Hacking Book 1: Attack Phasesmaui.hawaii.edu/.../Intro-to-Ethical-Hacking.ppt_.pdfConducting Ethical Hacking Each ethical hacking assignment has six basic steps: Talk with the client

Hacking Book 1: Attack Phases

Chapter 1: Introduction to Ethical Hacking

Copyright © by EC-Council Press All rights reserved. Reproduction is strictly prohibited

Objectives

◉ Understand the importance of information security in today’s world

◉ Understand the elements of security◉ Identify the phases of the hacking cycle◉ Identify the different types of hacker attacks◉ Understand hacktivism


Objectives (cont’d.)

◉ Understand ethical hacking◉ Understand vulnerability research and identify tools

assisting in vulnerability research◉ Identify steps for conducting ethical hacking◉ Understand computer crimes and implications


Case Example

◉ Jeffrey, a 10th-grade student, loves reading any book◉ One day, he found a book titled Basics of Hacking

◉ Having always wondered how hacking works, he immediately started reading

◉ After reading the book, Jeffrey was eager to put some of his new knowledge into practice

◉ Jeffrey launched the tools from a CD that was offered with the book and discovered plenty of loopholes in the network◉ Is anything wrong with Jeffrey’s actions?◉ Are his actions justified?


Introduction to Ethical Hacking

◉ Hackers have various motivations for breaking into secure systems

◉ Duty of system administrators and network security professionals◉ To guard their infrastructure against exploits by

knowing the enemies who seek to use the same infrastructure for their own purposes

◉ One of the best ways to do this is to hire an ethical hacker◉ Someone who has all of the skills of a malicious

hacker, but is on the client’s side


Importance of Security

◉ Today, almost every company is becoming completely networked, exchanging information almost instantly◉ Of utmost importance to secure these assets from

outside threats◉ Security policy

◉ Specification for how objects in a security domain are allowed to interact

◉ There is an increased dependency on computers◉ Any disruption in their operation or integrity can

mean the loss of time, the loss of money, and sometimes even the loss of life


Threats and Vulnerabilities

◉ Vulnerability◉ Weakness in a defined asset that could be taken

advantage of or exploited by some threat◉ Threat

◉ Action or event that might compromise security◉ Every vulnerability does not lead to an attack, and all

attacks do not result in success◉ Factors that result in the success of an attack include

the degree of vulnerability, the strength of the attack, and the extent to which countermeasures are adopted


Attacks

◉ Target of evaluation◉ Information resource or asset that is being protected

from attacks◉ Attack

◉ Deliberate assault on that system’s security◉ Attacks can be broadly classified as active and

passive◉ Attacks can also be categorized as inside or outside

attacks


Security Breaches

◉ Exploit◉ Specific way to breach the security of an IT system

through a vulnerability◉ Exposure

◉ What comprises a breach of security◉ Can vary from one company to another, or even from

one department to another◉ Imperative for organizations to address both

penetration and protection issues


Exposure

◉ Exposure◉ Loss due to an exploit◉ Examples of loss include disclosure, deception,

disruption, and usurpation◉ Vulnerability is the primary entry point an attacker

can use to gain access to a system or to its data◉ Once the system is exposed, an attacker can collect

confidential information with relative ease, and usually erase his or her tracks afterwards


Elements of Security

◉ Security: state of well-being of a system’s data and infrastructure

◉ Assurance◉ Confidence that the system will behave according to

its specifications◉ Accountability

◉ System administrators or concerned authorities need to be able to know by whom, when, how and why system resources have been accessed

◉ Reusability or availability◉ Generally, not all resources are available to all users


The Security, Functionality, and Ease of Use Triangle

Figure 1-1 Moving toward security means moving away from functionality and ease of use.


