CSE 316: Information Security and Ethical Hacking

Questions and Answers

What differentiates a threat from an attack in cybersecurity?

Threats can be blocked by controlling vulnerabilities, while attacks cannot.

Threats can be unintentional, while attacks are intentional. (correct)

Threats are easy to detect, while attacks are hard to identify.

Threats are always malicious, while attacks are not.

What is a vulnerability in the context of information security?

A malicious attack that targets a system.

An error in system design that may lead to security breaches. (correct)

A formal process of evaluating system security.

A defined method for exploiting a system's weaknesses.

Which phase comes first in a security evaluation plan?

Testing.

Conclusion.

Preparation. (correct)

Security Evaluation.

During the Security Evaluation phase, what significant action is taken?

A formal report of test findings is generated.

What does the CIA in the CIA triad stand for?

Confidentiality, Integrity, Availability.

Which of the following accurately describes a Zero-Day exploit?

It takes advantage of undisclosed vulnerabilities in software.

What is the primary goal of an attack in cybersecurity?

To cause alteration or damage to information.

In a security evaluation plan, what is included in the formal agreement during the Preparation phase?

Scope of tests, types of attacks, and testing methodologies.

What is the primary goal of penetration testing?

To identify and fix security weaknesses

Which methodology involves the tester having full knowledge of the network?

White Box Methodology

What is the primary focus of the reconnaissance phase in penetration testing?

Collecting as much information as possible about the target

Which type of reconnaissance involves interaction with the target system?

Active Reconnaissance

What is involved in the scanning phase of penetration testing?

Determining system vulnerabilities and network structure

What is typically NOT true about Black Box Methodology?

Testers receive detailed information about the network

Which phase is crucial for maximizing the effectiveness of penetration testing outcomes?

Reconnaissance

What distinguishes Gray Box Methodology from the other penetration testing methodologies?

The company provides some partial information to the tester

Which term describes individuals who perform hacking activities with the owner's authorization?

Ethical Hackers

What is the primary role of a penetration tester?

To report vulnerabilities without actively fixing them

What step in the Kill Chain involves sending an exploit to the target?

Delivery

Which type of hacker breaks into systems specifically to steal or destroy data?

Cracker

Which of the following is NOT a phase in the security evaluation process?

Testing user access permissions

What is the main focus of a security tester in comparison to a penetration tester?

To recommend solutions to enhance security

Which type of attack is characterized by weaknesses in the configuration of hardware or software?

Mis-configuration Attacks

Which aspect of the CIA Triad focuses on ensuring that information is accessible only to those authorized?

Confidentiality

Study Notes

Lecture 2: Information Security and Ethical Hacking

• Course: Computer and Information Security (CSE 316)
• Presented by: Dr. Marwa Sharaf EL-Din
• Date: 10/15/2024

Agenda

• Basics of Information Security
• Hacking Terms
• Hacking and Ethical Hacking
• Building a Penetration Testing Laboratory
• How to become a Certified Ethical Hacker
• Summary

Basics of Information Security

• Reactive method is passive, responding to a breach after it occurs, tracking down the intruder, and stopping future intrusions
• Proactive method is active, finding vulnerabilities yourself before others exploit them

Security Terms

• Attack: Any action violating security
• Hack Value: Notion among hackers of something worth doing
• Threat: Action or event threatening security
• Malware: Malicious software harming systems
• Vulnerability: Weakness in a design, implementation error potentially leading to system breaches
• Exploit: Specific way to breach security through vulnerability
• Zero-Day: Exploiting an unknown/undisclosed vulnerability
• Target of Evaluation: IT system or product identified for security evaluation

Security Terms (Cont.)

• Threat can be intentional or unintentional and may or may not be malicious

• Attack is always intentional and malicious

• Objective of attack is to cause damage with a high chance of altering and damaging information

• Threat detection is harder than attack detection

• Attack can be blocked by controlling vulnerabilities

Security Evaluation Plan

• Preparation: Formal agreement defines the test scope, attack types (white, black, or grey box), and testing types.
• Security Evaluation: Tests are conducted, and a report on vulnerabilities and findings is prepared
• Conclusion: Findings are presented with recommendations for security improvement

Elements of Information Security

• Confidentiality: Access to information limited to authorized users
• Integrity: Ensuring information is not altered or tampered with by unauthorized users.
• Availability: Systems responsible for delivering, processing, and accessing information are available when needed by authorized users
• CIA Security Triangle: Composed of Confidentiality, Integrity, and Availability

Security, Functionality, and Usability Triangle

• Security level at any system depends on the strength of these three elements: Security, Functionality, and Usability

Defense in Depth

• Security strategy comprising multiple layers of protection to prevent attacks
• "Layered approach"

Defense in Depth (Cont.)

