Introduction to E th ical H ack in g Module 01 Ethical Hacking and Countermeasures Introduction to Ethical Hacking Exam 312-50 Certified Ethical Hacker In t r o d u c t io n to E t h ic a l H a c k in g M o d u le E n g i n e e r e d b y H a c k e r s P r e s e n t e d b y P r o f e s s io n a ls E t h ic a l H M o d u le a c k in g : a n d o u n t e r m In t r o d u c tio n E x a m Module 01 Page C to e a s u r e s E th ic a l v H a c k in g -5 Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved Reproduction is Strictly Prohibited Ethical Hacking and Countermeasures Introduction to Ethical Hacking Exam 312-50 Certified Ethical Hacker CEH S e c u r ity N e w s - ■ ■ _ * י ז י ■ • Iן ? י ! ■ ; ■־ ■ל־ ■ H o m e | A b o u t U s P o r t f o lio \ | C o n t a c t U s ■ יי | S e r v ic e Oct 17 2012, 0:45am 1ST Z e ro -d a y A tta c k s a r e M e an er, m o re R a m p a n t th a n w e e v e r th o u g h t C om puter attacks th a t ta rg e t undisclosed v u ln e b ilitie s are m ore com m on and last longer than many security researchers previously th o u g h t The fin d in g comes fro m a new study th a t tracked the num ber and duration o f so-called zero-day exploits over three years The typical zero-day attack, by d e fin itio n , e xp lo its s o ftw a re fla w s before th e y are publicly disclosed It lasts on average 312 days, w ith some lasting as long as tw o and a half years, according to th e study by researchers fro m antivirus p rovider Symantec O f the 18 zero-day attacks the researchers found betw een 2008 and 1 ,1 o f the m previously w e n t undetected Recent revelations th a t th e S tuxnet m alw are th a t sabotaged Iranian nuclear facilities relied on five zero days already underscored th e th re a t posed by such attacks But th e researchers said th e ir findings suggest th e menace may be even greater h ttp : //a r s te c h n ic a c o m Copyright © by EG-G*ancil All Rights Reserved Reproduction is Strictly Prohibited N e w s Z e r o - d a y e v e r A tta c k s a r e M e a n e r , m o r e R a m p a n t th a n w e th o u g h t S o u rce : h ttp ://a rs te c h n ic a c o m C o m p u te r th a n a tta c k s th a t ta rg e t u n d is c lo s e d v u ln e b ilitie s a re m o re com m on m a n y s e c u rity re s e a rc h e rs p re v io u s ly th o u g h t T h e fin d in g c o m e s f r o m and la s t a new lo n g e r s tu d y th a t tr a c k e d th e n u m b e r a n d d u r a tio n o f s o -c a lle d z e ro - d a y e x p lo its o v e r t h r e e y e a rs The ty p ic a l d is c lo s e d ze ro -d a y It la s ts a c c o rd in g to th e on a tta c k , by a ve g e s tu d y by d e fin itio n , 312 days, e x p lo its w ith re se a rch e rs fro m s o ftw a re som e la s tin g a n tiv iru s as fla w s b e fo re th e y lo n g as t w o and p ro v id e r S y m a n te c a tta c k s th e re s e a rc h e rs fo u n d b e tw e e n 0 a n d 1 , 11 o f th e m O f th e a re p u b lic ly a h a lf ye a rs , 18 z e ro -d a y p re v io u s ly w e n t u n d e te c te d R e c e n t r e v e la tio n s t h a t t h e S t u x n e t m a lw a r e t h a t s a b o ta g e d Ira n ia n n u c le a r fa c ilitie s re lie d o n fiv e z e ro d a y s a lre a d y u n d e r s c o r e d th e t h r e a t p o s e d b y su ch a tta c k s B u t th e r e s e a r c h e r s s a id t h e ir fin d in g s s u g g e s t th e m e n a c e m a y b e e v e n g re a te r "Z e ro -d a y a tta c k s a re d iffic u lt to p re v e n t because th e y e x p lo it unknow n v u ln e b ilitie s , fo r w h ic h th e r e a re n o p a tc h e s a n d n o a n tiv iru s o r in t r u s io n - d e te c tio n s ig n a tu r e s ," th e y w r o te "It seem s th a t, Module 01 Page as lo n g as s o ftw a re w ill have bugs and th e d e v e lo p m e n t of e x p lo its fo r new Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved Reproduction is Strictly Prohibited Ethical Hacking and Countermeasures Introduction to Ethical Hacking Exam 312-50 Certified Ethical Hacker v u ln e b ilitie s w ill b e a p ro fita b le a c tiv ity , w e w ill b e e x p o s e d to z e r o - d a y a t t a c k s In f a c t , p e r c e n t o f t h e z e r o - d a y v u l n e r a b i l i t i e s w e i d e n t i f y in o u r s t u d y w e r e s u g g e s ts th a t th e r e a re m any m o re z e ro -d a y a tta c k s th a n not known b e fo re , w h ic h p re v io u s ly t h o u g h t — p e rh a p s m o re t h a n t w ic e as m a n y " R e s e a rc h e rs L e y la B ilg e and Tudor e x e c u ta b le file s c o lle c te d f r o m M a rch 2012 T hre e d is c lo s e d in 2009, o f th e ze ro -d a y s ix w e r e D u m itra s c o n d u c te d e x p lo its t h e y d is c lo s e d in 2010, fo u n d and tw o r e p u ta tio n d a ta th e re s e a rc h e rs re lie d o n p r e v e n te d t h e m a tta c k o n m a n y v e rs io n s o f M ic r o s o ft W in d o w s , w h ic h z e ro d a y u n til n o w , h a d th e a s y s te m a tic s tu d y 11 m illio n c o m p u te rs a ro u n d th e w o rld fro m th a t a n a ly z e d F e b ru a ry 0 to w e re d is c lo s e d in 2008, seven w e re d is c lo s e d in 2011 (The fro m w e re b in a ry i d e n t i f y i n g a t t a c k s in 2 ) A n a p p e a rs to s h o rte s t d u tio n : ju s t 19 days A n have gone u n d e te c te d as a e x p lo it o f a s e p a te s e c u rity b u g in t h e W i n d o w s s h e ll h a d t h e l o n g e s t d u r a t i o n : m o n t h s Of th e 18 a tta c k s m o n ito re d E ig h t s tu d ie d , o f th e c o n v e n tio n a l w is d o m 15 ta rg e te d e x p lo its w e re 102 or d ire c te d fe w e r of at th re e or th e 11 