You are on page 1of 90

Introduction to E th ical H ack in g

Module 01

Ethical Hacking and Countermeasures Introduction to Ethical Hacking

Exam 312-50 Certified Ethical Hacker

In t r o d u c t io n to E t h ic a l H a c k in g
M o d u le 0 1

E n g i n e e r e d b y H a c k e r s . P r e s e n t e d b y P r o f e s s io n a ls .

t h ic a l

a c k in g

a n d

o u n t e r m

e a s u r e s

v 8

M o d u le

0 1 :

In t r o d u c tio n

to

E th ic a l

H a c k in g

E x a m

3 1 2 -5 0

Module 01 Page 2

Ethical Hacking and Countermeasures Copyright by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.

Ethical Hacking and Countermeasures Introduction to Ethical Hacking

Exam 312-50 Certified Ethical Hacker

S e c u r ity N e w s
_ *
.

CEH
.

? ! ;
H o m e | A b o u t U s \ P o r t f o lio | C o n t a c t U s | S e r v ic e

Oct 17 2012, 0:45am 1S T

Z e ro -d a y A tta c k s a r e M e an er, m o re R a m p a n t th a n w e e v e r th o u g h t
C om puter attacks th a t ta rg e t undisclosed v u ln e ra b ilitie s are m ore com m on and last longer than many security researchers previously th o u g h t. The fin d in g comes fro m a new study th a t tracked the num ber and duration o f so-called zero-day exploits over three years. The typical zero-day attack, by d e fin itio n , e xp lo its s o ftw a re fla w s before th e y are publicly disclosed. It lasts on average 312 days, w ith some lasting as long as tw o and a half years, according to th e study by researchers fro m antivirus p rovider Symantec. O f the 18 zero-day attacks the researchers found betw een 2008 and 2 0 1 1 ,1 1 o f the m previously w e n t undetected. Recent revelations th a t th e S tuxnet m alw are th a t sabotaged Iranian nuclear facilities relied on five zero days already underscored th e th re a t posed by such attacks. But th e researchers said th e ir findings suggest th e menace may be even greater.
h ttp : //a r s te c h n ic a .c o m

Copyright by EG-G*ancil. All Rights Reserved. Reproduction is Strictly Prohibited.

e w

Z e r o - d a y e v e r

A tta c k s

a r e

e a n e r ,

o r e

R a m

p a n t th a n

w e

th o u g h t

S o u rce : h ttp ://a rs te c h n ic a .c o m C o m p u te r th a n a tta c k s th a t ta rg e t u n d is c lo s e d v u ln e ra b ilitie s a re m o re com m on and a new la s t lo n g e r

m a n y s e c u rity re s e a rc h e rs p re v io u s ly th o u g h t. T h e fin d in g c o m e s f r o m

s tu d y th a t

tr a c k e d th e n u m b e r a n d d u r a tio n o f s o -c a lle d z e ro - d a y e x p lo its o v e r t h r e e y e a rs . The ty p ic a l ze ro -d a y on a tta c k , a ve ra g e by by d e fin itio n , days, e x p lo its som e s o ftw a re la s tin g as fla w s lo n g b e fo re as t w o th e y and a re p u b lic ly

d is c lo s e d .

It la s ts th e

312

w ith

a h a lf ye a rs , 18 z e ro -d a y

a c c o rd in g to

s tu d y

re se a rch e rs fro m

a n tiv iru s

p ro v id e r S y m a n te c .

O f th e

a tta c k s th e re s e a rc h e rs fo u n d b e tw e e n 2 0 0 8 a n d 2 0 1 1 , 11 o f th e m

p re v io u s ly w e n t u n d e te c te d .

R e c e n t r e v e la tio n s t h a t t h e S t u x n e t m a lw a r e t h a t s a b o ta g e d Ira n ia n n u c le a r fa c ilitie s re lie d o n fiv e z e ro d a y s a lre a d y u n d e r s c o r e d th e t h r e a t p o s e d b y su ch a tta c k s . B u t th e r e s e a r c h e r s s a id

t h e ir fin d in g s s u g g e s t th e m e n a c e m a y b e e v e n g re a te r. "Z e ro -d a y a tta c k s a re d iffic u lt to p re v e n t because th e y e x p lo it unknow n v u ln e ra b ilitie s , fo r

w h ic h th e r e a re n o p a tc h e s a n d n o a n tiv iru s o r in t r u s io n - d e te c tio n s ig n a tu r e s ," th e y w r o te . "It seem s th a t, as lo n g as s o ftw a re w ill have bugs and th e d e v e lo p m e n t of e x p lo its fo r new

Module 01 Page 3

Ethical Hacking and Countermeasures Copyright by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.

Ethical Hacking and Countermeasures Introduction to Ethical Hacking

Exam 312-50 Certified Ethical Hacker

v u ln e ra b ilitie s w ill b e a p ro fita b le

a c tiv ity , w e w ill b e e x p o s e d

to

z e r o - d a y a t t a c k s . In f a c t , 6 0 not known b e fo re , w h ic h m o re

p e r c e n t o f t h e z e r o - d a y v u l n e r a b i l i t i e s w e i d e n t i f y in o u r s t u d y w e r e s u g g e s ts th a t th e r e t h a n t w ic e as m a n y . " R e s e a rc h e rs L e y la B ilg e and Tudor D u m itra s c o n d u c te d a a re m any m o re z e ro -d a y a tta c k s th a n

p re v io u s ly t h o u g h t p e rh a p s

s y s te m a tic

s tu d y

th a t

a n a ly z e d

e x e c u ta b le file s c o lle c te d f r o m M a rch 2012. T hre e in 2009, o f th e s ix w e r e

11 m illio n c o m p u te rs a ro u n d th e w o rld fro m e x p lo its t h e y in 2010, fo u n d tw o w e re w e re fro m d is c lo s e d d is c lo s e d in in

F e b ru a ry 2 0 0 8 to 2008, 2011. seven (The w e re b in a ry

ze ro -d a y

d is c lo s e d

d is c lo s e d

and

r e p u ta tio n d a ta th e re s e a rc h e rs re lie d o n p r e v e n te d t h e m a tta c k o n m a n y v e rs io n s o f M ic r o s o ft W in d o w s , w h ic h

i d e n t i f y i n g a t t a c k s in 2 0 1 2 . ) A n have gone u n d e te c te d as a

a p p e a rs to

z e ro d a y u n til n o w , h a d th e

s h o rte s t d u ra tio n : ju s t 19 days. A n

e x p lo it o f a s e p a ra te s e c u rity

b u g in t h e W i n d o w s s h e ll h a d t h e l o n g e s t d u r a t i o n : 3 0 m o n t h s . Of th e 18 a tta c k s E ig h t s tu d ie d , 15 ta rg e te d w e re 102 or fe w e r at th re e of or th e 11 m illio n h o s ts . h o s ts th a t w e re

m o n ito re d .

o f th e

e x p lo its

d ire c te d

fe w e r

The

d a ta

c o n firm s

c o n v e n tio n a l w is d o m

th a t z e ro -d a y a tta c k s a re ty p ic a lly re s e rv e d fo r h ig h -v a lu e ta rg e ts . O f th e

r e m a in in g t h r e e a tta c k s , o n e w a s e x p lo ite d b y S tu x n e t a n d a n o th e r w a s e x p lo ite d b y C o n fic k e r, th e v iru le n t w o r m d is c o v e re d in 2 0 0 8 t h a t h a s i n f e c t e d m illio n s o f c o m p u te r s 1 .5 m illio n d iv id e n d s (and re p o rte d ly

c o n t in u e s t o d o so ). T h e S t u x n e t a n d C o n fic k e r e x p lo it t a r g e t e d re s p e c tiv e ly . T h e re s u lts , t h e r e s e a r c h e r s s a id , d e m o n s t r a t e d

a n d 4 5 0 ,0 0 0 h o s ts re tu rn e d b y z e ro -

th e

d a y e x p lo its , w h ic h c a n c o m m a n d p ric e s as h ig h as $ 2 5 0 ,0 0 0 . "F or e x a m p le , C o n fic k e r 3 7 0 ,0 0 0 e x p lo itin g th e v u ln e ra b ility C V E -2 0 0 8 -4 2 5 0 o ver m o re th a n m anaged tw o to in fe c t

a p p ro x im a te ly w ro te . " T h is

m a c h in e s w it h o u t b e in g d e te c te d illu s tra te s th e e ffe c tiv e n e s s

m o n th s ," th e y fo r c o n d u c tin g

e x a m p le

o f z e ro -d a y

v u ln e ra b ilitie s

s te a lth c y b e r-a tta c k s ." The re se a rch e rs c a u tio n e d th a t th e ir m e th o d of c o lle c tin g e x e c u ta b le file s had s ig n ific a n t

l im it a t io n s , c a u s in g it t o T h re a ts once R e p o rt o v e r th e a tta c k s

m is s 2 4 z e r o - d a y a tta c k s t r a c k e d tim e p e rio d p u b lic s tu d ie d .

b y S y m a n te c 's o w n num ber o f tw o -

In t e r n e t S e c u rity o n ly g re w The

S u rp ris in g ly , th e m a rg in s

o f a tta c k s to

z e ro -d a y

becam e

k n o w le d g e b y

1 0 0 ,0 0 0 -fo ld .

n u m b e r o f a t t a c k v a r ia n t s a ls o ro s e , w i t h

183 to 8 5 ,0 0 0 m o re v a ria n ts d e te c te d ea ch day. O n e

p o s s i b l e c a u s e o f t h e s u r g e i n n e w f i l e s , t h e r e s e a r c h e r s s a i d , is t h a t t h e e x p l o i t s m a y h a v e b e e n re p a c k a g e d v e rs io n s o f th e s a m e a tta c k . " H o w e v e r , i t is d o u b t f u l t h a t r e p a c k i n g a l o n e c a n a c c o u n t f o r a n i n c r e a s e b y u p t o f i v e o r d e r s o f m a g n i t u d e , " t h e y w r o t e . " M o r e l i k e l y , t h i s i n c r e a s e is t h e r e s u l t o f t h e e x t e n s i v e r e - u s e o f f i e l d p r o v e n e x p l o i t s in o t h e r m a l w a r e . "

C opyrights: 2012 C o n d eN ast A uthor: D a nG o o d in


h t t p : / / a r s t e c h n i c a . c o m / s e c u r i t v / 2012 / th a n -th o u g h t/

10/ z e r o - d a v - a t t a c k s - a r e - m e a r 1 e r-a r1 d - m o r e - p le n tifu l-

Module 01 Page 4

Ethical Hacking and Countermeasures Copyright by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.

Ethical Hacking and Countermeasures Introduction to Ethical Hacking

Exam 312-50 Certified Ethical Hacker

M o d u le O b je c tiv e s

CEH

J J J J

D a ta B re a c h In v e s tig a tio n s R e p o rt E s s e n tia l T e rm in o lo g y E le m e n ts o f In f o r m a tio n S e c u rity T o p In fo r m a tio n S e c u rity A tta c k V e c to rs . r

J J J J
j

H a c k in g P hases T yp e s o f A tta c k s o n a S yste m W h y E th ic a l H a c k in g Is N e c e s s a ry S kills o f an E th ica l H a c k e r In c id e n t M a n a g e m e n t P rocess T yp e s o f S e c u rity P o licie s V u ln e r a b ility R esea rch W h a t Is P e n e tra tio n T e s tin g ?

J J J J b

In f o r m a tio n S e c u rity T h re a ts H a c k in g vs. E th ic a l H a c k in g E ffe c ts o f H a c k in g o n B usiness W h o Is a H a c k e r?

j
j j

a s
Copyright by EG-G*ancil. All Rights Reserved. Reproduction is Strictly Prohibited.

S f

d u l e

b je c t iv e s

1 I t is i m p o r t a n t t o b e a r in m i n d t h a t a t t a c k e r s b r e a k i n t o s y s t e m s f o r v a r i o u s r e a s o n s

a n d p u r p o s e s . T h e r e f o r e , i t is i m p o r t a n t t o c o m p r e h e n d h o w m a l i c i o u s h a c k e r s e x p l o i t s y s t e m s a n d t h e p r o b a b l e r e a s o n s b e h i n d t h e a t t a c k s . A s S u n T z u p u t it in t h e A r t o f W a r , " I f y o u k n o w y o u r s e l f b u t n o t t h e e n e m y , f o r e v e r y v i c t o r y g a i n e d , y o u w i l l a l s o s u f f e r a d e f e a t . " I t is t h e d u t y of s y s te m a d m in is tra to rs and th e n e tw o rk s e c u rity p ro fe s s io n a ls to g u a rd th e ir in fra s tru c tu re use th e sam e

a g a in s t e x p lo its

b y k n o w in g

e n e m y th e

m a lic io u s

h a cke r(s) w h o

seek to

in f r a s t r u c t u r e f o r ille g a l a c tiv itie s . E t h i c a l h a c k i n g is t h e p r o c e s s o f c h e c k i n g a n d t e s t i n g t h e o r g a n i z a t i o n n e t w o r k f o r t h e p o s s i b l e lo o p h o le s a n d v u ln e ra b ilitie s . w h ite h a ts . They p e rfo rm T h e in d iv id u a ls o r e x p e rts w h o p e r fo r m h a c k in g in e th ic a l w ays, w ith o u t e th ic a l h a c k in g a re c a lle d any dam age to th e

c a u s in g

c o m p u t e r s y s te m , th e r e b y in c re a s in g th e s e c u rity p e r im e te r o f a n o rg a n iz a tio n .

Module 01 Page 5

Ethical Hacking and Countermeasures Copyright by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.

Ethical Hacking and Countermeasures Introduction to Ethical Hacking

Exam 312-50 Certified Ethical Hacker

T h is m o d u le c o v e rs : 0 0 0 0 D a ta B re a c h In v e s tig a tio n s R e p o rt E s s e n tia l T e r m in o l o g y E le m e n ts o f I n fo r m a tio n S e c u rity T o p I n fo r m a tio n S e c u rity A tta c k V e c to rs 0 0 0 0 0 In fo r m a tio n S e c u rity T h re a ts 0 H a c k in g vs. E th ic a l H a c k in g 0 E ffe c ts o f H a c k in g o n B u s in e s s W h o Is a H a c k e r ? 0 W h a t Is P e n e t r a t i o n T e s t i n g ? V u ln e r a b ility R e s e a rch T y p e s o f S e c u r it y P o lic ie s In c id e n t M a n a g e m e n t P ro ce ss 0 0 0 6 H a c k in g P h a se s T y p e s o f A tta c k s o n a S y s te m W h y E t h i c a l H a c k i n g Is N e c e s s a r y S k ills o f a n E th ic a l H a c k e r

Module 01 Page 6

Ethical Hacking and Countermeasures Copyright by EC-C0UI1Cil All Rights Reserved. Reproduction is Strictly Prohibited.

Ethical Hacking and Countermeasures Introduction to Ethical Hacking

Exam 312-50 Certified Ethical Hacker

H a c k in g P hases

T ypes of A tta c k s

In fo rm a tio n S e c u r ity C o n tro ls

Copyright by EC-G*ancil. All Rights Reserved. Reproduction is Strictly Prohibited.

d u l e

lo w

' In fo rm a tio n in fo rm a tio n and s e c u rity re fe rs to p ro te c tin g fro m or s a fe g u a rd in g access, is t h e any k in d of s e n s itiv e a lte ra tio n , be in fo rm a tio n s y s te m s u n a u th o riz e d d is c lo s u re ,

d is ru p tio n , a n d

d e s tru c tio n .

F o r m o s t o rg a n iz a tio n s , in fo r m a tio n fa lls in t o w r o n g to hands, th e n th e how to

c ritic a l re s o u rc e t o

s e c u re d . If s e n s itiv e in f o r m a t io n fa c e a g re a t th re a t. In an

re s p e c tiv e o rg a n iz a tio n such c ritic a l

m ay

a tte m p t

u n d e rs ta n d

s e cu re

in fo rm a tio n

re s o u rc e s , fir s t w e w ill lo o k a t an o v e r v ie w o f in f o r m a t io n s e c u rity .

i-g ! fc

In f o r m a t io n S e c u rity O v e r v ie w

H a c k in g P h a se s

s '

In fo r m a tio n S e c u rity T h re a ts 1 a n d A tta c k V e c to rs T yp e s o f A tta c k s

4 k - !

H a c k in g C o n c e p ts

r^ U

In fo r m a tio n S e c u rity C o n tro ls

T h is s e c t io n

c o v e rs e le m e n ts

o f in fo rm a tio n

s e c u rity , th e

s tre n g th

o f th e

c o m p o n e n t tria n g le

(s e c u rity , fu n c tio n a lity , a n d u s a b ility ), a n d e s s e n tia l te r m in o lo g y .

Module 01 Page 7

Ethical Hacking and Countermeasures Copyright by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.

Ethical Hacking and Countermeasures Introduction to Ethical Hacking

Exam 312-50 Certified Ethical Hacker

I n

t e

r n

r i m

r r e

e p o r t :

I C

CEH
(rtifwd itk itjl

I n t e r n e t C r im e C o m p la in t C e n t e r (IC 3 )

20 0 5

20 0 6

20 07

2008

2009 ___________

2010

2011

h tp : //w w w .ic 3 .g o v
Copyright by EG-G*ancil. All Rights Reserved. Reproduction Is Strictly Prohibited.

I n

t e

r n

r i m

u r r e n t

e p o r t :

I C

S o u rce : h ttp ://w w w .ic 3 .g o v T h e f o l l o w i n g is t h e c r i m e r e p o r t d a t a f r o m p a rtn e rs h ip a m o n g th e C e n te r (N W 3 C ), a n d th e F ederal B u re a u B u re a u I C 3 ; t h e I n t e r n e t C r i m e C o m p l a i n t C e n t e r ( I C 3 ) is a (F B I), t h e N a tio n a l W h ite C o lla r C rim e In te rn e t

o f In v e s tig a tio n

o f J u s tic e A s s is ta n c e

(B JA ). A c c o r d in g t o

IC 3 , o n l i n e

c r im e c o m p la in t s a re in c r e a s in g d a ily . F ro m th e re w e re to 2 3 1 ,4 9 3 3 3 6 ,6 5 5 . c r im e W hen c o m p la in ts , c o m p a re d to

t h e g r a p h , y o u c a n o b s e r v e t h a t in t h e y e a r 2 0 0 5 , in th e year 2009, c o m p la in ts in t h e d ra s tic a lly year 2011

w h e re a s 2009,

in c re a s e d

In te r n e t c rim e

c o m p la in ts

d e c re a s e d to s o m e e x te n t.

Module 01 Page 8

Ethical Hacking and Countermeasures Copyright by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.

Ethical Hacking and Countermeasures Introduction to Ethical Hacking

Exam 312-50 Certified Ethical Hacker

I n t e r n e t C r im e C o m p la in t C e n te r (IC 3 ) C o m p la in ts r e c e iv e d by I C 3 Yearly Comparison of Complaints Received v ia the IC 3 Website

3 5 0 ,0 0 0 3 0 0 .0 0 0

336,655 303,809 275,284 231,493 207,492 206,884 314,246

r d

2 5 0 .0 0 0

2 0 0 .0 0 0
1 5 0 .0 0 0

1 0 0 .0 0 0
5 0 ,0 0 0

______

Module 01 Page 9

Ethical Hacking and Countermeasures Copyright by EC-C0linCil All Rights Reserved. Reproduction is Strictly Prohibited.

Ethical Hacking and Countermeasures Introduction to Ethical Hacking

Exam 312-50 Certified Ethical Hacker

D a ta B re a c h In v e s tig a tio n s R e p o rt
Types of hacking by
r 28% / 97%

CEH

and percent of records

H a c k in g

P h y s ic a l

E n v ir o n m e n ta l

0% I 0%

P e rc e n t o f B re a c h e s a n d P e rc e n t o f R e c o rd s
h ttp : //w w w .v e r iz o n b u s in e s s .c o m

Copyright by IC-CM ICil. All Rights Reserved. Reproduction Is Strictly Prohibited.

n
The d a ta

a t a

r e a c h

I n v e

s t i g a t i o

n s

e p o r t

S o u rce : h ttp ://w w w .v e riz o n b u s in e s s .c o m b re a c h in v e s tig a tio n s re p o rt fro m V e riz o n B u s in e s s sh o w s th e ty p e s o f h a c k in g by

p e r c e n t o f b r e a c h e s a n d p e r c e n t o f r e c o r d s . F r o m t h e r e p o r t , i t is c l e a r t h a t m o s t o f t h e s e c u r i t y b r e a c h e s h a p p e n i n g t o d a y a r e b e c a u s e o f h a c k i n g . T h e r e f o r e , in o r d e r t o p r o t e c t y o u r s e l f f r o m d a ta o r s e c u r it y b re a c h e s , y o u s h o u ld te s t y o u r n e t w o r k s e c u rity a g a in s t h a c k in g .

Module 01 Page 10

Ethical Hacking and Countermeasures Copyright by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.

Ethical Hacking and Countermeasures Introduction to Ethical Hacking

Exam 312-50 Certified Ethical Hacker

M a lw a r e

28% / 97%

H a c k in g

I 58 % / 99%

S o c ia l

22% I 38%

M is u s e

......... ..........

7% / <1%

P h y s ic a l

17%

<1 %

E rro r

tm r n m itm m t
0% / 0%

7 % / <1%

H I I

E n v ir o n m e n ta l

P e rc e n t o f B re a c h e s a n d P e rc e n t o f R e c o rd s

FIGURE 1.1: D ata B rea ch In v e s tig a tio n R e p o rt

Module 01 Page 11

Ethical Hacking and Countermeasures Copyright by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.

Ethical Hacking and Countermeasures Introduction to Ethical Hacking

Exam 312-50 Certified Ethical Hacker

E s s e n tia l T e r m in o lo g y

CEH

H a c k V a lu e It is the notion among hackers that something is worth doing or is interesting

T a r g e t o f E v a lu a t io n An IT system, product, or component that is identified/subjected to a required security evaluation

E x p lo it A defined way to breach the security of an IT system through vulnerability

Z e ro -D a y A tta c k An attack that exploits computer application vulnerabilities before the software developer releases a patch for the vulnerability

V u ln e r a b ility Existence of a weakness, design, or implementation error that can lead to an unexpected and undesirable event compromising the security of the system

D a is y C h a in in g Hackers who get away with database theft usually complete their task, then backtrack to cover their tracks by destroying logs, etc.

Copyright by EG-G*ancil. All Rights Reserved. Reproduction Is Strictly Prohibited.

s s e n t ia l

r m

i n

l o

H a c k

V a lu e

Hack

v a lu e

is

th e

n o tio n

am ong

h a cke rs

th a t

s o m e th in g

is

w o rth

d o in g

or

is

in te re s tin g . H a c k e rs

m ig h t fe e l th a t b re a k in g d o w n

th e

t o u g h e s t n e t w o r k s e c u r ity m ig h t g iv e

t h e m g r e a t s a t i s f a c t i o n , a n d t h a t i t is s o m e t h i n g t h e y a c c o m p l i s h e d t h a t n o t e v e r y o n e c o u l d d o .

