CSF3203-WK01-Ethical Hacking Overview.pptx

Full Transcript

CSF3203
Intrusion Detection and Ethical Hacking
Chapter 1: Ethical Hacking Overview (CLO1)
1
Credits and Revision Control

Change description: Existing material is revised and
updated; related lab activities are updated
Change level: Minor

Versi
Author Effective Date Change Description DRC No
on
1.0 Unknown NA Define the first version 001
1.1 Dr. Samer Aoudi Fall 2022 (Aug 2022) Revise the first version 002

2
Alignment to Cybersecurity Functions

The course mainly relates to
the following security
functions:
Protect
Protect physical and logical
assets against unauthorized
access and activities, through
awareness, technologies,
processes, and policies.
Detect
Detect anomalous activities and
vulnerabilities through
continuous monitoring and
testing 3
Chapter Learning Objectives

Upon completing this chapter, students will be able to:
Discuss fundamental security concepts
Discuss the magnitude and impact of cybersecurity threats
Identify the different types of hackers
Identify the skills of an ethical hacker
Discuss the legal guidelines that govern penetration testing
Discuss UAE cybercrime law

4
Ethical Hacking Overview

Ethical Hacking refers to performing hacking activities
defensively and with prior permission
Among other things, Ethical Hackers may perform security testing
with the goal of improving security

A Security Test is a comprehensive test aimed at
assessing all aspects of security within an organization
There are several types of security tests, including:
Security Audits
Vulnerability Assessment
Penetration Testing
Etc.

5
Penetration Testing

Vulnerability Assessment (VA) is the process of identifying
all vulnerabilities associated with an information asset
VA is one component of a security test

A Penetration Test (Pentest) is security test whereby the
tester attempts to exploit existing weaknesses (i.e., simulate
an attack)
A pentest can be performed on networks, applications (Web; Mobile;
etc.), physical resources, people
Penetration testing involves two main teams:
Blue Team
Red Team

6
Blue Team vs. Red Team

Blue Team
A team of cybersecurity experts who perform analysis, identify security issues,
and apply defensive measures (defense)

Red Team
A team of cybersecurity experts who perform penetration testing by emulating
attackers (offense)

A Capture The Flag (CTF) competition is a special kind of
cybersecurity competition designed to challenge participants to
capture and defend computer systems
Blue team must protect “the flag”
Red team must capture it

7
Penetration Testing Tools

Penetration testers utilize many tools and
techniques to test the target network.
Examples:
A Tiger Box is a collection of tools used for
conducting vulnerability assessments and
attacks (e.g., Kali Linux)
Scripts are a set of instructions written in a
programming language (e.g., C, Perl, VB) and
can be used to exploit certain vulnerabilities
Daisy Chaining is the act by which an
experienced hacker attacks a system, then
backtracks to cover their tracks

8
Fundamental Security Concepts

Information Security is the state of well-being (i.e. be free
from threats) of information and infrastructure including systems
and hardware that use, store, and transmit that information
A Vulnerability is a weakness that can lead to undesirable
event compromising the system
A Threat is something that might compromise security (e.g.
hacker; power outage; angry employee)
An Attack is an attempt to compromise a system
An Exploit is a breach of a system through vulnerability
A Zero-Day is a computer threat that tries to exploit
vulnerabilities that are unknown to others

9
Hacker Classification

Hackers or often classified based on their expertise (expert vs. novice)
and/or intent (ethical or not):
A Hacker is a security expert who can gain access to computer systems without
authorization
An Ethical Hacker represents a special category of hackers who have permission to
“hack” and perform penetration tests
A Cracker is a term used to represent people who break into systems with no
permission and often to steal or destroy data. U.S. Department of Justice calls them
hackers

Script Kiddies are Novice ‘hackers’ (AKA skids) who use other people’s
exploits. They can use existing scripts but cannot create their own
Cyberterrorists perform their attacks in the cyberspace with the intention
to cause fear and panic
State-Sponsored Hackers are employed by government agencies

10
Impact of Hacking

Negative impact on individuals, organizations, and
governments
Hackers may have access to confidential and sensitive data
Attackers may delete or destroy important data
Theft of identity and/or financial details
Degradation in the quality and availability of services
Extortion and blackmail
Bullying and harassment