fe w e r m illio n h o s ts h o s ts The th a t d a ta w e re c o n firm s th a t z e ro -d a y a tta c k s a re ty p ic a lly re s e rv e d fo r h ig h -v a lu e ta rg e ts O f th e r e m a in in g t h r e e a tta c k s , o n e w a s e x p lo ite d b y S tu x n e t a n d a n o th e r w a s e x p lo ite d b y C o n fic k e r, th e v iru le n t w o r m d is c o v e re d in 0 t h a t h a s i n f e c t e d m illio n s o f c o m p u te r s c o n t in u e s t o d o so ) T h e S t u x n e t a n d C o n fic k e r e x p lo it t a r g e t e d re s p e c tiv e ly T h e re s u lts , t h e r e s e a r c h e r s s a id , d e m o n s t r a t e d m illio n th e (and re p o rte d ly a n d ,0 0 h o s ts d iv id e n d s re tu rn e d b y z e ro - d a y e x p lo its , w h ic h c a n c o m m a n d p ric e s as h ig h as $ ,0 0 "F or e x a m p le , a p p ro x im a te ly w ro te " T h is C o n fic k e r ,0 0 e x a m p le e x p lo itin g th e v u ln e b ility C V E -2 0 -4 m a c h in e s w it h o u t b e in g d e te c te d illu s tra te s th e e ffe c tiv e n e s s o ver m o re o f z e ro -d a y m anaged th a n tw o v u ln e b ilitie s to in fe c t m o n th s ," th e y fo r c o n d u c tin g s te a lth c y b e r-a tta c k s " The re se a rch e rs c a u tio n e d l im it a t io n s , c a u s in g it t o T h re a ts once a tta c k s th e ir m e th o d of c o lle c tin g m is s z e r o - d a y a tta c k s t r a c k e d R e p o rt o v e r th e z e ro -d a y th a t tim e p e rio d becam e s tu d ie d p u b lic file s b y S y m a n te c 's o w n S u rp ris in g ly , th e k n o w le d g e — b y n u m b e r o f a t t a c k v a r ia n t s a ls o ro s e , w i t h e x e c u ta b le m a rg in s had s ig n ific a n t In t e r n e t S e c u rity num ber o f a tta c k s o f tw o - to o n ly g re w 0 ,0 0 -fo ld The 183 to ,0 0 m o re v a ria n ts d e te c te d ea ch day O n e p o s s i b l e c a u s e o f t h e s u r g e i n n e w f i l e s , t h e r e s e a r c h e r s s a i d , is t h a t t h e e x p l o i t s m a y h a v e b e e n re p a c k a g e d v e rs io n s o f th e s a m e a tta c k " H o w e v e r , i t is d o u b t f u l t h a t r e p a c k i n g a l o n e c a n a c c o u n t f o r a n i n c r e a s e b y u p t o f i v e o r d e r s o f m a g n i t u d e , " t h e y w r o t e " M o r e l i k e l y , t h i s i n c r e a s e is t h e r e s u l t o f t h e e x t e n s i v e r e - u s e o f f i e l d p r o v e n e x p l o i t s in o t h e r m a l w a r e " Copyrights: ©2012 Conde Nast Author: Dan Goodin h t t p : / / a r s t e c h n i c a c o m / s e c u r i t v / 2012 / 10/ z e r o - d a v - a t t a c k s - a r e - m e a r 1e r - a r 1d - m o r e - p l e n t i f u l - th a n -th o u g h t/ Module 01 Page Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved Reproduction is Strictly Prohibited Ethical Hacking and Countermeasures Introduction to Ethical Hacking Exam 312-50 Certified Ethical Hacker CEH M o d u le O b je c tiv e s J D a ta B re a c h In v e s tig a tio n s R e p o rt J H a c k in g P hases J E s s e n tia l T e rm in o lo g y J T yp e s o f A tta c k s o n a S yste m J E le m e n ts o f In f o r m a tio n S e c u rity J W h y E th ic a l H a c k in g Is N e c e s s a ry J T o p In fo r m a tio n S e c u rity A tta c k J S kills o f an E th ica l H a c k e r r j In c id e n t M a n a g e m e n t P rocess ׳j T yp e s o f S e c u rity P o licie s V e c to rs J In f o r m a tio n S e c u rity T h re a ts J H a c k in g vs E th ic a l H a c k in g J E ffe c ts o f H a c k in g o n B usiness j V u ln e r a b ility R esea rch J W h o Is a H a c k e r? j W h a t Is P e n e tra tio n T e s tin g ? b a s Copyright © by EG-G*ancil All Rights Reserved Reproduction is Strictly Prohibited M Sf o d u l e O b je c t iv e s —1 I t is i m p o r t a n t t o b e a r in m i n d t h a t a t t a c k e r s b r e a k i n t o s y s t e m s f o r v a r i o u s r e a s o n s a n d p u r p o s e s T h e r e f o r e , i t is i m p o r t a n t t o c o m p r e h e n d h o w m a l i c i o u s h a c k e r s e x p l o i t s y s t e m s a n d t h e p r o b a b l e r e a s o n s b e h i n d t h e a t t a c k s A s S u n T z u p u t it in t h e A r t o f W a r , " I f y o u k n o w y o u r s e l f b u t n o t t h e e n e m y , f o r e v e r y v i c t o r y g a i n e d , y o u w i l l a l s o s u f f e r a d e f e a t " I t is t h e d u t y of s y s te m a d m in is tra to rs a g a in s t e x p lo its and b y k n o w in g n e tw o rk th e s e c u rity e n e m y — th e p ro fe s s io n a ls m a lic io u s to g u a rd h a cke r(s)— w h o th e ir seek to in fra s tru c tu re use th e sam e in f r a s t r u c t u r e f o r ille g a l a c tiv itie s E t h i c a l h a c k i n g is t h e p r o c e s s o f c h e c k i n g a n d t e s t i n g t h e o r g a n i z a t i o n n e t w o r k f o r t h e p o s s i b l e lo o p h o le s a n d v u ln e b ilitie s w h ite h a ts They p e rfo rm T h e in d iv id u a ls o r e x p e rts w h o p e r fo r m h a c k in g in e th ic a l w ays, w ith o u t e th ic a l h a c k in g a re c a lle d c a u s in g any dam age to th e c o m p u t e r s y s te m , th e r e b y in c re a s in g th e s e c u rity p e r im e te r o f a n o rg a n iz a tio n Module 01 Page Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved Reproduction is Strictly Prohibited Exam 312-50 Certified Ethical Hacker Ethical Hacking and Countermeasures Introduction to Ethical Hacking T h is m o d u le c o v e rs : H a c k in g P h a se s E s s e n tia l T e r m in o l o g y T y p e s o f A tta c k s o n a S y s te m E le m e n ts o f I n fo r m a tio