information security for technical staff module 7: prelude to a hack
DESCRIPTION
Information Security for Technical Staff Module 7: Prelude to a Hack. Instructional Objectives. Define Footprinting and discuss the basic steps to information gathering Define Scanning and the various tools for each type of scan Ping Sweeps Port Scans OS Detection - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: Information Security for Technical Staff Module 7: Prelude to a Hack](https://reader035.vdocuments.site/reader035/viewer/2022070416/5681510d550346895dbf2d23/html5/thumbnails/1.jpg)
Networked Systems SurvivabilityCERT® Coordination CenterSoftware Engineering InstituteCarnegie Mellon UniversityPittsburgh, PA 15213-3890
© 2002 Carnegie Mellon University® CERT, CERT Coordination Center and Carnegie Mellon are registered in the U.S. Patent and Trademark Office
Information Security for Technical Staff
Module 7:
Prelude to a Hack
![Page 2: Information Security for Technical Staff Module 7: Prelude to a Hack](https://reader035.vdocuments.site/reader035/viewer/2022070416/5681510d550346895dbf2d23/html5/thumbnails/2.jpg)
© 2002 Carnegie Mellon University Module 7: Prelude to a Hack - slide 2
Instructional ObjectivesDefine Footprinting and discuss the basic steps to information gathering
Define Scanning and the various tools for each type of scan• Ping Sweeps
• Port Scans
• OS Detection
Define enumeration and the types of information enumerated• Windows enumeration
• Unix enumeration
• Network enumeration
![Page 3: Information Security for Technical Staff Module 7: Prelude to a Hack](https://reader035.vdocuments.site/reader035/viewer/2022070416/5681510d550346895dbf2d23/html5/thumbnails/3.jpg)
© 2002 Carnegie Mellon University Module 7: Prelude to a Hack - slide 3
OverviewFootprinting
Scanning
Enumeration
![Page 4: Information Security for Technical Staff Module 7: Prelude to a Hack](https://reader035.vdocuments.site/reader035/viewer/2022070416/5681510d550346895dbf2d23/html5/thumbnails/4.jpg)
© 2002 Carnegie Mellon University Module 7: Prelude to a Hack - slide 4
Footprinting DefinedThe fine art of systematically gathering target information that will allow an attacker to create a complete profile of an organization’s security posture.
![Page 5: Information Security for Technical Staff Module 7: Prelude to a Hack](https://reader035.vdocuments.site/reader035/viewer/2022070416/5681510d550346895dbf2d23/html5/thumbnails/5.jpg)
© 2002 Carnegie Mellon University Module 7: Prelude to a Hack - slide 5
Footprinting -1Step 1: Determine Scope of Activities
Step 2: Network Enumeration
Step 3: DNS Interrogation
Step 4: Network Reconnaissance
![Page 6: Information Security for Technical Staff Module 7: Prelude to a Hack](https://reader035.vdocuments.site/reader035/viewer/2022070416/5681510d550346895dbf2d23/html5/thumbnails/6.jpg)
© 2002 Carnegie Mellon University Module 7: Prelude to a Hack - slide 6
Footprinting -2
Step 1: Determine Scope of ActivitiesOpen Source Search•Organization Websites
•Dumpster Diving
•News Articles/Press Releases
•Administrator Mailing Lists
•Social EngineeringDemo – Web weaving
![Page 7: Information Security for Technical Staff Module 7: Prelude to a Hack](https://reader035.vdocuments.site/reader035/viewer/2022070416/5681510d550346895dbf2d23/html5/thumbnails/7.jpg)
© 2002 Carnegie Mellon University Module 7: Prelude to a Hack - slide 7
Footprinting -3
Step 2: Network EnumerationIdentify domain names and network addresses• InterNIC, ARIN, allwhois.com
Queries•Registrar
•Organizational
•Domain
•Network
•POC Demo – Sam Spade
![Page 8: Information Security for Technical Staff Module 7: Prelude to a Hack](https://reader035.vdocuments.site/reader035/viewer/2022070416/5681510d550346895dbf2d23/html5/thumbnails/8.jpg)
© 2002 Carnegie Mellon University Module 7: Prelude to a Hack - slide 8
Footprinting -4
Step 3: DNS InterrogationMisconfigured DNS
Zone Transfers•nslookup, axfr
![Page 9: Information Security for Technical Staff Module 7: Prelude to a Hack](https://reader035.vdocuments.site/reader035/viewer/2022070416/5681510d550346895dbf2d23/html5/thumbnails/9.jpg)
© 2002 Carnegie Mellon University Module 7: Prelude to a Hack - slide 9
Footprinting -5
Step 4: Network ReconnaissanceDiscover Network Topology•Traceroute
•VisualRoute
Demo – Traces
![Page 10: Information Security for Technical Staff Module 7: Prelude to a Hack](https://reader035.vdocuments.site/reader035/viewer/2022070416/5681510d550346895dbf2d23/html5/thumbnails/10.jpg)
© 2002 Carnegie Mellon University Module 7: Prelude to a Hack - slide 10
Scanning DefinedThe use of a variety of tools and techniques to determine what systems are alive and reachable from the Internet.
