EH3_Contents_ch1.pdf

Full Transcript

Applied College Shaqra Ethical Hacking (3) SYS 2004 Dr. Majid H. Alsulami [email protected] 2024 Copyright 2024 - All Rights Reserved Applied College Shaqra No part of this presentation may be reproduced or transmitted in any form whatsoever, electronic, or mechanical, including photocopying, recording, or by any informational storage or retrieval system without express written, dated and signed permission from the creator. Applied College Shaqra Course Main Objective(s): Basics of the ethical hacking Foot printing and scanning Techniques for system hacking Malware and their attacks and detect and prevent them Signature of different attacks and prevent them Detect and prevent the security attacks in different environments Applied College Shaqra Course Content No 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 List of Topics Basics of the ethical hacking Foot printing and scanning Foot printing and scanning Foot printing and scanning Techniques for system hacking Techniques for system hacking Techniques for system hacking Malware and their attacks and detect and prevent them Malware and their attacks and detect and prevent them Signature of different attacks and prevent them Signature of different attacks and prevent them Signature of different attacks and prevent them Detect and prevent the security attacks in different environments Detect and prevent the security attacks in different environments Detect and prevent the security attacks in different environments Review Total Contact Hours 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 64 Applied College Shaqra Students Assessment Activities No 1 2 3 4 5 6 Assessment Activities * Midterm 1 Midterm 1 Quizzes Participation labs Final written Examination Assessment timing Percentage of Total Assessment Score (in week no) 7-8 14-15 4-11 weekly 16 End of semester 15% 15% 10% 10% 10% 40% *Assessment Activities (i.e., Written test, oral test, oral presentation, group project, essay, etc.) Applied College Shaqra References and Learning Resources Essential References 1. Gray Hat Hacking the Ethical Hackers Handbook, 3rd Edition by Shon Harris, Gideon Lenkey, Allen Harper, Jonathan Ness and Chris Eagle (2011, Trade Paperback). 2. The Basics of Hacking and Penetration Testing: Ethical Hacking and Penetration Testing Made Easy by Patrick Engebretson, Syngress; 2 edition. 3..Hands-On Ethical Hacking & Network Defense - By James Corley, Kent Backman, & Michael Simpson. Supportive References Codecademy – Python - https://www.codecademy.com/tracks/python List of Open Source Software/learning website: ∙ https://hackaday.com/ Electronic Materials ∙ https://breakthesecurity.cysecurity.org/ ∙ https://www.eccouncil.org/programs/certified-ethical-hacker-ceh/ ∙ https://www.hackthissite.org Other Learning Materials PowerPoint, Videos Applied College Shaqra Chapter 1 Basics of the ethical hacking Applied College Shaqra What is Ethical Hacking? Ethical Hacking is identifying weakness in computer systems and/or computer networks and coming with countermeasures that protect the weaknesses. Ethical hackers must abide by the following rules: Get written permission from the owner of the computer system and/or computer network before hacking. Protect the privacy of the organization been hacked. Transparently report all the identified weaknesses in the computer system to the organization. Inform hardware and software vendors of the identified weaknesses. Applied College Shaqra 1 - Ethical Hacking concepts The word “hacking” is exciting, seemingly seedy, and usually brings about thoughts of complex technical activities, sophisticated crimes, and a look into the face of electronic danger itself. Although some computer crimes may take on some of these aspects, in reality it is not this grand or romantic. A computer is just a new tool to carry out old crimes. Attackers are only one component of information security. Unfortunately, when most people think of security, their minds go right to packets, firewalls, and hackers. Security is a much larger and more complex beast than these technical items. Real security includes policies and procedures, liabilities and laws, human behavior patterns, corporate security programs and implementation, and yes, the technical aspects—firewalls, intrusion detection systems, proxies, encryption, antivirus software, hacks, cracks, and attacks. Applied College Shaqra 1 - Ethical Hacking concepts Understanding how different types of hacking tools are used and how certain attacks are carried out is just one piece of the puzzle. But like all pieces of a puzzle, it is a very important one. For example, if a network administrator implements a packet filtering firewall and sets up the necessary configurations, he may feel the company is now safe and sound. He has configured his access control lists to allow only “established” traffic into the network. This means an outside source cannot send a SYN packet to initiate communication with an inside system. If the administrator does not realize that there are tools that allow for ACK packets to be generated and sent, he is only seeing part of the picture here. This