CEHV8 Module 01 Introduction To Ethical Hacking PDF

Introduction to
E th ical H ack in g
Module 01
Ethical Hacking and Countermeasures Exam 312-50 Certified Ethical Hacker
Introduction to Ethical Hacking
In t r o d u c t io n to E t h ic a l
H a c k in g
M o d u le 0 1
E n g i n e e r e d b y H a c k e r s . P r e s e n t e d b y P r o f e s s io n a ls .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s v 8
M o d u le 0 1 : In t r o d u c tio n to E th ic a l H a c k in g
E x a m 3 1 2 -5 0
Module 01 Page 2 Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil

All Rights Reserved. Reproduction is Strictly Prohibited.
S e c u r ity N e w s CEH
.
_ ■ ■. ‫ז י‬ ■
- . ‫* י‬ • I‫ן‬
? ‫י ! ■ ; ■־ ■ל־‬
■ ■ ‫יי‬
H o m e | A b o u t U s \ P o r t f o lio | C o n t a c t U s | S e r v ic e
Oct 17 2012, 0:45am 1ST

Z e ro -d a y A tta c k s a r e M e an er, m o re
R a m p a n t th a n w e e v e r th o u g h t
C om puter attacks th a t ta rg e t undisclosed v u ln e ra b ilitie s are m ore com m on and last longer than
many security researchers previously th o u g h t. The fin d in g comes fro m a new study th a t tracked
the num ber and duration o f so-called zero-day exploits over three years.
The typical zero-day attack, by d e fin itio n , e xp lo its s o ftw a re fla w s before th e y are publicly
disclosed. It lasts on average 312 days, w ith some lasting as long as tw o and a half years,
according to th e study by researchers fro m antivirus p rovider Symantec. O f the 18 zero-day
attacks the researchers found betw een 2008 and 2 0 1 1 ,1 1 o f the m previously w e n t undetected.
Recent revelations th a t th e S tuxnet m alw are th a t sabotaged Iranian nuclear facilities relied on
five zero days already underscored th e th re a t posed by such attacks. But th e researchers said
th e ir findings suggest th e menace may be even greater.
h ttp : //a r s te c h n ic a .c o m
Copyright © by EG-G*ancil. All Rights Reserved. Reproduction is Strictly Prohibited.
N e w s
Z e r o - d a y A tta c k s a r e M e a n e r , m o r e R a m p a n t th a n w e
e v e r th o u g h t
S o u rce : h ttp ://a rs te c h n ic a .c o m
C o m p u te r a tta c k s th a t ta rg e t u n d is c lo s e d v u ln e ra b ilitie s a re m o re com m on and la s t lo n g e r
th a n m a n y s e c u rity re s e a rc h e rs p re v io u s ly th o u g h t. T h e fin d in g c o m e s f r o m a new s tu d y th a t
tr a c k e d th e n u m b e r a n d d u r a tio n o f s o -c a lle d z e ro - d a y e x p lo its o v e r t h r e e y e a rs .
The ty p ic a l ze ro -d a y a tta c k , by d e fin itio n , e x p lo its s o ftw a re fla w s b e fo re th e y a re p u b lic ly
d is c lo s e d . It la s ts on a ve ra g e 312 days, w ith som e la s tin g as lo n g as t w o and a h a lf ye a rs ,
a c c o rd in g to th e s tu d y by re se a rch e rs fro m a n tiv iru s p ro v id e r S y m a n te c . O f th e 18 z e ro -d a y
a tta c k s th e re s e a rc h e rs fo u n d b e tw e e n 2 0 0 8 a n d 2 0 1 1 , 11 o f th e m p re v io u s ly w e n t u n d e te c te d .
R e c e n t r e v e la tio n s t h a t t h e S t u x n e t m a lw a r e t h a t s a b o ta g e d Ira n ia n n u c le a r fa c ilitie s re lie d o n
fiv e z e ro d a y s a lre a d y u n d e r s c o r e d th e t h r e a t p o s e d b y su ch a tta c k s . B u t th e r e s e a r c h e r s s a id
t h e ir fin d in g s s u g g e s t th e m e n a c e m a y b e e v e n g re a te r.
"Z e ro -d a y a tta c k s a re d iffic u lt to p re v e n t because th e y e x p lo it unknow n v u ln e ra b ilitie s , fo r
w h ic h th e r e a re n o p a tc h e s a n d n o a n tiv iru s o r in t r u s io n - d e te c tio n s ig n a tu r e s ," th e y w r o te . "It
seem s th a t, as lo n g as s o ftw a re w ill have bugs and th e d e v e lo p m e n t of e x p lo its fo r new

v u ln e ra b ilitie s w ill b e a p ro fita b le a c tiv ity , w e w ill b e e x p o s e d to z e r o - d a y a t t a c k s . In f a c t , 6 0
p e r c e n t o f t h e z e r o - d a y v u l n e r a b i l i t i e s w e i d e n t i f y in o u r s t u d y w e r e not known b e fo re , w h ic h
s u g g e s ts th a t th e r e a re m any m o re z e ro -d a y a tta c k s th a n p re v io u s ly t h o u g h t — p e rh a p s m o re
t h a n t w ic e as m a n y . "
R e s e a rc h e rs L e y la B ilg e and Tudor D u m itra s c o n d u c te d a s y s te m a tic s tu d y th a t a n a ly z e d
e x e c u ta b le file s c o lle c te d f r o m 11 m illio n c o m p u te rs a ro u n d th e w o rld fro m F e b ru a ry 2 0 0 8 to
M a rch 2012. T hre e o f th e ze ro -d a y e x p lo its t h e y fo u n d w e re d is c lo s e d in 2008, seven w e re
d is c lo s e d in 2009, s ix w e r e d is c lo s e d in 2010, and tw o w e re d is c lo s e d in 2011. (The b in a ry
r e p u ta tio n d a ta th e re s e a rc h e rs re lie d o n p r e v e n te d t h e m fro m i d e n t i f y i n g a t t a c k s in 2 0 1 2 . ) A n
a tta c k o n m a n y v e rs io n s o f M ic r o s o ft W in d o w s , w h ic h a p p e a rs to have gone u n d e te c te d as a
z e ro d a y u n til n o w , h a d th e s h o rte s t d u ra tio n : ju s t 19 days. A n e x p lo it o f a s e p a ra te s e c u rity
b u g in t h e W i n d o w s s h e ll h a d t h e l o n g e s t d u r a t i o n : 3 0 m o n t h s .
Of th e 18 a tta c k s s tu d ie d , 15 ta rg e te d 102 or fe w e r of th e 11 m illio n h o s ts th a t w e re
m o n ito re d . E ig h t o f th e e x p lo its w e re d ire c te d at th re e or fe w e r h o s ts . The d a ta c o n firm s
c o n v e n tio n a l w is d o m th a t z e ro -d a y a tta c k s a re ty p ic a lly re s e rv e d fo r h ig h -v a lu e ta rg e ts . O f th e
r e m a in in g t h r e e a tta c k s , o n e w a s e x p lo ite d b y S tu x n e t a n d a n o th e r w a s e x p lo ite d b y C o n fic k e r,
th e v iru le n t w o r m d is c o v e re d in 2 0 0 8 t h a t h a s i n f e c t e d m illio n s o f c o m p u te r s (and re p o rte d ly
c o n t in u e s t o d o so ). T h e S t u x n e t a n d C o n fic k e r e x p lo it t a r g e t e d 1 .5 m illio n a n d 4 5 0 ,0 0 0 h o s ts
re s p e c tiv e ly . T h e re s u lts , t h e r e s e a r c h e r s s a id , d e m o n s t r a t e d th e d iv id e n d s re tu rn e d b y z e ro -
d a y e x p lo its , w h ic h c a n c o m m a n d p ric e s as h ig h as $ 2 5 0 ,0 0 0 .
"F or e x a m p le , C o n fic k e r e x p lo itin g th e v u ln e ra b ility C V E -2 0 0 8 -4 2 5 0 m anaged to in fe c t
a p p ro x im a te ly 3 7 0 ,0 0 0 m a c h in e s w it h o u t b e in g d e te c te d o ver m o re th a n tw o m o n th s ," th e y
w ro te . " T h is e x a m p le illu s tra te s th e e ffe c tiv e n e s s o f z e ro -d a y v u ln e ra b ilitie s fo r c o n d u c tin g
s te a lth c y b e r-a tta c k s ."
The re se a rch e rs c a u tio n e d th a t th e ir m e th o d of c o lle c tin g e x e c u ta b le file s had s ig n ific a n t
l im it a t io n s , c a u s in g it t o m is s 2 4 z e r o - d a y a tta c k s t r a c k e d b y S y m a n te c 's o w n In t e r n e t S e c u rity
T h re a ts R e p o rt o v e r th e tim e p e rio d s tu d ie d . S u rp ris in g ly , th e num ber o f a tta c k s o n ly g re w
once z e ro -d a y a tta c k s becam e p u b lic k n o w le d g e — b y m a rg in s o f tw o - to 1 0 0 ,0 0 0 -fo ld . The
n u m b e r o f a t t a c k v a r ia n t s a ls o ro s e , w i t h 183 to 8 5 ,0 0 0 m o re v a ria n ts d e te c te d ea ch day. O n e
p o s s i b l e c a u s e o f t h e s u r g e i n n e w f i l e s , t h e r e s e a r c h e r s s a i d , is t h a t t h e e x p l o i t s m a y h a v e b e e n
re p a c k a g e d v e rs io n s o f th e s a m e a tta c k .
" H o w e v e r , i t is d o u b t f u l t h a t r e p a c k i n g a l o n e c a n a c c o u n t f o r a n i n c r e a s e b y u p t o f i v e o r d e r s o f
m a g n i t u d e , " t h e y w r o t e . " M o r e l i k e l y , t h i s i n c r e a s e is t h e r e s u l t o f t h e e x t e n s i v e r e - u s e o f f i e l d -
p r o v e n e x p l o i t s in o t h e r m a l w a r e . "
Copyrights: ©2012 Conde Nast
Author: Dan Goodin
h t t p : / / a r s t e c h n i c a . c o m / s e c u r i t v / 2012 / 10/ z e r o - d a v - a t t a c k s - a r e - m e a r 1e r - a r 1d - m o r e - p l e n t i f u l -
th a n -th o u g h t/

M o d u le O b je c tiv e s CEH
J D a ta B re a c h In v e s tig a tio n s R e p o rt J H a c k in g P hases
J E s s e n tia l T e rm in o lo g y J T yp e s o f A tta c k s o n a S yste m
J E le m e n ts o f In f o r m a tio n S e c u rity J W h y E th ic a l H a c k in g Is N e c e s s a ry
J T o p In fo r m a tio n S e c u rity A tta c k
. J S kills o f an E th ica l H a c k e r
V e c to rs
r j In c id e n t M a n a g e m e n t P rocess
J In f o r m a tio n S e c u rity T h re a ts
J ‫׳‬j T yp e s o f S e c u rity P o licie s

H a c k in g vs. E th ic a l H a c k in g
J E ffe c ts o f H a c k in g o n B usiness j V u ln e r a b ility R esea rch
J W h o Is a H a c k e r? j W h a t Is P e n e tra tio n T e s tin g ?

b
a s
M o d u l e O b je c t iv e s
Sf —1
I t is i m p o r t a n t t o b e a r in m i n d t h a t a t t a c k e r s b r e a k i n t o s y s t e m s f o r v a r i o u s r e a s o n s
a n d p u r p o s e s . T h e r e f o r e , i t is i m p o r t a n t t o c o m p r e h e n d h o w m a l i c i o u s h a c k e r s e x p l o i t s y s t e m s
a n d t h e p r o b a b l e r e a s o n s b e h i n d t h e a t t a c k s . A s S u n T z u p u t it in t h e A r t o f W a r , " I f y o u k n o w
y o u r s e l f b u t n o t t h e e n e m y , f o r e v e r y v i c t o r y g a i n e d , y o u w i l l a l s o s u f f e r a d e f e a t . " I t is t h e d u t y
of s y s te m a d m in is tra to rs and n e tw o rk s e c u rity p ro fe s s io n a ls to g u a rd th e ir in fra s tru c tu re
a g a in s t e x p lo its b y k n o w in g th e e n e m y — th e m a lic io u s h a cke r(s)— w h o seek to use th e sam e
in f r a s t r u c t u r e f o r ille g a l a c tiv itie s .
E t h i c a l h a c k i n g is t h e p r o c e s s o f c h e c k i n g a n d t e s t i n g t h e o r g a n i z a t i o n n e t w o r k f o r t h e p o s s i b l e
lo o p h o le s a n d v u ln e ra b ilitie s . T h e in d iv id u a ls o r e x p e rts w h o p e r fo r m e th ic a l h a c k in g a re c a lle d
w h ite h a ts . They p e rfo rm h a c k in g in e th ic a l w ays, w ith o u t c a u s in g any dam age to th e
c o m p u t e r s y s te m , th e r e b y in c re a s in g th e s e c u rity p e r im e te r o f a n o rg a n iz a tio n .

