Chapter 2 - 02 - Describe Hacking Methodologies and Frameworks_fax_ocred.pdf

Full Transcript

Certified Cybersecurity Technician Information Security Attacks Exam 212-82 Module Understand Information Security Attacks Describe Hacking Methodologies and Frameworks Flow Understand Social Engineering Attacks Understand Wireless Network- specific Attacks Understand Network-level Attacks Understan...

Certified Cybersecurity Technician Information Security Attacks Exam 212-82 Module Understand Information Security Attacks Describe Hacking Methodologies and Frameworks Flow Understand Social Engineering Attacks Understand Wireless Network- specific Attacks Understand Network-level Attacks Understand IoT, OT, and Cloud Attacks Understand Applicationlevel and OS-level Attacks Understand Cryptographic Attacks Copyright © by E cil Al Rights Reserved. Reproduction is Strictly Prohibited Describe Hacking Methodologies and Frameworks Learning the hacking methodologies and frameworks helps security professionals in understanding the phases involved in hacking attempts, along with the tactics, techniques, and procedures used by hackers. This knowledge further helps security professionals in strengthening the security infrastructure of their organization. This section discusses various hacking methodologies such as EC-Council’s hacking methodology, the cyber kill chain methodology, the MITRE attack framework, and the Diamond Model of Intrusion Analysis. Module 02 Page 151 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Exam 212-82 Information Security Attacks What is Hacking? Hacking refers to exploiting system vulnerabilities and compromising security controls to gain unauthorized It involves modifying system or application features to achieve a goal outside of the creator’s or inappropriate access to a system’s resources Hacking can be used to steal and redistribute intellectual property, leading to business loss original purpose Copyright © by EC- il All Rights Reserved. Reproductionis Strictly Prohibited. What is Hacking? Hacking in the compromising field of computer security controls to security gain refers to exploiting unauthorized or system inappropriate vulnerabilities access to and system resources. It involves a modifying system or application features to achieve a goal outside its creator’s original purpose. Hacking can be done to steal, pilfer, or redistribute intellectual property, thus leading to business loss. Hacking on computer networks is generally done using scripts or other network programming. Network hacking techniques include creating viruses and worms, performing denial-of-service (DoS) attacks, establishing unauthorized remote access connections to a device using Trojans or backdoors, creating botnets, packet sniffing, phishing, and password cracking. The motive behind hacking could be to steal critical information or services, for thrill, intellectual challenge, curiosity, experiment, knowledge, financial gain, prestige, power, peer recognition, vengeance, and vindictiveness, among other reasons. Module 02 Page 152 Certified Cybersecurity Technician Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Information Security Attacks Exam 212-82 R T [T T T[T ~ seannooaas) SRR 1 | [ EC-Council’s- Hacking Methodology According to EC-Council’s - hacking methodology, there are five phases of hacking: * Footprinting and Reconnaissance = Scanning = Gaining Access = Maintaining Access = (Clearing Tracks Module 02 Page 153 Certified Cybersecurity Technician Copyright © by EGC-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Information Security Attacks Exam 212-82 Phase 1 - Footprinting and Reconnaissance O Reconnaissance refers to the preparatory phase where an attacker seeks to gather information about a target prior to launching an attack Reconnaissance Types O ® Passive Reconnaissance = Involves acquiring information without directly interacting with the target = For example, searching public Active Reconnaissance * Involves directly interacting with the target by any means * For example, telephone calls to the target’s help desk or records or news releases technical department Copyright © by EC-C ncil Al Rights Reserved. Reproductionis Strictly Prohibited. Phase 1 - Footprinting and Reconnaissance Reconnaissance refers to the preparatory phase in which an attacker gathers as much information as possible about the target prior to launching the attack. In this phase, the attacker draws on competitive intelligence to learn more about the target. It could be the future point of return, noted for ease of entry for an attack when more about the target is known on a broad scale. The reconnaissance target range may include the target organization’s clients, employees, operations, network, and systems. This phase allows attackers to plan the attack. It may take some time as the attacker gathers as much information as possible. Part of this reconnaissance may involve social engineering. A social engineer is a person who convinces people to reveal information such as unlisted phone numbers, passwords, and other sensitive information. For