CEH Module 01: Introduction to Ethical Hacking

Ethical Hacking and Countermeasures Version6

o u e Introduction to Ethical ac ng

Module Objective This module will familiarize you with:

• • • • • • • • • •

EC-Council

’ Elemen Elements ts of securi security ty Various Various phases phases of the Hacking Hacking Cycle Cycle T es of hacker attacks Hack Hackti tivi vism sm Ethi Ethica call Hack Hackin ing g Vulnerabi Vulnerability lity research research and tools Steps for condu conducting cting ethical ethical hacking hacking Computer Computer crimes crimes and and implica implication tionss Cyber Cyber Laws prevaili prevailing ng in various various parts parts around around the world world

Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited

Prob Pr oble lem m Defi Defini niti tion on – Wh Why y Evolution of technology focused on ease of use

Decreasing skill level needed for exploits

Increased network environment and network based applications

EC-Council


Essential Terminologies Threat: • An action action or event event that might might compromi compromise se security. security. A threat threat is a potential violation of security

Vulnerability : , , can lead to an unexpected and undesirable event compromising the security of the system

Target of Evaluation: •

EC-Council

n IT s stem roduct or com onent that is identified/subjected identified/subjected to require security evaluation Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited

Essential Terminologies (cont’d)

Attack: • An assault assault on the the system system securit security y that is derived derived from from an intelligent threat. An attack is any action that violates security

Ex loit: • A defined defined way to breach breach the the security security of of an IT system system through vulnerability

EC-Council


Elements of Security

Security

Any hacking event wil willl aff affec ectt an an one one or more of the essential security elements

• A state state of well-bei well-being ng of inform information ation and infrastructure in which the possibility of successful yet undetected theft, tampering, and disruption of inform informati ation on and and servic services es is ke ke t low or or tolera tolerable ble

EC-Council


Elements of Security (cont’d) Security rests on confidentiality, authenticity, integrity, and availability Confidentiality • Authenticity • Integrity • and unauthorized changes Availability • The ability to use the desired information or or resource EC-Council


The Security, Functionality, and Ease The number of exploits is minimized when the number of weaknesses is reduced => reater securit Takes more effort to conduct the same task task => reduced functionality

Functionality

Security EC-Council

Moving the ball towards security means moving away from from the the functi functiona onalit lit and ease ease of use

Ease of Use


What Does a Malicious Hacker Do Reconnaissance • Activ Active/p e/pass assive ive

Reconnaissance Scanning

Clearing Tracks

Gaining access • Networ Network k level level • Denial Denial of of servic servicee

• Uploading Uploading/alte /altering/ ring/ download downloading ing programs or data

Maintaining Access

Scanning

Gaining Access

Clearing tracks

EC-Council


Phas Ph asee 1 - Re Reco conn nnai aiss ssan ance ce Reconnaissance Reconnaissance refers to the preparatory phase where an attacker seeks to gather as much information as possible about a target of evaluation prior to launching an attack Business Risk: Notable - Generally noted as "rattling the door knobs" to see if

Could be the future point of return, noted for ease of entry for an attack when

EC-Council


Reconnaissancee Types Reconnaissanc Passive reconnaissance involves acquiring information without directly interacting with the target • For example, example, searc searching hing public public recor records ds or news news releases

Active reconnaissance involves interacting with the target directly by

• For examp example, le, telephon telephonee calls calls to the the help help desk or technical department

EC-Council


Phas Ph asee 2 - Sc Scan anni ning ng Scanning refers to the pre-attack phase when the hacker scans the network for specific information on the basis of information gathered during reconnaissance

Business Risk: High – Hackers Hackers have to to get a single single point of entry to launch an attack

Scanning can include use of dialers, port scanners, network mapping, sweeping, vulnerability scanners, an so on EC-Council


Phas Ph asee 3 - Ga Gain inin ing g Acc Acces esss . exploits the vulnerability in the system

The exploit can occur over a LAN, the Internet, or as a deception, or theft. Examples include buffer overflows, denial of service, session hijacking, and password cracking Influencing factors include architecture and configuration of the target system, the skill level of the perpetrator, and the initial level of access obtained

Business Risk: Highest – The hacker hacker can can gain access access at the the o eratin s stem level a lication level or network level

