Module i - introduction to ethical hacking

  • 34 trang
  • file .pdf
Mod le I
Module
Introduction to Ethical
H ki
Hacking
What Does a Malicious Hacker Do
Reconnaissance
• Active/passive
Clearing
Reconnaissance
Tracks
Scanning
Gaining access
• Operating system level/application level
• Network level Maintaining
• Denial of service Scanning
Access
Maintaining access
• Uploading/altering/ downloading Gaining
programs or data Access
Clearing tracks
Effect on Business
“They (hackers) don't care what kind of business you are, they just
want to use your computer,
computer ” says Assistant U.S.
U S Attorney Floyd Short
in Seattle, head of the Western Washington Cyber Task Force, a
coalition of federal, state, and local criminal justice agencies
If the data is altered or stolen, a company may risk losing credibility
and the trust of their customers
Hacker
There is a continued increase in malware that installs open proxies on
systems, especially targeting broadband user’s zombies
Businesses most at risk,, experts
p say,
y, are those handling
g online
financial transactions ffi User
Office
Phase 1 - Reconnaissance
Reconnaissance refers to the preparatory phase where an attacker seeks to
gather as much information as p
g possible about a target
g of evaluation p
prior to
launching an attack
Business Risk: Notable - Generally noted as "rattling the door knobs" to see if
someone is watching and responding
Could be the future point of return, noted for ease of entry for an attack when
more about the target is known on a broad scale
Reconnaissance Types
Passive reconnaissance involves acquiring
q g
information without directly interacting
with the target
• For example,
l searching
hi public
bli records
d or news
releases
Active reconnaissance involves
interacting with the target directly by
any means
• For example, telephone calls to the help
desk or technical department
Phase 2 - Scanning
Scanning refers to the pre-attack phase when the
hacker scans the network for specific information on
the basis of information gathered during
reconnaissance
Business Risk: High
g – Hackers have to g get a single
g
point of entry to launch an attack
Scanning can include use of dialers, port scanners,
network mapping, sweeping, vulnerability scanners,
andd so on
Phase 2 – Scanning (cont’d)
Phase 3 - Gaining Access
Gaining access refers to the penetration phase.
phase The hacker
exploits the vulnerability in the system
The exploit can occur over a LAN, the Internet, or as a
deception, or theft. Examples include buffer overflows, denial of
service, session hijacking, and password cracking
Influencing factors include architecture and configuration of
the target system, the skill level of the perpetrator, and the
initial level of access obtained
Business Risk: Highest – The hacker can gain access at the
operating system level, application level, or network level
Phase 4 - Maintaining Access
Maintaining access refers to the phase when the hacker tries to retain his/her
ownership
p of the system
y
The hacker has compromised the system
Hackers may harden the system from other hackers as well (to own the system) by
securing their exclusive access with Backdoors, RootKits, or Trojans
Hackers
k can upload,
l d download,
d l d or manipulate
i l d
data, applications,
li i and
d
configurations on the owned system
Phase 5 - Covering Tracks
Covering Tracks refer to the activities that the hacker does to hide his misdeeds
Reasons include the need for prolonged stay, continued use of resources, removing
evidence of hacking, or avoiding legal action
Examples include Steganography, tunneling, and altering log files
Types of Hacker Attacks
There are several ways
y an attacker can g
gain access to a system
y
The attacker must be able to exploit a weakness or vulnerability in a
system
Attack Types:
Operating System attacks
Application-level
Application level attacks
Shrink Wrap code attacks
Misconfiguration attacks
1. Operating System Attacks
1. Operating System Attacks
(cont d)
(cont’d)
T d ’ operating
Today’s ti systems
t are complex
l iin nature
t
Operating
p g systems
y run manyy services,, p
ports,, and modes of access and require
q
extensive tweaking to lock them down
The default installation of most operating
p g systems
y has large
g numbers of
services running and ports open
Applying patches and hotfixes are not easy in today
today’ss complex network
Attackers look for OS vulnerabilities and exploit them to gain access to a
network
t k system
t
Security News: Default
Installation
Source: http://www.vnunet.com/
2. Application Level Attacks
Software developers
p are under tight
g schedules to deliver
products on time
Extreme Programming is on the rise in software
engineering
g g methodology
gy
Software applications come with tons of functionalities
and features
Sufficient time is not there to perform complete testing
before releasing products
Security is often an afterthought and usually delivered as
"add-on” component
Poor or non
non-existent
existent error checking in applications
which leads to “Buffer Overflow Attacks”
3. Shrink Wrap Code Attacks
Why reinvent the wheel when you can buy off-the-shelf
“libraries” and code?
When you install an OS/Application, it comes with tons of
sample scripts to make the life of an administrator easy
The problem is “not fine tuning” or customizing these
scripts
This will lead to default code or shrink wrap code attack
3. Shrink Wrap Code Attacks
(cont d)
(cont’d)
4. Misconfiguration Attacks
Systems that should be fairly secure are hacked because they were not configured
correctly
Systems are complex and the administrator does not have the necessary skills or
resources to fix the problem
Administrator will create a simple configuration that works
In order
d to maximize your chances
h off configuring
f a machine
h correctly,
l remove
any unneeded services or software
Hacktivism
Refers to the idea of hacking
g with or for a cause
Comprises
p of hackers with a social or p
political agenda
g
Aims at sending a message through their hacking activity
and
d gaining
i i visibility
i ibilit for
f their
th i cause and
d themselves
th l
Common targets include government agencies, MNCs, or
any other entity perceived as bad or wrong by these
groups or individuals
It remains a fact, however, that gaining unauthorized
access is
i a crime,
i no matter whatever
h the
h iintention
i iis
Hacker Classes
Black Hats
• Individuals with extraordinary computing skills, resorting
to malicious or destructive activities. Also known as
crackers
White
hi Hats
• Individuals professing hacker skills and using them for
defensive purposes. Also known as security analysts
Gray Hats
• Individuals who work both offensively and defensively at
various times