T h is m o d u le c o v e rs :
0 H a c k in g P h a se s
0 D a ta B re a c h In v e s tig a tio n s R e p o rt
0 E s s e n tia l T e r m in o l o g y 0 T y p e s o f A tta c k s o n a S y s te m
0 E le m e n ts o f I n fo r m a tio n S e c u rity 0 W h y E t h i c a l H a c k i n g Is N e c e s s a r y
0 T o p I n fo r m a tio n S e c u rity A tta c k 6 S k ills o f a n E th ic a l H a c k e r

V e c to rs
0 In c id e n t M a n a g e m e n t P ro ce ss
0 In fo r m a tio n S e c u rity T h re a ts
0 T y p e s o f S e c u r it y P o lic ie s
0 H a c k in g vs. E th ic a l H a c k in g
0 V u ln e r a b ility R e s e a rch
0 E ffe c ts o f H a c k in g o n B u s in e s s
0 W h a t Is P e n e t r a t i o n T e s t i n g ?
0 W h o Is a H a c k e r ?
Module 01 Page 6 Ethical Hacking and Countermeasures Copyright © by EC-C0UI1Cil

H a c k in g T ypes of In fo rm a tio n S e c u r ity

P hases A tta c k s C o n tro ls
Copyright © by EC-G*ancil. All Rights Reserved. Reproduction is Strictly Prohibited.
M o d u l e F lo w
‫'־‬
In fo rm a tio n s e c u rity re fe rs to p ro te c tin g or s a fe g u a rd in g any k in d of s e n s itiv e
in fo rm a tio n and in fo rm a tio n s y s te m s fro m u n a u th o riz e d access, d is c lo s u re , a lte ra tio n ,
d is ru p tio n , a n d d e s tru c tio n . F o r m o s t o rg a n iz a tio n s , in fo r m a tio n is t h e c ritic a l re s o u rc e t o be
s e c u re d . If s e n s itiv e in f o r m a t io n fa lls in t o w r o n g hands, th e n th e re s p e c tiv e o rg a n iz a tio n m ay
fa c e a g re a t th re a t. In an a tte m p t to u n d e rs ta n d how to s e cu re such c ritic a l in fo rm a tio n
re s o u rc e s , fir s t w e w ill lo o k a t an o v e r v ie w o f in f o r m a t io n s e c u rity .
i-g ! In f o r m a t io n S e c u rity O v e r v ie w H a c k in g P h a se s
f c ‫—־‬
s ' In fo r m a tio n S e c u rity T h re a ts

1— ‫י‬ T yp e s o f A tta c k s
a n d A tta c k V e c to rs
4 k - ‫!״‬ H a c k in g C o n c e p ts ‫ן‬ r^ U In fo r m a tio n S e c u rity C o n tro ls
T h is s e c t io n c o v e rs e le m e n ts o f in fo rm a tio n s e c u rity , th e s tre n g th o f th e c o m p o n e n t tria n g le
(s e c u rity , fu n c tio n a lity , a n d u s a b ility ), a n d e s s e n tia l te r m in o lo g y .

I n t e r n e t C r i m e C u r r e n t R e p o r t : I C 3 CEH
(•rtifwd itk itjl
I n t e r n e t C r im e C o m p la in t C e n t e r (IC 3 )
20 0 5 20 0 6 20 07 2008 2009 2010 2011

___________
htp://www.ic3.gov
Copyright © by EG-G*ancil. All Rights Reserved. Reproduction Is Strictly Prohibited.
I n t e r n e t C r i m e C u r r e n t R e p o r t : I C 3
S o u rce : h ttp ://w w w .ic 3 .g o v
T h e f o l l o w i n g is t h e c r i m e r e p o r t d a t a f r o m I C 3 ; t h e I n t e r n e t C r i m e C o m p l a i n t C e n t e r ( I C 3 ) is a
p a rtn e rs h ip a m o n g th e F ederal B u re a u o f In v e s tig a tio n (F B I), t h e N a tio n a l W h ite C o lla r C rim e
C e n te r (N W 3 C ), a n d th e B u re a u o f J u s tic e A s s is ta n c e (B JA ). A c c o r d in g t o IC 3 , o n l i n e In te rn e t
c r im e c o m p la in t s a re in c r e a s in g d a ily . F ro m t h e g r a p h , y o u c a n o b s e r v e t h a t in t h e y e a r 2 0 0 5 ,
th e re w e re 2 3 1 ,4 9 3 c r im e c o m p la in ts , w h e re a s in th e year 2009, c o m p la in ts d ra s tic a lly
in c re a s e d to 3 3 6 ,6 5 5 . W hen c o m p a re d to 2009, In te r n e t c rim e c o m p la in ts in t h e year 2011
d e c re a s e d to s o m e e x te n t.

I n t e r n e t C r im e C o m p la in t C e n te r (IC 3 )
Yearly Comparison of Complaints Received via the IC3 Website

3 5 0 ,0 0 0 336,655
314,246
303,809
3 0 0 .0 0 0
275,284
r d
by I C 3
2 5 0 .0 0 0 231,493
207,492 206,884
2 0 0 .0 0 0
r e c e iv e d
1 5 0 .0 0 0
1 0 0 .0 0 0
C o m p la in ts
5 0 ,0 0 0
0 ______ ‫״‬
Module 01 Page 9 Ethical Hacking and Countermeasures Copyright © by EC-C0linCil

D a ta B re a c h In v e s tig a tio n s R e p o rt CEH
Types of hacking by and percent of records
r
28% / 97%
H a c k in g
P h y s ic a l
E n v ir o n m e n ta l I 0% I 0%
P e rc e n t o f B re a c h e s a n d P e rc e n t o f R e c o rd s
h ttp : //w w w .v e r iz o n b u s in e s s .c o m
Copyright © by IC-CM ICil. All Rights Reserved. Reproduction Is Strictly Prohibited.
D a t a B r e a c h I n v e s t i g a t i o n s R e p o r t
n
— S o u rce : h ttp ://w w w .v e riz o n b u s in e s s .c o m
The d a ta b re a c h in v e s tig a tio n s re p o rt fro m V e riz o n B u s in e s s sh o w s th e ty p e s o f h a c k in g by
p e r c e n t o f b r e a c h e s a n d p e r c e n t o f r e c o r d s . F r o m t h e r e p o r t , i t is c l e a r t h a t m o s t o f t h e s e c u r i t y
b r e a c h e s h a p p e n i n g t o d a y a r e b e c a u s e o f h a c k i n g . T h e r e f o r e , in o r d e r t o p r o t e c t y o u r s e l f f r o m
d a ta o r s e c u r it y b re a c h e s , y o u s h o u ld te s t y o u r n e t w o r k s e c u rity a g a in s t h a c k in g .

M a lw a r e 28% / 97%
H a c k in g I 58 % / 99%
S o c ia l 22% I 38%
M is u s e 7% / <1%
......... ..........
P h y s ic a l 17% I<1 %
E rro r
tmrnmitmmt 7 % / <1%
H
E n v ir o n m e n ta l 0% / 0%
I I
P e rc e n t o f B re a c h e s a n d P e rc e n t o f R e c o rd s
FIGURE 1.1: D ata B rea ch In v e s tig a tio n R e p o rt

E s s e n tia l T e r m in o lo g y CEH
H a c k V a lu e T a r g e t o f E v a lu a t io n
It is the notion among hackers that An IT system, product, or component

something is worth doing or is that is identified/subjected to a
interesting required security evaluation
E x p lo it Z e ro -D a y A tta c k
A defined way to breach the An attack that exploits computer

security of an IT system through application vulnerabilities before the
vulnerability software developer releases a patch for
the vulnerability
V u ln e r a b ility D a is y C h a in in g
Existence of a weakness, design, or Hackers who get away with database

implementation error that can lead to theft usually complete their task, then
an unexpected and undesirable event backtrack to cover their tracks by
compromising the security of the system destroying logs, etc.
E s s e n t ia l T e r m i n o l o g y
x ‫ן‬ H a c k V a lu e
Hack v a lu e is th e n o tio n am ong h a cke rs th a t s o m e th in g is w o rth d o in g or is
in te re s tin g . H a c k e rs m ig h t fe e l th a t b re a k in g d o w n th e t o u g h e s t n e t w o r k s e c u r ity m ig h t g iv e
t h e m g r e a t s a t i s f a c t i o n , a n d t h a t i t is s o m e t h i n g t h e y a c c o m p l i s h e d t h a t n o t e v e r y o n e c o u l d d o .
E x p lo it
An e x p lo it is a d e fin e d way to b re a c h th e s e c u rity of an IT s y s te m th ro u g h
v u ln e ra b ility . T h e te r m e x p l o i t is u s e d w h e n a n y k i n d o f a t t a c k h a s t a k e n p la c e o n a s y s te m or
n e tw o rk . A n e x p lo it can a ls o be d e fin e d as m a lic io u s s o f t w a r e o r c o m m a n d s th a t can cause
u n a n tic ip a te d b e h a v io r to occur on le g itim a te s o ftw a re or h a rd w a re b y ta k in g a d v a n ta g e of
th e v u ln e ra b ilitie s .
V u ln e r a b ilit y
V u l n e r a b i l i t y is a w e a k n e s s i n d e s i g n o r a n i m p l e m e n t a t i o n e r r o r t h a t c a n l e a d t o a n
u n e x p e c t e d a n d u n d e s i r a b l e e v e n t c o m p r o m i s i n g t h e s e c u r i t y o f t h e s y s t e m . In s i m p l e w o r d s , a
v u ln e ra b ility is l o o p h o le , lim ita tio n , o r w e a kn e ss th a t becom es a so u rce fo r an a tta c k e r to
e n te r in to th e s y s te m b y b y p a s s in g v a rio u s u s e r a u th e n tic a tio n s .

T a r g e t o f E v a lu a t io n
3 /
A ta rg e t o f e v a lu a tio n is a n IT s y s t e m , p ro d u c t, o r c o m p o n e n t th a t is i d e n t i f i e d /
s u b je c te d to a re q u ire d s e c u rity e v a lu a tio n . T h is k in d of e v a lu a tio n h e lp s th e e v a lu a to r
u n d e rs ta n d th e fu n c tio n in g , te c h n o lo g y , a n d v u ln e ra b ilitie s o f a p a rtic u la r s y s te m o r p ro d u c t.
Z e r o - d a y A tta c k
In a z e ro -d a y a tta c k , th e a tta c k e r e x p lo its th e v u ln e ra b ilitie s in th e c o m p u te r
a p p lic a tio n b e fo r e th e s o ftw a r e d e v e lo p e r re le a s e s a p a tc h f o r t h e m .
D a is y C h a in in g
A tta c k e rs w ho get away w ith d a ta b a s e th e ft u s u a lly c o m p le te th e ir ta s k and th e n
b a c k tra c k to c o v e r th e ir tra c k s by d e s tro y in g lo g s , e tc . T h e a tta c k e rs g a in c o n tro l o f o th e r
s y s te m s a n d use th e m f o r m a lic io u s a c tiv itie s . It b e c o m e s d i f f i c u l t t o id e n tify th e a t t a c k e r as
th e y use o th e rs ' s y s te m s to p e rfo r m ille g a l a c tiv itie s .

E le m e n t s o f I n f o r m a t i o n S e c u r it y CEH
A s ta te o f w e ll- b e in g o f in fo r m a t io n a n d in fr a s tr u c tu r e in w h ic h th e p o s s ib ility o f t h e f t ,
t a m p e r in g , a n d d is r u p t io n o f in f o r m a t io n a n d s e rv ic e s is k e p t lo w o r to le r a b le
Assurance that the Assurance that the systems responsible Guarantee that the sender of a message
information is accessible for delivering, storing, and processing cannot later deny having sent the
only to those authorized information are accessible when message and that the recipient cannot
to have access required by the authorized users deny having received the message
In te g rity A v a ila b ility 9 A u th e n tic ity
The trustworthiness of data Authenticity refers to the

or resources in terms of characteristic of a communication,
preventing improper and document or any data that ensures
unauthorized changes the quality o f being genuine
,jp ► E le m e n t s o f I n f o r m a t i o n S e c u r it y
‫׳'־'*"■״‬ In fo rm a tio n s e c u rity is d e fin e d as: "A s ta te of w e ll-b e in g of in fo rm a tio n and
in fra s tru c tu re in w h i c h th e p o s s ib ility o f th e ft, ta m p e r in g , a n d d is ru p tio n o f in fo rm a tio n and
s e rv ic e s is kept lo w or to le ra b le ." It re lie s on th e fiv e m a jo r e le m e n ts o f: c o n fid e n tia lity ,
in te g rity , a v a ila b ility , a u th e n tic ity , a n d n o n -r e p u d ia tio n .
-‫״‬ C o n f id e n t ia lit y
C o n fid e n tia lity is th e a ssu ra n ce th a t th e in fo rm a tio n is a c c e s s ib le o n ly to th o s e
a u th o riz e d to h a ve access. C o n fid e n tia lity b re a c h e s m a y o c c u r d u e to im p ro p e r d a ta h a n d lin g
o r a h a c k in g a t t e m p t .
f r I n t e g r it y
zL ---------- I n t e g r i t y is t h e t r u s t w o r t h i n e s s o f d a t a o r r e s o u r c e s i n t e r m s o f p r e v e n t i n g i m p r o p e r
a n d u n a u t h o r iz e d c h a n g e s , t h e a s s u ra n c e t h a t in f o r m a t io n ca n b e re lie d u p o n t o b e s u ffic ie n tly
a c c u r a t e f o r its p u r p o s e .
A v a ila b ilit y
■ "f? ■
A v a i l a b i l i t y is t h e a ssu ra n ce th a t th e s y s te m s re s p o n s ib le f o r d e liv e rin g , s to rin g , a n d

p ro c e s s in g in f o r m a t io n a re a c c e s s ib le w h e n r e q u ir e d b y a u th o r iz e d u s e rs .
A u t h e n t ic it y
A u th e n tic ity re fe rs to th e c h a ra c te ris tic o f a c o m m u n ic a tio n , d o c u m e n t, o r a n y d a ta
t h a t e n s u re s th e q u a lit y o f b e in g g e n u in e o r n o t c o r r u p te d f r o m th e o rig in a l. T h e m a jo r ro le s o f
a u t h e n t i c a t i o n i n c l u d e c o n f i r m i n g t h a t t h e u s e r is w h o h e o r s h e c l a i m s t o be a n d e n s u rin g th e
m e s s a g e is a u t h e n t i c a n d n o t a l t e r e d o r f o r g e d . B i o m e t r i c s , s m a r t c a r d s , a n d d i g i t a l c e r t i f i c a t e s
a re u se d t o e n s u re a u th e n tic ity o f d a ta , tra n s a c tio n s , c o m m u n ic a tio n s , o r d o c u m e n ts .
p g jj N o n - r e p u d ia t io n
N o n -re p u d ia tio n re fe rs to th e a b ility to e n s u re th a t a p a rty to a c o n tra c t or a
c o m m u n ic a tio n c a n n o t d e n y th e a u t h e n t ic it y o f t h e ir s ig n a tu r e o n a d o c u m e n t o r th e s e n d in g
o f a m e s s a g e t h a t t h e y o r i g i n a t e d . I t is a w a y t o g u a r a n t e e t h a t t h e s e n d e r o f a m e s s a g e c a n n o t
la te r d e n y h a v in g se n t th e m essage and th a t th e re c ip ie n t c a n n o t d e n y h a v in g re c e iv e d th e
m essage.

