hacking book 1: attack phasesmaui.hawaii.edu/.../intro-to-ethical-hacking.ppt_.pdfconducting ethical...
TRANSCRIPT
Hacking Book 1: Attack Phases
Chapter 1: Introduction to Ethical Hacking
Copyright © by EC-Council Press All rights reserved. Reproduction is strictly prohibited
Objectives
◉ Understand the importance of information security in today’s world
◉ Understand the elements of security◉ Identify the phases of the hacking cycle◉ Identify the different types of hacker attacks◉ Understand hacktivism
Copyright © by EC-Council Press All rights reserved. Reproduction is strictly prohibited
Objectives (cont’d.)
◉ Understand ethical hacking◉ Understand vulnerability research and identify tools
assisting in vulnerability research◉ Identify steps for conducting ethical hacking◉ Understand computer crimes and implications
Copyright © by EC-Council Press All rights reserved. Reproduction is strictly prohibited
Case Example
◉ Jeffrey, a 10th-grade student, loves reading any book◉ One day, he found a book titled Basics of Hacking
◉ Having always wondered how hacking works, he immediately started reading
◉ After reading the book, Jeffrey was eager to put some of his new knowledge into practice
◉ Jeffrey launched the tools from a CD that was offered with the book and discovered plenty of loopholes in the network◉ Is anything wrong with Jeffrey’s actions?◉ Are his actions justified?
Copyright © by EC-Council Press All rights reserved. Reproduction is strictly prohibited
Introduction to Ethical Hacking
◉ Hackers have various motivations for breaking into secure systems
◉ Duty of system administrators and network security professionals◉ To guard their infrastructure against exploits by
knowing the enemies who seek to use the same infrastructure for their own purposes
◉ One of the best ways to do this is to hire an ethical hacker◉ Someone who has all of the skills of a malicious
hacker, but is on the client’s side
Copyright © by EC-Council Press All rights reserved. Reproduction is strictly prohibited
Importance of Security
◉ Today, almost every company is becoming completely networked, exchanging information almost instantly◉ Of utmost importance to secure these assets from
outside threats◉ Security policy
◉ Specification for how objects in a security domain are allowed to interact
◉ There is an increased dependency on computers◉ Any disruption in their operation or integrity can
mean the loss of time, the loss of money, and sometimes even the loss of life
Copyright © by EC-Council Press All rights reserved. Reproduction is strictly prohibited
Threats and Vulnerabilities
◉ Vulnerability◉ Weakness in a defined asset that could be taken
advantage of or exploited by some threat◉ Threat
◉ Action or event that might compromise security◉ Every vulnerability does not lead to an attack, and all
attacks do not result in success◉ Factors that result in the success of an attack include
the degree of vulnerability, the strength of the attack, and the extent to which countermeasures are adopted
Copyright © by EC-Council Press All rights reserved. Reproduction is strictly prohibited
Attacks
◉ Target of evaluation◉ Information resource or asset that is being protected
from attacks◉ Attack
◉ Deliberate assault on that system’s security◉ Attacks can be broadly classified as active and
passive◉ Attacks can also be categorized as inside or outside
attacks
Copyright © by EC-Council Press All rights reserved. Reproduction is strictly prohibited
Security Breaches
◉ Exploit◉ Specific way to breach the security of an IT system
through a vulnerability◉ Exposure
◉ What comprises a breach of security◉ Can vary from one company to another, or even from
one department to another◉ Imperative for organizations to address both
penetration and protection issues
Copyright © by EC-Council Press All rights reserved. Reproduction is strictly prohibited
Exposure
◉ Exposure◉ Loss due to an exploit◉ Examples of loss include disclosure, deception,
disruption, and usurpation◉ Vulnerability is the primary entry point an attacker
can use to gain access to a system or to its data◉ Once the system is exposed, an attacker can collect
confidential information with relative ease, and usually erase his or her tracks afterwards
Copyright © by EC-Council Press All rights reserved. Reproduction is strictly prohibited
Elements of Security
◉ Security: state of well-being of a system’s data and infrastructure
◉ Assurance◉ Confidence that the system will behave according to
its specifications◉ Accountability
◉ System administrators or concerned authorities need to be able to know by whom, when, how and why system resources have been accessed
◉ Reusability or availability◉ Generally, not all resources are available to all users
Copyright © by EC-Council Press All rights reserved. Reproduction is strictly prohibited
The Security, Functionality, and Ease of Use Triangle
Figure 1-1 Moving toward security means moving away from functionality and ease of use.