EC-Council


Phase Pha se 4 - Ma Maint intain aining ing Ac Acces cesss Maintaining access refers to the phase when the hacker tries to retain his/her ownership of the system The hacker has compromised the system Hackers may harden the system from other hackers as well (to own the system) by securing their exclusive access with Backdoors, RootKits, RootKits, or Trojans Hac ers can up oa , own oa , or manipu ate ata, app ications, an an configurations on the owned system

EC-Council


Phas Ph asee 5 - Co Cove veri ring ng Tra Track ckss Covering Tracks refer to the activities that the hacker does to hide his misdeeds

Reasons include the need for prolonged stay, continued use of resources, removing evidence of hacking, or avoiding legal action

Examples include Steganography, tunneling, and altering log files

EC-Council


Types of Hacker Attacks Ther Theree are are se seve vera rall wa s an atta attack cker er can can ain ain acce access ss to a s stem stem The attacker must be able to exploit a weakness or vulnerability in a

Attack Types: Operating System attacks Shrink Wrap code attacks

EC-Council


1. Operating System Attacks

EC-Council


1. Operating System Attacks ’ o ay s opera ng sys ems are comp ex n na ure

O eratin s stems run man services orts and modes of access and re uire extensive tweaking to lock them down The default installation of most operating systems has large numbers of services running and ports open

’

Attackers look for OS vulnerabilities and exploit them to gain access to a ne wor sys em EC-Council


2. Application Level Attacks Software developers are under tight schedules to deliver products on time Extreme Programming is on the rise in software en ineerin methodolo Software applications come with tons of functionalities and features Sufficient time is not there to perform complete testing before releasing products Security is often an afterthought and usually delivered as "add-on” component which leads to “Buffer Overflow Attacks” EC-Council


3. Shrink Wrap Code Attacks Why reinvent the wheel when you can buy off-the-shelf “libraries” libraries ” and code?

When you install an OS/Application, it comes with tons of sample scripts to make the life of an administrator easy

The problem is “not “not fine tuning” tuning ” or customizing these scripts

This will lead to default code or shrink wrap code attack

EC-Council


4. Misconfiguration Attacks Systems that should be fairly secure are hacked because they were not configured Systems are complex and the administrator does not have the necessary skills or resources to fix the problem Administrator Administrator will create a simple configuration that works In order to maximize your chances of configuring a machine correctly, remove any unneeded services or software

EC-Council


Remember This Rule!

If a hacker wants to get inside your system, he/she will and there is nothing you can do about it

The only thing you can do is m ake it harder for him to get in

EC-Council


Hacktivism Refers Refers to to the idea idea of of hackin hackin with with or for for a cause cause

Com Com rise risess of hack hacker erss with with a soci social al or olit olitic ical al a enda enda

Aims at sending a message through their hacking activity an ga n ng v s y or e r cause an emse ves Common targets include government agencies, MNCs, or groups or individuals It remains a fact, however, that gaining unauthorized access s a cr me, no matter w atever t e ntent on s EC-Council


Hacker Classes Black Hats • Individua Individuals ls with extraord extraordinary inary computin computing g skills, skills, resorting resorting to malicious or destructive activities. Also known as crackers

White Hats • Individua Individuals ls professing professing hacker hacker skills skills and using using them them for defensive purposes. Also known as security analysts

Gray Hats • Individua Individuals ls who work work both offensi offensively vely and and defensively defensively at at various times

Suicide Hackers • Individual Individualss who aim aim to bring down down critica criticall infrastruct infrastructure ure for a "cause" and do not worry about facing 30 years y ears in jail for their actions EC-Council


Ethical Hacker Classes Forme merr B ac Hats

• Firs Firstt-ha hand nd experi experien ence ce • Lesser Lesser cred credibi ibilit lity y percei perceived ved

• Inde Indepe pend nden entt secur securit ity y consultants (may be groups as • Claim Claim to be knowle knowledge dgeabl ablee about black hat activities

Consulting Firms

EC-Council

• Part Part of ICT ICT fir firms ms • Good Good cred creden enti tial alss


Can Hacking be Ethical Hacker: • Refers to to a person who who enjoys enjoys learning learning the detail detailss of computer computer systems and to stretch his/her capabilities

• Refers to a person person who who uses his his hacking hacking skills skills for for offensive offensive purposes

Hacking: • Describes Describes the rapid rapid developme development nt of new new programs programs or the reverse reverse engineering of the already existing software to make the code better an more e c ent

