Introduction to Ethical Hacking

Questions and Answers

Which of the following statements best describes a white-hat hacker?

Former black hat

Security professional (correct)

Malicious hacker

Former gray hat

What is the first phase of hacking?

Reconnaissance (correct)

Attack

Maintaining access

Gaining access

What type of ethical hack tests access to the physical infrastructure?

Remote network

Physical access (correct)

External network

Internal network

Which type of hacker represents the highest risk to your network?

Disgruntled employees

Which federal law is most commonly used to prosecute hackers?

Title 18

When a hacker attempts to attack a host via the Internet, it is known as what type of attack?

Remote attack

Which law allows for gathering of information on targets?

Freedom of Information Act

Which step in the framework of a security audit is critical to protect the ethical hacker from legal liability?

Sign an ethical hacking agreement and NDA with the client prior to the testing.

Which of the following can NSlookup gather information about?

Hostnames and IP addresses

Which of the following is an example of social engineering?

Shoulder surfing

What is the most effective method to prevent social-engineering attacks?

Employee training and education

What is reverse social engineering?

A help desk uses authority to solicit information

Faking a website to capture login credentials falls under which category of social engineering?

Computer-based

What type of social engineering attack does dumpster diving represent?

Physical access

Which tool can provide information about a web server's operating system?

Netcraft

What information-gathering tool is designed for publicly traded companies?

EDGAR

What is the purpose of signing an NDA agreement in ethical hacking?

To authorize access to the client's systems

Which of the following options defines a cracker in the context of hacking?

A hacker who engages in activities for destructive purposes

What is one of the primary threats to an organization's security?

Disgruntled employees

Which step follows footprinting in the ethical hacking process?

Enumeration

How do tools like Whois and NMAP fit into the process of footprinting?

They aid in accumulating target information.

Which is a method used by traceroute to determine the number of hops in a network?

Using the TTL value in an IP packet

What critical information should be included in an ethical hacking report?

Vulnerabilities discovered and suggested countermeasures

Which regional Internet registry is NOT one of the four main registries?

MOSTNIC

What is the next step in the CEH hacking cycle after enumerating users?

Crack password

What is the process of identifying users and machine names called?

Enumeration

Which command-line tool is used to look up a username from a SID?

SID2User

What is the primary purpose of NSlookup?

To query a DNS server for DNS records.

What defines a null session in computing?

Connecting with no username and password

Which tool is identified as not triggering an IDS alert?

Whois

What is considered an example of social engineering?

Shoulder surfing

What is considered a countermeasure for SNMP enumeration?

Limit SNMP to read-only access

Which tool is not used for performing a DNS zone transfer on Windows?

Whois

What does footprinting specifically refer to?

Gathering information about a target organization

Which of the following Internet registries is NOT one of the four main ones?

ICANN

Which type of session should be blocked to prevent NetBIOS null sessions?

NetBIOS sessions on ports 139 and 445

What is a significant feature of an XMAS scan?

It has all flags set

What is the role of Traceroute in networking?

To determine the number of hops to a destination

What security measure is the best defense against social engineering attacks?

Employee training and education

Which port is used for secure web traffic (HTTPS)?

443

Study Notes

Introduction to Ethical Hacking

• Ethical hacking is a legal and authorized activity that aims to identify vulnerabilities in a system or network to improve security.
• Ethical hackers, known as white-hat hackers, are security professionals who use their skills for defensive purposes.

Types of Hackers

• Black-hat hackers use their skills for malicious purposes.
• Gray-hat hackers operate in a gray area, sometimes performing unauthorized activities but not necessarily with malicious intent.
• Script kiddies are less skilled hackers who use readily available tools and scripts.

Phases of Hacking

• Reconnaissance involves gathering information about a target.
• Scanning identifies active systems and services on a network.
• Enumeration gathers information about users, machines, and services on a network.
• Gaining access exploits vulnerabilities to gain unauthorized access.
• Maintaining access ensures persistent access to the compromised system.
• Covering tracks aims to hide the hacker's activities from detection.

Security Evaluation Plan

• A security evaluation plan is a comprehensive approach to assess security vulnerabilities.
• It typically involves reconnaissance, vulnerability assessment, and security testing phases.

Legal Considerations

• The Computer Fraud and Abuse Act (CFAA) is a federal law that criminalizes computer fraud and unauthorized access to computer systems.
• The USA PATRIOT Act provides authorities with broader surveillance powers, including the ability to intercept online communications.