The Growth of Hacking

◉ Originally, hacking required extraordinary computer skills to go beyond the intended uses of computer systems◉ Today there are automated tools and codes available

on the Internet that make it possible for almost anyone to successfully hack a system

◉ A victim will often keep the attack secret in order to save face◉ Even in the event of a devastating compromise


Phases of an Attack

◉ In general, there are five phases that make up an attack:◉ Reconnaissance◉ Scanning◉ Gaining access◉ Maintaining access◉ Covering tracks


Phase 1—Reconnaissance

◉ Reconnaissance ◉ Preparatory phase where an attacker gathers as much

information as possible about the target prior to launching the attack

◉ Reconnaissance types◉ Passive: attacker does not interact with the system

directly◉ Active: attacker interacts with the target system by

using tools to detect open ports, accessible hosts, router locations, network mapping, details of operating systems, and applications


Phase 2—Scanning

◉ Attacker uses the details gathered during reconnaissance to identify specific vulnerabilities

◉ An attacker can gather critical network information, such as the mapping of systems, routers, and firewalls◉ By using simple tools such as the standard Windows

utility Traceroute◉ Port scanners can be used to detect listening ports to

find information about the nature of services running on the target machine

◉ Vulnerability scanners: most commonly used tools


Phase 3—Gaining Access

◉ Gaining access◉ Where most of the damage is usually done, yet

hackers can cause plenty of damage without gaining any access to the system

◉ Access can be gained locally, offline, over a LAN, or over the Internet

◉ A hacker’s chances of gaining access into a target system are influenced by factors such as:◉ Architecture and configuration of the target system◉ Skill level of the perpetrator◉ Initial level of access obtained


Phase 4—Maintaining Access

◉ Attackers, who choose to remain undetected◉ Remove evidence of their entry◉ Install a backdoor or a Trojan to gain repeat access◉ Install rootkits at the kernel level to gain full

administrator access to the target compute◉ Hackers can use Trojans to transfer user names,

passwords, and any other information stored on the system

◉ Organizations can use intrusion detection systems or deploy traps known as honeypots and honeynets to detect intruders


Phase 5—Covering Tracks

◉ Attackers will usually attempt to erase all evidence of their actions

◉ Trojans such as ps or netcat are often used to erase the attacker’s activities from the system’s log files

◉ Steganography◉ Process of hiding data in other data, for instance

image and sound files◉ Tunneling

◉ Takes advantage of the transmission protocol by carrying one protocol over another


Types of Hacker Attacks

◉ Operating system attacks◉ Today’s operating systems contain many features,

making them increasingly complex◉ Application-level attacks

◉ Software developers often do not have time to completely test their products before shipping them

◉ Shrink-wrap code attacks◉ Software developers will often use free libraries and

code licensed from other sources in their programs◉ If vulnerabilities in that code are discovered, many

pieces of software are at risk

◉ Misconfiguration attacks


Hacktivism

◉ Hacktivism◉ When hackers break into government or corporate

computer systems as an act of protest◉ Hacker classes

◉ Black hats◉ White hats◉ Gray hat◉ Suicide hackers


Ethical Hackers

◉ Ethical hackers◉ Information security professionals who specialize in

evaluating and defending against threats from attackers

◉ Possess excellent computer skills and are committed to using those skills in protecting the integrity of computer systems rather than hurting them

◉ Ethical hackers categories:◉ Former black hats◉ White hats◉ Consulting firms


What Do Ethical Hackers Do?

◉ Ethical hacker’s evaluation of a client’s information system security seeks answers to three basic questions:◉ What can an attacker see on the target system?◉ What can an intruder do with that information?◉ Are the attackers’ attempts being noticed on the target

systems?◉ Ethical hacker must also remember to convey to the

client that that it is never possible to guard systems completely◉ However, they can always be improved


Can Hacking Be Ethical?

◉ Today, the term hacking is closely associated with illegal and unethical activities

◉ Most companies use IT professionals to audit their systems for known vulnerabilities

◉ Ethical hackers usually employ the same tools and techniques as attackers◉ With the important exception that once access is

gained, no damage is done◉ Important distinction between ethical hackers and

crackers is consent


Skills of an Ethical Hacker

◉ Ethical hackers must be computer experts◉ Must have a strong grasp on programming and

networking◉ Should be comfortable with installing and

maintaining systems using all popular Oss◉ Ethical hackers must possess detailed knowledge of

both hardware and software◉ Any ethical hacker must have plenty of patience


What Is Vulnerability Research?

