01 Hacking Network Security PDF

Hacking - Network Security
Introduction
0. introduction
Hacking
Information Security
A practical course in Ethical Hacking
Thomas Kemmerich BaSoTi 2016 - Tallinn 1

Introduction
0. introduction
Thomas Kemmerich, PHD

Associated Professor
NTNU i Gjøvik
Norway
E-mail: thomas.kemmerich@ntnu.no
Tel. +47 611 35229
Teaching: 
Computer Networks, Network Security, Computer Forensics 
and Ethical Hacking
Research: 
Networks, Cloud Security and Digital Forensic Readiness
2
01-Hacking-Network-Security - 25 July 2016
Introduction
0. introduction
CCIS:
Center for Cyber and Information Security
Opening Conference 15. August 2014 in Gjøvik
20 Professor only for Information Security

up to 35 PhD Students
biggest centre for Cyber and Information Security in Europe

Introduction
0. introduction
4
Introduction
0. introduction
CCIS:
Center for Cyber and Information Security
Opening Conference 15. August 2014 in Gjøvik
20 Professor only for Information Security

up to 50 PhD Students
biggest centre for cyber crime and Information Security in Europe
COINS: 
School of Computer and Information Security
PhD-Program is part of CCIS

Introduction
0. introduction
6
Introduction
y
0. introduction
ri t
c u
S e
o n
t i
a
r m
f o
I n

Introduction
0. introduction
n g
k i
a c
l H
c a
h i
E t
8
Introduction
0. introduction
Who has experience in Hacking?

What was the intention do do it?
Which tools did you use?

What where the results?
‘This slides are produced according to the lecture ‘Ethical Hacking!’ from Lasse Øverlier, Høgskolen i Gjøvik

Introduction
0. introduction
General Behaviour (Ethics)

• usage of knowledge and tools only for GOOD
• usage of knowledge and tools only:
with your own systems and networks 
or
with systems and networks you are allowed to
investigate, proofed by a written agreement
Do only things you understand!!

Don’t use your knowledge or tools just for fun!!
‘This slides are produced according to the lecture ‘Ethical Hacking!’ from Lasse Øverlier, Høgskolen i Gjøvik
10
Introduction
0. introduction
By default:
• “Ethical Hacking” is Hacking (Pentesting)
• “Unethical Hacking” is Cracking
This is very often mixed
11

Introduction
0. introduction
Literature:
• The Basics of Hacking and Penetration

Testing 
Ethical Hacking and Penetration Testing Made Easy 
Patrick Engebretson, Elsevier, 2011
• Web Penetration Testing with Kali Linux 

Joseph Muniz, Aamir Lakhani 
http://it-ebooks.info/book/3000/
• Gray Hat Hacking- The Ethical Hacker's
Handbook, 4th Edition, 2015, Regaldo et al.
12
Introduction
0. introduction
Literature:
• Kali Linux 
www.kali.org
• aircrack 
http://www.aircrack-ng.org/
• kismet 
http://www.kismetwireless.net/documentation.shtml
• nmap 
http://nmap.org/book/man.html
13

Introduction
0. introduction
Course Structure:
• Lectures of the theoretical aspects

• Practical Hacking 
- planning 
- hacking exercise 
- documentation
• Discussion about the process 
14
Introduction
0. introduction
Course Exams:
• Part 1: Planing Report

• Part 2: Hacking Report
• Part 3: Written Exam 
15

Introduction
0. introduction
Pactical Pentesting:
• working in groups of five students

• writing your plan and report group wise
• cooperation between groups: YES 
same plan and report (wording)  
in different groups: No == F
• sending the plan or report after deadline will not be
accepted
16
Introduction
0. introduction
Exam:
1. Part:
Plan and Report of your Hacking experiment here in this
course: 
- Plan  
What is the goal of your pen testing 
How will you reach the goal  1-2 pages
Step by step plan including a rough timeline 
(here are not only technical aspects relevant)
Delivery date: 04.08.2016, 0:00 by email

thomas.kemmerich@ntnu.no
33,3% of the grade
17

Introduction
0. introduction
Exam:
2. Part:
Plan and Report of your Hacking experiment here in this
course: 
- Report  
What did you do?  
What kind of difficulties did appear?  max. 2-3 pages
Results of each step 
Overall description of the Pentest 
What would you improve next time?
Delivery date: 06.8.2016, 0:00 by email
thomas.kemmerich@hig.no
33,3% of the grade
18
Introduction
0. introduction
Exam:
3. Part:
- Written exam:
3-4 questions about the concepts of ‘Ethical Hacking’
Sunday, 8. of August 
33,3% of the grade

