000ch0-Intro.pdf
Document Details
Uploaded by PopularCelebration9101
Zayed University
Full Transcript
Chapter 1 Ethical Hacking Overview Adapted from Cengage Hands-On Ethical Hacking and Network Defense, 3rd Edition, 2017 Objectives After completing this chapter, you will be able to: Describe the role of an ethical hacker Describe what you can do l...
Chapter 1 Ethical Hacking Overview Adapted from Cengage Hands-On Ethical Hacking and Network Defense, 3rd Edition, 2017 Objectives After completing this chapter, you will be able to: Describe the role of an ethical hacker Describe what you can do legally as an ethical hacker Describe what you can’t do as an ethical hacker SEC432 Ethical Hacking @Zayed University 2 Introduction to Ethical Hacking Hackers – Access computer system or network without authorization Breaks the law; can go to prison Crackers – Break into systems to steal or destroy data, or remove protections from IP. U.S. Department of Justice calls both hackers Ethical hacker – Performs most of the same activities with owner’s permission SEC432 Ethical Hacking @Zayed University 3 Ethical Hacking & Penetration Testing Ethical hacking / penetration testing are methods of evaluating the security of a computer network, system, application, or data by simulating real cyber attacks targeted at a known environment with organizational permissions. Penetration testing aims to find vulnerabilities, malicious content and risks. – The goal is to strengthen the security posture. – Hopefully, help SoC and DevOps fix or patch vulnerabilities before a malicious attacker has the opportunity to exploit them. 4 Ethical Hacking vs Pen Testing Both Offensive Security roles – No difference from learning perspective Penetration testing aims to find vulnerabilities, malicious content and risks. – The goal is to strengthen the security posture. – Penetration test narrow focus and regular event Attempt to break into a company’s network to find the weakest link without causing any damage Minimize the possibility of a successful attack but no comprehensive security answers. – Internal/External? SEC432 Ethical Hacking @Zayed University 5 Ethical Hacking vs Pen Testing Both offensive security roles aiming to find vulnerabilities, malicious content and risks, and fix them before the hackers exploit them. – No major differences from learning perspective Ethical hackers are more comprehensive/broader Penetration test narrow focus and regular event Penetration Testing Ethical Hacking Security assessment on specific IT systems Assesses all system security flaws through many hacking approaches, including pen testing Knowledge/skills in the specific area Wider and thorough knowledge 6 Vulnerability Assessment Vulnerability assessment attempts to enumerate all vulnerabilities found in an application/system – Early steps of PT to scan the target for vulnerabilities using specialized tools. – Recommend remediation or mitigation, if and whenever needed. Security test or audit – Besides a break in attempt; includes analyzing company’s security policy and procedures 7 Vulnerability Assess. vs Pen Testing Vulnerability Assessment – larger in scope (host, network, database, application assessment ) – Its unreliable at times and high rate of false positives. – Produces a report with mitigation guidelines and action items. Penetration Testing: – Narrower scope and may include targeted attempts to exploit specific targets. – Its generally unpredictable in nature – Penetration testing is a proof of concept of vulnerabilities. 8 Its is highly accurate and reliable. VAPT Tools Regular pen tests, code reviews and scanning tools. VAPT tools automatically scan for new and existing threats that can target your application. 1. Web application scanners that test for and simulate known attack patterns. 2. Protocol scanners that search for vulnerable protocols, ports and network services. 3. Network scanners that help visualize networks and discover warning signals like stray IP addresses, spoofed packets and suspicious packet generation from a single IP address. DevOps teams manage patches of discovered vulnerabilities (May rely on a third-party) 9 The Skills and Tools of Pen Testers Penetration testers usually have: – A laptop computer with multiple OSs and hacking tools – Masters OS, computer networks, programing and information security & more Programming languages used by experienced penetration testers – Python, Ruby, Practical Extraction and Report Language (Perl), C language Script – Set of instructions – Runs in sequence to perform tasks SEC432 Ethical Hacking @Zayed University 10 The Role of Security and Penetration Testers Job requirements for a penetration tester might include: – Perform vulnerability, attack, and penetration assessments in Intranet and wireless environments – Perform discovery and scanning for open ports – Apply appropriate exploits to gain access – Participate in activities involving application penetration – Produce reports documenting discoveries – Debrief with the client at the conclusion SEC432 Ethical Hacking @Zayed University 11 Penetration-Testing Methodologies White box model – Tester is told about network topology and technology May be given a floor plan – Tester is permitted to interview IT personnel and company employees Makes tester’s job a little easier Black box model – Staff does not know about the test – Tester is not given details about technologies used Burden is on tester to find details – Tests security personnel’s ability to detect an attack SEC432 Ethical Hacking @Zayed University 12 Penetration-Testing Methodologies Gray box model – Hybrid of the white and black box models – Company gives tester partial information (e.g., OSs are used, but no network diagrams) Different than Hats – White Hat Hacker – Black Hat Hacker – Gray Hat Hacker – Blue Hat hackers Internal Vs External SEC432 Ethical Hacking @Zayed University 13 Penetration Testing teams Red Team is an Internal/External team that runs regular hacking/pentesting campaigns to compromise your security to test the effectivesness of your defenses and to avoid detection by the blue team Blue Team is an internal security team (Security Operations Centre (SOC)) that defends against real attackers and red teams – Different from your security team?! Purple Team is a nonpermenant mix of red and blue teams (+senior managament) aiming to maximize effectivness of their work and that of defensive controls Others colors?! Yellow team, builders or developers Certification Programs for Network Security Personnel Certification programs – Available in almost every area of network security Required by industry to secure a job! Danger of certification exams – Some participants simply memorize terminology Don’t have a good grasp of subject matter Minimum certification – CompTIA Security+ or equivalent knowledge CompTIA Network+ is a prerequisite – CISSP by (ISC2) Not technical but tests security managerial skills 15 5 Years of experience Certification Programs for Ethical Hacking and Pentesting Certified Ethical Hacker/Practical by EC-Council Offensive Security Certified Professional/Expert (OSCP/OSCE) – An advanced certification that require students to demonstrate hands-on abilities to earn it – Notoriously difficult and lengthy exam OSSTMM Professional Security Tester by ISECOM SANS Institute and GIAC – GIAC Penetration Tester (GPEN) and – GIAC Web Application Penetration Tester (GWAPT) 16 What Can You Do Legally Governments are getting more serious about cybercrime punishment Laws are written to protect society – Written words are open to interpretation Laws involving technology change as rapidly – Keep abreast of what’s legal for you locally Laws vary from state to state and country to country – In some states, the possession of lockpicking tools constitutes a crime – In Hawaii, the state must prove the person charged had the “intent to commit a crime” – Some/most hacking tools on your computer might be illegal 17 Is Port Scanning Legal? Some states consider it legal – Not always the case – Be prudent before using penetration-testing tools Federal government does not see it as a violation – Allows each state to address it separately Research state laws Read your ISP’s “Acceptable Use Policy” SEC432 Ethical Hacking @Zayed University 18 Are Bots Legal? Bots – Program that sends automatic responses to users – Gives the appearance of a person being present Some ISP’s may prohibit the use of bots Now we have social bots, manual or automated AI robots that might chat with customers or post on social media. SEC432 Ethical Hacking @Zayed University 19 What You Cannot Do Legally? Be aware of Laws of the Land! Illegal actions: – Accessing a computer without permission – Destroying data without permission – Copying information without permission – Installing viruses that deny users access to network resources Be careful your actions do not prevent client’s employees from doing their jobs 20 Get It In Writing Using a contract is good business – May be useful in court Books on working as an independent contractor – Getting Started as an Independent Computer Consultant by Mitch Paioff and Melanie Mulhall – The Consulting Bible: Everything You Need to Know to Create and Expand a Seven-Figure Consulting Practice by Alan Weiss Internet can also be a helpful resource – Free modifiable templates Have an attorney read your contract before signing SEC432 Ethical Hacking @Zayed University 21 Legal Disclaimer DO NOTUSE ANY OF THE TOOLS/PROCEDURES WE LEARN IN THIS CLASS AGAINST ZU OR ANY OTHER PRODUCTION ENVIRONMENT Misuse of security and penetration testing tools within a network, particularly without specific authorization, may cause irreparable damage and result in significant consequences, personal and/or legal. “Not understanding what you were doing” is not going to work as an excuse. The tools we use here are mostly open source and very loud! – i.e generate a lot of traffic and leave lots of traces The tools and procedures are intended for use in our isolated labs or virtual environments Bug Bounty Company Link Payout Payout Min Max Microsoft - 15-250K Apple - 100-200K DropBox $12,167 $32,768 Google $300 $31,337 Intel $500 $30,000 Twitter $140 $15,000 GitHub $200 $10,000 Paypal $50 $10,000 Uber - $10,000 Hacking Steps 1. Reconnaissance: Information Gathering 1. Footprinting 2. Port Scanning 2. Enumeration/Threat-modeling/Vulnerability Analysis 3. Exploitation/Gaining Access/System Hacking 4. Post Exploitation – Poke Around?! – Privilege Escalation – Lateral Movement or Pivoting – Maintaining Access or Persistence – Clearing Tracks and Clean up 5. Reporting or Data Exfiltration 24 Summary Companies hire ethical hackers to perform penetration tests – Penetration tests discover vulnerabilities in a network – Security tests are performed by a team of people with varied skills Penetration test models – White box model – Black box model – Gray box model SEC432 Ethical Hacking @Zayed University 25 Summary Security testers can earn certifications – CEH – CISSP – OPST As a security tester, be aware – What you are legally allowed or not allowed to do ISPs may have an acceptable use policy – May limit ability to use tools SEC432 Ethical Hacking @Zayed University 26 Summary Laws should be understood before conducting a security test – Federal laws – State laws Get it in writing – Use a contract – Have an attorney read the contract Understand tools available to conduct security tests – Learning how to use them should be a focused and methodical process SEC432 Ethical Hacking @Zayed University 27