◉ Vulnerability research includes:◉ Discovering system design faults and weaknesses that

might allow attackers to compromise a system◉ Keeping informed of new products and technologies

in order to find news related to current exploits◉ Checking underground hacking Web sites for newly

discovered vulnerabilities and exploits◉ Checking newly released alerts regarding relevant

innovations and product improvements for security systems


Why Hackers Need Vulnerability Research◉ Reasons:

◉ To identify and correct network vulnerabilities◉ To protect the network from being attacked◉ To get information that helps to prevent security

issues◉ To gather information about viruses and malware◉ To find weaknesses in the network and to alert the

network administrator before a network attack◉ To know how to recover from a network attack


Vulnerability Research Web Sites

◉ Web sites include:◉ US-CERT (http://www.us-cert.gov)◉ National Vulnerability Database (http://nvd.nist.gov)◉ Securitytracker (http://www.securitytracker.com)◉ SecuriTeam (http://www.securiteam.com)◉ Secunia (http://www.secunia.com)◉ HackerWatch (http://www.hackerwatch.org)◉ SecurityFocus (http://www.securityfocus.com)◉ SCMagazine (http://www.scmagazine.com)◉ Milw0rm (http://www.milw0rm.com)


Conducting Ethical Hacking

◉ Each ethical hacking assignment has six basic steps:◉ Talk with the client about the importance of security

and the necessity of testing◉ Prepare NDA (nondisclosure agreement) documents

and have the client sign them◉ Prepare an ethical hacking team and create a schedule

for testing◉ Conduct the test◉ Analyze the results and prepare the report◉ Deliver the report to the client


How Do They Go About It?

◉ Security testing involves three phases: preparation, conduct, and conclusion

◉ After discussing security issues with the client, a formal contract should be drawn up that contains ◉ NDA, to protect the client’s confidential data◉ Clause stating that the ethical hacker has full consent

of the client to hack into their systems◉ Conduct phase

◉ Two most common approaches:◉ Limited vulnerability analysis◉ Attack and penetration testing


How Do They Go About It? (cont’d.)

◉ The needs of the client◉ Clients will often prefer a limited vulnerability

analysis because they do not want to lose any data or risk any unintended damage

◉ While conducting an evaluation, ethical hackers may come across security holes that cannot be fixed within the predetermined time frame◉ Client should be warned of this

◉ Final phase is the conclusion phase◉ Report is prepared for the client


Ethical Hacking Testing

◉ Approaches fall into one of three categories: white box testing, black box testing, and gray box testing

◉ Black box testing◉ Ethical hacker is given no prior knowledge or

information about a system◉ White box testing

◉ Ethical hacker is given full advance knowledge of the system

◉ Choosing a testing method◉ Debate continues over whether black box testing or

white box testing is more beneficial◉ Also consider monetary resources and time factors


Ethical Hacking Deliverables

◉ In the conclusion phase, the ethical hacker creates a detailed report for the client◉ Analyzing the possibility and impact of hacking

◉ Vulnerabilities that were detected are explained in detail◉ Along with specific recommendations to patch them

in order to bring about a permanent security solution◉ Client may also solicit the participation of its

employees by asking them for suggestions or observations during the course of the evaluation

◉ Final report should be delivered only in a hard copy


Computer Crimes and Implications

◉ Computer crimes can be separated into two categories:◉ Crimes facilitated by use of a computer◉ Crimes where the computer is the target

◉ Cyber Security Enhancement Act 2002 allows life sentences for hackers who recklessly endanger the lives of others

◉ For more information, visit the United States Department of Justice’s Cyber Crime and Intellectual Property section at http://www.cybercrime.gov


Case Example Revisited

◉ Were the actions of Jeffrey, our 10th-grade computer prodigy, legal or ethical?

◉ The answer is, while his intentions were honest and innocent, it must be considered unethical

◉ The key difference between Jeffrey and an ethical hacker is that the ethical hacker always obtains written permission before attempting to access any system through unauthorized means


Summary

◉ The importance of security in any network is often underestimated

◉ Ethical hacking simulates a malicious attack without trying to cause damage

◉ Hacking involves five distinct phases: reconnaissance, scanning, gaining access, maintaining access, and clearing tracks


Summary (cont’d.)

◉ Vulnerability research can be done via several Web sites

◉ Security testing involves three phases: preparation, conduct, and conclusion

◉ Cyber crime is underreported, but taken very seriously when it is

Documents

Hacking Book 1: Attack Phasesmaui.hawaii.edu/.../Intro-to-Ethical-Hacking.ppt_.pdfConducting Ethical Hacking Each ethical hacking assignment has six basic steps: Talk with the client