19

Introduction
0. introduction
Information Security Basics

• (Data) Confidentiality: 
The property that information is not made available  
or disclosed to unauthorized individuals, entities,  
or processes [i.e., to any unauthorized system entity].
• (Data) Integrity: 
The property that data has not been changed,  
destroyed, or lost in an unauthorized or  
accidental manner.
• Availability: 
from Basel Katt, NTNU, Norway
The property of a system or a system resource  
being accessible and usable upon demand by an authorized
system entity, according to performance specifications for the
system; i.e., a system is available if it provides services according
to the system design whenever users request them.
20
Introduction
0. introduction

Terminology based on RFC 2828
• Vulnerability:  
A flaw or weakness in a system's design,
implementation, or operation and management that
could be exploited to violate the system's security
policy.
• Threat: 
A potential for violation of security, which exists when
there is a circumstance, capability, action, or event
that could breach security and cause harm. I.e., a
threat is a possible danger that might exploit a
vulnerability.
21

Introduction
0. introduction

• Attack:  
An assault on the system that derives form an
intelligent threat i.e., an intelligent act that is deliberate
attempt to evade security services and violate the
security policy of a system.
• Risk:  
An expectation of loss expressed as the probability
that a particular threat will exploit a particular
vulnerability with a particular harmful result.
22
Introduction
0. introduction

• Adversary:  
An entity that attacks, or is a threat to a system
• Countermeasure:  
An action, device, procedure, technique that reduces a threat, a
vulnerability, or an attack by eliminating or preventing it, by
minimizing the harm it can cause, or by discovering and reporting it
so that corrective action can be taken.
• System resource (asset):  
Data contained in an information system, or a service provided by
the system, or a system capability, such as processing power or
communication bandwidth, or an item of system equipment, or a
facility that houses system operations and equipment.
23

Introduction
0. introduction
Why do we learn Hacking?

• Understand the: 
- methodology 
- goals 
- tactics 
- skills 
- tools 
of the enemies
24
Introduction
0. introduction
Why do we learn Hacking?

We must know how an attack looks/feels
like to detect it and to defend!
We need to know the vulnerabilities of our

systems and networks
• locate bugs and configuration flaws
• find access points for social engineering
• critical behaviour of users and administrators
25

Introduction
0. introduction
Pentesting
• Pentesting is a subset of ethical hacking
• Clear strategic measures to check systems and
networks
• Tools
• Exploiting Systems
• Development of own tools
• Vulnerabilities in new code (Software Security)
• Standard user accounts
26
Introduction
0. introduction
Pentesting
"Penetration testing can be defined as a legal and
authorized attempt to locate and successfully exploit
computer systems for the purpose of making those
systems more secure."
"A vulnerability assessment is the process of reviewing

services and systems for potential security issues,
whereas a penetrations test actually performs exploitation
and POC (proof of concept) attacks to prove that a
security issue exists."
27
!
Introduction
Ha t
0. introduction
Types of Pentester/Hacker/Chracker
h i t e
White Hat: good, a hero, focussing on securing and
protecting IT-Systems and Networks
a W
ay s
Black Hat: bad guy, breaking into networks and IT-
Systems to steel, manipulate data and/or implant malware
a l w
e
Gray Hat: sometimes good but sometimes bad. Unclear
B
skills lead to a criminal behaviour.
28
Introduction
0. introduction
Types of Testing
White box testing: access to all information incl.
network diagrams, IT-Systems, versions of SW etc.
Black box testing: no knowledge about anything
Gray box testing: simulate an attack that could be carried

out by an disgruntled, disaffected staff member
29

Introduction
0. introduction
Access to the Systems:

Remote via Network Access (Internet):
• Login services (VPNs, SSH, telecommuter, …)
• Web-Applications
• Wireless access
• Remote Dial-In
Local:
• Internal users / visitors (contract workers)
• Physical access to the infrastructure
• Wireless access
• social Engineering
30
Introduction
0. introduction
Software Security:
How much sheets

of paper do I need
to print out the
code of Android
OS, 8pt?
31

Introduction
0. introduction
Typical Attack/Pentest Phases
• Reconnaissance
• Scanning
• Exploitation 
- Privilege escalation
• Maintaining access
• Covering tracks and hiding
• Documentation
32
Introduction
0. introduction
Reconnaissance
33

