introduction to ethical hacking
TRANSCRIPT
Introduction to ethical hacking
Introduction to ethical hacking
ScenarioJeffery came across some books that were related to hacking. He was curious to know about hacking public and private networks. He bought a book related to it from the nearby bookstore.
Amazed to learn new techniques about hacking, Jeffrey wanted to get hands on. He visited to local library and plugged his lap top to its network in the pretext of searching the database of books. Jeffrey wanted to find the vulnerability present in the librarys network and then show the report to the concerned authorities. coJeffrey launched the tools from a CD that was offered with book and discovered lot of loop holes in the network!
What is wrong with Jeffreys act?
Is his action justified?
Security newsThe recently conducted deloitte global security survey reveals that more then 3 quarters of the worlds top finance groups suffered serious breach of security in the past 1 year, out of which 78% of the companies suffered security breach from out side and 49% from within the companies. This 14% increase in security breaches from the previous year has led to calls for finance companies to stream line their IT security policy to the changing security landscape.Module objectiveThis module introduces you to the subject of ethical hacking. The topics discussed in this module are as follows importance of information security in todays world
elements of security
various phases of the hacking cycle
types of hackers attacks
hacktivism
ethical hacking
vulnerability research and tools that assist in the same steeps for conducting ethical hacking
computer crimes and implications
cyber laws prevailing in various parts around the world it is important to bear in mind that hackers break in to system for various reasons and purposes. There fore, it is important to comprehend how malicious hackers exploit systems and the probable reasons behind the attacks. As sun tzu put it in the art of war, if you know yourself but not the enemy, for every victory gained, you will also suffer a defeat. It is the duty of system administrators and network security professionals to guard their infrastructure against exploits by knowing the enemy the malicious hackers who seek to use that very in frastructure for illegal activities.Problem definition-why security Today organization are increasingly becoming networked ,as information is exchanged at the speed of thought.Routine task rely on computers for accessing, providing, and storing information.However,now a companys information assets not only differentiate it from its competition,but can also mean the difference between profit and loss. Consequently,there is a sense of urgency to secure these assets from likely threats and vulnerabilities. The subject of information security is vast, and the objective of this course is to give participants a comprehensive body of knowledge to help them secure information assets under their care.This course assumes that organizational policies endorsed by top-level management are in place, and that business objectivities and goals related to security have been incorporated as part of existing corporate strategy. A security policy is the specification for how objects in a security domain are allowed to interact.As a prelude to the course, we will briefly highlight the need to address the latest security concern The importance of security in contemporary information and telecommunications fields cannot be underestimated. There are myriad reasons for securing ICT (Information and communication technologies) infrastructure.For our discussion here, we will take a macro-level view,sincedetailing each and every aspect can be another course in itself.As computers have evolved, they have transcended their original purpose. Initially,computers were designed to facilitate research without much emphasis on security, since these resources, scare at the time, were meant to be shared. With the permeation of computers has meant that any disruption can mean the loss of time, money and sometime even the loss of life.
This triggers discussion on the term,vulnerability. In its present context,vulnerability has been defined as:
1.A security weakness in a target of evaluation (e.g. due to failures in analysis, design, implementation, or operation.)
2.Weakness in an information system or components (e.g. system security procedures, hardware design, or internal controls) that could be exploited to produce an information related misfortune.3.Vulnerability is the presence of a weakness, design, or implementation error that can lead to an unexpected and undesirable event compromising the security of the system, network, application, or protocol involved.It is important to note the difference between threat and vulnerability. This is because, inherently, most system have vulnerabilities of some sort.However,this does not mean that the systems are too flawed to be used.There is one major difference between threat and vulnerability: every threat does not lead to an attack, and all attacks do not result in success the factors that result in the success of an attack include the degree of vulnerability, strength of attack, and the extent to which countermeasures are adopted. If the attacks required to exploit vulnerability are difficult to carry out, the vulnerability may be tolerable.You can let go of certain vulnerabilities that can be easily exploited, but do not provide much of a challenge for a sophisticated intruder.An intruder is more likely to be interested in a vulnerability that lead to greater damage. However,if the attacks are well undertstood and easily made, and if the vulnerable system is utilized by a wide range of users, then it is likely that there will be enough benefit for a perpetrator to make an attack.Logically, the next essential term is attack. The key question is what is being attacked? The information resource that is being protected and defended against attacks is usually referred to as the target of evaluation. It has been defined as an IT system, product, or component that is identified as requiring security evaluation.
An attack has been defined as an assault on system security that originates from an intelligent threat,e.g.,an intelligent act that is a deliberate attempt ( especially in the sense of a method or technique) to evade security services and violate the security policy of a system.Note that it has been defined as an intelligent act that is a deliberate attempt. Attacks can be broadly classified as active and passive.
