Introduction to ethical hacking

Scenario
Jeffery came across some books that were related to hacking. He was curious to know
about hacking public and private networks. He bought a book related to it from the
nearby bookstore.
Amazed to learn new techniques about hacking, Jeffrey wanted to get hands on. He
visited to local library and plugged his lap top to its network in the pretext of searching
the database of books. Jeffrey wanted to find the vulnerability present in the librarys
network and then show the report to the concerned authorities. co
Jeffrey launched the tools from a CD that was offered with book and discovered lot of
loop holes in the network!
What is wrong with Jeffreys act?
Is his action justified?

Security news
The recently conducted deloitte global security survey reveals that more then 3 quarters
of the worlds top finance groups suffered serious breach of security in the past 1 year, out
of which 78% of the companies suffered security breach from out side and 49% from
within the companies. This 14% increase in security breaches from the previous year has
led to calls for finance companies to stream line their IT security policy to the changing
security landscape.

Module objective
This module introduces you to the subject of ethical hacking. The topics discussed in this
module are as follows
importance of information security in todays world
elements of security
various phases of the hacking cycle
types of hackers attacks
hacktivism
ethical hacking
vulnerability research and tools that assist in the same
steeps for conducting ethical hacking
computer crimes and implications
cyber laws prevailing in various parts around the world it is important to bear in
mind that hackers break in to system for various reasons and purposes. There fore, it
is important to comprehend how malicious hackers exploit systems and the probable
reasons behind the attacks. As sun tzu put it in the art of war, if you know yourself
but not the enemy, for every victory gained, you will also suffer a defeat. It is the
duty of system administrators and network security professionals to guard their

infrastructure against exploits by knowing the enemy the malicious hackers who
seek to use that very in frastructure for illegal activities.
Problem definition-why security
Today organization are increasingly becoming networked ,as information is exchanged at
the speed of thought.Routine task rely on computers for accessing, providing, and
storing information.However,now a companys information assets not only differentiate it
from its competition,but can also mean the difference between profit and loss.
Consequently,there is a sense of urgency to secure these assets from likely threats and
vulnerabilities. The subject of information security is vast, and the objective of this
course is to give participants a comprehensive body of knowledge to help them secure
information assets under their care.
This course assumes that organizational policies endorsed by top-level management are
in place, and that business objectivities and goals related to security have been
incorporated as part of existing corporate strategy. A security policy is the specification
for how objects in a security domain are allowed to interact.As a prelude to the course,
we will briefly highlight the need to address the latest security concern
The importance of security in contemporary information and telecommunications fields
cannot be underestimated. There are myriad reasons for securing ICT (Information and
communication technologies) infrastructure.For our discussion here, we will take a
macro-level view,sincedetailing each and every aspect can be another course in itself.
As computers have evolved, they have transcended their original purpose.
Initially,computers were designed to facilitate research without much emphasis on
security, since these resources, scare at the time, were meant to be shared. With the
permeation of computers has meant that any disruption can mean the loss of time, money
and sometime even the loss of life.
This triggers discussion on the term,vulnerability. In its present context,vulnerability
has been defined as:
1.A security weakness in a target of evaluation (e.g. due to failures in analysis, design,
implementation, or operation.)
2.Weakness in an information system or components (e.g. system security procedures,
hardware design, or internal controls) that could be exploited to produce an information
related misfortune.
3.Vulnerability is the presence of a weakness, design, or implementation error that can
lead to an unexpected and undesirable event compromising the security of the system,
network, application, or protocol involved.
It is important to note the difference between threat and vulnerability. This is because,
inherently, most system have vulnerabilities of some sort.However,this does not mean
that the systems are too flawed to be used.There is one major difference between threat
and vulnerability: every threat does not lead to an attack, and all attacks do not result in
success the factors that result in the success of an attack include the degree of
vulnerability, strength of attack, and the extent to which countermeasures are adopted. If
the attacks required to exploit vulnerability are difficult to carry out, the vulnerability
may be tolerable.

You can let go of certain vulnerabilities that can be easily exploited, but do not provide
much of a challenge for a sophisticated intruder.An intruder is more likely to be
interested in a vulnerability that lead to greater damage. However,if the attacks are well
undertstood and easily made, and if the vulnerable system is utilized by a wide range of
users, then it is likely that there will be enough benefit for a perpetrator to make an
attack.
Logically, the next essential term is attack. The key question is what is being attacked?
The information resource that is being protected and defended against attacks is usually
referred to as the target of evaluation. It has been defined as an IT system, product, or
component that is identified as requiring security evaluation.

An attack has been defined as an assault on system security that originates from an
intelligent threat,e.g.,an intelligent act that is a deliberate attempt ( especially in the
sense of a method or technique) to evade security services and violate the security policy
of a system.
Note that it has been defined as an intelligent act that is a deliberate attempt. Attacks can
be broadly classified as active and passive.

Active attacks are those that modify the target system or message,e.g. attacks that
violate the integrity of the system or message. Example:DoS( denial of service)
attacks that target resources available on a network. Active attacks can affect the
availability,integrity,confidentiality,and authenticity of the system.
Passive attacks are those that violate the confidentiality without affecting the
state of the system.Example: Electronic eavesdropping (collecting confidential
data sent in unencrypted from ).the key word here is confidentiality,which
relates to
preventing the disclosure of information to unauthorized person.

The difference between these categories is that while an active attack attempts to
alter system resources or affect their operation, a passive attack attempts to learn or
make use of information from the system but does not affect system resources. The
figure below show the relation among these terms, and sets for this module.
Attacks can also be categorized as originating from within an organization (inside
attack) or outsider of it.

*An inside attack is initiated from within the physical boundary of a network by an
authorized person. Such an attack is most likely from a disgruntled employee,though
at times, ignorance may also lead to unintentional damage to network resources.
*An outsider attack is caused by an external entity, an intruder who does not have the
privilege to access the enterprise networjk
How does an attack agent (or attacker) take advantage of the vulnerability of the
system?The act of taking advantage of system vulnerability is termed an exploit. An
exploit is a defined way to breach the security of an IT system through its
vulnerability.
What companies a breach of security can very from one company to another or even
from one department to another. Therfor, it is imperative for organization to address
both penetration and protection issues. The scope of this course is limited to the
penetration aspect-ethical hacking. As for protection issues, a company must
address these via its security policies, ensuring that they comply with security audit
requirements. When vulnerability is exploited, it constitutes an finger exposure.
However,not every exposure constitutes vulnerability. Examples are port scanning,
finger, and whois.
Exposure
Exposure is loss to an exploit. Loss includes disclosure, deception, disruption,and
usurpation. Vulnerability is the primary entry point an attacker can use to gain
access to a system or to data. Exposure allows an attacker to collect confidential
information with ease. The attacker can even erase his or her tracks in many such
cases. Certain security issues that are taken for granted can lead to confidential
information being compromised. In contrast, vulnerability allows an attacker to
execute a command as another user, access data contrary to access control lists
(ACLs), pose as another entity, or even conduct denial-of-service attacks.
Essential Terminologies
*Threat
It refers to a situation wherein human (s) or natural occurrences can cause an
undesirable outcome. It has been variously defined in its current context.
*Vulnerability
The presence of a fault, either in the design or implementation phase of a system,
product or component,possibly leading to an unanticipated compromise of security.
Such vulnerability could be exploited to produce an information related misfortune.
*Exploit
A defined way to breach the security of an IT system through vulnerabilities is know
as exploit.

*Target of Evaluation
It is an IT system, product , or component that is identified as requiring security
evaluation.

*Attack
An assault on system security that is derived from an intelligent threat .An attack
produce an action that violates security. Attacks are basically of two types: Active
and passive. They can also be categorized and external depending on their origin.

Elements of security
*security a state of well being of information and infrastructure in which the
possibility of successful yet undetected theft ,tampering ,and disruption of information
and services is kept low or tolerable
Any hacking event will affect any one or more of the essential security elements
Security rests on confidentiality ,authenticity ,integrity ,and availability
*confidentiality the concealment of information orresources
*authenticity -the identification and assurance of the origin of information
*integrity-the trustworthiness of daaor resources in terms of preventing improper and
unauthorized changes
*availability-the ability to use the information or resource desired
Elements of security
Security is the state of well being of information and infrastructure in which the
possibility of successful yet undetected theft, tampering, and isruption of information and
services is kept low or tolerable.
Note that it is not implied that total protection is required, since that is not practically
possible considering that evolution of technology and dynamic system environments. the
network is the computer, a phrase coined by sun microsystems in the mid-eighties is
valid even today.
There are several aspects security in the current context.the owner of a system should
have confidence that the system will behave according to its specificationsthis is termed
assurance system, users, and application need to interact with one another in a
networked environment . identification and authentication are means to ensure security
in such a scenario. System administrators or concerned authorities need to know who ,
when, where and for what purpose system resources have been accessed .an audit trail or
iog files can address this aspect of security termed accountability. Generally, not all
resources are available to all users. This can have strategic implications. Having access
controls on predefined parameters can help achieve security.
Another security aspect, critical at a systems operational level ,is reusability. A process
may not reuse or manipulate objects that another process uses in order to prevent
violation of security. In security parlance, this is also known as availabiiity. Information

and processes need to be accurate in order to derive value from system resources.
Accuracy is a key security element.
The security, functionality, and ease of use triangle
Technology is evolving at unprecedented rate. As a result, new product that
reach the market tend to be engineered for easy-to-use rather than secure
computing. Technology,originally developed for honest research and academic
purpose, has not evolved at the same pace as user profile moreover, during
this evolution; system designer often overlooked the vulnerabilities during the
intended deployment of the system. However, increasing built-in default
security mechanisms means users have to be more competent.
As computers are used for more and more routine activities, it is becoming
increasingly difficult for system administrators and other system professionals
to allocate resources exclusively for securing system . This includes time
needed to check log files, detect vulnerabilities, and apply security update
patches.
Routine activities consume the time available for system administrators,leaving
less time for vigilant administration . There is little time at hand to deploy
measures and secure computing resources on regular and innovative basis .
This has increased the demand for dedicated securing professionals to
constantly monitor and defend ICT (Information and Communication
Technology ) resources .
Originally , to hack meant to possess extraordinary computer skills used to
extend the limits of computer system . Hacking required great proficiency on
the part of the individual . However , today there are automated tools and
codes available on the Internet that make it possible for anyone with a will
and desire to hack and succeed .
Mere compromise of the security of a system does not denote success . There
are websites that insist on taking back the net as well as those who
believe that they are doing all a favor by hosting exploit details . These can
act as a detriment , and can bring down the skills level required to become
a successful hacker .
The ease with which system vulnerabilities can be exploited has increased
while the knowledge curve required to perform such exploits has shortened .
The concept of the elite /super hacker is an illusion . However , the fast
evolving genre of script kiddies is largely comprised of lesser skilled
individuals acquiring second hand knowledge to perform exploits .
One of the main impediments to the growth of security infrastructure lies in
the unwillingness of exploited or compromised victims to report the incident
for fear of losing the goodwill and faith of their employee , customers ,

partner , and /or of losing market share . The trend of information assets
influencing the market has seen more companies think twice before reporting
incidents to law enforcement for fear of bad press and negative publicity .
The increasingly networked environment with companies often having their
website as a single point of contact across geographical boundaries makes it
critical to take countermeasures to prevent any exploits that can result in
loss an important reasons why corporation need to invest in security
measures to protect their information assets .
Case Study
Alan was stranded at Newark airport . He was to attend his friends wedding,
and Continental Airlines just announced the cancellation of his connecting
flight . He decided to purchase a seat on another airline , but the bank of
America Corp ATM just wouldnt work . All seemed wrong with the world , as
the airline staff was using pen and paper to take down new reservations .
They couldnt even confirm availability .
So ,what went wrong ? A worn infamously know as SQL Slammer exploited
a vulnerability found in the SQL Sever 2000 . The spread of the worn
affected the networks across Asia , Europe and North America . The worn
triggered a Distributed Denial of service (DDoS) attack . In this type of attack
, the virus affected computers are redirected to send a huge quantity of
data to a specified address on the network , thus knocking the target
computer off the networke .
What Does A Malicious Hacker Do ?
If we need to apply countermeasures , we need to first understand the anatomy
of an attack . It is necessary to comprehend the step to counter an attavk , once
detected . In general , there are five phases in which an intruder advances an
attack :

Reconnaissance

This is the phase where the attacker gathers information about a

target using active or passive mean

Scanning

In this phase , the attacker begins to actively probe the target for
vulnerabilities that can be exploited

Gaining Access

If vulnerability is detected , the attacker can exploited it to gain access

into the system

Maintaining Access

Once access is gained , the attacker usually maintains access to fulfill

the purpose of his / her entry

Covering Tracks

In this phase , the attacker tries to destroy all evidence of the attack
to evade legal punitive action

Phase 1- Reconnaissance
Reconnaissance refers to the preparatory phase where an attacker gathers as
much information as possible about the target prior to launching the attack .
Also in this phase , the attacker draws on competitive intelligence to learn more
about the target . This phase may also involve network scanning , either external
or internal , without authorization .
This is the phase that allow the potential attacker to strategize his / her attack .
This may take some time as the attacker waits to unearth crucial information .
Part of this reconnaissance may involve social engineering . A social engineer
is a person who smooth talks people into reveling information such as unlisted
phone number , password , and other
sensitive information .
Another reconnaissance technique is dumpster diving . Dumpster diving is the
process of looking through an organizations trash for discarded sensitive
information . Attackers can use the Internet to obtain information such as
employee contact information , business partners , technologies in use and other
critical business knowledge , but dumpster diving may provide them with even
more sensitive information such as username , password , credit card statement ,
bank statement , ATM slip , social security Number , telephone number , check
number and so on .

For example , a Whois database can provide information about Internet addresses
, domain names , and contact . If a potential attacker obtains DNS information
from the registrar , and is able to access it , he can obtain useful information
such as the mapping of domain names to IP addresses , mail servers , and host
information records . It is important that a company has appropriate policies to
protect its information assets , and also provides guidelines to its user of the
same . Building user awareness of the precautions they must take in order to
protect their information assets is critical factor in this context .