Introduction to Ethical Hacking... Introduction to Ethical Hacking... Ethical Hacking and CountermeasuresIntroduction to Ethical Hacking... Introduction to Ethical Hacking... Introductio
Trang 1In trod u ction to
E th ical H a ck in g
Module 01
Trang 2Introduction to Ethical Hacking
Trang 3th e num ber and duration o f so-called zero-day exploits over three years
The typica l zero-day attack, by d e fin itio n , e xp lo its s o ftw a re fla w s before th e y are publicly disclosed It lasts on average 312 days, w ith som e lasting as long as tw o and a ha lf years, according to th e study by researchers fro m an tivirus p ro vid e r Symantec O f th e 18 zero-day attacks th e researchers fou nd betw een 2008 and 2 0 1 1 ,1 1 o f th e m previously w e n t undetected
Recent re velations th a t th e S tuxnet m alw are th a t sabotaged Iranian nuclear facilities relied on five zero days already underscored th e th re a t posed by such attacks But th e researchers said
th e ir findings suggest th e menace may be even greater
Trang 4Introduction to Ethical Hacking
Trang 6Ethical Hacking and Countermeasures
Introduction to Ethical Hacking
Trang 8Introduction to Ethical Hacking
Trang 10Introduction to Ethical Hacking
Trang 12Introduction to Ethical Hacking
T a r g e t o f E v a l u a t io n
An IT system, product, or component that is identified/subjected to a required security evaluation
Z e r o - D a y A t t a c k
An attack that exploits computer application vulnerabilities before the software developer releases a patch for the vulnerability
Copyright © by EG-G*ancil All Rights Reserved Reproduction Is Strictly Prohibited.
V u l n e r a b i l i t yExistence of a weakness, design, or implementation error that can lead to
an unexpected and undesirable event compromising the security of the system
Trang 14Introduction to Ethical Hacking
Assurance that the systems responsible for delivering, storing, and processing information are accessible when required by the authorized users
Assurance that the
information is accessible
only to those authorized
to have access
A v a ila b ility 9 A u th e n tic ity
Authenticity refers to the characteristic o f a communication, document or any data that ensures the quality o f being genuine
In te g r ity
The trustw orthiness o f data
or resources in terms of preventing improper and unauthorized changes
Copyright © by EG-G*ancil All Rights Reserved Reproduction is Strictly Prohibited.
Trang 16Introduction to Ethical Hacking
C E H
T h e S e c u r ity , F u n c t io n a lit y , a n d
U s a b i l i t y T r i a n g l e
F u n c t i o n a l i t y(F e a tu re s)
U s a b i l i t y(G U I)
F u n c
»
| M o v in g th e ball to w a rd s |
j s e cu rity m eans less
: fu n c tio n a lity and u s a b ility j
S e c u r i t y( R e s tr ic tio n s )
Copyright © by EG-G*ancil All Rights Reserved Reproduction Is Strictly Prohibited.
Trang 18Introduction to Ethical Hacking
Trang 19Applications Security Professionals
9
Inadequate Security Policies
V irtua liza tion and Organized
Cloud C om p uting Cyber Crime
Complexity of
Computer Infrastructure
Compliance to Govt Mobile
Laws and Regulations Device Security
Copyright © by EG-G*ancil All Rights Reserved Reproduction Is Strictly Prohibited.
Trang 20Introduction to Ethical Hacking
Trang 22Introduction to Ethical Hacking
Copyright © by E C - G t n c i All Rights Reserved Reproduction is Strictly Prohibited.