Active attacks are those that modify the target system or message,e.g. attacks that violate the integrity of the system or message. Example:DoS( denial of service) attacks that target resources available on a network. Active attacks can affect the availability,integrity,confidentiality,and authenticity of the system. Passive attacks are those that violate the confidentiality without affecting the state of the system.Example: Electronic eavesdropping (collecting confidential data sent in unencrypted from ).the key word here is confidentiality,which relates to preventing the disclosure of information to unauthorized person.The difference between these categories is that while an active attack attempts to alter system resources or affect their operation, a passive attack attempts to learn or make use of information from the system but does not affect system resources. The figure below show the relation among these terms, and sets for this module.
Attacks can also be categorized as originating from within an organization (inside attack) or outsider of it.
*An inside attack is initiated from within the physical boundary of a network by an authorized person. Such an attack is most likely from a disgruntled employee,though at times, ignorance may also lead to unintentional damage to network resources.*An outsider attack is caused by an external entity, an intruder who does not have the privilege to access the enterprise networjk
How does an attack agent (or attacker) take advantage of the vulnerability of the system?The act of taking advantage of system vulnerability is termed an exploit. An exploit is a defined way to breach the security of an IT system through its vulnerability.What companies a breach of security can very from one company to another or even from one department to another. Therfor, it is imperative for organization to address both penetration and protection issues. The scope of this course is limited to the penetration aspect-ethical hacking. As for protection issues, a company must address these via its security policies, ensuring that they comply with security audit requirements. When vulnerability is exploited, it constitutes an finger exposure. However,not every exposure constitutes vulnerability. Examples are port scanning, finger, and whois.Exposure
Exposure is loss to an exploit. Loss includes disclosure, deception, disruption,and usurpation. Vulnerability is the primary entry point an attacker can use to gain access to a system or to data. Exposure allows an attacker to collect confidential information with ease. The attacker can even erase his or her tracks in many such cases. Certain security issues that are taken for granted can lead to confidential information being compromised. In contrast, vulnerability allows an attacker to execute a command as another user, access data contrary to access control lists (ACLs), pose as another entity, or even conduct denial-of-service attacks.
Essential Terminologies
*Threat
It refers to a situation wherein human (s) or natural occurrences can cause an undesirable outcome. It has been variously defined in its current context.
*Vulnerability
The presence of a fault, either in the design or implementation phase of a system, product or component,possibly leading to an unanticipated compromise of security. Such vulnerability could be exploited to produce an information related misfortune.
*Exploit
A defined way to breach the security of an IT system through vulnerabilities is know as exploit.
*Target of Evaluation
It is an IT system, product , or component that is identified as requiring security evaluation.
*Attack
An assault on system security that is derived from an intelligent threat .An attack produce an action that violates security. Attacks are basically of two types: Active and passive. They can also be categorized and external depending on their origin.
Elements of security
*security a state of well being of information and infrastructure in which the possibility of successful yet undetected theft ,tampering ,and disruption of information and services is kept low or tolerableAny hacking event will affect any one or more of the essential security elements
Security rests on confidentiality ,authenticity ,integrity ,and availability
*confidentiality the concealment of information orresources*authenticity -the identification and assurance of the origin of information
*integrity-the trustworthiness of daaor resources in terms of preventing improper and unauthorized changes
*availability-the ability to use the information or resource desired
Elements of securitySecurity is the state of well being of information and infrastructure in which the possibility of successful yet undetected theft, tampering, and isruption of information and services is kept low or tolerable.
Note that it is not implied that total protection is required, since that is not practically possible considering that evolution of technology and dynamic system environments. the network is the computer, a phrase coined by sun microsystems in the mid-eighties is valid even today.
There are several aspects security in the current context.the owner of a system should have confidence that the system will behave according to its specificationsthis is termed assurance system, users, and application need to interact with one another in a networked environment . identification and authentication are means to ensure security in such a scenario. System administrators or concerned authorities need to know who , when, where and for what purpose system resources have been accessed .an audit trail or iog files can address this aspect of security termed accountability. Generally, not all resources are available to all users. This can have strategic implications. Having access controls on predefined parameters can help achieve security.