T h e S e c u r ity , F u n c t io n a lit y , a n d
CEH
U s a b ilit y T r i a n g l e
| M o vin g th e ball to w a rd s |
F u n cc t i o n a l i t y
j se cu rity means less
: fu n c tio n a lity and u sa b ility j »
(F e a tu re s)
S e c u rity
( R e s tr ic tio n s ) W * .is U s a b ility
(G U I)
T h e S e c u r it y , F u n c t i o n a l i t y , a n d U s a b i l i t y T r i a n g l e
T e c h n o l o g y is e v o l v i n g a t a n u n p r e c e d e n t e d r a t e . A s a r e s u l t , n e w p r o d u c t s t h a t r e a c h
th e m a rk e t te n d to be e n g in e e re d f o r e a s y -to -u s e ra th e r th a n s e c u re c o m p u tin g . T e c h n o lo g y ,
o rig in a lly d e v e lo p e d fo r "h o n e s t" rese a rch and a c a d e m ic p u rp o se s, has not e v o lv e d at th e
sam e pace as th e u s e r's p ro file . M o re o v e r, d u rin g th is e v o lu tio n , s y s te m d e s ig n e rs o fte n
o v e rlo o k th e v u ln e ra b ilitie s d u rin g th e in te n d e d d e p lo y m e n t of th e s y s te m . H o w e v e r,
in c re a s in g b u ilt-in d e fa u lt s e c u rity m e c h a n is m s m e a n s u s e rs h a v e to be m o re c o m p e te n t. As
c o m p u t e r s a r e u s e d f o r m o r e a n d m o r e r o u t i n e a c t i v i t i e s , i t is b e c o m i n g i n c r e a s i n g l y d i f f i c u l t f o r
s y s te m a d m in is tr a to rs and o th e r s y s te m p ro fe s s io n a ls to a llo c a te reso u rce s e x c lu s iv e ly fo r
s e c u r in g s y s te m s . T h is in c lu d e s t im e n e e d e d t o c h e c k lo g file s , d e t e c t v u ln e r a b ilit ie s , a n d a p p ly
s e c u rity u p d a te p a tc h e s .
R o u tin e a c tiv itie s consum e s y s te m a d m in is tra to rs ‫׳‬ tim e , le a v in g le s s tim e fo r v ig ila n t
a d m in is tra tio n . T h e re is l i t t l e t i m e to d e p lo y m e a su re s an d s e cu re c o m p u tin g reso u rce s on a
re g u la r and in n o v a tiv e b a s is . T h is has in c re a s e d th e dem and fo r d e d ic a te d s e c u rity
p ro fe s s io n a ls to c o n s ta n tly m o n ito r and d e fe n d IC T ( In fo rm a tio n and C o m m u n ic a tio n
T e c h n o lo g y ) reso u rce s.
O rig in a lly , to "hack" m e a n t to possess e x tra o rd in a ry c o m p u te r s k ills t o e x te n d th e lim its of
c o m p u te r s y s te m s . H a c k in g re q u ire d g re a t p ro fic ie n c y . H o w e v e r, to d a y th e re a re a u to m a te d

to o ls a n d c o d e s a v a ila b le o n t h e I n t e r n e t t h a t m a k e it p o s s ib le f o r a n y o n e w it h a w ill a n d d e s ire
to hack and succeed.
M e r e c o m p r o m is e o f th e s e c u rity o f a s y s te m d o e s n o t d e n o te success. T h e re a re w e b s ite s th a t
in s is t o n " t a k i n g b a c k t h e n e t " as w e l l a s p e o p l e w h o b e l i e v e t h a t t h e y a r e d o i n g a ll a f a v o r b y
p o s tin g e x p lo it d e ta ils . T h e s e c a n a c t as a d e t r i m e n t a n d c a n b r i n g d o w n t h e s k ill le v e l r e q u i r e d
t o b e c o m e a s u c c e s s fu l a tta c k e r.
T h e e a s e w it h w h ic h s y s te m v u ln e r a b ilitie s ca n b e e x p lo ite d h a s in c re a s e d w h ile t h e k n o w le d g e
c u rv e re q u ire d to p e rfo r m su ch e x p lo its has s h o rte n e d . T h e c o n c e p t o f th e e lite /s u p e r a tta c k e r
is a n i l l u s i o n . H o w e v e r , t h e f a s t - e v o l v i n g g e n r e o f " s c r i p t k i d d i e s " is l a r g e l y c o m p r i s e d o f l e s s e r -
s k ille d in d iv id u a ls h a v in g se co n d -h a n d k n o w le d g e o f p e rfo rm in g e x p lo its . One o f th e m a in
im p e d im e n ts c o n trib u tin g to th e g ro w th o f s e c u rity in fra s tr u c tu r e lie s in t h e u n w illin g n e s s o f
e x p lo ite d o r c o m p r o m is e d v ic tim s t o r e p o r t t h e in c id e n t f o r fe a r o f lo s in g t h e g o o d w ill a n d fa ith
of th e ir e m p lo y e e s , c u s to m e rs , p a rtn e rs , a n d /o r of lo s in g m a rke t sh a re . The tre n d of
in fo rm a tio n a s s e ts in flu e n c in g th e m a rke t has seen m o re c o m p a n ie s th in k in g tw ic e b e fo re
r e p o r tin g in c id e n ts to la w e n fo r c e m e n t f o r fe a r o f b a d p re ss a n d n e g a tiv e p u b lic ity .
T h e in c r e a s in g ly n e t w o r k e d e n v ir o n m e n t , w i t h c o m p a n ie s o f t e n h a v in g t h e i r w e b s it e as a s in g le
p o in t o f c o n ta c t a cro ss g e o g ra p h ic a l b o u n d a rie s , m akes it c ritic a l f o r a d m in is tra to rs to ta k e
c o u n te rm e a s u re s to p re v e n t e x p lo its th a t can re s u lt in lo s s of an im p o r ta n t re a so n why
c o r p o r a t i o n s n e e d t o in v e s t in s e c u r i t y m e a s u r e s t o p r o t e c t t h e i r i n f o r m a t i o n a s s e ts .

M o d u l e F lo w
l r ' 5 ,‫ד‬
So fa r we d is c u s s e d in fo rm a tio n s e c u rity . Now we w ill d is c u s s th re a ts and a tta c k
v e c to r s o f in fo r m a t io n s e c u rity .
|~ U In fo r m a tio n S e c u rity O v e r v ie w H a c k in g P h a se s
Eel-------
I n f o r m a tio n S e c u rity T h re a ts * - . . |
T yp e s o f A tta c k s
M a n d A tta c k V e c to rs
H a c k in g C o n c e p ts L ^ ‫־‬ In fo r m a tio n S e c u rity C o n tro ls
T h is s e c tio n in tro d u c e s you to to p in fo rm a tio n s e c u rity a tta c k v e c to rs , th e p o s s ib le s e c u rity
t h r e a t s t o v a lu a b le in fo r m a tio n , a n d th e g o a ls o f a tta c k e r s w h o p e r fo r m a tta c k s o n in fo rm a tio n
s y s te m s .

T o p I n f o r m a t i o n S e c u r it y
CEH
A tta c k V e c to rs
V irtua liza tion and Organized Un-patched Targeted Social
Cloud C om puting Cyber Crime Softw are M alw ares N etw o rkin g
?a ‫י‬ IF 3I 't t A
‫ויי‬,
Insider Threats
! j‫׳‬
In fo rm a tio n S y s te m s
Complexity of
Computer Infrastructure
Compliance to Govt. Mobile

9
Inadequate Network
?ftLack o f Cyber
Laws and Regulations Device Security Security Policies Applications Security Professionals
T o p I n f o r m a t i o n S e c u r it y A t t a c k V e c t o r s
An a tta c k v e c to r is a p a th or m eans by w h ic h an a tta c k e r g a in s access to an
in fo rm a tio n s y s te m to p e rfo rm m a lic io u s a c t iv it ie s . T h is a t t a c k v e c t o r e n a b le s a n a t t a c k e r t o
t a k e a d v a n t a g e o f t h e v u l n e r a b i l i t i e s p r e s e n t in t h e i n f o r m a t i o n s y s t e m in o r d e r t o c a r r y o u t a
p a rtic u la r a tta c k .
A lth o u g h th e re a re som e tra d itio n a l a tta c k s v e c to rs fro m w h ic h a tta c k can be p e rfo rm e d ,
a tta c k v e c to rs com e in m any fo rm s ; one cannot p r e d i c t in w h i c h fo rm an a tta c k v e c to r can
com e.
The fo llo w in g a re th e p o s s ib le to p a tta c k v e c to rs th ro u g h w h ic h a tta c k e rs can a tta c k
in fo r m a tio n s y s te m s :
0 V ir t u a liz a t io n a n d C lo u d C o m p u t in g
0 O rg a n iz e d C y b e r C rim e
0 U n p a tc h e d S o ftw a re
0 T a rg e te d M a lw a re
0 S o c ia l N e t w o r k i n g
0 In s id e r T h re a ts
Module 01 Page 19 Ethical Hacking and Countermeasures Copyright © by EC-COUIlCil

0 B o tn e ts
0 Lack o f C y b e r S e c u rity P ro fe s s io n a ls
0 N e tw o r k A p p lic a tio n s
0 I n a d e q u a t e S e c u r it y P o lic ie s
0 M o b ile D e v ic e S e c u r ity
0 C o m p lia n c e w it h G o v t. L a w s a n d R e g u la tio n s
0 C o m p le x ity o f C o m p u te r In fra s tru c tu re
0 H a c k tiv is m

M o t i v e s , G o a ls , a n d O b j e c t i v e s o f
I n f o r m a t i o n S e c u r it y A t t a c k s
A tta c k s A t t a c k s = M o t i v e ( G o a l) + M e t h o d + V u l n e r a b i l i t y
A tta c k e rs ha ve m o tiv e s o r g o a ls such as d is r u p tin g

b u s in e s s c o n tin u ity , in fo r m a tio n t h e ft, d a ta G o a ls
m a n ip u la tio n s , o r ta k in g re ve n g e
A m o tiv e o rig in a te s o u t o f th e n o tio n th a t th e ta r g e t

M o tiv e s s y s te m s to re s o r p ro c e s s e s s o m e th in g v a lu a b le an d th is
lead s to th r e a t o f an a tta c k o n th e system
A tta c k e rs t r y v a rio u s to o ls , a tta c k m e th o d s , a n d

te c h n iq u e s to e x p lo it v u ln e r a b ilitie s in a c o m p u te r / ' /
O b je c tiv e s
s ystem o r s e c u rity p o lic y a n d c o n tro ls to a c h ie v e t h e ir
m o tiv e s
M o t i v e s , G o a ls , a n d O b je c t iv e s o f I n f o r m a t i o n
— -E l S e c u r it y A t t a c k s
A tta c k e r s g e n e r a lly h a v e m o tiv e s o r g o a ls o r o b je c tiv e s b e h in d p e r f o r m in g in fo r m a t io n s e c u rity
a tta c k s . It m ay be to d is ru p t th e b u s in e s s c o n tin u ity of th e ta rg e t o rg a n iz a tio n , to s te a l
v a lu a b le in f o r m a t io n , f o r th e s a k e o f c u r io s ity , o r e v e n t o ta k e r e v e n g e o n t a r g e t o rg a n iz a tio n .
T h e r e f o r e , th e s e m o tiv e s o r g o a ls d e p e n d o n t h e a tta c k e r 's s ta te o f m in d , f o r w h a t re a s o n h e o r
s h e is c a r r y i n g o u t s u c h a n a c t i v i t y . O n c e , t h e a t t a c k e r d e t e r m i n e s h is /h e r g o a l, h e o r s h e ca n
a c c o m p l i s h t h e g o a l b y a d o p t i n g v a r i o u s t e c h n i q u e s t o e x p l o i t v u l n e r a b i l i t i e s in a n i n f o r m a t i o n
s y s te m o r s e c u rity p o lic y a n d c o n tro ls .