Trang 24Introduction to Ethical Hacking
Trang 26Introduction to Ethical Hacking
It re fers to all stra te g ie s a n d a c tio n s to
d e fe n d a g a in s t a tta c k s o n ICT assets
It re fers to in fo rm a tio n w a rfa re th a t involves
a tta c k s a g a in s t ICT asse ts o f an o p p o n e n t
D e fe n s iv e W a rfa re
PreventionDeterrenceAlertsDetectionEmergencyPreparednessResponse
FIGURE 1.2 : D e fe n s iv e a n d O ffe n s iv e W a rfa re D ia g ra m
Trang 27C E H
I P v 6 S e c u r i t y T h r e a t s
A u t o C o n f i g u r a t i o n T h r e a t sIPv6 enables auto-configuration o f IP networks, which may leave user vulnerable to attacks if the netw ork is not configured properly and securely from th e very beginning
U n a v a i l a b i l i t y R e p u t a t i o n - b a s e d P r o t e c t i o nCurrent security solutions use reputation o f IP addresses to filte r ou t know n sources o f m alw are; vendors w ill take tim e to develop reputation- based protection fo r IPv6
I n c o m p a t i b i l i t y o f L o g g i n g S y s t e m sIPv6 uses 128-bit addresses, which are stored as a 39-digit string whereas IPv4 addresses stored in a 15-character field; logging solutions designed for IPv4 may not w ork on IPv6 based networks
Rate Limiting Problem
Adm inistrators use rate lim itin g strategy to slow down th e autom ated attack too l; however, it is impractical to rate lim it at the 128-bit address level
Copyright © by EG-G*ancil All Rights Reserved Reproduction Is Strictly Prohibited.
Trang 29stack) leading to potential vulne rab ility
<M>
D e f a u l t I P v 6
A c t i v a t i o nIPv6 may be activated w ith o u t
a d m in is tra to r's know ledge, which w ill
leave IPv4-based security controls
on "extension he ader" th a t may be chained,
which require a com plex processing by various
security controls systems such as routers,
security gateways, firewalls and IDSes
OO
C o m p l e x i t y in V u l n e r a b i l i t y
A s s e s s m e n tIPv6's 128-bit address space makes active scanning o f in fra s tru c tu re fo r unauthorized o r vulnerable systems
m ore com plex
Copyright © by EG-G*ancil All Rights Reserved Reproduction Is Strictly Prohibited.
Trang 30Introduction to Ethical Hacking
I P v 6 S e c u r i t y T h r e a t s
( C o n t ’d )
IPv4 to IPv6 Translation Issu e s
T ra n s la tin g IPv4 tr a ffic to IPv6 m a y re s u lt in a p o o r im p le m e n ta tio n an d m a y p ro v id e
a p o te n tia l a tta c k v e c to r
S e c u r i t y I n f o r m a t i o n a n d E v e n t M a n a g e m e n t ( S I E M ) P r o b l e m sEvery IPv6 h o s t can have m u ltip le IPv6 addresses s im u lta n e o u s ly , w h ic h leads to
c o m p le x ity o f log o r e v e n t c o rre la tio n
Denlal-of-Servlce (DOS)
O ve rlo a d in g o f n e tw o rk s e c u rity an d c o n tro l de vice s can s ig n ific a n tly re d u c e th e
a v a ila b ility th re s h o ld o f n e tw o rk resource s le a d in g to DoS attacks
Trespassing
IPv6's ad va n ce d n e tw o rk d is c o v e ry fe a tu re s can be e x p lo ite d by a tta ck e rs tra v e rs in g
th ro u g h y o u r n e tw o rk a n d accessing th e re s tric te d resource s
Copyright © by EG-G*ancil All Rights Reserved Reproduction is Strictly Prohibited.
Trang 32Introduction to Ethical Hacking
Trang 33to competitors, compromise critical financial Iinformation, and leak information to rivals I
Copyright © by EG-G*ancil All Rights Reserved Reproduction is Strictly Prohibited.
Trang 34Introduction to Ethical Hacking
Trang 35E x c e l l e n t C o m p u t e r S k i l l s
Intelligent individuals w ith excellent
com pute r skills, w ith the ab ility to
create and explore into the
co m p u te r's so ftw a re and hardw are
M a l i c i o u s I n t e n t
Some do hacking w ith m alicious inte nt behind
th e ir escapades, like stealing business data, cre dit card info rm atio n, social security numbers, em ail passwords, etc
D o I l l e g a l T h i n g s
Their in te ntion can e ith e r be to
gain kno w le dge o r to poke
around to do illegal things
Copyright © by EG-G*ancil All Rights Reserved Reproduction is Strictly Prohibited.