lack of knowledge and experience allows for a false sense of security, which seems to be pretty common in companies around the world today. Applied College Shaqra 1 - Ethical Hacking concepts Let’s look at another example. A network engineer configures a firewall to review only the first fragment of a packet and not the packet fragments that follow. The engineer knows that this type of “cut through” configuration will increase network performance. But if she is not aware that there are tools that can create fragments with dangerous payloads, she could be allowing in malicious traffic. Once these fragments reach the inside destination system and are reassembled, the packet can be put back together and initiate an attack Applied College Shaqra 1 - Ethical Hacking concepts In addition, if a company’s employees are not aware of social engineering attacks and how damaging they can be, they may happily give out useful information to attackers. This information is then used to generate even more powerful and dangerous attacks against the company. Knowledge and the implementation of knowledge are the keys for any real security to be accomplished. In most instances, the toolset used by malicious attackers is the same toolset used by security professionals. A lot of people do not seem to understand this. In fact, the books, classes, articles, websites, and seminars on hacking could be legitimately renamed to “security professional toolset education.” The problem is that marketing people like to use the word “hacking” because it draws more attention and paying customers Applied College Shaqra 1 - Ethical Hacking concepts How would a company’s networking staff ensure that all of the employees are creating complex passwords that meet the company’s password policy? They can set operating system configurations to make sure the passwords are of a certain length, contain upper- and lowercase letters, contain numeric values, and keep a password history. Note: A company’s security policy should state that this type of password testing activity is allowed by the IT staff and security team. Breaking employees’ passwords could be seen as intrusive and wrong if management does not acknowledge and allow for such activities to take place. Make sure you get permission before you undertake this type of activity. Applied College Shaqra 1 - Ethical Hacking concepts The same network staff needs to make sure that their firewall and router configurations will actually provide the protection level that the company requires. They could read the manuals, make the configuration changes, implement ACLs, and then go and get some coffee. Or they could implement the configurations and then run tests against these settings to see if they are allowing malicious traffic into what they thought was a controlled environment. These tests often require the use of hacking tools. The tools carry out different types of attacks, which allow the team to see how the perimeter devices will react in certain circumstances. Applied College Shaqra Recognizing Trouble When It Happens Network administrators, engineers, and security professionals need to be able to recognize when an attack is underway or when one is about to take place. It may seem as though recognizing an attack as it is happening should be easy. This is only true for the very “noisy” or overwhelming attacks such as denial-ofservice (DoS) attacks. Many attackers fly under the radar and go unnoticed by security devices and staff members. It is important to know how different types of attacks take place so they can be properly recognized and stopped. Applied College Shaqra Recognizing Trouble When It Happens Security issues and compromises are not going to go away any time soon. People who work in positions within corporations that touch security in any way should not try to ignore it or treat security as though it is an island unto itself. The bad guys know that to hurt an enemy is to take out what that victim depends upon most. Today the world is only becoming more dependent upon technology, not less. Even though application development and network and system configuration and maintenance are complex, security is only going to become more entwined with them. When a network staff has a certain level of understanding of security issues and how different compromises take place, they can act more effectively and efficiently when the “all hands on deck” alarm is sounded. Applied College Shaqra Recognizing Trouble When It Happens It is also important to know when an attack may be around the corner. If network staff is educated on attacker techniques and they see a ping sweep followed a day later by a port scan, they will know that most likely in three hours their systems will be attacked. There are many activities that lead up to different attacks, so understanding these items will help the company protect itself. The argument can be made that we have more automated security products that identify these types of activities so that we don’t have to see them coming. But depending upon software that does not have the ability to put the activities in the necessary context and make a decision