E x p lo it

An

e x p lo it

is

d e fin e d

way

to

b re a c h

th e

s e c u rity

of

an

IT

s y s te m

th ro u g h or

v u ln e ra b ility . T h e te r m n e tw o rk . A n u n a n tic ip a te d

e x p l o i t is u s e d w h e n a n y k i n d o f a t t a c k h a s t a k e n a ls o be d e fin e d as m a lic io u s s o f t w a r e s o ftw a re

p la c e o n a s y s te m

e x p lo it can

o r c o m m a n d s th a t can

cause of

b e h a v io r to

occur on

le g itim a te

or h a rd w a re

b y ta k in g a d v a n ta g e

th e v u ln e ra b ilitie s .

u ln e r a b ilit y

V u l n e r a b i l i t y is a w e a k n e s s i n d e s i g n o r a n i m p l e m e n t a t i o n e r r o r t h a t c a n l e a d t o a n u n e x p e c t e d a n d u n d e s i r a b l e e v e n t c o m p r o m i s i n g t h e s e c u r i t y o f t h e s y s t e m . In s i m p l e w o r d s , a v u ln e ra b ility is l o o p h o le , lim ita tio n , o r w e a kn e ss th a t becom es a so u rce fo r an a tta c k e r to

e n te r in to th e s y s te m b y b y p a s s in g v a rio u s u s e r a u th e n tic a tio n s .

Module 01 Page 12

Ethical Hacking and Countermeasures Copyright by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.

Ethical Hacking and Countermeasures Introduction to Ethical Hacking

Exam 312-50 Certified Ethical Hacker

T a r g e t

o f E v a lu a t io n

/
A ta rg e t o f e v a lu a tio n is a n IT s y s t e m , p ro d u c t, k in d o r c o m p o n e n t th a t of e v a lu a tio n h e lp s is i d e n t i f i e d th e / to a re q u ire d s e c u rity e v a lu a tio n . T h is e v a lu a to r

s u b je c te d

u n d e rs ta n d th e fu n c tio n in g , te c h n o lo g y , a n d v u ln e ra b ilitie s o f a p a rtic u la r s y s te m o r p ro d u c t.

Z e r o - d a y

A tta c k

In

z e ro -d a y

a tta c k ,

th e

a tta c k e r

e x p lo its

th e

v u ln e ra b ilitie s

in

th e

c o m p u te r

a p p lic a tio n b e fo r e th e s o ftw a r e d e v e lo p e r re le a s e s a p a tc h f o r t h e m .

a is y

h a in in g

A tta c k e rs b a c k tra c k to

w ho

get away by

w ith

d a ta b a s e

th e ft

u s u a lly

c o m p le te

th e ir ta s k c o n tro l

and

th e n

c o v e r th e ir tra c k s use th e m

d e s tro y in g

lo g s ,

e tc . T h e

a tta c k e rs

g a in

o f o th e r

s y s te m s a n d

f o r m a lic io u s a c tiv itie s .

It b e c o m e s d i f f i c u l t t o

id e n tify th e

a t t a c k e r as

th e y use o th e rs ' s y s te m s to p e rfo r m

ille g a l a c tiv itie s .

Module 01 Page 13

Ethical Hacking and Countermeasures Copyright by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.

Ethical Hacking and Countermeasures Introduction to Ethical Hacking

Exam 312-50 Certified Ethical Hacker

E le m e n t s o f I n f o r m a t i o n S e c u r it y

CEH

A s ta te o f w e ll- b e in g o f in fo r m a t io n a n d in fr a s tr u c tu r e in w h ic h th e p o s s ib ility o f t h e f t , t a m p e r in g , a n d d is r u p t io n o f in f o r m a t io n a n d s e rv ic e s is k e p t lo w o r to le r a b le

Assurance that the information is accessible only to those authorized to have access

Assurance that the systems responsible for delivering, storing, and processing information are accessible when required by the authorized users

Guarantee that the sender of a message cannot later deny having sent the message and that the recipient cannot deny having received the message

In te g rity

A v a ila b ility

9 A u th e n tic ity

The trustworthiness of data or resources in terms of preventing improper and unauthorized changes

Authenticity refers to the characteristic of a communication, document or any data that ensures the quality o f being genuine
Copyright by EG-G*ancil. All Rights Reserved. Reproduction is Strictly Prohibited.

,jp

le m

e n t s

f I n

f o

r m

t i o

e c u r it y

''*"

In fo rm a tio n

s e c u rity th e

is

d e fin e d

as:

"A

s ta te

of

w e ll-b e in g

of

in fo rm a tio n

and and

in fra s tru c tu re s e rv ic e s is

in w h i c h lo w or

p o s s ib ility o f th e ft, ta m p e r in g , a n d It re lie s on th e fiv e m a jo r

d is ru p tio n e le m e n ts

o f in fo rm a tio n o f:

kept

to le ra b le ."

c o n fid e n tia lity ,

in te g rity , a v a ila b ility , a u th e n tic ity , a n d n o n -r e p u d ia tio n .

o n f id e n t ia lit y

C o n fid e n tia lity a u th o riz e d to

is

th e

a ssu ra n ce

th a t

th e

in fo rm a tio n

is

a c c e s s ib le

o n ly

to

th o s e

h a ve access. C o n fid e n tia lity b re a c h e s m a y o c c u r d u e to

im p ro p e r d a ta

h a n d lin g

o r a h a c k in g a t t e m p t .

f r

I n t e g r it y

zL ----------

I n t e g r i t y is t h e t r u s t w o r t h i n e s s o f d a t a o r r e s o u r c e s i n t e r m s o f p r e v e n t i n g i m p r o p e r

a n d u n a u t h o r iz e d c h a n g e s , t h e a s s u ra n c e t h a t in f o r m a t io n ca n b e re lie d u p o n t o b e s u ffic ie n tly a c c u r a t e f o r its p u r p o s e .

v a ila b ilit y

"f?

A v a i l a b i l i t y is t h e a ssu ra n ce th a t th e s y s te m s re s p o n s ib le f o r d e liv e rin g , s to rin g , a n d

Module 01 Page 14

Ethical Hacking and Countermeasures Copyright by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.

Ethical Hacking and Countermeasures Introduction to Ethical Hacking

Exam 312-50 Certified Ethical Hacker

p ro c e s s in g in f o r m a t io n a re a c c e s s ib le w h e n r e q u ir e d b y a u th o r iz e d u s e rs .

u t h e n t ic it y

A u th e n tic ity

re fe rs to th e

c h a ra c te ris tic o f a c o m m u n ic a tio n , d o c u m e n t, o r a n y d a ta th e o rig in a l. T h e m a jo r ro le s o f be a n d e n s u rin g th e

t h a t e n s u re s th e q u a lit y o f b e in g g e n u in e o r n o t c o r r u p te d f r o m

a u t h e n t i c a t i o n i n c l u d e c o n f i r m i n g t h a t t h e u s e r is w h o h e o r s h e c l a i m s t o

m e s s a g e is a u t h e n t i c a n d n o t a l t e r e d o r f o r g e d . B i o m e t r i c s , s m a r t c a r d s , a n d d i g i t a l c e r t i f i c a t e s a re u se d t o e n s u re a u th e n tic ity o f d a ta , tra n s a c tio n s , c o m m u n ic a tio n s , o r d o c u m e n ts .

p g jj

o n - r e p u d ia t io n

N o n -re p u d ia tio n

re fe rs

to

th e

a b ility

to

e n s u re

th a t

p a rty

to

c o n tra c t

or

c o m m u n ic a tio n c a n n o t d e n y th e a u t h e n t ic it y o f t h e ir s ig n a tu r e o n a d o c u m e n t o r th e s e n d in g o f a m e s s a g e t h a t t h e y o r i g i n a t e d . I t is a w a y t o g u a r a n t e e t h a t t h e s e n d e r o f a m e s s a g e c a n n o t la te r d e n y m essage. h a v in g se n t th e m essage and th a t th e re c ip ie n t c a n n o t d e n y h a v in g re c e iv e d th e

Module 01 Page 15

Ethical Hacking and Countermeasures Copyright by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.

Ethical Hacking and Countermeasures Introduction to Ethical Hacking

Exam 312-50 Certified Ethical Hacker

T h e S e c u r ity , F u n c t io n a lit y , a n d U s a b ilit y T r i a n g l e CEH

| j :

M o vin g th e ball to w a rd s se cu rity means less fu n c tio n a lity and u sa b ility

F unc c tio n a lity (F e a tu re s)

S e c u rity ( R e s tr ic tio n s )

.is
l i t y , a n d U

U s a b ility (G U I)

Copyright by EG-G*ancil. All Rights Reserved. Reproduction Is Strictly Prohibited.

T h e

e c u r it y ,

c t i o

s a

i l i t y

r i a

l e

T e c h n o l o g y is e v o l v i n g a t a n u n p r e c e d e n t e d r a t e . A s a r e s u l t , n e w p r o d u c t s t h a t r e a c h th e m a rk e t te n d to be e n g in e e re d f o r e a s y -to -u s e fo r "h o n e s t" p ro file . rese a rch and ra th e r th a n s e c u re c o m p u tin g . T e c h n o lo g y , has not e v o lv e d d e s ig n e rs at th e o fte n

o rig in a lly sam e

d e v e lo p e d as th e

a c a d e m ic th is

p u rp o se s, e v o lu tio n , of

pace

u s e r's

M o re o v e r, th e

d u rin g

s y s te m th e be

o v e rlo o k in c re a s in g

th e

v u ln e ra b ilitie s

d u rin g

in te n d e d

d e p lo y m e n t

s y s te m . m o re

H o w e v e r,

b u ilt-in

d e fa u lt s e c u rity m e c h a n is m s

m e a n s u s e rs h a v e to

c o m p e te n t. As

c o m p u t e r s a r e u s e d f o r m o r e a n d m o r e r o u t i n e a c t i v i t i e s , i t is b e c o m i n g i n c r e a s i n g l y d i f f i c u l t f o r s y s te m a d m in is tr a to rs and o th e r s y s te m p ro fe s s io n a ls to a llo c a te reso u rce s e x c lu s iv e ly fo r

s e c u r in g s y s te m s . T h is in c lu d e s t im e n e e d e d t o c h e c k lo g file s , d e t e c t v u ln e r a b ilit ie s , a n d a p p ly s e c u rity u p d a te p a tc h e s . R o u tin e a c tiv itie s consum e s y s te m to a d m in is tra to rs d e p lo y has and tim e , le a v in g s e cu re dem and le s s tim e fo r v ig ila n t a

a d m in is tra tio n . T h e re re g u la r and

is l i t t l e t i m e b a s is .

m e a su re s an d th e IC T

c o m p u tin g fo r

reso u rce s on

in n o v a tiv e to

T h is

in c re a s e d d e fe n d

d e d ic a te d and

s e c u rity

p ro fe s s io n a ls T e c h n o lo g y ) O rig in a lly , to

c o n s ta n tly

m o n ito r

( In fo rm a tio n

C o m m u n ic a tio n

reso u rce s. "hack" m e a n t to possess e x tra o rd in a ry c o m p u te r s k ills t o e x te n d th e lim its of

c o m p u te r s y s te m s .

H a c k in g

re q u ire d

g re a t p ro fic ie n c y .

H o w e v e r, to d a y th e re

a re

a u to m a te d

Module 01 Page 16

Ethical Hacking and Countermeasures Copyright by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.

Ethical Hacking and Countermeasures Introduction to Ethical Hacking

Exam 312-50 Certified Ethical Hacker

to o ls a n d c o d e s a v a ila b le o n t h e I n t e r n e t t h a t m a k e it p o s s ib le f o r a n y o n e w it h a w ill a n d d e s ire to hack and succeed. M e r e c o m p r o m is e o f th e s e c u rity o f a s y s te m d o e s n o t d e n o te success. T h e re a re w e b s ite s th a t in s is t o n " t a k i n g b a c k t h e n e t " as w e l l a s p e o p l e w h o b e l i e v e t h a t t h e y a r e d o i n g a ll a f a v o r b y p o s tin g e x p lo it d e ta ils . T h e s e c a n a c t as a d e t r i m e n t a n d c a n b r i n g d o w n t h e s k ill le v e l r e q u i r e d

t o b e c o m e a s u c c e s s fu l a tta c k e r. T h e e a s e w it h w h ic h s y s te m v u ln e r a b ilitie s ca n b e e x p lo ite d h a s in c re a s e d w h ile t h e k n o w le d g e c u rv e re q u ire d to p e rfo r m su ch e x p lo its has s h o rte n e d . T h e c o n c e p t o f th e e lite /s u p e r a tta c k e r

is a n i l l u s i o n . H o w e v e r , t h e f a s t - e v o l v i n g g e n r e o f " s c r i p t k i d d i e s " is l a r g e l y c o m p r i s e d o f l e s s e r s k ille d in d iv id u a ls h a v in g se co n d -h a n d k n o w le d g e o f p e rfo rm in g e x p lo its . lie s in t h e One o f th e m a in

im p e d im e n ts c o n trib u tin g to th e g ro w th

o f s e c u rity in fra s tr u c tu r e

u n w illin g n e s s o f

e x p lo ite d o r c o m p r o m is e d v ic tim s t o r e p o r t t h e in c id e n t f o r fe a r o f lo s in g t h e g o o d w ill a n d fa ith of th e ir e m p lo y e e s , a s s e ts c u s to m e rs , th e p a rtn e rs , m a rke t a n d /o r has seen of lo s in g m a rke t sh a re . th in k in g The tre n d of

in fo rm a tio n

in flu e n c in g

m o re

c o m p a n ie s

tw ic e

b e fo re

r e p o r tin g in c id e n ts to la w e n fo r c e m e n t f o r fe a r o f b a d p re ss a n d n e g a tiv e p u b lic ity . T h e in c r e a s in g ly n e t w o r k e d e n v ir o n m e n t , w i t h c o m p a n ie s o f t e n h a v in g t h e i r w e b s it e as a s in g le p o in t o f c o n ta c t a cro ss g e o g ra p h ic a l to p re v e n t e x p lo its b o u n d a rie s , th a t can m akes re s u lt in it c ritic a l f o r lo s s of an a d m in is tra to rs im p o r ta n t to ta k e why

c o u n te rm e a s u re s

re a so n

c o r p o r a t i o n s n e e d t o in v e s t in s e c u r i t y m e a s u r e s t o p r o t e c t t h e i r i n f o r m a t i o n a s s e ts .

Module 01 Page 17

Ethical Hacking and Countermeasures Copyright by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.

Ethical Hacking and Countermeasures Introduction to Ethical Hacking

Exam 312-50 Certified Ethical Hacker

d u l e

lo w

l r ' 5 , So fa r we d is c u s s e d in fo rm a tio n s e c u rity . Now we w ill d is c u s s th re a ts and a tta c k

v e c to r s o f in fo r m a t io n s e c u rity .

|~ U E el-------

In fo r m a tio n S e c u rity O v e r v ie w

H a c k in g P h a se s

I n f o r m a tio n S e c u rity T h re a ts M a n d A tta c k V e c to rs

* - . . | T yp e s o f A tta c k s

H a c k in g C o n c e p ts

In fo r m a tio n S e c u rity C o n tro ls

T h is s e c tio n

in tro d u c e s

you

to

to p

in fo rm a tio n

s e c u rity

a tta c k

v e c to rs , th e

p o s s ib le

s e c u rity

t h r e a t s t o v a lu a b le in fo r m a tio n , a n d th e g o a ls o f a tta c k e r s w h o p e r fo r m s y s te m s .

a tta c k s o n in fo rm a tio n

Module 01 Page 18

Ethical Hacking and Countermeasures Copyright by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.

Ethical Hacking and Countermeasures Introduction to Ethical Hacking

Exam 312-50 Certified Ethical Hacker

T o p I n f o r m a t i o n S e c u r it y A tta c k V e c to rs
V irtua liza tion and Cloud C om puting Organized Cyber Crime Un-patched Softw are Targeted M alw ares Social N etw o rkin g

CEH

?a

IF 3I

't t A

,
! j

Insider Threats

In fo rm a tio n
Complexity of Computer Infrastructure

S y s te m s

9
Compliance to Govt. Laws and Regulations Mobile Device Security Inadequate Security Policies Network Applications

?ft
Lack o f Cyber Security Professionals
Copyright by EG-G*ancil. All Rights Reserved. Reproduction Is Strictly Prohibited.

T o p

I n

f o

r m

t i o

e c u r it y

t t a c k

e c t o r s

An in fo rm a tio n

a tta c k s y s te m

v e c to r to

is

p a th

or

m eans

by

w h ic h

an

a tta c k e r

g a in s

access

to

an

p e rfo rm

m a lic io u s a c t iv it ie s . T h is a t t a c k v e c t o r e n a b le s a n a t t a c k e r t o in o r d e r t o c a r r y o u t a

t a k e a d v a n t a g e o f t h e v u l n e r a b i l i t i e s p r e s e n t in t h e i n f o r m a t i o n s y s t e m p a rtic u la r a tta c k . A lth o u g h th e re a re com e som e in tra d itio n a l fo rm s ; a tta c k s one v e c to rs fro m w h ic h

a tta c k fo rm

can

be

p e rfo rm e d ,

a tta c k v e c to rs com e. The fo llo w in g

m any

cannot

p r e d i c t in w h i c h

an

a tta c k v e c to r can

a re

th e

p o s s ib le

to p

a tta c k

v e c to rs

th ro u g h

w h ic h

a tta c k e rs

can

a tta c k

in fo r m a tio n s y s te m s : 0 0 0 0 0 0 V ir t u a liz a t io n a n d C lo u d C o m p u t in g O rg a n iz e d C y b e r C rim e U n p a tc h e d S o ftw a re T a rg e te d M a lw a re S o c ia l N e t w o r k i n g In s id e r T h re a ts

Module 01 Page 19

Ethical Hacking and Countermeasures Copyright by EC-COUIlCil All Rights Reserved. Reproduction is Strictly Prohibited.

Ethical Hacking and Countermeasures Introduction to Ethical Hacking

Exam 312-50 Certified Ethical Hacker

0 0 0 0 0 0 0 0

B o tn e ts Lack o f C y b e r S e c u rity P ro fe s s io n a ls N e tw o r k A p p lic a tio n s I n a d e q u a t e S e c u r it y P o lic ie s M o b ile D e v ic e S e c u r ity C o m p lia n c e w it h G o v t. L a w s a n d R e g u la tio n s C o m p le x ity o f C o m p u te r In fra s tru c tu re H a c k tiv is m

Module 01 Page 20

Ethical Hacking and Countermeasures Copyright by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.

Ethical Hacking and Countermeasures Introduction to Ethical Hacking

Exam 312-50 Certified Ethical Hacker

M I n

o f o

t i v e s , r m a

G t i o

o a ls , n S

a n d

O A

b j e

c t i v e s

e c u r it y

t t a c k s

A tta c k s

A t t a c k s = M o t i v e ( G o a l) + M e t h o d + V u l n e r a b i l i t y

A tta c k e rs ha ve m o tiv e s o r g o a ls such as d is r u p tin g b u s in e s s c o n tin u ity , in fo r m a tio n t h e ft, d a ta m a n ip u la tio n s , o r ta k in g re ve n g e

G o a ls

A m o tiv e o rig in a te s o u t o f th e n o tio n th a t th e ta r g e t

M o tiv e s

s y s te m s to re s o r p ro c e s s e s s o m e th in g v a lu a b le an d th is lead s to th r e a t o f an a tta c k o n th e system

A tta c k e rs t r y v a rio u s to o ls , a tta c k m e th o d s , a n d te c h n iq u e s to e x p lo it v u ln e r a b ilitie s in a c o m p u te r s ystem o r s e c u rity p o lic y a n d c o n tro ls to a c h ie v e t h e ir m o tiv e s

/ O b je c tiv e s

'

Copyright by EG-G*ancil. All Rights Reserved. Reproduction Is Strictly Prohibited.

M -E l S

t i v e s , A

o a ls , t t a c k s

a n d

b je c t iv e s

f I n

f o

r m

t i o

e c u r it y

A tta c k e r s g e n e r a lly h a v e m o tiv e s o r g o a ls o r o b je c tiv e s b e h in d p e r f o r m in g in fo r m a t io n s e c u rity a tta c k s . It m ay be to d is ru p t th e b u s in e s s c o n tin u ity of th e ta rg e t o rg a n iz a tio n , to s te a l

v a lu a b le in f o r m a t io n , f o r th e s a k e o f c u r io s ity , o r e v e n t o ta k e r e v e n g e o n t a r g e t o rg a n iz a tio n . T h e r e f o r e , th e s e m o tiv e s o r g o a ls d e p e n d o n t h e a tta c k e r 's s ta te o f m in d , f o r w h a t re a s o n h e o r s h e is c a r r y i n g o u t s u c h a n a c t i v i t y . O n c e , t h e a t t a c k e r d e t e r m i n e s h is /h e r g o a l, h e o r s h e ca n

a c c o m p l i s h t h e g o a l b y a d o p t i n g v a r i o u s t e c h n i q u e s t o e x p l o i t v u l n e r a b i l i t i e s in a n i n f o r m a t i o n s y s te m o r s e c u rity p o lic y a n d c o n tro ls .

Module 01 Page 21

Ethical Hacking and Countermeasures Copyright by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.

Ethical Hacking and Countermeasures Introduction to Ethical Hacking

Exam 312-50 Certified Ethical Hacker

In f o r m a t io n S e c u r ity T h r e a ts

CEH

N a tu ra l T h re a ts

P h y s ic a l S e c u rity T h re a ts

H um an T h re a ts

Q Q Q

N a tu ra l dis a s te rs F lo o d s

Loss o r d a m a g e o f s y ste m re so u rce s

H ackers In sid e rs S ocial e n g in e e rin g Lack o f k n o w le d g e a n d a w a re n e s s

E a rth q u a k e s H u rric a n e s

P hysical in tru s io n Q S a b o ta g e , e s p io n a g e a n d e rro rs

0 ,

I
Copyright by E C - G t n c i. All Rights Reserved. Reproduction is Strictly Prohibited.

I n

f o

r m

t i o

e c u r it y

h r e a t s

I n f o r m a t io n s e c u r ity t h r e a t s a re b r o a d ly c la s s ifie d in t o t h r e e c a te g o r ie s , as fo llo w s :

a tu r a l T h r e a ts

N a tu ra l th re a ts an y n a tu re -c re a te d

in c lu d e

n a tu r a l d is a s te rs s u c h as e a rth q u a k e s , h u rric a n e s , flo o d s , o r In fo rm a tio n dam age o r lo s t d u e t o n a tu ra l

d is a s te r th a t c a n n o t b e s to p .

t h r e a t s c a n n o t b e p r e v e n t e d a s n o o n e k n o w s in a d v a n c e t h a t t h e s e t y p e s o f t h r e a t s w i l l o c c u r . H o w e ve r, yo u can im p le m e n t a fe w s a fe g u a r d s a g a in s t n a tu r a l d is a s te rs b y a d o p t in g d is a s te r

r e c o v e r y p la n s a n d c o n t in g e n c y p la n s .

P h y s ic a l

S e c u r it y

T h r e a ts

P h y s ic a l t h r e a t s m a y i n c lu d e lo s s o r d a m a g e o f s y s t e m th e ft, and p h y s ic a l im p a c t. P h y s ic a l im p a c t o n reso u rce s can

re s o u rc e s t h r o u g h fire , w a te r , be due to a c o llis io n o r o th e r

d a m a g e , e ith e r in te n tio n a lly o r u n in te n tio n a lly . use d to s to re in fo rm a tio n .

