CSE 316: Information Security and Ethical Hacking

Questions and Answers

What differentiates a threat from an attack in cybersecurity?

• Threats can be blocked by controlling vulnerabilities, while attacks cannot.
• Threats can be unintentional, while attacks are intentional. (correct)
• Threats are easy to detect, while attacks are hard to identify.
• Threats are always malicious, while attacks are not.

What is a vulnerability in the context of information security?

• A malicious attack that targets a system.
• An error in system design that may lead to security breaches. (correct)
• A formal process of evaluating system security.
• A defined method for exploiting a system's weaknesses.

Which phase comes first in a security evaluation plan?

• Testing.
• Conclusion.
• Preparation. (correct)
• Security Evaluation.

During the Security Evaluation phase, what significant action is taken?

A formal report of test findings is generated. (D)

What does the CIA in the CIA triad stand for?

Confidentiality, Integrity, Availability. (C)

Which of the following accurately describes a Zero-Day exploit?

It takes advantage of undisclosed vulnerabilities in software. (A)

What is the primary goal of an attack in cybersecurity?

To cause alteration or damage to information. (B)

In a security evaluation plan, what is included in the formal agreement during the Preparation phase?

Scope of tests, types of attacks, and testing methodologies. (C)

What is the primary goal of penetration testing?

To identify and fix security weaknesses (C)

Which methodology involves the tester having full knowledge of the network?

White Box Methodology (D)

What is the primary focus of the reconnaissance phase in penetration testing?

Collecting as much information as possible about the target (B)

Which type of reconnaissance involves interaction with the target system?

Active Reconnaissance (B)

What is involved in the scanning phase of penetration testing?

Determining system vulnerabilities and network structure (B)

What is typically NOT true about Black Box Methodology?

Testers receive detailed information about the network (A)

Which phase is crucial for maximizing the effectiveness of penetration testing outcomes?

Reconnaissance (A)

What distinguishes Gray Box Methodology from the other penetration testing methodologies?

The company provides some partial information to the tester (D)

Which term describes individuals who perform hacking activities with the owner's authorization?

Ethical Hackers (C)

What is the primary role of a penetration tester?

To report vulnerabilities without actively fixing them (B)

What step in the Kill Chain involves sending an exploit to the target?

Delivery (D)

Which type of hacker breaks into systems specifically to steal or destroy data?

Cracker (D)

Which of the following is NOT a phase in the security evaluation process?

Testing user access permissions (A)

What is the main focus of a security tester in comparison to a penetration tester?

To recommend solutions to enhance security (D)

Which type of attack is characterized by weaknesses in the configuration of hardware or software?

Mis-configuration Attacks (D)

Which aspect of the CIA Triad focuses on ensuring that information is accessible only to those authorized?

Confidentiality (A)

Flashcards

Threat

A circumstance or condition that can lead to damage or harm.

Attack

An intentional and malicious attempt to breach system security.

Vulnerability

A weakness in a system's design or implementation that can lead to security breaches.

Exploit

A specific way to take advantage of a vulnerability.

Zero-Day

An attack using an unknown vulnerability.

Target of Evaluation

The system or product being tested for security.

Security Evaluation Plan

A plan for security testing, including preparation, evaluation, and conclusion.

Security Triangle (CIA)

Confidentiality, Integrity, and Availability, core elements of information security.

Penetration Testing

A controlled, authorized attack on a system to identify security vulnerabilities, often conducted by ethical hackers.

White Box Testing

Penetration testing where the attacker has full knowledge of the system's infrastructure and configuration.

Black Box Testing

Penetration testing where the attacker knows nothing about the system's infrastructure or configuration.

Gray Box Testing

Penetration testing where the attacker has limited knowledge of the system, often provided by the organization being tested.

Reconnaissance

The first phase of penetration testing, focused on gathering information about the target system.

Active Reconnaissance

Reconnaissance techniques that involve directly interacting with the target system, potentially leaving a trace of activity.