Another security aspect, critical at a systems operational level ,is reusability. A process may not reuse or manipulate objects that another process uses in order to prevent violation of security. In security parlance, this is also known as availabiiity. Information and processes need to be accurate in order to derive value from system resources. Accuracy is a key security element. The security, functionality, and ease of use triangle Technology is evolving at unprecedented rate. As a result, new product that reach the market tend to be engineered for easy-to-use rather than secure computing. Technology,originally developed for honest research and academic purpose, has not evolved at the same pace as user profile moreover, during this evolution; system designer often overlooked the vulnerabilities during the intended deployment of the system. However, increasing built-in default security mechanisms means users have to be more competent.As computers are used for more and more routine activities, it is becoming increasingly difficult for system administrators and other system professionals to allocate resources exclusively for securing system . This includes time needed to check log files, detect vulnerabilities, and apply security update patches.
Routine activities consume the time available for system administrators,leaving less time for vigilant administration . There is little time at hand to deploy measures and secure computing resources on regular and innovative basis . This has increased the demand for dedicated securing professionals to constantly monitor and defend ICT (Information and Communication Technology ) resources .Originally , to hack meant to possess extraordinary computer skills used to extend the limits of computer system . Hacking required great proficiency on the part of the individual . However , today there are automated tools and codes available on the Internet that make it possible for anyone with a will and desire to hack and succeed .
Mere compromise of the security of a system does not denote success . There are websites that insist on taking back the net as well as those who believe that they are doing all a favor by hosting exploit details . These can act as a detriment , and can bring down the skills level required to become a successful hacker .The ease with which system vulnerabilities can be exploited has increased while the knowledge curve required to perform such exploits has shortened . The concept of the elite /super hacker is an illusion . However , the fast evolving genre of script kiddies is largely comprised of lesser skilled individuals acquiring second hand knowledge to perform exploits .One of the main impediments to the growth of security infrastructure lies in the unwillingness of exploited or compromised victims to report the incident for fear of losing the goodwill and faith of their employee , customers , partner , and /or of losing market share . The trend of information assets influencing the market has seen more companies think twice before reporting incidents to law enforcement for fear of bad press and negative publicity . The increasingly networked environment with companies often having their website as a single point of contact across geographical boundaries makes it critical to take countermeasures to prevent any exploits that can result in loss an important reasons why corporation need to invest in security measures to protect their information assets .Case StudyAlan was stranded at Newark airport . He was to attend his friends wedding, and Continental Airlines just announced the cancellation of his connecting flight . He decided to purchase a seat on another airline , but the bank of America Corp ATM just wouldnt work . All seemed wrong with the world , as the airline staff was using pen and paper to take down new reservations . They couldnt even confirm availability .So ,what went wrong ? A worn infamously know as SQL Slammer exploited a vulnerability found in the SQL Sever 2000 . The spread of the worn affected the networks across Asia , Europe and North America . The worn triggered a Distributed Denial of service (DDoS) attack . In this type of attack , the virus affected computers are redirected to send a huge quantity of data to a specified address on the network , thus knocking the target computer off the networke .What Does A Malicious Hacker Do ?
If we need to apply countermeasures , we need to first understand the anatomy of an attack . It is necessary to comprehend the step to counter an attavk , once detected . In general , there are five phases in which an intruder advances an attack :
Reconnaissance This is the phase where the attacker gathers information about a target using active or passive mean
Scanning
In this phase , the attacker begins to actively probe the target for vulnerabilities that can be exploited Gaining Access
If vulnerability is detected , the attacker can exploited it to gain access into the system
Maintaining Access
Once access is gained , the attacker usually maintains access to fulfill the purpose of his / her entry
Covering Tracks
In this phase , the attacker tries to destroy all evidence of the attack to evade legal punitive actionPhase 1- Reconnaissance
Reconnaissance refers to the preparatory phase where an attacker gathers as much information as possible about the target prior to launching the attack . Also in this phase , the attacker draws on competitive intelligence to learn more about the target . This phase may also involve network scanning , either external or internal , without authorization .This is the phase that allow the potential attacker to strategize his / her attack . This may take some time as the attacker waits to unearth crucial information . Part of this reconnaissance may involve social engineering . A social engineer is a person who smooth talks people into reveling information such as unlisted phone number , password , and other sensitive information .Another reconnaissance technique is dumpster diving . Dumpster diving is the process of looking through an organizations trash for discarded sensitive information . Attackers can use the Internet to obtain information such as employee contact information , business partners , technologies in use and other critical business knowledge , but dumpster diving may provide them with even more sensitive information such as username , password , credit card statement , bank statement , ATM slip , social security Number , telephone number , check number and so on .For example , a Whois database can provide information about Internet addresses , domain names , and contact . If a potential attacker obtains DNS information from the registrar , and is able to access it , he can obtain useful information such as the mapping of domain names to IP addresses , mail servers , and host information records . It is important that a company has appropriate policies to protect its information assets , and also provides guidelines to its user of the same . Building user awareness of the precautions they must take in order to protect their information assets is critical factor in this context .