S o m e t im e s , p o w e r m a y a ls o d a m a g e h a r d w a r e

H u m

a n

T h r e a ts

Hum an

th re a ts

in c lu d e th re a ts o f a tta c k s p e r fo r m e d

by b o th

in s id e rs a n d

o u ts id e rs .

Module 01 Page 22

Ethical Hacking and Countermeasures Copyright by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.

Ethical Hacking and Countermeasures Introduction to Ethical Hacking

Exam 312-50 Certified Ethical Hacker

In s id e r a tta c k s a tta c k s re fe r to can o f th e

re fe r to a tta c k s th e

a tta c k s

p e rfo rm e d by to

by

d is g ru n tle d p e o p le

or

m a lic io u s th e

e m p lo y e e s .

O u ts id e r In s id e r s e c u rity

p e rfo rm e d

m a lic io u s

n o t w ith in as t h e y

o rg a n iz a tio n . know th e

a tta c k e rs p o s tu re

be

b ig g e s t t h r e a t

in fo rm a tio n

s y s te m

m ay

in fo rm a tio n

s y s te m , w h ile

o u ts id e r a tta c k e rs a p p ly

m a n y tr ic k s s u c h as s o c ia l

e n g in e e r in g t o le a rn t h e s e c u rity p o s tu r e o f t h e in f o r m a t io n s y s te m .

Module 01 Page 23

Ethical Hacking and Countermeasures Copyright by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.

Ethical Hacking and Countermeasures Introduction to Ethical Hacking

Exam 312-50 Certified Ethical Hacker

I n

f o

r m

t i o

e c u r it y

h r e a t s

( C

o n t d )

4r

K ir H u m a n t h r e a t s c a n b e f u r t h e r c la s s ifie d in t o t h r e e t y p e s , as f o llo w s :

e tw

o r k

T h r e a ts

by

A n e t w o r k is d e f i n e d c o m m u n ic a tio n c h a n n e ls to

as t h e s h a re

c o lle c tio n reso u rce s

o f c o m p u te rs a nd o th e r h a rd w a re and in fo rm a tio n . As th e

c o n n e c te d tra v e ls

in fo rm a tio n

fro m

o n e c o m p u te r to th e o th e r th r o u g h th e c o m m u n ic a tio n c h a n n e l, a m a lic io u s p e rs o n m a y c o m m u n ic a tio n c h a n n e l a n d s te a l th e in fo rm a tio n tra v e lin g o v e r th e n e tw o rk .

b re a k in to th e

T h e a tta c k e r ca n im p o s e v a rio u s th re a ts o n a ta r g e t n e tw o r k : 0 0 0 0 0 0 0 In fo rm a tio n g a th e rin g S n iffin g a n d e a v e s d r o p p in g S p o o fin g S e s s io n h ija c k in g a n d m a n - i n - t h e - m i d d le a tta c k s SQL in je c tio n A R P P o is o n in g P a s s w o rd -b a s e d a tta c k s

Module 01 Page 24

Ethical Hacking and Countermeasures Copyright by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.

Ethical Hacking and Countermeasures Introduction to Ethical Hacking

Exam 312-50 Certified Ethical Hacker

D e n ia l o f s e rv ic e a tta c k C o m p ro m is e d -k e y a tta c k

vL

H o s t T h r e a ts

H o s t t h r e a t s a re d ir e c te d a t a p a r tic u la r s y s te m o n w h ic h v a lu a b le in f o r m a t io n re s id e s . A tta c k e rs try to b re a ch th e s e c u rity o f th e in fo rm a tio n s y s te m re so u rce . T he fo llo w in g a re

p o s s ib le th r e a t s t o t h e h o s t: 0 0 0 0 0 0 M a lw a re a tta c k s T a rg e t F o o tp rin tin g P a s s w o rd a tta c k s D e n ia l o f s e rv ic e a tta c k s A rb itra ry c o d e e x e c u tio n U n a u th o riz e d access P riv ile g e e s c a la tio n B a ck d o o r A tta c k s P h y s ic a l s e c u r it y t h r e a t s

p p lic a t io n

T h r e a ts

If th e p a rtic u la r a tta c k s .

p ro p e r

s e c u rity th e

m e a su re s

a re be

not

c o n s id e re d to

d u rin g d iffe re n t

d e v e lo p m e n t ty p e s

of

th e

a p p lic a tio n , ta k e

a p p lic a tio n of

m ig h t

v u ln e ra b le

o f a p p lic a tio n to s te a l or

A tta c k e rs

a d v a n ta g e

v u ln e ra b ilitie s

p re se n t

in

th e

a p p lic a tio n

d a m a g e t h e in f o r m a t io n . T h e f o llo w in g a re p o s s ib le th r e a t s t o t h e a p p lic a tio n : 0 0 0 0 D a ta /In p u t v a lid a tio n A u th e n tic a tio n a n d A u th o riz a tio n a tta c k s C o n fig u ra tio n m a n a g e m e n t In f o r m a t io n d is c lo s u re S e s s io n m a n a g e m e n t is s u e s B u f f e r o v e r f l o w is s u e s C ry p to g ra p h y a tta c k s P a ra m e te r m a n ip u la tio n Im p r o p e r e r r o r h a n d lin g a n d e x c e p tio n m a n a g e m e n t A u d it in g a n d lo g g in g is s u e s

Module 01 Page 25

Ethical Hacking and Countermeasures Copyright by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.

Ethical Hacking and Countermeasures Introduction to Ethical Hacking

Exam 312-50 Certified Ethical Hacker

In fo r m a tio n W a rfa re

CEH

T h e te r m in fo r m a t io n w a rfa re o r In fo W a r re fe rs to th e u se o f in f o r m a t io n a n d c o m m u n ic a tio n te c h n o lo g ie s (IC T) to ta k e c o m p e titiv e a d v a n ta g e s o v e r an o p p o n e n t

D e fe n s iv e I n f o r m a t io n W a r fa r e

O ffe n s iv e I n f o r m a t io n W a r fa r e

It refers to all stra te g ie s an d a c tio n s to d e fe n d a g a in s t a tta c k s o n ICT assets

It refers to in fo rm a tio n w a rfa re th a t involves a tta c k s a g a in s t ICT assets o f an o p p o n e n t

D e fe n s iv e W a rfa re

a.

Prevention Deterrence Alerts Detection Emergency Preparedness Response

Copyright by EG-G*ancil. All Rights Reserved. Reproduction is Strictly Prohibited.

%
I n f o r m a t i o n W a r f a r e

The

te rm

in fo rm a tio n

w a rfa re

or

In fo W a r

re fe rs

to

th e

use

of

in fo rm a tio n

and

c o m m u n i c a t i o n t e c h n o l o g i e s (IC T ) t o t a k e c o m p e t i t i v e a d v a n t a g e s o v e r a n o p p o n e n t . D e f e n s i v e I n f o r m a t i o n W a r f a r e : It r e f e r s t o a ll s t r a t e g i e s a n d a c t i o n s t o d e f e n d a g a i n s t a t t a c k s o n IC T a s s e t s . O ffe n s iv e In fo rm a tio n W a rfa re : It r e f e r s t o in fo rm a tio n w a rfa re t h a t in v o lv e s a tta c k s a g a in s t

IC T a s s e t s o f a n o p p o n e n t .

D e fe n s iv e W a r fa r e P reve ntion D ete rren ce A le rts D ete ctio n Em ergency Preparedness Response

O ffe n s iv e W a r fa r e

FIGURE 1.2: D e fe n s iv e a n d O ffe n s iv e W a rfa re D ia g ra m

Module 01 Page 26

Ethical Hacking and Countermeasures Copyright by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.

Ethical Hacking and Countermeasures Introduction to Ethical Hacking

Exam 312-50 Certified Ethical Hacker

IP v 6 S e c u r ity T h r e a ts
A u to C o n f ig u r a t io n T h r e a t s

CEH

IPv6 enables auto-configuration o f IP networks, which may leave user vulnerable to attacks if the netw ork is not configured properly and securely from the very beginning

U n a v a ila b ilit y R e p u ta tio n - b a s e d P r o t e c t io n Current security solutions use reputation o f IP addresses to filte r ou t known sources o f malware; vendors w ill take tim e to develop reputationbased protection fo r IPv6

I n c o m p a t ib ilit y o f L o g g in g S y s te m s IPv6 uses 128-bit addresses, which are stored as a 39-digit string whereas IPv4 addresses stored in a 15-character field; logging solutions designed for IPv4 may not w ork on IPv6 based networks

Rate Limiting Problem


Administrators use rate lim itin g strategy to slow down the automated attack tool; however, it is impractical to rate lim it at the 128-bit address level

Copyright by EG-G*ancil. All Rights Reserved. Reproduction Is Strictly Prohibited.

I P

v 6

e c u r it y

h r e a t s

C o m p a re d

to

IP v4 , IP v 6 h a s a n

im p ro v e d

s e c u rity

m e c h a n is m

th a t a ssu re s a h ig h e r H o w e v e r,

le v e l o f s e c u rity a n d c o n f id e n t ia lit y f o r t h e

in fo rm a tio n tra n s fe rre d

o v e r a n e tw o rk .

I P v 6 is s t i l l v u l n e r a b l e . I t s t i l l p o s s e s s e s i n f o r m a t i o n s e c u r i t y t h r e a t s t h a t i n c l u d e :

A u to

o n f ig u r a t io n

T h r e a ts

IP v 6 e n a b le s a u t o - c o n f ig u r a t io n

o f IP n e t w o r k s , w h i c h

m a y le a v e

u s e r v u ln e ra b le to

a t t a c k s i f t h e n e t w o r k is n o t c o n f i g u r e d p r o p e r l y a n d s e c u r e l y f r o m t h e b e g i n n i n g .

n a v a ila b ilit y

R e p u ta tio n - b a s e d

P r o te c tio n

C u rre n t

s e c u rity

s o lu tio n s

use

th e

re p u ta tio n

of

IP a d d r e s s e s

to

filte r

out

know n

s o u r c e s o f m a l w a r e ; v e n d o r s w i l l t a k e t i m e t o d e v e l o p r e p u t a t i o n - b a s e d p r o t e c t i o n f o r IP v 6 .

5
. .

I n c o m

p a t ib ilit y

o f L o g g in g

S y s te m

IP v 6

uses

1 2 8 -b it

a d d re s se s,

w h ic h

a re

s to re d

as

3 9 -d ig it

s trin g ,

w h e re a s

IP v 4

a d d re s s e s a re s to re d

in a 1 5 - c h a r a c t e r f i e l d ; lo g g in g s o l u t i o n s d e s i g n e d f o r IP v 4 m a y n o t w o r k

o n IP v6 -b a se d n e tw o rk s .

Module 01 Page 27

Ethical Hacking and Countermeasures Copyright by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.

Ethical Hacking and Countermeasures Introduction to Ethical Hacking

Exam 312-50 Certified Ethical Hacker

R a te

L im

it in g

P r o b le m

A d m in is tra to rs

use a ra te

lim itin g s tra te g y to

s lo w

down

th e

a u to m a te d

a tta c k to o l;

h o w e v e r , i t is i m p r a c t i c a l t o r a t e l i m i t a t t h e 1 2 8 - b i t a d d r e s s l e v e l .

Module 01 Page 28

Ethical Hacking and Countermeasures Copyright by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.

Ethical Hacking and Countermeasures Introduction to Ethical Hacking

Exam 312-50 Certified Ethical Hacker

IP v 6 S e c u r ity T h r e a ts
( C o n t d )

q e
(itifwtf

\\

ttfciu! Nm Im

D e fa u lt IP v 6 A c tiv a tio n IPv6 may be activated w ith o u t ad m in is tra to r's know ledge, which w ill leave IPv4-based security controls ineffective

C o m p le x ity o f N e tw o r k M anagem ent Tasks

< M >

A dm inistrators may a d o p t easy-torem em b er addresses (::10,::20,::FOOD,


::C 5 C 0 o r simply IPv4 last o cte t fo r dual stack) leading to potential vulnerability

N 4 <r
t 3

O v e r lo a d in g o f P e r im e te r S e c u r it y C o n t r o ls IPv6 has a 40-byte fixed header w ith an addon "extension header" tha t may be chained, which require a complex processing by various security controls systems such as routers, security gateways, firewalls and IDSes

C o m p l e x i t y in V u l n e r a b i l i t y A ssessm ent

OO
( C

IPv6's 128-bit address space makes active scanning o f in fra stru ctu re fo r unauthorized o r vulnerable systems m ore com plex

Copyright by EG-G*ancil. All Rights Reserved. Reproduction Is Strictly Prohibited.

I P

v 6

e c u r it y

h r e a t s

o n t d )

Y o u m a y a ls o f in d t h e f o l l o w i n g t h r e a t s w h e n u s in g IP v6 :

e fa u lt

IP v 6

A c t iv a t io n

IP v 6 m a y b e a c t iv a t e d

w ith o u t th e

a d m in is tr a to r's

k n o w le d g e , w h ic h

w ill le a v e IP v 4 -

b a se d s e c u rity c o n tro ls in e ffe c tiv e .

[1 - j

o m

p le x it y

o f N

e tw

o r k

a n a g e m

e n t

T a s k s

A d m in is tra to rs

m ay

adopt

e a s y -to -re m e m b e r

a d d re s s e s

(: : 1 0 , : : 2 0 , : :

fo o d

c 5 c o o r s im p ly IP v 4 la s t o c t e t f o r d u a l s ta c k ) le a d in g t o a p o te n tia l v u ln e r a b ility .

o m

p le x it y

in

u ln e r a b ilit y

A s s e s s m

e n t

c *

I P v 6 s 1 2 8 - b i t a d d r e s s s p a c e m a k e s a c t i v e s c a n n i n g o f i n f r a s t r u c t u r e f o r u n a u t h o r i z e d

o r v u ln e ra b le s y s te m s m o r e c o m p le x .

v e r lo a d in g

o f P e r im

e te r

S e c u r it y

o n tr o ls

IP v 6 c h a in e d ,

has a 4 0 -b y te re q u ire s

fix e d

h e a d e r w ith p ro c e s s in g

an by

a d d -o n v a rio u s

" e x te n s io n s e c u rity

h e a d e rs"

th a t

m ay such

be as

w h ic h

c o m p le x

c o n tro ls

s y s te m s

r o u t e r s , s e c u r i t y g a t e w a y s , f i r e w a l l s , a n d ID S .

Module 01 Page 29

Ethical Hacking and Countermeasures Copyright by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.

Ethical Hacking and Countermeasures Introduction to Ethical Hacking

Exam 312-50 Certified Ethical Hacker

IP v 6 S e c u r ity T h r e a ts
( C o n t d )

EH
tthKJl IlMkM

IPv4 to IPv6 Translation Issu e s


T ra n sla tin g IPv4 tra ffic to IPv6 m ay re s u lt in a p o o r im p le m e n ta tio n and m ay p ro v id e a p o te n tia l a tta c k v e c to r

S e c u r i t y I n f o r m a t i o n a n d E v e n t M a n a g e m e n t ( S I E M ) P r o b le m s Every IPv6 h o s t can have m u ltip le IPv6 addresses s im u lta n e o u sly, w h ic h leads to c o m p le x ity o f log o r e ve n t c o rre la tio n

Denlal-of-Servlce (DOS)
O ve rlo a d in g o f n e tw o rk s e c u rity and c o n tro l devices can s ig n ific a n tly re d u ce th e a v a ila b ility th re s h o ld o f n e tw o rk resources le a d in g to DoS attacks

Trespassing
IPv6's ad vanced n e tw o rk disco ve ry fe a tu re s can be e x p lo ite d by attackers tra v e rs in g th ro u g h y o u r n e tw o rk an d accessing th e re s tric te d resources

Copyright by EG-G*ancil. All Rights Reserved. Reproduction is Strictly Prohibited.

I P
W W W

v 6

e c u r it y

h r e a t s

( C

o n t d )

T h e f o l l o w i n g IP v 6 s e c u r it y t h r e a t s c a n a ls o c a u s e s e r i o u s d a m a g e t o y o u r n e t w o r k :

IP v 4

to

IP v 6

T r a n s la t io n

Is s u e s

T r a n s l a t i n g IP v 4 t r a f f i c t o IP v 6 m a y r e s u l t in p o o r i m p l e m e n t a t i o n p o te n tia l a tta c k v e c to r.

a n d m a y p ro v id e a

S e c u r it y

I n f o r m s

a t io n

a n d

E v e n t

a n a g e m

e n t

(S IE M

P r o b le m

E v e r y IP v 6 h o s t c a n h a v e m u l t i p l e lo g o r e v e n t c o r r e la tio n .

IP v 6 a d d r e s s e s s im u l t a n e o u s l y , w h i c h le a d s t o c o m p l e x i t y o f

e n ia l- o f- s e r v ic e

(D O S )

O v e rlo a d in g

of

n e tw o rk

s e c u rity

and

c o n tro l

d e v ic e s

can

s ig n ific a n tly

re d u ce

th e

a v a ila b ility th r e s h o ld o f n e t w o r k re s o u rc e s , le a d in g t o D oS a tta c k s .

T r e s p a s s in g

IP v 6 's a d v a n c e d

n e tw o rk

d is c o v e ry fe a tu r e s

can

be e x p lo ite d

by a tta c k e rs

w ho

can

tra v e rs e th ro u g h y o u r n e tw o rk a n d access th e re s tric te d re s o u rc e s .

Module 01 Page 30

Ethical Hacking and Countermeasures Copyright by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.

Ethical Hacking and Countermeasures Introduction to Ethical Hacking

Exam 312-50 Certified Ethical Hacker

F lo w

CEH
(rtifwd itkitjl

^ ^ H a c k in g P hases T ypes of A tta c k s In fo rm a tio n S e c u r ity C o n tro ls

Copyright by EG-G*ancil. All Rights Reserved. Reproduction Is Strictly Prohibited.

d u l e

lo w

S o f a r w e h a v e d is c u s s e d i n f o r m a t i o n s e c u r i t y , its t h r e a t s a n d a t t a c k v e c t o r s . N o w w e w ill d is c u s s h o w a n a t t a c k e r c o m p r o m i s e s i n f o r m a t i o n s e c u r it y w i t h t h e h e lp o f a t t a c k v e c t o r s .

|~ U E el------^

In fo r m a tio n S e c u rity O v e r v ie w

H a c k in g P h a se s

In fo r m a tio n S e c u rity T h re a ts a n d A tta c k V e c to rs

* - . . | T yp e s o f A tta c k s

H a c k in g C o n c e p ts

In fo r m a tio n S e c u rity C o n tro ls

T h is s e c tio n w ill f a m ilia r iz e y o u w i t h t h e c o n c e p t o f e th ic a l h a c k in g , h o w it d iffe r s f r o m t h e e f f e c t s o f h a c k in g a c t iv it ie s o n b u s in e s s , a n d d i f f e r e n t c la s s e s o f a t t a c k e r s .

h a c k in g ,

Module 01 Page 31

Ethical Hacking and Countermeasures Copyright by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.

Ethical Hacking and Countermeasures Introduction to Ethical Hacking

Exam 312-50 Certified Ethical Hacker

H a c k in g v s . E th ic a l H a c k in g

H a c k in g re fe rs t o e x p lo it in g s y s te m v u ln e r a b ilit ie s a n d c o m p r o m is in g s e c u r it y c o n t r o ls t o g a in u n a u th o r iz e d o r in a p p r o p r ia t e a c c e ss t o t h e s y s te m re s o u rc e s

It in v o lv e s m o d if y in g s y s te m o r a p p lic a t io n f e a t u r e s t o a c h ie v e a g o a l o u ts id e o f t h e c r e a to r 's o r ig in a l p u rp o s e

E th ic a l h a c k in g in v o lv e s t h e u se o f h a c k in g to o ls , tr ic k s , a n d te c h n iq u e s t o i d e n t i f y v u ln e r a b ilit ie s so as t o e n s u re s y s te m s e c u r ity

It fo c u s e s o n s im u la tin g te c h n iq u e s u s e d b y a tta c k e rs t o v e r if y t h e e x is te n c e o f e x p lo it a b le v u ln e r a b ilit ie s in t h e s y s te m s e c u r ity

Copyright by EG-G*ancil. All Rights Reserved. Reproduction is Strictly Prohibited.

a c k i n g

v s .

t h

i c a

a c k i n g

M o s t p e o p le d o n o t u n d e rs ta n d th e d iffe re n c e te rm s can be d iffe re n tia te d H o w e ve r, o n th e

b e tw e e n

h a c k in g a n d e th ic a l h a c k in g . o f th e of p e o p le h a cke rs w ho can a re be

These tw o p e rfo rm in g

b a s is o f t h e th e

in te n tio n s tru e

h a c k in g

a c tiv ity .

u n d e rs ta n d in g

in te n tio n s

q u ite d iffic u lt.

a c k in g

H a c k in g c o n tro ls to g a in s y s te m

re fe rs

to

e x p lo itin g or

s y s te m

v u ln e ra b ilitie s access to th e

and

c o m p ro m is in g reso u rce s. It

s e c u rity in v o lv e s o rig in a l

u n a u th o riz e d or

in a p p ro p ria te to

s y s te m

m o d ify in g p u rp o se .

a p p lic a tio n

fe a tu re s

a c h ie v e

a goal

o u ts id e

o f th e

c r e a to r 's

E t h ic a l H

a c k in g

E th ic a l v u ln e ra b ilitie s

h a c k in g

in v o lv e s th e e n s u re s y s te m

use

o f h a c k in g to o ls , It f o c u s e s

tric k s , a n d on

te c h n iq u e s to te c h n iq u e s

id e n tify used by

so as to

s e c u rity .

s im u la tin g

a t t a c k e r s t o v e r i f y t h e e x i s t e n c e o f e x p l o i t a b l e v u l n e r a b i l i t i e s in t h e s y s t e m s e c u r i t y .

Module 01 Page 32

Ethical Hacking and Countermeasures Copyright by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.

