Chapter 8 - 04 - Discuss Ethical Hacking Concepts - 01_ocred_fax_ocred.pdf

Full Transcript

Certified Cybersecurity Technician Exam 212-82
Network Security Assessment Techniques and Tools

Module Flow

Discuss Threat Hunting

Discuss Various Threat Intelligence
Feeds and Sources

Discuss Vulnerability Assessment

Discuss Ethical Hacking Concepts

Understand Fundamentals of
Penetration Testing and its Benefits

Understand the Fundamentals of Configuration
Management and Asset Management

Discuss Ethical Hacking Concepts
An ethical hacker follows processes similar to those of a malicious hacker. The steps to gain and
maintain access to a computer system are similar irrespective of the hacker’s intentions.

This section provides an overview of ethical hacking, why ethical hacking is necessary, the scope
and limitations of ethical hacking, and the skills of an ethical hacker.

Module 08 Page 1084 Certified Cybersecurity Technician Copyright © by EG-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Certified Cybersecurity Technician Exam 212-82
Network Security Assessment Techniques and Tools

What is Ethical
Hacking?

@ Ethical hacking @ It focuses on simulating Ethical hackers
involves the use of the techniques used by perform security
hacking tools, tricks, attackers to verify the assessments for an
and techniques to existence of exploitable organization with the
identify vulnerabilities vulnerabilities in a permission of
and ensure system system’s security concerned authorities
security

All Rights Reserved. Reproduction is Strictly Prohibited.

What is Ethical Hacking?
Ethical hacking is the practice of employing computer and network skills in order to assist
organizations in testing their network security for possible loopholes and vulnerabilities. White
Hats (also known as security analysts or ethical hackers) are the individuals or experts who
perform ethical hacking. Nowadays, most organizations (such as private companies,
universities, and government organizations) are hiring White Hats to assist them in enhancing
their cybersecurity. They perform hacking in ethical ways, with the permission of the network
or system owner and without the intention to cause harm. Ethical hackers report all
vulnerabilities to the system and network owner for remediation, thereby increasing the
security of an organization’s information system. Ethical hacking involves the use of hacking
tools, tricks, and techniques typically used by an attacker to verify the existence of exploitable
vulnerabilities in system security.

Today, the term hacking is closely associated with illegal and unethical activities. There is
continuing debate as to whether hacking can be ethical or not, given the fact that unauthorized
access to any system is a crime. Consider the following definitions:
* The noun “hacker” refers to a person who enjoys learning the details of computer
systems and stretching their capabilities.
= The verb “to hack” describes the rapid development of new programs or the reverse
engineering of existing software to make it better or more efficient in new and
innovative ways.

= The terms “cracker” and “attacker” refer to persons who employ their hacking skills for
offensive purposes.

Module 08 Page 1085 Certified Cybersecurity Technician Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Certified Cybersecurity Technician Exam 212-82
Network Security Assessment Techniques and Tools

= The term “ethical hacker” refers to security professionals who employ their hacking
skills for defensive purposes.
Most companies employ IT professionals to audit their systems for known vulnerabilities.
Although this is a beneficial practice, crackers are usually more interested in using newer,
lesser-known vulnerabilities, and so these by-the-numbers system audits do not suffice. A
company needs someone who can think like a cracker, keep up with the newest vulnerabilities
and exploits, and recognize potential vulnerabilities where others cannot. This is the role of the
ethical hacker.

Ethical hackers usually employ the same tools and techniques as hackers, with the important
exception that they do not damage the system. They evaluate system security, update the
administrators regarding any discovered vulnerabilities, and recommend procedures for
patching those vulnerabilities.
The important distinction between ethical hackers and crackers is consent. Crackers attempt to
gain unauthorized access to systems, while ethical hackers are always completely open and
transparent about what they are doing and how they are doing it. Ethical hacking is, therefore,
always legal.

Module 08 Page 1086 Certified Cybersecurity Technician Copyright © by EG-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Certified Cybersecurity Technician Exam 212-82
Network Security Assessment Techniques and Tools

Why Ethical Hacking is Necessary
To beat a hackezr,
hacker, you need to think like one!

@ Ethical hacking is necessary as it allows for counter attacks against malicious hackers through anticipating
the methods used to break into the system

Reasons why organizations recruit ethical hackers

E To prevent hackers from gaining access To provide adequate preventive measures a
v to the organization’s information systems in order to avoid security breaches

9 To uncover vulnerabilities in systems and To help safeguard customer data
explore their potential as a security risk B @

:“ To analyze and strengthen an organization’s To enhance security awareness at all 0%
security posture levels in a business

Copyright ©© by
Copyright by I L. All Rights Reserved. Reproduction is Strictly Prohibited
Prohibited.

