Ethical Hacking -- Module 1 - Introduction

[z3mwaz]

Ethical Hacking

Module 1 - Introduction


Objectives:
- understanding the importance of security
- introducing ethical hacking and essential terminology for the module
- understanding the different phases involved in an exploit by a hacker
- overview of attacks and identification of exploit caterories
- comprehending ethical hacking
- hacking, law and punishment



+Problem Definition - Why Security?+

- evolution of technology focused on ease of use
- increasing complexity of computer infrastructure administration and management
- decreasing skill level needed for exploits
- direct impact of security breach on corproate asset base and good will
- increased networked environment and network based applications



+Can Hacking Be Ethical?+

- The noun 'hacker' refers to a person who enjoys learning the details of computer systems and stretch thier capabilities.
- the verb 'hacking' describes the rapid development of new programs or the reverse engineering of already existing software to make the code better, and efficient.
- the term 'cracker' refers to a person whos uses his hacking skills for offensive purpose.
- the term 'ethical hacker' refers to the security professionals who apply their hacking skills for defensive purpose.



+Essential Terminology+

- Threat - an action or event that might prejudice security. a threat is a potential violation of security.
- Vulnerability - existenceof a weakness, design, or implementation error that can lead to an unexpected, undesirable event compromising the security of the system.
- Target of Evaluation - an IT system, product, component that is identified/subjected as requiring security evaluation
- Attack - an assault on system security that derives from an intelligent threat. An attack is any action that violates security.
- Exploit - A defined way to breach the security of an IT system through vulnerability.



+Elements of Security+

- Security is a state of well-being of information and infrastructures in which the possibility of successful yet undetected theft, tampering and disruption of information and services is kept low or tolerable.
- Any hacking event will affect any one or more or the essential security elements.
- Security rest on confidentiality, authenticity, integrity, and availability.
- confidentiality is the concealment of information or resources.
- authenticity is the idenification and assurance of the origian of information.
- integrity refers to the trustworthiness of data or resources in terms of preventing improper and unauthorized changes.
- availability refers to the ability to use the information or resources desired.



+What does a Malicious hacker do? - Five Steps in the Attack+

1) Reconnaissance
- Active
- Passive
2) Scanning
3) Gaining Access
- OS Level / Application Level
- Network Level
- Denial of Service
4) Maintaining Access
- Uploading / Altering / Downloading Programs or Data
5) Covering Tracks



+Phase 1 - Reconnaissance+

- Reconnaissance refers to the preparpatory where an attacker seekd to gether as much information as possible about a target of evaluation prior to launching as attack. It involves network scanning either external or internal without authorization
- Business Risk - 'Notable' - Generally noted as "rattling the door knobs" to see if someone is watching and responding. Could be future point of return when noted for ease of entry for an attack when more is know on a broad scale about a target.

- Passive Reconnaissance involves monitoring network data for patterns and clues.
- Examples include sniffing, information gathering etc.
- Active reconnaissance involves probing the network to detect.
- accessible hosts
- open ports
- locations of routers
-details of OS's and services


+Phase 2 - Scanning+

- Scanning refers to pre-attack phase when the hacker scans the networkwith specific information gathered during reconnaissance.
-Business Risk - 'High' - Hackers have to get a single point of entry to launch an attack and could be point of exploit when vulnerability of the system is detected.
- Scanning can include use of dialers, port scanners, network mapping, sweeping, vulnerability scanners etc.



+Phase 3 - Gaining Access+

- Gaining Access refers to the true attack phase. The hacker exploits the systems.

- The exploit can occur over a LAN, Locally, Internet, Offline, as a deception or theft. Examples include based buffer overflows, denial of services, session hijacking, password filtering etc

-Influencing factors include architecture and configuration of target system, skill level of hte peopetrator and initial level of access obtained.
- Business Risk -'Highest'- The hacker can gain access at the OS level, application level, or network level.



+Phase 4 - Maintaining Access+

- Maintaing Access refers to the pahse whaen the hacker tries to retain his "ownership" of the system
- The hacker has exploited a vulnerability and can tamper and compromise the system.
-Sometimes, hackers harden the system from other hackers as well (to own the system) by securing thier exclusive access with Backdoors, RootKits, Trojens and Trojen horse Backdoors.
- Hackers can upload, download or manipulate data / applications / configurations on the 'owned' system.


+Covering Tracks+

- Covering Tracks refers to the activities undertaken by the hacker to extend his misuse of the system without being detected.
- Reasons include need for prolonged stay, continued use of resources, removing evidence of hacking, avoid legal action etc.
- Examples include Steganography, tunneling, altering log files, etc.
- Hackers can remain undetected for long periods or use this phase to start a fresh reconnaissance to a related target system.



+Hacker Classes+

- Black hats
Indeviduals with extraordinary computing skills, resorting to malicious or destructive activities. also, known as 'Crackers.'
-White Hats
individuals professing hacker skills and using them for defensive purposes. Also known as 'Security Analysts.'
-Gray Hats
individuals who work both offensively and degensively at various times.

+Ethical hacker Classes+

-Former Black Hats
Reformed crackers
First-hand experience
Lesser credibility perceived

-White Hats
Independent security consultants(maybe groups as well)
Claims to be knowledgeable about black hat activities

-Consulting Firms
Part of ICT firms
Great credentials




+Hacktivism+

-Refers to 'hacking with / for a cause.'
-Comprises of hackers with a social or political agenda
-Aims at sending across a message through their hacking activity and gaining visibility for their cause and themselves.
-Common targets include the government agencies, MNCs, or any other enity percived as 'bad' or 'wrong' by these groups / individuals
-It remains a facy however, that gaining unauthorized access is a crime, no matter ehat the intent.