Passive Reconnaissance

Reconnaissance techniques that gather information without directly interacting with the target system.

Scanning

The second phase of penetration testing, where tools are used to analyze system vulnerabilities based on the information gathered during reconnaissance.

Gray Hat Hacker

A person who operates both offensively and defensively in cybersecurity, sometimes blurring the lines between ethical and unethical hacking.

Cracker

An individual who illegally accesses computer systems to steal or destroy data, acting with malicious intent.

Ethical Hacker

A cybersecurity professional who performs penetration testing and vulnerability assessments with the owner's permission to improve security.

Security Tester

A cybersecurity professional who goes beyond penetration testing to also analyze a company's security policies, procedures, and offer solutions for improvement.

Operating System Attack

A type of attack targeting the core software of a computer or device, aiming to exploit vulnerabilities within the OS.

Application-Level Attack

An attack directed at a specific application or program running on a system, exploiting weaknesses in its code or design.

Kill Chain

A sequential model representing the stages of a cyberattack, from reconnaissance to taking action.

Study Notes

Lecture 2: Information Security and Ethical Hacking

• Course: Computer and Information Security (CSE 316)
• Presented by: Dr. Marwa Sharaf EL-Din
• Date: 10/15/2024

Agenda

• Basics of Information Security
• Hacking Terms
• Hacking and Ethical Hacking
• Building a Penetration Testing Laboratory
• How to become a Certified Ethical Hacker
• Summary

Basics of Information Security

• Reactive method is passive, responding to a breach after it occurs, tracking down the intruder, and stopping future intrusions
• Proactive method is active, finding vulnerabilities yourself before others exploit them

Security Terms

• Attack: Any action violating security
• Hack Value: Notion among hackers of something worth doing
• Threat: Action or event threatening security
• Malware: Malicious software harming systems
• Vulnerability: Weakness in a design, implementation error potentially leading to system breaches
• Exploit: Specific way to breach security through vulnerability
• Zero-Day: Exploiting an unknown/undisclosed vulnerability
• Target of Evaluation: IT system or product identified for security evaluation

Security Terms (Cont.)

• Threat can be intentional or unintentional and may or may not be malicious

• Attack is always intentional and malicious

• Objective of attack is to cause damage with a high chance of altering and damaging information

• Threat detection is harder than attack detection

• Attack can be blocked by controlling vulnerabilities

Security Evaluation Plan

• Preparation: Formal agreement defines the test scope, attack types (white, black, or grey box), and testing types.
• Security Evaluation: Tests are conducted, and a report on vulnerabilities and findings is prepared
• Conclusion: Findings are presented with recommendations for security improvement

Elements of Information Security

• Confidentiality: Access to information limited to authorized users
• Integrity: Ensuring information is not altered or tampered with by unauthorized users.
• Availability: Systems responsible for delivering, processing, and accessing information are available when needed by authorized users
• CIA Security Triangle: Composed of Confidentiality, Integrity, and Availability

Security, Functionality, and Usability Triangle

• Security level at any system depends on the strength of these three elements: Security, Functionality, and Usability

Defense in Depth

• Security strategy comprising multiple layers of protection to prevent attacks
• "Layered approach"

Defense in Depth (Cont.)

• Layers include physical security, remote access controls, network security, compute security, and storage security

Authentication, Authorization, and Accounting (AAA)

• Authentication: Users prove their identity (e.g., username/password, challenges)
• Authorization: Determines user access rights for resources
• Accounting (Auditing): Records user access, time spent, and changes made

Hacking Terms

• The slides cover various hacking terms, but the exact details are not provided.

Hacking Impact

• Damage to information
• Theft of information
• Using attacked machines as spam zombies
• Theft of customer data (e.g., credit card details)
• Theft of email addresses

Who is a Hacker?