Ethical Hacking and Countermeasures Introduction to Ethical Hacking

Exam 312-50 Certified Ethical Hacker

E f f e c t s o f H a c k i n g o n B u s in e s s

CEH
U rtifM IthKJl lUckM

According to the Symantec 2012 State of information survey, information costs businesses worldwide $1.1 trillio n annually

Theft of customers' personal inform ation may risk the business's reputation and invite lawsuits

Hacking can be used to steal, pilfer, and redistribute intellectual property leading to business loss Botnets can be used to launch various types of DoS and other web-based attacks, which may lead to business down-time and significant loss of revenues Attackers may steal corporate secrets and sell them to competitors, compromise critical financial I information, and leak information to rivals I

C o m p r o m is e In f o r m a t io n

Copyright by EG-G*ancil. All Rights Reserved. Reproduction is Strictly Prohibited.

f f e c t s

a c k i n g

o n

u s in e s s

A c c o rd in g

to

th e

S y m a n te c

2012

S ta te

of

In fo rm a tio n

su rve y,

in fo rm a tio n

c o s ts

b u s in e s s e s w o r l d w i d e $ 1 . 1 t r i l l i o n a n n u a l l y . E v e r y b u s in e s s m u s t p r o v i d e s t r o n g s e c u r i t y f o r its c u s t o m e r s ; o t h e r w i s e t h e b u s in e s s m a y p u t its r e p u t a t i o n a t s ta k e a n d m a y e v e n fa c e la w s u it s . A tta c k e rs use h a c k in g in t u r n te c h n iq u e s to to s te a l, p ilfe r, and re d is trib u te in te lle c tu a l p ro p e rty of

b u s in e s s e s a n d

m a k e fin a n c ia l g a in . A tta c k e r s

m a y p r o fit, b u t th e v ic tim 's

b u s in e s s

m u s t f a c e h u g e f i n a n c i a l lo s s e s a n d m a y e v e n lo s e its r e p u t a t i o n . O n c e a n a t t a c k e r g a in s c o n t r o l o v e r t h e u s e r 's s y s t e m , h e o r s h e c a n a c c e s s a ll t h e f ile s t h a t a r e s to re d on th e c o m p u te r, in c lu d in g p e rs o n a l or c o rp o ra te fin a n c ia l in fo rm a tio n , c re d it ca rd

n u m b e r s , a n d c l i e n t o r c u s t o m e r d a t a s t o r e d o n t h a t s y s t e m . If a n y s u c h i n f o r m a t i o n fa lls i n t o th e w ro n g hands, m ust and it m ay c re a te a chaos in th e to n o rm a l its c ritic a l d a ta fu n c tio n in g in fo rm a tio n is a l t e r e d of an o rg a n iz a tio n . c o n ta in in g

O rg a n iz a tio n s c u s to m e r d a ta

p ro v id e

s tro n g

s e c u rity

s o u rce s

its u p c o m i n g

re le a s e s o r id e a s . If t h e

o r s to le n , a c o m p a n y

m a y lo s e c r e d i b i l i t y a n d t h e t r u s t o f its c u s t o m e r s . In a d d i t i o n t o t h e p o t e n t i a l f i n a n c i a l lo s s t h a t m a y o c c u r , t h e lo s s o f i n f o r m a t i o n m a y c a u s e a b u s in e s s t o lo s e a c r u c ia l c o m p e t i t i v e a d v a n t a g e o v e r its riv a ls . S o m e t i m e s a t t a c k e r s u s e b o t n e t s t o la u n c h v a r i o u s t y p e s o f D o S a n d o t h e r w e b b a s e d a tta c k s . T h is c a u s e s t h e t a r g e t b u s in e s s s e rv ic e s t o g o d o w n , w h ic h lo s s o f r e v e n u e s . in t u r n m a y le a d t o

Module 01 Page 33

Ethical Hacking and Countermeasures Copyright by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.

Ethical Hacking and Countermeasures Introduction to Ethical Hacking

Exam 312-50 Certified Ethical Hacker

T he re

a re

m any

th in g s

th a t

b u s in e s s e s

can

do

to

p ro te c t

th e m s e lv e s

and

th e ir

a s s e ts .

K n o w le d g e

is a k e y c o m p o n e n t i n a d d r e s s i n g t h i s i s s u e . A s s e s s m e n t o f t h e how a tta c k s c o u ld does

ris k p r e v a l e n t in a a s e c u rity th a t can and

b u s in e s s a n d

p o t e n t i a l l y a f f e c t t h a t b u s i n e s s is p a r a m o u n t f r o m be a s e c u rity e x p e rt to an a tta c k e r. By re c o g n iz e th e dam age th e

p o in t o f v ie w . O n e occur when a

n o t have to is v ic tim iz e d

com pany

by

u n d e rs ta n d in g

p ro b le m

e m p o w e r in g e m p lo y e e s to fa c ilita te p r o te c tio n d e a l w i t h a n y s e c u r it y is s u e s as t h e y a ris e .

a g a in s t a tta c k s , t h e c o m p a n y w o u ld

b e a b le t o

Module 01 Page 34

Ethical Hacking and Countermeasures Copyright by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.

Ethical Hacking and Countermeasures Introduction to Ethical Hacking

Exam 312-50 Certified Ethical Hacker

W h o Is a H a c k e r?

CEH

E x c e lle n t C o m p u te r S k ills

H obby

Intelligent individuals w ith excellent com puter skills, w ith the ability to create and explore into the com pute r's softw a re and hardw are

For some hackers, hacking is a hobby to see how many com puters o r networks they can com prom ise

D o I lle g a l T h in g s

M a lic io u s I n t e n t

Their inte ntion can eith er be to gain know ledge or to poke around to do illegal things

Some do hacking w ith malicious intent behind th e ir escapades, like stealing business data, credit card info rm atio n, social security numbers, em ail passwords, etc.

Copyright by EG-G*ancil. All Rights Reserved. Reproduction is Strictly Prohibited.

h o

I s

a c k e r ?

hacker to

is a

p e rs o n s te a l

w ho

ille g a lly d a ta ,

b re a k s

in to

s y s te m

or

n e tw o rk

w ith o u t m ay

any be

a u th o r iz a tio n

d e s tro y ,

s e n s itiv e

o r p e rfo rm

m a lic io u s

a tta c k s .

H a c k e rs

m o tiv a te d b y a m u ltitu d e o f re a s o n s : In te llig e n t in d iv id u a ls w ith e x c e lle n t c o m p u te r s k ills , w ith th e a b ility to c re a te and

e x p lo re th e c o m p u te r 's s o ftw a r e a n d h a r d w a r e Q F o r s o m e h a c k e r s , h a c k i n g is a h o b b y t o s e e h o w m a n y c o m p u t e r s o r n e t w o r k s t h e y c a n c o m p ro m is e 0 0 T h e ir i n t e n t i o n c a n e i t h e r b e t o g a in k n o w l e d g e o r t o p o k e a r o u n d d o in g ille g a l th in g s Som e hack w ith m a lic io u s in te n t, such as s te a lin g b u s in e s s d a ta , c re d it c a rd

i n f o r m a t io n , s o c ia l s e c u r it y n u m b e r s , e m a il p a s s w o rd s , e tc .

Module 01 Page 35

Ethical Hacking and Countermeasures Copyright by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.

Ethical Hacking and Countermeasures Introduction to Ethical Hacking

Exam 312-50 Certified Ethical Hacker

H a c k e r C la s s e s es A
B la c k H a t s
Individuals w ith extra ord ina ry com puting skills, resorting to m alicious o r d estructive activitie s and are also k now n as crackers

C EH C5 O
G ra y H a ts

* &
W h i t e H a ts
Individuals professing hacker skills and using them fo r defensive purposes and are also know n as security analysts

#
S u ic id e H a c k e r s
Individuals w ho aim to bring d ow n critical infrastructure fo r a "cause and are not w orried about facing jail term s o r any o the r kind o f punishm ent

Individuals w ho w ork both offensively and defensively at various tim es

AA
S c r i p t K id d ie s
An unskilled hacker w ho com prom ises system by running scripts, tools, and softw are d eveloped by real hackers

S py H a c k e rs
Individuals em ployed by the o rganization to penetrate and gain trade secrets o f the com p e tito r

&

C y b e r T e r r o r is ts
Individuals w ith w ide range o f skills, m o tivated by religious or p o litica l beliefs to create fear by large-scale d isrup tion o f com puter netw orks

S ta te S p o n s o re d H a c k e rs
Individuals em ployed by the governm ent to penetrate and gain top-secret inform ation and to damage inform ation systems of other governm ents

Copyright by EG-G*ancil. All Rights Reserved. Reproduction is Strictly Prohibited.

a c k e r

la s s e s

H a c k e rs a re m a i n l y d iv id e d i n t o e ig h t c la s s e s :

B la c k

H a ts

B la c k h a ts a re in d iv id u a ls w i t h

e x t r a o r d i n a r y c o m p u t i n g s k ills , r e s o r tin g t o

m a lic io u s

o r d e s t r u c t i v e a c t iv it ie s a n d a r e a ls o k n o w n as c r a c k e r s . T h e s e i n d iv id u a ls m o s t l y u s e t h e i r s k ills f o r o n l y d e s t r u c t i v e a c t iv it ie s , c a u s in g h u g e lo s s e s f o r c o m p a n i e s as w e ll as in d iv id u a ls . T h e y u s e t h e i r s k ills in f i n d i n g v u l n e r a b i l i t i e s in t h e v a r i o u s n e t w o r k s i n c l u d i n g d e f e n s e a n d g o v e r n m e n t w e b s ite s , b a n k in g and fin a n c e , e tc . S o m e do it t o cause d a m a g e , s te a l in fo rm a tio n , d e s tro y

d a ta , o r e a r n m o n e y e a s ily b y h a c k in g ID s o f b a n k c u s to m e r s .

h ite

H a ts

W h ite

h a ts a re

a re a ls o

in d iv id u a ls known

w ho

possess

h a c k in g

s k ills

and

use

th e m

fo r

d e fe n s iv e has h e lp

p u rp o s e s ; th e y s e c u rity

as s e c u r it y a n a ly s ts . T h e s e s y s te m s a g a in s t th e

days,

a lm o s t e v e ry a tta c k s .

com pany h a ts

a n a ly s ts

to

d e fe n d

th e ir

m a lic io u s

W h ite

c o m p a n ie s s e c u re th e ir n e tw o rk s fr o m

o u ts id e in tru d e rs .

Module 01 Page 36

Ethical Hacking and Countermeasures Copyright by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.

Ethical Hacking and Countermeasures Introduction to Ethical Hacking

Exam 312-50 Certified Ethical Hacker

r a y

H a ts

G ray

h a ts a re th e

in d iv id u a ls w h o w h ite and

w o rk

b o th

o ffe n s iv e ly

and

d e fe n s iv e ly h a c ke rs

a t v a rio u s b y fin d in g im p ro v e

tim e s . G r a y h a ts fa ll

b e tw e e n

b la c k h a ts . G ra y h a ts

m ig h t h e lp

v a rio u s v u ln e ra b ilitie s o f a s y s te m

o r n e tw o rk and a t th e

sa m e tim e

h e lp v e n d o r s t o

p r o d u c ts ( s o ftw a r e o r h a rd w a r e ) b y c h e c k in g lim ita tio n s a n d m a k in g t h e m

m o r e s e c u re , e tc .

S u ic id e

H a c k e r s

S u ic id e

h a c ke rs

a re

in d iv id u a ls

w ho

a im

to

b rin g

down

c ritic a l

in fra s tru c tu re

fo r

"c a u s e " a n d a re n o t w o r rie d

a b o u t f a c i n g 3 0 y e a r s in ja i l f o r t h e i r a c t io n s . S u ic id e h a c k e r s a r e

c lo s e ly r e la t e d t o s u ic id e b o m b e r s , w h o s a c rific e t h e i r life f o r t h e a t t a c k a n d a re n o t c o n c e r n e d w i t h t h e c o n s e q u e n c e s o f t h e i r a c t io n s . T h e r e h a s b e e n a r is e in c y b e r t e r r o r i s m in r e c e n t y e a r s .

* jr

S c r ip t

K id d ie s

S c rip t to o ls , and

k id d ie s

a re

th e

u n s k ille d by rea l

h a c k e rs

w ho

c o m p ro m is e u tiliz e

s y s te m s

b y ru n n in g

s c rip ts , or

s o ftw a re

d e v e lo p e d

h a c k e rs . T h e y

s m a ll,

e a s y -to -u s e

p ro g ra m s

s c r ip ts as w e ll as d is t in g u is h e d t e c h n i q u e s t o f in d a n d e x p lo it t h e v u ln e r a b ilit ie s o f a m a c h in e . S c rip t k id d ie s u s u a lly fo c u s o n t h e q u a n t it y o f a tta c k s r a t h e r t h a n t h e q u a lity o f t h e a tta c k s t h a t th e y in itia te .

S p y

a c k e r s

S py h a c k e rs a re g a in t r a d e s e c re ts o f t h e

in d iv id u a ls w h o

a re

e m p lo y e d

b y an o rg a n iz a tio n

to

p e n e tra te

and

c o m p e t it o r . T h e s e in s id e rs c a n ta k e

a d v a n ta g e o f th e

p riv ile g e s t h e y

ha ve to hack a s y s te m o r n e tw o rk .

y b e r

T e r r o r is t s

C y b e r t e r r o r is ts c o u ld th a t have la rg e -s c a le a w id e ra n g e

be p e o p le , o rg a n iz e d g ro u p s fo rm e d m o tiv a te d b y re lig io u s o r p o litic a l

b y t e r r o r is t o rg a n iz a tio n s , b e lie fs , t o c re a te fe a r by

o f s k ills ,

d is ru p tio n

o f c o m p u t e r n e t w o r k s . T h is t y p e

o f h a c k e r is m o r e

d a n g e ro u s as th e y

ca n h a c k n o t o n ly a w e b s ite b u t w h o le In te r n e t zo n e s.

m
S ta te S p o n s o r e d H a c k e r s

S ta te s p o n s o re d

h a c k e rs a re

in d iv id u a ls e m p lo y e d

by th e g o v e rn m e n t to

p e n e tra te

a n d g a in t o p - s e c r e t in f o r m a t io n a n d t o d a m a g e i n f o r m a t i o n s y s te m s o f o t h e r g o v e r n m e n t s .

Module 01 Page 37

Ethical Hacking and Countermeasures Copyright by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.

Ethical Hacking and Countermeasures Introduction to Ethical Hacking

Exam 312-50 Certified Ethical Hacker

H a c k tiv is m

CEH

Hacktivism is an act o f pro m o tin g a p o litica l agenda by hacking, especially by defacing o r disabling websites It thrives in th e en vironm ent w here info rm atio n is easily accessible Aims at sending a message through th e ir hacking activities and gaining visibility fo r th e ir cause Comm on targets include go vernm ent agencies, m u ltin a tio n a l corpora tions, or any o th e r e n tity perceived as bad or w rong by these groups or individuals

It remains a fact, however, th a t gaining unauthorized access is a crim e, no m atter w hat th e inte ntion is

Hacktivism is m otivated by revenge, political o r social reasons, ideology, vandalism, protest, and a desire to h u m iliate victim s

Copyright by EG-G*ancil. All Rights Reserved. Reproduction is Strictly Prohibited.

c k t i v i s m

H a c k tiv is m

is

an

act

of

p ro m o tin g

p o litic a l

agenda

by

h a c k in g ,

e s p e c ia lly

by

d e f a c i n g o r d i s a b l i n g w e b s i t e s . T h e p e r s o n w h o d o e s t h e s e t h i n g s is k n o w n a s a h a c k t i v i s t . Q Q H a c k t i v i s m t h r i v e s i n a n e n v i r o n m e n t w h e r e i n f o r m a t i o n is e a s i l y a c c e s s i b l e It a im s t o s e n d a m e s s a g e t h r o u g h h a c k in g a c t iv it ie s a n d g a in v is ib ilit y f o r a c a u s e . C o m m o n ta r g e ts in c lu d e g o v e r n m e n t a g e n c ie s , m u ltin a t io n a l c o r p o r a tio n s , o r a n y o t h e r e n t it y p e rc e iv e d as " b a d " o r " w r o n g " b y th e s e g ro u p s o r in d iv id u a ls . I t r e m a i n s a f a c t , h o w e v e r , t h a t g a i n i n g u n a u t h o r i z e d a c c e s s is a c r i m e , n o m a t t e r w h a t t h e i n t e n t i o n is. Q H a c k tiv is m is m o t i v a t e d by revenge, p o lit ic a l o r s o c ia l re a s o n s , id e o lo g y , v a n d a lis m ,

p ro te s t, a n d a d e s ire t o h u m ilia te v ic tim s .

Module 01 Page 38

Ethical Hacking and Countermeasures Copyright by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.

Ethical Hacking and Countermeasures Introduction to Ethical Hacking

Exam 312-50 Certified Ethical Hacker

F lo w

CEH
(rtifwd itkitjl

H a c k in g P hases

T ypes of A tta c k s

In fo rm a tio n S e c u r ity C o n tro ls

Copyright by EG-G*ancil. All Rights Reserved. Reproduction is Strictly Prohibited.

5 5

d u l e

lo w

In t h e

p re v io u s s e c tio n , y o u

le a rn e d a b o u t v a rio u s h a c k in g c o n c e p ts . N o w

it's t i m e t o be

d is c u s s t h e h a c k i n g m e t h o d . H a c k in g c a n n o t b e a c c o m p l i s h e d in a s in g le a c t i o n . It n e e d s t o

d o n e in p h a s e s . T h e i n f o r m a t i o n g a t h e r e d o r t h e p r i v i l e g e s g a i n e d in o n e p h a s e c a n b e u s e d in t h e n e x t p h a s e f o r a d v a n c in g t h e p ro c e s s o f h a c k in g .

In fo r m a tio n S e c u rity O v e rv ie w > In fo r m a tio n S e c u rity T h re a ts

[ p s ^ j_

H a c k in g P h a s e s

T yp e s o f A tta c k s a n d A tta c k V e c to rs

H a c k in g C o n c e p ts

In fo r m a tio n S e c u rity C o n tro ls

T h i s s e c t i o n lis ts a n d d e s c r i b e s v a r i o u s p h a s e s i n v o l v e d in h a c k i n g .

Module 01 Page 39

Ethical Hacking and Countermeasures Copyright by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.

Ethical Hacking and Countermeasures Introduction to Ethical Hacking

Exam 312-50 Certified Ethical Hacker

H a c k in g P h a s e s

CEH

_l

Reconnaissance refers to th e p re p a ra to ry phase w h e re an a tta cke r seeks to g a th e r in fo rm a tio n a b o u t a ta rg e t p rio r to laun ching an attack

Could be th e fu tu re p o in t o f re tu rn , no ted fo r ease o f e n try fo r an attack w hen m o re a b o u t th e ta rg e t is kn o w n on a broad scale

-l

Reconnaissance ta rg e t range m ay include th e ta rg e t organization's clients, em ployees, op eratio ns, n e tw o rk, and systems

R e c o n n a is s a n c e T y p e s

M a in t a in in g A ccess

P a s s iv e R e c o n n a is s a n c e Passive reconnaissance involves acquiring inform ation w ithou t directly interacting w ith the target For example, searching public records or news releases s

A c tiv e R e c o n n a is s a n c e Active reconnaissance involves interacting w ith the target directly by any means For example, telephone calls to the help desk or technical departm ent

C le a r in g T ra c k s

I
Copyright by EG-G*ancil. All Rights Reserved. Reproduction Is Strictly Prohibited.

a c k i n g

h a s e s

T h e v a r i o u s p h a s e s i n v o l v e d in h a c k i n g a r e : Q Q Q R e c o n n a is s a n c e S c a n n in g G a in in g A cc e s s M a in ta in in g Access C le a rin g T ra c k s

R e c o n n a is s a n c e

R e c o n n a is s a n c e in fo rm a tio n

re fe rs to th e

p re p a ra to ry

phase w h e re

a n a tta c k e r g a th e r s as m u c h a t t a c k . A ls o in t h i s p h a s e , t h e

as p o s s ib le a b o u t t h e t a r g e t p r io r t o

la u n c h in g th e

a t t a c k e r d r a w s o n c o m p e t it iv e in t e llig e n c e t o le a r n m o r e a b o u t t h e t a r g e t . T h is p h a s e m a y a ls o in v o lv e n e t w o r k s c a n n in g , e it h e r e x te rn a l o r in te rn a l, w i t h o u t a u th o r iz a tio n . T h i s is t h e p h a s e t h a t a l l o w s t h e p o t e n t i a l a t t a c k e r t o s t r a t e g i z e h i s o r h e r a t t a c k . T h i s m a y t a k e s o m e t im e as th e a tta c k e r w a its t o u n e a r th c ru c ia l in fo r m a tio n . P a rt o f th is re c o n n a is s a n c e m a y

Module 01 Page 40

Ethical Hacking and Countermeasures Copyright by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.

Ethical Hacking and Countermeasures Introduction to Ethical Hacking

Exam 312-50 Certified Ethical Hacker

in v o lv e

" s o c ia l

e n g in e e rin g ."

s o c ia l

e n g in e e r

is

p e rs o n

w ho

s m o o th -ta lk s

p e o p le

in to

re v e a lin g in fo r m a t io n s u c h as u n lis te d p h o n e n u m b e r s , p a s s w o rd s , a n d o t h e r s e n s itiv e d a ta . A n o th e r re c o n n a is s a n c e te c h n iq u e is "d u m p s te r d iv in g ." D u m p s te r d iv in g is t h e p ro ce ss of

lo o k in g t h r o u g h th e

a n o r g a n iz a tio n 's tr a s h f o r d is c a rd e d

s e n s itiv e

in fo rm a tio n . A tta c k e rs can use

In te rn e t to o b ta in

in f o r m a t io n s u c h as e m p lo y e e 's c o n t a c t in f o r m a t io n , b u s in e s s p a r tn e r s ,

t e c h n o l o g i e s in u s e , a n d o t h e r c r i t i c a l b u s i n e s s k n o w l e d g e , b u t " d u m p s t e r d i v i n g " m a y p r o v i d e th e m w ith even m o re s e n s itiv e in fo rm a tio n such as u s e rn a m e s , p a ssw o rd s, c re d it ca rd

s ta te m e n ts , b a n k s ta te m e n ts , A T M

s lip s , s o c ia l s e c u r it y n u m b e r s , t e l e p h o n e

n u m b e r s , a n d so

o n . T h e r e c o n n a is s a n c e t a r g e t ra n g e m a y in c lu d e t h e t a r g e t o r g a n iz a tio n 's c lie n ts , e m p lo y e e s , o p e ra tio n s , n e tw o rk s , a n d s y s te m s . F o r e x a m p le , a W h o is d a ta b a s e can p ro v id e in fo rm a tio n about In te rn e t a d d re sse s, d o m a in

n a m e s , a n d c o n ta c ts .

If a p o t e n t i a l a t t a c k e r o b t a i n s D N S i n f o r m a t i o n f r o m

t h e r e g i s t r a r , a n d is

a b le t o a c c e s s it, h e o r s h e c a n o b t a i n u s e fu l i n f o r m a t i o n s u c h as t h e m a p p i n g o f d o m a i n n a m e s t o IP a d d r e s s e s , m a i l s e r v e r s , a n d h o s t i n f o r m a t i o n r e c o r d s . I t is i m p o r t a n t t h a t a c o m p a n y h a s

a p p r o p r i a t e p o lic ie s t o p r o t e c t its i n f o r m a t i o n a s s e ts , a n d a ls o p r o v id e g u id e lin e s t o its u s e rs o f th e s a m e . B u ild in g u s e r a w a re n e s s o f th e p r e c a u t i o n s t h e y m u s t t a k e in o r d e r t o p ro te c t th e ir

i n f o r m a t i o n a s s e t s is a c r i t i c a l f a c t o r i n t h i s c o n t e x t .