instance, the hacker could call the target’s Internet service provider and, using personal information previously obtained, convince the customer service representative that the hacker is actually the target, and in doing so, obtain even more information about the target. Another reconnaissance technique is dumpster diving. Dumpster diving is, simply enough, looking through an organization’s trash for any discarded sensitive information. Attackers can use the Internet to obtain information such as employees’ contact information, business partners, technologies currently in use, and other critical business knowledge. Dumpster diving may even provide attackers with even more sensitive information, such as usernames, passwords, credit card statements, bank statements, ATM receipts, Social Security numbers, private telephone numbers, checking account numbers, or other sensitive data. Searching for the target company’s web site in the Internet’s Whois database can easily provide hackers with the company’s IP addresses, domain names, and contact information. Module 02 Page 154 Certified Cybersecurity Technician Copyright © by EG-Gouncil All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Information Security Attacks Exam 212-82 Reconnaissance Types Reconnaissance techniques are broadly categorized into active and passive. When an attacker is using passive reconnaissance techniques, they do not interact with the target directly. Instead, the attacker relies on publicly available information, news releases, or other no-contact methods. Active reconnaissance techniques, on the other hand, involve direct interactions with the target system by using tools to detect open ports, accessible hosts, router locations, network mapping, details of operating systems, and applications. Attackers use active reconnaissance when there is a low probability of the detection of these activities. For example, they may make telephone calls to the help desk or technical department. As a security professional, it is important to be able to distinguish among the various reconnaissance methods and advocate preventive measures in the light of potential threats. Companies, on their part, must address security as an integral business and operational strategies, and be equipped procedures to check for potential vulnerabilities. Module 02 Page 155 with the proper part of their policies and Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Information Security Attacks Exam 212-82 Phase 2 - Scanning m Scanning refers to the pre-attack phase when the attacker scans the network for specific information based on information gathered during reconnaissance Scanning can include the use of dialers, port scanners, network mappers, ping tools, and vulnerability scanners 4 Q \ \_' /) Attackers extract information such as live machines, port, port status, OS details, device type, and system uptime to launch attack Sends TCP/IP probes Gets network information > e Network Attacker Copyright © by All Rights Reserved. Reproductionis Strictly Prohibited 1 Phase 2 - Scanning Scanning is the phase immediately preceding the attack. Here, the attacker uses the details gathered during reconnaissance to scan the network for specific information. Scanning is a logical extension of active reconnaissance, and in fact, some experts do not differentiate scanning from active reconnaissance. There is a slight difference, however, in that scanning involves more in-depth probing on the part of the attacker. Often the reconnaissance and scanning phases overlap, and it is not always possible to separate the two. An attacker can gather critical network information such as the mapping of systems, routers, and firewalls by using simple tools such as the standard Windows utility Traceroute. Scanning can include the use of dialers, port scanners, network mappers, ping tools, vulnerability scanners, or other tools. Attackers extract information such as live machines, port, port status, OS details, device type, and system uptime to launch an attack. Port scanners detect listening ports to find information about the nature of services running on the target machine. The primary defense technique against port scanners is shutting down services that are not required and implementing appropriate port filtering. However, attackers can still use tools to determine the rules implemented by the port filtering. The most commonly used tools are vulnerability scanners, which can search for thousands of known vulnerabilities on a target network. This gives the attacker an advantage because he or she only has to find a single means of entry, while the systems professional has to secure as much vulnerability as possible by applying patches. Organizations that use intrusion detection systems still have to remain vigilant because attackers can and will use evasion techniques wherever possible. Module 02 Page 156 Certified Cybersecurity Technician Copyright © by EC-Gouncil All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Information Security Attacks Exam 212-82 Sends TCP/IP probes C]

Use Quizgecko on...
Browser
Browser