Copyright © by EC-Council Press All rights reserved. Reproduction is strictly prohibited
The Growth of Hacking
◉ Originally, hacking required extraordinary computer skills to go beyond the intended uses of computer systems◉ Today there are automated tools and codes available
on the Internet that make it possible for almost anyone to successfully hack a system
◉ A victim will often keep the attack secret in order to save face◉ Even in the event of a devastating compromise
Copyright © by EC-Council Press All rights reserved. Reproduction is strictly prohibited
Phases of an Attack
◉ In general, there are five phases that make up an attack:◉ Reconnaissance◉ Scanning◉ Gaining access◉ Maintaining access◉ Covering tracks
Copyright © by EC-Council Press All rights reserved. Reproduction is strictly prohibited
Phase 1—Reconnaissance
◉ Reconnaissance ◉ Preparatory phase where an attacker gathers as much
information as possible about the target prior to launching the attack
◉ Reconnaissance types◉ Passive: attacker does not interact with the system
directly◉ Active: attacker interacts with the target system by
using tools to detect open ports, accessible hosts, router locations, network mapping, details of operating systems, and applications
Copyright © by EC-Council Press All rights reserved. Reproduction is strictly prohibited
Phase 2—Scanning
◉ Attacker uses the details gathered during reconnaissance to identify specific vulnerabilities
◉ An attacker can gather critical network information, such as the mapping of systems, routers, and firewalls◉ By using simple tools such as the standard Windows
utility Traceroute◉ Port scanners can be used to detect listening ports to
find information about the nature of services running on the target machine
◉ Vulnerability scanners: most commonly used tools
Copyright © by EC-Council Press All rights reserved. Reproduction is strictly prohibited
Phase 3—Gaining Access
◉ Gaining access◉ Where most of the damage is usually done, yet
hackers can cause plenty of damage without gaining any access to the system
◉ Access can be gained locally, offline, over a LAN, or over the Internet
◉ A hacker’s chances of gaining access into a target system are influenced by factors such as:◉ Architecture and configuration of the target system◉ Skill level of the perpetrator◉ Initial level of access obtained
Copyright © by EC-Council Press All rights reserved. Reproduction is strictly prohibited
Phase 4—Maintaining Access
◉ Attackers, who choose to remain undetected◉ Remove evidence of their entry◉ Install a backdoor or a Trojan to gain repeat access◉ Install rootkits at the kernel level to gain full
administrator access to the target compute◉ Hackers can use Trojans to transfer user names,
passwords, and any other information stored on the system
◉ Organizations can use intrusion detection systems or deploy traps known as honeypots and honeynets to detect intruders
Copyright © by EC-Council Press All rights reserved. Reproduction is strictly prohibited
Phase 5—Covering Tracks
◉ Attackers will usually attempt to erase all evidence of their actions
◉ Trojans such as ps or netcat are often used to erase the attacker’s activities from the system’s log files
◉ Steganography◉ Process of hiding data in other data, for instance
image and sound files◉ Tunneling
◉ Takes advantage of the transmission protocol by carrying one protocol over another
Copyright © by EC-Council Press All rights reserved. Reproduction is strictly prohibited
Types of Hacker Attacks
◉ Operating system attacks◉ Today’s operating systems contain many features,
making them increasingly complex◉ Application-level attacks
◉ Software developers often do not have time to completely test their products before shipping them
◉ Shrink-wrap code attacks◉ Software developers will often use free libraries and
code licensed from other sources in their programs◉ If vulnerabilities in that code are discovered, many
pieces of software are at risk
◉ Misconfiguration attacks
Copyright © by EC-Council Press All rights reserved. Reproduction is strictly prohibited
Hacktivism
◉ Hacktivism◉ When hackers break into government or corporate
computer systems as an act of protest◉ Hacker classes
◉ Black hats◉ White hats◉ Gray hat◉ Suicide hackers
Copyright © by EC-Council Press All rights reserved. Reproduction is strictly prohibited
Ethical Hackers
◉ Ethical hackers◉ Information security professionals who specialize in
evaluating and defending against threats from attackers
◉ Possess excellent computer skills and are committed to using those skills in protecting the integrity of computer systems rather than hurting them
◉ Ethical hackers categories:◉ Former black hats◉ White hats◉ Consulting firms
Copyright © by EC-Council Press All rights reserved. Reproduction is strictly prohibited
What Do Ethical Hackers Do?