n S e c u rity W h y E t h i c a l H a c k i n g Is N e c e s s a r y T o p I n fo r m a tio n S e c u rity A tta c k S k ills o f a n E th ic a l H a c k e r In c id e n t M a n a g e m e n t P ro ce ss T y p e s o f S e c u r it y P o lic ie s V u ln e r a b ility R e s e a rch W h a t Is P e n e t r a t i o n T e s t i n g ? D a ta B re a c h In v e s tig a tio n s R e p o rt V e c to rs In fo r m a tio n S e c u rity T h re a ts H a c k in g vs E th ic a l H a c k in g E ffe c ts o f H a c k in g o n B u s in e s s W h o Is a H a c k e r ? Module 01 Page Ethical Hacking and Countermeasures Copyright © by EC-C0UI1Cil All Rights Reserved Reproduction is Strictly Prohibited Ethical Hacking and Countermeasures Introduction to Ethical Hacking Exam 312-50 Certified Ethical Hacker H a c k in g P hases T ypes of A tta c k s In fo rm a tio n S e c u r ity C o n tro ls Copyright © by EC-G*ancil All Rights Reserved Reproduction is Strictly Prohibited M o d u l e F lo w '־ In fo rm a tio n in fo rm a tio n and d is ru p tio n , a n d s e c u rity re fe rs in fo rm a tio n d e s tru c tio n a g re a t th re a t In an p ro te c tin g s y s te m s fro m or s a fe g u a rd in g u n a u th o riz e d access, F o r m o s t o rg a n iz a tio n s , in fo r m a tio n s e c u re d If s e n s itiv e in f o r m a t io n fa c e to fa lls in t o w r o n g a tte m p t to is t h e hands, th e n th e u n d e rs ta n d how to any k in d of d is c lo s u re , s e n s itiv e a lte tio n , c ritic a l re s o u rc e t o re s p e c tiv e o rg a n iz a tio n s e cu re such c ritic a l be m ay in fo rm a tio n re s o u rc e s , fir s t w e w ill lo o k a t an o v e r v ie w o f in f o r m a t io n s e c u rity i-g ! In f o r m a t io n S e c u rity O v e r v ie w H a c k in g P h a se s f c —־ s ' In fo r m a tio n S e c u rity T h re a ts 1— י T yp e s o f A tta c k s a n d A tta c k V e c to rs k - !״ T h is s e c t io n H a c k in g C o n c e p ts c o v e rs e le m e n ts ן o f in fo rm a tio n r^ U In fo r m a tio n S e c u rity C o n tro ls s e c u rity , th e s tre n g th o f th e c o m p o n e n t tria n g le (s e c u rity , fu n c tio n a lity , a n d u s a b ility ), a n d e s s e n tia l te r m in o lo g y Module 01 Page Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved Reproduction is Strictly Prohibited Ethical Hacking and Countermeasures Introduction to Ethical Hacking I n t e r n Exam 312-50 Certified Ethical Hacker e t C r i m e C u r r e n t R e p o r t : I C CEH (•rtifwd itk itjl I n t e r n e t C r im e C o m p la in t C e n t e r (IC ) 20 20 2008 20 07 2009 _ 2010 2011 htp://www.ic3.gov Copyright © by EG-G*ancil All Rights Reserved Reproduction Is Strictly Prohibited I n t e r n e t C r i m e C u r r e n t R e p o r t : I C S o u rce : h ttp ://w w w ic g o v T h e f o l l o w i n g is t h e c r i m e r e p o r t d a t a f r o m p a rtn e rs h ip a m o n g th e F ederal B u re a u C e n te r (N W C ), a n d th e B u re a u I C ; t h e I n t e r n e t C r i m e C o m p l a i n t C e n t e r ( I C ) is a o f In v e s tig a tio n o f J u s tic e A s s is ta n c e c r im e c o m p la in t s a re in c r e a s in g d a ily F ro m th e re w e re in c re a s e d to ,4 3 ,6 5 c r im e W hen c o m p la in ts , c o m p a re d N a tio n a l W h ite (B JA ) A c c o r d in g t o C o lla r C rim e IC , o n l i n e In te rn e t t h e g r a p h , y o u c a n o b s e r v e t h a t in t h e y e a r 0 , w h e re a s to (F B I), t h e 2009, in th e year In te r n e t c rim e 2009, c o m p la in ts c o m p la in ts in t h e d s tic a lly year 2011 d e c re a s e d to s o m e e x te n t Module 01 Page Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved Reproduction is Strictly Prohibited Ethical Hacking and Countermeasures Introduction to Ethical Hacking Exam 312-50 Certified Ethical Hacker ,0 0 336,655 303,809 0 0 0 0 275,284 231,493 207,492 0 0 0 0 0 0 ,0 0 Module 01 Page ״ 206,884 314,246 r d C o m p la in ts r e c e iv e d by I C Yearly Comparison of Complaints Received via the IC3 Website I n t e r n e t C r im e C o m p la in t C e n te r (IC ) Ethical Hacking and Countermeasures Copyright © by EC-C0linCil All Rights Reserved Reproduction is Strictly Prohibited Ethical Hacking and Countermeasures Introduction to Ethical Hacking Exam 312-50 Certified Ethical Hacker D a ta B re a c h In v e s tig a tio n s R e p o rt Types of hacking by CEH and percent of records r 28% / 97% H a c k in g P h y s ic a l E n v ir o n m e n ta l I 0% I 0% P e rc e n t o f B re a c h e s a n d P e rc e n t o f R e c o rd s h ttp : //w w w v e r iz o n b u s in e s s c o m Copyright © by IC-CM ICil All Rights Reserved Reproduction Is Strictly Prohibited D n — The d a ta a t a B r e a c h I n v e s t i g a t i o n s R e p o r t S o u rce : h ttp ://w w w v e riz o n b u s in e s s c o m b re a c h in v e s tig a tio n s re p o rt fro m V e riz o n B u s in e s s sh o w s th e ty p e s o f h a c k in g by p e r c e n t o f b r e a c h e s a n d p e r c e n t o f r e c o r d s F r o m t h e r e p o r t , i t is c l e a r t h a t m o s t o f t h e s e c u r i t y b r e a c h e s h a p p e n i n g t o d a y a r e b e c a u s e o f h a c k i n g T h e r e f o r e , in o r d e r t o p r o t e c t y o u r s e l f f r o m d a ta o r s e c u r it y b re a c h e s , y o u s h o u ld te s t y o u r n e t w o r k s e c u rity a g a in s t h a c k in g Module 01 Page 10 Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved Reproduction is Strictly Prohibited Ethical Hacking a n d C o u n te rm e a s u re s In tro d u c tio n to Ethical H acking