is very dangerous. Computers can outperform any human on calculations and performing repetitive tasks, but we still have the ability to make some necessary judgment calls because we understand the greys in life and do not just see things in 1s and 0s. Applied College Shaqra Recognizing Trouble When It Happens So it is important to understand that hacking tools are really just software tools that carry out some specific type of procedure to achieve a desired result. The tools can be used for purposes. good (defensive) purposes or for bad (offensive) The good and the bad guys use the same exact toolset; the difference is their intent when operating these utilities. It is imperative for the security professional to understand how to use these tools and how attacks are carried out if he is going to be of any use to his customer and to the industry. Applied College Shaqra Emulating the Attack Once network administrators, engineers, and security professionals understand how attackers work, then they can emulate their activities to carry out a useful penetration test. But why would anyone want to emulate an attack? Because this is the only way to truly test an environment’s security level—you must know how it will react when a real attack is being carried out. Applied College Shaqra Where Do Attackers Have Most of Their Fun? Hacking into a system and environment is almost always carried out by exploiting vulnerabilities in software. Only recently has the light started to shine on the root of the problem of successful attacks and exploits, which is flaws within software code. Most attack methods described in this book can be carried out because of in the software. errors Applied College Shaqra Where Do Attackers Have Most of Their Fun? It is not fair to put all of the blame on the programmers, because they have done exactly what their employers and market have asked them to: quickly build applications with tremendous functionality. Only over the last few years has the market started screaming for functionality and security, and the vendors and programmers are scrambling to meet these new requirements and still stay profitable Applied College Shaqra Security Does Not Like Complexity Software, in general, is very complicated, and the more functionality that we try to shove into applications and operating systems, the more complex software will become. The more complex software gets, the harder it is to predict properly how it will react in all possible scenarios, which makes it much harder to secure. Today’s operating systems and applications are increasing in lines of code (LOC). Windows operating systems have approximately 40 million LOC. Unix and Linux operating systems have much less, usually around 2 million LOC. A common estimate used in the industry is that there are between 5–50 bugs per 1,000 lines of code. So a middle of the road estimate would be that Windows 7 has approximately 1,200,000 bugs. (Not a statement of fact; just a guesstimation.) Applied College Shaqra Security Does Not Like Complexity It is difficult enough to try to logically understand and secure 40 million LOC, but the complexity does not stop there. The programming industry has evolved from traditional programming languages to object-oriented languages, which allow for a modular approach to developing software. This approach has a lot of benefits: reusable components, faster to market times, decrease in programming time, and easier ways to troubleshoot and update individual modules within the software. Applied College Shaqra Security Does Not Like Complexity But applications and operating systems use each other’s components, users download different types of mobile code to extend functionality, DLLs are installed and shared, and instead of application-to-operating system communication, today many applications communicate directly with each other. The operating system cannot control this type of information flow and provide protection against possible compromises. Applied College Shaqra Security Does Not Like Complexity If we peek under the covers even further, we see that thousands of protocols are integrated into the different operating system protocol stacks, which allows for distributed computing. The operating systems and applications must rely on these protocols for transmission to another system or application, even if the protocols contain their own inherent security flaws. Device drivers are developed by different vendors and installed in the operating system. Many times these drivers are not well developed and can negatively affect the stability of an operating system. And to get even closer to the hardware level, injection of malicious code into firmware is an up-and-coming attack avenue. Applied College Shaqra Security Does Not Like Complexity So is it all doom and gloom? Yep, for now. Until we understand that a majority of the successful attacks are carried out because software vendors do not integrate security into the design and specification phases, our programmers have not been properly taught how to code securely, vendors are not being held liable for faulty code, and consumers are not willing to pay more for