Introduction
0. introduction
Reconnaissance
• Locate the target you want to penetrate
• Gather all available information: 
- IP-Addresses 
- Users 
- Servers  Web research
- Services 
- E-mails  Social Engineering
- locations 
- persons  Hidden investigation
- … 
Avoid direct contact with the target (scanning etc.)
34
Introduction
0. introduction
Ethical Hacking*
Reconnaissance - What are we interested in?

• Get an overview of the target 
With only normal usage of network resources
• Make internal pentesting infrastructure Preparation  
– lab – notes – report forms
• Setting the ground rules for testing  
Rules of engagement, contracts, ...
• Methodologies
• Document all steps and write a report (form) 
 
35

Introduction
0. introduction
Ethical Hacking*
Reconnaissance - What are we interested in?

• Get an overview of the target 
With only normal usage of network resources
• Make internal pentesting infrastructure Preparation  
– lab – notes – report forms
• Setting the ground rules for testing  
Rules of engagement, contracts, ...
• Methodologies
• Document all steps and write a report (form) 
 
36
Introduction
0. introduction
Ethical Hacking*
I. Exercise: groups of 5 student
• You shall conduct a penetration test for a dedicated

WLAN setup for this BaSoTi course
• It is a blackbox test
• Describe all tasks and steps before you are
doing any test!
• Develop a form for the report
• What else do you need for the preparation
—> Make a short presentation of your plan
37

Introduction
0. introduction
Ethical Hacking*
I. Exercise:
• You should use:

 
 
The Open Source Security Testing Methodology Manual
(http://www.isecom.org/research/osstmm.html)
38
Introduction
0. introduction
Ethical Hacking*
I. Exercise: groups of 5 student
• Define the target

• Develop an attack strategy 
- methodology? 
- how could you be undetected? 
- how to cover tracks?
• Define the tools you want to use
• Define the form of documentation
—> send the report by mail latest: 04. August, 0:00 pm 
(include the names of the group members!!!)
39

Introduction
0. introduction
Ib. Exercise:
• Install Kali Linux in a virtual machine (virtual box or VM),

if not done yet (one installation per group)
• Start aircrack to monitor the air 
use e.g. kismet to find out the SSID of the target network
• Find out the WPA pass phrase to connect to the WLAN
confirm with me that you

connect to the right network!
40
Introduction
0. introduction
Next Lecture!
41

Introduction
0. introduction
Simple Reconnaissance
• Social Engineering
• Caller ID spoofing
• Physical break in
• Dumpster Diving
42
Introduction
0. introduction
Social Engineering
43

Introduction
0. introduction
Reconnaissance - Human interaction

Exploiting the weaknesses of the human element  
(in information systems)
• By telephone: 
Call support, “manager” calling lower employee, sysadmin
calling —> remote access number / credentials
• Gaining trust
• Need of help (being helpless)
• Being very confident
44
Introduction
0. introduction
Reconnaissance - Caller ID spoofing

• Internal number seems to be trustable
• Setting up voice mailboxes 
—> leave messages to an internal number
• Spoofing same caller ID as target 
—> often gains full access to voice mail or caller ID is  
password to voice mail box
Caller ID spoofing is simple using the most VoIP provider
45

Introduction
0. introduction
Reconnaissance - Physical Break In

• Join a group of employees
• Visiting but not leaving (no badges required in the company)
• No screensaver with lock
• Information collection  
(post-it, USB-sticks, CD/DVD, Laptop, external HD, PCs
• leave access HW
• Backdoor opportunities 
(unprotected network access (ports), computer rooms, …
• fired employees are not hindered to access the company
46
Introduction
0. introduction
Reconnaissance - countermeasures against SE

• User awareness (regular qualifications) 
- Hacking demonstrations
• Authentication procedures for IT-Support (not only)
• Force to wear badges for access control 
especially for computer rooms
• screen saver with passwords
• Lock Down servers and computers (mobiles!?!)
• Encryption of all data
47