Exam 2-50 C ertified Ethical H acker T y p e s o f S e c u r it y י P o lic ie s C E H m P ro m isc u o u s P e rm issiv e P ru d e n t P a n o id P o licy P o licy P o licy P o licy □ -No restrictions on In te rn e t o r re m ote access Policy begins w ide open and on ly It provides maximum security w h ile It forbids everything, no In te rn e t k no w n dangerous services/attacks allow ing know n but necessary dangers nection , or blocked, w hich makes it d iffic u lt to It blocks all services and only safe/ necessary services are enabled individually; everything is logged keep up w ith c u rre n t exploits severely lim ite d In te rn e t usage Copyright © by EG-G*ancil All Rights Reserved Reproduction is Strictly Prohibited H -|t־ T y p e s o f S e c u r ity P o lic ie s A security policy is a d o cu m e n t th a t contains in fo rm a tio n on the w ay th e com pany plans to p ro te ct its in fo rm a tio n assets fro m kn ow n and u n kn o w n th re a ts These policies help to m aintain the co nfid e ntia lly, availability, and in te g rity o f in fo rm a tio n The fo u r m ajor types o f security policies are as follow s: A P r o m is c u o u s P o lic y m rk W ith a prom iscuous policy, the re is no re s tric tio n on In te rn e t access A user can access any site, dow nload any application, and access a co m p u te r or a n e tw o rk fro m a rem ote location W hile this can be useful in co rp orate businesses w here people w ho travel or w o rk at branch offices need to access the organizational netw orks, many m alware, virus, and Trojan threa ts are present on the Inte rn e t Due to free In te rn e t access, this m alw are can come as a ttachm ents w ith o u t the know ledge o f the user N e tw o rk a d m in is tra to rs m ust be extrem ely a le rt if this type o f policy is chosen P e r m is s iv e P o lic y i!L •׳ In a permissive policy, the m a jo rity o f In te rn e t tra ffic is accepted, b ut several know n dangerous services and attacks are blocked Because only know n attacks and exploits are M o d u le P ag e 76 Ethical H acking a n d C o u n te rm e a s u re s C opyright © by EC-C0UnCil All Rights R eserved R ep ro d u ctio n is Strictly P ro h ib ite d Ethical Hacking a n d C o u n te rm e a s u re s In tro d u c tio n to Ethical H acking Exam -5 C ertified Ethical H acker blocked, it is im possible fo r adm inistrato rs to keep up w ith cu rre n t exploits A dm in istra to rs are always playing catch-up w ith new attacks and exploits P r u d e n t P o lic y A p ru de n t policy starts w ith all services blocked The a d m in istra to r enables safe and necessary services individually This provides m a xim u m security Everything, such as system and n e tw o rk activities, is logged P a r a n o id P o lic y cw - In a paranoid policy, everything is fo rb id d e n There is s tric t re s tric tio n on all usage o f com pany com puters, w h e th e r it is system usage o r n e tw o rk usage There is e ith e r no In te rn e t connection o r severely lim ite d In te rn e t usage Due to these overly severe restrictions, users o fte n try to find ways around them M o d u le P ag e 77 Ethical H acking a n d C o u n te rm e a s u re s C opyright © by EC-C0UnCil All Rights R eserved R ep ro d u ctio n is Strictly P ro h ib ite d Ethical Hacking a n d C o u n te rm e a s u re s In tro d u c tio n to Ethical H acking Exam 2-50 C ertified Ethical H acker S te p s to C re a te S e c u r ity a n d Im p le m e n t P o lic ie s Make fin a l version available to all o f the staff in the organization Include senior m anagem ent Perform risk assessment to iden tify risks to the and all oth e r staff in policy developm ent organization's assets Train your em ployees and educate them about the policy Set clear penalties and Learn fro m standard guidelines and oth e r organizations enforce the m and also review and update o f the security policy Ensure every m em ber o f your staff read, sign, and understand th e policy Copyright © by EG-G*ancil All Rights Reserved Reproduction is Strictly Prohibited S te p s to C r e a te a n d I m p le m e n t S e c u r ity P o lic ie s Im p lem enting se curity policies reduces the risk o f being attacked Thus, every com pany m ust have its own security policies based on its business The fo llo w in g are the steps to be fo llo w e d by every organization in o rd er to create and im p le m e n t security policies: Perform risk assessm ent to id e n tify risks to th e organization's assets Learn fro m standard g uidelines and o th e r organizations Include senior m anagem ent and all o th e r sta ff in policy deve lo p m en t Set clear p enalties and enforce the m and also review and update the security policy Make the final version available to all sta ff in the organization Ensure every m em ber o f yo u r sta ff reads, signs, and understands the policy Install the too ls you need to enforce th e policy Train yo ur em ployees and educate the m about the policy M o d u le P ag e 78 Ethical H acking a n d C o u n te rm e a s u re s C opyright © by EC-C0UnCil All Rights R eserved R ep ro d u ctio n is Strictly P ro h ib ite d Ethical Hacking a n d C o u n te rm e a s u re s In tro d u c tio n to Ethical H acking Exam -5 C ertified Ethical H acker It defines the acceptable use of system resources Acceptable-Use Policy User-Account Policy It defines the account creation process and authority, rights and responsibilities of user accounts Remote-Access Policy It defines who can have remote access, and defines access medium and remote access security controls Inform