Ethical hacker: •

EC-Council

e ers to secur ty pro ess ona s w o app y t e r ac ng s defensive purposes

s or


How to Become an Ethical To become an ethical hacker, you must meet the

Should be proficient with programming programming and computer networ ing s i s

ou

e am ar w

vu nera

y researc

techniques

ou EC-Council

e prepare o o ow a s r c co co e o conduct Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited

Skill Profile of an Ethical Hacker A computer expert adept at technical oma ns Has in-depth knowledge of target , , , and Linux Has exemplary knowledge of ne wor ng an re a e ar ware an software

and related issues In othe otherr word wordss ou must ust be “hi “hi hl technical” to launch sophisticated attacks EC-Council


What is Vulnerability Research Discovering vulnerabilities and designing weaknesses that will misuse

ongoing assessment of the hacking underground

delivered within product improvements for security systems

Can be classified based on: , , • Exploi Exploitt range range (loca (locall or remot remote) e) EC-Council


Why Hackers Need Vulnerabilit Vulnerability y

To identify and correct network vulnerabilities To protect the network from being attacked by intruders To get information that helps to prevent security problems To gather information about viruses To find weaknesses in the network and to alert the network administrator before a network attack o now ow o recover rom a ne wor a ac

EC-Council


Vulnerability Research Tools

US-CERT publishes information regarding a variety of vulnerabilities in “US-CERT Vulnerabilities Notes”

• • • • •

Similar Similar to alerts alerts but but contains contains less less informatio information n Does not not contain contain solutions solutions for for all the vulnerabi vulnerabilities lities Contains Contains vulnera vulnerabilit bilities ies that meet meet certain certain criteria criteria Contains Contains informat information ion that is useful useful for the administ administrato ratorr

name, vulnerability ID number, and CVE-name • Can be cross cross checked checked with with the Common Common Vulnera Vulnerabilit bilities ies and Exposures (CVE) catalog

EC-Council


Vulnerability Research www.securitytracker.com www.microsoft.com/security www.securiteam.com www w ww.p .pac ac et etst stor orms msec ecur ur ty ty.co .com m www.hackerstorm.com www.hackerwatch.org www.securityfocus.com www.securitymagazine.com

EC-Council


How to Conduct Ethical Hacking Step 1: Talk to your client on the needs of testing

Step 2: Prepare NDA documents and ask the client to sign them

Step 3: Prepare an ethical hacking team and draw up schedule for testing

Step 4: Conduct the test

Step 5: Analyze 5: Analyze the results and prepare a report

Penetration Testing methodology is Council’s LPT program

Step 6: Deliver the report to the client EC-Council


How Do They Go About It Any security evaluation involves three components: Cond Conduc uctt – In this this phase, the evaluation technical report is re ared based on testing potential vulnerabilities

Prepar Preparatio ation n – In this this phase, phase, a forma formall contract is signed that contains a nondisclosure clause as well as a legal clause to prosecution that might otherwise attract during the conduct phase. The contract also outlines infrastructure perimeter, evaluation activities, time schedules, and

– phase, the results of the evaluation are communicated to the organization or corrective action is taken if needed EC-Council


Ethical Hacking Testing There are different forms of security testing. Examples include vulnerability scan cannin eth ethical ical hack ackin and and enet enetrratio ation n test testin in Approaches to testing are shown below: Black box • With no prior prior knowledg knowledgee of the the infrastr infrastructure ucture to be tested

White box • With a complete complete knowledg knowledgee of the network network infrastruct infrastructure ure

Gray box • Also known known as Internal Internal Testing. Testing. It It examines examines the the extent extent of the access by insiders within the network

EC-Council


Ethical Hacking Deliverables

• Details Details the results results of the the hacking hacking activi activity, ty, matching it against the work schedule decided prior to t e con uct p ase • Vulnerabi Vulnerabilitie litiess are detaile detailed d and preven prevention tion measures are suggested. It is usually delivered in hard copy format for security reasons

Issues to consider: • Team, Team, sensitivity sensitivity of informat information, ion, Nondisc Nondisclosu losure re clause in the legal contract (availing the right , evaluation EC-Council


Summary Security is critical across sectors and industries Ethical Hacking is a methodology to simulate a malicious attack without causing damage Hacking involves five distinct phases Security evaluation includes preparation, conduct, and evaluation phases

U.S. Statutes ξ 1029 and 1030 primarily address cyber crime

EC-Council


CEH Module 01: Introduction to Ethical Hacking

Recommend Documents