• Intelligent person with excellent computer skills (hardware and software)
• Goal is to breach system security either for knowledge or malicious activities

Types of Hackers

• Black Hats: Malicious hackers, known as crackers or criminals.
• White Hats: Ethical hackers, security analysts, focused on defensive purposes
• Grey Hats: Hackers engaging in both offensive and defensive activities.

Hacker, Cracker, and Ethical Hacker

• Hackers: Access systems without authorization
• Crackers: Break into systems to steal or destroy data
• Ethical Hacker: Performs similar actions but with permission from the owner/company

Ethical Hackers, Penetration, and Security Testers

• Ethical hackers perform penetration tests for companies to identify vulnerabilities
• Penetration testers conduct legal attacks simulating real-world threats
• Security testers go beyond attacks to analyze security policies and offer solutions

Types of Attacks

• Operating System Attacks
• Application-Level Attacks
• Mis-configuration Attacks

Hacking and Ethical Hacking

• Hacking: Violating system security for illegal purposes.
• Ethical Hacking: Legitimate, authorized attempt to find and exploit vulnerabilities, improving system security for the good.

The Kill Chain in Cyberdefense

•  Seven stages of an information systems attack

1. Reconnaissance
2. Weaponization
3. Delivery
4. Exploitation
5. Installation
6. Command and Control
7. Action

Hacking and Ethical Hacking (Cont.)

•  Penetration testing is a crucial aspect of ethical hacking, used to help secure computers and networks against future attacks.
•  White Hat Hacking is another name used to describe effective ethical hacking.

Ethical Hacking/Penetration Testing Methodologies

• White Box: Tester has all information, makes the job easier
• Black Box: Tester has no network information, harder but more realistic
• Gray Box: Tester has partial information

Phases of Hacking/Ethical Hacking (Penetration Testing)

• Reconnaissance
• Scanning
• Gaining Access
• Maintaining Access
• Cleaning Track

Phases 1: Reconnaissance

• Information gathering
• Active vs Passive
  • Active: directly interacting with target
  • Passive: acquiring information without direct interaction

Phases 2: Scanning

• Scan network for vulnerabilities
• Determines if systems are alive, identify open ports, and scan vulnerabilities

Phases 3: Gaining Access

• Gaining control/access (e.g., DoS attacks, cracking).
• Metasploit Framework is a useful tool.

Phases 4: Maintaining Access

• Maintain control of a compromised system to launch further attacks
• "Backdoors" established for future access.

Phases 5: Cleaning Track

• Hide malicious activities, prevent tracing, remove evidence of hacking attempts.

How Tor Works

• Alice's Tor client chooses a random path to a destination server (Encrypted links vs non-encrypted links)

Lecture 3: Virtualization

• Virtualization technology changes digital content storage, management, and delivery.

Virtualization

• Abstracting physical hardware, enabling multiple operating systems (OSes) to run concurrently on a single physical machine

Before and After Virtualization

• Before: Each OS runs on a single machine and is tightly coupled to hardware.
• After: Virtualization Layer (Hypervisor) allows multiple VMs to run on the same physical machine, allowing independence

Types of Hypervisor

• Type 1: Bare-metal (runs directly on hardware)
• Type 2: Hosted (runs on top of another OS).

Virtual Server Using VMware ESXi

• Management System interacts with virtual machines (VM).
• Remote Connection allows users to access VMS.
• Cloud-based Virtual Servers.

Virtual Data Center

•  Central management system (vCenter) manages multiple VMs.

Practical Hacking Scenario

•  Scenario showing Internet access, an attacker, and victim systems.

Practical Hacking Scenario (cont.)

• Illustrates an attacker gaining control of the system.

Hands-On: Practical Hacking Scenario Demo

• Details on a hands-on demonstration for the topic.

Certified Ethical Hacker (CEH)

• Skills needed to become a Certified Ethical Hacker (CEH).

Certified Ethical Hackers (CEH)

• Questions ethical hackers need to answer to determine attack strategy.

• Required skills.

Q&A

• Question and answer session.