Professional Documents
Culture Documents
E th ical H ack in g
Module 01
Ethical Hacking and Countermeasures Exam 312-50 Certified Ethical Hacker
Introduction to Ethical Hacking
In t r o d u c t io n to E t h ic a l
H a c k in g
M o d u le 0 1
E n g i n e e r e d b y H a c k e r s . P r e s e n t e d b y P r o f e s s io n a ls .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s v 8
M o d u le 0 1 : In t r o d u c tio n to E th ic a l H a c k in g
E x a m 3 1 2 -5 0
S e c u r ity N e w s CEH
.
_ ■ ■. ז י ■
- . * י • Iן
? י ! ■ ; ■־ ■ל־
■ ■ יי
H o m e | A b o u t U s \ P o r t f o lio | C o n t a c t U s | S e r v ic e
C om puter attacks th a t ta rg e t undisclosed v u ln e ra b ilitie s are m ore com m on and last longer than
many security researchers previously th o u g h t. The fin d in g comes fro m a new study th a t tracked
the num ber and duration o f so-called zero-day exploits over three years.
The typical zero-day attack, by d e fin itio n , e xp lo its s o ftw a re fla w s before th e y are publicly
disclosed. It lasts on average 312 days, w ith some lasting as long as tw o and a half years,
according to th e study by researchers fro m antivirus p rovider Symantec. O f the 18 zero-day
attacks the researchers found betw een 2008 and 2 0 1 1 ,1 1 o f the m previously w e n t undetected.
Recent revelations th a t th e S tuxnet m alw are th a t sabotaged Iranian nuclear facilities relied on
five zero days already underscored th e th re a t posed by such attacks. But th e researchers said
th e ir findings suggest th e menace may be even greater.
h ttp : //a r s te c h n ic a .c o m
N e w s
Z e r o - d a y A tta c k s a r e M e a n e r , m o r e R a m p a n t th a n w e
e v e r th o u g h t
a tta c k s th e re s e a rc h e rs fo u n d b e tw e e n 2 0 0 8 a n d 2 0 1 1 , 11 o f th e m p re v io u s ly w e n t u n d e te c te d .
t h e ir fin d in g s s u g g e s t th e m e n a c e m a y b e e v e n g re a te r.
p e r c e n t o f t h e z e r o - d a y v u l n e r a b i l i t i e s w e i d e n t i f y in o u r s t u d y w e r e not known b e fo re , w h ic h
s u g g e s ts th a t th e r e a re m any m o re z e ro -d a y a tta c k s th a n p re v io u s ly t h o u g h t — p e rh a p s m o re
t h a n t w ic e as m a n y . "
b u g in t h e W i n d o w s s h e ll h a d t h e l o n g e s t d u r a t i o n : 3 0 m o n t h s .
c o n t in u e s t o d o so ). T h e S t u x n e t a n d C o n fic k e r e x p lo it t a r g e t e d 1 .5 m illio n a n d 4 5 0 ,0 0 0 h o s ts
re s p e c tiv e ly . T h e re s u lts , t h e r e s e a r c h e r s s a id , d e m o n s t r a t e d th e d iv id e n d s re tu rn e d b y z e ro -
d a y e x p lo its , w h ic h c a n c o m m a n d p ric e s as h ig h as $ 2 5 0 ,0 0 0 .
a p p ro x im a te ly 3 7 0 ,0 0 0 m a c h in e s w it h o u t b e in g d e te c te d o ver m o re th a n tw o m o n th s ," th e y
p o s s i b l e c a u s e o f t h e s u r g e i n n e w f i l e s , t h e r e s e a r c h e r s s a i d , is t h a t t h e e x p l o i t s m a y h a v e b e e n
re p a c k a g e d v e rs io n s o f th e s a m e a tta c k .
" H o w e v e r , i t is d o u b t f u l t h a t r e p a c k i n g a l o n e c a n a c c o u n t f o r a n i n c r e a s e b y u p t o f i v e o r d e r s o f
m a g n i t u d e , " t h e y w r o t e . " M o r e l i k e l y , t h i s i n c r e a s e is t h e r e s u l t o f t h e e x t e n s i v e r e - u s e o f f i e l d -
p r o v e n e x p l o i t s in o t h e r m a l w a r e . "
h t t p : / / a r s t e c h n i c a . c o m / s e c u r i t v / 2012 / 10/ z e r o - d a v - a t t a c k s - a r e - m e a r 1e r - a r 1d - m o r e - p l e n t i f u l -
th a n -th o u g h t/
M o d u le O b je c tiv e s CEH
J E le m e n ts o f In f o r m a tio n S e c u rity J W h y E th ic a l H a c k in g Is N e c e s s a ry
J T o p In fo r m a tio n S e c u rity A tta c k
. J S kills o f an E th ica l H a c k e r
V e c to rs
r j In c id e n t M a n a g e m e n t P rocess
J In f o r m a tio n S e c u rity T h re a ts
a s
Copyright © by EG-G*ancil. All Rights Reserved. Reproduction is Strictly Prohibited.
M o d u l e O b je c t iv e s
Sf —1
I t is i m p o r t a n t t o b e a r in m i n d t h a t a t t a c k e r s b r e a k i n t o s y s t e m s f o r v a r i o u s r e a s o n s
a n d p u r p o s e s . T h e r e f o r e , i t is i m p o r t a n t t o c o m p r e h e n d h o w m a l i c i o u s h a c k e r s e x p l o i t s y s t e m s
a n d t h e p r o b a b l e r e a s o n s b e h i n d t h e a t t a c k s . A s S u n T z u p u t it in t h e A r t o f W a r , " I f y o u k n o w
y o u r s e l f b u t n o t t h e e n e m y , f o r e v e r y v i c t o r y g a i n e d , y o u w i l l a l s o s u f f e r a d e f e a t . " I t is t h e d u t y
E t h i c a l h a c k i n g is t h e p r o c e s s o f c h e c k i n g a n d t e s t i n g t h e o r g a n i z a t i o n n e t w o r k f o r t h e p o s s i b l e
c o m p u t e r s y s te m , th e r e b y in c re a s in g th e s e c u rity p e r im e te r o f a n o rg a n iz a tio n .
T h is m o d u le c o v e rs :
0 H a c k in g P h a se s
0 D a ta B re a c h In v e s tig a tio n s R e p o rt
0 E s s e n tia l T e r m in o l o g y 0 T y p e s o f A tta c k s o n a S y s te m
0 E le m e n ts o f I n fo r m a tio n S e c u rity 0 W h y E t h i c a l H a c k i n g Is N e c e s s a r y
0 V u ln e r a b ility R e s e a rch
0 E ffe c ts o f H a c k in g o n B u s in e s s
0 W h a t Is P e n e t r a t i o n T e s t i n g ?
0 W h o Is a H a c k e r ?
M o d u l e F lo w
'־
In fo rm a tio n s e c u rity re fe rs to p ro te c tin g or s a fe g u a rd in g any k in d of s e n s itiv e
i-g ! In f o r m a t io n S e c u rity O v e r v ie w H a c k in g P h a se s
f c —־
I n t e r n e t C r i m e C u r r e n t R e p o r t : I C 3 CEH
(•rtifwd itk itjl
I n t e r n e t C r im e C o m p la in t C e n t e r (IC 3 )
htp://www.ic3.gov
Copyright © by EG-G*ancil. All Rights Reserved. Reproduction Is Strictly Prohibited.
I n t e r n e t C r i m e C u r r e n t R e p o r t : I C 3
T h e f o l l o w i n g is t h e c r i m e r e p o r t d a t a f r o m I C 3 ; t h e I n t e r n e t C r i m e C o m p l a i n t C e n t e r ( I C 3 ) is a
C e n te r (N W 3 C ), a n d th e B u re a u o f J u s tic e A s s is ta n c e (B JA ). A c c o r d in g t o IC 3 , o n l i n e In te rn e t
c r im e c o m p la in t s a re in c r e a s in g d a ily . F ro m t h e g r a p h , y o u c a n o b s e r v e t h a t in t h e y e a r 2 0 0 5 ,
d e c re a s e d to s o m e e x te n t.
I n t e r n e t C r im e C o m p la in t C e n te r (IC 3 )
by I C 3
2 5 0 .0 0 0 231,493
207,492 206,884
2 0 0 .0 0 0
r e c e iv e d
1 5 0 .0 0 0
1 0 0 .0 0 0
C o m p la in ts
5 0 ,0 0 0
0 ______ ״
r
28% / 97%
H a c k in g
P h y s ic a l
E n v ir o n m e n ta l I 0% I 0%
P e rc e n t o f B re a c h e s a n d P e rc e n t o f R e c o rd s
h ttp : //w w w .v e r iz o n b u s in e s s .c o m
D a t a B r e a c h I n v e s t i g a t i o n s R e p o r t
n
— S o u rce : h ttp ://w w w .v e riz o n b u s in e s s .c o m
p e r c e n t o f b r e a c h e s a n d p e r c e n t o f r e c o r d s . F r o m t h e r e p o r t , i t is c l e a r t h a t m o s t o f t h e s e c u r i t y
b r e a c h e s h a p p e n i n g t o d a y a r e b e c a u s e o f h a c k i n g . T h e r e f o r e , in o r d e r t o p r o t e c t y o u r s e l f f r o m
d a ta o r s e c u r it y b re a c h e s , y o u s h o u ld te s t y o u r n e t w o r k s e c u rity a g a in s t h a c k in g .
M a lw a r e 28% / 97%
H a c k in g I 58 % / 99%
S o c ia l 22% I 38%
M is u s e 7% / <1%
......... ..........
P h y s ic a l 17% I<1 %
E rro r
tmrnmitmmt 7 % / <1%
H
E n v ir o n m e n ta l 0% / 0%
I I
P e rc e n t o f B re a c h e s a n d P e rc e n t o f R e c o rd s
E s s e n tia l T e r m in o lo g y CEH
H a c k V a lu e T a r g e t o f E v a lu a t io n
E x p lo it Z e ro -D a y A tta c k
V u ln e r a b ility D a is y C h a in in g
E s s e n t ia l T e r m i n o l o g y
x ן H a c k V a lu e
in te re s tin g . H a c k e rs m ig h t fe e l th a t b re a k in g d o w n th e t o u g h e s t n e t w o r k s e c u r ity m ig h t g iv e
t h e m g r e a t s a t i s f a c t i o n , a n d t h a t i t is s o m e t h i n g t h e y a c c o m p l i s h e d t h a t n o t e v e r y o n e c o u l d d o .
E x p lo it
v u ln e ra b ility . T h e te r m e x p l o i t is u s e d w h e n a n y k i n d o f a t t a c k h a s t a k e n p la c e o n a s y s te m or
th e v u ln e ra b ilitie s .
V u ln e r a b ilit y
V u l n e r a b i l i t y is a w e a k n e s s i n d e s i g n o r a n i m p l e m e n t a t i o n e r r o r t h a t c a n l e a d t o a n
u n e x p e c t e d a n d u n d e s i r a b l e e v e n t c o m p r o m i s i n g t h e s e c u r i t y o f t h e s y s t e m . In s i m p l e w o r d s , a
T a r g e t o f E v a lu a t io n
3 /
A ta rg e t o f e v a lu a tio n is a n IT s y s t e m , p ro d u c t, o r c o m p o n e n t th a t is i d e n t i f i e d /
Z e r o - d a y A tta c k
D a is y C h a in in g
E le m e n t s o f I n f o r m a t i o n S e c u r it y CEH
A s ta te o f w e ll- b e in g o f in fo r m a t io n a n d in fr a s tr u c tu r e in w h ic h th e p o s s ib ility o f t h e f t ,
t a m p e r in g , a n d d is r u p t io n o f in f o r m a t io n a n d s e rv ic e s is k e p t lo w o r to le r a b le
Assurance that the Assurance that the systems responsible Guarantee that the sender of a message
information is accessible for delivering, storing, and processing cannot later deny having sent the
only to those authorized information are accessible when message and that the recipient cannot
to have access required by the authorized users deny having received the message
,jp ► E le m e n t s o f I n f o r m a t i o n S e c u r it y
-״ C o n f id e n t ia lit y
o r a h a c k in g a t t e m p t .
f r I n t e g r it y
zL ---------- I n t e g r i t y is t h e t r u s t w o r t h i n e s s o f d a t a o r r e s o u r c e s i n t e r m s o f p r e v e n t i n g i m p r o p e r
a c c u r a t e f o r its p u r p o s e .
A v a ila b ilit y
■ "f? ■
A v a i l a b i l i t y is t h e a ssu ra n ce th a t th e s y s te m s re s p o n s ib le f o r d e liv e rin g , s to rin g , a n d
p ro c e s s in g in f o r m a t io n a re a c c e s s ib le w h e n r e q u ir e d b y a u th o r iz e d u s e rs .
A u t h e n t ic it y
t h a t e n s u re s th e q u a lit y o f b e in g g e n u in e o r n o t c o r r u p te d f r o m th e o rig in a l. T h e m a jo r ro le s o f
a u t h e n t i c a t i o n i n c l u d e c o n f i r m i n g t h a t t h e u s e r is w h o h e o r s h e c l a i m s t o be a n d e n s u rin g th e
m e s s a g e is a u t h e n t i c a n d n o t a l t e r e d o r f o r g e d . B i o m e t r i c s , s m a r t c a r d s , a n d d i g i t a l c e r t i f i c a t e s
p g jj N o n - r e p u d ia t io n
c o m m u n ic a tio n c a n n o t d e n y th e a u t h e n t ic it y o f t h e ir s ig n a tu r e o n a d o c u m e n t o r th e s e n d in g
o f a m e s s a g e t h a t t h e y o r i g i n a t e d . I t is a w a y t o g u a r a n t e e t h a t t h e s e n d e r o f a m e s s a g e c a n n o t
la te r d e n y h a v in g se n t th e m essage and th a t th e re c ip ie n t c a n n o t d e n y h a v in g re c e iv e d th e
m essage.
T h e S e c u r ity , F u n c t io n a lit y , a n d
CEH
U s a b ilit y T r i a n g l e
| M o vin g th e ball to w a rd s |
F u n cc t i o n a l i t y
j se cu rity means less
: fu n c tio n a lity and u sa b ility j »
(F e a tu re s)
S e c u rity
( R e s tr ic tio n s ) W * .is U s a b ility
(G U I)
T h e S e c u r it y , F u n c t i o n a l i t y , a n d U s a b i l i t y T r i a n g l e
T e c h n o l o g y is e v o l v i n g a t a n u n p r e c e d e n t e d r a t e . A s a r e s u l t , n e w p r o d u c t s t h a t r e a c h
th e m a rk e t te n d to be e n g in e e re d f o r e a s y -to -u s e ra th e r th a n s e c u re c o m p u tin g . T e c h n o lo g y ,
in c re a s in g b u ilt-in d e fa u lt s e c u rity m e c h a n is m s m e a n s u s e rs h a v e to be m o re c o m p e te n t. As
c o m p u t e r s a r e u s e d f o r m o r e a n d m o r e r o u t i n e a c t i v i t i e s , i t is b e c o m i n g i n c r e a s i n g l y d i f f i c u l t f o r
s e c u r in g s y s te m s . T h is in c lu d e s t im e n e e d e d t o c h e c k lo g file s , d e t e c t v u ln e r a b ilit ie s , a n d a p p ly
s e c u rity u p d a te p a tc h e s .
T e c h n o lo g y ) reso u rce s.
c o m p u te r s y s te m s . H a c k in g re q u ire d g re a t p ro fic ie n c y . H o w e v e r, to d a y th e re a re a u to m a te d
in s is t o n " t a k i n g b a c k t h e n e t " as w e l l a s p e o p l e w h o b e l i e v e t h a t t h e y a r e d o i n g a ll a f a v o r b y
t o b e c o m e a s u c c e s s fu l a tta c k e r.
is a n i l l u s i o n . H o w e v e r , t h e f a s t - e v o l v i n g g e n r e o f " s c r i p t k i d d i e s " is l a r g e l y c o m p r i s e d o f l e s s e r -
T h e in c r e a s in g ly n e t w o r k e d e n v ir o n m e n t , w i t h c o m p a n ie s o f t e n h a v in g t h e i r w e b s it e as a s in g le
c o r p o r a t i o n s n e e d t o in v e s t in s e c u r i t y m e a s u r e s t o p r o t e c t t h e i r i n f o r m a t i o n a s s e ts .
M o d u l e F lo w
l r ' 5 ,ד
v e c to r s o f in fo r m a t io n s e c u rity .
|~ U In fo r m a tio n S e c u rity O v e r v ie w H a c k in g P h a se s
Eel-------
I n f o r m a tio n S e c u rity T h re a ts * - . . |
T yp e s o f A tta c k s
M a n d A tta c k V e c to rs
s y s te m s .
T o p I n f o r m a t i o n S e c u r it y
CEH
A tta c k V e c to rs
V irtua liza tion and Organized Un-patched Targeted Social
Cloud C om puting Cyber Crime Softw are M alw ares N etw o rkin g
?a י IF 3I 't t A
ויי,
Insider Threats
! j׳
In fo rm a tio n S y s te m s
Complexity of
Computer Infrastructure
T o p I n f o r m a t i o n S e c u r it y A t t a c k V e c t o r s
t a k e a d v a n t a g e o f t h e v u l n e r a b i l i t i e s p r e s e n t in t h e i n f o r m a t i o n s y s t e m in o r d e r t o c a r r y o u t a
p a rtic u la r a tta c k .
com e.
in fo r m a tio n s y s te m s :
0 V ir t u a liz a t io n a n d C lo u d C o m p u t in g
0 O rg a n iz e d C y b e r C rim e
0 U n p a tc h e d S o ftw a re
0 T a rg e te d M a lw a re
0 S o c ia l N e t w o r k i n g
0 In s id e r T h re a ts
0 B o tn e ts
0 Lack o f C y b e r S e c u rity P ro fe s s io n a ls
0 N e tw o r k A p p lic a tio n s
0 I n a d e q u a t e S e c u r it y P o lic ie s
0 M o b ile D e v ic e S e c u r ity
0 C o m p lia n c e w it h G o v t. L a w s a n d R e g u la tio n s
0 H a c k tiv is m
M o t i v e s , G o a ls , a n d O b j e c t i v e s o f
I n f o r m a t i o n S e c u r it y A t t a c k s
A tta c k s A t t a c k s = M o t i v e ( G o a l) + M e t h o d + V u l n e r a b i l i t y
M o t i v e s , G o a ls , a n d O b je c t iv e s o f I n f o r m a t i o n
— -E l S e c u r it y A t t a c k s
v a lu a b le in f o r m a t io n , f o r th e s a k e o f c u r io s ity , o r e v e n t o ta k e r e v e n g e o n t a r g e t o rg a n iz a tio n .
s h e is c a r r y i n g o u t s u c h a n a c t i v i t y . O n c e , t h e a t t a c k e r d e t e r m i n e s h is /h e r g o a l, h e o r s h e ca n
a c c o m p l i s h t h e g o a l b y a d o p t i n g v a r i o u s t e c h n i q u e s t o e x p l o i t v u l n e r a b i l i t i e s in a n i n f o r m a t i o n
In f o r m a t io n S e c u r ity T h r e a ts CEH
0 0 0 0 0 0
N a tu ra l P h y s ic a l H um an
T h re a ts S e c u rity T h re a ts T h re a ts
0 0 0 0 0 0 ,
I n f o r m a t i o n S e c u r it y T h r e a t s
N a tu r a l T h r e a ts
t h r e a t s c a n n o t b e p r e v e n t e d a s n o o n e k n o w s in a d v a n c e t h a t t h e s e t y p e s o f t h r e a t s w i l l o c c u r .
H o w e ve r, yo u can im p le m e n t a fe w s a fe g u a r d s a g a in s t n a tu r a l d is a s te rs b y a d o p t in g d is a s te r
r e c o v e r y p la n s a n d c o n t in g e n c y p la n s .
P h y s ic a l S e c u r it y T h r e a ts
P h y s ic a l t h r e a t s m a y i n c lu d e lo s s o r d a m a g e o f s y s t e m re s o u rc e s t h r o u g h fire , w a te r ,
use d to s to re in fo rm a tio n .
H u m a n T h r e a ts
Hum an th re a ts in c lu d e th re a ts o f a tta c k s p e r fo r m e d by b o th in s id e rs a n d o u ts id e rs .
e n g in e e r in g t o le a rn t h e s e c u rity p o s tu r e o f t h e in f o r m a t io n s y s te m .
I n f o r m a t i o n S e c u r it y T h r e a t s ( C o n t ’ d )
4r K ir
H u m a n t h r e a t s c a n b e f u r t h e r c la s s ifie d in t o t h r e e t y p e s , as f o llo w s :
N e tw o r k T h r e a ts
״
A n e t w o r k is d e f i n e d as t h e c o lle c tio n o f c o m p u te rs a nd o th e r h a rd w a re c o n n e c te d
T h e a tta c k e r ca n im p o s e v a rio u s th re a ts o n a ta r g e t n e tw o r k :
0 In fo rm a tio n g a th e rin g
0 S n iffin g a n d e a v e s d r o p p in g
0 S p o o fin g
0 S e s s io n h ija c k in g a n d m a n - i n - t h e - m i d d le a tta c k s
0 SQL in je c tio n
0 A R P P o is o n in g
0 P a s s w o rd -b a s e d a tta c k s
© D e n ia l o f s e rv ic e a tta c k
© C o m p ro m is e d -k e y a tta c k
vL H o s t T h r e a ts
H o s t t h r e a t s a re d ir e c te d a t a p a r tic u la r s y s te m o n w h ic h v a lu a b le in f o r m a t io n re s id e s .
p o s s ib le th r e a t s t o t h e h o s t:
0 M a lw a re a tta c k s
0 T a rg e t F o o tp rin tin g
0 P a s s w o rd a tta c k s
0 D e n ia l o f s e rv ic e a tta c k s
0 A rb itra ry c o d e e x e c u tio n
© U n a u th o riz e d access
0 B a ck d o o r A tta c k s
© P h y s ic a l s e c u r it y t h r e a t s
A p p lic a t io n T h r e a ts
© C o n fig u ra tio n m a n a g e m e n t
© In f o r m a t io n d is c lo s u re
© S e s s io n m a n a g e m e n t is s u e s
© B u f f e r o v e r f l o w is s u e s
0 C ry p to g ra p h y a tta c k s
0 P a ra m e te r m a n ip u la tio n
0 Im p r o p e r e r r o r h a n d lin g a n d e x c e p tio n m a n a g e m e n t
0 A u d it in g a n d lo g g in g is s u e s
T h e te r m in fo r m a t io n w a rfa re o r In fo W a r re fe rs to th e u se o f in f o r m a t io n a n d c o m m u n ic a tio n
te c h n o lo g ie s (IC T) to ta k e c o m p e titiv e a d v a n ta g e s o v e r an o p p o n e n t
t \ ( \
D e fe n s iv e I n f o r m a t io n W a r fa r e O ffe n s iv e I n f o r m a t io n W a r fa r e
D e fe n s iv e W a rfa re
a. Prevention
Deterrence
Alerts
Detection
Emergency
Preparedness
Response
%
I n f o r m a t i o n W a r f a r e
c o m m u n i c a t i o n t e c h n o l o g i e s (IC T ) t o t a k e c o m p e t i t i v e a d v a n t a g e s o v e r a n o p p o n e n t .
D e f e n s i v e I n f o r m a t i o n W a r f a r e : It r e f e r s t o a ll s t r a t e g i e s a n d a c t i o n s t o d e f e n d a g a i n s t a t t a c k s
o n IC T a s s e t s .
IC T a s s e t s o f a n o p p o n e n t .
D e fe n s iv e W a r fa r e O ffe n s iv e W a r fa r e
P reve ntion
D ete rren ce
A le rts
D ete ctio n
Em ergency
Preparedness
Response
IP v 6 S e c u r ity T h r e a ts CEH
A u to C o n f ig u r a t io n T h r e a t s
I n c o m p a t ib ilit y o f L o g g in g S y s te m s
IPv6 uses 128-bit addresses, which are stored as a 39-digit string whereas
IPv4 addresses stored in a 15-character field; logging solutions designed for
IPv4 may not w ork on IPv6 based networks
Administrators use rate lim itin g strategy to slow down the automated attack
tool; however, it is impractical to rate lim it at the 128-bit address level
I P v 6 S e c u r it y T h r e a t s
C o m p a re d to IP v4 , IP v 6 h a s a n im p ro v e d s e c u rity m e c h a n is m th a t a ssu re s a h ig h e r
I P v 6 is s t i l l v u l n e r a b l e . I t s t i l l p o s s e s s e s i n f o r m a t i o n s e c u r i t y t h r e a t s t h a t i n c l u d e :
A u to C o n f ig u r a t io n T h r e a ts
IP v 6 e n a b le s a u t o - c o n f ig u r a t io n o f IP n e t w o r k s , w h i c h m a y le a v e u s e r v u ln e ra b le to
a t t a c k s i f t h e n e t w o r k is n o t c o n f i g u r e d p r o p e r l y a n d s e c u r e l y f r o m t h e b e g i n n i n g .
s o u r c e s o f m a l w a r e ; v e n d o r s w i l l t a k e t i m e t o d e v e l o p r e p u t a t i o n - b a s e d p r o t e c t i o n f o r IP v 6 .
e 5 I n c o m p a t ib ilit y o f L o g g in g S y s te m s
.— . IP v 6 uses 1 2 8 -b it a d d re s se s, w h ic h a re s to re d as a 3 9 -d ig it s trin g , w h e re a s IP v 4
a d d re s s e s a re s to re d in a 1 5 - c h a r a c t e r f i e l d ; lo g g in g s o l u t i o n s d e s i g n e d f o r IP v 4 m a y n o t w o r k
o n IP v6 -b a se d n e tw o rk s .
R a te L im it in g P r o b le m
h o w e v e r , i t is i m p r a c t i c a l t o r a t e l i m i t a t t h e 1 2 8 - b i t a d d r e s s l e v e l .
IP v 6 S e c u r ity T h r e a ts q e \\
( C o n t ’d ) (•itifwtf | ttfciu! Nm Im
D e fa u lt IP v 6 C o m p le x ity o f N e tw o r k
A c tiv a tio n M anagem ent Tasks
N 4 <r
*־־
t± ±3
O v e r lo a d in g o f P e r im e te r C o m p l e x i t y in V u l n e r a b i l i t y
S e c u r it y C o n t r o ls A ssessm ent
I P v 6 S e c u r it y T h r e a t s ( C o n t ’ d )
Y o u m a y a ls o f in d t h e f o l l o w i n g t h r e a t s w h e n u s in g IP v6 :
D e fa u lt IP v 6 A c t iv a t io n
[1
- j C o m p le x it y o f N e tw o r k M a n a g e m e n t T a s k s
c 5 c o o r s im p ly IP v 4 la s t o c t e t f o r d u a l s ta c k ) le a d in g t o a p o te n tia l v u ln e r a b ility .
C o m p le x it y in V u ln e r a b ilit y A s s e s s m e n t
c— * ־ I P v 6 ׳s 1 2 8 - b i t a d d r e s s s p a c e m a k e s a c t i v e s c a n n i n g o f i n f r a s t r u c t u r e f o r u n a u t h o r i z e d
o r v u ln e ra b le s y s te m s m o r e c o m p le x .
O v e r lo a d in g o f P e r im e te r S e c u r it y C o n tr o ls
r o u t e r s , s e c u r i t y g a t e w a y s , f i r e w a l l s , a n d ID S .
IP v 6 S e c u r ity T h r e a ts EH
( C o n t ’d ) tthKJl IlMkM
S e c u r i t y I n f o r m a t i o n a n d E v e n t M a n a g e m e n t ( S I E M ) P r o b le m s
Every IPv6 h o s t can have m u ltip le IPv6 addresses s im u lta n e o u sly, w h ic h leads to
c o m p le x ity o f log o r e ve n t c o rre la tio n
Denlal-of-Servlce (DOS)
O ve rlo a d in g o f n e tw o rk s e c u rity and c o n tro l devices can s ig n ific a n tly re d u ce th e
a v a ila b ility th re s h o ld o f n e tw o rk resources le a d in g to DoS attacks
Trespassing
IPv6's ad vanced n e tw o rk disco ve ry fe a tu re s can be e x p lo ite d by attackers tra v e rs in g
th ro u g h y o u r n e tw o rk an d accessing th e re s tric te d resources
I P v 6 S e c u r it y T h r e a t s ( C o n t ’ d )
W W W
T h e f o l l o w i n g IP v 6 s e c u r it y t h r e a t s c a n a ls o c a u s e s e r i o u s d a m a g e t o y o u r n e t w o r k :
a IP v 4 to IP v 6 T r a n s la t io n Is s u e s
T r a n s l a t i n g IP v 4 t r a f f i c t o IP v 6 m a y r e s u l t in p o o r i m p l e m e n t a t i o n a n d m a y p ro v id e a
p o te n tia l a tta c k v e c to r.
S e c u r it y I n f o r m a t io n a n d E v e n t M a n a g e m e n t (S IE M )
M P r o b le m s
E v e r y IP v 6 h o s t c a n h a v e m u l t i p l e IP v 6 a d d r e s s e s s im u l t a n e o u s l y , w h i c h le a d s t o c o m p l e x i t y o f
lo g o r e v e n t c o r r e la tio n .
D e n ia l- o f- s e r v ic e (D O S )
T r e s p a s s in g
F lo w CEH
(•rtifwd itkitjl
^ י ^יי ייי-
H a c k in g T ypes of In fo rm a tio n S e c u r ity
P hases A tta c k s C o n tro ls
M o d u l e F lo w
S o f a r w e h a v e d is c u s s e d i n f o r m a t i o n s e c u r i t y , its t h r e a t s a n d a t t a c k v e c t o r s . N o w w e
w ill d is c u s s h o w a n a t t a c k e r c o m p r o m i s e s i n f o r m a t i o n s e c u r it y w i t h t h e h e lp o f a t t a c k v e c t o r s .
|~ U In fo r m a tio n S e c u rity O v e r v ie w H a c k in g P h a se s
Eel-------
^ In fo r m a tio n S e c u rity T h re a ts * - . . |
T yp e s o f A tta c k s
a n d A tta c k V e c to rs
t h e e f f e c t s o f h a c k in g a c t iv it ie s o n b u s in e s s , a n d d i f f e r e n t c la s s e s o f a t t a c k e r s .
H a c k in g v s . E th ic a l H a c k in g
J H a c k in g re fe rs t o e x p lo it in g s y s te m v u ln e r a b ilit ie s a n d
c o m p r o m is in g s e c u r it y c o n t r o ls t o g a in u n a u th o r iz e d o r
in a p p r o p r ia t e a c c e ss t o t h e s y s te m re s o u rc e s
J It in v o lv e s m o d if y in g s y s te m o r a p p lic a t io n f e a t u r e s t o
a c h ie v e a g o a l o u ts id e o f t h e c r e a to r 's o r ig in a l p u rp o s e
J E th ic a l h a c k in g in v o lv e s t h e u se o f h a c k in g to o ls , tr ic k s ,
a n d te c h n iq u e s t o i d e n t i f y v u ln e r a b ilit ie s so as t o
e n s u re s y s te m s e c u r ity
J It fo c u s e s o n s im u la tin g te c h n iq u e s u s e d b y a tta c k e rs t o
v e r if y t h e e x is te n c e o f e x p lo it a b le v u ln e r a b ilit ie s in
t h e s y s te m s e c u r ity
H a c k i n g v s . E t h i c a l H a c k i n g
- — ״ M o s t p e o p le d o n o t u n d e rs ta n d th e d iffe re n c e b e tw e e n h a c k in g a n d e th ic a l h a c k in g .
H a c k in g
p u rp o se .
E t h ic a l H a c k in g
a t t a c k e r s t o v e r i f y t h e e x i s t e n c e o f e x p l o i t a b l e v u l n e r a b i l i t i e s in t h e s y s t e m s e c u r i t y .
E f f e c t s o f H a c k i n g o n B u s in e s s CEH
U rtifM IthKJl lUckM
E f f e c t s o f H a c k i n g o n B u s in e s s
b u s in e s s e s w o r l d w i d e $ 1 . 1 t r i l l i o n a n n u a l l y . E v e r y b u s in e s s m u s t p r o v i d e s t r o n g s e c u r i t y f o r its
c u s t o m e r s ; o t h e r w i s e t h e b u s in e s s m a y p u t its r e p u t a t i o n a t s ta k e a n d m a y e v e n fa c e la w s u it s .
m u s t f a c e h u g e f i n a n c i a l lo s s e s a n d m a y e v e n lo s e its r e p u t a t i o n .
O n c e a n a t t a c k e r g a in s c o n t r o l o v e r t h e u s e r 's s y s t e m , h e o r s h e c a n a c c e s s a ll t h e f ile s t h a t a r e
s to re d on th e c o m p u te r, in c lu d in g p e rs o n a l or c o rp o ra te fin a n c ia l in fo rm a tio n , c re d it ca rd
n u m b e r s , a n d c l i e n t o r c u s t o m e r d a t a s t o r e d o n t h a t s y s t e m . If a n y s u c h i n f o r m a t i o n fa lls i n t o
c u s to m e r d a ta and its u p c o m i n g re le a s e s o r id e a s . If t h e d a ta is a l t e r e d o r s to le n , a c o m p a n y
m a y lo s e c r e d i b i l i t y a n d t h e t r u s t o f its c u s t o m e r s . In a d d i t i o n t o t h e p o t e n t i a l f i n a n c i a l lo s s t h a t
m a y o c c u r , t h e lo s s o f i n f o r m a t i o n m a y c a u s e a b u s in e s s t o lo s e a c r u c ia l c o m p e t i t i v e a d v a n t a g e
o v e r its riv a ls . S o m e t i m e s a t t a c k e r s u s e b o t n e t s t o la u n c h v a r i o u s t y p e s o f D o S a n d o t h e r w e b -
b a s e d a tta c k s . T h is c a u s e s t h e t a r g e t b u s in e s s s e rv ic e s t o g o d o w n , w h ic h in t u r n m a y le a d t o
lo s s o f r e v e n u e s .
K n o w le d g e is a k e y c o m p o n e n t i n a d d r e s s i n g t h i s i s s u e . A s s e s s m e n t o f t h e ris k p r e v a l e n t in a
d e a l w i t h a n y s e c u r it y is s u e s as t h e y a ris e .
W h o Is a H a c k e r? CEH
D o I lle g a l T h in g s M a lic io u s I n t e n t
W h o I s a H a c k e r ?
m o tiv a te d b y a m u ltitu d e o f re a s o n s :
e x p lo re th e c o m p u te r 's s o ftw a r e a n d h a r d w a r e
Q F o r s o m e h a c k e r s , h a c k i n g is a h o b b y t o s e e h o w m a n y c o m p u t e r s o r n e t w o r k s t h e y c a n
c o m p ro m is e
0 T h e ir i n t e n t i o n c a n e i t h e r b e t o g a in k n o w l e d g e o r t o p o k e a r o u n d d o in g ille g a l th in g s
i n f o r m a t io n , s o c ia l s e c u r it y n u m b e r s , e m a il p a s s w o rd s , e tc .
H a c k e r C la s s e s C EH
es *י־ C5
A & O #
B la c k H a t s W h i t e H a ts G ra y H a ts S u ic id e H a c k e r s
AA
S c r i p t K id d ie s
&
S py H a c k e rs C y b e r T e r r o r is ts
a
S ta te S p o n s o re d
H a c k e rs
An unskilled hacker w ho Individuals em ployed by Individuals w ith w ide range Individuals em ployed by the
com prom ises system by the o rganization to o f skills, m o tivated by governm ent to penetrate
running scripts, tools, and penetrate and gain trade religious or p o litica l beliefs and gain top-secret
softw are d eveloped by real secrets o f the com p e tito r to create fear by large-scale inform ation and to damage
hackers d isrup tion o f com puter inform ation systems of
netw orks other governm ents
H a c k e r C la s s e s
H a c k e rs a re m a i n l y d iv id e d i n t o e ig h t c la s s e s :
B la c k H a ts
o r d e s t r u c t i v e a c t iv it ie s a n d a r e a ls o k n o w n as c r a c k e r s . T h e s e i n d iv id u a ls m o s t l y u s e t h e i r s k ills
f o r o n l y d e s t r u c t i v e a c t iv it ie s , c a u s in g h u g e lo s s e s f o r c o m p a n i e s as w e ll as in d iv id u a ls . T h e y u s e
t h e i r s k ills in f i n d i n g v u l n e r a b i l i t i e s in t h e v a r i o u s n e t w o r k s i n c l u d i n g d e f e n s e a n d g o v e r n m e n t
d a ta , o r e a r n m o n e y e a s ily b y h a c k in g ID s o f b a n k c u s to m e r s .
~ W h ite H a ts
c o m p a n ie s s e c u re th e ir n e tw o rk s fr o m o u ts id e in tru d e rs .
* G r a y H a ts
S u ic id e H a c k e r s
c lo s e ly r e la t e d t o s u ic id e b o m b e r s , w h o s a c rific e t h e i r life f o r t h e a t t a c k a n d a re n o t c o n c e r n e d
w i t h t h e c o n s e q u e n c e s o f t h e i r a c t io n s . T h e r e h a s b e e n a r is e in c y b e r t e r r o r i s m in r e c e n t y e a r s .
* jr S c r ip t K id d ie s
s c r ip ts as w e ll as d is t in g u is h e d t e c h n i q u e s t o f in d a n d e x p lo it t h e v u ln e r a b ilit ie s o f a m a c h in e .
th e y in itia te .
S p y H a c k e r s
g a in t r a d e s e c re ts o f t h e c o m p e t it o r . T h e s e in s id e rs c a n ta k e a d v a n ta g e o f th e p riv ile g e s t h e y
ha ve to hack a s y s te m o r n e tw o rk .
C y b e r T e r r o r is t s
C y b e r t e r r o r is ts c o u ld be p e o p le , o rg a n iz e d g ro u p s fo rm e d b y t e r r o r is t o rg a n iz a tio n s ,
la rg e -s c a le d is ru p tio n o f c o m p u t e r n e t w o r k s . T h is t y p e o f h a c k e r is m o r e d a n g e ro u s as th e y
ca n h a c k n o t o n ly a w e b s ite b u t w h o le In te r n e t zo n e s.
m
S ta te S p o n s o r e d H a c k e r s
S ta te s p o n s o re d h a c k e rs a re in d iv id u a ls e m p lo y e d by th e g o v e rn m e n t to p e n e tra te
a n d g a in t o p - s e c r e t in f o r m a t io n a n d t o d a m a g e i n f o r m a t i o n s y s te m s o f o t h e r g o v e r n m e n t s .
H a c k tiv is m CEH
H a c k t i v i s m
d e f a c i n g o r d i s a b l i n g w e b s i t e s . T h e p e r s o n w h o d o e s t h e s e t h i n g s is k n o w n a s a h a c k t i v i s t .
© H a c k t i v i s m t h r i v e s i n a n e n v i r o n m e n t w h e r e i n f o r m a t i o n is e a s i l y a c c e s s i b l e
Q It a im s t o s e n d a m e s s a g e t h r o u g h h a c k in g a c t iv it ie s a n d g a in v is ib ilit y f o r a c a u s e .
Q C o m m o n ta r g e ts in c lu d e g o v e r n m e n t a g e n c ie s , m u ltin a t io n a l c o r p o r a tio n s , o r a n y o t h e r
© I t r e m a i n s a f a c t , h o w e v e r , t h a t g a i n i n g u n a u t h o r i z e d a c c e s s is a c r i m e , n o m a t t e r w h a t
t h e i n t e n t i o n is.
F lo w CEH
(•rtifwd itkitjl
5 5 M o d u l e F lo w
d is c u s s t h e h a c k i n g m e t h o d . H a c k in g c a n n o t b e a c c o m p l i s h e d in a s in g le a c t i o n . It n e e d s t o be
d o n e in p h a s e s . T h e i n f o r m a t i o n g a t h e r e d o r t h e p r i v i l e g e s g a i n e d in o n e p h a s e c a n b e u s e d in
t h e n e x t p h a s e f o r a d v a n c in g t h e p ro c e s s o f h a c k in g .
In fo r m a tio n S e c u rity O v e rv ie w [ p s ^ j_ H a c k in g P h a s e s
־
T h i s s e c t i o n lis ts a n d d e s c r i b e s v a r i o u s p h a s e s i n v o l v e d in h a c k i n g .
H a c k in g P h a s e s CEH
R e c o n n a is s a n c e T y p e s
P a s s iv e R e c o n n a is s a n c e A c tiv e R e c o n n a is s a n c e
M a in t a -
in in g
Passive reconnaissance involves s Active reconnaissance involves
A ccess
acquiring inform ation w ithou t interacting w ith the target directly by
directly interacting w ith the target any means
For example, searching public s For example, telephone calls to the
C le a r in g records or news releases help desk or technical departm ent
T ra c k s
I
Copyright © by EG-G*ancil. All Rights Reserved. Reproduction Is Strictly Prohibited.
H a c k i n g P h a s e s
T h e v a r i o u s p h a s e s i n v o l v e d in h a c k i n g a r e :
© R e c o n n a is s a n c e
Q S c a n n in g
Q G a in in g A cc e s s
Q M a in ta in in g Access
© C le a rin g T ra c k s
R e c o n n a is s a n c e
R e c o n n a is s a n c e re fe rs to th e p re p a ra to ry phase w h e re a n a tta c k e r g a th e r s as m u c h
in fo rm a tio n as p o s s ib le a b o u t t h e t a r g e t p r io r t o la u n c h in g th e a t t a c k . A ls o in t h i s p h a s e , t h e
a t t a c k e r d r a w s o n c o m p e t it iv e in t e llig e n c e t o le a r n m o r e a b o u t t h e t a r g e t . T h is p h a s e m a y a ls o
in v o lv e n e t w o r k s c a n n in g , e it h e r e x te rn a l o r in te rn a l, w i t h o u t a u th o r iz a tio n .
T h i s is t h e p h a s e t h a t a l l o w s t h e p o t e n t i a l a t t a c k e r t o s t r a t e g i z e h i s o r h e r a t t a c k . T h i s m a y t a k e
A n o th e r re c o n n a is s a n c e te c h n iq u e is "d u m p s te r d iv in g ." D u m p s te r d iv in g is t h e p ro ce ss of
th e In te rn e t to o b ta in in f o r m a t io n s u c h as e m p lo y e e 's c o n t a c t in f o r m a t io n , b u s in e s s p a r tn e r s ,
t e c h n o l o g i e s in u s e , a n d o t h e r c r i t i c a l b u s i n e s s k n o w l e d g e , b u t " d u m p s t e r d i v i n g " m a y p r o v i d e
s ta te m e n ts , b a n k s ta te m e n ts , A T M s lip s , s o c ia l s e c u r it y n u m b e r s , t e l e p h o n e n u m b e r s , a n d so
o p e ra tio n s , n e tw o rk s , a n d s y s te m s .
n a m e s , a n d c o n ta c ts . If a p o t e n t i a l a t t a c k e r o b t a i n s D N S i n f o r m a t i o n f r o m t h e r e g i s t r a r , a n d is
a b le t o a c c e s s it, h e o r s h e c a n o b t a i n u s e fu l i n f o r m a t i o n s u c h as t h e m a p p i n g o f d o m a i n n a m e s
t o IP a d d r e s s e s , m a i l s e r v e r s , a n d h o s t i n f o r m a t i o n r e c o r d s . I t is i m p o r t a n t t h a t a c o m p a n y h a s
th e s a m e . B u ild in g u s e r a w a re n e s s o f th e p r e c a u t i o n s t h e y m u s t t a k e in o r d e r t o p ro te c t th e ir
i n f o r m a t i o n a s s e t s is a c r i t i c a l f a c t o r i n t h i s c o n t e x t .
R e c o n n a is s a n c e T y p e s
re c o n n a is s a n c e .
does not in te ra c t w ith th e s y s te m d ire c tly . T h e a tta c k e r uses p u b lic ly a v a ila b le in fo rm a tio n ,
s o c ia l e n g in e e r in g , a n d d u m p s t e r d iv in g as a m e a n s o f g a t h e r in g i n f o r m a t i o n .
r e c o n n a i s s a n c e a n d s c a n n i n g p h a s e s o v e r l a p , a n d i t is n o t a l w a y s p o s s i b l e t o d e m a r c a t e t h e s e
p h a s e s as w a t e r t ig h t c o m p a r tm e n ts .
o ft e n f o u n d a t t e m p t in g th is t o g e t fa s te r, v is ib le re s u lts , a n d s o m e tim e s ju s t f o r t h e b ra g v a lu e
th e y can o b ta in .
C o m p a n ie s , f o r t h e ir p a rt, m u s t a d d re s s s e c u rity as a n in te g ra l p a rt o f th e ir b u s in e s s a n d / o r
a c tiv itie s .
H a c k in g P h a s e s CEH
( C o n t ’d )
P re -A tta c k P h a s e
P o rt S c a n n e r
E x tr a c t In fo rm a tio n
H a c k i n g P h a s e s ( C o n t ’ d )
S c a n n in g
O fte n a tta c k e r s u se a u t o m a t e d to o ls s u c h as n e t w o r k / h o s t s c a n n e rs a n d w a r d ia le rs t o lo c a te
s y s te m s a n d a t t e m p t t o d is c o v e r v u ln e ra b ilitie s .
A n a t ta c k e r c a n g a th e r c ritic a l n e t w o r k in fo rm a tio n s u c h as th e m a p p in g o f s y s te m s , ro u te rs ,
a n d f ir e w a lls b y u s in g s im p le t o o ls s u c h as T r a c e r o u t e . A lt e r n a t iv e ly , t h e y c a n u s e t o o ls s u c h as
s e r v i c e s r u n n i n g o n t h e t a r g e t m a c h i n e . T h e p r i m a r y d e f e n s e t e c h n i q u e i n t h i s r e g a r d is t o s h u t
filte rin g .
v u ln e r a b ilit ie s o n a t a r g e t n e t w o r k , a n d c a n p o t e n t i a l l y d e t e c t t h o u s a n d s o f v u ln e r a b ilit ie s . T h is
g iv e s t h e a t t a c k e r t h e a d v a n ta g e o f t i m e b e c a u s e h e o r s h e o n ly h a s t o f in d a s in g le m e a n s o f
e n tr y w h ile th e s y s te m s p ro fe s s io n a l has t o s e c u re m a n y v u ln e ra b le a re a s b y a p p ly in g p a tc h e s .
b e c a u s e a t t a c k e r s c a n u s e e v a s io n t e c h n i q u e s a t b o t h t h e a p p l i c a t i o n a n d n e t w o r k le v e ls .
H a c k in g P h a s e s CEH
( C o n t ’d )
■
R econn־
a is s a n c e
H a c k i n g P h a s e s ( C o n t ’ d )
G a in in g A c c e s s
I e|
G a i n i n g a c c e s s is t h e m o s t i m p o r t a n t p h a s e o f a n a t t a c k i n t e r m s o f p o t e n t i a l d a m a g e .
a p p lic a tio n s o n t h e c o m p u t e r o r n e t w o r k . T h e a t t a c k e r c a n g a in a c c e s s a t t h e o p e r a t in g s y s te m
in itia lly t r ie s t o g a in m in im a l a c c e s s t o t h e t a r g e t s y s te m o r n e t w o r k . O n c e h e o r s h e g a in s t h e
p ro c e s s , i n t e r m e d i a t e s y s te m s t h a t a re c o n n e c t e d t o it a re a ls o c o m p r o m i s e d .
A tta c k e r s n e e d n o t a lw a y s g a in a c c e s s t o t h e s y s te m t o c a u s e d a m a g e . F o r in s ta n c e , d e n ia l- o f-
s e rv ic e a tta c k s ca n e ith e r e x h a u s t re s o u rc e s o r s to p s e rv ic e s f r o m ru n n in g o n th e ta rg e t s y s te m .
c o m m u n i c a t i o n lin k s .
H a c k in g P h a s e s CEH
( C o n t ’d )
H a c k i n g P h a s e s ( C o n t ’ d )
= r\
M a in t a in in g A c c e s s
c a p t u r e a ll n e t w o r k t r a f f i c , i n c l u d i n g t e l n e t a n d f t p s e s s io n s w i t h o t h e r s y s t e m s .
b a c k d o o r o r a T r o ja n t o g a in r e p e a t a c c e s s . T h e y c a n a ls o in s ta ll r o o t k i t s a t t h e k e rn e l le v e l to
s y s t e m le v e l w h i le a T r o ja n h o r s e g a in s a c c e s s a t t h e a p p lic a t io n le v e l. B o th r o o t k it s a n d T r o ja n s
d e p e n d o n u s e rs t o in s ta ll t h e m . W i t h i n W i n d o w s s y s te m s , m o s t T r o ja n s in s ta ll t h e m s e lv e s as a
s e rv ic e a n d ru n as lo c a l s y s te m , w h ic h h a s a d m in is t r a t iv e a cce ss.
A tta c k e rs can use T ro ja n h o rs e s to tra n s fe r user nam es, p a ssw o rd s, and even c re d it c a rd
in f o r m a t io n s to re d o n th e s y s te m . T h e y c a n m a in ta in c o n tr o l o v e r t h e ir s y s te m f o r a lo n g t im e
s te a l d a t a , c o n s u m e C PU c y c le s , a n d t r a d e s e n s it iv e i n f o r m a t i o n o r e v e n r e s o r t t o e x t o r t i o n .
r e q u ir e d s e c u r ity p r o fe s s io n a l t o le v e ra g e t h e c o n c e p t f o r p r o t e c t io n .
H a c k in g P h a s e s
( C o n t ’d )
Clearing
O ם
Tracks
H a c k i n g P h a s e s ( C o n t ’ d )
E C le a r in g T r a c k s
n e t c a t c o m e in h a n d y f o r a n y a t t a c k e r w h o w a n t s t o d e s t r o y t h e e v i d e n c e f r o m th e lo g file s o r
re p la c e th e s y s te m b i n a r i e s w i t h t h e s a m e . O n c e t h e T r o j a n s a r e in p la c e , t h e a t t a c k e r c a n b e
d e s ig n e d t o h id e th e p r e s e n c e o f t h e a t t a c k e r . B y e x e c u t i n g t h e s c r ip t, a v a r i e t y o f c r itic a l file s
a r e r e p l a c e d w i t h T r o j a n n e d v e r s i o n s , h i d i n g t h e a t t a c k e r in s e c o n d s .
O t h e r t e c h n i q u e s i n c l u d e s t e g a n o g r a p h y a n d t u n n e l i n g . S t e g a n o g r a p h y is t h e p r o c e s s o f h i d i n g
t h e d a t a , f o r i n s t a n c e in i m a g e s a n d s o u n d f i le s . T u n n e l i n g t a k e s a d v a n t a g e o f t h e t r a n s m i s s i o n
p r o t o c o l b y c a r r y i n g o n e p r o t o c o l o v e r a n o t h e r . E v e n t h e e x t r a s p a c e ( e .g ., u n u s e d b i t s ) in t h e
co ve r to la u n c h fre s h a tta c k s a g a in s t o t h e r s y s te m s o r u s e it as a m e a n s o f r e a c h in g a n o t h e r
s y s te m o n th e n e t w o r k w i t h o u t b e in g d e te c te d . T h u s , th is p h a s e o f a tta c k c a n tu r n in to a n e w
c y c l e o f a t t a c k b y u s in g r e c o n n a i s s a n c e t e c h n i q u e s a ll o v e r a g a in .
a d m in is t r a t o r s h a v e c h a n g e d . T h e s y s te m a d m in is t r a t io n c a n d e p lo y h o s t - b a s e d ID S e s a n d a n ti-
e th ic a l h a c k e r, y o u m u s t be a w a re o f th e to o ls a n d te c h n iq u e s th a t a tta c k e rs d e p lo y , so th a t
d e t a i l e d in s u b s e q u e n t m o d u l e s .
F lo w CEH
(•rtifw l itk itjl
M o d u l e F lo w
So fa r w e d is c u s s e d h o w i m p o r t a n t i t is f o r a n o r g a n i z a t i o n t o k e e p t h e i r i n f o r m a t i o n
p h a s e s . N o w it's t im e t o e x a m in e t h e t e c h n i q u e s o r t h e t y p e o f a t ta c k s t h e a t t a c k e r a d o p t s t o
h a ck a s y s te m o r a n e tw o rk .
In fo r m a tio n S e c u rity O v e rv ie w H a c k in g P h a s e s
־
le v e l a tta c k s .
T y p e s o f A tta c k s o n a S y s te m
J A t t a c k e r s e x p lo i t v u l n e r a b i li t i e s in a n i n f o r m a t io n s y s te m
t o g a in u n a u t h o r iz e d a c c e s s t o t h e s y s te m r e s o u r c e s
€5
J T h e u n a u t h o r iz e d a c c e s s m a y r e s u lt in lo s s , d a m a g e o r 5® .
t h e f t o f s e n s it iv e i n f o r m a t io n
IIIIIIIIIIIIIIIIIIII T y p e s o f A tta c k s
T y p e s o f A t t a c k s o n a S y s t e m
T h e r e a re s e v e ra l w a y s a n a t t a c k e r c a n g a in a c c e s s t o a s y s te m . T h e a t t a c k e r m u s t b e
a b le t o e x p l o i t a w e a k n e s s o r v u l n e r a b i l i t y in a s y s t e m :
g a in a c c e s s t o a n e t w o r k s y s te m .
Q A p p lic a tio n -le v e l a tta c k s : S o ftw a re a p p lic a tio n s c o m e w ith m y ria d fu n c tio n a litie s and
m a i n t a i n o r f ix is s u e s , w h i c h m a y le a d t o c o n f i g u r a t i o n e r r o r s . S u c h c o n f i g u r a t i o n e r r o r s
m a y b e c o m e th e s o u rc e s fo r an a tta c k e r to e n te r in to th e ta rg e t's n e tw o r k o r s y s te m .
v u ln e r a b ilit ie s , w h ic h c a n le a d t o s h r in k w r a p c o d e a tta c k s .
G a in in g A c c e s s
O p e r a t i n g S y s t e m A t t a c k s
T o d a y 's o p e r a tin g s y s te m s , w h ic h a re lo a d e d w it h fe a tu r e s , a re in c r e a s in g ly c o m p le x .
W h ile u se rs ta k e a d v a n ta g e o f th e s e fe a tu re s , th e s y s te m is p r o n e t o m o r e v u l n e r a b i l i t i e s , t h u s
so t h a t t h e y c a n e x p lo it a n d g a in a c c e s s t o n e tw o r k s y s te m s . T o s to p a tta c k e rs fr o m e n te rin g
th e ir n e tw o rk , th e s y s te m o r n e tw o r k a d m in is tr a to rs m u s tk e e p a b re a s t o f v a rio u s n e w e x p lo its
b y d e f a u lt . T h is s it u a t io n le a d s a t t a c k e r s t o s e a rc h f o r v a r io u s v u ln e r a b ilit ie s . A p p ly in g p a t c h e s
a n d h o t f i x e s is n o t e a s y w i t h t o d a y ' s c o m p l e x n e t w o r k s . M o s t p a t c h e s a n d f i x e s t e n d t o s o l v e
a n i m m e d i a t e is s u e , b u t t h e y c a n n o t b e c o n s id e r e d a p e r m a n e n t s o lu t io n .
S o m e OS v u ln e r a b ilitie s in c lu d e :
Q B u ffe r o v e r f lo w v u ln e ra b ilitie s
© B u g s in t h e o p e r a t i n g s y s t e m
© U n p a tc h e d o p e ra tin g s y s te m s
A tta c k s p e r f o r m e d a t t h e O S le v e l in c lu d e :
Q E x p lo itin g s p e c ific n e t w o r k p r o t o c o l i m p le m e n t a t io n s
Q B re a k in g file s y s te m s e c u rity
© C ra c k in g p a s s w o r d s a n d e n c r y p t io n m e c h a n is m s
M i s c o n f i g u r a t i o n A t t a c k s
n e t w o r k s , o r f r a m e w o r k s t h a t m a y r e s u l t in i l l e g a l a c c e s s o r p o s s i b l e o w n i n g o f t h e s y s t e m . If a
s y s t e m is m i s c o n f i g u r e d , s u c h a s w h e n a c h a n g e is m a d e i n t h e f i l e p e r m i s s i o n , i t c a n n o l o n g e r
u s e d t o a t t a c k t h e s y s t e m . In o r d e r t o o p t i m i z e t h e c o n f i g u r a t i o n o f t h e m a c h in e , r e m o v e a n y
r e d u n d a n t s e rv ic e s o r s o ftw a re .
0 0
A tta c k e rs e x p lo it th e v u ln e r a b ilitie s in a p p lic a tio n s r u n n in g o n
o r g a n iz a tio n s ' in fo r m a t io n s y s te m to g a in u n a u th o r iz e d a cce ss
a n d s te a l o r m a n ip u la te d a ta
0 0
0 0 0 0
0 0 0 0
A p p l i c a t i o n - l e v e l A t t a c k s
t h i s in c r e a s e d d e m a n d in f u n c t i o n a l i t y a n d f e a t u r e s , d e v e l o p e r s g e n e r a l l y o v e r l o o k t h e s e c u r i t y
a re v u ln e ra b le to a tta c k b e c a u s e o f th e fo llo w in g re a so n s:
0 T h e r e is a d e a r t h o f t i m e t o p e r f o r m c o m p l e t e t e s t i n g b e f o r e r e l e a s i n g p r o d u c t s
0 S e c u r i t y is o f t e n a n a f t e r t h o u g h t , a n d f r e q u e n t l y d e l i v e r e d a s a n " a d d - o n " c o m p o n e n t
P o o r o r n o n e x i s t e n t e r r o r c h e c k i n g in a p p l i c a t i o n s le a d s t o :
0 A c tiv e c o n te n t
0 C ro s s -s ite s c r ip tin g
Q M a lic io u s b o ts
Q P h is h in g
© S e s s io n h ija c k in g
e M a n - in - th e - m id d le a tta c k s
e P a ra m e te r/fo rm ta m p e rin g
0 D ir e c to r y tra v e rs a l a tta c k s
E x a m p le s o f A p p lic a t io n - L e v e l
CEH
A tta c k s
S e s s io n H ij a c k i n g
D e n ia l- o f- S e r v ic e
tr y { s tm n t ■ c o n n . c r e a t e S t a t e m e n t ();
R e s u ltS e t r s l t s e t - s tm n t .e x e c u t e Q u e r y < );
s t m n t .e x e c u t e Q u e r y (); )
s t m n t .c lo s e ();
fin a lly {
The code can
I f (stmnt! « n u ll) {
be secured by
The code below is vulnerable to denial-of- t r y { stm n t.clo s e ();
releasing the
service attack, as it fails to release } c atch (SQLException sqlexp) { } resources in a
i f connection resource } c atch (SQLException sqlexp) { ) finally block
Note: For m o re in fo rm a tio n a b o u t a p p lica tio n v u ln e ra b ilitie s and h o w to fix th e m a tten d EC-Council's ECSP program
E x a m p le s o f A p p l i c a t i o n - L e v e l A t t a c k s
S e s s io n H ija c k in g
A tta c k e r s m a y e x p lo it s e s s io n in f o r m a t io n in t h e v u l n e r a b l e c o d e t o p e rfo rm s e s s io n
h ija c k in g w h e n y o u e n a b l e c o o k ie le s s a u t h e n t i c a t i o n in y o u r a p p lic a t io n . W h e n t h e t a r g e t t r ie s
a t t a c k e r u s i n g h is o r h e r s k ills a n d m o n i t o r i n g t o o l s c a n h i j a c k t h e t a r g e t s s e s s io n a n d s t e a l a ll
s e n s itiv e in fo r m a tio n .
V u ln e ra b le C o d e
A t t a c k e r s m a y e x p lo it s e s s io n i n f o r m a t i o n in t h e v u l n e r a b l e c o d e t o p e rfo rm s e s s io n h ija c k in g .
< s y s te m .w e b >
< /s y s te m .w e b >
S e cu re C ode
T h e c o d e c a n b e s e c u r e d b y u s in g U s e C o o k ie s in s t e a d o f U s e L J ri.
< s y s te m .w e b >
< /s y s te m .w e b >
D e n ia l- o f- S e r v ic e
V u ln e ra b le C o d e
c o n n e c tio n re s o u rc e .
S ta te m e n t s tm n t = c o n n . c re a te S ta te m e n t ();
s t m n t.c lo s e ();
S e cu re C ode
T h e c o d e c a n b e s e c u r e d b y r e l e a s in g t h e r e s o u r c e s in a f i n a l l y b lo c k .
1 S ta te m e n t s t m n t ;
2 try { s tm n t = c o n n .c r e a te S ta te m e n t ();
3 s tm n t.e x e c u te Q u e r y (); }
4 fin a lly {
5 I f (s tm n t! = n u ll) {
7 } c a tc h ( S Q L E x c e p t io n s q le x p ) { }
8 } c a tc h ( S Q L E x c e p t io n s q le x p ) { }
S h r in k W r a p C o d e A tta c k s C E H
l iiB S h r in k W r a p C o d e A tta c k s
W hen you install an O S /a p plicatio n , it comes w ith many sample scripts to make the
a d m in istra to r's life easy.
F lo w C E H
(•rtifwd itkitjl
^/—ייייי
Hacking Types o f Inform ation S ecurity
Phases A tta cks Controls
Copyright © by EG-G*ancil. All Rights Reserved. Reproduction Is Strictly Prohibited.
M o d u le flo w
In the previous section, we discussed how an a ttacker can com prom ise an
in fo rm a tio n system and w h a t type o f attacks an a ttacker can perform . Now, we w ill discuss
in fo rm a tio n se curity co n tro ls. In fo rm a tio n security co ntrols p re ve n t u n w a n te d events fro m
occurring and reduces the risk to the in fo rm a tio n assets o f the organization w ith se curity
policies.
This section highlights the im portance o f ethical hacking and discusses various se curity policies.
W h y E t h ic a l H a c k in g is N e c e s s a r y
W h y E th ic a l H a c k in g Is N e c e s s a ry
© Ethical Hacking: As hacking involves creative thinking , v u ln e ra b ility te s tin g and se curity
audits cannot ensure th a t the n e tw o rk is secure.
S c o p e a n d L im ita tio n s o f E th ic a l
C E H
H a c k in g
Scope
It is used to id e n tify risks and highlight th e rem edial actions, and also
'G tJ
reduces info rm atio n and com m unications technology (ICT) costs by
resolving those vulnerabilities
Limitations
However, unless the businesses first know w hat it is at th a t they are looking
fo r and why they are hiring an outside ven dor to hack systems in the first
place, chances are there w ould no t be much to gain fro m the experience
An ethical hacker thus can only help the organization to be tter understand
th e ir security system, but it is up to the organization to place the righ t
guards on the netw ork
S c o p e a n d L im ita tio n s o f E t h ic a l H a c k in g
Ethical hacking has a scope, and th e re are various lim ita tio n s o f ethical hacking, as
w ell.
S cope
The fo llo w in g is the scope o f ethical hacking:
Q Ethical hacking is a crucial co m p on e nt o f risk assessment, a u d itin g , co u n te r fra u d , best
practices, and good governance.
© It is used to id e n tify risks and h ig hligh t rem edial actions, and it reduces in fo rm a tio n and
c o m m u n ica tio n s te ch n o lo g y (ICT) costs by resolving those vu ln erabilities.
L im it a t io n s
e
The fo llo w in g are th e lim ita tio n s o f ethical hacking:
Q Unless businesses firs t know w h a t it is th e y are looking fo r and w hy the y are hiring an
outside ve nd o r to hack systems in the firs t place; chances are th a t th e re w ill not be
much to gain fro m the experience.
© An ethical hacker th e re fo re can help the organization only to b e tte r understand th e ir
se curity system , b ut it is up to the organization to im p le m e n t the rig h t safeguards on
the netw ork.
S k ills o f a n E t h ic a l H a c k e r C E H
CwtMM IthKJl lUck•*
N e t w o r k K n o w le d g e
Has in-d epth know ledge o f n e tw o rkin g concepts,
technologies and related hardw are and softw a re
o
C o m p u te r E x p e r t Should be a com p u te r exp ert ad ept at technical
dom ains
S k ills o f a n E th ic a l H a c k e r
Ethical hacking is the legal hacking p erfo rm ed by pen te ste r to fin d v u ln e ra b ilitie s in
the in fo rm a tio n technology e nviron m e n t. In o rd er to p e rfo rm ethical hacking, the ethical
hacker requires the skills o f a co m p u te r expert. Ethical hackers should also have strong
c o m p u te r know ledge including p ro g ra m m in g and n e tw o rk in g . They should be p ro ficie n t at
installing and m aintaining systems using popular operating systems (e.g. UNIX, W indow s, or
Linux).
Detailed know ledge o f h ard w a re and s o ftw a re provided by popular co m p u te r and netw o rkin g
hardw are vendors co m p lem en t this basic know ledge. It is n ot always necessary th a t ethical
hackers possess any a dditional specialization in security. However, it is an advantage to know
how various systems m aintain th e ir security. M a n a g e m e n t skills p ertaining to these systems
are necessary fo r actual vu ln e ra b ility testin g and fo r preparing the re p o rt a fte r the testin g is
carried out.
An ethical hacker should possess im m ense patience as the analysis stage consumes m ore tim e
than the testing stage. The tim e fra m e fo r an evaluation may va ry fro m a fe w days to several
weeks, depending on the nature o f the task. W hen an ethical hacker encounters a system w ith
w hich he or she is n ot fam ilia r, it is im perative th e person takes the tim e to learn everything
about the system and try to find its v u ln e ra b le spots.
D e fe n s e ־i n ־D e p th
© It helps to prevent d ire ct attacks against an in fo rm a tio n system and data because a
break in one layer only leads the a ttacker to the next layer.
D efense in D epth L a ye rs
In c id e n t M a n a g e m e n t P r o c e s s CEH
Urtifwl tthKJl lUck•*
~־i 11--- -
3 <9J
Incid ent m a nagem ent is a set Purpose of incident management process
o f defined processes to
id e n tify , analyze, p rio ritiz e , 1 Improves service quality
and resolve s e c u rity inc id e n ts
to restore n o rm a l service 2 Pro-active problem resolution
o p e ra tio n s as q u ickly as
possible and prevent fu tu re 3 Reduces impact of incidents on business/organization
reoccurrence o f th e in c id e n t
/ץ ־
5 Increases staff efficiency and productivity
a
6 Improves user/customer satisfaction
a a a /ץ ־׳
7 Assists in handling future incidents
O In c id e n t M a n a g e m e n t P ro c e s s
־׳V *,'3 י
^ ^ Incident m anagem ent is a set o f defined processes to id e ntify, analyze, p rio ritize , and
resolve security incidents to restore the system to norm al service operations as soon as
possible and p revent the recurrence o f the same incident.
In c id e n t M a n a g e m e n t P r o c e s s E H
( C o n t 'd )
\S N
',ha * '°ft
, f
׳eW
% ׳%
r«lr
In c id e n t M a n a g e m e n t P ro c e s s (C o n t’d )
Incident m anagem ent is the process o f logging, recording, and resolving incidents
th a t take place in the organization. The incident may occur due to fa u lt, service degradation,
error, etc. The incidents are re p orte d by users, technical staff, or som etim es detected
auto m a tically by event m o n ito rin g to o ls. The main objective o f the in cident m anagem ent
process is to restore the service to a norm al stage as early as possible to custom ers, w hile
m aintaining a vailability and q u a lity o f service. Any occurrence o f the in cident in an organization
is handled and resolved by fo llo w in g these incident m anagem ent steps:
0 N o tifica tion
0 C ontainm ent
0 Forensic Investigation
0 P ost-incident A ctivities
In f o r m a t io n S e c u r it y P o lic ie s
־ ־
Reduce risks caused by illegal use of the system
Protection of organization's com puting
resource, loss of sensitive, confidential data, and
resources potential property
Ensure customers' integrity and prevent waste Protect confidential, proprietary inform ation
o f company com puting resources fro m th e ft, misuse, unauthorized disclosure
A security policy is a docum ent or set o f docum ents th a t describes the security
co ntrols th a t should be im p le m e n te d in the com pany at a high level fo r safeguarding the
organizational n e tw o rk fro m inside and outside attacks. This d ocu m e n t defines the com plete
security arch itectu re o f an organization and the d ocum ent includes clear objectives, goals, rules
and regulations, fo rm a l procedures, and so on. It clearly m entions the assets to be protected
and the person w ho can log in and access sites, w ho can vie w the selected data, as w ell as the
people w ho are allow ed to change the data, etc. W ith o u t these policies, it is im possible to
p ro te c t the com pany fro m possible lawsuits, lost revenue, and so on.
Security policies are the fo u n d a tio n o f the se curity in fra s tru c tu re . These policies secure and
safeguard the in fo rm a tio n resources o f an organization and provide legal p ro te ctio n to the
organization. These policies are beneficial since th e y help bring awareness o f the s ta ff w orking
in the organization to w o rk to g e th e r to secure its co m m unication, as w ell as m inim izing the
risks o f security weaknesses throu g h "h u m a n -fa c to r" mistakes such as disclosing sensitive
in fo rm a tio n to unauthorized o r unknow n sources, im p ro p e r use o f Inte rn e t, etc. In a dd ition,
these policies provide p ro te ctio n against cyber-attacks, m alicious threats, foreign intelligence,
and so on. They m ainly address physical security, n e tw o rk security, access authorizations, virus
p ro te ctio n , and disaster recovery.
0 Ensure custom ers' in te g rity and prevent wasting o f com pany co m p utin g resources
0 Reduce risks caused by illegal use o f the system resources and loss o f sensitive,
co nfid e ntia l data and p ote n tia l p ro p e rty
User Policy
<30- » Defines what kind of user is using the network
<5X5X3
« Defines the limitations that are applied on
users to secure the network
« Ex: Password management policy
0 Defines the lim ita tio n s th a t are applied on users to secure the n e tw o rk
I T P o lic y
Designed fo r an IT d e p a rtm e n t to keep th e n e tw o rk secure and stable
Ex: backup policies, server co nfig u ra tion , patch updates, m o d ifica tio n policies, fire w a ll policies
G e n e r a l P o lic ie s
Ex: high-level program policy, business c o n tin u ity plans, crisis m anagem ent, disaster recovery
P a r tn e r P o lic y
^ I s s u e - s p e c ific P o lic ie s
x
Recognize specific areas o f concern and describe the organization's status fo r to p -
level m anagem ent
Ex: physical security policy, personnel security policy, com m unications security
S tru c tu re a n d C o n te n ts o f
C E H
S e c u r ity P o lic ie s
S ecurity Contents of
Policy S tructure S ecurity Policies
» Detailed description o f th e policy » High-level security requirem ents:
issues Requirem ent o f a system to
im plem ent security policies
e Description about the status o f th e
policy » Policy de scription : Focuses on
« A pplicability o f the policy to the security disciplines, safeguards,
e n vironm ent procedures, con tinuity o f operations,
and docum entation
» Functionalities o f those affected by the
policy » Security concept o f o p eratio n:
Defines the roles, responsibilities,
w C o m p a tib ility level o f the policy is
and functions o f a security policy
necessary
» A llo cation o f security en forcem ent
« End-consequences o f non-com pliance
to architectu re elem ents: Provides a
com puter system architecture
allocation to each system o f the
X program
*I S tr u c tu r e o f S e c u r ity P o lic ie s
A security policy is the docum ent th a t provides the w ay o f securing the com pany's
physical personnel and data fro m threa ts o r se curity breaches. Security policies should be
stru cture d very carefully and should be review ed p ro pe rly to make sure th a t th e re is no
w o rd in g th a t som eone could take advantage of. The basic s tru c tu re o f security policies should
include the follo w in g :
0 Specific consequences th a t w ill occur if the policy is n ot com patible w ith the
organizational standards
r
C o n te n t o f S e c u r ity P o lic ie s
■־ ‘1
Security policies contain the fo llo w in g elem ents:
ti Safeguard S ecurity R equirem ents: This re q u ire m e n t m ainly contains access co ntro l,
archive, audit, a u th e n ticity, a v a ila b ility , c o n fid e n tia lity , cryptography, id e n tifica tio n
and a u th e n tica tio n , in te g rity, interfaces, m arking, n o n -re p u d ia tio n , o bject reuse,
recovery, and virus p ro te c tio n .
t? Assurance S ecurity: This includes c e rtific a tio n and a ccre d ita tio n review s and
sustaining planning docum ents used in the assurance process.
0 S ecurity Concept o f O p e ra tio n : M a inly defines the roles, re sp on sib ilitie s, and fu n c tio n s
o f a security policy. It focuses on mission, com m unications, e ncryption, user and
m aintenance rules, id le -tim e m anagem ent, use o f p riva tely ow ned versus public-dom ain
softw are, shareware softw are rules, and a virus p ro te ctio n policy.
T y p e s o f S e c u r it y P o lic ie s C E H
י m
P ro m isc u o u s P e rm issiv e P ru d e n t P a ra n o id
P o licy P o licy P o licy P o licy
□ ------
No restrictions on Policy begins w ide It provides maximum It forbids everything,
In te rn e t o r re m ote open and on ly security w h ile no In te rn e t
access k no w n dangerous allow ing know n but con nection , or
services/attacks necessary dangers severely lim ite d
blocked, w hich In te rn e t usage
It blocks all services
makes it d iffic u lt to
and only safe/
keep up w ith
necessary services are
c u rre n t exploits
enabled individually;
everything is logged
A P r o m is c u o u s P o lic y
m rk
W ith a prom iscuous policy, the re is no re s tric tio n on In te rn e t access. A user can
access any site, dow nload any application, and access a co m p u te r or a n e tw o rk fro m a rem ote
location. W hile this can be useful in co rp orate businesses w here people w ho travel or w o rk at
branch offices need to access the organizational netw orks, many m alware, virus, and Trojan
threa ts are present on the Inte rn e t. Due to free In te rn e t access, this m alw are can come as
a ttachm ents w ith o u t the know ledge o f the user. N e tw o rk a d m in is tra to rs m ust be extrem ely
a le rt if this type o f policy is chosen.
P e r m is s iv e P o lic y
i!L 1 •׳ In a permissive policy, the m a jo rity o f In te rn e t tra ffic is accepted, b ut several know n
dangerous services and attacks are blocked. Because only know n attacks and exploits are
blocked, it is im possible fo r adm inistrato rs to keep up w ith cu rre n t exploits. A dm in istra to rs are
always playing catch-up w ith new attacks and exploits.
P r u d e n t P o lic y
A p ru de n t policy starts w ith all services blocked. The a d m in istra to r enables safe and
necessary services individually. This provides m a xim u m security. Everything, such as system
and n e tw o rk activities, is logged.
P a r a n o id P o lic y
S te p s to C re a te a n d Im p le m e n t
S e c u r ity P o lic ie s
S te p s to C r e a te a n d I m p le m e n t S e c u r ity P o lic ie s
Im p lem enting se curity policies reduces the risk o f being attacked. Thus, every
com pany m ust have its own security policies based on its business. The fo llo w in g are the steps
to be fo llo w e d by every organization in o rd er to create and im p le m e n t security policies:
4. Set clear p enalties and enforce the m and also review and update the security policy
6. Ensure every m em ber o f yo u r sta ff reads, signs, and understands the policy
It defines the account creation process and authority, rights and responsibilities
User-Account Policy
of user accounts
It defines who can have remote access, and defines access medium and remote
Remote-Access Policy
access security controls
Inform ation- It defines the sensitivity levels of information, who may have access, how is it
Protection Policy i WT stored and transmitted, and how should it be deleted from storage media
This policy defines the terms and conditions of granting special access to system
Special-Access Policy
resources
N etw ork- It defines who can install new resources on the network, approve the installation
Connection Policy of new devices, document network changes, etc.
Email Security Policy It is created to govern the proper usage of corporate email
E x a m p le s o f S e c u r ity P o lic ie s
The fo llo w in g are some examples o f security polies th a t are created, accepted, and
used by organizations w o rld w id e to secure th e ir assets and im p o rta n t resources.
A cceptable-U se Policy
Defines th e account creation process and a u th o rity , rights, and re sp o n sib ilitie s o f user
accounts
Remote-Access Policy
Defines w ho can have re m o te access, and defines access m e d ium and re m o te access security
controls
Defines the s e n s itiv ity levels o f in fo rm a tio n , w ho may have access, how is it stored and
tra n s m itte d , and how should it be deleted fro m storage media
Defines access, m anagem ent, and m o n ito rin g o f fire w a lls in the organization
Special-Access Policy
This policy defines th e te rm s and co n d itio n s o f granting special access to system resources
Defines w ho can install n ew resources on the n etw o rk, approve the in stallation o f new devices,
d ocum ent n e tw o rk changes, etc.
Password Policy
V u ln e r a b ilit y R e s e a r c h
o
To get in fo rm a tio n th a t helps
To know ho w to recover fro m a
© to prevent th e security
problem s
n e tw o rk attack
V u ln e r a b ility R e s e a rc h
V u ln e r a b ility R e s e a r c h W e b s ite s C E H
/
C o d e R e d C e n te r H a c k e r S to rm
1 http://www.eccouncil.org ץ http://www.hackerstorm.co.uk
ר־־־
j % TechN et £3| SC M a g a z in e
I
ןיין י ^ ו http://blogs. technet.com -1—1 / » f fp : / / w w w .s c m o g o z / n e .c o m
S e c u r ity M a g a z in e C o m p u te r w o r ld
http://www.5ecuritymagazine.com http://www.computerworld. com
S e c u rity F o c u s H a c k e rJ o u rn a ls
http://www.securityfocus. com < http://www.hackerjournals.com
c
H e lp N e t S e c u r ity W in d o w s S e c u r ity B lo g s
\o*M
™ http://www.net-security.org http://blogs.windowsecurity.com
v > ------
V u l n e r a b ilit y R e s e a r c h W e b s ite s
The fo llo w in g are the some v u ln e ra b ility research w ebsites th a t you can use:
ill...... C o d e R e d C e n te r
f -L11lilll |
Source: h ttp ://w w w .e c c o u n c il.o rg
The CodeRed Center is a com prehensive se curity resource a d m in is tra to rs can tu rn to fo r daily,
accurate, u p-to -d a te in fo rm a tio n on the latest viruses, Trojans, m alw are, threats, security tools,
risks, and vulnerabilities.
( P TechN et
TechN et is a p ro ject team fro m across M ic ro s o ft Lync Server team s and the co m m u n ity at
large. It is led by the Lync Server d o cu m e n ta tio n team ; th e ir w rite rs and technical review ers
come fro m all disciplines, including p ro du ct engineers, fie ld engineers, su pp o rt engineers,
d ocu m e n ta tio n engineers, and some o f the m ost respected technology bloggers and authors in
the Lync Server universe.
X S e c u r ity M a g a z in e
mVn
Source: h ttp ://w w w .se cu ritym a g a zin e .co m
S e c u r ity F o c u s
The Security Focus w ebsite focuses on a fe w key areas th a t are o f greatest im portance to the
security co m m unity.
0 The SecurityFocus V u ln e ra b ility Database provides security professionals w ith the m ost
u p-to -d a te in fo rm a tio n on vu ln era b ilitie s fo r all p la tfo rm s and services.
H e lp N e t S e c u r ity
Net Security is a daily security news site th a t has been covering th e latest co m p u te r and
n e tw o rk security news since its inception in 1998.
Besides covering news around the globe, HNS focuses on q u a lity technical articles and papers,
vu ln era b ilitie s, ve nd o r advisories, m alware, and hosts th e largest security softw are dow nload
area w ith so ftw a re fo r W indow s, Linux, and Mac OS X.
H a c k e rS to rm
Source: http://www.hackerstorm.co.uk
HackerStorm is a security resource fo r e thical hackers and p e n e tra tio n teste rs to create b e tte r
p en e tra tio n testin g plans and scopes, and conduct vu ln e ra b ility research.
S C M a g a z in e
SC Magazine is published by H aym arket Media Inc. and is part o f a global brand. There are
th re e separate editions o f the magazine:
Q Asia Pacific O nline - read by decision-m akers in over 20 co u n trie s in the Pacific Rim
region
The magazine is published m o n th ly, usually in the firs t w eek o f each m o n th . It is th e longest
running in fo rm a tio n security magazine in the w o rld , w ith the w idest d istrib u tio n .
C o m p u te r w o r ld
For m ore than 40 years, C o m p ute rw o rld has been the leading source o f technology news and
in fo rm a tio n fo r IT influencers w o rld w id e . C o m p u te rw o rld 's w e b site (C om puterw orld.com ),
tw ic e -m o n th ly publication, focused conference series, and custom research fo rm the hub o f the
w o rld 's largest global IT media netw ork.
\— /
- W in d o w s S e c u r it y B lo g s
W indow s security has blogs posted by fam ou s auth ors w ho are leading industry experts. It has
various features such as articles and tu to ria ls, blogs, message boards, security tests, and w h ite
papers.
W h a t I s P e n e t r a t io n T e s t in g ? C E H
UrtrfW* I ttfciul lUilwt
W h a t I s P e n e t r a t io n T e s tin g ?
During p en e tratio n testing, a pen te ste r analyzes all the se curity measures em ployed by the
organization fo r design weaknesses, technical flaws, and vu ln era b ilitie s. There are tw o types o f
testing; black box te s tin g and w h ite b o x te stin g . Black box testin g sim ulates an attack fro m
som eone w ho is u n fa m ilia r w ith the system, and w h ite box testing sim ulates an a ttacker th a t
has kn ow led g e abo u t the system. Once all the tests are conducted, th e pen te ste r prepares a
re p o rt and includes all the te st results and the tests conducted along w ith the vu ln era b ilitie s
fou n d and the respective counterm easures th a t can be applied. Finally, the pen te ste r delivers
the re p o rt to executive, m anagem ent, and technical audiences.
ב
W h y P e n e t r a t io n T e s t in g C E H
(•rtifwd itkitjl
a
e Identify the threats © For testing and
A facing an organization's
information assets
validating the efficiency
of security protections
and controls
Ip fe W h y P e n e t r a t io n T e s t in g ?
P enetration testing is required because it helps you to:
© Id e n tify the threa ts facing an organization's in fo rm a tio n assets
© Reduce an organization's IT security costs and provide a b e tte r Return
On S ecurity In ve stm e n t (ROSI) by id e n tifyin g and resolving vu ln era b ilitie s and
weaknesses
© Provide an organization w ith assurance: a tho ro u gh and com prehensive assessment o f
organizational security covering policy, procedure, design, and im p le m e n ta tio n
© Gain and m aintain ce rtifica tio n to an in dustry regulation (BS7799, HIPAA etc.)
© A do p t best practices by co nfo rm ing to legal and in d u s try re g ula tio ns
© Test and validate the efficiency o f se curity p ro te c tio n s and co n tro ls
© Change or upgrade existing in fra stru ctu re o f softw are, hardw are, or n e tw o rk design
© Focus on h ig h-se ve rity v u ln e ra b ilitie s and emphasize a p p lica tio n -le ve l se curity issues
to d eve lo p m en t team s and m anagem ent
© Provide a com prehensive approach o f pre pa ra tio n steps th a t can be taken to prevent
upcom ing e xploita tio n
© Evaluate the efficiency o f n e tw o rk security devices such as fire w a lls, routers, and web
servers
P e n e tr a tio n T e s tin g M e th o d o lo g y
As a pen tester, you should never overlook any in fo rm a tio n resource. All possible
in fo rm a tio n sources m ust be tested fo r vuln era b ilitie s. Not ju st the in fo rm a tio n sources, but
every m echanism and the s o ftw a re involved in yo u r business m ust be tested because if the
a ttacker is n ot able to com prom ise the in fo rm a tio n system, the n he o r she may try to gain
access to the system and then to th e sensitive in fo rm a tio n . A fe w attacks, such as d enial-of-
service attacks, d o n 't even need access to the system. Therefore, to ensure th a t you check all
possible ways o f com prom ising a system or n etw o rk, you should fo llo w the p en e tra tio n testing
m ethodology. This ensures the full scope o f the test.
P e n e tr a tio n T e s t in g M e t h o d o lo g y ( C o n t’ d )
Mobile Email
►Tff ►H ►
Devices Security
Penetration Penetration
Testing 3 Testing
SAP
Penetration
Testing
M o d u le S u m m a r y C E H
C o m p le x ity o f s e c u rity r e q u ir e m e n ts is in c re a s in g d a y b y d a y as a re s u lt o f
e v o lv in g te c h n o lo g y , c h a n g in g h a c k in g ta c tic s , e m e rg in g s e c u rity v u ln e r a b ilitie s , e tc.
E th ic a l h a c k e r s h o u ld p o sses p la t fo r m k n o w le d g e , n e tw o r k k n o w le d g e , c o m p u te r e x p e rt,
s e c u rity k n o w le d g e , a n d te c h n ic a l k n o w le d g e s kills
M o d u le S u m m a ry
Q Ethical hacking involves the use o f hacking tools, tricks, and techniques to id e n tify
v u ln e ra b ilitie s to ensure system security.