![Page 11: Information Security for Technical Staff Module 7: Prelude to a Hack](https://reader035.vdocuments.site/reader035/viewer/2022070416/5681510d550346895dbf2d23/html5/thumbnails/11.jpg)
© 2002 Carnegie Mellon University Module 7: Prelude to a Hack - slide 11
ScanningPing Sweeps
Port Scans
OS Detection
![Page 12: Information Security for Technical Staff Module 7: Prelude to a Hack](https://reader035.vdocuments.site/reader035/viewer/2022070416/5681510d550346895dbf2d23/html5/thumbnails/12.jpg)
© 2002 Carnegie Mellon University Module 7: Prelude to a Hack - slide 12
Ping Sweeps
ICMP Sweep Tools •fping, Pinger, PingSweep, WS_Ping ProPack,
NetScan Tools, icmpenum
TCP Sweep Tools •nmap, hping
Demo – Pinging
![Page 13: Information Security for Technical Staff Module 7: Prelude to a Hack](https://reader035.vdocuments.site/reader035/viewer/2022070416/5681510d550346895dbf2d23/html5/thumbnails/13.jpg)
© 2002 Carnegie Mellon University Module 7: Prelude to a Hack - slide 13
Port Scans• Identify both the TCP and UDP services running
• Identify the type of operating system
• Identify specific applications or versions of a particular service
Port Scan Types
TCP connect scan TCP ACK scan
TCP SYN scan TCP Windows scan
TCP FIN scan TCP RPC scan
TCP Null scan UDP scan
TCP Xmas Tree scanDemo – NMAP/Languard
![Page 14: Information Security for Technical Staff Module 7: Prelude to a Hack](https://reader035.vdocuments.site/reader035/viewer/2022070416/5681510d550346895dbf2d23/html5/thumbnails/14.jpg)
© 2002 Carnegie Mellon University Module 7: Prelude to a Hack - slide 14
Scanning Tools• TCP Port Scanners
• UDP Port Scanners
• FTP Bounce Scanning
• Windows-Based Port Scanners
![Page 15: Information Security for Technical Staff Module 7: Prelude to a Hack](https://reader035.vdocuments.site/reader035/viewer/2022070416/5681510d550346895dbf2d23/html5/thumbnails/15.jpg)
© 2002 Carnegie Mellon University Module 7: Prelude to a Hack - slide 15
Enumeration DefinedA process of extracting valid account or exported resource names from systems using active connections and directed queries
![Page 16: Information Security for Technical Staff Module 7: Prelude to a Hack](https://reader035.vdocuments.site/reader035/viewer/2022070416/5681510d550346895dbf2d23/html5/thumbnails/16.jpg)
© 2002 Carnegie Mellon University Module 7: Prelude to a Hack - slide 16
EnumerationOperating System Specific Techniques
Types of information enumerated•Network resources and shares
•Users and groups
•Applications and banners
Demo – NMAP
![Page 17: Information Security for Technical Staff Module 7: Prelude to a Hack](https://reader035.vdocuments.site/reader035/viewer/2022070416/5681510d550346895dbf2d23/html5/thumbnails/17.jpg)
© 2002 Carnegie Mellon University Module 7: Prelude to a Hack - slide 17
Windows Enumeration TechniquesResources and Shares•CIFS/SMB and NetBIOS
•Null Sessions
Users and Groups•SNMP
•Security Identifier (SID) & Relative Identifier (RID)
•Active Directory
Applications and Banners
![Page 18: Information Security for Technical Staff Module 7: Prelude to a Hack](https://reader035.vdocuments.site/reader035/viewer/2022070416/5681510d550346895dbf2d23/html5/thumbnails/18.jpg)
© 2002 Carnegie Mellon University Module 7: Prelude to a Hack - slide 18
UNIX Enumeration TechniquesNetwork Resources and Share Enumeration
Users and Group Enumeration
Applications and Banner Enumeration
SNMP Enumeration
![Page 19: Information Security for Technical Staff Module 7: Prelude to a Hack](https://reader035.vdocuments.site/reader035/viewer/2022070416/5681510d550346895dbf2d23/html5/thumbnails/19.jpg)
© 2002 Carnegie Mellon University Module 7: Prelude to a Hack - slide 19
Network Enumeration TechniquesRouting Protocol Enumeration•Border Gateway Protocol (BGP)
•Routing Information Protocol (RIP)
•Open Shortest Path First (OSPF)
![Page 20: Information Security for Technical Staff Module 7: Prelude to a Hack](https://reader035.vdocuments.site/reader035/viewer/2022070416/5681510d550346895dbf2d23/html5/thumbnails/20.jpg)
© 2002 Carnegie Mellon University Module 7: Prelude to a Hack - slide 20
Review Questions1. Define footprinting.
2. List the 4 steps for completing a footprint analysis.
3. Define scanning.
4. What are three objectives of port scanning?
5. Define enumeration.
6. What types of information can be enumerated?
![Page 21: Information Security for Technical Staff Module 7: Prelude to a Hack](https://reader035.vdocuments.site/reader035/viewer/2022070416/5681510d550346895dbf2d23/html5/thumbnails/21.jpg)
© 2002 Carnegie Mellon University Module 7: Prelude to a Hack - slide 21
Summary Footprinting
Scanning
Enumeration