Thursday, February 18, 2010

Certified Ethical Hacker 1

The most important things to note when hacking is the methodology, and the execution plan. A hacker is a computer enthusiast. Most often, hackers are programmers with advanced knowledge of networks and operating systems. Crackers on the other hand, are those that do damage. They gain unauthorized access, destroy vital data and deny services.
A threat is a potential risk. A threat is usually an action or event. A vulnerability is a system's weakness that can lead to exploitation or compromise. A target of evaluation is the system that needs to be tested for vulnerabilities. An exploit is a way to compromise the security of a system, and an attack is the execution of an exploit on a system.

Security is just a state of well-being. It is an illusion. There is no such thing as a fully secure system. Security rests on three parts, the CIA triad:
1) Confidentiality
2) Integrity
3) Availability

Confidentiality means that the data is not for everybody's use. Only certain people can access it. Integrity is to ensure that the data isn't altered from the source to the destination. Availability means that the data must be available when needed. You can take a whole system off the network for greatest security, but that would result in no availability.

The steps to hacking a system:
1) Reconnaissance
Reconnaissance can be active or passive in nature. Reconnaissance is the preparation of an attack. It's for hackers to evaluate all possible targets.

2) Scanning
Live system detection, port scanning. Network mapping, sweeping, vulnerability analysis (Nessus, etc).

3) Gaining Access
Application level, network level, or Denial of Service if unsuccessful. This is the real attack phase. As an Ethical Hacker, make sure that you get permission from your company before performing any kind of hacking.

4) Maintaining Access
Installing backdoor or Trojan programs. This allows the hacker to get back into the system in the future.

5) Covering Tracks
Stop the logging at a minimum, then erase event logs. If you're a good hacker, everyone knows about you. As the saying goes: If you're a great hacker, nobody knows about you.

Classification of Hackers:
1) Black Hat
They are also known as Crackers. They do things for personal gain.

2) White Hat
They are the Ethical Hackers, which are also known as Security Analysts.

3) Gray Hats
They are a mix of Black and White hats.

Classification of Ethical Hackers:
1) Former Black Hats
Reformed crackers who has first-hand experience. However, they are seen to have lesser credibility.

2) White Hats
Independent security consultant. Knowledgeable about black hat activities.

3) Consulting Firms
Part of ICT firms and provide good credentials.

Hacktivism refers to hackers who hack for a cause. The cause may be social or political. Their goal is to send their message through their activities and gaining visibility. Common targets include government agencies, MNCs, or other entities perceived as "bad" or "wrong" by these groups/individuals. However, gaining unauthorized access is a crime, no matter what the intent.

We must know our enemy. We must see what they can see. We must know how to attack a system before we can protect it. This is the job of an Ethical Hacker.

An Ethical Hacker goes through these three steps to test a network (also known as the Pen Test):
1) Preparation
A formal contract is signed. The contract protects the ethical hacker against any prosecution that he may attract during the next phase. The contract outlines the infrastructure perimeter, evaluation activities, time schedules, and available resources.

2) Conduct
The actual network analysis. An evaluation report is to be created listing the potential vulnerabilities of the network.

3) Conclusion
The results of the evaluation and the corrective actions should be submitted.

Modes of Ethical Hacking
1) Remote Network
Attacks from external sources (e.g. the internet).

2) Remote Dial-Up Network
Attacking through the use of phone/modem dial-ups, such as attacking remote access servers.

3) Local Network
An attack from inside the network.

4) Stolen Equipment
Information found from stolen, lost, or given away equipment can be used to attack the company.

5) Social Engineering
Manipulating the employees of the company.

6) Physical Entry
When a person has physical access to an equipment, he can quickly gain access to it. We should make sure that all servers and equipment are safely locked up.

There are 3 types of Security Hacking
1) Black-box
Evaluating the network as though you have no prior knowledge.

2) White-box
Evaluating the network as if you're an insider.

3) Gray-box
Evaluates the extent of access by insiders within the network.

Footprinting is part of reconnaissance. Reconnaissance refers to the preparatory phase where an attacker learns about all the possible attack vectors that can be used in their plan. It involves unauthorized internal or external scanning.

Footprinting is the maping of a target's security schema. Foorprinting, scanning, enumeration are all part of the pre-attack phase. Footprinting results in a unique organization profile with respect to networks (internet/intranet/extranet/wireless) involved.

Footprinting helps to answer the following questions:
1) What's the network address range?
2) What live hosts are there?
3) What ports are open?
4) What operating systems are they using?
5) What services map to those ports?
6) What is the network topology?

These information helps you unearth the background information needed to hack a network. These include names that you can impersonate over the phone.
-Domain name look-up
-Contacts Information
-Whois Lookup
-Social Engineering
-Sam Spade

Nslookup is a utility to interrogate any network or DNS. It helps enumerate all potential targets for a specific company. MX record reveals the IP of the mail server. Windows and Unix both have Nslookup.

There are many ways to obtain information. Some can be as simple as using Google as a hacking tool. Google may find information that aren't intended to be publicly available. You can also find information about a network's structure through traceroute. Home users are also not as protected as those in the company, so you can compromise a company by compromising a home user.

Sam Spade is able to find all the information about a domain for you. It automatically performs tasks like whois and traceroute. Traceroute typically won't be able to tell us what we're getting. VisualRoute would be able to better show the whole route through the internet.

Sites like ping.eu, dnsstuff.com, and networksolutions.com/whois allows to quickly find information from the internet.

"Google Hacks" refer to manipulating the search syntax to help you find what you need. For example, to look for all the private folders of a web server, you can search for the following phrase:
"index of /private" + "Parent Directory"

Locating the network range gives us the target range for scanning. Tools that can help us include:
-NeoTrace (Visual Route)

ARIN is the American Registry of Internet Numbers. It allows search on the whois database to find what's been allocated to your ISP, and what is allocated to your target.

Traceroute works by manipulating a feature called TTL. The TTL is incremented every time it's sent, and is decremented every hop. When the TTL reaches 0, the router replies with an ICPM TTL Exceeded message which gives us its information.

Picture a scenario like this:
After some searching, a hacker gathers the contact information for the company. He calls the receptionist, and through social engineering, gathers the email address of important contacts within that company.

What we should ask ourselves is: How can we prevent this? What does this mean to the company? What can he do with the information obtained?

If someone replies an email, you can track where it came from (or which server it came from) with eMailTrackerPro, then Visual Route. We can use readnotify.com to send embedded images which can obtain information about whoever who opens the mail.

No comments :

Post a Comment