FORMATION OF CYBER SECURITY SKILLS THROUGH METHODS OF HACKING, BYPASSING AND PROTECTING THE PROCEDURE FOR GRANTING ACCESS IN MICROSOFT WINDOWS OPERATING SYSTEM
PDF

Keywords

tools and techniques
hacking
bypassing
cybersecurity skills
identification
authentication
authorization
Microsoft Windows

How to Cite

[1]
V. Y. Kyva, O. V. Zastelo, and O. M. Nakonechnyi, “FORMATION OF CYBER SECURITY SKILLS THROUGH METHODS OF HACKING, BYPASSING AND PROTECTING THE PROCEDURE FOR GRANTING ACCESS IN MICROSOFT WINDOWS OPERATING SYSTEM”, ITLT, vol. 89, no. 3, pp. 233–248, Jun. 2022, doi: 10.33407/itlt.v89i3.4949.

Abstract

The article looks into the problematic issue of forming/developing teaching staff’s
cyber security skills (a case study of the teachers from the National University of Defence of Ukraine named after Ivan Cherniakhovskyi). The importance of this issue is fueled by the analysis of cyber security of user information on personal computers through the prism of vulnerabilities in the security mechanisms implementation for Microsoft Windows operating system (versions 7, 10), including access procedures. The key steps and specificities of the procedure for granting access (identification, authentication and authorization) in Microsoft Windows operating system are described. A survey among the teachers-respondents was conducted to figure out whether they understand the essence of the procedure for granting access and have some idea about methods of hacking, bypassing and protecting this access. The survey revealed that the teaching staff totally misunderstand the concepts and procedures. The issue of forming/developing teaching staff’s cyber security skills becomes even more relevant amid the implementation of basic cyber security principles in Ukraine, adopted by the Verkhovna Rada in 2017. Accordingly, the authors describe typical modern tools of hacking, bypassing and protecting the procedure for granting access in Microsoft Windows operating systems (versions 7, 10), which will enable everyone to master some practical steps in order to realize the importance and necessity of key tools and techniques of ensuring personal cyber security. In doing so, the authors intended to visualize possible ways of cyber security violation and increase awareness about them with the aim of preventing cyber risks. In addition, the authors seek to inform different categories of people that contemporary information and communications technologies not only expand the capabilities of our global digital society, but also increase exponentially the number of objects vulnerable to cyber threats. In addition, our task was to promote the issues of forming/developing teachers’ skills in supporting their cyber security by training them to implement some cyber security tools and techniques aimed at reducing cyber risks. Our attention is also paid to some ethical aspects in reviewing the outlined outcomes, presented for educational purposes in an effort to raise public awareness of the described vulnerabilities, which pose cyber risks to those involved in information sphere.

PDF

References

Law of Ukraine «On Basic Principles of Cyber Security of Ukraine». [Online]. Available: https://zakon.rada.gov.ua/laws/show/2163-19#Text. Accessed on: 12.02.2022. (in Ukrainian).

Decree of the President of Ukraine «On Cyber Security Strategy of Ukraine». [Online]. Available: https://zakon.rada.gov.ua/laws/show/447/2021#n12. Accessed on:12.02.2022. (in Ukrainian).

Spy games. Why did Groysman’s ex-translator come out of the pre-trial detention center?[Online]. Available: https://www.radiosvoboda.org/a/ezgov-derzgzrada-sud-shpygun/30038712.html. Accessed on:12.02.2022. (in Ukrainian).

A. A. Cain, M. E. Edwards, J. D. Still,“An exploratory study of cyber hygiene behaviors and knowledge”,Journal of information security and applications, vol. 42, pp. 36-45, 2018. (in English).

J. Esparza, N. Caporusso, A. Walters, “Addressing Human Factors in the Design of Cyber Hygiene Self-assessment Tools”, International Conference on Applied Human Factors and Ergonomics, Springer, Cham, pp. 88-94, 2020. (in English).

F. E. Eboibi,“Cybercriminals and coronavirus cybercrimes in Nigeria, the United States of America and the United Kingdom: Cyber hygiene and preventive enforcement measures”,Commonwealth Law Bulletin, pp. 113-142, 2020. (in English).

K. Maennel, S. Mäses, O. Maennel, “Cyber hygiene: The big picture”,In Nordic Conference on Secure IT Systems, Springer, Cham, pp. 291-305, 2018. (in English).

Ken Modeste, “Current Standards for Cyber-Hygiene in Industrial Control System Environments”,Industrial Control Systems Security and Resiliency, Springer, Cham, pp. 3-15, 2019. (in English).

J. Nicholson, J. McGlasson,“CyberGuardians: improving community cyber resilience through embedded peer-to-peer support”,In Companion Publication of the 2020 ACM designing interactive systems conference, pp. 117-121, 2020. (in English).

J. A. Oravec,“Emerging “cyber hygiene” practices for the Internet of Things (IoT): professional issues in consulting clients and educating users on IoT privacy and security”,In 2017 IEEE International Professional Communication Conference (ProComm), pp. 1-5, 2017. (in English).