In f o r m a t io n S e c u r ity T h r e a ts CEH
0 0 0 0 0 0
N a tu ra l P h y s ic a l H um an
T h re a ts S e c u rity T h re a ts T h re a ts
© N a tu ra l dis a s te rs © Loss o r d a m a g e o f © H ackers

s y ste m re so u rce s
Q F lo o d s © In sid e rs
© P hysical in tru s io n
Q E a rth q u a k e s Q S ocial e n g in e e rin g
© S a b o ta g e , e s p io n a g e
Q H u rric a n e s © Lack o f k n o w le d g e
a n d e rro rs
a n d a w a re n e s s
0 0 0 0 0 0 ,
Copyright © by E C - G t n c i. All Rights Reserved. Reproduction is Strictly Prohibited.
I n f o r m a t i o n S e c u r it y T h r e a t s
I n f o r m a t io n s e c u r ity t h r e a t s a re b r o a d ly c la s s ifie d in t o t h r e e c a te g o r ie s , as fo llo w s :
N a tu r a l T h r e a ts
N a tu ra l th re a ts in c lu d e n a tu r a l d is a s te rs s u c h as e a rth q u a k e s , h u rric a n e s , flo o d s , o r
an y n a tu re -c re a te d d is a s te r th a t c a n n o t b e s to p . In fo rm a tio n dam age o r lo s t d u e t o n a tu ra l
t h r e a t s c a n n o t b e p r e v e n t e d a s n o o n e k n o w s in a d v a n c e t h a t t h e s e t y p e s o f t h r e a t s w i l l o c c u r .
H o w e ve r, yo u can im p le m e n t a fe w s a fe g u a r d s a g a in s t n a tu r a l d is a s te rs b y a d o p t in g d is a s te r
r e c o v e r y p la n s a n d c o n t in g e n c y p la n s .
P h y s ic a l S e c u r it y T h r e a ts
P h y s ic a l t h r e a t s m a y i n c lu d e lo s s o r d a m a g e o f s y s t e m re s o u rc e s t h r o u g h fire , w a te r ,
th e ft, and p h y s ic a l im p a c t. P h y s ic a l im p a c t o n reso u rce s can be due to a c o llis io n o r o th e r
d a m a g e , e ith e r in te n tio n a lly o r u n in te n tio n a lly . S o m e t im e s , p o w e r m a y a ls o d a m a g e h a r d w a r e
use d to s to re in fo rm a tio n .
H u m a n T h r e a ts
Hum an th re a ts in c lu d e th re a ts o f a tta c k s p e r fo r m e d by b o th in s id e rs a n d o u ts id e rs .

In s id e r a tta c k s re fe r to a tta c k s p e rfo rm e d by d is g ru n tle d or m a lic io u s e m p lo y e e s . O u ts id e r
a tta c k s re fe r to a tta c k s p e rfo rm e d by m a lic io u s p e o p le n o t w ith in th e o rg a n iz a tio n . In s id e r
a tta c k e rs can be th e b ig g e s t t h r e a t to in fo rm a tio n s y s te m as t h e y m ay know th e s e c u rity
p o s tu re o f th e in fo rm a tio n s y s te m , w h ile o u ts id e r a tta c k e rs a p p ly m a n y tr ic k s s u c h as s o c ia l
e n g in e e r in g t o le a rn t h e s e c u rity p o s tu r e o f t h e in f o r m a t io n s y s te m .

I n f o r m a t i o n S e c u r it y T h r e a t s ( C o n t ’ d )
4r K ir
H u m a n t h r e a t s c a n b e f u r t h e r c la s s ifie d in t o t h r e e t y p e s , as f o llo w s :
N e tw o r k T h r e a ts
‫״‬
A n e t w o r k is d e f i n e d as t h e c o lle c tio n o f c o m p u te rs a nd o th e r h a rd w a re c o n n e c te d
by c o m m u n ic a tio n c h a n n e ls to s h a re reso u rce s and in fo rm a tio n . As th e in fo rm a tio n tra v e ls
fro m o n e c o m p u te r to th e o th e r th r o u g h th e c o m m u n ic a tio n c h a n n e l, a m a lic io u s p e rs o n m a y
b re a k in to th e c o m m u n ic a tio n c h a n n e l a n d s te a l th e in fo rm a tio n tra v e lin g o v e r th e n e tw o rk .
T h e a tta c k e r ca n im p o s e v a rio u s th re a ts o n a ta r g e t n e tw o r k :
0 In fo rm a tio n g a th e rin g
0 S n iffin g a n d e a v e s d r o p p in g
0 S p o o fin g
0 S e s s io n h ija c k in g a n d m a n - i n - t h e - m i d d le a tta c k s
0 SQL in je c tio n
0 A R P P o is o n in g
0 P a s s w o rd -b a s e d a tta c k s

© D e n ia l o f s e rv ic e a tta c k
© C o m p ro m is e d -k e y a tta c k
vL H o s t T h r e a ts
H o s t t h r e a t s a re d ir e c te d a t a p a r tic u la r s y s te m o n w h ic h v a lu a b le in f o r m a t io n re s id e s .
A tta c k e rs try to b re a ch th e s e c u rity o f th e in fo rm a tio n s y s te m re so u rce . T he fo llo w in g a re
p o s s ib le th r e a t s t o t h e h o s t:
0 M a lw a re a tta c k s
0 T a rg e t F o o tp rin tin g
0 P a s s w o rd a tta c k s
0 D e n ia l o f s e rv ic e a tta c k s
0 A rb itra ry c o d e e x e c u tio n
© U n a u th o riz e d access
© P riv ile g e e s c a la tio n
0 B a ck d o o r A tta c k s
© P h y s ic a l s e c u r it y t h r e a t s
A p p lic a t io n T h r e a ts
If th e p ro p e r s e c u rity m e a su re s a re not c o n s id e re d d u rin g d e v e lo p m e n t of th e
p a rtic u la r a p p lic a tio n , th e a p p lic a tio n m ig h t be v u ln e ra b le to d iffe re n t ty p e s o f a p p lic a tio n
a tta c k s . A tta c k e rs ta k e a d v a n ta g e of v u ln e ra b ilitie s p re se n t in th e a p p lic a tio n to s te a l or
d a m a g e t h e in f o r m a t io n . T h e f o llo w in g a re p o s s ib le th r e a t s t o t h e a p p lic a tio n :
© D a ta /In p u t v a lid a tio n
© A u th e n tic a tio n a n d A u th o riz a tio n a tta c k s
© C o n fig u ra tio n m a n a g e m e n t
© In f o r m a t io n d is c lo s u re
© S e s s io n m a n a g e m e n t is s u e s
© B u f f e r o v e r f l o w is s u e s
0 C ry p to g ra p h y a tta c k s
0 P a ra m e te r m a n ip u la tio n
0 Im p r o p e r e r r o r h a n d lin g a n d e x c e p tio n m a n a g e m e n t
0 A u d it in g a n d lo g g in g is s u e s

In fo r m a tio n W a rfa re CEH
T h e te r m in fo r m a t io n w a rfa re o r In fo W a r re fe rs to th e u se o f in f o r m a t io n a n d c o m m u n ic a tio n
te c h n o lo g ie s (IC T) to ta k e c o m p e titiv e a d v a n ta g e s o v e r an o p p o n e n t
t \ ( \
D e fe n s iv e I n f o r m a t io n W a r fa r e O ffe n s iv e I n f o r m a t io n W a r fa r e
It refers to all stra te g ie s an d a c tio n s to It refers to in fo rm a tio n w a rfa re th a t involves

d e fe n d a g a in s t a tta c k s o n ICT assets a tta c k s a g a in s t ICT assets o f an o p p o n e n t
D e fe n s iv e W a rfa re
a. Prevention
Deterrence
Alerts
Detection
Emergency
Preparedness
Response
%
I n f o r m a t i o n W a r f a r e
The te rm in fo rm a tio n w a rfa re or In fo W a r re fe rs to th e use of in fo rm a tio n and
c o m m u n i c a t i o n t e c h n o l o g i e s (IC T ) t o t a k e c o m p e t i t i v e a d v a n t a g e s o v e r a n o p p o n e n t .
D e f e n s i v e I n f o r m a t i o n W a r f a r e : It r e f e r s t o a ll s t r a t e g i e s a n d a c t i o n s t o d e f e n d a g a i n s t a t t a c k s
o n IC T a s s e t s .
O ffe n s iv e In fo rm a tio n W a rfa re : It r e f e r s t o in fo rm a tio n w a rfa re t h a t in v o lv e s a tta c k s a g a in s t
IC T a s s e t s o f a n o p p o n e n t .
D e fe n s iv e W a r fa r e O ffe n s iv e W a r fa r e
P reve ntion
D ete rren ce
A le rts
D ete ctio n
Em ergency
Preparedness
Response
FIGURE 1.2: D e fe n s iv e a n d O ffe n s iv e W a rfa re D ia g ra m

IP v 6 S e c u r ity T h r e a ts CEH
A u to C o n f ig u r a t io n T h r e a t s
IPv6 enables auto-configuration o f IP networks, which may leave user

vulnerable to attacks if the netw ork is not configured properly and securely
from the very beginning
U n a v a ila b ilit y R e p u ta tio n - b a s e d P r o t e c t io n
Current security solutions use reputation o f IP addresses to filte r ou t

known sources o f malware; vendors w ill take tim e to develop reputation-
based protection fo r IPv6
I n c o m p a t ib ilit y o f L o g g in g S y s te m s
IPv6 uses 128-bit addresses, which are stored as a 39-digit string whereas
IPv4 addresses stored in a 15-character field; logging solutions designed for
IPv4 may not w ork on IPv6 based networks
Rate Limiting Problem
Administrators use rate lim itin g strategy to slow down the automated attack
tool; however, it is impractical to rate lim it at the 128-bit address level
I P v 6 S e c u r it y T h r e a t s
C o m p a re d to IP v4 , IP v 6 h a s a n im p ro v e d s e c u rity m e c h a n is m th a t a ssu re s a h ig h e r
le v e l o f s e c u rity a n d c o n f id e n t ia lit y f o r t h e in fo rm a tio n tra n s fe rre d o v e r a n e tw o rk . H o w e v e r,
I P v 6 is s t i l l v u l n e r a b l e . I t s t i l l p o s s e s s e s i n f o r m a t i o n s e c u r i t y t h r e a t s t h a t i n c l u d e :
A u to C o n f ig u r a t io n T h r e a ts
IP v 6 e n a b le s a u t o - c o n f ig u r a t io n o f IP n e t w o r k s , w h i c h m a y le a v e u s e r v u ln e ra b le to
a t t a c k s i f t h e n e t w o r k is n o t c o n f i g u r e d p r o p e r l y a n d s e c u r e l y f r o m t h e b e g i n n i n g .
U n a v a ila b ilit y R e p u ta tio n - b a s e d P r o te c tio n
C u rre n t s e c u rity s o lu tio n s use th e re p u ta tio n of IP a d d r e s s e s to filte r out know n
s o u r c e s o f m a l w a r e ; v e n d o r s w i l l t a k e t i m e t o d e v e l o p r e p u t a t i o n - b a s e d p r o t e c t i o n f o r IP v 6 .
e 5 I n c o m p a t ib ilit y o f L o g g in g S y s te m s
.— . IP v 6 uses 1 2 8 -b it a d d re s se s, w h ic h a re s to re d as a 3 9 -d ig it s trin g , w h e re a s IP v 4
a d d re s s e s a re s to re d in a 1 5 - c h a r a c t e r f i e l d ; lo g g in g s o l u t i o n s d e s i g n e d f o r IP v 4 m a y n o t w o r k
o n IP v6 -b a se d n e tw o rk s .

R a te L im it in g P r o b le m
A d m in is tra to rs use a ra te lim itin g s tra te g y to s lo w down th e a u to m a te d a tta c k to o l;
h o w e v e r , i t is i m p r a c t i c a l t o r a t e l i m i t a t t h e 1 2 8 - b i t a d d r e s s l e v e l .

IP v 6 S e c u r ity T h r e a ts q e \\
( C o n t ’d ) (•itifwtf | ttfciu! Nm Im
D e fa u lt IP v 6 C o m p le x ity o f N e tw o r k
A c tiv a tio n M anagem ent Tasks
IPv6 may be activated w ith o u t

ad m in is tra to r's know ledge, which w ill
leave IPv4-based security controls
ineffective
<M> A dm inistrators may a d o p t easy-to-
rem em b er addresses (::10,::20,::FOOD,
::C 5 C 0 o r simply IPv4 last o cte t fo r dual
stack) leading to potential vulnerability
N 4 <r
*‫־־‬
t± ±3
O v e r lo a d in g o f P e r im e te r C o m p l e x i t y in V u l n e r a b i l i t y
S e c u r it y C o n t r o ls A ssessm ent
IPv6 has a 40-byte fixed header w ith an add-

on "extension header" tha t may be chained,
which require a complex processing by various
security controls systems such as routers,
security gateways, firewalls and IDSes
OO IPv6's 128-bit address space makes
active scanning o f in fra stru ctu re fo r
unauthorized o r vulnerable systems
m ore com plex
I P v 6 S e c u r it y T h r e a t s ( C o n t ’ d )
Y o u m a y a ls o f in d t h e f o l l o w i n g t h r e a t s w h e n u s in g IP v6 :
D e fa u lt IP v 6 A c t iv a t io n
IP v 6 m a y b e a c t iv a t e d w ith o u t th e a d m in is tr a to r's k n o w le d g e , w h ic h w ill le a v e IP v 4 -
b a se d s e c u rity c o n tro ls in e ffe c tiv e .
[1
- j C o m p le x it y o f N e tw o r k M a n a g e m e n t T a s k s
‫ם‬ A d m in is tra to rs m ay adopt e a s y -to -re m e m b e r a d d re s s e s (: : 1 0 , : : 2 0 , : : fo o d ,
c 5 c o o r s im p ly IP v 4 la s t o c t e t f o r d u a l s ta c k ) le a d in g t o a p o te n tia l v u ln e r a b ility .
C o m p le x it y in V u ln e r a b ilit y A s s e s s m e n t
c— ‫* ־‬ I P v 6 ‫׳‬s 1 2 8 - b i t a d d r e s s s p a c e m a k e s a c t i v e s c a n n i n g o f i n f r a s t r u c t u r e f o r u n a u t h o r i z e d
o r v u ln e ra b le s y s te m s m o r e c o m p le x .
O v e r lo a d in g o f P e r im e te r S e c u r it y C o n tr o ls
IP v 6 has a 4 0 -b y te fix e d h e a d e r w ith an a d d -o n " e x te n s io n h e a d e rs" th a t m ay be
c h a in e d , w h ic h re q u ire s c o m p le x p ro c e s s in g by v a rio u s s e c u rity c o n tro ls s y s te m s such as
r o u t e r s , s e c u r i t y g a t e w a y s , f i r e w a l l s , a n d ID S .