R e c o n n a is s a n c e ^ R e c o n n a is s a n c e

T y p e s can be c a te g o riz e d b ro a d ly in to a c tiv e and p a s s iv e

te c h n iq u e s

re c o n n a is s a n c e . W hen does an a tta c k e r a p p ro a c h e s th e not in te ra c t w ith th e s y s te m a t ta c k u s in g p a s s iv e d ire c tly . T h e re c o n n a is s a n c e te c h n iq u e s , h e o r she uses p u b lic ly a v a ila b le in fo rm a tio n ,

a tta c k e r

s o c ia l e n g in e e r in g , a n d d u m p s t e r d iv in g as a m e a n s o f g a t h e r in g i n f o r m a t i o n . W hen th e a n a tta c k e r e m p lo y s a c tiv e by u s in g to o ls to re c o n n a is s a n c e te c h n iq u e s , open p o rts , a c c e s s ib le he o r sh e trie s to h o s ts , ro u te r in te ra c t w ith n e tw o rk

s y s te m

d e te c t

lo c a tio n s ,

m a p p in g , d e ta ils o f o p e r a tin g s y s te m s , a n d a p p lic a tio n s . The next phase o f a tta c k in g is s c a n n i n g , s c a n n in g f r o m m o re w h ic h a c tiv e is d i s c u s s e d in th e fo llo w in g s e c tio n . Som e

e x p e rts

do

n o t d iffe re n tia te as s c a n n in g

re c o n n a is s a n c e . on th e

H o w e v e r, th e re of th e

is a s l i g h t O fte n

d iffe re n c e

in v o lv e s

in -d e p th

p ro b in g

p a rt

a tta c k e r.

r e c o n n a i s s a n c e a n d s c a n n i n g p h a s e s o v e r l a p , a n d i t is n o t a l w a y s p o s s i b l e t o d e m a r c a t e t h e s e p h a s e s as w a t e r t ig h t c o m p a r tm e n ts . A c tiv e re c o n n a is s a n c e is u s u a lly e m p lo y e d when th e a tta c k e r d is c e rn s th a t th e re is a lo w

p r o b a b ility t h a t th e s e re c o n n a is s a n c e a c tiv itie s w ill b e d e te c te d . N e w b ie s a n d s c rip t k id d ie s a re o ft e n f o u n d a t t e m p t in g th is t o g e t fa s te r, v is ib le re s u lts , a n d s o m e tim e s ju s t f o r t h e b ra g v a lu e th e y can o b ta in . As an e th ic a l and h a ck e r, be a b le you to m ust be a b le to d is tin g u is h am ong in th e th e v a rio u s of re c o n n a is s a n c e th re a ts .

m e th o d s ,

a d v o c a te

p re v e n tiv e

m e a su re s

lig h t

p o te n tia l

C o m p a n ie s , f o r t h e ir

p a rt,

m u s t a d d re s s s e c u rity as a n be e q u ip p e d w ith

in te g ra l

p a rt o f th e ir p ro ce d u re s to

b u s in e s s a n d / o r check fo r such

o p e ra tio n a l s tra te g y , a n d a c tiv itie s .

p r o p e r p o lic ie s a n d

Module 01 Page 41

Ethical Hacking and Countermeasures Copyright by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.

Ethical Hacking and Countermeasures Introduction to Ethical Hacking

Exam 312-50 Certified Ethical Hacker

H a c k in g P h a s e s
( C o n t d )

CEH

P re -A tta c k P h a s e
Scanning refers to the pre-attack phase when the attacker scans th e n e tw o rk fo r specific info rm atio n on the basis o f info rm atio n gathered during reconnaissance

P o rt S c a n n e r

ML

Scanning can include use o f dialers, p o rt scanners, netw ork mappers, ping tools, vulne rab ility scanners, etc.

E x tr a c t In fo rm a tio n
Attackers extract info rm atio n such as live machines, port, p o rt status, OS details, device type, system up tim e, etc. to launch attack

Copyright by EG-G*ancil. All Rights Reserved. Reproduction is Strictly Prohibited.

a c k i n g

h a s e s

( C

o n t d )

S c a n n in g

S c a n n in g a tta c k e r S c a n n in g uses can th e be

is w h a t a n d e ta ils

a tta c k e r does d u rin g

p rio r to

a tta c k in g to

th e

n e tw o rk .

In s c a n n in g , t h e v u ln e ra b ilitie s . re c o n n a is s a n c e .

g a th e re d a

re c o n n a is s a n c e (and

id e n tify o f th e

s p e c ific a c tiv e

c o n s id e re d

lo g ic a l

e x te n s io n

o v e rla p )

O fte n a tta c k e r s u se a u t o m a t e d to o ls s u c h as n e t w o r k / h o s t s c a n n e rs a n d w a r d ia le rs t o lo c a te s y s te m s a n d a t t e m p t t o d is c o v e r v u ln e ra b ilitie s . A n a t ta c k e r c a n g a th e r c ritic a l n e t w o r k in fo rm a tio n s u c h as th e m a p p in g o f s y s te m s , ro u te rs ,

a n d f ir e w a lls b y u s in g s im p le t o o ls s u c h as T r a c e r o u t e . A lt e r n a t iv e ly , t h e y c a n u s e t o o ls s u c h as C h e o p s t o a d d s w e e p in g fu n c tio n a lity a lo n g w ith w h a t T ra c e ro u te re n d e rs . P o rt sca n n ers can be used to d e te c t lis te n in g p o rts to fin d in fo rm a tio n a b o u t th e n a tu re of

s e r v i c e s r u n n i n g o n t h e t a r g e t m a c h i n e . T h e p r i m a r y d e f e n s e t e c h n i q u e i n t h i s r e g a r d is t o s h u t down s e rv ic e s t h a t a re H o w e ve r, n o t re q u ire d . A p p r o p r ia te a tta c k e rs can s till use filte rin g to m a y a ls o b e a d o p t e d th e ru le s as a d e fe n s e fo r

m e c h a n is m . filte rin g . The

to o ls

d e te rm in e

im p le m e n te d

m o s t c o m m o n ly

used

to o ls

a re v u ln e ra b ility s c a n n e rs th a t can

se a rch fo r se v e ra l k n o w n

v u ln e r a b ilit ie s o n a t a r g e t n e t w o r k , a n d c a n p o t e n t i a l l y d e t e c t t h o u s a n d s o f v u ln e r a b ilit ie s . T h is g iv e s t h e a t t a c k e r t h e a d v a n ta g e o f t i m e b e c a u s e h e o r s h e o n ly h a s t o f in d a s in g le m e a n s o f

Module 01 Page 42

Ethical Hacking and Countermeasures Copyright by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.

Ethical Hacking and Countermeasures Introduction to Ethical Hacking

Exam 312-50 Certified Ethical Hacker

e n tr y w h ile th e s y s te m s p ro fe s s io n a l has t o s e c u re m a n y v u ln e ra b le a re a s b y a p p ly in g p a tc h e s . O rg a n iz a tio n s th a t d e p lo y in tru s io n d e te c tio n s y s te m s (ID S e s ) s till have re a so n to w o rry

b e c a u s e a t t a c k e r s c a n u s e e v a s io n t e c h n i q u e s a t b o t h t h e a p p l i c a t i o n a n d n e t w o r k le v e ls .

Module 01 Page 43

Ethical Hacking and Countermeasures Copyright by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.

Ethical Hacking and Countermeasures Introduction to Ethical Hacking

Exam 312-50 Certified Ethical Hacker

H a c k in g P h a s e s

R econn a is s a n c e Gaining access refers to the point where the attacker obtains access to the operating system or applications on the computer or network

CEH

( C o n t d )

A *

The attacker can gain access at the operating system level, application level, or network level

The attacker can escalate privileges to obtain complete control of the system. In the process, intermediate systems that are connected to it are also compromised

Examples include password cracking, buffer overflows, denial of service, session hijacking, etc.

Copyright by EG-G*ancil. All Rights Reserved. Reproduction is Strictly Prohibited.

a c k i n g

h a s e s

( C

o n t d )

I e|

a in in g

A c c e s s

G a i n i n g a c c e s s is t h e m o s t i m p o r t a n t p h a s e o f a n a t t a c k i n t e r m s o f p o t e n t i a l d a m a g e . G a in in g a cce ss re fe rs t o th e p o in t w h e r e th e a tta c k e r o b ta in s a cce ss t o th e o p e r a tin g s y s te m o r a p p lic a tio n s o n t h e c o m p u t e r o r n e t w o r k . T h e a t t a c k e r c a n g a in a c c e s s a t t h e o p e r a t in g s y s te m le v e l, a p p lic a tio n le v e l, or n e tw o rk le v e l. F a c to rs t h a t th e in flu e n c e and th e chances o f an a tta c k e r ta rg e t

g a in in g

access in to

a ta rg e t s y s te m

in c lu d e

a rc h ite c tu re

c o n fig u ra tio n

o f th e

s y s te m , th e

s k ill le v e l o f t h e

p e rp e tra to r, and th e

in itia l le v e l o f a c c e s s o b t a in e d . T h e a tta c k e r o r n e t w o r k . O n c e h e o r s h e g a in s t h e c o n tro l o f th e s y s t e m . In t h e

in itia lly t r ie s t o g a in m in im a l a c c e s s t o t h e t a r g e t s y s te m access, h e o r sh e trie s to e s c a la te p riv ile g e s t o o b ta in

c o m p le te

p ro c e s s , i n t e r m e d i a t e s y s te m s t h a t a re c o n n e c t e d t o it a re a ls o c o m p r o m i s e d . A tta c k e r s n e e d n o t a lw a y s g a in a c c e s s t o t h e s y s te m t o c a u s e d a m a g e . F o r in s ta n c e , d e n ia l- o fs e rv ic e a tta c k s ca n e ith e r e x h a u s t re s o u rc e s o r s to p s e rv ic e s f r o m S to p p in g o f s e rv ic e c a n b e c a rrie d o u t b y k illin g ru n n in g o n th e ta rg e t s y s te m . b o m b , o r even

p ro c e s s e s , u s in g a l o g i c / t i m e

r e c o n fig u r in g a n d c ra s h in g t h e s y s te m . R e s o u rc e s ca n b e e x h a u s te d lo c a lly b y fillin g u p o u tg o in g c o m m u n i c a t i o n lin k s . The e x p lo it can occur lo c a lly , o fflin e , b u ffe r over a LAN or th e In te rn e t as a and d e c e p tio n s e s s io n or th e ft.

E x a m p le s

in c lu d e

s ta c k -b a s e d

o v e rflo w s ,

d e n ia l-o f-s e rv ic e ,

h ija c k in g .

Module 01 Page 44

Ethical Hacking and Countermeasures Copyright by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.

Ethical Hacking and Countermeasures Introduction to Ethical Hacking

Exam 312-50 Certified Ethical Hacker

A tta c k e r s u s e a t e c h n iq u e c a lle d s p o o fin g t o e x p lo it t h e s y s te m b y p r e t e n d in g t o b e s tr a n g e r s o r d iffe r e n t s y s te m s . T h e y can use th is te c h n iq u e to s e n d a m a lfo r m e d th e s to p ta rg e t s y s te m a v a ila b ility of in o r d e r t o th e e x p lo it v u ln e ra b ility . s e rv ic e s . S m u rf P a cke t flo o d in g a tta c k s try to p a c k e t c o n ta in in g a b u g to m ay a be used to re m o te ly fro m th e

e s s e n tia l

e lic it

response

a v a ila b le u s e rs o n a n e t w o r k a n d t h e n use t h e ir le g itim a te a d d re s s t o flo o d th e v ic tim .

Module 01 Page 45

Ethical Hacking and Countermeasures Copyright by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.

Ethical Hacking and Countermeasures Introduction to Ethical Hacking

Exam 312-50 Certified Ethical Hacker

H a c k in g P h a s e s
( C o n t d )

CEH

M a in ta in in g access refers to th e phase w h e n th e a tta cke r trie s to re ta in his o r h e r o w n e rs h ip o f th e system

M &

A ttackers m ay p re ve n t th e system fro m being o w n e d by o th e r attackers by securing th e ir exclusive access w ith Backdoors, R ootKits, o r Trojans

A ttackers can u p lo ad, d o w n lo a d , o r m a n ip u la te da ta, a p p lica tio n s, and c o n fig u ra tio n s on th e o w n e d system

A ttackers use th e co m p ro m ise d system to launch fu r th e r attacks

Copyright by EG-G*ancil. All Rights Reserved. Reproduction Is Strictly Prohibited.

a c k i n g

h a s e s

( C

o n t d )

= r\
M a in t a in in g A c c e s s

O n c e a n a t t a c k e r g a in s a c ce ss t o b o th th e s y s te m and its re so u rce s and

th e ta rg e t s y s te m , th e use th e s y s te m

a tta c k e r can ch o o se to pad to scan

use and

fu rth e r

as a la u n c h

e x p lo it o th e r s y s te m s , o r to k e e p a lo w a c tio n s can dam age th e o rg a n iz a tio n .

p ro file a n d c o n tin u e e x p lo itin g th e s y s te m . B o th th e s e F o r in s ta n c e , th e a tta c k e r can im p le m e n t a s n iffe r to

c a p t u r e a ll n e t w o r k t r a f f i c , i n c l u d i n g t e l n e t a n d f t p s e s s io n s w i t h o t h e r s y s t e m s . A tta c k e rs , w ho choose to re m a in u n d e te c te d , re m o ve e v id e n c e of th e ir e n try and use a

b a c k d o o r o r a T r o ja n t o g a in r e p e a t a c c e s s . T h e y c a n a ls o in s ta ll r o o t k i t s a t t h e g a in super u se r access. T he re a so n b e h in d th is is t h a t ro o tk its g a in access

k e rn e l le v e l to o p e ra tin g

at th e

s y s t e m le v e l w h i le a T r o ja n h o r s e g a in s a c c e s s a t t h e a p p lic a t io n le v e l. B o th r o o t k it s a n d T r o ja n s d e p e n d o n u s e rs t o in s ta ll t h e m . W i t h i n W i n d o w s s y s te m s , m o s t T r o ja n s in s ta ll t h e m s e lv e s as a s e rv ic e a n d ru n as lo c a l s y s te m , w h ic h h a s a d m in is t r a t iv e a cce ss. A tta c k e rs can use T ro ja n h o rs e s to tra n s fe r user nam es, p a ssw o rd s, and even c re d it c a rd

in f o r m a t io n s to re d o n th e s y s te m . T h e y c a n m a in ta in c o n tr o l o v e r t h e ir s y s te m f o r a lo n g t im e b y " h a rd e n in g " th e s y s te m a g a in s t o t h e r a t t a c k e r s , a n d s o m e t i m e s , in t h e p ro ce ss, d o r e n d e r

s o m e d e g re e o f p ro te c tio n to th e s y s te m fr o m

o th e r a tta c k s . T h e y can th e n use th e ir access to

s te a l d a t a , c o n s u m e C PU c y c le s , a n d t r a d e s e n s it iv e i n f o r m a t i o n o r e v e n r e s o r t t o e x t o r t i o n .

Module 01 Page 46

Ethical Hacking and Countermeasures Copyright by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.

Ethical Hacking and Countermeasures Introduction to Ethical Hacking

Exam 312-50 Certified Ethical Hacker

O rg a n iz a tio n s d e te c t

can

use The

in tru s io n la tte r

d e te c tio n is not

s y s te m s

or

d e p lo y

h o n e y p o ts th e

and

h o n e y n e ts has

to th e

in tru d e rs .

th o u g h

re c o m m e n d e d

u n le s s

o rg a n iz a tio n

r e q u ir e d s e c u r ity p r o fe s s io n a l t o le v e ra g e t h e c o n c e p t f o r p r o t e c t io n .

Module 01 Page 47

Ethical Hacking and Countermeasures Copyright by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.

Ethical Hacking and Countermeasures Introduction to Ethical Hacking

Exam 312-50 Certified Ethical Hacker

H a c k in g P h a s e s
( C o n t d )

C o v e rin g tra c k s re fe rs t o th e a c tiv itie s c a rrie d o u t b y a n a tta c k e r to h id e m a lic io u s a c ts

The attacker's in te n tio n s include: C ontin uing access to th e victim 's system. re m a in in g u n n o tic e d and un caugh t, d e le tin g evidence th a t m igh t

T h e a tta c k e r o v e r w r ite s th e s e rv e r, s y s te m , a n d a p p lic a tio n lo g s to a v o id s u s p ic io n

lead to his prosecutio n

O
Clearing Tracks
H a c k i n g P h a s e s ( C o n t d )

le a r in g

T r a c k s

An

a tta c k e r w o u ld

lik e t o

d e s tro y e v id e n c e

o f h is o r h e r p r e s e n c e a n d

a c tiv itie s fo r

v a rio u s re a s o n s s u c h as m a in ta in in g a cce ss a n d e v a d in g p u n itiv e a c tio n . T ro ja n s s u c h as ps o r n e t c a t c o m e in h a n d y f o r a n y a t t a c k e r w h o w a n t s t o d e s t r o y t h e e v i d e n c e f r o m re p la c e th e s y s te m assum ed to have th e lo g file s o r

b i n a r i e s w i t h t h e s a m e . O n c e t h e T r o j a n s a r e in p la c e , t h e a t t a c k e r c a n b e g a in e d to ta l c o n tro l o f th e s y s te m . R o o tk its a re a u to m a te d to o ls th a t a re

d e s ig n e d t o

h id e th e

p r e s e n c e o f t h e a t t a c k e r . B y e x e c u t i n g t h e s c r ip t, a v a r i e t y o f c r itic a l file s

a r e r e p l a c e d w i t h T r o j a n n e d v e r s i o n s , h i d i n g t h e a t t a c k e r in s e c o n d s . O t h e r t e c h n i q u e s i n c l u d e s t e g a n o g r a p h y a n d t u n n e l i n g . S t e g a n o g r a p h y is t h e p r o c e s s o f h i d i n g t h e d a t a , f o r i n s t a n c e in i m a g e s a n d s o u n d f i le s . T u n n e l i n g t a k e s a d v a n t a g e o f t h e t r a n s m i s s i o n p r o t o c o l b y c a r r y i n g o n e p r o t o c o l o v e r a n o t h e r . E v e n t h e e x t r a s p a c e ( e .g ., u n u s e d b i t s ) in t h e TCP a n d co ve r to IP h e a d e r s c a n la u n c h fre s h be u s e d f o r h id in g in fo rm a tio n . A n a tta c k e r can use th e s y s te m as a

a tta c k s a g a in s t o t h e r s y s te m s o r u s e it as a m e a n s o f r e a c h in g a n o t h e r in to a n e w

s y s te m o n th e n e t w o r k w i t h o u t b e in g d e te c te d . T h u s , th is p h a s e o f a tta c k c a n tu r n c y c l e o f a t t a c k b y u s in g r e c o n n a i s s a n c e t e c h n i q u e s a ll o v e r a g a in . T he re have been in s ta n c e s w h e re an a tta c k e r has lu rk e d on a s y s te m even

as

s y s te m

a d m in is t r a t o r s h a v e c h a n g e d . T h e s y s te m a d m in is t r a t io n c a n d e p lo y h o s t - b a s e d ID S e s a n d a n ti-

Module 01 Page 48

Ethical Hacking and Countermeasures Copyright by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.

Ethical Hacking and Countermeasures Introduction to Ethical Hacking

Exam 312-50 Certified Ethical Hacker

v iru s

to o ls

th a t

can

d e te c t T ro ja n s m u s t be a w a re and

and

o th e r

s e e m in g ly

b e n ig n

file s

and

d ire c to rie s .

As

an

e th ic a l h a c k e r, y o u you a re a b le to

o f th e to o ls a n d te c h n iq u e s th a t a tta c k e rs d e p lo y , so th a t c o u n te rm e a s u re s to e n s u re p ro te c tio n . These w ill be

a d v o c a te

ta k e

d e t a i l e d in s u b s e q u e n t m o d u l e s .

Module 01 Page 49

Ethical Hacking and Countermeasures Copyright by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.

Ethical Hacking and Countermeasures Introduction to Ethical Hacking

Exam 312-50 Certified Ethical Hacker

F lo w

CEH
(rtifw l itk itjl

H a c k in g P hases

Typos of A tta c k s

In fo rm a tio n S e c u r ity C o n tro ls

Copyright by EG-G*ancil. All Rights Reserved. Reproduction Is Strictly Prohibited.

d u l e

lo w

So fa r w e d is c u s s e d h o w

i m p o r t a n t i t is f o r a n o r g a n i z a t i o n t o k e e p t h e i r i n f o r m a t i o n

re s o u rc e s s e c u re , v a rio u s s e c u rity th r e a t s a n d a tta c k v e c to rs , h a c k in g c o n c e p ts , a n d t h e h a c k in g p h a s e s . N o w it's t im e t o e x a m in e t h e t e c h n i q u e s o r t h e t y p e o f a t ta c k s t h e a t t a c k e r a d o p t s t o h a ck a s y s te m o r a n e tw o rk .

In fo r m a tio n S e c u rity O v e rv ie w > In fo r m a tio n S e c u rity T h re a ts O a n d A tta c k V e c to rs

H a c k in g P h a s e s

T yp e s o f A tta c k s

H a c k in g C o n c e p ts

In fo r m a tio n S e c u rity C o n tro ls

T h is s e c tio n c o v e r s v a r io u s t y p e s o f a tta c k s s u c h as o p e r a t i n g s y s t e m le v e l a tta c k s .

a tta c k s a n d a p p lic a tio n -

Module 01 Page 50

Ethical Hacking and Countermeasures Copyright by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.

Ethical Hacking and Countermeasures Introduction to Ethical Hacking

Exam 312-50 Certified Ethical Hacker

T y p e s o f A tta c k s o n a S y s te m

A t t a c k e r s e x p lo i t v u l n e r a b i li t i e s in a n i n f o r m a t io n s y s te m t o g a in u n a u t h o r iz e d a c c e s s t o t h e s y s te m r e s o u r c e s

5
5 .

T h e u n a u t h o r iz e d a c c e s s m a y r e s u lt in lo s s , d a m a g e o r t h e f t o f s e n s it iv e i n f o r m a t io n

IIIIIIIIIIIIIIIIIIII
T y p e s o f A tta c k s I
O p e ra tin g S ystem A tta c k s

III

A p p lic a tio n Level A tta c k s

11

M is c o n fig u r a tio n A tta cks

IV

S h rin k W ra p C ode A tta cks

Copyright by EG-G*ancil. All Rights Reserved. Reproduction Is Strictly Prohibited.

T y p e s

f A

t t a c k s

o n

y s t e m

T h e r e a re s e v e ra l w a y s a n a t t a c k e r c a n g a in a c c e s s t o a s y s te m . T h e a t t a c k e r m u s t b e a b le t o e x p l o i t a w e a k n e s s o r v u l n e r a b i l i t y in a s y s t e m : O p e ra tin g s y s te m a tta c k s : A tta c k e rs se a rc h fo r OS v u ln e ra b ilitie s a n d e x p lo it th e m to

g a in a c c e s s t o a n e t w o r k s y s te m . Q A p p lic a tio n -le v e l a tta c k s : S o ftw a re fe a tu re s . T he re is a d e a rth of a p p lic a tio n s c o m e to p e rfo rm w ith m y ria d fu n c tio n a litie s b e fo re and

tim e

c o m p le te

te s tin g

r e le a s in g

p ro d u c ts . T h o s e a p p lic a tio n s h a v e v a rio u s v u ln e ra b ilitie s a n d b e c o m e a s o u rc e o f a tta c k . 0 M is c o n fig u ra tio n a tta c k s : M ost a d m in is tra to rs d o n 't have th e ne ce ssary s k ills to

m a i n t a i n o r f ix is s u e s , w h i c h m a y le a d t o c o n f i g u r a t i o n e r r o r s . S u c h c o n f i g u r a t i o n e r r o r s m a y b e c o m e th e s o u rc e s fo r an a tta c k e r to e n te r in to th e ta rg e t's n e tw o r k o r s y s te m . Q S h rin k w r a p c o d e a tta c k s : O p e ra tin g s y s te m s c rip ts to m ake th e jo b of a d m in is tra to r a p p lic a tio n s c o m e w it h easy, but th e sam e n u m e ro u s s a m p le have v a rio u s

s c rip ts

v u ln e r a b ilit ie s , w h ic h c a n le a d t o s h r in k w r a p c o d e a tta c k s .