Trang 36Introduction to Ethical Hacking
o the r kind o f punishm ent
C y b e r T e r r o r i s t s
Individuals w ith w ide range
o f skills, m o tivated by religious or p o litica l b eliefs
to create fear by large-scale
d isrup tion o f com puter netw orks
&
S p y H a c k e r s
Individuals em ployed by the o rganization to penetrate and gain trade secrets o f the com p e tito r
A A
S c r i p t K i d d i e s
A n unskilled hacker w ho
com prom ises system by
running scripts, tools, and
softw are d eveloped by real
Trang 38Introduction to Ethical Hacking
C E H
H a c k t i v i s m
J It remains a fact, however,
th a t gaining unauth orized access is a crim e, no m a tter
w h a t th e in te ntion is
J Hacktivism is m otivated by revenge, po litical o r social reasons, ideology, vandalism, protest, and a desire to h u m ilia te victim s
Hacktivism is an act o f
p ro m o tin g a p o litic a l agenda
by hacking, especially by defacing o r disabling websites
Com m on targets include
g o vernm ent agencies,
m u ltin a tio n a l co rpora tions, o r any o th e r e n tity perceived as bad o r w rong by these groups
Trang 40Introduction to Ethical Hacking
C E H
H a c k i n g P h a s e s
_l Reconnaissance refers to th e p re p a ra to ry phase w h e re an a tta c k e r seeks to g a th e r in fo rm a tio n a b o u t a ta rg e t p r io r to la un ching an attack
J Could be th e fu tu re p o in t o f re tu rn , n o te d fo r ease o f e n try fo r an attack w h e n m o re a b o u t th e ta rg e t is k n o w n on a b road scale
- l Reconnaissance ta rg e t range m ay includ e th e ta rg e t o rganiza tion's clients, em ployees, o p e ra tio n s, n e tw o rk , and systems
R e c o n n a i s s a n c e T y p e s
A c tiv e R e c o n n a is s a n c e
s Active reconnaissance involves interacting w ith the target directly by any means
s For example, telephone calls to the help desk or technical departm ent
P a s s iv e R e c o n n a is s a n c ePassive reconnaissance involves acquiring inform ation w ith o u t directly interacting w ith the target For example, searching public records or news releases
Trang 42Introduction to Ethical Hacking
P o r t S c a n n e r
Scanning can include use o f dialers, p o rt scanners, n e tw ork mappers, ping tools, vulne rab ility scanners, etc
E x t r a c t I n f o r m a t i o n
Attackers extract in fo rm a tio n such as live m achines, p o rt,
p o rt status, OS details, device type, system u p tim e , etc
Trang 43e n t r y w h i l e t h e s y s t e m s p r o f e s s i o n a l h a s t o s e c u r e m a n y v u l n e r a b l e a r e a s b y a p p l y i n g p a t c h e s
O r g a n i z a t i o n s t h a t d e p l o y i n t r u s i o n d e t e c t i o n s y s t e m s ( I D S e s ) s t i l l h a v e r e a s o n t o w o r r y
b e c a u s e a t t a c k e r s c a n u s e e v a s i o n t e c h n i q u e s a t b o t h t h e a p p l i c a t i o n a n d n e t w o r k l e v e l s
Trang 44Introduction to Ethical Hacking
C E H
מ
A *
J a
H a c k i n g P h a s e s
( C o n t ’d )
Gaining access refers to the point where the attacker obtains access to the operating system or applications on the com puter or network
The attacker can gain access at the operating system level, application level, or network level
The attacker can escalate privileges to obtain complete control of the system In the process, intermediate systems that are connected to it are also compromised
Examples include password cracking, buffer overflows, denial o f service, session hijacking, etc