IP v 6 S e c u r ity T h r e a ts EH
( C o n t ’d ) tthKJl IlMkM
IPv4 to IPv6 Translation Issu e s

T ra n sla tin g IPv4 tra ffic to IPv6 m ay re s u lt in a p o o r im p le m e n ta tio n and m ay p ro v id e
a p o te n tia l a tta c k v e c to r
S e c u r i t y I n f o r m a t i o n a n d E v e n t M a n a g e m e n t ( S I E M ) P r o b le m s
Every IPv6 h o s t can have m u ltip le IPv6 addresses s im u lta n e o u sly, w h ic h leads to
c o m p le x ity o f log o r e ve n t c o rre la tio n
Denlal-of-Servlce (DOS)
O ve rlo a d in g o f n e tw o rk s e c u rity and c o n tro l devices can s ig n ific a n tly re d u ce th e
a v a ila b ility th re s h o ld o f n e tw o rk resources le a d in g to DoS attacks
Trespassing
IPv6's ad vanced n e tw o rk disco ve ry fe a tu re s can be e x p lo ite d by attackers tra v e rs in g
th ro u g h y o u r n e tw o rk an d accessing th e re s tric te d resources
I P v 6 S e c u r it y T h r e a t s ( C o n t ’ d )
W W W
T h e f o l l o w i n g IP v 6 s e c u r it y t h r e a t s c a n a ls o c a u s e s e r i o u s d a m a g e t o y o u r n e t w o r k :
a IP v 4 to IP v 6 T r a n s la t io n Is s u e s
T r a n s l a t i n g IP v 4 t r a f f i c t o IP v 6 m a y r e s u l t in p o o r i m p l e m e n t a t i o n a n d m a y p ro v id e a
p o te n tia l a tta c k v e c to r.
S e c u r it y I n f o r m a t io n a n d E v e n t M a n a g e m e n t (S IE M )
M P r o b le m s
E v e r y IP v 6 h o s t c a n h a v e m u l t i p l e IP v 6 a d d r e s s e s s im u l t a n e o u s l y , w h i c h le a d s t o c o m p l e x i t y o f
lo g o r e v e n t c o r r e la tio n .
D e n ia l- o f- s e r v ic e (D O S )
O v e rlo a d in g of n e tw o rk s e c u rity and c o n tro l d e v ic e s can s ig n ific a n tly re d u ce th e
a v a ila b ility th r e s h o ld o f n e t w o r k re s o u rc e s , le a d in g t o D oS a tta c k s .
T r e s p a s s in g
IP v 6 's a d v a n c e d n e tw o rk d is c o v e ry fe a tu r e s can be e x p lo ite d by a tta c k e rs w ho can
tra v e rs e th ro u g h y o u r n e tw o rk a n d access th e re s tric te d re s o u rc e s .

F lo w CEH
(•rtifwd itkitjl
^ ‫ י ^יי ייי‬-
M o d u l e F lo w
S o f a r w e h a v e d is c u s s e d i n f o r m a t i o n s e c u r i t y , its t h r e a t s a n d a t t a c k v e c t o r s . N o w w e
w ill d is c u s s h o w a n a t t a c k e r c o m p r o m i s e s i n f o r m a t i o n s e c u r it y w i t h t h e h e lp o f a t t a c k v e c t o r s .
|~ U In fo r m a tio n S e c u rity O v e r v ie w H a c k in g P h a se s
Eel-------
^ In fo r m a tio n S e c u rity T h re a ts * - . . |
H a c k in g C o n c e p ts L ^ ‫־‬ In fo r m a tio n S e c u rity C o n tro ls
T h is s e c tio n w ill f a m ilia r iz e y o u w i t h t h e c o n c e p t o f e th ic a l h a c k in g , h o w it d iffe r s f r o m h a c k in g ,
t h e e f f e c t s o f h a c k in g a c t iv it ie s o n b u s in e s s , a n d d i f f e r e n t c la s s e s o f a t t a c k e r s .

H a c k in g v s . E th ic a l H a c k in g
J H a c k in g re fe rs t o e x p lo it in g s y s te m v u ln e r a b ilit ie s a n d
c o m p r o m is in g s e c u r it y c o n t r o ls t o g a in u n a u th o r iz e d o r
in a p p r o p r ia t e a c c e ss t o t h e s y s te m re s o u rc e s
J It in v o lv e s m o d if y in g s y s te m o r a p p lic a t io n f e a t u r e s t o
a c h ie v e a g o a l o u ts id e o f t h e c r e a to r 's o r ig in a l p u rp o s e
J E th ic a l h a c k in g in v o lv e s t h e u se o f h a c k in g to o ls , tr ic k s ,
a n d te c h n iq u e s t o i d e n t i f y v u ln e r a b ilit ie s so as t o
e n s u re s y s te m s e c u r ity
J It fo c u s e s o n s im u la tin g te c h n iq u e s u s e d b y a tta c k e rs t o
v e r if y t h e e x is te n c e o f e x p lo it a b le v u ln e r a b ilit ie s in
t h e s y s te m s e c u r ity
H a c k i n g v s . E t h i c a l H a c k i n g
- — ‫״‬ M o s t p e o p le d o n o t u n d e rs ta n d th e d iffe re n c e b e tw e e n h a c k in g a n d e th ic a l h a c k in g .
These tw o te rm s can be d iffe re n tia te d o n th e b a s is o f t h e in te n tio n s o f th e p e o p le w ho a re
p e rfo rm in g h a c k in g a c tiv ity . H o w e ve r, u n d e rs ta n d in g th e tru e in te n tio n s of h a cke rs can be
q u ite d iffic u lt.
H a c k in g
H a c k in g re fe rs to e x p lo itin g s y s te m v u ln e ra b ilitie s and c o m p ro m is in g s e c u rity
c o n tro ls to g a in u n a u th o riz e d or in a p p ro p ria te access to th e s y s te m reso u rce s. It in v o lv e s
m o d ify in g s y s te m or a p p lic a tio n fe a tu re s to a c h ie v e a goal o u ts id e o f th e c r e a to r 's o rig in a l
p u rp o se .
E t h ic a l H a c k in g
E th ic a l h a c k in g in v o lv e s th e use o f h a c k in g to o ls , tric k s , a n d te c h n iq u e s to id e n tify
v u ln e ra b ilitie s so as to e n s u re s y s te m s e c u rity . It f o c u s e s on s im u la tin g te c h n iq u e s used by
a t t a c k e r s t o v e r i f y t h e e x i s t e n c e o f e x p l o i t a b l e v u l n e r a b i l i t i e s in t h e s y s t e m s e c u r i t y .

E f f e c t s o f H a c k i n g o n B u s in e s s CEH
U rtifM IthKJl lUckM
According to the Symantec 2012 State of information survey,

information costs businesses worldwide $1.1 trillio n annually
Theft of customers' personal inform ation may risk the

business's reputation and invite lawsuits
Hacking can be used to steal, pilfer, and redistribute

intellectual property leading to business loss
Botnets can be used to launch various types of DoS and

other web-based attacks, which may lead to business
down-time and significant loss of revenues
Attackers may steal corporate secrets and sell them

to competitors, compromise critical financial I
C o m p r o m is e In f o r m a t io n
information, and leak information to rivals I
E f f e c t s o f H a c k i n g o n B u s in e s s
A c c o rd in g to th e S y m a n te c 2012 S ta te of In fo rm a tio n su rve y, in fo rm a tio n c o s ts
b u s in e s s e s w o r l d w i d e $ 1 . 1 t r i l l i o n a n n u a l l y . E v e r y b u s in e s s m u s t p r o v i d e s t r o n g s e c u r i t y f o r its
c u s t o m e r s ; o t h e r w i s e t h e b u s in e s s m a y p u t its r e p u t a t i o n a t s ta k e a n d m a y e v e n fa c e la w s u it s .
A tta c k e rs use h a c k in g te c h n iq u e s to s te a l, p ilfe r, and re d is trib u te in te lle c tu a l p ro p e rty of
b u s in e s s e s a n d in t u r n to m a k e fin a n c ia l g a in . A tta c k e r s m a y p r o fit, b u t th e v ic tim 's b u s in e s s
m u s t f a c e h u g e f i n a n c i a l lo s s e s a n d m a y e v e n lo s e its r e p u t a t i o n .
O n c e a n a t t a c k e r g a in s c o n t r o l o v e r t h e u s e r 's s y s t e m , h e o r s h e c a n a c c e s s a ll t h e f ile s t h a t a r e
s to re d on th e c o m p u te r, in c lu d in g p e rs o n a l or c o rp o ra te fin a n c ia l in fo rm a tio n , c re d it ca rd
n u m b e r s , a n d c l i e n t o r c u s t o m e r d a t a s t o r e d o n t h a t s y s t e m . If a n y s u c h i n f o r m a t i o n fa lls i n t o
th e w ro n g hands, it m ay c re a te chaos in th e n o rm a l fu n c tio n in g of an o rg a n iz a tio n .
O rg a n iz a tio n s m ust p ro v id e a s tro n g s e c u rity to its c ritic a l in fo rm a tio n s o u rce s c o n ta in in g
c u s to m e r d a ta and its u p c o m i n g re le a s e s o r id e a s . If t h e d a ta is a l t e r e d o r s to le n , a c o m p a n y
m a y lo s e c r e d i b i l i t y a n d t h e t r u s t o f its c u s t o m e r s . In a d d i t i o n t o t h e p o t e n t i a l f i n a n c i a l lo s s t h a t
m a y o c c u r , t h e lo s s o f i n f o r m a t i o n m a y c a u s e a b u s in e s s t o lo s e a c r u c ia l c o m p e t i t i v e a d v a n t a g e
o v e r its riv a ls . S o m e t i m e s a t t a c k e r s u s e b o t n e t s t o la u n c h v a r i o u s t y p e s o f D o S a n d o t h e r w e b -
b a s e d a tta c k s . T h is c a u s e s t h e t a r g e t b u s in e s s s e rv ic e s t o g o d o w n , w h ic h in t u r n m a y le a d t o
lo s s o f r e v e n u e s .

T he re a re m any th in g s th a t b u s in e s s e s can do to p ro te c t th e m s e lv e s and th e ir a s s e ts .
K n o w le d g e is a k e y c o m p o n e n t i n a d d r e s s i n g t h i s i s s u e . A s s e s s m e n t o f t h e ris k p r e v a l e n t in a
b u s in e s s a n d how a tta c k s c o u ld p o t e n t i a l l y a f f e c t t h a t b u s i n e s s is p a r a m o u n t f r o m a s e c u rity
p o in t o f v ie w . O n e does n o t have to be a s e c u rity e x p e rt to re c o g n iz e th e dam age th a t can
occur when a com pany is v ic tim iz e d by an a tta c k e r. By u n d e rs ta n d in g th e p ro b le m and
e m p o w e r in g e m p lo y e e s to fa c ilita te p r o te c tio n a g a in s t a tta c k s , t h e c o m p a n y w o u ld b e a b le t o
d e a l w i t h a n y s e c u r it y is s u e s as t h e y a ris e .

W h o Is a H a c k e r? CEH
E x c e lle n t C o m p u te r S k ills H obby
Intelligent individuals w ith excellent For some hackers, hacking is a

com puter skills, w ith the ability to hobby to see how many
create and explore into the com puters o r networks they
com pute r's softw a re and hardw are can com prom ise
D o I lle g a l T h in g s M a lic io u s I n t e n t
Some do hacking w ith malicious intent behind

Their inte ntion can eith er be to
th e ir escapades, like stealing business data,
gain know ledge or to poke
credit card info rm atio n, social security
around to do illegal things
numbers, em ail passwords, etc.
W h o I s a H a c k e r ?
A hacker is a p e rs o n w ho ille g a lly b re a k s in to a s y s te m or n e tw o rk w ith o u t any
a u th o r iz a tio n to d e s tro y , s te a l s e n s itiv e d a ta , o r p e rfo rm m a lic io u s a tta c k s . H a c k e rs m ay be
m o tiv a te d b y a m u ltitu d e o f re a s o n s :
© In te llig e n t in d iv id u a ls w ith e x c e lle n t c o m p u te r s k ills , w ith th e a b ility to c re a te and
e x p lo re th e c o m p u te r 's s o ftw a r e a n d h a r d w a r e
Q F o r s o m e h a c k e r s , h a c k i n g is a h o b b y t o s e e h o w m a n y c o m p u t e r s o r n e t w o r k s t h e y c a n
c o m p ro m is e
0 T h e ir i n t e n t i o n c a n e i t h e r b e t o g a in k n o w l e d g e o r t o p o k e a r o u n d d o in g ille g a l th in g s
0 Som e hack w ith m a lic io u s in te n t, such as s te a lin g b u s in e s s d a ta , c re d it c a rd
i n f o r m a t io n , s o c ia l s e c u r it y n u m b e r s , e m a il p a s s w o rd s , e tc .

H a c k e r C la s s e s C EH
es *‫י־‬ C5
A & O #
B la c k H a t s W h i t e H a ts G ra y H a ts S u ic id e H a c k e r s
Individuals w ith Individuals professing Individuals w ho w ork both Individuals w ho aim to

extra ord ina ry com puting hacker skills and using offensively and defensively bring d ow n critical
skills, resorting to m alicious them fo r defensive at various tim es infrastructure fo r a "cause”
o r d estructive activitie s and purposes and are also and are not w orried about
are also k now n as crackers know n as security analysts facing jail term s o r any
o the r kind o f punishm ent
AA
S c r i p t K id d ie s
&
S py H a c k e rs C y b e r T e r r o r is ts
a
S ta te S p o n s o re d
H a c k e rs
An unskilled hacker w ho Individuals em ployed by Individuals w ith w ide range Individuals em ployed by the
com prom ises system by the o rganization to o f skills, m o tivated by governm ent to penetrate
running scripts, tools, and penetrate and gain trade religious or p o litica l beliefs and gain top-secret
softw are d eveloped by real secrets o f the com p e tito r to create fear by large-scale inform ation and to damage
hackers d isrup tion o f com puter inform ation systems of
netw orks other governm ents
H a c k e r C la s s e s
H a c k e rs a re m a i n l y d iv id e d i n t o e ig h t c la s s e s :
B la c k H a ts
B la c k h a ts a re in d iv id u a ls w i t h e x t r a o r d i n a r y c o m p u t i n g s k ills , r e s o r tin g t o m a lic io u s
o r d e s t r u c t i v e a c t iv it ie s a n d a r e a ls o k n o w n as c r a c k e r s . T h e s e i n d iv id u a ls m o s t l y u s e t h e i r s k ills
f o r o n l y d e s t r u c t i v e a c t iv it ie s , c a u s in g h u g e lo s s e s f o r c o m p a n i e s as w e ll as in d iv id u a ls . T h e y u s e
t h e i r s k ills in f i n d i n g v u l n e r a b i l i t i e s in t h e v a r i o u s n e t w o r k s i n c l u d i n g d e f e n s e a n d g o v e r n m e n t
w e b s ite s , b a n k in g and fin a n c e , e tc . S o m e do it t o cause d a m a g e , s te a l in fo rm a tio n , d e s tro y
d a ta , o r e a r n m o n e y e a s ily b y h a c k in g ID s o f b a n k c u s to m e r s .
~ W h ite H a ts
‫“יי‬ * W h ite h a ts a re in d iv id u a ls w ho possess h a c k in g s k ills and use th e m fo r d e fe n s iv e
p u rp o s e s ; th e y a re a ls o known as s e c u r it y a n a ly s ts . T h e s e days, a lm o s t e v e ry com pany has
s e c u rity a n a ly s ts to d e fe n d th e ir s y s te m s a g a in s t th e m a lic io u s a tta c k s . W h ite h a ts h e lp
c o m p a n ie s s e c u re th e ir n e tw o rk s fr o m o u ts id e in tru d e rs .

* G r a y H a ts
G ray h a ts a re th e in d iv id u a ls w h o w o rk b o th o ffe n s iv e ly and d e fe n s iv e ly a t v a rio u s
tim e s . G r a y h a ts fa ll b e tw e e n w h ite and b la c k h a ts . G ra y h a ts m ig h t h e lp h a c ke rs b y fin d in g
v a rio u s v u ln e ra b ilitie s o f a s y s te m o r n e tw o rk and a t th e sa m e tim e h e lp v e n d o r s t o im p ro v e
p r o d u c ts ( s o ftw a r e o r h a rd w a r e ) b y c h e c k in g lim ita tio n s a n d m a k in g t h e m m o r e s e c u re , e tc .
S u ic id e H a c k e r s
S u ic id e h a c ke rs a re in d iv id u a ls w ho a im to b rin g down c ritic a l in fra s tru c tu re fo r a
"c a u s e " a n d a re n o t w o r rie d a b o u t f a c i n g 3 0 y e a r s in ja i l f o r t h e i r a c t io n s . S u ic id e h a c k e r s a r e
c lo s e ly r e la t e d t o s u ic id e b o m b e r s , w h o s a c rific e t h e i r life f o r t h e a t t a c k a n d a re n o t c o n c e r n e d
w i t h t h e c o n s e q u e n c e s o f t h e i r a c t io n s . T h e r e h a s b e e n a r is e in c y b e r t e r r o r i s m in r e c e n t y e a r s .
* jr S c r ip t K id d ie s
S c rip t k id d ie s a re th e u n s k ille d h a c k e rs w ho c o m p ro m is e s y s te m s b y ru n n in g s c rip ts ,
to o ls , and s o ftw a re d e v e lo p e d by rea l h a c k e rs . T h e y u tiliz e s m a ll, e a s y -to -u s e p ro g ra m s or
s c r ip ts as w e ll as d is t in g u is h e d t e c h n i q u e s t o f in d a n d e x p lo it t h e v u ln e r a b ilit ie s o f a m a c h in e .
S c rip t k id d ie s u s u a lly fo c u s o n t h e q u a n t it y o f a tta c k s r a t h e r t h a n t h e q u a lity o f t h e a tta c k s t h a t
th e y in itia te .
S p y H a c k e r s
S py h a c k e rs a re in d iv id u a ls w h o a re e m p lo y e d b y an o rg a n iz a tio n to p e n e tra te and
g a in t r a d e s e c re ts o f t h e c o m p e t it o r . T h e s e in s id e rs c a n ta k e a d v a n ta g e o f th e p riv ile g e s t h e y
ha ve to hack a s y s te m o r n e tw o rk .
C y b e r T e r r o r is t s
C y b e r t e r r o r is ts c o u ld be p e o p le , o rg a n iz e d g ro u p s fo rm e d b y t e r r o r is t o rg a n iz a tio n s ,
th a t have a w id e ra n g e o f s k ills , m o tiv a te d b y re lig io u s o r p o litic a l b e lie fs , t o c re a te fe a r by
la rg e -s c a le d is ru p tio n o f c o m p u t e r n e t w o r k s . T h is t y p e o f h a c k e r is m o r e d a n g e ro u s as th e y
ca n h a c k n o t o n ly a w e b s ite b u t w h o le In te r n e t zo n e s.
m
S ta te S p o n s o r e d H a c k e r s
S ta te s p o n s o re d h a c k e rs a re in d iv id u a ls e m p lo y e d by th e g o v e rn m e n t to p e n e tra te
a n d g a in t o p - s e c r e t in f o r m a t io n a n d t o d a m a g e i n f o r m a t i o n s y s te m s o f o t h e r g o v e r n m e n t s .

H a c k tiv is m CEH
Hacktivism is an act o f J It remains a fact, however,

pro m o tin g a p o litica l agenda th a t gaining unauthorized
by hacking, especially by access is a crim e, no m atter
defacing o r disabling websites w hat th e inte ntion is
It thrives in th e en vironm ent J Hacktivism is m otivated by

w here info rm atio n is easily revenge, political o r social
accessible reasons, ideology,
vandalism, protest, and a
Aims at sending a message
desire to h u m iliate victim s
through th e ir hacking activities
and gaining visibility fo r th e ir
cause
Comm on targets include

go vernm ent agencies,
m u ltin a tio n a l corpora tions, or
any o th e r e n tity perceived as
bad or w rong by these groups
or individuals
H a c k t i v i s m
H a c k tiv is m is an act of p ro m o tin g a p o litic a l agenda by h a c k in g , e s p e c ia lly by
d e f a c i n g o r d i s a b l i n g w e b s i t e s . T h e p e r s o n w h o d o e s t h e s e t h i n g s is k n o w n a s a h a c k t i v i s t .
© H a c k t i v i s m t h r i v e s i n a n e n v i r o n m e n t w h e r e i n f o r m a t i o n is e a s i l y a c c e s s i b l e
Q It a im s t o s e n d a m e s s a g e t h r o u g h h a c k in g a c t iv it ie s a n d g a in v is ib ilit y f o r a c a u s e .
Q C o m m o n ta r g e ts in c lu d e g o v e r n m e n t a g e n c ie s , m u ltin a t io n a l c o r p o r a tio n s , o r a n y o t h e r
e n t it y p e rc e iv e d as " b a d " o r " w r o n g " b y th e s e g ro u p s o r in d iv id u a ls .
© I t r e m a i n s a f a c t , h o w e v e r , t h a t g a i n i n g u n a u t h o r i z e d a c c e s s is a c r i m e , n o m a t t e r w h a t
t h e i n t e n t i o n is.
Q H a c k tiv is m is m o t i v a t e d by revenge, p o lit ic a l o r s o c ia l re a s o n s , id e o lo g y , v a n d a lis m ,
p ro te s t, a n d a d e s ire t o h u m ilia te v ic tim s .

F lo w CEH
(•rtifwd itkitjl

5 5 M o d u l e F lo w
In t h e p re v io u s s e c tio n , y o u le a rn e d a b o u t v a rio u s h a c k in g c o n c e p ts . N o w it's t i m e t o
d is c u s s t h e h a c k i n g m e t h o d . H a c k in g c a n n o t b e a c c o m p l i s h e d in a s in g le a c t i o n . It n e e d s t o be
d o n e in p h a s e s . T h e i n f o r m a t i o n g a t h e r e d o r t h e p r i v i l e g e s g a i n e d in o n e p h a s e c a n b e u s e d in
t h e n e x t p h a s e f o r a d v a n c in g t h e p ro c e s s o f h a c k in g .
In fo r m a tio n S e c u rity O v e rv ie w [ p s ^ j_ H a c k in g P h a s e s
‫־‬
> In fo r m a tio n S e c u rity T h re a ts

» H a c k in g C o n c e p ts In fo r m a tio n S e c u rity C o n tro ls
T h i s s e c t i o n lis ts a n d d e s c r i b e s v a r i o u s p h a s e s i n v o l v e d in h a c k i n g .

H a c k in g P h a s e s CEH
_l Reconnaissance refers to th e p re p a ra to ry phase w h e re an a tta cke r

seeks to g a th e r in fo rm a tio n a b o u t a ta rg e t p rio r to laun ching an
attack
J Could be th e fu tu re p o in t o f re tu rn , no ted fo r ease o f e n try fo r an

attack w hen m o re a b o u t th e ta rg e t is kn o w n on a broad scale
-l Reconnaissance ta rg e t range m ay include th e ta rg e t organization's

clients, em ployees, op eratio ns, n e tw o rk, and systems
R e c o n n a is s a n c e T y p e s
P a s s iv e R e c o n n a is s a n c e A c tiv e R e c o n n a is s a n c e
M a in t a -
in in g
Passive reconnaissance involves s Active reconnaissance involves
A ccess
acquiring inform ation w ithou t interacting w ith the target directly by
directly interacting w ith the target any means
For example, searching public s For example, telephone calls to the
C le a r in g records or news releases help desk or technical departm ent
T ra c k s
I
H a c k i n g P h a s e s
T h e v a r i o u s p h a s e s i n v o l v e d in h a c k i n g a r e :
© R e c o n n a is s a n c e
Q S c a n n in g
Q G a in in g A cc e s s
Q M a in ta in in g Access
© C le a rin g T ra c k s
R e c o n n a is s a n c e
R e c o n n a is s a n c e re fe rs to th e p re p a ra to ry phase w h e re a n a tta c k e r g a th e r s as m u c h
in fo rm a tio n as p o s s ib le a b o u t t h e t a r g e t p r io r t o la u n c h in g th e a t t a c k . A ls o in t h i s p h a s e , t h e
a t t a c k e r d r a w s o n c o m p e t it iv e in t e llig e n c e t o le a r n m o r e a b o u t t h e t a r g e t . T h is p h a s e m a y a ls o
in v o lv e n e t w o r k s c a n n in g , e it h e r e x te rn a l o r in te rn a l, w i t h o u t a u th o r iz a tio n .
T h i s is t h e p h a s e t h a t a l l o w s t h e p o t e n t i a l a t t a c k e r t o s t r a t e g i z e h i s o r h e r a t t a c k . T h i s m a y t a k e
s o m e t im e as th e a tta c k e r w a its t o u n e a r th c ru c ia l in fo r m a tio n . P a rt o f th is re c o n n a is s a n c e m a y