Module 01 Page 51

Ethical Hacking and Countermeasures Copyright by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.

Ethical Hacking and Countermeasures Introduction to Ethical Hacking

Exam 312-50 Certified Ethical Hacker

O p e r a tin g S y s te m A tta c k s

CEH

A ttackers search fo r v u ln e ra b ilitie s in an o p e ra tin g system's design, in sta lla tio n or co n fig u ra tio n and e x p lo it th e m to gain access to a n e tw o rk system

B u ffe r o v e rflo w v u ln e ra b ilitie s

Exploiting specific protocol im ple m en tation s Attacking built-in a u th e n tica tio n systems

O O

Bugs in o p e ra tin g system U npa tched o p e ra tin g system

Breaking file-system security Cracking passwords and en cryption mechanisms

G a in in g A c c e s s

Copyright by EG-G*ancil. All Rights Reserved. Reproduction is Strictly Prohibited.

p e

r a t i n

y s t e m

t t a c k s

T o d a y 's o p e r a tin g s y s te m s , w h ic h a re lo a d e d w it h fe a tu r e s , a re in c r e a s in g ly c o m p le x . W h ile u se rs ta k e a d v a n ta g e o f th e s e fe a tu re s , th e s y s te m e n tic in g a tta c k e rs . O p e ra tin g s y s te m s run m any is p r o n e t o m o r e v u l n e r a b i l i t i e s , t h u s such as g ra p h ic a l user in te rfa c e s e x te n s iv e

s e rv ic e s

(G U Is ). T h e s e

s u p p o rts th e

use

o f p o rts

and

m odes

o f access to

th e

In te rn e t, a nd

t w e a k i n g is r e q u i r e d t o l o c k t h e m

d o w n . A tta c k e r s a re c o n s ta n tly lo o k in g f o r O S v u ln e r a b ilit ie s n e tw o r k s y s te m s . T o s to p a tta c k e rs fr o m e n te rin g

so t h a t t h e y c a n e x p lo it a n d g a in a c c e s s t o

th e ir n e tw o rk , th e s y s te m o r n e tw o r k a d m in is tr a to rs

m u s tk e e p a b re a s t o f v a rio u s n e w e x p lo its

a n d m e th o d s a d o p te d by a tta c k e rs a n d m o n ito r th e ir n e tw o rk s c o n tin u o u s ly . M o s t o p e r a t in g s y s te m s ' in s ta lla tio n p r o g r a m s in s ta ll a la rg e n u m b e r o f s e rv ic e s a n d o p e n p o r t s b y d e f a u lt . T h is s it u a t io n le a d s a t t a c k e r s t o s e a rc h f o r v a r io u s v u ln e r a b ilit ie s . A p p ly in g p a t c h e s

a n d h o t f i x e s is n o t e a s y w i t h t o d a y ' s c o m p l e x n e t w o r k s . M o s t p a t c h e s a n d f i x e s t e n d t o s o l v e a n i m m e d i a t e is s u e , b u t t h e y c a n n o t b e c o n s id e r e d a p e r m a n e n t s o lu t io n . S o m e OS v u ln e r a b ilitie s in c lu d e : Q B u ffe r o v e r f lo w v u ln e ra b ilitie s B u g s in t h e o p e r a t i n g s y s t e m U n p a tc h e d o p e ra tin g s y s te m s

Module 01 Page 52

Ethical Hacking and Countermeasures Copyright by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.

Ethical Hacking and Countermeasures Introduction to Ethical Hacking

Exam 312-50 Certified Ethical Hacker

A tta c k s p e r f o r m e d a t t h e O S le v e l in c lu d e : Q Q Q E x p lo itin g s p e c ific n e t w o r k p r o t o c o l i m p le m e n t a t io n s A tta c k in g b u ilt-in a u th e n tic a tio n s y s te m s B re a k in g file s y s te m s e c u rity C ra c k in g p a s s w o r d s a n d e n c r y p t io n m e c h a n is m s

Module 01 Page 53

Ethical Hacking and Countermeasures Copyright by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.

Ethical Hacking and Countermeasures Introduction to Ethical Hacking

Exam 312-50 Certified Ethical Hacker

M is c o n fig u r a tio n A tta c k s

CEH

If a system is m is c o n fig u re d , such as a change is m ade in th e file perm ission, it can no long er be considered secure

M is c o n fig u ra tio n v u ln e ra b ilitie s affect w eb servers, ap p lica tio n platform s, databases, ne tw orks, o r fra m e w o rks th a t may re sult in illega l access o r possible o w n in g o f th e system

The a d m in is tra to rs are expected to change th e c o n fig u ra tio n o f th e devices be fore th e y are de ployed in th e n e tw o rk. Failure to do th is allow s th e d e fa u lt settings to be used to attack th e system

In o rd e r to o p tim ize th e co n fig u ra tio n o f th e m achine, re m ove any re d u n d a n t services o r s o ftw a re

Copyright by EG-G*ancil. All Rights Reserved. Reproduction Is Strictly Prohibited.

i s c o

f i g

r a

t i o

t t a c k s

M is c o n fig u r a tio n v u ln e ra b ilitie s a ffe c t w e b s e rv e rs , a p p lic a tio n p la tfo rm s , d a ta b a s e s , n e t w o r k s , o r f r a m e w o r k s t h a t m a y r e s u l t in i l l e g a l a c c e s s o r p o s s i b l e o w n i n g o f t h e s y s t e m . If a s y s t e m is m i s c o n f i g u r e d , s u c h a s w h e n a c h a n g e is m a d e i n t h e f i l e p e r m i s s i o n , i t c a n n o l o n g e r b e c o n s id e re d b e fo re th e y s e c u re . A d m in is tra to r s a re e x p e c te d to c h a n g e th e c o n fig u r a tio n d e p lo y e d in t h e n e tw o rk . F a ilu re t o d o th is a llo w s th e o f t h e d e v ic e s be

a re

d e fa u lt s e ttin g s t o

u s e d t o a t t a c k t h e s y s t e m . In o r d e r t o o p t i m i z e t h e c o n f i g u r a t i o n o f t h e r e d u n d a n t s e rv ic e s o r s o ftw a re .

m a c h in e , r e m o v e a n y

Module 01 Page 54

Ethical Hacking and Countermeasures Copyright by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.

Ethical Hacking and Countermeasures Introduction to Ethical Hacking

Exam 312-50 Certified Ethical Hacker

A p p lic a tio n -L e v e l A tta c k s


0

CEH
0

A tta c k e rs e x p lo it th e v u ln e r a b ilitie s in a p p lic a tio n s r u n n in g o n o r g a n iz a tio n s ' in fo r m a t io n s y s te m to g a in u n a u th o r iz e d a cce ss a n d s te a l o r m a n ip u la te d a ta

P oor o r n o n e x is te n t e r ro r ch e c kin g in a p p lic a tio n s leads to : 9 Buffer overflow attacks

O th e r a p p lic a tio n -le v e l a ttacks in clu d e :


9

Phishing Session hijacking Man-in-the-middle attack Parameter/form tampering Directory traversal attacks

9 Sensitive inform ation disclosure 9 Cross-site scripting 9 Session hijacking and man-in-themiddle attacks
9

9 9 9
9

Denial-of-service attacks

9 SQL injection attacks 0 0 0 0

Copyright by EG-G*ancil. All Rights Reserved. Reproduction is Strictly Prohibited.

l i c a

t i o

- l e

v e

t t a c k s

A p p lic a tio n s a re

b e in g

re le a s e d

w ith

m ore

fe a tu re s and

m o re

c o m p le x c o d in g . W it h

t h i s in c r e a s e d d e m a n d in f u n c t i o n a l i t y a n d f e a t u r e s , d e v e l o p e r s g e n e r a l l y o v e r l o o k t h e s e c u r i t y o f t h e a p p lic a t io n , w h i c h g iv e s ris e t o v u l n e r a b i l i t i e s in a p p lic a t io n s . A t t a c k e r s f in d a n d e x p l o i t t h e s e v u l n e r a b i l i t i e s in t h e a p p lic a tio n s u s in g d if f e r e n t t o o ls a n d t e c h n iq u e s . T h e a p p lic a tio n s

a re v u ln e ra b le to a tta c k b e c a u s e o f th e fo llo w in g re a so n s: 0 0 0 0 S o ftw a re d e v e lo p e rs h a v e t ig h t s c h e d u le s t o d e liv e r p ro d u c ts o n tim e S o ftw a re a p p lic a tio n s c o m e w ith a m u lt it u d e o f fe a tu r e s a n d fu n c t io n a lit ie s T h e r e is a d e a r t h o f t i m e t o p e r f o r m c o m p l e t e t e s t i n g b e f o r e r e l e a s i n g p r o d u c t s S e c u r i t y is o f t e n a n a f t e r t h o u g h t , a n d f r e q u e n t l y d e l i v e r e d a s a n " a d d - o n " c o m p o n e n t

P o o r o r n o n e x i s t e n t e r r o r c h e c k i n g in a p p l i c a t i o n s le a d s t o : 0 0 0 0 B u ffe r o v e rflo w a tta c k s A c tiv e c o n te n t C ro s s -s ite s c r ip tin g D e n ia l- o f-s e rv ic e a n d SYN a tta c k s

Module 01 Page 55

Ethical Hacking and Countermeasures Copyright by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.

Ethical Hacking and Countermeasures Introduction to Ethical Hacking

Exam 312-50 Certified Ethical Hacker

Q Q

SQL in je c tio n a tta c k s M a lic io u s b o ts

O th e r a p p lic a tio n - le v e l a tta c k s in c lu d e : Q e e 0 P h is h in g S e s s io n h ija c k in g M a n - in - th e - m id d le a tta c k s P a ra m e te r/fo rm ta m p e rin g D ir e c to r y tra v e rs a l a tta c k s

Module 01 Page 56

Ethical Hacking and Countermeasures Copyright by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.

Ethical Hacking and Countermeasures Introduction to Ethical Hacking

Exam 312-50 Certified Ethical Hacker

E x a m p le s o f A p p lic a t io n - L e v e l A tta c k s
S e s s io n H ij a c k i n g V u ln e ra b le C ode
< configuration>
< s y s te m .w e b >

CEH

S ecure Code
< configuration> <system.web> Attacker may exploit session inform ation in the vulnerable code to perform session hijacking 3n> a u t h e n t ic a t io n mode="Forn The code can be secured by <forms c o o k i e l e s s = " U s e C o o k i e s " > using
U s e C o o k ie s

a u t h e n t ic a t io n mode="Forms"> <forms co o k ie ie ss = "U se U ri"> </system.web> < /co nfig ura tion >

</system.web> < /co nfig uration >

instead of
U seU ri

D e n ia l- o f- S e r v ic e V u ln e ra b le C ode
S ta te m e n t stm n t c o n n . c r e a te S ta te m e n t R e s u ltS e t r s l t s e t s t m n t .c lo s e (); s tm n t .e x e c u t e Q u e r y < ); < ); s t m n t .e x e c u t e Q u e r y fin a lly { (); )

S ecure Code
S ta te m e n t stm n t; tr y { s tm n t c o n n . c r e a t e S t a t e m e n t ();

I f (stmnt! n u ll) The code below is vulnerable to denial-ofservice attack, as it fails to release connection resource

t r y { stm n t.clo s e (); } c atch (SQLException sqlexp) { } } c atch (SQLException sqlexp) { )

i f

The code can be secured by releasing the resources in a finally block

Note: For m o re in fo rm a tio n a b o u t a p p lica tio n v u ln e ra b ilitie s and h o w to fix th e m a tten d EC-Council's ECSP program Copyright by EG-G*ancil. All Rights Reserved. Reproduction is Strictly Prohibited.

x a m

p le s

f A

l i c a

t i o

- L

v e

l A

t t a c k s

S e s s io n

ija c k in g

A tta c k e r s m a y e x p lo it s e s s io n in f o r m a t io n

in t h e v u l n e r a b l e c o d e t o

p e rfo rm

s e s s io n

h ija c k in g w h e n y o u e n a b l e c o o k ie le s s a u t h e n t i c a t i o n in y o u r a p p lic a t io n . W h e n t h e t a r g e t t r ie s to b ro w s e th ro u g h a URL, th e s e s s io n to g iv e or a u th e n tic a tio n to th e URL to k e n a p p e a rs by in th e th e re q u e st H e re, URL an

in s te a d

o f th e

s e cu re

c o o k ie ,

access

re q u e s te d

ta rg e t.

a t t a c k e r u s i n g h is o r h e r s k ills a n d m o n i t o r i n g t o o l s c a n h i j a c k t h e t a r g e t s s e s s io n a n d s t e a l a ll s e n s itiv e in fo r m a tio n . V u ln e ra b le C o d e A t t a c k e r s m a y e x p lo it s e s s io n i n f o r m a t i o n in t h e v u l n e r a b l e c o d e t o p e rfo rm s e s s io n h ija c k in g .

Module 01 Page 57

Ethical Hacking and Countermeasures Copyright by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.

Ethical Hacking and Countermeasures Introduction to Ethical Hacking

Exam 312-50 Certified Ethical Hacker

< c o n f ig u r a tio n >


< s y s te m .w e b > < a u th e n t ic a tio n m o d e = "F o rm s ">

4r 4

< fo rm s

c o o k ie le s s = " U s e U r i" >

< /s y s te m .w e b > < /c o n fig u r a tio n >

TABLE 1.1: S ession H ija c k in g V u ln e ra b le C ode

S e cu re C ode T h e c o d e c a n b e s e c u r e d b y u s in g U s e C o o k ie s in s t e a d o f U s e L J ri. < c o n fig u r a tio n > < s y s te m .w e b > < a u th e n t ic a tio n < fo rm s m o d e = "F o rm s ">

c o o k ie le s s = " U s e C o o k ie s ">

< /s y s te m .w e b > < /c o n f ig u r a tio n >

TABLE 1.2: S ession H ija c k in g S ecure C ode

D e n ia l- o f- S e r v ic e

V u ln e ra b le C o d e The code th a t fo llo w s is v u ln e ra b le to a d e n ia l-o f-s e rv ic e a tta c k , as it fa ils to re le a s e a

c o n n e c tio n re s o u rc e .

S ta te m e n t R e s u lt S e t

s tm n t = r s lts e t ();

c o n n . c re a te S ta te m e n t = s tm n t.e x e c u te Q u e ry

(); ();

s t m n t.c lo s e

TABLE 1.3: D e n ia l-o f-S e rv ic e V u ln e ra b le C ode

S e cu re C ode T h e c o d e c a n b e s e c u r e d b y r e l e a s in g t h e r e s o u r c e s in a f i n a l l y b lo c k .

Module 01 Page 58

Ethical Hacking and Countermeasures Copyright by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.

Ethical Hacking and Countermeasures Introduction to Ethical Hacking

Exam 312-50 Certified Ethical Hacker

S ta te m e n t s t m n t ; try { s tm n t = c o n n .c r e a te S ta te m e n t (); } ();

3
4

s tm n t.e x e c u te Q u e r y fin a lly


I f try } }

{
= n u ll) { (); s q le x p ) s q le x p ) { { } }

5
6 7 8

(s tm n t! {

s tm n t.c lo s e

c a tc h c a tc h

( S Q L E x c e p t io n ( S Q L E x c e p t io n

TABLE 1.4: D e n ia l-o f-S e rv ic e S ecure C ode

Module 01 Page 59

Ethical Hacking and Countermeasures Copyright by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.

Ethical Hacking a n d C o u n te rm e a s u re s In tro d u c tio n to Ethical H acking

Exam 3 1 2 -5 0 C ertified Ethical H acker

S h r in k W r a p

C o d e

A tta c k s

C E H

Copyright by EG-G*ancil. All Rights Reserved. Reproduction Is Strictly Prohibited.

l iiB

S h r in k W r a p

C o d e A tta c k s

W hen you install an O S /a p plicatio n , it comes w ith many sample scripts to make the a d m in istra to r's life easy. Q The problem is "n o t fin e tu n in g " or custom izing these scripts This w ill lead to d e fa u lt code or sh rin k w ra p code attacks

Code fo r sh rin k w ra p s code attacks

M o d u le 0 1 P ag e 60

Ethical H acking a n d C o u n te rm e a s u re s C opyright by EC-C0UnCil All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .

Ethical Hacking a n d C o u n te rm e a s u re s In tro d u c tio n to Ethical H acking

Exam 3 1 2 -5 0 C ertified Ethical H acker

01522 01523 01524 01525 01526 01527 01528 01529 01530 01531 01532 01533 01534 01535 01536 01537 01538 01539 01540 01541 01542 01543 01544 01545 01546 01547 01548 01549 01550

P iirtk F D im D l D u D iik

1 w i n (l u ^ L lQ u o t* C o u n t lc o v n t sC h ar sP r v C h a r

m ( B v V a l1 L m .\1 S trin g ) A t S tring As Long As Long As Sc r in g As S tr i n g


is e com m ent

' S t e r t s 1* n t h R em i t s L i n t T r 1 ( s L 1n )

If

L ft< s L 1n , C l& nU pL 1 n

3) "Ram* T h e n "*

E x it F u n c tio n E nd I f ' S ta r ts w ith i t i s 4 - II t L L e*t t f t ( s L i n , 1) C l* l * . nU pL1 n Exxi t it F u n c tio n t E nd I f

com m ent

Th*n

' C o n t a i n s * m i y * re f m e body o f e s tr in g ~ I t I n S t r ( s L i n , 0 < ( * T h * n s P r v C h ax 1 Q u o tC o u n t 0 -F o r l c o v n t 1 To L n ( s L 1 n ) fC h r H1 d ( s L 1 n t , 1 c o u n t , I f m


fo u n d th e n e n ' m eens i t i s th e s t e r t o f p e rt o f e s tr in g

30

t+ s t

i f

it

is

c o u m r( o r m

th e

1) vnnum ber
e o f "c h t r e c t e r s m fr o n t c o m m e n t .e n d o d d n u m b e rM eans i t xs

01 SSI
01552 01553 01554

01555
01556 01557 01558 01559 01560 01561 01562 01563 01564 01565 01566

s C h a r A nd s P r v C h * r T h n r I f 1 0 u o t C o u n t n o d 2 0 T h e n s L i n * T r i a ( L f t < sL 1 n , l c o v n t - 1 ) ) E x it For L ln d I f - l l s I f sC h ar T h e n lQ u o t C o u n t lO u o tC o u n t 1 L In d I f sP ra v C h a r * *C har N ax t 1c o u n t 1 En d I f C l a n U p L ln s L l n In d F u n c tio n

rI f

FIGURE 1.3: S h rin k W ra p s C ode

M o d u le 0 1 P ag e 61

Ethical H acking a n d C o u n te rm e a s u re s C opyright by EC-C0UnCil All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .

Ethical Hacking a n d C o u n te rm e a s u re s In tro d u c tio n to Ethical H acking

Exam 3 1 2 -5 0 C ertified Ethical H acker

F lo w

C E H
(rtifwd itkitjl

Hacking Phases

^/ Types o f A tta cks

Inform ation S ecurity Controls

Copyright by EG-G*ancil. All Rights Reserved. Reproduction Is Strictly Prohibited.

M o d u le In the

flo w section, we discussed how an a ttacker can com prom ise an

previous

in fo rm a tio n system and w h a t type o f attacks an a ttacker can perform . Now, we w ill discuss in fo rm a tio n se curity co n tro ls. In fo rm a tio n security co ntrols p re ve n t u n w a n te d events fro m occurring and reduces the risk to the in fo rm a tio n assets o f the organization w ith se curity policies.

In fo rm a tio n S ecurity O vervie w s ' In fo rm a tio n S ecurity Threats and A tta ck V ectors Hacking Concepts * 5OL

Hacking Phases

Types o f A ttacks

In fo rm a tio n S ecurity C ontrols

This section highlights the im portance o f ethical hacking and discusses various se curity policies.

M o d u le 0 1 P ag e 62

Ethical H acking a n d C o u n te rm e a s u re s C opyright by EC-C0UnCil All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .

Ethical Hacking a n d C o u n te rm e a s u re s In tro d u c tio n to Ethical H acking

Exam 3 1 2 -5 0 C ertified Ethical H acker

W h y E t h ic a l H a c k in g

is N e c e s s a r y

To beat a hacker, you need to think like one!


E th ic a l h a c k in g is n e c e s s a ry b e c a u s e it a llo w s t h e c o u n te r in g o f a tta c k s fr o m m a lic io u s h a c k e rs b y a n tic ip a tin g m e th o d s th e y can use to b re a k in to a s y s te m

Reasons why Organizations Recruit Ethical Hackers


To prevent hackers from gaining access to information breaches To fight against terrorism and national security breaches To build a system that avoids hackers from penetrating To test if organization's security settings are in fact secure

Ethical Hackers Try to Answer the Following Questions


What can the intruder see on the target system? (Reconnaissance and Scanning phases) What can an intruder do with that information? (Gaining Access and Maintaining Access phases) Does anyone at the target notice the intruders' attempts or successes? (Reconnaissance and Covering Tracks phases) If all the components of information system are adequately protected, updated, and patched How much effort, time, and money is required to obtain adequate protection? Does the information security measures are in compliance to industry and legal standards?

|}>

Copyright by EG-G*ancil. All Rights Reserved. Reproduction is Strictly Prohibited.

W h y E th ic a l H a c k in g

Is N e c e s s a ry

There is rapid g ro w th in technology, so th e re is g ro w th in the risks associated w ith the technology. Ethical hacking helps to p re d ic t the various possible v u ln e ra b ilitie s w ell in advance and re ctify the m w ith o u t incurring any kind o f attack fro m outsiders. Ethical Hacking: As hacking involves creative thinking , v u ln e ra b ility te s tin g and se curity audits cannot ensure th a t the n e tw o rk is secure. Q D efense-in-D epth S trategy: and expose them . 0 C ounter th e A ttacks: Ethical hacking is necessary because it allows co un terin g o f attacks fro m m alicious hackers by a n tic ip a tin g m e tho d s th e y can use to break in to a system. To achieve this, organizations need to im p le m e n t a

"d e fe n s e -in -d e p th " strategy by p en e tratin g th e ir netw orks to e stim a te v u ln e ra b ilitie s

M o d u le 0 1 P ag e 63

Ethical H acking a n d C o u n te rm e a s u re s C opyright by EC-C0UnCil All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .

Ethical Hacking a n d C o u n te rm e a s u re s In tro d u c tio n to Ethical H acking

Exam 3 1 2 -5 0 C ertified Ethical H acker

S c o p e

a n d

L im ita tio n s

o f E th ic a l

H a c k in g

C E H

Scope
Ethical hacking is a crucial com ponent o f risk assessment, au diting, c ou nterfrau d, best practices, and good governance It is used to id e n tify risks and highlight th e rem edial actions, and also reduces info rm atio n and com m unications technology (ICT) costs by resolving those vulnerabilities

'G

tJ

Limitations
However, unless the businesses first know w hat it is at th a t they are looking fo r and why they are hiring an outside ven dor to hack systems in the first place, chances are there w ould no t be much to gain fro m the experience An ethical hacker thus can only help the organization to be tter understand th e ir security system, but it is up to the organization to place the righ t guards on the netw ork

Copyright by EG-G*ancil. All Rights Reserved. Reproduction Is Strictly Prohibited.