Trang 46Introduction to Ethical Hacking
A ttacke rs m a y p re ve n t th e system fro m b e in g o w n e d by o th e r
a ttackers by securing th e ir exclusive access w ith Backdoors,
R ootK its, o r Trojans
A ttacke rs can u p lo a d , d o w n lo a d , o r m a n ip u la te d a ta , a p p lic a tio n s , and c o n fig u ra tio n s on th e o w n e d system
A ttacke rs use th e c o m p ro m is e d system to laun ch fu r th e r attacks
Trang 47O r g a n i z a t i o n s c a n u s e i n t r u s i o n d e t e c t i o n s y s t e m s o r d e p l o y h o n e y p o t s a n d h o n e y n e t s t o
d e t e c t i n t r u d e r s T h e l a t t e r t h o u g h is n o t r e c o m m e n d e d u n l e s s t h e o r g a n i z a t i o n h a s t h e
r e q u i r e d s e c u r i t y p r o f e s s i o n a l t o l e v e r a g e t h e c o n c e p t f o r p r o t e c t i o n
Trang 48Introduction to Ethical Hacking
H a c k i n g P h a s e s
( C o n t ’d )
in te n tio n s includ e: o v e r w r ite s th e
C o n tin u in g access to th e s e rv e r, s y s te m , a n dvictim 's system
a p p lic a tio n lo g s to
re m a in in g u n n o tic e d and u n ca u g h t, d e le tin g a v o id s u s p ic io nevide nce th a t m ig h t
► lead to his pro se cu tio n ►*
Trang 49v i r u s t o o l s t h a t c a n d e t e c t T r o j a n s a n d o t h e r s e e m i n g l y b e n i g n f i l e s a n d d i r e c t o r i e s A s a n
e t h i c a l h a c k e r , y o u m u s t b e a w a r e o f t h e t o o l s a n d t e c h n i q u e s t h a t a t t a c k e r s d e p l o y , s o t h a t
y o u a r e a b l e t o a d v o c a t e a n d t a k e c o u n t e r m e a s u r e s t o e n s u r e p r o t e c t i o n T h e s e w i l l b e
d e t a i l e d i n s u b s e q u e n t m o d u l e s
Trang 50Introduction to Ethical Hacking
Trang 51I O p e ra tin g S ystem A tta c k s I I I A p p lic a tio n Level A tta c k s
I V S h rin k W ra p C ode A tta c k s
11 M is c o n fig u r a tio n A tta c k s
Trang 52Introduction to Ethical Hacking
Exploiting specific protoco l im p le m e n ta tio n sAttacking bu ilt-in
a u th e n tic a tio n systemsBreaking file-system security
Cracking passwords and
e n c ryp tio n mechanisms
O B u ffe r o v e rflo w
v u ln e ra b ilitie s
O Bugs in o p e ra tin g system
O U n pa tched o p e ra tin g system
A ttackers search fo r
v u ln e ra b ilitie s in an
o p e ra tin g system's design, in s ta lla tio n o r
co n fig u ra tio n and
e x p lo it th e m to gain access to a n e tw o rk system
Trang 54Introduction to Ethical Hacking
C E H
M i s c o n f i g u r a t i o n A t t a c k s
If a system is m is c o n fig u re d , such as a change is m ade in th e file perm ission,
it can no lon g e r be con sidered secure
M is c o n fig u ra tio n v u ln e ra b ilitie s a ffect w e b servers, a p p lic a tio n p la tfo rm s, databases, n e tw o rks , o r fra m e w o rk s th a t m ay re su lt in ille g a l access o r
possible o w n in g o f th e system
The a d m in is tra to rs are expected to change th e c o n fig u ra tio n o f th e devices
be fo re th e y are de p lo ye d in th e n e tw o rk Failure to do th is allow s th e d e fa u lt settings to be used to attack th e system
In o rd e r to o p tim iz e th e c o n fig u ra tio n o f th e m achine, re m ove any
Trang 55P oor o r n o n e x is te n t e r r o r ch e c k in g
in a p p lic a tio n s leads to :
9 Buffer overflow attacks
9 Sensitive inform ation disclosure
Copyright © by EG-G*ancil All Rights Reserved Reproduction is Strictly Prohibited.