+What do Ethical Hackers do?+

- "If you know the enemy and know yourself, you need not fear the results of a hundred battles." --Sun Tzu, 'Art of War'

- Ethical hackers try to answer:

What can the intruder see on the target system?
(Reconnaissance and Scanning phase of hacking)
What can an intruder do with that information?
(Gaining Access and Maintaining Access)
Does anyony at the target notice the intruders attempts or success?
(Reconnaissance and Covering Tracks)

-If hired by an organization, an ethical hacker asks the organization what it is trying to protect, against whom and what resources is it willing to expend in order to gain protection



+Skill Profile of an Ethical Hacker+

- Computer expert adept at technical domains.
- In-depth knowledge about target platforms (suchs as Windows, Unix, Linux)
- Exemplary knowledge on networking and related hardware / software.
- Knowledge about security areas and related issues - though not necessarily a security professional.



+How do they go about it?+

- Any security evaluation involves three componets:

Preparation - In this phase, a formal contract is signed that contains a non-disclosure clause as well as a legal clause to protect the ethical hacker against any prosecution that he may attract during the conduct phase. The contract also outlines infrastructure perimeter, evaluation activities, time schedules and resources available to him.

Conduct - In this phase, the evaluation technical report is prepared based on testing potential vulnerabilities.

Conclusion - In this phase, the results of the evaluation in communicated to the organization / sponsors and corrective advise / action is taken if needed.



+Modes of Ethical Hacking+

Remote networking - This mode attampts tp simulate an intruder launched attack over the internet.
Remote dial-up networking - This mode attempts to simulate an intruder launching an attack against the client's modem pools.
Local network - This mode simulates an employee with legal access gaining unauhorized access over the local network.
Stolen equipment - This mode simulates theft of a critical informantion resource such as a laptop owned by a strategist, (taken by the client unaware of its owner and given to the ethical hacker).
Physical entry - This mode attempts to physically compromise the organization's ICT infrastructure.



+Security Testing+

- There a are many different forms of security testing. Examples include vulnerability scanning, ethical hacking and penetration testing. Security testing can be conducted using one of two approches:
-Black Box (with no pior knowledge of the infrastructure to be tested)
-White Box (with a complete knowledge of the network infrastructure)

-Internal Testing, also know as Gray-Box testing, is the extent of access by insiders within the network. Examples would be employees other than the IT Department.



+Deliverable+

- Ethical Hacking Report
- Details the results of the hacking activity, matching it against the work schedule decided prior to the conduct phase.
- Vulnerabilities are detailed and avoidance measures suggested. Usually delivered in hard copy format for security reasons.
- Issues to concider -- Nondisclosure clause in the legal contract -- avaling the right information to the right person, intergrity of the evaluation team, sensitivity of information.




+Computer Crimes and Implications+

- Cyber Security Enhancement Act 2002 -- implicates life sentences for hackers who 'recklessly' endanger the lives of others.

- The CSI/FBI 2002 Computer Crime and Security Survey noted that 90% of the respondents acknowledged security breaches, but only 34% reported the crime to law enforcement

- The FBI computer crimes squad estimates that between 85 to 97 percent of computer intrusions are not even detected

But with that said, dont go get trigger happy and scan every network there is.

Also the next sections of the course cover the exact written laws of computer crimes and punishments, but i cant type anymore, but i will provide link later for the interested.
I also suggest that you yourself, look up Computer Crime Laws before you test any skills you may have or think you have.


+Summary+

- Security is critical across sectors and industries.
- Ethical Hacking is a methodology to simulate a malicious attack without causing damage or loss.
- Hacking involves five distinct phases.
- Security evaluation includes preparation, conduct and evaluation phases.
- Cyber crime can be differentiated into two categories.
- US Statutes &) 1029 and 1030 primarily address cyber crime.




Last point to make:

READ MY DISCLAMER Please

http://www.suck-o.com/modules.php?name= ... pic&t=1324

[z3mwaz]

i am uploading a movie now
so when it gets done or i wake up i'll post the link

sorry for being late
busy week


=edit=

movie number 1

Introduction

Code: Select all

http://rapidshare.de/files/35330478/ceh01.wmv

[pseudo_opcode]

nice info man!! i'll surely see the movie.. even i m planning to get CEH certification after my graduation.. but we have already done a lot of research in this field already.. anyway keep on posting.

[DNR]

z3m,
Great job, I like the layout of the information you used - good summary of the topics. If anyone wants to go into detail they can just ask about one of the bullet points.

BTW, drop the disclaimer. Unless a person showed willful intent to cause harm, or knew that the instruments he provided could be easily used to cause harm, it would be hard to prove negligence or criminal conduct. Your classmates and teacher are doing the same thing you are posting here - discussing science, for its ethical educational value. If it were a crime to discuss this, then wouldn't the same apply to discussing bomb making, firearm tactics, or clubbing baby seals?




The rapidshare webhost gave me this message on the d/l of the video.

"Too many users downloading right now. Please try again later or get a PREMIUM-Account"

DNR

[sternbildchen]

I have a CEH DVD for my own. But this writeup is very usefull!

Good work.

[z3mwaz]

yeah like DNR said, this topic is open for discussion,
this Intro was mainly a opening tread to give a description of the course layout.
like i said before, as i take the modules, i post them here.

[evileye]

gr8 work dude sounds intresting even thou i have downloaded the CEH from somee site....