• Layers include physical security, remote access controls, network security, compute security, and storage security

Authentication, Authorization, and Accounting (AAA)

• Authentication: Users prove their identity (e.g., username/password, challenges)
• Authorization: Determines user access rights for resources
• Accounting (Auditing): Records user access, time spent, and changes made

Hacking Terms

• The slides cover various hacking terms, but the exact details are not provided.

Hacking Impact

• Damage to information
• Theft of information
• Using attacked machines as spam zombies
• Theft of customer data (e.g., credit card details)
• Theft of email addresses

Who is a Hacker?

• Intelligent person with excellent computer skills (hardware and software)
• Goal is to breach system security either for knowledge or malicious activities

Types of Hackers

• Black Hats: Malicious hackers, known as crackers or criminals.
• White Hats: Ethical hackers, security analysts, focused on defensive purposes
• Grey Hats: Hackers engaging in both offensive and defensive activities.

Hacker, Cracker, and Ethical Hacker

• Hackers: Access systems without authorization
• Crackers: Break into systems to steal or destroy data
• Ethical Hacker: Performs similar actions but with permission from the owner/company

Ethical Hackers, Penetration, and Security Testers

• Ethical hackers perform penetration tests for companies to identify vulnerabilities
• Penetration testers conduct legal attacks simulating real-world threats
• Security testers go beyond attacks to analyze security policies and offer solutions

Types of Attacks

• Operating System Attacks
• Application-Level Attacks
• Mis-configuration Attacks

Hacking and Ethical Hacking

• Hacking: Violating system security for illegal purposes.
• Ethical Hacking: Legitimate, authorized attempt to find and exploit vulnerabilities, improving system security for the good.

The Kill Chain in Cyberdefense

•  Seven stages of an information systems attack

1. Reconnaissance
2. Weaponization
3. Delivery
4. Exploitation
5. Installation
6. Command and Control
7. Action

Hacking and Ethical Hacking (Cont.)

•  Penetration testing is a crucial aspect of ethical hacking, used to help secure computers and networks against future attacks.
•  White Hat Hacking is another name used to describe effective ethical hacking.

Ethical Hacking/Penetration Testing Methodologies

• White Box: Tester has all information, makes the job easier
• Black Box: Tester has no network information, harder but more realistic
• Gray Box: Tester has partial information

Phases of Hacking/Ethical Hacking (Penetration Testing)

• Reconnaissance
• Scanning
• Gaining Access
• Maintaining Access
• Cleaning Track

Phases 1: Reconnaissance

• Information gathering
• Active vs Passive
  • Active: directly interacting with target
  • Passive: acquiring information without direct interaction

Phases 2: Scanning

• Scan network for vulnerabilities
• Determines if systems are alive, identify open ports, and scan vulnerabilities

Phases 3: Gaining Access

• Gaining control/access (e.g., DoS attacks, cracking).
• Metasploit Framework is a useful tool.

Phases 4: Maintaining Access

• Maintain control of a compromised system to launch further attacks
• "Backdoors" established for future access.

Phases 5: Cleaning Track

• Hide malicious activities, prevent tracing, remove evidence of hacking attempts.

How Tor Works

• Alice's Tor client chooses a random path to a destination server (Encrypted links vs non-encrypted links)

Lecture 3: Virtualization

• Virtualization technology changes digital content storage, management, and delivery.

Virtualization

• Abstracting physical hardware, enabling multiple operating systems (OSes) to run concurrently on a single physical machine

Before and After Virtualization

• Before: Each OS runs on a single machine and is tightly coupled to hardware.
• After: Virtualization Layer (Hypervisor) allows multiple VMs to run on the same physical machine, allowing independence

Types of Hypervisor

• Type 1: Bare-metal (runs directly on hardware)
• Type 2: Hosted (runs on top of another OS).

Virtual Server Using VMware ESXi

• Management System interacts with virtual machines (VM).
• Remote Connection allows users to access VMS.
• Cloud-based Virtual Servers.

Virtual Data Center

•  Central management system (vCenter) manages multiple VMs.

Practical Hacking Scenario

•  Scenario showing Internet access, an attacker, and victim systems.

Practical Hacking Scenario (cont.)

• Illustrates an attacker gaining control of the system.

Hands-On: Practical Hacking Scenario Demo

• Details on a hands-on demonstration for the topic.

Certified Ethical Hacker (CEH)

• Skills needed to become a Certified Ethical Hacker (CEH).

Certified Ethical Hackers (CEH)

• Questions ethical hackers need to answer to determine attack strategy.

• Required skills.

Q&A

• Question and answer session.

Description

This quiz covers Lecture 2 of the Computer and Information Security course, focusing on the fundamentals of information security and ethical hacking. It includes key concepts like attack definitions, threat assessments, and the difference between reactive and proactive security measures. Test your knowledge on building penetration testing labs and becoming certified ethical hackers.