◉ Ethical hacker’s evaluation of a client’s information system security seeks answers to three basic questions:◉ What can an attacker see on the target system?◉ What can an intruder do with that information?◉ Are the attackers’ attempts being noticed on the target
systems?◉ Ethical hacker must also remember to convey to the
client that that it is never possible to guard systems completely◉ However, they can always be improved
Copyright © by EC-Council Press All rights reserved. Reproduction is strictly prohibited
Can Hacking Be Ethical?
◉ Today, the term hacking is closely associated with illegal and unethical activities
◉ Most companies use IT professionals to audit their systems for known vulnerabilities
◉ Ethical hackers usually employ the same tools and techniques as attackers◉ With the important exception that once access is
gained, no damage is done◉ Important distinction between ethical hackers and
crackers is consent
Copyright © by EC-Council Press All rights reserved. Reproduction is strictly prohibited
Skills of an Ethical Hacker
◉ Ethical hackers must be computer experts◉ Must have a strong grasp on programming and
networking◉ Should be comfortable with installing and
maintaining systems using all popular Oss◉ Ethical hackers must possess detailed knowledge of
both hardware and software◉ Any ethical hacker must have plenty of patience
Copyright © by EC-Council Press All rights reserved. Reproduction is strictly prohibited
What Is Vulnerability Research?
◉ Vulnerability research includes:◉ Discovering system design faults and weaknesses that
might allow attackers to compromise a system◉ Keeping informed of new products and technologies
in order to find news related to current exploits◉ Checking underground hacking Web sites for newly
discovered vulnerabilities and exploits◉ Checking newly released alerts regarding relevant
innovations and product improvements for security systems
Copyright © by EC-Council Press All rights reserved. Reproduction is strictly prohibited
Why Hackers Need Vulnerability Research◉ Reasons:
◉ To identify and correct network vulnerabilities◉ To protect the network from being attacked◉ To get information that helps to prevent security
issues◉ To gather information about viruses and malware◉ To find weaknesses in the network and to alert the
network administrator before a network attack◉ To know how to recover from a network attack
Copyright © by EC-Council Press All rights reserved. Reproduction is strictly prohibited
Vulnerability Research Web Sites
◉ Web sites include:◉ US-CERT (http://www.us-cert.gov)◉ National Vulnerability Database (http://nvd.nist.gov)◉ Securitytracker (http://www.securitytracker.com)◉ SecuriTeam (http://www.securiteam.com)◉ Secunia (http://www.secunia.com)◉ HackerWatch (http://www.hackerwatch.org)◉ SecurityFocus (http://www.securityfocus.com)◉ SCMagazine (http://www.scmagazine.com)◉ Milw0rm (http://www.milw0rm.com)
Copyright © by EC-Council Press All rights reserved. Reproduction is strictly prohibited
Conducting Ethical Hacking
◉ Each ethical hacking assignment has six basic steps:◉ Talk with the client about the importance of security
and the necessity of testing◉ Prepare NDA (nondisclosure agreement) documents
and have the client sign them◉ Prepare an ethical hacking team and create a schedule
for testing◉ Conduct the test◉ Analyze the results and prepare the report◉ Deliver the report to the client
Copyright © by EC-Council Press All rights reserved. Reproduction is strictly prohibited
How Do They Go About It?