Why Ethical Hacking is Necessary (Cont’d)
Ethical Hackers Try to Answer the Following Questions

S
[
1—
2 1
3
What can an intruder What can an intruder Does anyone at the
see on the target do with that target organization
system? information? (Gaining notice the intruders’
(Reconnaissance and Access and attempts or successes?
Scanning phases) Maintaining Access (Reconnaissance and
phases) Covering Tracks
phases)

)
]
4 ]
S
5) — | [vs———
=
6
Are all components of How much time, Are the information
the information effort, and money are security measures in
system adequately required to obtain compliance with legal
protected, updated, adequate protection? and industry
and patched? standards?
Copyright © by E EC-Co cil. All Rights Reserved.
Cil. Reproduction isis Strictly
erved. Reproduction Strictly Prohibited.
Prohibited.

Why Ethical Hacking is Necessary
As technology is growing at a faster pace, so is the growth in the risks associated with it. To
beat a hacker, it is necessary to think like one!
Ethical hacking is necessary as it allows to counter attacks from malicious hackers by
anticipating methods used by them to break into a system. Ethical hacking helps to predict
various possible vulnerabilities well in advance and rectify them without incurring any kind of

Module 08 Page 1087 EC-Council
Certified Cybersecurity Technician Copyright © by EG-Gouncil
All Rights Reserved. Reproduction is Strictly Prohibited.
Certified Cybersecurity Technician Exam 212-82
Network Security Assessment Techniques and Tools

outside attack. As hacking involves creative thinking, vulnerability testing, and security audits
alone cannot ensure that the network is secure. To achieve security, organizations must
implement a “defense-in-depth” strategy by penetrating their networks to estimate and expose
vulnerabilities.

Reasons why organizations recruit ethical hackers

= To prevent hackers from gaining access to the organization’s information systems

= To uncover vulnerabilities in systems and explore their potential as a risk
= To analyze and strengthen an organization’s security posture, including policies,
network protection infrastructure, and end-user practices

= To provide adequate preventive measures in order to avoid security breaches

= To help safeguard the customer data

= To enhance security awareness at all levels in a business
An ethical hacker’s evaluation of a client’s information system security seeks to answer three
basic questions:

1. What can an attacker see on the target system?

Normal security checks by system administrators will often overlook vulnerabilities. The
ethical hacker has to think about what an attacker might see during the reconnaissance
and scanning phases of an attack.

2. What can an intruder do with that information?

The ethical hacker must discern the intent and purpose behind attacks to determine
appropriate countermeasures. During the gaining-access and maintaining-access phases
of an attack, the ethical hacker needs to be one step ahead of the hacker in order to
provide adequate protection.
3. Are the attackers’ attempts being noticed on the target systems?

Sometimes attackers will try to breach a system for days, weeks, or even months. Other
times they will gain access but will wait before doing anything damaging. Instead, they will
take the time to assess the potential use of exposed information. During the
reconnaissance and covering tracks phases, the ethical hacker should notice and stop the
attack.
After carrying out attacks, hackers may clear their tracks by modifying log files and creating
backdoors, or by deploying trojans. Ethical hackers must investigate whether such activities
have been recorded and what preventive measures have been taken. This not only provides
them with an assessment of the attacker’s proficiency but also gives them insight into the
existing security measures of the system being evaluated. The entire process of ethical hacking
and subsequent patching of discovered vulnerabilities depends on questions such as:
= What is the organization trying to protect?

= Against whom or what are they trying to protect it?

Module 08 Page 1088 Certified Cybersecurity Technician Copyright © by EG-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Certified Cybersecurity Technician Exam 212-82
Network Security Assessment Techniques and Tools

= Are all the components of the information system adequately protected, updated, and
patched?

= How much time, effort, and money is the client willing to invest to gain adequate
protection?
= Do the information security measures comply with industry and legal standards?
Sometimes, in order to save on resources or prevent further discovery, the client might decide
to end the evaluation after the first vulnerability is found; therefore, it is important that the
ethical hacker and the client work out a suitable framework for investigation beforehand. The
client must be convinced of the importance of these security exercises through concise
descriptions of what is happening and what is at stake. The ethical hacker must also remember
to convey to the client that it is never possible to guard systems completely, but that they can
always be improved.

Module 08 Page 1089 Certified Cybersecurity Technician Copyright © by EC-Gouncil
All Rights Reserved. Reproduction is Strictly Prohibited.