ationProtection Policy i FirewallM anagem ent Policy WT It defines the sensitivity levels of information, who may have access, how is it stored and transmitted, and how should it be deleted from storage media It defines access, management, and monitoring of firewalls in the organization Special-Access Policy This policy defines the terms and conditions of granting special access to system resources N etw orkConnection Policy It defines who can install new resources on the network, approve the installation of new devices, document network changes, etc Email Security Policy Passwords Policy It is created to govern the proper usage of corporate email It provides guidelines for using strong password protection on organization's resources Copyright © by EG-G*ancil All Rights Reserved Reproduction is Strictly Prohibited E x a m p le s o f S e c u r ity P o lic ie s The fo llo w in g are some examples o f security polies th a t are created, accepted, and used by organizations w o rld w id e to secure th e ir assets and im p o rta n t resources A cceptable-U se Policy Defines the acceptable use o f system resources U ser-A ccount Policy Defines th e account creation process and a u th o rity , rights, and re sp o n sib ilitie s o f user accounts Remote-Access Policy Defines w ho can have re m o te access, and defines access m e d ium and re m o te access security controls In fo rm a tio n -P ro te c tio n Policy Defines the s e n s itiv ity levels o f in fo rm a tio n , w ho may have access, how is it stored and tra n s m itte d , and how should it be deleted fro m storage media F ire w a ll-M a n a g e m e n t Policy M o d u le P ag e 79 Ethical H acking a n d C o u n te rm e a s u re s C opyright © by EC-C0UnCil All Rights R eserved R ep ro d u ctio n is Strictly P ro h ib ite d Ethical Hacking a n d C o u n te rm e a s u re s In tro d u c tio n to Ethical H acking Exam -5 C ertified Ethical H acker Defines access, m anagem ent, and m o n ito rin g o f fire w a lls in the organization Special-Access Policy This policy defines th e te rm s and co n d itio n s o f granting special access to system resources N e tw o rk-C o n n e ctio n Policy Defines w ho can install n ew resources on the n etw o rk, approve the in stallation o f new devices, d ocum ent n e tw o rk changes, etc Email S ecurity Policy Created to govern the p ro pe r usage o f co rp o te em ail Password Policy Provides guidelines fo r using stro ng passw ord p ro te c tio n on organization's resources M o d u le P ag e 80 Ethical H acking a n d C o u n te rm e a s u re s C opyright © by EC-C0UnCil All Rights R eserved R ep ro d u ctio n is Strictly P ro h ib ite d Ethical Hacking a n d C o u n te rm e a s u re s In tro d u c tio n to Ethical H acking Exam 2-50 C ertified Ethical H acker V u ln e r a b ilit y J R e s e a r c h T h e p ro c e s s o f d is c o v e r in g v u ln e r a b ilit ie s a n d d e s ig n fla w s th a t w ill o p e n an o p e r a tin g s y s te m a n d its a p p lic a tio n s to a tta c k o r m is u s e J V u ln e r a b ilitie s a re c la s s ifie d b a s e d o n s e v e r ity le v e l (lo w , m e d iu m , o r h ig h ) a n d e x p lo it n g e (lo c a l o r re m o te ) An administrator needs vulnerability research: י To gather in fo rm a tio n ab out To find weaknesses and a le rt the security trends, threats, and attacks n e tw o rk a d m in istra to r before a n e tw o rk attack o To get in fo rm a tio n th a t helps © to prevent th e security problem s To know ho w to recover fro m a n e tw o rk attack Copyright © by EG-G*ancil All Rights Reserved Reproduction is Strictly Prohibited V u ln e r a b ility R e s e a rc h V u ln e b ility research means discovering system design fa u lts and weaknesses th a t m ight help attackers com prom ise the system Once the a ttacker finds o u t the v u ln e b ility in the p ro du ct or th e application, he or she trie s to e x p lo it it V u ln e b ility research helps both security adm inistrato rs and attackers: © Discovering system design faults and weaknesses th a t m ight help attackers to com prom ise the system Q Keeping abreast o f the latest v e n d o r-su p p o rte d p roducts and o th e r technologies in o rd er to find news related to cu rre n t exploits e Checking new ly released alerts regarding relevant innovations and p roduct im p rovem ents fo r security systems e V u ln e b ility research is based on the fo llo w in g classification: Q S everity level (low, m edium , or high) Q E xploit range (local or rem ote) An a d m in is tra to r needs v u ln e b ility research: Q To gather in fo rm a tio n about security trends, threats, and attacks © To find weaknesses and a le rt the n e tw o rk a d m in istra to r before a n e tw o rk attack Q To get in fo rm a tio n th a t helps to p revent security problem s Q To know how to recover fro m a n e tw o rk attack M o d u le P ag e 81 Ethical H acking a n d C o u n te rm e a s u re s C opyright © by EC-C0UnCil All Rights R eserved R ep ro d u ctio n is Strictly P ro h ib ite d Ethical Hacking a n d C o u n te rm e a s u re s In tro d u c tio n to Ethical H acking V u ln e r a b ility j % ןיין י ^ ו Exam 2-50 C ertified Ethical H acker R e s e a r c h W e b s ite s C o d e R e d C e n te r http://www.eccouncil.org TechN et http://blogs technet.com / ץ I ר־־־ £3| -1—1 S e c u r ity M a g a z in e http://www.5ecuritymagazine.com S e c u rity F o c u s http://www.securityfocus com C E H H a c k e r S to rm http://www.hackerstorm.co.uk SC M a g a z in e / » f fp : / / w w w s c m o g o z / n e c o m C o m p u te r w o r ld http://www.computerworld com H a c k e rJ o u rn a ls http://www.hackerjournals.com < c ™ H e lp N e t S e c u r ity http://www.net-security.org \o*M v > W in d o w s S e c u r ity B lo g s http://blogs.windowsecurity.com Copyright © by EG-C*ancil All Rights Reserved Reproduction is Strictly Prohibited V u l n e r a b ilit y R e s e a r c h W e b s ite s The fo llo w in g are the some v u ln e b ility research w ebsites th a t you can use: ill f -L11lilll | C o d e R e d C e n te r Source: h ttp ://w w w e c c o u n c il.o rg The CodeRed Center is a com prehensive se curity resource a d m in is tra to rs can tu rn to fo r daily, accurate, u p-to -d a te in fo rm a tio n on the latest viruses, Trojans, m alw are, threats, security tools, risks, and vulnerabilities ( P TechN et Source: h ttp ://b lo g s.te ch n e t.co m TechN et is a p ro ject team fro m across M ic ro s o ft Lync Server team s and the co m m u n ity at large It is led by the Lync Server d o cu m e n ta tio n team ; th e ir w rite rs and technical review ers come fro m all disciplines, including p ro du ct engineers, fie ld engineers, su pp o rt engineers, d ocu m e n ta tio n engineers, and some o f the m ost respected technology bloggers and authors in the Lync Server universe M o d u le P ag e 82 Ethical H acking a n d C o u n te rm e a s u re s C opyright © by EC-C0UnCil All Rights R eserved R ep ro d u ctio n is Strictly P ro h ib ite d Ethical Hacking a n d C o u n te rm e a s u re s In tro d u c tio n to Ethical H acking X mVn Exam -5 C ertified Ethical H acker S e c u r ity M a g a z in e Source: h ttp ://w w w se cu ritym a g a zin e co m Security Magazine is uniquely focused on solutions fo r enterprise security leaders It is designed and w ritte n fo r business-m inded executives w ho manage e n te rp rise risk and security Security Magazine provides m anagem ent-focused features, opinions, and trends fo r leaders in business S e c u r ity F o c u s Source: h ttp ://w w w s e c u rity fo c u s c o m The Security Focus w ebsite focuses on a fe w key areas th a t are o f greatest im portance to the security co m m unity Q BugTraq is a high-volum e, full-disclosure m ailing list fo r the detailed discussion and announcem ent o f co m p u te r security vu ln era b ilitie s BugTraq serves as the cornerstone o f th e In te rn e t-w id e security co m m unity The SecurityFocus V u ln e b ility Database provides security professionals w ith the m ost u p-to -d a te in fo rm a tio n on vu ln era b ilitie s fo r all p la tfo rm s and services H e lp N e t S e c u r ity Source: h ttp ://w w w n e t-s e c u rity o rg Net Security is a daily security news site th a t has been covering th e latest co m p u te r and n e tw o rk security news since its inception in 1998 Besides covering news around the globe, HNS focuses on q u a lity technical articles and papers, vu ln era b ilitie s, ve nd o r advisories, m alware, and hosts th e largest security softw are dow nload area w ith so ftw a re fo r W indow s, Linux, and Mac OS X H a c k e rS to rm Source: http://www.hackerstorm.co.uk HackerStorm is a security resource fo r e thical hackers and p e n e tra tio n teste rs to create b e tte r p en e tra tio n testin g plans and scopes, and conduct vu ln e b ility research S C M a g a z in e ^ Source: h ttp ://w w w scm a g a zin e co m SC Magazine is published by H aym arket Media Inc and is part o f a global brand There are th re e separate editions o f the magazine: © N orth Am erica - U.S and Canada © Inte rn a tion a l - U.K and m ainland Europe M o d u le P ag e 83 Ethical H acking a n d C o u n te rm e a s u re s C opyright © by EC-C0UnCil All Rights R eserved R ep ro d u ctio n is Strictly P ro h ib ite d Ethical Hacking a n d C o u n te rm e a s u re s In tro d u c tio n to Ethical H acking Q Exam -5 C ertified Ethical H acker Asia Pacific O nline - read by decision-m akers in over 20 co u n trie s in the Pacific Rim region The magazine is published m o n th ly, usually in the firs t w eek o f each m o n th It is th e longest running in fo rm a tio n security magazine in the w o rld , w ith the w idest d istrib u tio n SC Magazine provides IT security professionals w ith in -d ep th and unbiased in fo rm a tio n in one incom parable publication In each m o n th ly issue it has tim e ly news, com prehensive analysis, cutting-edge features, co n trib u tio n s fro m th o u g h t leaders and the best, m ost extensive co llection o f p ro du ct reviews in the business They been doing this since 1989, w hen it firs t began cam paigning fo r organizations' in fo rm a tio n security leaders, making it the longest established IT security title in the United States C o m p u te r w o r ld ““ “ — Source: h ttp ://w w w c o m p u te rw o rld c o m For m ore than 40 years, C o m p ute rw o rld has been the leading source o f technology news and in fo rm a tio n fo r IT influencers w o rld w id e C o m p u te rw o rld 's w e b site (C om puterw orld.com ), tw ic e -m o n th ly publication, focused conference series, and custom research fo rm the hub o f the w o rld 's largest global IT media netw ork Source: h ttp ://w w w h a c k e rio u rn a ls c o m Hacker Journals is an online In fo rm a tio n S ecurity C o m m u n ity It propagates news specifically related to in fo rm a tio n security threa ts and issues fro m all over the w o rld Its research team s search and com pile news fro m tens o f thousands o f sites to bring you the m ost relevant Cyber Security title s in one location In a dd itio n to news, it hosts blogs and discussions, education videos, as w ell as its W orld Famous Hack.ED colum n, providing education series in Ethical Hacking and C ounterm easure Techniques and technologies \— / - W in d o w s S e c u r it y B lo g s Source: h ttp ://b lo g s.w in d o w se cu rity.co m W indow s security has blogs posted by fam ou s auth ors w ho are leading industry experts It has various features such as articles and tu to ria ls, blogs, message boards, security tests, and w h ite papers M o d u le P ag e 84 Ethical H acking a n d C o u n te rm e a s u re s C opyright © by EC-C0UnCil All Rights R eserved R ep ro d u ctio n is Strictly P ro h ib ite d Ethical Hacking a n d C o u n te rm e a s u re s In tro d u c tio n to Ethical H acking Exam -5 C ertified Ethical H acker W h a t I s P e n e t r a t io n T e s t in g ? C E H UrtrfW* I ttfciul lUilwt T e s tin g in v o lv e s a c tiv e a n a ly s is o f P e n e tra tio n te s tin g is a m e th o d o f e v a lu a tin g s y s te m c o n fig u tio n s , d e s ig n th e s e c u rity o f an in fo r m a t io n s y s te m o r w e a k n e s s e s , n e tw o r k n e tw o r k b y s im u la tin g a n a tta c k to a r c h ite c tu re , te c h n ic a l fla w s , f in d o u t v u ln e r a b ilit ie s th a t an a n d v u ln e r a b ilitie s a tta c k e r c o u ld e x p lo it B lack b o x te s tin g s im u la te s an A c o m p re h e n s iv e r e p o r t w ith a tta c k fr o m s o m e o n e w h o has d e ta ils o f v u ln e b ilitie s n o p r io r k n o w le d g e o f th e s y s te m , d is c o v e re d a n d s u ite o f re c o m m e n d e d c o u n te rm e a s u re s a n d w h ite b o x te s tin g s im u la te s an is d e liv e re d to th e e x e c u tiv e , a tta c k fr o m s o m e o n e w h o has m a n a g e m e n t, a n d te c h n ic a l a u d ie n c e s c o m p le te k n o w le d g e a b o u t th e s y s te m Copyright © by EG-G(IIIICil All Rights Reserved Reproduction is Strictly Prohibited W h a t I s P e n e t r a t io n T e s tin g ? P enetration testing is a m ethod o f e va lu a tin g se curity levels o f a p articula r system or n etw o rk This helps you d ete rm ine th e flaw s related to h a rd w a re and so ftw a re The early id e n tific a tio n helps p ro te c t th e n e tw o rk If the vu ln era b ilitie s a re n 't id e n tifie d early, the n the y becom e an easy source fo r the attacker fo r the intrusion During p en e tratio n testing, a pen te ste r analyzes all the se curity measures em ployed by the organization fo r design weaknesses, technical flaws, and vu ln era b ilitie s There are tw o types o f testing; black box te s tin g and w h ite b o x te stin g Black box testin g sim ulates an attack fro m som eone w ho is u n fa m ilia r w ith the system, and w h ite box testing sim ulates an a ttacker th a t has kn ow led g e abo u t the system Once all the tests are conducted, th e pen te ste r prepares a re p o rt and includes all the te st results and the tests conducted along w ith the vu ln era b ilitie s fou n d and the respective counterm easures th a t can be applied Finally, the pen te ste r delivers the re p o rt to executive, m anagem ent, and technical audiences M o d u le P ag e 85 Ethical H acking a n d C o u n te rm e a s u re s C opyright © by EC-C0UnCil All Rights R eserved R ep ro d u ctio n is Strictly P ro h ib ite d Ethical Hacking a n d C o u n te rm e a s u re s In tro d u c tio n to Ethical H acking Exam -5 C ertified Ethical H acker ב W h y P e n e t r a t io n T e s t in g C E H (•rtifwd A S e Identify the threats facing an organization's information assets © For testing and validating the efficiency of security protections and controls Reduce an organization's expenditure on IT security and enhance Return ^ On Security Investment (ROSI) by identifying and remediating vulnerabilities or weaknesses itkitjl a For changing or upgrading existing infrastructure of software, hardware, or network design W Focus on high-severity vulnerabilities and emphasize application-level security issues to development teams and management Provide assurance with comprehensive assessment of organization's security including policy, procedure, design, and Implementation » Gain and maintain certification to an industry regulation (BS7799, HIPAA etc.) Provide a comprehensive approach of preparation steps that can be taken to prevent upcoming exploitation w Evaluate the efficiency of network security devices such as firewalls, routers, and web servers Adopt best practices in compliance to legal and industry regulations Copyright © by EG-C*ancil All Rights Reserved Reproduction is Strictly Prohibited Ip fe W h y P e n e t r a t io n T e s t in g ? P enetration testing is required because it helps you to: © Id e n tify the threa ts facing an organization's in fo rm a tio n assets © Reduce On an S ecurity organization's In ve stm e n t IT (ROSI) security by costs and provide id e n tifyin g and resolving a b e tte r Return vu ln era b ilitie s and weaknesses © Provide an organization w ith assurance: a tho ro u gh and com prehensive assessment o f organizational security covering policy, procedure, design, and im p le m e n ta tio n © Gain and m aintain ce rtifica tio n to an in dustry regulation (BS7799, HIPAA etc.) © A p t best practices by co nfo rm ing to legal and in d u s try re g ula tio ns © Test and validate the efficiency o f se curity p ro te c tio n s and co n tro ls © Change or upgrade existing in fra stru ctu re o f softw are, hardw are, or n e tw o rk design © Focus on h ig h-se ve rity v u ln e b ilitie s and emphasize a p p lica tio n -le ve l se curity issues to d eve lo p m en t team s and m anagem ent © Provide a com prehensive approach o f pre pa tio n steps th a t can be taken to prevent upcom ing e xploita tio n © Evaluate the efficiency o f n e tw o rk security devices such as fire w a lls, routers, and web servers M o d u le P ag e 86 Ethical H acking a n d C o u n te rm e a s u re s C opyright © by EC-C0UnCil All Rights R eserved R ep ro d u ctio n is Strictly P ro h ib ite d Ethical Hacking a n d C o u n te rm e a s u re s In tro d u c tio n to Ethical H acking P e n e tr a tio n T e s tin g Exam -5 C ertified Ethical H acker M e th o d o lo g y As a pen tester, you should never overlook any in fo rm a tio n resource All possible in fo rm a tio n sources m ust be tested fo r vuln era b ilitie s Not ju st the in fo rm a tio n sources, but every m echanism and the s o ftw a re involved in yo u r business m ust be tested because if the a ttacker is n ot able to com prom ise the in fo rm a tio n system, the n he o r she may try to gain access to the system and then to th e sensitive in fo rm a tio n A fe w attacks, such as d enial-ofservice attacks, d o n 't even need access to the system Therefore, to ensure th a t you check all possible ways o f com prom ising a system or n etw o rk, you should fo llo w the p en e tra tio n testing m ethodology This ensures the full scope o f the test M o d u le P ag e 87 Ethical H acking a n d C o u n te rm e a s u re s C opyright © by EC-C0UnCil All Rights R eserved R ep ro d u ctio n is Strictly P ro h ib ite d Ethical Hacking a n d C o u n te rm e a s u re s In tro d u c tio n to Ethical H acking Exam -5 C ertified Ethical H acker FIGURE 1.5: P e n e tra tio n T e s tin g M e th o d o lo g y P a rt -1 M o d u le P ag e 88 Ethical H acking a n d C o u n te rm e a s u re s C opyright © by EC-C0UnCil All Rights R eserved R ep ro d u ctio n is Strictly P ro h ib ite d Ethical Hacking a n d C o u n te rm e a s u re s In tro d u c tio n to Ethical H acking Exam -5 C ertified Ethical H acker P e n e tr a tio n T e s t in g M e t h o d o lo g y ( C o n t’ d ) Mobile Devices Penetration Testing ►Tff ►H ► Email Security Penetration Testing SAP Penetration Testing FIGURE 1.6: P e n e tra tio n T e s tin g M e th o d o lo g y P a rt 2־ M o d u le P ag e Ethical H acking a n d C o u n te rm e a s u re s C opyright © by EC-C0l1nCil All Rights R eserved R ep ro d u ctio n is Strictly P ro h ib ite d Ethical Hacking a n d C o u n te rm e a s u re s In tro d u c tio n to Ethical H acking M o d u le Exam -5 C ertified Ethical H acker S u m m a r y C E H C o m p le x ity o f s e c u rity r e q u ir e m e n ts is in c re a s in g d a y b y d a y as a re s u lt o f e v o lv in g te c h n o lo g y , c h a n g in g h a c k in g ta c tic s , e m e rg in g s e c u rity v u ln e r a b ilitie s , e tc □ □ H a c k e r o r c c k e r is o n e w h o acce sses a c o m p u te r s y s te m b y e v a d in g its s e c u rity s y s te m E th ic a l h a c k in g in v o lv e s th e use o f h a c k in g to o ls , tric k s , a n d te c h n iq u e s to id e n tify v u ln e r a b ilitie s so as to e n s u re s y s te m s e c u rity E th ic a l h a c k e rs h e lp o r g a n iz a tio n to b e tte r u n d e rs ta n d t h e ir s e c u rity s y s te m s a n d id e n tify th e risks, h ig h lig h t th e re m e d ia l a c tio n s , a n d a ls o re d u c e ICT c o s ts b y re s o lv in g th o s e v u ln e r a b ilitie s E th ic a l h a c k e r s h o u ld p o sses p la t fo r m k n o w le d g e , n e tw o r k k n o w le d g e , c o m p u te r e x p e rt, s e c u rity k n o w le d g e , a n d te c h n ic a l k n o w le d g e s kills E th ic a l h a c k in g is a c ru c ia l c o m p o n e n t o f ris k a s s e s s m e n t, a u d itin g , c o u n te r fra u d , b e s t p c tic e s , a n d g o o d g o v e rn a n c e Copyright © by EG-G*ancil All Rights Reserved Reproduction is Strictly Prohibited M o d u le S u m m a ry This m odule is sum m arized as follow s: © The co m p lexity o f se curity re q u ire m e n ts is increasing day by day as a result o f evolving technology, changing hacking tactics, em erging security vu ln era b ilitie s, etc © A hacker o r cracker is som eone w h o accesses a co m p u te r system by evading its se curity system Q Ethical hacking involves the use o f hacking tools, tricks, and techniques to id e n tify v u ln e b ilitie s to ensure system security Ethical hackers help organizations to b e tte r understand th e ir security systems and id e n tify th e risks, highlight the re m e d ial actions, and also reduce ICT costs by resolving those vu ln erabilities Q An ethical hacker possesses p la tfo rm know ledge, n e tw o rk know ledge, c o m p u te r expert, se curity know ledge, and tech n ica l kn ow led g e skills Q Ethical hacking is a crucial co m p on e nt o f risk assessment, auditing, co u n te r fraud, best practices, and good governance M o d u le P ag e Ethical H acking a n d C o u n te rm e a s u re s C opyright © by EC-C0UnCil All Rights R eserved R ep ro d u ctio n is Strictly P ro h ib ite d ... t/ Module 01 Page Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved Reproduction is Strictly Prohibited Ethical Hacking and Countermeasures Introduction to Ethical. .. y Module 01 Page Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved Reproduction is Strictly Prohibited Ethical Hacking and Countermeasures Introduction to Ethical. .. Module 01 Page 10 Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved Reproduction is Strictly Prohibited Ethical Hacking and Countermeasures Introduction to Ethical