S c o p e a n d L im ita tio n s w ell. S cope

o f E t h ic a l H a c k in g

Ethical hacking has a scope, and th e re are various lim ita tio n s o f ethical hacking, as

The fo llo w in g is the scope o f ethical hacking: Q Ethical hacking is a crucial co m p on e nt o f risk assessment, a u d itin g , co u n te r fra u d , best practices, and good governance. It is used to id e n tify risks and h ig hligh t rem edial actions, and it reduces in fo rm a tio n and c o m m u n ica tio n s te ch n o lo g y (ICT) costs by resolving those vu ln erabilities. L im it a t io n s

e
Q

The fo llo w in g are th e lim ita tio n s o f ethical hacking: Unless businesses firs t know w h a t it is th e y are looking fo r and w hy the y are hiring an outside ve nd o r to hack systems in the firs t place; chances are th a t th e re w ill not be much to gain fro m the experience. An ethical hacker th e re fo re can help the organization only to b e tte r understand th e ir se curity system , b ut it is up to the organization to im p le m e n t the rig h t safeguards on the netw ork.

M o d u le 0 1 P ag e 64

Ethical H acking a n d C o u n te rm e a s u re s C opyright by EC-C0UnCil All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .

Ethical Hacking a n d C o u n te rm e a s u re s In tro d u c tio n to Ethical H acking

Exam 3 1 2 -5 0 C ertified Ethical H acker

S k ills

o f a n

E t h ic a l H a c k e r

C w tM M IthK Jl lU c k *

C E H

P la tfo r m K n o w le d g e

Has in-d epth know ledge o f m a jo r operating en vironm ents, such as W indow s, Unix, and Linux

N e t w o r k K n o w le d g e

Has in-d epth know ledge o f n e tw o rkin g concepts, technologies and related hardw are and softw a re

C o m p u te r E x p e r t

Should be a com p u te r exp ert ad ept at technical dom ains

S e c u r ity K n o w le d g e

Has know ledge o f security areas and related issues

T e c h n ic a l K n o w le d g e

Has "h ig h te ch n ica l" know ledge to launch th e sophisticated attacks

Copyright by EG-G*ancil. All Rights Reserved. Reproduction is Strictly Prohibited.

S k ills o f a n E th ic a l H a c k e r Ethical hacking is the legal hacking p erfo rm ed by pen te ste r to fin d v u ln e ra b ilitie s in the in fo rm a tio n technology e nviron m e n t. In o rd er to p e rfo rm ethical hacking, the ethical hacker requires the skills o f a co m p u te r expert. Ethical hackers should also have strong c o m p u te r know ledge including p ro g ra m m in g and n e tw o rk in g . They should be p ro ficie n t at installing and m aintaining systems using popular operating systems (e.g. UNIX, W indow s, or Linux). Detailed know ledge o f h ard w a re and s o ftw a re provided by popular co m p u te r and netw o rkin g hardw are vendors co m p lem en t this basic know ledge. It is n ot always necessary th a t ethical hackers possess any a dditional specialization in security. However, it is an advantage to know how various systems m aintain th e ir security. M a n a g e m e n t skills p ertaining to these systems are necessary fo r actual vu ln e ra b ility testin g and fo r preparing the re p o rt a fte r the testin g is carried out. An ethical hacker should possess im m ense patience as the analysis stage consumes m ore tim e than the testing stage. The tim e fra m e fo r an evaluation may va ry fro m a fe w days to several weeks, depending on the nature o f the task. W hen an ethical hacker encounters a system w ith w hich he or she is n ot fam ilia r, it is im perative th e person takes the tim e to learn everything about the system and try to find its v u ln e ra b le spots.

M o d u le 0 1 P ag e 65

Ethical H acking a n d C o u n te rm e a s u re s C opyright by EC-C0UnCil All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .

Ethical Hacking a n d C o u n te rm e a s u re s In tro d u c tio n to Ethical H acking

Exam 3 1 2-50 C ertified Ethical H acker

D e fe n s e i n D e p th M u ltip le defense-in-depth counterm easures are taken to p ro te c t in fo rm a tio n assets o f a com pany. The strategy is based on the m ilita ry principle th a t it is m ore d iffic u lt fo r an enem y to defeat a com plex and m u lti-la y e re d defense system than to penetrate a single barrier. If a hacker gains access to a system, defense-in-depth m inim izes the adverse im pact and gives a dm inistrato rs and engineers tim e to deploy new o r updated counterm easures to p revent a recurrence. Q Defense-in-depth is a security strategy in w hich several p ro te c tio n layers are placed th ro u g h o u t an in fo rm a tio n system. It helps to prevent d ire ct attacks against an in fo rm a tio n system and data because a break in one layer only leads the a ttacker to the next layer.

M o d u le 0 1 P ag e 66

Ethical H acking a n d C o u n te rm e a s u re s C opyright by EC-C0UnCil All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .

Ethical Hacking a n d C o u n te rm e a s u re s In tro d u c tio n to Ethical H acking

Exam 3 1 2 -5 0 C ertified Ethical H acker

D efense in D epth L a ye rs
FIGURE 1.4: D e fe n se in D e p th Layers D ia g ra m

M o d u le 0 1 P ag e 67

Ethical H acking a n d C o u n te rm e a s u re s C opyright by EC-C0UnCil All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .

Ethical Hacking a n d C o u n te rm e a s u re s In tro d u c tio n to Ethical H acking

Exam 3 1 2 -5 0 C ertified Ethical H acker

In c id e n t M a n a g e m e n t P r o c e s s
~i 1 1 --- 3
Incid ent m a nagem ent is a set o f defined processes to id e n tify , analyze, p rio ritiz e , and resolve s e c u rity inc id e n ts to restore n o rm a l service o p e ra tio n s as q u ickly as possible and prevent fu tu re reoccurrence o f th e in c id e n t 4 Meets service availability requirements Increases staff efficiency and productivity Improves user/customer satisfaction Assists in handling future incidents 3 2 Pro-active problem resolution 1 Improves service quality

U rtifw l tthK Jl lU c k *

CEH

<9J Purpose of incident management process

Reduces impact of incidents on business/organization

a
a a a

/
7

Copyright by EG-G*ancil. All Rights Reserved. Reproduction is Strictly Prohibited.

* ,'3
^

In c id e n t M a n a g e m e n t P ro c e s s

Incident m anagem ent is a set o f defined processes to id e ntify, analyze, p rio ritize , and

resolve security incidents to restore the system to norm al service operations as soon as possible and p revent the recurrence o f the same incident. The purpose o f th e in cid en t m anagem ent process: Q Q Q 0 e Q Q Im proves service qua lity Pro-active problem resolution Reduces im pact o f incidents on business/organization M eets service a vailability requirem ents Increases staff efficiency and p ro d u ctivity Im proves u ser/cu sto m er satisfaction Assists in handling fu tu re incidents

M o d u le 0 1 P ag e 68

Ethical H acking a n d C o u n te rm e a s u re s C opyright by EC-C0linCil All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .

Ethical Hacking a n d C o u n te rm e a s u re s In tro d u c tio n to Ethical H acking

Exam 3 1 2 -5 0 C ertified Ethical H acker

In c id e n t M a n a g e m e n t P r o c e s s
( C o n t 'd )

E H

, f \S N ',ha * 'ft eW % %

r lr

Copyright by EG-G*ancil. All Rights Reserved. Reproduction Is Strictly Prohibited.

In c id e n t M a n a g e m e n t P ro c e s s (C o n td ) Incident m anagem ent is the process o f logging, recording, and resolving incidents th a t take place in the organization. The incident may occur due to fa u lt, service degradation, error, etc. The incidents are re p orte d by users, technical staff, or som etim es detected auto m a tically by event m o n ito rin g to o ls. The main objective o f the in cident m anagem ent process is to restore the service to a norm al stage as early as possible to custom ers, w hile m aintaining a vailability and q u a lity o f service. Any occurrence o f the in cident in an organization is handled and resolved by fo llo w in g these incident m anagem ent steps: 0 0 0 0 0 0 0 0 Preparation fo r Incident Handling and Response D etection and Analysis Classification and P rioritization N o tifica tion C ontainm ent Forensic Investigation Eradication and Recovery P ost-incident A ctivities

M o d u le 0 1 P ag e 69

Ethical H acking a n d C o u n te rm e a s u re s C opyright by EC-C0UnCil All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .

Ethical Hacking a n d C o u n te rm e a s u re s In tro d u c tio n to Ethical H acking

Exam 3 1 2-50 C ertified Ethical H acker

In f o r m a t io n S e c u r it y P o lic ie s
J J S e c u rity p o lic ie s a re th e fo u n d a tio n o f th e s e c u r ity in f r a s t r u c t u r e A s e c u rity p o lic y is a d o c u m e n t o r s e t o f d o c u m e n ts th a t d e s c rib e s t h e s e c u r ity c o n tr o ls th a t w ill be im p le m e n te d in th e c o m p a n y a t a h ig h le v e l

G oals o f S e c u rity P o licie s

&

M aintain an outline fo r the management and adm inistration of netw ork security

Prevent unauthorized m odifications of the data Reduce risks caused by illegal use of the system resource, loss of sensitive, confidential data, and potential property

Protection of organization's com puting resources

Elim ination o f legal lia b ility from employees or th ird parties

D ifferentiate the user's access rights

Ensure customers' integrity and prevent waste o f company com puting resources

Protect confidential, proprietary inform ation fro m th e ft, misuse, unauthorized disclosure

Copyright by EG-G*ancil. All Rights Reserved. Reproduction is Strictly Prohibited.

In fo r m a tio n

S e c u r ity P o lic ie s

A security policy is a docum ent or set o f docum ents th a t describes the security co ntrols th a t should be im p le m e n te d in the com pany at a high level fo r safeguarding the organizational n e tw o rk fro m inside and outside attacks. This d ocu m e n t defines the com plete security arch itectu re o f an organization and the d ocum ent includes clear objectives, goals, rules and regulations, fo rm a l procedures, and so on. It clearly m entions the assets to be protected and the person w ho can log in and access sites, w ho can vie w the selected data, as w ell as the people w ho are allow ed to change the data, etc. W ith o u t these policies, it is im possible to p ro te c t the com pany fro m possible lawsuits, lost revenue, and so on. Security policies are the fo u n d a tio n o f the se curity in fra s tru c tu re . These policies secure and safeguard the in fo rm a tio n resources o f an organization and provide legal p ro te ctio n to the organization. These policies are beneficial since th e y help bring awareness o f the s ta ff w orking in the organization to w o rk to g e th e r to secure its co m m unication, as w ell as m inim izing the risks o f security weaknesses throu g h "h u m a n -fa c to r" mistakes such as disclosing sensitive in fo rm a tio n to unauthorized o r unknow n sources, im p ro p e r use o f Inte rn e t, etc. In a dd ition, these policies provide p ro te ctio n against cyber-attacks, m alicious threats, foreign intelligence, and so on. They m ainly address physical security, n e tw o rk security, access authorizations, virus p ro te ctio n , and disaster recovery.

M o d u le 0 1 P ag e 70

Ethical H acking a n d C o u n te rm e a s u re s C opyright by EC-C0UnCil All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .

Ethical Hacking a n d C o u n te rm e a s u re s In tro d u c tio n to Ethical H acking

Exam 3 1 2 -5 0 C ertified Ethical H acker

The goals o f se curity policies include: 0 0 0 0 0 0 M a in tain an o u tlin e fo r the m anagem ent and a dm in istra tio n o f n e tw o rk security P rotection o f organization's co m p utin g resources E lim in a tio n o f legal lia b ility fro m em ployees or th ird parties Ensure custom ers' in te g rity and prevent wasting o f com pany co m p utin g resources P revent u n a u th o rize d m o d ific a tio n s o f data Reduce risks caused by illegal use o f the system resources and loss o f sensitive, co nfid e ntia l data and p ote n tia l p ro p e rty 0 0 D iffe re n tia te a user's access rights P rotect confid e ntia l, p ro p rie ta ry in fo rm a tio n fro m disclosure th e ft, misuse, or u n a u th o rize d

M o d u le 0 1 P ag e 71

Ethical H acking a n d C o u n te rm e a s u re s C opyright by EC-C0UnCil All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .

Ethical Hacking a n d C o u n te rm e a s u re s In tro d u c tio n to Ethical H acking

Exam 3 1 2 -5 0 C ertified Ethical H acker

C la s s ific a tio n

o f S e c u r ity

P o lic ie s

C E H

User Policy <30<5X5X3


Defines what kind of user is using the network Defines the limitations that are applied on users to secure the network Ex: Password management policy

Issue Specific Policies


9 Recognize specific areas of concern and describe the organization's status for top level management 9 Ex: Physical security policy, personnel security policy, communications security

IT Policy
Designed for IT department to keep the network secure and stable

w Ex: Backup policies, server configuration, patch update, and modification policies, firewall policies

Partner Policy
Policy that is defined among a group of partners e

General Policies
Defines the responsibility for general business purposes Ex: High level program policy, business continuity plans, crisis management, disaster recovery

Copyright by EG-GlOOCil. All Rights Reserved. Reproduction Is Strictly Prohibited.

C la s s ific a tio n

o f S e c u r ity P o lic ie s

Security policies are sets o f policies th a t are developed to p ro te ct or safeguard a com pany's in fo rm a tio n assets, netw orks, etc. These policies are applicable to users, IT departm ents, organization, and so on. For effe ctive security m anagem ent, security policies are classified in to five d iffe re n t areas: IU s e r P o lic y 0 0 0 Defines w h a t kind o f user is using the n e tw o rk Defines the lim ita tio n s th a t are applied on users to secure the n e tw o rk Ex: Password M anagem ent Policy I T P o lic y Designed fo r an IT d e p a rtm e n t to keep th e n e tw o rk secure and stable Ex: backup policies, server co nfig u ra tion , patch updates, m o d ifica tio n policies, fire w a ll policies G e n e r a l P o lic ie s ^ Define th e responsibility fo r general business purposes

M o d u le 0 1 P ag e 72

Ethical H acking a n d C o u n te rm e a s u re s C opyright by EC-C0UnCil All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .

Ethical Hacking a n d C o u n te rm e a s u re s In tro d u c tio n to Ethical H acking

Exam 3 1 2-50 C ertified Ethical H acker

Ex: high-level program policy, business c o n tin u ity plans, crisis m anagem ent, disaster recovery P a r tn e r P o lic y Policy th a t is defined among a group o f partners ^ x I s s u e - s p e c ific P o lic ie s Recognize specific areas o f concern and describe the organization's status fo r to p level m anagem ent Ex: physical security policy, personnel security policy, com m unications security

M o d u le 0 1 P ag e 73

Ethical H acking a n d C o u n te rm e a s u re s C opyright by EC-C0UnCil All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .

Ethical Hacking a n d C o u n te rm e a s u re s In tro d u c tio n to Ethical H acking

Exam 3 1 2 -5 0 C ertified Ethical H acker

S tru c tu re S e c u r ity

a n d

C o n te n ts

o f C E H

P o lic ie s

S ecurity Policy S tructure


Detailed description o f th e policy issues Description about the status o f th e policy A pplicability o f the policy to the e n vironm ent Functionalities o f those affected by the policy

Contents of S ecurity Policies


High-level security requirem ents: Requirem ent o f a system to im plem ent security policies Policy de scription : Focuses on security disciplines, safeguards, procedures, con tinuity o f operations, and docum entation Security concept o f o p eratio n: Defines the roles, responsibilities, and functions o f a security policy A llo cation o f security en forcem ent to architectu re elem ents: Provides a com puter system architecture allocation to each system o f the program

w C o m p a tib ility level o f the policy is necessary End-consequences o f non-com pliance

Copyright by EG-C*ancil. All Rights Reserved. Reproduction is Strictly Prohibited.

S tru c tu re

a n d C o n te n ts o f S e c u r ity P o lic ie s

*I S tr u c tu r e o f S e c u r ity P o lic ie s A security policy is the docum ent th a t provides the w ay o f securing the com pany's physical personnel and data fro m threa ts o r se curity breaches. Security policies should be stru cture d very carefully and should be review ed p ro pe rly to make sure th a t th e re is no w o rd in g th a t som eone could take advantage of. The basic s tru c tu re o f security policies should include the follo w in g : 0 0 0 0 0 D etailed d e scrip tio n o f the policy issues Description o f the status o f the policy A p p lica b ility o f the policy to the e n viro n m e n t Functionalities o f those affected by the policy Specific consequences th a t w ill occur if the organizational standards policy is n ot com patible w ith the

r
C o n te n t o f S e c u r ity P o lic ie s 1 Security policies contain the fo llo w in g elem ents:

M o d u le 0 1 P ag e 74

Ethical H acking a n d C o u n te rm e a s u re s C opyright by EC-C0UnCil All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .

Ethical Hacking a n d C o u n te rm e a s u re s In tro d u c tio n to Ethical H acking

Exam 3 1 2 -5 0 C ertified Ethical H acker

H igh-level S ecurity R equirem ents: Explains the re q u ire m e n ts o f a system fo r the security policies to be im plem ented. The fo u r d iffe re n t types o f re quirem ents are discipline, safeguard, p ro cedural, and assurance. t? D iscipline S ecurity R equirem ents: This re q u ire m e n t includes various security

policies such as co m m u n ica tio n s security, c o m p u te r security, o p e ra tio n s security, e m a na tio ns security, n e tw o rk security, personnel security, in fo rm a tio n security, and physical security. ti Safeguard S ecurity R equirem ents: This re q u ire m e n t m ainly contains access co ntro l, archive, audit, a u th e n ticity, a v a ila b ility , c o n fid e n tia lity , cryptography, id e n tifica tio n and a u th e n tica tio n , in te g rity, interfaces, m arking, n o n -re p u d ia tio n , o bject reuse, recovery, and virus p ro te c tio n . P rocedural S ecurity R equirem ents: This re q u ire m e n t m ainly contains access

policies, a c c o u n ta b ility rules, c o n tin u ity -o f-o p e ra tio n s plans, and docu m e n ta tio n. t? Assurance S ecurity: This includes c e rtific a tio n and a ccre d ita tio n review s and

sustaining planning docum ents used in the assurance process. Policy D e scription: Focuses on security disciplines, safeguards, procedures, c o n tin u ity o f operations, and d o cu m e n ta tio n. Each subset o f this p o rtio n o f the policy describes how the system 's arch itectu re w ill enforce security. 0 S ecurity Concept o f O p e ra tio n : M a inly defines the roles, re sp on sib ilitie s, and fu n c tio n s o f a security policy. It focuses on mission, com m unications, e ncryption, user and m aintenance rules, id le -tim e m anagem ent, use o f p riva tely ow ned versus public-dom ain softw are, shareware softw are rules, and a virus p ro te ctio n policy. 0 A llo ca tio n o f S ecurity E nforcem ent to A rc h ite c tu re Elem ents: Provides a co m p u te r system a rch itectu re allocation to each system o f the program .

M o d u le 0 1 P ag e 75

Ethical H acking a n d C o u n te rm e a s u re s C opyright by EC-C0UnCil All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .

Ethical Hacking a n d C o u n te rm e a s u re s In tro d u c tio n to Ethical H acking

Exam 3 1 2-50 C ertified Ethical H acker

T y p e s

o f S e c u r it y

P o lic ie s

C E H

m
P a ra n o id P o licy

P ro m isc u o u s P o licy

P e rm issiv e P o licy

P ru d e n t P o licy

-----No restrictions on
In te rn e t o r re m ote access Policy begins w ide open and on ly k no w n dangerous services/attacks blocked, w hich makes it d iffic u lt to keep up w ith c u rre n t exploits It provides maximum security w h ile allow ing know n but necessary dangers It blocks all services and only safe/ necessary services are enabled individually; everything is logged It forbids everything, no In te rn e t con nection , or severely lim ite d In te rn e t usage

Copyright by EG-G*ancil. All Rights Reserved. Reproduction is Strictly Prohibited.

H -|t

T y p e s o f S e c u r ity P o lic ie s A security policy is a d o cu m e n t th a t contains in fo rm a tio n on the w ay th e com pany

plans to p ro te ct its in fo rm a tio n assets fro m kn ow n and u n kn o w n th re a ts. These policies help to m aintain the co nfid e ntia lly, availability, and in te g rity o f in fo rm a tio n . The fo u r m ajor types o f security policies are as follow s:

A
m rk

P r o m is c u o u s P o lic y W ith a prom iscuous policy, the re is no re s tric tio n on In te rn e t access. A user can

access any site, dow nload any application, and access a co m p u te r or a n e tw o rk fro m a rem ote location. W hile this can be useful in co rp orate businesses w here people w ho travel or w o rk at branch offices need to access the organizational netw orks, many m alware, virus, and Trojan threa ts are present on the Inte rn e t. Due to free In te rn e t access, this m alw are can come as a ttachm ents w ith o u t the know ledge o f the user. N e tw o rk a d m in is tra to rs m ust be extrem ely a le rt if this type o f policy is chosen. P e r m is s iv e P o lic y i!L
1

In a permissive policy, the m a jo rity o f In te rn e t tra ffic is accepted, b ut several know n

dangerous services and attacks are blocked. Because only know n attacks and exploits are

M o d u le 0 1 P ag e 76

Ethical H acking a n d C o u n te rm e a s u re s C opyright by EC-C0UnCil All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .

Ethical Hacking a n d C o u n te rm e a s u re s In tro d u c tio n to Ethical H acking

Exam 3 1 2 -5 0 C ertified Ethical H acker

blocked, it is im possible fo r adm inistrato rs to keep up w ith cu rre n t exploits. A dm in istra to rs are always playing catch-up w ith new attacks and exploits. P r u d e n t P o lic y A p ru de n t policy starts w ith all services blocked. The a d m in istra to r enables safe and necessary services individually. This provides m a xim u m security. Everything, such as system and n e tw o rk activities, is logged. P a r a n o id P o lic y c w In a paranoid policy, everything is fo rb id d e n . There is s tric t re s tric tio n on all usage o f

com pany com puters, w h e th e r it is system usage o r n e tw o rk usage. There is e ith e r no In te rn e t connection o r severely lim ite d In te rn e t usage. Due to these overly severe restrictions, users o fte n try to find ways around them .

M o d u le 0 1 P ag e 77

Ethical H acking a n d C o u n te rm e a s u re s C opyright by EC-C0UnCil All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .

Ethical Hacking a n d C o u n te rm e a s u re s In tro d u c tio n to Ethical H acking

Exam 3 1 2-50 C ertified Ethical H acker

S te p s to S e c u r ity

C re a te

a n d

Im p le m e n t

P o lic ie s

Include senior m anagem ent Perform risk assessment to iden tify risks to the organization's assets and all oth e r staff in policy developm ent

Make fin a l version available to all o f the staff in the organization

4
Set clear penalties and enforce the m and also review and update o f the security policy

Train your em ployees and educate them about the policy

Learn fro m standard guidelines and oth e r organizations

Ensure every m em ber o f your staff read, sign, and understand th e policy

Copyright by EG-G*ancil. All Rights Reserved. Reproduction is Strictly Prohibited.

