Poornima university

Assignment-1Ethical Hacking

Submitted by:Name : Bijay kumar

Roll no : 2015bccx2001

Contents:What is Ethical Hacking?Hacking Methodologies Steps typically make up the hacking process:• Footprinting• Scanning• Enumeration• System hacking

What is Ethical Hacking? Hacking as identifying weakness in computer systems and/or networks and exploiting the weaknesses to gain access. • Ethical hacking is identifying weakness in computer systems and/or computer

networks and coming with counter measures that protect the weaknesses. Ethical hackers must abide by the following rules.

• Get written permission from the owner of the computer system and/or computer network before hacking.

• Protect the privacy of the organization been hacked.• Transparently report all the identified weaknesses in the computer system to the

organization.• Inform hardware and software vendors of the identified weaknesses.An Ethical hacker exposes vulnerabilities in a software to help business owners fix those security holes before a malicious hacker discovers them.

FootprintingFootprinting means that you are using primarily passive methods of gaininginformation from a target prior to performing the later active methods. Typically, we keep interaction with your target to a minimum to avoid detection, thus alerting the target that something is coming in their direction.A myriad of methods are available to perform this task, such as Whois queries, Google searches, job board searches, and discussion groups.

Footprinting Countermeasures•  Configure routers to restrict the responses to footprinting requests

- Configure web servers to avoid information leakage and disable unwanted protocols

- Lock the ports with the suitable fw conf

- Use an IDS that can be configured to refuse suspicious traffic and pick up footprinting patterns

- Evaluate the info before publishing it on the website

- Perform footprinting techniques and remove any sensitive info found

- Prevent search engines from caching a webpage and use anonymous registration services

- Disable directory listings and use split-DNS

ScanningScanning is the phase in which you take the information gleaned from the

footprinting phase and use it to target your attack much more precisely .

The idea here is to act on the information from the prior phase, not to

blunder around without purpose and set off alarms.

Scanning means performing tasks like ping sweeps, port scans, and observations of facilities.

One of the tools you will use is Nmap, which is very useful for this purpose.

Scanning countermeasures• Assess the way that your network firewall and IDS devices handle fragmented IP packets by

using fragtest and fragroute when performing scanning and probing exercises. Some devices crash or fail under conditions in which high volumes of fragmented packets are being processed.

• Ensure that your routing and filtering mechanisms (both firewalls and routers) can't be bypassed using specific source ports or source-routing techniques.

• If you house publicly accessible FTP services, ensure that your firewalls aren't vulnerable to stateful circumvention attacks relating to malformed PORT and PASV commands.

• If a commercial firewall is in use, ensure the following:• The latest service pack is installed.

• Antispoofing rules have been correctly defined, so that the device doesn't accept packets with private spoofed source addresses on its external interfaces.

• Fastmode services aren't used in Check Point Firewall-1 environments.

Enumeration• Enumeration is the systematic probing of a target with the

goal of obtaining user lists, routing tables, and protocols from the system.

• This phase represents a significant shift in your process; it is the initial transition from being on the outside looking in to moving to the inside of the system to gather data.

• Information such as shares, users, groups, applications, protocols, and banners all proved useful in getting to know your target, and this information is carried forward into the attack phase.

Enumeration countermeasures• SNMP

- Remove the SNMP agent or turn off the SNMP service.- If shutting off SNMP is not an option, then change the default public community´s name- Upgrade to SNMP3, which encrypts pw and messages

DNS - Configure all name servers to disallow the DNS zone transfer to the untrusted hosts- Ensure that non-public hostnames are not referenced to IP within the DNS zone files or publicly accessible DNS servers- Provide standard network admin contact details in Network Information Center db to prevent social engineering and war dialling attacksSMTP- Configure SMTP server either to ignore email messages to unknown recipients or to send responses that do not include details of mail relay systems being used and internal IP.- Ignore emails to unknown recipients by configuring SMTP servers

SMB- Disabling SMB 

System Hacking• Once we have completed the first three phases, you can move

into the system hacking phase.• We will recognize that things are getting much more complex

and that the system hacking phase cannot be completed in a single pass.

• It involves a methodical approach that includes cracking passwords, escalating privileges, executing applications, hiding files, covering tracks, concealing evidence, and then pushing into a complex attack.

System hacking countermeasures

PASSWORD POLICIES

• As an ethical hacker, you should show users the importance of securing their passwords. Here are some tips on how to do that:

• Demonstrate how to create secure passwords. Refer to them as passphrases because people tend to take passwords literally and use only words, which can be less secure.

• Use upper- and lowercase letters, special characters, and numbers. Never use only numbers. Such passwords can be cracked quickly.

• Change passwords every 6 to 12 months or immediately if they’re suspected of being compromised. Anything more frequent introduces an inconvenience that serves only to create more vulnerabilities.

• Use variable-length passwords. This trick can throw off attackers because they won’t know the required minimum or maximum length of passwords and must try all password length combinations.

• Don’t use common slang words or words that are in a dictionary.

• Don’t reuse the same password within at least four to five password changes.

• Don’t share passwords. To each his or her own!

Thank you!!