11
Expertise Level

Expert Novice
Knowledgeable professionals who can write Script kiddies (or sometimes Packet
their own scripts and know how to attack Monkeys)
and cover tracks Use code and tools from experienced
Some use their skills for good (ethical hackers, and often download tools from the
hackers) dark web
Others use the same skills to do malicious Although novice, they can do damage
acts using powerful tools
They are often easily traced and caught

12
 White Hats
Black Hats Professionals who use their
Extraordinary computer skills technical skills for defensive
used for malicious purposes purposes. Known as security
analyst

Hacker Classes

Gray Hats
Suicide Hackers Hackers who sometimes work
Hackers who commit serious offensively and other times
malicious attacks and don’t defensively
care if they get caught

13
Black vs. White Hats

Black Hats White Hats
A Black Hat hacker uses his/her skills for A White Hat hacker provides his/her
malicious purposes to illegally hack target services to organizations in order to
organizations’ networks and/or systems perform penetration testing for their
Work offensively and without permission computer networks
Work defensively and with permission
Also known as crackers
Known in the job market as Security
Skills level: Expert
Analyst
Goal is to steal (copy) or destroy data and
Skill level: Expert
to deny access to resources and systems
Goal is to secure systems

14
Black vs. White Hats

Suicide Hackers Gray Hats
A Suicide Hacker is simply one who does A Gray Hat hacker switches sides by
not care if he/she gets caught sometimes demonstrating security flaws,
Work offensively and without permission and other times get curious about hacking
tools and their own abilities
Often commit attacks on their employers or
May work defensively or offensively but
enemies
often without permission (thus considered
Skill level: Novice to intermediate illegal)
Goals may vary but often motivated by They are neither good or evil
anger, revenge, or other personal objective Skill level: Intermediate to expert
Goals may vary

15
The Role of Ethical Hackers

The role of an ethical hacker is to answer the following
questions:
What can the attacker see on the target system?
What can the attacker do with compromised information?
Can we detect attacks (successful or mere attempt)?

To answer these questions, an ethical hacker emulates real
attacks (i.e. perform penetration tests)

16
Ethical Hacker’s Knowledge

An ethical hacker, or penetration tester, must be an expert
in multiple domains, including:
Computer expertise in various platforms and technical domains
Network-level knowledge (e.g., TCP/IP; Wireless)
Operating System knowledge (Windows; Linux; Android; iOS; Mac; etc.)
Application-Level knowledge (Mobile; Web; etc.)
Security expertise with up-to-date knowledge on tools (offense and
defense), techniques, threats, and attacks
Some of the course tools:
Kali Linux (Tiger Box)
Scanning Tools: NMAP, HPING3, NPING, FPING
DNS Tools: DIG, HOST, NSLOOKUP
Security Frameworks: Metasploit

17
Additional Skills

In addition to deep knowledge of network and computer
technology, the penetration tester must have the following
skills
Communication Skills: Ability to communicate with clients,
management and IT personnel
Legal Knowledge (Awareness): An understanding of the country-
specific laws
An understanding of the rules of engagement (permissions, scope,
procedure, goals, etc.)

18
Legal Considerations

Laws involving technology change as rapidly as technology
itself
Ethical Hackers must know laws and regulations relating to
their work in their area of work (i.e. country or city)
Laws vary from state to state and country to country
Ethical Hackers must know what is allowed (legal) and
what is not allowed (illegal)
When not sure, research and find out
When still not sure, DO NOT DO IT
Law does NOT protect the
ignorant!

19
Example: Port Scanning

Is Port Scanning legal or illegal in the USA?
The question relates to unauthorized port scanning using a
tool like NMAP for instance
United States federal laws do not explicitly criminalize port
scanning
Therefore, each state may address this activity separately
Some states consider it legal, while others consider it illegal
Be careful before using penetration-testing tools
Research the UAE laws
Read the ISP’s “Acceptable Use Policy”

20
Discussion: Port Scanning

Visit this webpage and read it
https://nmap.org/book/legal-issues.html

Discuss the following in class:
Is unauthorized port scanning ethical?

21
Illegal Computer-Related Activities

General illegal actions:
Accessing a computer without permission
Destroying data without permission
Copying information without permission
Installing worms or viruses
Denying users access to network resources

Which one of the C.I.A does each action
violate?