properly developed and tested code, our staggering hacking and company compromise statistics will only increase. Applied College Shaqra Security Does Not Like Complexity Will it get worse before it gets better? Probably. Every industry in the world is becoming more reliant on software and technology. Software vendors have to carry out the continual one-upmanship to ensure their survivability in the market. Although security is becoming more of an issue, functionality of software has always been the main driving component of products, and it always will be. Attacks will also continue and increase in sophistication because they are now revenue streams for individuals, companies, and organized crime groups. Applied College Shaqra Security Does Not Like Complexity Will vendors integrate better security, ensure their programmers are properly trained in secure coding practices, and put each product through more and more testing cycles? Not until they have to. Once the market truly demands that this level of protection and security is provided by software products and customers are willing to pay more for security, then the vendors will step up to the plate. Currently, most vendors are only integrating protection mechanisms because of the backlash and demand from their customer bases. Applied College Shaqra Security Does Not Like Complexity So we are back to the original question: what does this have to do with ethical hacking? A novice ethical hacker will use tools developed by others who have uncovered specific vulnerabilities and methods to exploit them. A more advanced ethical hacker will not just depend upon other people’s tools, she will have the skill set and understanding to look at the code itself. The more advanced ethical hacker will be able to identify possible vulnerabilities and programming code errors and develop ways to rid the software of these types of flaws. Applied College Shaqra Can Hacking Be Ethical? Applied College Shaqra Can Hacking Be Ethical? A Hacker is a person who finds and exploits the weakness in computer systems and/or networks to gain access. Hackers are usually skilled computer programmers with knowledge of computer security. Applied College Shaqra Ethical Hacking Categories According to Dictionary, Hacking is the act of gaining unauthorized access to data in a system or computer. A Hacker is a person who exploits vulnerabilities in a computer system or network, breach the defences and plant a virus or steal information. But not all hackers have bad intentions, hackers are someone who hacks into the computer systems bypassing security measures. Hackers are generally categorized by their motive behind the hacking. Based on the intent they’re classified into “Black Hat Hacker” and “White Hat Hacker”. Grey Hat Hacking Applied College Shaqra Ethical Hacking Categories Black Hat Hacker Black Hat Hackers are someone who breaks into computer networks and responsible for writing malware and gain access to these systems. The motivation behind this attack is generally personal or financial gain. Basic crimes include spam emails, implant viruses, steal financial information, and login credentials. White Hat Hacker White Hat Hackers are Ethical Hacking professionals who do surveillance on the computer systems and perform threat assessment on the network. They find the security leaks and ensures the safety of network systems. White Hat Hackers employ the same technique as that of the Black Hat Hacker but with good intentions and do it with the permission from the owner. Grey Hat Hacker There is also one more category of hackers who are popularly called Grey Hat Hackers. They’re hackers who check the network for vulnerabilities without the permission of the owner and report their findings to their owners in return for a sum of money. Applied College Shaqra Phases in Hacking Hacking is usually not a one-step activity. But a process consisting of several phases. There are five phases in hacking: Phase 1: Reconnaissance Reconnaissance or footprinting involves gathering preliminary data or intelligence on the target organization to enable a hacker plan for the attack. Phase 2: Scanning The phase uses technical tools to gather more detailed intelligence on the systems and applications on the target organisation’s network. An example is the use of a vulnerability scanner to collect information on the weaknesses inherent in the target network. Applied College Shaqra Phases in Hacking Phase 3: Gaining Access in this phase An attacker gains control of one or more network devices which he uses to obtain data from the target system or network. He may also use the device he controls to launch further attacks on other systems and networks. Phase 4: Maintaining Access An attacker uses this phase to maintain his presence on the target network to gather as much information as possible. The attacker must remain stealthy to avoid detection. Phase 5: Covering Tracks The final phase requires the attacker to take the necessary steps to remove all traces of his activities. The attacker uses this phase to return the system to its previous state to avoid detection by the administrators of the host network.