S te p s to C r e a te

a n d I m p le m e n t S e c u r ity P o lic ie s

Im p lem enting se curity policies reduces the risk o f being attacked. Thus, every com pany m ust have its own security policies based on its business. The fo llo w in g are the steps to be fo llo w e d by every organization in o rd er to create and im p le m e n t security policies: 1. 2. 3. 4. 5. 6. 7. 8. Perform risk assessm ent to id e n tify risks to th e organization's assets Learn fro m standard g uidelines and o th e r organizations Include senior m anagem ent and all o th e r sta ff in policy deve lo p m en t Set clear p enalties and enforce the m and also review and update the security policy Make the final version available to all sta ff in the organization Ensure every m em ber o f yo u r sta ff reads, signs, and understands the policy Install the too ls you need to enforce th e policy Train yo ur em ployees and educate the m about the policy

M o d u le 0 1 P ag e 78

Ethical H acking a n d C o u n te rm e a s u re s C opyright by EC-C0UnCil All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .

Ethical Hacking a n d C o u n te rm e a s u re s In tro d u c tio n to Ethical H acking

Exam 3 1 2 -5 0 C ertified Ethical H acker

Acceptable-Use Policy

It defines the acceptable use of system resources It defines the account creation process and authority, rights and responsibilities of user accounts It defines who can have remote access, and defines access medium and remote access security controls i

User-Account Policy

Remote-Access Policy Inform ationProtection Policy FirewallM anagem ent Policy Special-Access Policy N etw orkConnection Policy Email Security Policy

WT

It defines the sensitivity levels of information, who may have access, how is it stored and transmitted, and how should it be deleted from storage media It defines access, management, and monitoring of firewalls in the organization This policy defines the terms and conditions of granting special access to system resources It defines who can install new resources on the network, approve the installation of new devices, document network changes, etc. It is created to govern the proper usage of corporate email It provides guidelines for using strong password protection on organization's resources

Passwords Policy

Copyright by EG-G*ancil. All Rights Reserved. Reproduction is Strictly Prohibited.

E x a m p le s o f S e c u r ity P o lic ie s The fo llo w in g are some examples o f security polies th a t are created, accepted, and used by organizations w o rld w id e to secure th e ir assets and im p o rta n t resources. A cceptable-U se Policy Defines the acceptable use o f system resources U ser-A ccount Policy Defines th e account creation process and a u th o rity , rights, and re sp o n sib ilitie s o f user accounts Remote-Access Policy Defines w ho can have re m o te access, and defines access m e d ium and re m o te access security controls In fo rm a tio n -P ro te c tio n Policy Defines the s e n s itiv ity levels o f in fo rm a tio n , w ho may have access, how is it stored and tra n s m itte d , and how should it be deleted fro m storage media F ire w a ll-M a n a g e m e n t Policy

M o d u le 0 1 P ag e 79

Ethical H acking a n d C o u n te rm e a s u re s C opyright by EC-C0UnCil All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .

Ethical Hacking a n d C o u n te rm e a s u re s In tro d u c tio n to Ethical H acking

Exam 3 1 2 -5 0 C ertified Ethical H acker

Defines access, m anagem ent, and m o n ito rin g o f fire w a lls in the organization Special-Access Policy This policy defines th e te rm s and co n d itio n s o f granting special access to system resources N e tw o rk-C o n n e ctio n Policy Defines w ho can install n ew resources on the n etw o rk, approve the in stallation o f new devices, d ocum ent n e tw o rk changes, etc. Email S ecurity Policy Created to govern the p ro pe r usage o f co rp o ra te em ail Password Policy Provides guidelines fo r using stro ng passw ord p ro te c tio n on organization's resources

M o d u le 0 1 P ag e 80

Ethical H acking a n d C o u n te rm e a s u re s C opyright by EC-C0UnCil All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .

Ethical Hacking a n d C o u n te rm e a s u re s In tro d u c tio n to Ethical H acking

Exam 3 1 2-50 C ertified Ethical H acker

V u ln e r a b ilit y

R e s e a r c h

T h e p ro c e s s o f d is c o v e r in g v u ln e r a b ilit ie s a n d d e s ig n fla w s th a t w ill o p e n an o p e r a tin g s y s te m a n d its a p p lic a tio n s to a tta c k o r m is u s e

V u ln e r a b ilitie s a re c la s s ifie d b a s e d o n s e v e r ity le v e l (lo w , m e d iu m , o r h ig h ) a n d e x p lo it ra n g e (lo c a l o r re m o te )

An administrator needs vulnerability research:


To gather in fo rm a tio n ab out To find weaknesses and a le rt the n e tw o rk a d m in istra to r before a n e tw o rk attack

security trends, threats, and attacks

To get in fo rm a tio n th a t helps

to prevent th e security problem s

To know ho w to recover fro m a n e tw o rk attack

Copyright by EG-G*ancil. All Rights Reserved. Reproduction is Strictly Prohibited.

V u ln e r a b ility R e s e a rc h V u ln e ra b ility research means discovering system design fa u lts and weaknesses th a t m ight help attackers com prom ise the system. Once the a ttacker finds o u t the v u ln e ra b ility in the p ro du ct or th e application, he or she trie s to e x p lo it it. V u ln e ra b ility research helps both security adm inistrato rs and attackers: Q Discovering system design faults and weaknesses th a t m ight help attackers to com prom ise the system Keeping abreast o f the latest v e n d o r-su p p o rte d p roducts and o th e r technologies in o rd er to find news related to cu rre n t exploits Checking new ly released alerts regarding relevant innovations and p roduct

e e

im p rovem ents fo r security systems V u ln e ra b ility research is based on the fo llo w in g classification: Q Q Q Q Q S everity level (low, m edium , or high) E xploit range (local or rem ote)

An a d m in is tra to r needs v u ln e ra b ility research: To gather in fo rm a tio n about security trends, threats, and attacks To find weaknesses and a le rt the n e tw o rk a d m in istra to r before a n e tw o rk attack To get in fo rm a tio n th a t helps to p revent security problem s To know how to recover fro m a n e tw o rk attack
Ethical H acking a n d C o u n te rm e a s u re s C opyright by EC-C0UnCil All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .

M o d u le 0 1 P ag e 81

Ethical Hacking a n d C o u n te rm e a s u re s In tro d u c tio n to Ethical H acking

Exam 3 1 2-50 C ertified Ethical H acker

V u ln e r a b ility

R e s e a r c h W e b s ite s

C E H

C o d e R e d C e n te r http://www.eccouncil.org

H a c k e r S to rm http://www.hackerstorm.co.uk

TechN et http://blogs. technet.com

3|

SC M a g a z in e
/ f fp : / / w w w .s c m o g o z / n e .c o m

1 -1

S e c u r ity M a g a z in e http://www.5ecuritymagazine.com

C o m p u te r w o r ld http://www.computerworld. com

S e c u rity F o c u s http://www.securityfocus. com

<

H a c k e rJ o u rn a ls http://www.hackerjournals.com c

H e lp N e t S e c u r ity http://www.net-security.org

\o*M v > ------

W in d o w s S e c u r ity B lo g s http://blogs.windowsecurity.com

Copyright by EG-C*ancil. All Rights Reserved. Reproduction is Strictly Prohibited.

V u l n e r a b ilit y R e s e a r c h W e b s ite s The fo llo w in g are the some v u ln e ra b ility research w ebsites th a t you can use: ill...... f -L 1 1lilll | C o d e R e d C e n te r Source: h ttp ://w w w .e c c o u n c il.o rg The CodeRed Center is a com prehensive se curity resource a d m in is tra to rs can tu rn to fo r daily, accurate, u p-to -d a te in fo rm a tio n on the latest viruses, Trojans, m alw are, threats, security tools, risks, and vulnerabilities. ( P TechN et Source: h ttp ://b lo g s.te ch n e t.co m TechN et is a p ro ject team fro m across M ic ro s o ft Lync Server team s and the co m m u n ity at large. It is led by the Lync Server d o cu m e n ta tio n team ; th e ir w rite rs and technical review ers come fro m all disciplines, including p ro du ct engineers, fie ld engineers, su pp o rt engineers, d ocu m e n ta tio n engineers, and some o f the m ost respected technology bloggers and authors in the Lync Server universe.

M o d u le 0 1 P ag e 82

Ethical H acking a n d C o u n te rm e a s u re s C opyright by EC-C0UnCil All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .

Ethical Hacking a n d C o u n te rm e a s u re s In tro d u c tio n to Ethical H acking

Exam 3 1 2 -5 0 C ertified Ethical H acker

X mVn

S e c u r ity M a g a z in e Source: h ttp ://w w w .se cu ritym a g a zin e .co m

Security Magazine is uniquely focused on solutions fo r enterprise security leaders. It is designed and w ritte n fo r business-m inded executives w ho manage e n te rp rise risk and security. Security Magazine provides m anagem ent-focused features, opinions, and trends fo r leaders in business. S e c u r ity F o c u s Source: h ttp ://w w w .s e c u rity fo c u s .c o m The Security Focus w ebsite focuses on a fe w key areas th a t are o f greatest im portance to the security co m m unity. Q BugTraq is a high-volum e, full-disclosure m ailing list fo r the detailed discussion and announcem ent o f co m p u te r security vu ln era b ilitie s. BugTraq serves as the cornerstone o f th e In te rn e t-w id e security co m m unity. 0 The SecurityFocus V u ln e ra b ility Database provides security professionals w ith the m ost u p-to -d a te in fo rm a tio n on vu ln era b ilitie s fo r all p la tfo rm s and services. H e lp N e t S e c u r ity Source: h ttp ://w w w .n e t-s e c u rity .o rg Net Security is a daily security news site th a t has been covering th e latest co m p u te r and n e tw o rk security news since its inception in 1998. Besides covering news around the globe, HNS focuses on q u a lity technical articles and papers, vu ln era b ilitie s, ve nd o r advisories, m alware, and hosts th e largest security softw are dow nload area w ith so ftw a re fo r W indow s, Linux, and Mac OS X. H a c k e rS to rm Source: http://www.hackerstorm.co.uk HackerStorm is a security resource fo r e thical hackers and p e n e tra tio n teste rs to create b e tte r p en e tra tio n testin g plans and scopes, and conduct vu ln e ra b ility research. S C M a g a z in e ^ Source: h ttp ://w w w .scm a g a zin e .co m

SC Magazine is published by H aym arket Media Inc. and is part o f a global brand. There are th re e separate editions o f the magazine: N orth Am erica - U.S. and Canada Inte rn a tion a l - U.K. and m ainland Europe

M o d u le 0 1 P ag e 83

Ethical H acking a n d C o u n te rm e a s u re s C opyright by EC-C0UnCil All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .

Ethical Hacking a n d C o u n te rm e a s u re s In tro d u c tio n to Ethical H acking

Exam 3 1 2 -5 0 C ertified Ethical H acker

Asia Pacific O nline - read by decision-m akers in over 20 co u n trie s in the Pacific Rim region

The magazine is published m o n th ly, usually in the firs t w eek o f each m o n th . It is th e longest running in fo rm a tio n security magazine in the w o rld , w ith the w idest d istrib u tio n . SC Magazine provides IT security professionals w ith in -d ep th and unbiased in fo rm a tio n in one incom parable publication. In each m o n th ly issue it has tim e ly news, com prehensive analysis, cutting-edge features, co n trib u tio n s fro m th o u g h t leaders and the best, m ost extensive co llection o f p ro du ct reviews in the business. They established IT security title in the United States. C o m p u te r w o r ld Source: h ttp ://w w w .c o m p u te rw o rld .c o m been doing this since 1989, w hen it firs t began cam paigning fo r organizations' in fo rm a tio n security leaders, making it the longest

For m ore than 40 years, C o m p ute rw o rld has been the leading source o f technology news and in fo rm a tio n fo r IT influencers w o rld w id e . C o m p u te rw o rld 's w e b site (C om puterw orld.com ), tw ic e -m o n th ly publication, focused conference series, and custom research fo rm the hub o f the w o rld 's largest global IT media netw ork.

Source: h ttp ://w w w .h a c k e rio u rn a ls .c o m Hacker Journals is an online In fo rm a tio n S ecurity C o m m u n ity. It propagates news specifically related to in fo rm a tio n security threa ts and issues fro m all over the w o rld . Its research team s search and com pile news fro m tens o f thousands o f sites to bring you the m ost relevant Cyber Security title s in one location. In a dd itio n to news, it hosts blogs and discussions, education videos, as w ell as its W orld Famous Hack.ED colum n, providing education series in Ethical Hacking and C ounterm easure Techniques and technologies. \
-

W in d o w s S e c u r it y B lo g s Source: h ttp ://b lo g s.w in d o w se cu rity.co m

W indow s security has blogs posted by fam ou s auth ors w ho are leading industry experts. It has various features such as articles and tu to ria ls, blogs, message boards, security tests, and w h ite papers.

M o d u le 0 1 P ag e 84

Ethical H acking a n d C o u n te rm e a s u re s C opyright by EC-C0UnCil All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .

Ethical Hacking a n d C o u n te rm e a s u re s In tro d u c tio n to Ethical H acking

Exam 3 1 2 -5 0 C ertified Ethical H acker

W h a t I s P e n e t r a t io n T e s t in g ?

C E H
UrtrfW* I ttfciul lUilwt

P e n e tra tio n te s tin g is a m e th o d o f e v a lu a tin g th e s e c u rity o f an in fo r m a t io n s y s te m o r n e tw o r k b y s im u la tin g a n a tta c k to f in d o u t v u ln e r a b ilit ie s th a t an a tta c k e r c o u ld e x p lo it

T e s tin g in v o lv e s a c tiv e a n a ly s is o f s y s te m c o n fig u ra tio n s , d e s ig n w e a k n e s s e s , n e tw o r k a r c h ite c tu re , te c h n ic a l fla w s , a n d v u ln e r a b ilitie s

B lack b o x te s tin g s im u la te s an a tta c k fr o m s o m e o n e w h o has n o p r io r k n o w le d g e o f th e s y s te m , a n d w h ite b o x te s tin g s im u la te s an a tta c k fr o m s o m e o n e w h o has c o m p le te k n o w le d g e a b o u t th e s y s te m

A c o m p re h e n s iv e r e p o r t w ith d e ta ils o f v u ln e ra b ilitie s d is c o v e re d a n d s u ite o f re c o m m e n d e d c o u n te rm e a s u re s is d e liv e re d to th e e x e c u tiv e , m a n a g e m e n t, a n d te c h n ic a l a u d ie n c e s

Copyright by EG-G(IIIICil. All Rights Reserved. Reproduction is Strictly Prohibited.

W h a t I s P e n e t r a t io n T e s tin g ? P enetration testing is a m ethod o f e va lu a tin g se curity levels o f a p articula r system or n etw o rk. This helps you d ete rm ine th e flaw s related to h a rd w a re and so ftw a re . The early id e n tific a tio n helps p ro te c t th e n e tw o rk . If the vu ln era b ilitie s a re n 't id e n tifie d early, the n the y becom e an easy source fo r the attacker fo r the intrusion. During p en e tratio n testing, a pen te ste r analyzes all the se curity measures em ployed by the organization fo r design weaknesses, technical flaws, and vu ln era b ilitie s. There are tw o types o f testing; black box te s tin g and w h ite b o x te stin g . Black box testin g sim ulates an attack fro m som eone w ho is u n fa m ilia r w ith the system, and w h ite box testing sim ulates an a ttacker th a t has kn ow led g e abo u t the system. Once all the tests are conducted, th e pen te ste r prepares a re p o rt and includes all the te st results and the tests conducted along w ith the vu ln era b ilitie s fou n d and the respective counterm easures th a t can be applied. Finally, the pen te ste r delivers the re p o rt to executive, m anagem ent, and technical audiences.

M o d u le 0 1 P ag e 85

Ethical H acking a n d C o u n te rm e a s u re s C opyright by EC-C0UnCil All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .

Ethical Hacking a n d C o u n te rm e a s u re s In tro d u c tio n to Ethical H acking

Exam 3 1 2 -5 0 C ertified Ethical H acker

h y

P e n e t r a t io n

T e s t in g

C E H
(rtifwd itkitjl

A
S

Identify the threats facing an organization's information assets

For testing and validating the efficiency of security protections and controls 8

Reduce an organization's expenditure on IT security and enhance Return ^ On Security Investment (ROSI) by identifying and remediating vulnerabilities or weaknesses Provide assurance with comprehensive assessment of organization's security including policy, procedure, design, and Implementation Gain and maintain certification to an industry regulation (BS7799, HIPAA etc.) Adopt best practices in compliance to legal and industry regulations

For changing or upgrading existing infrastructure of software, hardware, or network design

W Focus on high-severity vulnerabilities and emphasize application-level security issues to development teams and management Provide a comprehensive approach of preparation steps that can be taken to prevent upcoming exploitation

w Evaluate the efficiency of network security devices such as firewalls, routers, and web servers

Copyright by EG-C*ancil. All Rights Reserved. Reproduction is Strictly Prohibited.

Ip fe

W h y P e n e t r a t io n T e s t in g ? P enetration testing is required because it helps you to:

Id e n tify the threa ts facing an organization's in fo rm a tio n assets Reduce On an organization's In ve stm e n t IT security by costs and and provide resolving a b e tte r Return and S ecurity (ROSI) id e n tifyin g vu ln era b ilitie s

weaknesses Provide an organization w ith assurance: a tho ro u gh and com prehensive assessment o f organizational security covering policy, procedure, design, and im p le m e n ta tio n Gain and m aintain ce rtifica tio n to an in dustry regulation (BS7799, HIPAA etc.) A do p t best practices by co nfo rm ing to legal and in d u s try re g ula tio ns Test and validate the efficiency o f se curity p ro te c tio n s and co n tro ls Change or upgrade existing in fra stru ctu re o f softw are, hardw are, or n e tw o rk design Focus on h ig h-se ve rity v u ln e ra b ilitie s and emphasize a p p lica tio n -le ve l se curity issues to d eve lo p m en t team s and m anagem ent Provide a com prehensive approach o f pre pa ra tio n steps th a t can be taken to prevent upcom ing e xploita tio n Evaluate the efficiency o f n e tw o rk security devices such as fire w a lls, routers, and web servers

M o d u le 0 1 P ag e 86

Ethical H acking a n d C o u n te rm e a s u re s C opyright by EC-C0UnCil All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .

Ethical Hacking a n d C o u n te rm e a s u re s In tro d u c tio n to Ethical H acking

Exam 3 1 2 -5 0 C ertified Ethical H acker

P e n e tr a tio n T e s tin g

M e th o d o lo g y

As a pen tester, you should never overlook any in fo rm a tio n resource. All possible in fo rm a tio n sources m ust be tested fo r vuln era b ilitie s. Not ju st the in fo rm a tio n sources, but every m echanism and the s o ftw a re involved in yo u r business m ust be tested because if the a ttacker is n ot able to com prom ise the in fo rm a tio n system, the n he o r she may try to gain access to the system and then to th e sensitive in fo rm a tio n . A fe w attacks, such as d enial-ofservice attacks, d o n 't even need access to the system. Therefore, to ensure th a t you check all possible ways o f com prom ising a system or n etw o rk, you should fo llo w the p en e tra tio n testing m ethodology. This ensures the full scope o f the test.

M o d u le 0 1 P ag e 87

Ethical H acking a n d C o u n te rm e a s u re s C opyright by EC-C0UnCil All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .

Ethical Hacking a n d C o u n te rm e a s u re s In tro d u c tio n to Ethical H acking

Exam 3 1 2 -5 0 C ertified Ethical H acker

FIGURE 1.5: P e n e tra tio n T e s tin g M e th o d o lo g y P a rt -1

M o d u le 0 1 P ag e 88

Ethical H acking a n d C o u n te rm e a s u re s C opyright by EC-C0UnCil All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .

Ethical Hacking a n d C o u n te rm e a s u re s In tro d u c tio n to Ethical H acking

Exam 3 1 2 -5 0 C ertified Ethical H acker

P e n e tr a tio n T e s t in g M e t h o d o lo g y ( C o n t d )

Mobile Devices Penetration Testing

Tff H

SAP Penetration Testing

Email Security

Penetration Testing

FIGURE 1.6: P e n e tra tio n T e s tin g M e th o d o lo g y P a rt 2

M o d u le 0 1 P ag e 8 9

Ethical H acking a n d C o u n te rm e a s u re s C opyright by EC-C0l1nCil All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .

Ethical Hacking a n d C o u n te rm e a s u re s In tro d u c tio n to Ethical H acking

Exam 3 1 2 -5 0 C ertified Ethical H acker

M o d u le

S u m

a r y

C E H

C o m p le x ity o f s e c u rity r e q u ir e m e n ts is in c re a s in g d a y b y d a y as a re s u lt o f e v o lv in g te c h n o lo g y , c h a n g in g h a c k in g ta c tic s , e m e rg in g s e c u rity v u ln e r a b ilitie s , e tc.

H a c k e r o r c ra c k e r is o n e w h o acce sses a c o m p u te r s y s te m b y e v a d in g its s e c u rity s y s te m E th ic a l h a c k in g in v o lv e s th e use o f h a c k in g to o ls , tric k s , a n d te c h n iq u e s to id e n tify v u ln e r a b ilitie s so as to e n s u re s y s te m s e c u rity E th ic a l h a c k e rs h e lp o r g a n iz a tio n to b e tte r u n d e rs ta n d t h e ir s e c u rity s y s te m s a n d id e n tify th e risks, h ig h lig h t th e re m e d ia l a c tio n s , a n d a ls o re d u c e ICT c o s ts b y re s o lv in g th o s e v u ln e r a b ilitie s E th ic a l h a c k e r s h o u ld p o sses p la t fo r m k n o w le d g e , n e tw o r k k n o w le d g e , c o m p u te r e x p e rt, s e c u rity k n o w le d g e , a n d te c h n ic a l k n o w le d g e s kills E th ic a l h a c k in g is a c ru c ia l c o m p o n e n t o f ris k a s s e s s m e n t, a u d itin g , c o u n te r fra u d , b e s t p ra c tic e s , a n d g o o d g o v e rn a n c e

Copyright by EG-G*ancil. All Rights Reserved. Reproduction is Strictly Prohibited.

M o d u le

S u m m a ry

This m odule is sum m arized as follow s: The co m p lexity o f se curity re q u ire m e n ts is increasing day by day as a result o f evolving technology, changing hacking tactics, em erging security vu ln era b ilitie s, etc. A hacker o r cracker is som eone w h o accesses a co m p u te r system by evading its se curity system. Q Ethical hacking involves the use o f hacking tools, tricks, and techniques to id e n tify v u ln e ra b ilitie s to ensure system security. 0 Ethical hackers help organizations to b e tte r understand th e ir security systems and id e n tify th e risks, highlight the re m e d ial actions, and also reduce ICT costs by resolving those vu ln erabilities. Q An ethical hacker possesses p la tfo rm know ledge, n e tw o rk know ledge, c o m p u te r

expert, se curity know ledge, and tech n ica l kn ow led g e skills. Q Ethical hacking is a crucial co m p on e nt o f risk assessment, auditing, co u n te r fraud, best practices, and good governance.

M o d u le 0 1 P ag e 9 0

Ethical H acking a n d C o u n te rm e a s u re s C opyright by EC-C0UnCil All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .