Вы находитесь на странице: 1из 18

Introduction to Ethical Hacking

1.1 Gain knowledge on various hacking terminologies


Exam Focus: Gain knowledge on various hacking terminologies. Objective includes:

Understand the issues plaguing the information security world.

Learn the basic elements of information security.

Understand the security, functionality and ease of use triangle.

Know the 5 stages of ethical hacking.

Understand hactivism and understand the classification of hackers.

Understand who is an ethical hacker.

Gain information on how to become an ethical hacker.

Learn the profile of a typical ethical hacker.

Understand the scope and limitations of ethical hacking.

Information Security
Information security (sometimes shortened to InfoSec) is the practice of protecting an
organization's data from unauthorized access, use, disclosure, disruption, modification, perusal,
inspection, recording or destruction. In short, it is the protection of the availability, privacy, and
integrity of company data and information. All of the information an organization stores, sends,
receives, and refers to must be protected against accidental or deliberate modification and must
be available in a timely fashion.
Employee social security, addresses, company confidential financial data, trade secrets, customer
data, intellectual property, the list is endless. Each of these examples refers to data that must be
protected. The protection of information is not new. What is new, however, is the importance of
protecting the information, and the consequences of not protecting it, or the consequences of
having the security of that information compromised. As more and more of this information is
stored and processed electronically and transmitted across networks or the internet, the risk of
unauthorized access increases and we are presented with growing challenges of how best to
protect our information.
Why protect data?
Would you leave your home for work without locking it? Possibly turning on an alarm for
additional protection? How about your car? When you park it at the mall, do you lock it? Is it
also armed by a security system? Why do you do this? To protect your assets.

Similarly, an organization must protect its asset. An asset is defined as anything of value,
including trademarks, patents, secret recipes, durable goods, data files, competent personnel,
clients, and so on. Every asset has data associated with it, which must be protected.
To fully understand why information security is important, an organization first needs to
understand both the value of information and the consequences of such information being
compromised.
When information is not adequately protected, it may be compromised and this is known as an
information or security breach. The consequences of information security breaches can be
severe. For businesses, a breach usually entails huge financial penalties, expensive law suits, loss
of reputation and business. Organizations must protect against unauthorized disclosure for a
variety of reasons, the most important being: (a) legal and (b) competitive reasons. If poor
security practices allow damage to your systems, you may be subject to criminal or civil legal
proceedings. Negligence to protect your data can comprise your systems, and if third parties are
impacted, there may be even more severe legal issues to deal with.
Security breaches can result in the theft, pilferage, and redistribution of intellectual property,
which in turn may lead to business loss. Botnets can be used to launch various types of Denialof-Service (DoS) and other web-based attacks, which may result in business downtime and
significant loss of revenues. Attackers may steal and sell corporate secrets to competitors,
compromise critical financial information, all of which are a compromise on an organization's
competitive advantage in the market.
Threats to information security
Many people mistakenly believe that the biggest threat to information security comes from
malicious attackers. However, it is far more likely that the biggest risks to information security
comes from less suspicious sources. For example, a threat can be something natural, such as a
flood or earthquake, or it could be accidental, such as a user inadvertently deleting a file,
disgruntled employees, or individuals that have accidentally been granted access to resources
they should not access to.
In order for an organization to protect itself from threats, they first need to understand what
threats they'll be facing in the coming year. With each passing day, these security threats are
becoming more serious and difficult to detect, it is vital for companies to understand what they
can do to best protect their systems and information.
Top challenges for information security

Worms, Viruses, Malware: Continues to be a top challenge, given the many methods to
install malware on systems, including client-side software vulnerabilities. Browsers
remain a top target for vulnerabilities. Vulnerability exploit is at the heart of hacking and
data breaches. These types often rely on vulnerability exploit to infect, particularly clientside and third party applications.

Malicious insiders/ex-employees: Threats are not always from the outside. Statistics show
that up to a fifth of damage comes from desperate and disgruntled employees attempt to
exploit the companies they currently or previously worked for.

Careless/untrained employees: It is estimated that almost half of all the damage caused to
information systems comes from authorized personnel who are either untrained or
incompetent, and will continue to be a threat unless companies take action. Policies,
procedures, training and a little technology can make a world of difference in reducing an
organization's risk to careless insiders.

Infrastructure: Don't discount physical factors such as fire, water, and bad power. They
are a significant threat to information security.

Mobile devices: Mobile devices have become a plague for information security
professionals. There are worms and other malware that specifically target these devices
such as the iPhone worm that would steal banking data and enlist these devices in a
botnet. Thef of laptops is another major issue. Tens of thousands of laptops are stolen
each year and often these have sensitive data that require public disclosure as a data
breach.

Social networking: Social networking sites have a certain element of trust to them which
makes them a breeding ground for a variety of spurious activities such as spam, scams,
scareware and a host of other attacks and these threats will continue to rise. Identity theft
would be a big factor from an information security perspective,

Social engineering: Social engineering is always a popular tool used by cyber criminals
and phishing is still a popular method for doing just that.

Zero day exploits: A zero-day (or zero-hour or day zero) attack or threat is an attack that
exploits a previously unknown vulnerability in a computer application, meaning that the
attack occurs on "day zero" of awareness of the vulnerability. Zero day exploits can be
engineered to take advantage of these file type exploits to compromise attacked systems
or steal confidential data such as banking passwords and personal identity information.

Cyber espionage: Most of these incidents surround government bodies and agencies and
therefore have not been a huge threat to most individual organizations.

Cloud computing: The public nature of data sharing in the cloud and the loss of control
over their data for organizations is a big risk for security. Balancing data sharing with
privacy requirements is a tight rope act.

Basic elements of information security


The following are elements of information security:

Confidentiality: It is required to assure that only authorized users can access the
information. Confidentiality breaches may take place because of improper data handling
or a hacking attempt.

Integrity: It is the trustworthiness of data or resources in the matter of preventing


improper and unauthorized change. For this purpose, the information provided should be
accurate.

Availability: It assures that the systems used for delivering, storing, and processing
information are accessible when needed by the authorized users.

Security, Functionality, and Usability triangle


The strength of the following three components can be used to define the levels of security:

Functionality

Usability

Security

The triangle is used as an increase or decrease in any one of the factors will have an impact on
the presence of the other two. When the security is increased, the ball in the triangle moves away
from the functionalities and ease of use parameters.

Ethical hacking
Ethical hacking is a process by which penetration testing of networks and/or computer systems is
performed by an individual, called an Ethical Hacker. The Ethical Hacker is a person who is
trusted by the organization and uses the same methods and techniques as a Hacker. However,
malicious hacking, often referred as hacking, is a term in which a black hat hacker, sometimes
called a cracker, breaks the computer security without authorization or uses technology (usually a
computer, phone system or network) for malicious reasons, such as vandalism, credit card fraud,
identity theft, piracy, or other types of illegal activity.
Necessity of ethical hacking
Vulnerability testing and security audits only cannot ensure that a network is secure. In order to
ensure the security of networks, a "defense in depth" strategy is required to be implemented by
penetrating into the networks to estimate vulnerabilities and expose them.
Defense in depth is a security strategy in which several protection layers are placed throughout
an information system. It is useful in preventing direct attacks against an information system and
data as break in one layer directs the attacker to the next layer.
Ethical hacking is necessary, since it permits the countering of attacks from malicious hackers by
anticipating methods that can be used to break into a system.
Stages of ethical hacking
There are five stages to ethical hacking:
1. Reconnaissance: In this phase, the attacker collects information regarding the victim.
The following are the types of reconnaissance:
o Passive: It involves gaining information without directly interacting with the
target. For example, searching public records or news releases.
o Active: It involves interacting with the target directly by any means. For example,
telephone calls to the help desk or technical department.
2. Scanning: In this phase, the attacker begins to probe the target for vulnerabilities that can
be exploited. It can include use of dialers, port scanners, network mapping, sweeping,
vulnerability scanners, etc. Attackers extract information, such as computer names, IP
address, and user accounts to launch attack.
3. Gaining Access: In this phase, the attacker exploits a vulnerability to gain access into the
system.
4. Maintaining Access: In this phase, the attacker maintains access to fulfill his purpose of
entering into the network.
5. Covering Tracks: In this phase, the attacker attempts to cover his tracks so that he
cannot be detected or penalized under criminal law.

The following image demonstrates the phases of malicious hacking:

Who is an ethical hacker?


A hacker is an intelligent individual having excellent computer skills. The hacker has the ability
to create and explore into the computer's software and hardware. Hackers generally have the
intention to gain knowledge to do illegal things. Some hackers have a hobby to find how many
computers or networks they can compromise. Some hackers perform hacking with malicious
intent behind their escapades, such as stealing business data, credit card information, social
security numbers, email passwords, etc.
What do ethical hackers do?
Organizations hire ethical hackers to attack their information systems and networks so that they
can find vulnerabilities and verify that security measures are functioning properly. Ethical
hackers may have the following responsibilities:

Test systems and networks for vulnerabilities.

Break security controls to access sensitive data.

Ethical hackers try to find the following:

What can an intruder see on the target system?

What can an intruder do with that information?

Does anyone at the target notice the intruder's attempt or success?

Skill profile of an ethical hacker

An ethical hacker should have an excellent knowledge of computers and their functioning,
including programming and networking. Since organizations have a variety of operating systems,
such as UNIX, Linux, Windows, and Macintosh, an ethical hacker must be an expert in dealing
with these operating systems. Ethical hackers should also be familiar with a number of hardware
platforms. They should be knowledgeable about security areas and related issues as well.

Phases of ethical hacking

Preparation: In this phase, a formal contract that contains a non-disclosure clause as


well as a legal clause to protect the ethical hacker against any prosecution that he may
face during the conduct phase is signed. The contract also outlines the infrastructure
perimeter, evaluation activities, time schedules, and resources available to the ethical
hacker.

Conduct security evaluation: In this phase, the evaluation technical report is prepared
based on testing potential vulnerabilities.

Conclusion: In this phase, the results of the evaluation are communicated to the
organization and corrective action is taken if needed.

Scope and limitations of ethical hacking


Ethical hacking is considered as a crucial component of risk assessment, auditing, counter fraud,
best practices, and good governance. It is used to identify risks and highlight the remedial
actions. It resolves the vulnerabilities by reducing Information and Communications Technology
(ICT) costs.
However, there are chances that you will not gain much by hiring the hacker unless the
businesses first know what it is they are searching for and why they are hiring an outside hacker
to hack systems in the first place. An ethical hacker can support the organization in better
understanding their security system, but it is the responsibility of the organization to place the
right guards on the network.
Hacktivism (hactivism)
Hacktivism is the act of hacking or breaking into a computer system for a politically or socially
motivated purpose. The person who performs the act of hacktivism is known as a hacktivist. A
hacktivist uses the same tools and techniques as those used by a hacker. However, a hacktivist
attacks government organizations and agencies, international economic organizations, and any
other entities that the hacktivist defines as a cause of social and economic inequities.
General classes of ethical hackers
Hackers are categorized into the following classes:

Black hat hackers (crackers): They are computer specialists. They perform malicious
attacks on information systems by using their hacking skills.

Gray hat hackers: They sometimes do not break laws and try to defend a network. They
sometimes act as black hat hackers.

White hat hackers (ethical hackers): They have excellent computer skills and secure
information systems by using their knowledge.

Security providing organizations: Some organizations and communities also provide


security to information systems.

1.2 Understand the different types and implications of hacker attacks


Exam Focus: Understand the different types and implications of hacker attacks. Objective
includes:

Understand vulnerability research and list the various vulnerability research tools.

Learn the different ways an ethical hacker tests a target network.

Understand penetration testing and the various methodologies used.

Hacking terminology
Before we dive into the discussion on types and implications of hacker attacks, let's familiarize
ourselves over common hacking terminologies.

Backdoor: A backdoor is a program or account that permits access to a system by


skipping the security checks. Many vendors and developers implement backdoors by
skipping the security checks while troubleshooting. This saves their time and efforts. A
backdoor is considered as a security threat. A backdoor can be used to exploit the system
if it becomes known to attackers and malicious users.

Banner grabbing: Banner grabbing is an enumeration technique used to glean


information about computer systems on a network and services running its open ports.
Administrators can use this to take inventory of systems and services on their network.
An intruder, however, can use banner grabbing in order to find network hosts that are
running versions of applications and operating systems with known exploits.

Brute force: In a brute force attack, an attacker uses software that tries a large number of
key combinations in order to get a password. In order to prevent such attacks, users
should create passwords that are more difficult to guess, e.g., using a minimum of six
characters, alphanumeric combinations, and lower-upper case combinations, etc.

Buffer overflow: Buffer overflow is a condition in which an application receives more


data than it is configured to accept. This usually occurs due to programming errors in the
application. A buffer overflow can terminate or crash the application.

DoS attack: A Denial of Service (DoS) attack is mounted with the objective of causing a
negative impact on the performance of a computer or network. It is also known as a
network saturation attack or bandwidth consumption attack.

DDoS attack: In a Distributed Denial of Service (DDOS) attack, an attacker uses


previously infected computers throughout the network. Such computers act as zombies
and work together to send out bogus messages, thereby increasing the amount of phony
traffic.

Logic bomb: A logic bomb is a malicious program that executes when a predetermined
event occurs. For example, a logic bomb can execute when a user logs on to a computer
or presses certain keys on the keyboard. It can also execute on a particular date or at a
time specified by the developers.

Port Redirection: It is the process of redirecting network traffic from one IP address /
port to another IP address / port.

Session hijacking: Session hijacking refers to the exploitation of a valid computer


session to gain unauthorized access to information or services in a computer system.

Spoofing: Spoofing is a technique that makes a transmission appear to have come from
an authentic source by forging the IP address, email address, caller ID, etc.

Trojan: A Trojan horse is a malicious software program code that masquerades itself as a
normal program. When a Trojan horse program is run, its hidden code runs to destroy or
scramble data on the hard disk.

Virus: A virus is an executable file that infects documents, has replacing ability, and
avoids detection. Viruses are designed to corrupt or delete data files from the hard disk.

Worm: A computer worm is a self-replicating malware computer program, which uses a


computer network to send copies of itself to other nodes (computers on the network) and
it may do so without any user intervention.

Types of hacking attacks


There are four types of hacking attacks, which are as follows:

Operating system attacks: In these attacks, the attacker looks for OS related
vulnerabilities and uses those vulnerabilities to gain access to the network. Some of the
OS vulnerabilities are as follows:
o Buffer overflow vulnerabilities
o Bugs in operating system
o Unpatched operating system

Application-level attacks: There are often many software which have poor error
checking. Poor or nonexistent error checking in applications lead to the following:
o Buffer overflow attacks
o Active content
o Cross-site scripting
o Denial of service and SYN attacks

o SQL injection attacks


o Malicious bots
Other application-level attacks are as follows:
o Phishing
o Session hijacking
o Man-in-the-middle attack
o Parameter/form tampering
o Directory traversal attacks

Shrink wrap code attack: When a user installs an OS/application, it comes with many
sample scripts for administrative tasks. Often, these scripts are not customized, which
leads to default code or shrink wrap code attacks.

Misconfiguration attack: If an operating system is not correctly configured, it can be


hacked easily. Often, network administrators do not have necessary skills to solve
configuration related problems; hence, in such conditions, misconfiguration attacks can
be performed very easily. Before devices are deployed in the network, the administrators
are expected to change the configuration of the devices. If they do not change the
configuration of device, default settings will be used to attack the system. Any redundant
services or software should be removed to optimize the configuration of the machine

Vulnerability research
Vulnerability research is the process used to discover vulnerabilities and design flaws that may
lead to an attack on or misuse of an operating system and its applications. Vulnerabilities are
classified depending on severity level (low, medium, or high) and exploit range (local or remote).
An administrator needs vulnerability research for the following purposes:

Identify and correct network vulnerabilities.

Collect information about viruses.

Find weaknesses, and alert the network administrator before a network attack.

Protect the network from being attacked by intruders.

Get information that helps to prevent the security problems.

Know how to recover from a network attack.

Vulnerability research tools


Here are some examples of various vulnerability research tools currently available in the market:

CodeRed Center

Hackerstorm Vulnerability Database Tool

SecurityTracker

HackerWatch

Symantec

SecurityFocus

TechNet

Security Magazine

SC Magazine

Help Net Security

Computerworld

CNET Blogs

Techworld

Security Watch

HackerJournals

Windows Security Blogs

The following are some important vulnerability research tools:

CodeRed Center: It is a comprehensive security that security administrators can use for
daily, accurate, up-to-date information on the latest viruses, Trojans, malware, threats,
security tools, risks, and vulnerabilities.

SecurityTracker: It provides information on security vulnerabilities.

HackerWatch: It is a utility built into McAffee's Personal Firewall software. When a


user of that software sees a hacker trying to scan ports, HackerWatch makes a note of it
and permits everyone to see. The site also exhibits the ports that are currently most used,
so ethical hackers ensure that those ports are secure.

SecurityFocus: It is used to provide information on security vulnerabilities.

SC Magazine: It is a print and online magazine that specializes in IT security.

Categories of computer crimes


Computer crimes can be broadly classified into two categories:
1. Crimes facilitated by a computer: A computer-facilitated crime takes place when a
computer is used as a tool for criminal activities. This can include the following:
o Storing records of fraud
o Producing false identification
o Reproducing and distributing copyright material
o Collecting and distributing child pornography
2. Crimes where the computer is the target: Crimes where computers are the targets are
not the same as traditional types of crimes. Sophisticated technology has made it more
difficult to answer queries about identification of the criminal, nature of the crime,
identity of the victim, location or jurisdiction of the crime and other details. Hence, in an
electronic or digital environment, evidence has to be gathered and handled differently
than it has been handled in the traditional crime scene.
Penetration tests
A penetration test (also known as a Pen-test) is a method used to evaluate the security of a
computer system or network. It simulates an attack from a malicious source, known as a black
hat hacker, or cracker. In penetration test, an active analysis of the system is done for potential
vulnerabilities that may appear due to the following:

Poor or improper system configuration

Known and/or unknown hardware or software flaws

Operational weaknesses in process

This analysis is performed from the position of a potential attacker, and can include active
exploitation of security vulnerabilities. The security issues together with an assessment of their
impact and often with a proposal for mitigation or a technical solution will be presented to the
system owner. The intent of a penetration test is to determine feasibility of an attack and the
amount of business impact of a successful exploit, if discovered. It is a component of a full
security audit.
Need for penetration testing
Attackers are always looking for opportunities to penetrate systems. They employ any number of
automated tools and network attacks looking for holes in your system. Most hackers use well
known attacks and exploits, which are entirely preventable. Penetration testing provides IT
management with a view of their network from a malicious point of view. The goal is that the
penetration tester will find ways into the network so that they can be fixed before someone with
less than honorable intentions discovers the same holes.
Penetration testing:

Identifies threats that an organization's information assets could face.

Assures an organization that a thorough and comprehensive assessment of organizational


security covering policy, procedure, design, and implementation will be done.

Helps an organization gain and maintains certification to an industry regulation.

Helps an organization adopt best practices to conform to legal and industry regulations

Focuses on high security vulnerabilities. Application-level security issues are delegated to


development teams

Provides a comprehensive approach of preparation steps in order to prevent upcoming


exploitation.

Evaluates the efficiency of network security devices, such as firewalls, routers, and web
servers.

Reduces an organization's IT security costs and identifies and resolves vulnerabilities to


provide a better return on security investment (ROSI).

Types of penetration tests


1. Information gathering
2. Vulnerability analysis

3. External penetration testing


4. Internal network penetration testing
5. Router and switches penetration testing
6. Firewall penetration testing
7. IDS penetration testing
8. Wireless network penetration testing
9. Denial of service penetration testing
10. Password cracking penetration testing
11. Social engineering penetration testing
12. Stolen laptop, PDAs, and cell phones penetration testing
13. Application penetration testing
14. Physical security penetration testing
15. Database penetration testing
16. VoIP penetration testing
17. VPN penetration testing
18. War dialing
19. Virus and Trojan detection
20. Log management penetration testing
21. File integrity checking
22. Bluetooth and hand-held device penetration testing
23. Communication system penetration testing
24. Email security penetration testing
25. Data leakage penetration testing

Penetration testing methodologies


Penetration testing methodology defines a roadmap with practical ideas and proven practices
which should be handled with great care in order to assess the system security correctly.
Different testing frameworks and methodologies exist to help information security (InfoSec)
professionals to choose the best strategy to conduct a successful penetration test. Here is a list of
the most widely used methodologies.

Whitebox testing is a testing technique in which an organization provides full


knowledge about the infrastructure to the testing team. The information, provided by the
organization, often includes network diagrams, source codes, and IP addressing
information of the infrastructure to be tested. Also known as internal testing, this
approach is less expensive and time consuming than other the black box approach.
Since the tester or auditor (also known as a white-hat) is aware of all the internal and
underlying technologies used by the target environment, it opens a wide gate for them to
view and critically evaluate the security vulnerabilities with minimum possible efforts.
The goal of this approach is to eliminate any internal security issues lying at the target
infrastructure environment, thus, making it more tightened for malicious adversary to
infiltrate from the outside.

Blackbox testing is a technique in which the testing team has no knowledge about the
infrastructure of the organization. This type of testing is also known as external testing.
The testers or auditors (black-hats) must first determine the location and extent of the
systems before commencing their analysis. This testing technique can be expensive and
time consuming.
In this approach, the tester will be assessing the network infrastructure from a remote
location and will not be aware of any internal technologies deployed by the concerning
organization. The tester will employ a number of real world hacker techniques and
following through organized test phases, it may reveal some known and unknown set of
vulnerabilities which may otherwise exist on the network.

Graybox testing is a combination of whitebox testing and blackbox testing. This hybrid
approach, provides a powerful insight for internal and external security viewpoints. It
does require an auditor with limited knowledge of an internal system to choose the best
way to assess its overall security. The tester or auditor (also known as a gray-hat) is
equipped with the knowledge of system and designs test cases or test data based on
system knowledge. The gray-hat typically performs testing to find vulnerabilities in
software and network systems.

Chapter Summary
In this chapter, we learned about elements of information security, top security challenges,
various hacking terminologies and the fundamentals of ethical hacking. We also learned about
the skills required of an ethical hacker, hacktivism, phases of malicious hacking, and types of
hacking attacks. Lastly, we discussed penetration testing and its associated methodologies.
Glossary

Attack
An attack is an action against an information system or network that attempts to violate the
system's security policy.
Authentication
Authentication is the act of establishing or confirming something (or someone) as authentic, i.e.,
claims made by or about the subject are true ("authentification" is a French language variant of
this word).
Authenticity
Authenticity is considered as the characteristic of a communication, document, or any data that
ensures the genuine quality or the quality is not corrupted from the original.
Cracker
A computer expert performing malicious actions
Ethical Hacker
A computer expert securing information
Hacker
A hacker is an intelligent individual having excellent computer skills. The hacker has the ability
to create and explore into the computer's software and hardware.
Hacktivism
Hacktivism is the act of hacking or breaking into a computer system for a politically or socially
motivated purpose.
Non-repudiation
Non-repudiation ensures that a party to a contract or a communication cannot refuse the
authenticity of their signature on a document or the sending of a message that they generated.
Penetration test
A penetration test is a method of evaluating the security of a computer system or network by
simulating an attack from a malicious source, known as a Black Hat Hacker, or Cracker.
Phreaker
A person who breaks a communication system
Script kiddie
A script kiddie is an individual who uses hacking programs developed by others to attack
information systems and spoil Web sites.
Threat
A threat is an indication of a potential undesirable event.

Vulnerability research
Vulnerability research is the process used to discover vulnerabilities and design flaws that will
open an operating system and its applications to attack or misuse.

Вам также может понравиться