in v o lv e " s o c ia l e n g in e e rin g ." A s o c ia l e n g in e e r is a p e rs o n w ho s m o o th -ta lk s p e o p le in to
re v e a lin g in fo r m a t io n s u c h as u n lis te d p h o n e n u m b e r s , p a s s w o rd s , a n d o t h e r s e n s itiv e d a ta .
A n o th e r re c o n n a is s a n c e te c h n iq u e is "d u m p s te r d iv in g ." D u m p s te r d iv in g is t h e p ro ce ss of
lo o k in g t h r o u g h a n o r g a n iz a tio n 's tr a s h f o r d is c a rd e d s e n s itiv e in fo rm a tio n . A tta c k e rs can use
th e In te rn e t to o b ta in in f o r m a t io n s u c h as e m p lo y e e 's c o n t a c t in f o r m a t io n , b u s in e s s p a r tn e r s ,
t e c h n o l o g i e s in u s e , a n d o t h e r c r i t i c a l b u s i n e s s k n o w l e d g e , b u t " d u m p s t e r d i v i n g " m a y p r o v i d e
th e m w ith even m o re s e n s itiv e in fo rm a tio n such as u s e rn a m e s , p a ssw o rd s, c re d it ca rd
s ta te m e n ts , b a n k s ta te m e n ts , A T M s lip s , s o c ia l s e c u r it y n u m b e r s , t e l e p h o n e n u m b e r s , a n d so
o n . T h e r e c o n n a is s a n c e t a r g e t ra n g e m a y in c lu d e t h e t a r g e t o r g a n iz a tio n 's c lie n ts , e m p lo y e e s ,
o p e ra tio n s , n e tw o rk s , a n d s y s te m s .
F o r e x a m p le , a W h o is d a ta b a s e can p ro v id e in fo rm a tio n about In te rn e t a d d re sse s, d o m a in
n a m e s , a n d c o n ta c ts . If a p o t e n t i a l a t t a c k e r o b t a i n s D N S i n f o r m a t i o n f r o m t h e r e g i s t r a r , a n d is
a b le t o a c c e s s it, h e o r s h e c a n o b t a i n u s e fu l i n f o r m a t i o n s u c h as t h e m a p p i n g o f d o m a i n n a m e s
t o IP a d d r e s s e s , m a i l s e r v e r s , a n d h o s t i n f o r m a t i o n r e c o r d s . I t is i m p o r t a n t t h a t a c o m p a n y h a s
a p p r o p r i a t e p o lic ie s t o p r o t e c t its i n f o r m a t i o n a s s e ts , a n d a ls o p r o v id e g u id e lin e s t o its u s e rs o f
th e s a m e . B u ild in g u s e r a w a re n e s s o f th e p r e c a u t i o n s t h e y m u s t t a k e in o r d e r t o p ro te c t th e ir
i n f o r m a t i o n a s s e t s is a c r i t i c a l f a c t o r i n t h i s c o n t e x t .
R e c o n n a is s a n c e T y p e s
‫׳^־־־״‬ R e c o n n a is s a n c e te c h n iq u e s can be c a te g o riz e d b ro a d ly in to a c tiv e and p a s s iv e
re c o n n a is s a n c e .
W hen an a tta c k e r a p p ro a c h e s th e a t ta c k u s in g p a s s iv e re c o n n a is s a n c e te c h n iq u e s , h e o r she
does not in te ra c t w ith th e s y s te m d ire c tly . T h e a tta c k e r uses p u b lic ly a v a ila b le in fo rm a tio n ,
s o c ia l e n g in e e r in g , a n d d u m p s t e r d iv in g as a m e a n s o f g a t h e r in g i n f o r m a t i o n .
W hen a n a tta c k e r e m p lo y s a c tiv e re c o n n a is s a n c e te c h n iq u e s , he o r sh e trie s to in te ra c t w ith
th e s y s te m by u s in g to o ls to d e te c t open p o rts , a c c e s s ib le h o s ts , ro u te r lo c a tio n s , n e tw o rk
m a p p in g , d e ta ils o f o p e r a tin g s y s te m s , a n d a p p lic a tio n s .
The next phase o f a tta c k in g is s c a n n i n g , w h ic h is d i s c u s s e d in th e fo llo w in g s e c tio n . Som e
e x p e rts do n o t d iffe re n tia te s c a n n in g f r o m a c tiv e re c o n n a is s a n c e . H o w e v e r, th e re is a s l i g h t
d iffe re n c e as s c a n n in g in v o lv e s m o re in -d e p th p ro b in g on th e p a rt of th e a tta c k e r. O fte n
r e c o n n a i s s a n c e a n d s c a n n i n g p h a s e s o v e r l a p , a n d i t is n o t a l w a y s p o s s i b l e t o d e m a r c a t e t h e s e
p h a s e s as w a t e r t ig h t c o m p a r tm e n ts .
A c tiv e re c o n n a is s a n c e is u s u a lly e m p lo y e d when th e a tta c k e r d is c e rn s th a t th e re is a lo w
p r o b a b ility t h a t th e s e re c o n n a is s a n c e a c tiv itie s w ill b e d e te c te d . N e w b ie s a n d s c rip t k id d ie s a re
o ft e n f o u n d a t t e m p t in g th is t o g e t fa s te r, v is ib le re s u lts , a n d s o m e tim e s ju s t f o r t h e b ra g v a lu e
th e y can o b ta in .
As an e th ic a l h a ck e r, you m ust be a b le to d is tin g u is h am ong th e v a rio u s re c o n n a is s a n c e
m e th o d s , and be a b le to a d v o c a te p re v e n tiv e m e a su re s in th e lig h t of p o te n tia l th re a ts .
C o m p a n ie s , f o r t h e ir p a rt, m u s t a d d re s s s e c u rity as a n in te g ra l p a rt o f th e ir b u s in e s s a n d / o r
o p e ra tio n a l s tra te g y , a n d be e q u ip p e d w ith p r o p e r p o lic ie s a n d p ro ce d u re s to check fo r such
a c tiv itie s .

( C o n t ’d )
P re -A tta c k P h a s e
Scanning refers to the pre-attack phase when the attacker

scans th e n e tw o rk fo r specific info rm atio n on the basis o f
info rm atio n gathered during reconnaissance
P o rt S c a n n e r
ML Scanning can include use o f dialers, p o rt scanners, netw ork

mappers, ping tools, vulne rab ility scanners, etc.
E x tr a c t In fo rm a tio n
Attackers extract info rm atio n such as live machines, port,

p o rt status, OS details, device type, system up tim e, etc.
to launch attack
H a c k i n g P h a s e s ( C o n t ’ d )
S c a n n in g
S c a n n in g is w h a t a n a tta c k e r does p rio r to a tta c k in g th e n e tw o rk . In s c a n n in g , t h e
a tta c k e r uses th e d e ta ils g a th e re d d u rin g re c o n n a is s a n c e to id e n tify s p e c ific v u ln e ra b ilitie s .
S c a n n in g can be c o n s id e re d a lo g ic a l e x te n s io n (and o v e rla p ) o f th e a c tiv e re c o n n a is s a n c e .
O fte n a tta c k e r s u se a u t o m a t e d to o ls s u c h as n e t w o r k / h o s t s c a n n e rs a n d w a r d ia le rs t o lo c a te
s y s te m s a n d a t t e m p t t o d is c o v e r v u ln e ra b ilitie s .
A n a t ta c k e r c a n g a th e r c ritic a l n e t w o r k in fo rm a tio n s u c h as th e m a p p in g o f s y s te m s , ro u te rs ,
a n d f ir e w a lls b y u s in g s im p le t o o ls s u c h as T r a c e r o u t e . A lt e r n a t iv e ly , t h e y c a n u s e t o o ls s u c h as
C h e o p s t o a d d s w e e p in g fu n c tio n a lity a lo n g w ith w h a t T ra c e ro u te re n d e rs .
P o rt sca n n ers can be used to d e te c t lis te n in g p o rts to fin d in fo rm a tio n a b o u t th e n a tu re of
s e r v i c e s r u n n i n g o n t h e t a r g e t m a c h i n e . T h e p r i m a r y d e f e n s e t e c h n i q u e i n t h i s r e g a r d is t o s h u t
down s e rv ic e s t h a t a re n o t re q u ire d . A p p r o p r ia te filte rin g m a y a ls o b e a d o p t e d as a d e fe n s e
m e c h a n is m . H o w e ve r, a tta c k e rs can s till use to o ls to d e te rm in e th e ru le s im p le m e n te d fo r
filte rin g .
The m o s t c o m m o n ly used to o ls a re v u ln e ra b ility s c a n n e rs th a t can se a rch fo r se v e ra l k n o w n
v u ln e r a b ilit ie s o n a t a r g e t n e t w o r k , a n d c a n p o t e n t i a l l y d e t e c t t h o u s a n d s o f v u ln e r a b ilit ie s . T h is
g iv e s t h e a t t a c k e r t h e a d v a n ta g e o f t i m e b e c a u s e h e o r s h e o n ly h a s t o f in d a s in g le m e a n s o f

e n tr y w h ile th e s y s te m s p ro fe s s io n a l has t o s e c u re m a n y v u ln e ra b le a re a s b y a p p ly in g p a tc h e s .
O rg a n iz a tio n s th a t d e p lo y in tru s io n d e te c tio n s y s te m s (ID S e s ) s till have re a so n to w o rry
b e c a u s e a t t a c k e r s c a n u s e e v a s io n t e c h n i q u e s a t b o t h t h e a p p l i c a t i o n a n d n e t w o r k le v e ls .

( C o n t ’d )
■
R econn‫־‬
a is s a n c e
Gaining access refers to the point where the attacker

obtains access to the operating system or applications on
‫מ‬
the computer or network
A *
The attacker can gain access at the operating system level,

n application level, or network level
The attacker can escalate privileges to obtain complete

control of the system. In the process, intermediate systems
that are connected to it are also compromised
Examples include password cracking, buffer overflows,

denial of service, session hijacking, etc.
a
J
G a in in g A c c e s s
I e|
G a i n i n g a c c e s s is t h e m o s t i m p o r t a n t p h a s e o f a n a t t a c k i n t e r m s o f p o t e n t i a l d a m a g e .
G a in in g a cce ss re fe rs t o th e p o in t w h e r e th e a tta c k e r o b ta in s a cce ss t o th e o p e r a tin g s y s te m o r
a p p lic a tio n s o n t h e c o m p u t e r o r n e t w o r k . T h e a t t a c k e r c a n g a in a c c e s s a t t h e o p e r a t in g s y s te m
le v e l, a p p lic a tio n le v e l, or n e tw o rk le v e l. F a c to rs t h a t in flu e n c e th e chances o f an a tta c k e r
g a in in g access in to a ta rg e t s y s te m in c lu d e th e a rc h ite c tu re and c o n fig u ra tio n o f th e ta rg e t
s y s te m , th e s k ill le v e l o f t h e p e rp e tra to r, and th e in itia l le v e l o f a c c e s s o b t a in e d . T h e a tta c k e r
in itia lly t r ie s t o g a in m in im a l a c c e s s t o t h e t a r g e t s y s te m o r n e t w o r k . O n c e h e o r s h e g a in s t h e
access, h e o r sh e trie s to e s c a la te p riv ile g e s t o o b ta in c o m p le te c o n tro l o f th e s y s t e m . In t h e
p ro c e s s , i n t e r m e d i a t e s y s te m s t h a t a re c o n n e c t e d t o it a re a ls o c o m p r o m i s e d .
A tta c k e r s n e e d n o t a lw a y s g a in a c c e s s t o t h e s y s te m t o c a u s e d a m a g e . F o r in s ta n c e , d e n ia l- o f-
s e rv ic e a tta c k s ca n e ith e r e x h a u s t re s o u rc e s o r s to p s e rv ic e s f r o m ru n n in g o n th e ta rg e t s y s te m .
S to p p in g o f s e rv ic e c a n b e c a rrie d o u t b y k illin g p ro c e s s e s , u s in g a l o g i c / t i m e b o m b , o r even
r e c o n fig u r in g a n d c ra s h in g t h e s y s te m . R e s o u rc e s ca n b e e x h a u s te d lo c a lly b y fillin g u p o u tg o in g
c o m m u n i c a t i o n lin k s .
The e x p lo it can occur lo c a lly , o fflin e , over a LAN or th e In te rn e t as a d e c e p tio n or th e ft.
E x a m p le s in c lu d e s ta c k -b a s e d b u ffe r o v e rflo w s , d e n ia l-o f-s e rv ic e , and s e s s io n h ija c k in g .

A tta c k e r s u s e a t e c h n iq u e c a lle d s p o o fin g t o e x p lo it t h e s y s te m b y p r e t e n d in g t o b e s tr a n g e r s o r
d iffe r e n t s y s te m s . T h e y can use th is te c h n iq u e to s e n d a m a lfo r m e d p a c k e t c o n ta in in g a b u g to
th e ta rg e t s y s te m in o r d e r t o e x p lo it v u ln e ra b ility . P a cke t flo o d in g m ay be used to re m o te ly
s to p a v a ila b ility of th e e s s e n tia l s e rv ic e s . S m u rf a tta c k s try to e lic it a response fro m th e
a v a ila b le u s e rs o n a n e t w o r k a n d t h e n use t h e ir le g itim a te a d d re s s t o flo o d th e v ic tim .

