CHAPTER 1Introduction to Ethical Hacking,

Ethics, and Legality

Defining Hacking Defining Ethical Hacking

Hacking for defensive purposes White Hats, Black Hats, Gray Hats

Hacktivists: Hacking for a cause Script Kiddies: Use other’s tools Testing

White Box: Know everything Black Box: Know only company name Gray Box: between white box and black box, from

inside Security Elements

CIA: Confidentiality, Integrity, Authenticity/Availability

Hacking Terminology

Threat Exploit Vulnerability Target of Evaluation Attack Remote vs Local

Hacking Phases

1. Reconnaissance 2. Scanning 3. Gaining Access 4. Maintaining Access 5. Covering Tracks

1. Reconnaissance

Two Basic Types Passive: dumpster diving, shoulder surfing,

eavesdropping, gathering data from a whois tool, DNS, and network scanning, find active machines, open ports & apps

Active: probing, social engineering,

2. Scanning

Dialers Port Scanners ICMP Scanners PING Sweeps Network Mappers SNMP Sweepers Vulnerability Scanners

3. Gaining Access

Buffer overflows Denial of Service Session Hijacking

4. Maintaining Access

Planting Backdoors Rootkits Trojans

Making a zombie

5. Covering Tracks

Steganography Snow.exe: ASCII files Stealth: PGP files ImageHide: Text files

Tunneling Protocols ITunnel, Ptunnel

Altering Log Files Elsave, WinZapper

Types of Hacking Technologies

Operating Systems Default setting, bugs

Applications Default settings, bugs

Shrink-Wrap code Enabled features that aren’t used but left open

Misconfigurations

Types of Attacks Remote Network Remote Dial-Up Network Local Network Stolen Equipment Social Engineering Physical Entry Operating System Application Level Shrink wrap and malicious code attacks Misconfiguration attacks

Being Ethical

Gain Authorization Maintain/follow nondisclosure agreement Maintain confidentiality Perform test – but do no evil

Phases of Security Examining

EC-Council’s 3 Phrases 1. Preparation 2. Conduct 3. Conclusion

Laws No U.S. laws prior to 1984 outlawing crimes

committed with or against a computer Who investigates?

Financial computer crimes -> U.S. Secret Service All other computer crimes -> Federal Bureau of

Investigation

Computer Fraud and Abuse Act – 1986 / 1996 18 U.S.C. 1030: Fraud and Related activity in

connection with computers 18 U.S.C. 1029: Fraud and Related activity in

connection with Access Devices

Laws (cont) Computer Misuse Act of 1990 (United

Kingdom) Freedom of Information Act (FOIA) USA Patriot Act - 2001

Laws (cont) Cyber Security Enhancement Act of 2002 SPY ACT 2007 18 U.S.C. 1028: deals with fraud related to

possession of false identification documents 18 U.S.C. 1362: Destruction of

Communication Lines, Stations, or Systems 18 U.S.C. 2510: Wire and Electronic

Communications Interception and Interception of Oral Communication

18 U.S.C. 2701: Stored wire and electronic communications, and transactional records access

Laws (cont) Human Rights Act 1998 (U.K.)

judges are not allowed to override the Act. However, they can issue a declaration of incompatibility

makes available in UK courts a remedy for breach of a Convention right, without the need to go to the European Court of Human Rights.

totally abolished the death penalty in UK law. FMFIA of 1982 2004 CAN SPAM Act

Laws (cont) Federal Information Security Mgt Act

(FISMA) Privacy Act of 1974 Gov’t Paperwork Elimination Act (GPEA) Stalking Amendment Act 1999 (Australia) Equal Credit Opportunity Act (ECOA)

Prohibits creditors from collecting data from applicants, such as national origin, caste, religion