH,; :KLWHFROODUFULPHSHQDOW\HQKDQFHPHQWV

Certified Ethical Hacker v10 https://www.ethicalhackx.com fb.com/ethicalhackx


Certified Ethical Hacker v10 https://www.ethicalhackx.com fb.com/ethicalhackx

7LWOH; &RUSRUDWHWD[UHWXUQV
7LWOH;, &RUSRUDWHIUDXGDQGDFFRXQWDELOLW\
7DEOH62;7LWOHV

6RPH RWKHU UHJXODWRU\ ERGLHV DUH RIIHULQJ WKH VWDQGDUGV WKDW DUH EHLQJ
GHSOR\HG ZRUOGZLGH LQFOXGLQJ 'LJLWDO 0LOOHQQLXP &RS\ULJKW $FW '0&$
DQG )HGHUDO ,QIRUPDWLRQ 6HFXULW\ 0DQDJHPHQW $FW ),60$ '0&$ LV
8QLWHG 6WDWHV FRS\ULJKW ODZ ZKHUHDV ),60$ D IUDPHZRUN IRU HQVXULQJ
LQIRUPDWLRQVHFXULW\FRQWUROHIIHFWLYHQHVV$FFRUGLQJWR+RPHODQG6HFXULW\
),60$ FRGLILHV WKH 'HSDUWPHQW RI +RPHODQG 6HFXULW\ߞV UROH LQ
DGPLQLVWHULQJWKHLPSOHPHQWDWLRQRILQIRUPDWLRQVHFXULW\SROLFLHVIRUIHGHUDO
([HFXWLYH %UDQFK FLYLOLDQ DJHQFLHV RYHUVHHLQJ DJHQFLHVߞ FRPSOLDQFH ZLWK
WKRVH SROLFLHV DQG DVVLVWLQJ 20% LQ GHYHORSLQJ WKRVH SROLFLHV 7KH
OHJLVODWLRQ SURYLGHV WKH 'HSDUWPHQW DXWKRULW\ WR GHYHORS DQG RYHUVHH WKH
LPSOHPHQWDWLRQ RI ELQGLQJ RSHUDWLRQDO GLUHFWLYHV WR RWKHU DJHQFLHV LQ
FRRUGLQDWLRQ DQG FRQVLVWHQW ZLWK 20% SROLFLHV DQG SUDFWLFHV 7KH )HGHUDO
,QIRUPDWLRQ 6HFXULW\ 0RGHUQL]DWLRQ $FW RI DPHQGV WKH )HGHUDO
,QIRUPDWLRQ6HFXULW\0DQDJHPHQW$FWRI ),60$ 

0LQG0DS

Certified Ethical Hacker v10 https://www.ethicalhackx.com fb.com/ethicalhackx