Social Engineering

• Social engineering involves manipulating individuals to gain access to systems or information.
• Shoulder surfing involves observing someone entering their credentials.
• Phishing uses deceptive emails or websites to trick users into revealing sensitive information.
• Dumpster diving involves extracting sensitive information from discarded materials.

Security Audit

• A security audit evaluates an organization's security controls and identifies vulnerabilities.
• Ethical hacking agreements and non-disclosure agreements (NDAs) are crucial for legal protection and defining the scope of the audit.
• Findings of the audit should be documented in a comprehensive report, including vulnerabilities identified and recommended countermeasures.

Gathering Network and Host Information

• Footprinting is the process of gathering information about a target organization, including its network infrastructure, employees, and online presence.
• Scanning identifies open ports and services on a network.
• Enumeration gathers specific information about users, machines, and services on the network.
• Banner grabbing is a passive method of gathering information from network devices by analyzing their responses to requests.

Tools for Network and Host Information Gathering

• Whois is a tool for obtaining domain name registration information.
• NSlookup queries DNS servers for DNS records.
• Ping sweep sends ICMP echo requests to a range of IP addresses to identify active hosts.
• NMAP is a versatile scanning tool for identifying open ports, services, and operating systems.
• SuperScan is a network scanning tool that provides detailed information about devices on a network.
• Netcraft is a tool for identifying the operating system and web server software used by a website.

Countermeasures for Network and Host Information Gathering

• Firewall rules can block unwanted traffic from specific IP addresses or ports.
• Intrusion detection systems (IDS) can monitor network traffic for suspicious activity and alert administrators.
• Network segmentation can divide a network into smaller, more manageable segments to limit the impact of a security breach.
• Disabling unused services reduces the attack surface by removing unnecessary services from a network.
• Strong passwords and access controls limit unauthorized access to systems.

Security Policies and Best Practices

• Security policies provide clear guidelines for users and administrators on how to protect sensitive information and systems.
• Employee training and education is crucial for raising awareness of security threats and implementing best practices.

Enumeration Techniques

• NetBIOS enumeration involves identifying NetBIOS names and services on a network.
• SNMP enumeration can expose sensitive configuration information about network devices.
• Null sessions allow attackers to connect to systems without providing credentials.

Password Cracking

• Password cracking involves attempting to guess or brute-force passwords using various techniques.
• Dictionary attacks use a list of common passwords to try to crack accounts.
• Brute-force attacks systematically try every possible combination of characters.

Tools for Password Cracking

• John the Ripper is a popular password cracking tool.
• Cain & Abel is a password cracking tool that can intercept authentication data.

Countermeasures for Password Cracking

• Strong password policies require passwords to be long, complex, and unique.
• Password complexity requirements restrict the use of common passwords and require the use of special characters.
• Account lockout policies lock out accounts after a certain number of failed login attempts.

Vulnerability Assessment

• Vulnerability assessment identifies potential weaknesses in a system or network.
• Penetration testing simulates real-world attacks to assess the effectiveness of security controls.

Tools for Vulnerability Assessment

• Nessus is a comprehensive vulnerability scanning tool.
• OpenVAS is a free and open-source vulnerability scanning tool.

Countermeasures for Vulnerability Assessment

• Patch management promptly applies security updates to address known vulnerabilities.
• Configuration hardening configures systems to minimize security risks.

Incident Response

• Incident response involves responding to security incidents, such as cyberattacks or data breaches.
• Incident response plans outline the organization's procedures for handling security incidents.

Tools for Incident Response

• Security information and event management (SIEM) systems collect and analyze security events.
• Log analysis tools help identify suspicious activity in system logs.

Ethical Hacking Principles

• Legality ensures that the activities are authorized by the target organization and do not violate any laws.
• Transparency involves clearly communicating the purpose and scope of the ethical hacking activities to the target organization.
• Non-disruption minimizes the impact on the target organization's operations.
• Professionalism requires ethical hackers to act with integrity and respect for the target organization.

Description

This quiz explores the fundamentals of ethical hacking, including key concepts, types of hackers, and the phases involved in hacking. Understand the distinctions between ethical hackers and malicious hackers, and familiarize yourself with essential terminologies and processes in cybersecurity.