22
The Computer “Do NOT List”

DO NOT:
Use a computer to harm other people
Interfere with other people's computer work
Access other people's computer files
Use a computer to steal
Use a computer to bear false witness
Use pirated software
Use other people's computer resources without authorization or
proper compensation

23
Committing a Cybercrime

Cybercrime is defined as a criminal act where the computer
is involved
It could be computer-assisted or computer-targeted

Three core components required to commit a crime
1. Means: does the attacker posses the ability to commit the crime?
2. Motive: does the attacker have a motivation to engage in crime?
3. Opportunity: does the attacker have the necessary access and
time to commit the crime?

24
Cybercrime in the UAE

Federal Decree-Law no. (5) of 2012 on Combatting
Cybercrime, define 51 articles relating to cybercrime
Articles articulate illegal activities and their corresponding
punishments (e.g. imprisonment and/or fines)
The law can be read in Arabic or English on the UAE
Ministry of Justice website
https://www.moj.gov.ae/

25
Examples: Article 2

1. Shall be punished by imprisonment and a fine not less than one hundred
thousand dirhams and not in excess of three hundred thousand Dirhams or
either of these two penalties whoever gains access to a website, an electronic
information system, computer network or information technology means
without authorization or in excess of authorization or unlawfully remains
therein.
2. The punishment shall be imprisonment for a period of at least six month and a
fine not less than one hundred and fifty thousand dirhams and not in excess of
seven hundred and fifty thousand dirhams or either of these two penalties if
any of the acts specified in paragraph (10) of this Article has resulted in
deletion, omission, destruction, disclosure, deterioration, alteration, copying,
publication or re-publishing of any data or information.
3. The punishment shall be imprisonment for a period of at least one year and a
fine not less than two hundred and fifty thousand dirhams and not in excess of
one million dirhams or either of these two penalties if the data or information
objects of the acts mentioned in paragraph (2) of this Article are personal.

26
Examples: Articles 5 and 8

Article 5
Shall be punished by imprisonment and by a fine not less
than one hundred thousand dirhams and not in excess of Example:
three hundred thousand dirhams or either of these two Website
Defacement
penalties whoever gains access to a website without
authorization intending to change its designs, or delete,
destroy or modify it, or occupy its address.

Article 8
Shall be punished by imprisonment and a fine not less than
Example: DoS
one hundred thousand dirhams and not in excess of three
hundred thousand dirhams or either of these two penalties
whoever hinders or obstructs access to the computer
network or to a website or an electronic information system.

27
Examples: Article 9 Updates

Article 9
Shall be punished by imprisonment and a fine not less than one
hundred and fifty thousand dirhams and not in excess of five
hundred thousand dirhams or either of these two penalties Changed from

whoever uses a fraudulent computer network protocol address by
using a false address or a third-party address by any other means
for the purpose of committing a crime or preventing its discovery.

Changed as per Federal Law No. 12 of 2016
amendment

Changed to
Article 9 Changes
not less than one hundred and five hundred thousand dirhams
and not in excess of two million dirhams.

28
Class Activity: UAE Cybercrime Law

Research Federal Decree-Law no. (5) of 2012 and read its
articles
Instructor may assign articles to students
Each student must talk about her or his assigned article

29
Quick Quiz (1 of 3)

Avulnerability
________ is a weakness in a computer system.

_____ are a set of instructions written in a programming
Scripts
language.
pentest
A ________ is a security test whereby the tester attempts to
exploit existing weaknesses.

30
Quick Quiz (2 of 3)

True or False: A Security test is a subset of a penetration test.
FALSE

True or False: The Blue Team is team of cybersecurity experts
who perform analysis, identify security issues, and apply
defensive measures.
TRUE

Zero-Day
A ________ is a computer threat that tries to exploit
vulnerabilities that are unknown to others.

Tiger Box
A ________ is a collection of tools used for conducting
vulnerability assessments and attacks.

31
Quick Quiz (3 of 3)

True or False: Maryam tried something she learned in
CSF3203 on the college network and outside the lab
environment. This activity is considered legal.
FALSE

True or False: Ahmad wanted to show his friends that he
can hack his neighbor’s wireless network, so he changed
the access code but then changed back to the original. This
activity is considered legal.
False

32
Resources

https://nmap.org/book/legal-issues.html
https://www.moj.gov.ae

33
Practical Lab Activities

Lab Title: The Lab Environment
In this practical, you will set up the lab environment required for the
course. The setup primarily involves the installation of relevant
software tools.
Watch a short demonstrating setting up your own Ethical
Hacking lab: https://youtu.be/BEC8BOyXp34

34