S. Panda, E. Panaousis, G. Loukas, C. Laoudias,“Optimizing investments in cyber hygiene for protecting healthcare users”,In From Lambda Calculus to Cyber security Through Program Analysis, Springer, Cham, pp. 268-291, 2020. (in English).

P. Pusey, W. A. Sadera,“Cyberethics, cybersafety, and cyber security: Preservice teacher knowledge, preparedness, and the need for teacher education to make a difference”,Journal of Digital Learning in Teacher Education, vol. 28(2), pp. 82-85, 2011. (in English).

J. M. Such, P. Ciholas, A. Rashid, J. Vidler, T. Seabrook, “Basic Cyber Hygiene: Does It Work?”,Computer, vol. 52(4), pp. 21-31, 2019. (in English).

V. Yu. Bykov, O. Yu. Burov, N. P. Dementievska, “Cyber security in a digital learning environment”,Information Technologies and Learning Tools, vol. 70(2), pp. 313-331, 2019. (in Ukrainian).

O. Burov, O. Butnik-Siversky, O. Orliuk, K. Horska,“Cyber security and innovative digital educational environment”,Information Technologies and Learning Tools, vol. 80(6), pp. 414-430, 2020. (in English).

V. L. Buriachok, V. М. Bogush, Yu. V. Borsukovskii, P. M. Skladannyi, V. Yu. Borsukovska, “Training model for professionals in the field of information and cyber security in the higher educational institutions of Ukraine”,Information Technologies and Learning Tools, vol. 67(5), pp. 277-291, 2018. (in Ukrainian).

V. P. Oleksiuk, O. R. Oleksiuk, “The status of information security competence formedness of future computer science teachers”,Information Technologies and Learning Tools, vol. 62(6), pp. 277-291, 2017. (in Ukrainian).

B. Cannoles, A. Ghafarian, “Hacking Experiment by Using USB Rubber Ducky Scripting”,Journal of Systemics, vol. 15(2), pp. 66-71, 2017. (in English).

A. Gorbenko, A. Romanovsky, O. Tarasyuk, O. Biloborodov, “From analyzing operating system vulnerabilities to designing multiversion intrusion-tolerant architectures”,IEEE Transactions on Reliability, vol. 69(1), pp. 22-39, 2019. (in English).

Y. Khera, D. Kumar, N. Garg, “Analysis and Impact of Vulnerability Assessment and Penetration Testing”,In 2019 International Conference on Machine Learning, Big Data, Cloud and Parallel Computing (COMITCon), pp. 525-530, 2019. (in English).

Y. Kolli, T. K. Mohd, A. Y. Javaid, “Remote desktop backdoor implementation with reverse tcp payload using open source tools for instructional use”,In 2018 IEEE 9th Annual Information Technology, Electronics and Mobile Communication Conference (IEMCON),pp. 444-450, 2018. (in English).

A. Luse, A. Al Marzooq, J. Burkman, “Windows ME: Using Antiquated Software to Learn About Security”,IEEE Potentials, vol. 37(2), pp. 10-12, 2018. (in English).

R. Mahajan, M. Singh, S. Miglani, “ADS: Protecting NTFS from hacking”,In International Conference on Recent Advances and Innovations in Engineering (ICRAIE-2014), pp. 1-4, 2014. (in English).

S. Samtani, H. Zhu, H. Chen, “Proactively identifying emerging hacker threats from the dark web: A diachronic graph embedding framework (d-gef)”,ACM Transactions on Privacy and Security (TOPS), vol. 23(4), pp. 1-33, 2020. (in English).

S. Shrivastava, T. K. Ramesh, “Integration of SDN Controller, Time-Sliding Window, and Quantum Key Distribution with Resource Allocation Strategy in Optical Networks for High Security”,In 2019 Global Conference for Advancement in Technology (GCAT), pp. 1-5, 2019. (in English).

D. Stiawan, M. Y. B. Idris, A. H. Abdullah, M. AlQurashi, R. Budiarto, “Penetration Testing and Mitigation of Vulnerabilities Windows Server”,Int. J. Netw. Secur., vol. 18(3), pp. 501-513, 2016. (in English).

H. Y. Xiao, B. B. Zhao, “Analysis on sandbox technology of adobe reader x”,In 2013 International Conference on Computational and Information Sciences, pp. 137-140, 2013. (in English).

Authentication. [Online]. Available: https://en.wikipedia.org/wiki/Authentication. Accessed on: 12.02.2022. (in English).

We study and discover BitLocker. How to protect Windows drives and how to crack it. [Online]. Available: https://xakep.ru/2017/02/23/bitlocker-hacking/. Accessed: 12.02.2022. (in Russian).

VeraCrypt. [Online]. Available: https://www.veracrypt.fr/en/Home.html. Accessed on: 12.02.2022. (in English).

Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.

Copyright (c) 2022 Владислав Юрійович Кива, Ольга В’ячеславівна Застело, Олександр Михайлович Наконечний

Downloads

Download data is not yet available.