Introduction
0. introduction
Reconnaissance - countermeasures against SE

• Avoid BYOD
• Clear procedures for processing old HW 
- Computers, Laptops, Mobiles, GPS, … 
- HDs, Memory-Sticks 
- Copy maschines 
- Network devices (routers, switches)
• Handling of paper and CDs/DVDs containing sensitive data
—> shredding
btw: What are sensitive data?
48
Introduction
0. introduction
Reconnaissance - Gifts
Scatter 1000 infected USB
sticks on the parking place at
REMA1000 or of any company.
49

Introduction
0. introduction
N U
Reconnaissance - Online Information at NT
• Searching for information  urs
- Web sites  
g Co
- Search engines  
k in
- Public databases   c
- DNS information  l Ha
  ic a
h
tstart: 
Required for a good
> E
- good internal—mapping of the: 
ls
* Peoplei(culture) 
a
D et
* Infrastructure
r e
M o
50
Introduction
0. introduction
II. Exercise:
• Install Kali Linux in a virtual machine (virtual box or VM),

if not done yet (one installation per group)
• Start aircrack to monitor the air 
use e.g. kismet to find out the SSID of the target network
• Find out the WEP pass phrase to connect to the WLAN
confirm with me that you

connect to the right network!
51

Introduction
0. introduction
Questions? 
52

01 Hacking Network Security PDF

Загружено:

Сведения о документе

Оригинальное название

Авторское право

Доступные форматы

Поделиться этим документом

Поделиться или встроить документ

Параметры публикации

Этот документ был вам полезен?

Это неприемлемый материал?

Авторское право:

Доступные форматы

01 Hacking Network Security PDF

Загружено:

Авторское право:

Доступные форматы

Hacking - Network Security

Thomas Kemmerich BaSoTi 2016 - Tallinn 1

Hacking - Network Security

Thomas Kemmerich, PHD

20 Professor only for Information Security

Thomas Kemmerich BaSoTi 2016 - Tallinn 3

Hacking - Network Security

Thomas Kemmerich BaSoTi 2016 - Tallinn 4

20 Professor only for Information Security

Thomas Kemmerich BaSoTi 2016 - Tallinn 5

Hacking - Network Security

Thomas Kemmerich BaSoTi 2016 - Tallinn 6

Hacking - Network Security

Who has experience in Hacking?

Which tools did you use?

Hacking - Network Security

General Behaviour (Ethics)

Do only things you understand!!

This is very often mixed

Thomas Kemmerich BaSoTi 2016 - Tallinn 11

Hacking - Network Security

• The Basics of Hacking and Penetration

• Web Penetration Testing with Kali Linux

Thomas Kemmerich BaSoTi 2016 - Tallinn 12

Thomas Kemmerich BaSoTi 2016 - Tallinn 13

Hacking - Network Security

• Lectures of the theoretical aspects

Thomas Kemmerich BaSoTi 2016 - Tallinn 14

• Part 1: Planing Report

Thomas Kemmerich BaSoTi 2016 - Tallinn 15

Hacking - Network Security

• working in groups of five students

Thomas Kemmerich BaSoTi 2016 - Tallinn 16

Delivery date: 04.08.2016, 0:00 by email

Thomas Kemmerich BaSoTi 2016 - Tallinn 17

Hacking - Network Security

33,3% of the grade

Hacking - Network Security

Information Security Basics

Information Security Basics

Hacking - Network Security

Information Security Basics

Thomas Kemmerich BaSoTi 2016 - Tallinn 22

Information Security Basics

Hacking - Network Security

Why do we learn Hacking?

Thomas Kemmerich BaSoTi 2016 - Tallinn 24

Why do we learn Hacking?

We need to know the vulnerabilities of our

Thomas Kemmerich BaSoTi 2016 - Tallinn 25

Hacking - Network Security

Thomas Kemmerich BaSoTi 2016 - Tallinn 26

"A vulnerability assessment is the process of reviewing

Thomas Kemmerich BaSoTi 2016 - Tallinn 27

Hacking - Network Security

Thomas Kemmerich BaSoTi 2016 - Tallinn 28

Black box testing: no knowledge about anything

Gray box testing: simulate an attack that could be carried

Thomas Kemmerich BaSoTi 2016 - Tallinn 29

Hacking - Network Security

Access to the Systems:

How much sheets

Thomas Kemmerich BaSoTi 2016 - Tallinn 31

• Web Penetration Testing with Kali Linux 