◉ Security testing involves three phases: preparation, conduct, and conclusion
◉ After discussing security issues with the client, a formal contract should be drawn up that contains ◉ NDA, to protect the client’s confidential data◉ Clause stating that the ethical hacker has full consent
of the client to hack into their systems◉ Conduct phase
◉ Two most common approaches:◉ Limited vulnerability analysis◉ Attack and penetration testing
Copyright © by EC-Council Press All rights reserved. Reproduction is strictly prohibited
How Do They Go About It? (cont’d.)
◉ The needs of the client◉ Clients will often prefer a limited vulnerability
analysis because they do not want to lose any data or risk any unintended damage
◉ While conducting an evaluation, ethical hackers may come across security holes that cannot be fixed within the predetermined time frame◉ Client should be warned of this
◉ Final phase is the conclusion phase◉ Report is prepared for the client
Copyright © by EC-Council Press All rights reserved. Reproduction is strictly prohibited
Ethical Hacking Testing
◉ Approaches fall into one of three categories: white box testing, black box testing, and gray box testing
◉ Black box testing◉ Ethical hacker is given no prior knowledge or
information about a system◉ White box testing
◉ Ethical hacker is given full advance knowledge of the system
◉ Choosing a testing method◉ Debate continues over whether black box testing or
white box testing is more beneficial◉ Also consider monetary resources and time factors
Copyright © by EC-Council Press All rights reserved. Reproduction is strictly prohibited
Ethical Hacking Deliverables
◉ In the conclusion phase, the ethical hacker creates a detailed report for the client◉ Analyzing the possibility and impact of hacking
◉ Vulnerabilities that were detected are explained in detail◉ Along with specific recommendations to patch them
in order to bring about a permanent security solution◉ Client may also solicit the participation of its
employees by asking them for suggestions or observations during the course of the evaluation
◉ Final report should be delivered only in a hard copy
Copyright © by EC-Council Press All rights reserved. Reproduction is strictly prohibited
Computer Crimes and Implications
◉ Computer crimes can be separated into two categories:◉ Crimes facilitated by use of a computer◉ Crimes where the computer is the target
◉ Cyber Security Enhancement Act 2002 allows life sentences for hackers who recklessly endanger the lives of others
◉ For more information, visit the United States Department of Justice’s Cyber Crime and Intellectual Property section at http://www.cybercrime.gov
Copyright © by EC-Council Press All rights reserved. Reproduction is strictly prohibited
Case Example Revisited
◉ Were the actions of Jeffrey, our 10th-grade computer prodigy, legal or ethical?
◉ The answer is, while his intentions were honest and innocent, it must be considered unethical
◉ The key difference between Jeffrey and an ethical hacker is that the ethical hacker always obtains written permission before attempting to access any system through unauthorized means
Copyright © by EC-Council Press All rights reserved. Reproduction is strictly prohibited
Summary
◉ The importance of security in any network is often underestimated
◉ Ethical hacking simulates a malicious attack without trying to cause damage
◉ Hacking involves five distinct phases: reconnaissance, scanning, gaining access, maintaining access, and clearing tracks
Copyright © by EC-Council Press All rights reserved. Reproduction is strictly prohibited
Summary (cont’d.)
◉ Vulnerability research can be done via several Web sites
◉ Security testing involves three phases: preparation, conduct, and conclusion
◉ Cyber crime is underreported, but taken very seriously when it is