( C o n t ’d )
M a in ta in in g access refers to th e phase w h e n th e a tta cke r trie s to

re ta in his o r h e r o w n e rs h ip o f th e system
M
£
A ttackers m ay p re ve n t th e system fro m being o w n e d by o th e r
attackers by securing th e ir exclusive access w ith Backdoors,
R ootKits, o r Trojans
A ttackers can u p lo ad, d o w n lo a d , o r m a n ip u la te da ta, a p p lica tio n s,

and c o n fig u ra tio n s on th e o w n e d system
A ttackers use th e co m p ro m ise d system to launch fu r th e r attacks

&
= r\
M a in t a in in g A c c e s s
O n c e a n a t t a c k e r g a in s a c ce ss t o th e ta rg e t s y s te m , th e a tta c k e r can ch o o se to use
b o th th e s y s te m and its re so u rce s and fu rth e r use th e s y s te m as a la u n c h pad to scan and
e x p lo it o th e r s y s te m s , o r to k e e p a lo w p ro file a n d c o n tin u e e x p lo itin g th e s y s te m . B o th th e s e
a c tio n s can dam age th e o rg a n iz a tio n . F o r in s ta n c e , th e a tta c k e r can im p le m e n t a s n iffe r to
c a p t u r e a ll n e t w o r k t r a f f i c , i n c l u d i n g t e l n e t a n d f t p s e s s io n s w i t h o t h e r s y s t e m s .
A tta c k e rs , w ho choose to re m a in u n d e te c te d , re m o ve e v id e n c e of th e ir e n try and use a
b a c k d o o r o r a T r o ja n t o g a in r e p e a t a c c e s s . T h e y c a n a ls o in s ta ll r o o t k i t s a t t h e k e rn e l le v e l to
g a in super u se r access. T he re a so n b e h in d th is is t h a t ro o tk its g a in access at th e o p e ra tin g
s y s t e m le v e l w h i le a T r o ja n h o r s e g a in s a c c e s s a t t h e a p p lic a t io n le v e l. B o th r o o t k it s a n d T r o ja n s
d e p e n d o n u s e rs t o in s ta ll t h e m . W i t h i n W i n d o w s s y s te m s , m o s t T r o ja n s in s ta ll t h e m s e lv e s as a
s e rv ic e a n d ru n as lo c a l s y s te m , w h ic h h a s a d m in is t r a t iv e a cce ss.
A tta c k e rs can use T ro ja n h o rs e s to tra n s fe r user nam es, p a ssw o rd s, and even c re d it c a rd
in f o r m a t io n s to re d o n th e s y s te m . T h e y c a n m a in ta in c o n tr o l o v e r t h e ir s y s te m f o r a lo n g t im e
b y " h a rd e n in g " th e s y s te m a g a in s t o t h e r a t t a c k e r s , a n d s o m e t i m e s , in t h e p ro ce ss, d o r e n d e r
s o m e d e g re e o f p ro te c tio n to th e s y s te m fr o m o th e r a tta c k s . T h e y can th e n use th e ir access to
s te a l d a t a , c o n s u m e C PU c y c le s , a n d t r a d e s e n s it iv e i n f o r m a t i o n o r e v e n r e s o r t t o e x t o r t i o n .

O rg a n iz a tio n s can use in tru s io n d e te c tio n s y s te m s or d e p lo y h o n e y p o ts and h o n e y n e ts to
d e te c t in tru d e rs . The la tte r th o u g h is not re c o m m e n d e d u n le s s th e o rg a n iz a tio n has th e
r e q u ir e d s e c u r ity p r o fe s s io n a l t o le v e ra g e t h e c o n c e p t f o r p r o t e c t io n .

H a c k in g P h a s e s
( C o n t ’d )
C o v e rin g tra c k s The attacker's T h e a tta c k e r

re fe rs t o th e in te n tio n s include: o v e r w r ite s th e
a c tiv itie s c a rrie d C ontin uing access to th e s e rv e r, s y s te m , a n d
victim 's system.
o u t b y a n a tta c k e r a p p lic a tio n lo g s to
re m a in in g u n n o tic e d
to h id e m a lic io u s a v o id s u s p ic io n
and un caugh t, d e le tin g
a c ts
evidence th a t m igh t
► lead to his prosecutio n ►*
Clearing
O ‫ם‬
Tracks
E C le a r in g T r a c k s
An a tta c k e r w o u ld lik e t o d e s tro y e v id e n c e o f h is o r h e r p r e s e n c e a n d a c tiv itie s fo r
v a rio u s re a s o n s s u c h as m a in ta in in g a cce ss a n d e v a d in g p u n itiv e a c tio n . T ro ja n s s u c h as ps o r
n e t c a t c o m e in h a n d y f o r a n y a t t a c k e r w h o w a n t s t o d e s t r o y t h e e v i d e n c e f r o m th e lo g file s o r
re p la c e th e s y s te m b i n a r i e s w i t h t h e s a m e . O n c e t h e T r o j a n s a r e in p la c e , t h e a t t a c k e r c a n b e
assum ed to have g a in e d to ta l c o n tro l o f th e s y s te m . R o o tk its a re a u to m a te d to o ls th a t a re
d e s ig n e d t o h id e th e p r e s e n c e o f t h e a t t a c k e r . B y e x e c u t i n g t h e s c r ip t, a v a r i e t y o f c r itic a l file s
a r e r e p l a c e d w i t h T r o j a n n e d v e r s i o n s , h i d i n g t h e a t t a c k e r in s e c o n d s .
O t h e r t e c h n i q u e s i n c l u d e s t e g a n o g r a p h y a n d t u n n e l i n g . S t e g a n o g r a p h y is t h e p r o c e s s o f h i d i n g
t h e d a t a , f o r i n s t a n c e in i m a g e s a n d s o u n d f i le s . T u n n e l i n g t a k e s a d v a n t a g e o f t h e t r a n s m i s s i o n
p r o t o c o l b y c a r r y i n g o n e p r o t o c o l o v e r a n o t h e r . E v e n t h e e x t r a s p a c e ( e .g ., u n u s e d b i t s ) in t h e
TCP a n d IP h e a d e r s c a n be u s e d f o r h id in g in fo rm a tio n . A n a tta c k e r can use th e s y s te m as a
co ve r to la u n c h fre s h a tta c k s a g a in s t o t h e r s y s te m s o r u s e it as a m e a n s o f r e a c h in g a n o t h e r
s y s te m o n th e n e t w o r k w i t h o u t b e in g d e te c te d . T h u s , th is p h a s e o f a tta c k c a n tu r n in to a n e w
c y c l e o f a t t a c k b y u s in g r e c o n n a i s s a n c e t e c h n i q u e s a ll o v e r a g a in .
T he re have been in s ta n c e s w h e re an a tta c k e r has lu rk e d on a s y s te m even as s y s te m
a d m in is t r a t o r s h a v e c h a n g e d . T h e s y s te m a d m in is t r a t io n c a n d e p lo y h o s t - b a s e d ID S e s a n d a n ti-

v iru s to o ls th a t can d e te c t T ro ja n s and o th e r s e e m in g ly b e n ig n file s and d ire c to rie s . As an
e th ic a l h a c k e r, y o u m u s t be a w a re o f th e to o ls a n d te c h n iq u e s th a t a tta c k e rs d e p lo y , so th a t
you a re a b le to a d v o c a te and ta k e c o u n te rm e a s u re s to e n s u re p ro te c tio n . These w ill be
d e t a i l e d in s u b s e q u e n t m o d u l e s .

F lo w CEH
(•rtifw l itk itjl
H a c k in g Typos of In fo rm a tio n S e c u r ity

M o d u l e F lo w
So fa r w e d is c u s s e d h o w i m p o r t a n t i t is f o r a n o r g a n i z a t i o n t o k e e p t h e i r i n f o r m a t i o n
re s o u rc e s s e c u re , v a rio u s s e c u rity th r e a t s a n d a tta c k v e c to rs , h a c k in g c o n c e p ts , a n d t h e h a c k in g
p h a s e s . N o w it's t im e t o e x a m in e t h e t e c h n i q u e s o r t h e t y p e o f a t ta c k s t h e a t t a c k e r a d o p t s t o
h a ck a s y s te m o r a n e tw o rk .
In fo r m a tio n S e c u rity O v e rv ie w H a c k in g P h a s e s
‫־‬
> In fo r m a tio n S e c u rity T h re a ts

O — T yp e s o f A tta c k s
» H a c k in g C o n c e p ts In fo r m a tio n S e c u rity C o n tro ls
T h is s e c tio n c o v e r s v a r io u s t y p e s o f a tta c k s s u c h as o p e r a t i n g s y s t e m a tta c k s a n d a p p lic a tio n -
le v e l a tta c k s .

T y p e s o f A tta c k s o n a S y s te m
J A t t a c k e r s e x p lo i t v u l n e r a b i li t i e s in a n i n f o r m a t io n s y s te m
t o g a in u n a u t h o r iz e d a c c e s s t o t h e s y s te m r e s o u r c e s
€5
J T h e u n a u t h o r iz e d a c c e s s m a y r e s u lt in lo s s , d a m a g e o r 5® .
t h e f t o f s e n s it iv e i n f o r m a t io n
IIIIIIIIIIIIIIIIIIII T y p e s o f A tta c k s
I O p e ra tin g S ystem A tta c k s III A p p lic a tio n Level A tta c k s
11 M is c o n fig u r a tio n A tta cks IV S h rin k W ra p C ode A tta cks
T y p e s o f A t t a c k s o n a S y s t e m
T h e r e a re s e v e ra l w a y s a n a t t a c k e r c a n g a in a c c e s s t o a s y s te m . T h e a t t a c k e r m u s t b e
a b le t o e x p l o i t a w e a k n e s s o r v u l n e r a b i l i t y in a s y s t e m :
© O p e ra tin g s y s te m a tta c k s : A tta c k e rs se a rc h fo r OS v u ln e ra b ilitie s a n d e x p lo it th e m to
g a in a c c e s s t o a n e t w o r k s y s te m .
Q A p p lic a tio n -le v e l a tta c k s : S o ftw a re a p p lic a tio n s c o m e w ith m y ria d fu n c tio n a litie s and
fe a tu re s . T he re is a d e a rth of tim e to p e rfo rm c o m p le te te s tin g b e fo re r e le a s in g
p ro d u c ts . T h o s e a p p lic a tio n s h a v e v a rio u s v u ln e ra b ilitie s a n d b e c o m e a s o u rc e o f a tta c k .
0 M is c o n fig u ra tio n a tta c k s : M ost a d m in is tra to rs d o n 't have th e ne ce ssary s k ills to
m a i n t a i n o r f ix is s u e s , w h i c h m a y le a d t o c o n f i g u r a t i o n e r r o r s . S u c h c o n f i g u r a t i o n e r r o r s
m a y b e c o m e th e s o u rc e s fo r an a tta c k e r to e n te r in to th e ta rg e t's n e tw o r k o r s y s te m .
Q S h rin k w r a p c o d e a tta c k s : O p e ra tin g s y s te m a p p lic a tio n s c o m e w it h n u m e ro u s s a m p le
s c rip ts to m ake th e jo b of a d m in is tra to r easy, but th e sam e s c rip ts have v a rio u s
v u ln e r a b ilit ie s , w h ic h c a n le a d t o s h r in k w r a p c o d e a tta c k s .

O p e r a tin g S y s te m A tta c k s CEH
A ttackers search fo r O B u ffe r o v e rflo w Exploiting specific

v u ln e ra b ilitie s in an v u ln e ra b ilitie s protocol im ple m en tation s
o p e ra tin g system's Attacking built-in
O Bugs in o p e ra tin g system
design, in sta lla tio n or a u th e n tica tio n systems
co n fig u ra tio n and O U npa tched o p e ra tin g
Breaking file-system
e x p lo it th e m to gain system
security
access to a n e tw o rk
system Cracking passwords and
en cryption mechanisms
G a in in g A c c e s s
O p e r a t i n g S y s t e m A t t a c k s
T o d a y 's o p e r a tin g s y s te m s , w h ic h a re lo a d e d w it h fe a tu r e s , a re in c r e a s in g ly c o m p le x .
W h ile u se rs ta k e a d v a n ta g e o f th e s e fe a tu re s , th e s y s te m is p r o n e t o m o r e v u l n e r a b i l i t i e s , t h u s
e n tic in g a tta c k e rs . O p e ra tin g s y s te m s run m any s e rv ic e s such as g ra p h ic a l user in te rfa c e s
(G U Is ). T h e s e s u p p o rts th e use o f p o rts and m odes o f access to th e In te rn e t, a nd e x te n s iv e
t w e a k i n g is r e q u i r e d t o l o c k t h e m d o w n . A tta c k e r s a re c o n s ta n tly lo o k in g f o r O S v u ln e r a b ilit ie s
so t h a t t h e y c a n e x p lo it a n d g a in a c c e s s t o n e tw o r k s y s te m s . T o s to p a tta c k e rs fr o m e n te rin g
th e ir n e tw o rk , th e s y s te m o r n e tw o r k a d m in is tr a to rs m u s tk e e p a b re a s t o f v a rio u s n e w e x p lo its
a n d m e th o d s a d o p te d by a tta c k e rs a n d m o n ito r th e ir n e tw o rk s c o n tin u o u s ly .
M o s t o p e r a t in g s y s te m s ' in s ta lla tio n p r o g r a m s in s ta ll a la rg e n u m b e r o f s e rv ic e s a n d o p e n p o r t s
b y d e f a u lt . T h is s it u a t io n le a d s a t t a c k e r s t o s e a rc h f o r v a r io u s v u ln e r a b ilit ie s . A p p ly in g p a t c h e s
a n d h o t f i x e s is n o t e a s y w i t h t o d a y ' s c o m p l e x n e t w o r k s . M o s t p a t c h e s a n d f i x e s t e n d t o s o l v e
a n i m m e d i a t e is s u e , b u t t h e y c a n n o t b e c o n s id e r e d a p e r m a n e n t s o lu t io n .
S o m e OS v u ln e r a b ilitie s in c lu d e :
Q B u ffe r o v e r f lo w v u ln e ra b ilitie s
© B u g s in t h e o p e r a t i n g s y s t e m
© U n p a tc h e d o p e ra tin g s y s te m s

A tta c k s p e r f o r m e d a t t h e O S le v e l in c lu d e :
Q E x p lo itin g s p e c ific n e t w o r k p r o t o c o l i m p le m e n t a t io n s
Q A tta c k in g b u ilt-in a u th e n tic a tio n s y s te m s
Q B re a k in g file s y s te m s e c u rity
© C ra c k in g p a s s w o r d s a n d e n c r y p t io n m e c h a n is m s

M is c o n fig u r a tio n A tta c k s CEH
If a system is m is c o n fig u re d , such as a change is m ade in th e file perm ission,

it can no long er be considered secure
M is c o n fig u ra tio n v u ln e ra b ilitie s affect w eb servers, ap p lica tio n platform s,

databases, ne tw orks, o r fra m e w o rks th a t may re sult in illega l access o r
possible o w n in g o f th e system
The a d m in is tra to rs are expected to change th e c o n fig u ra tio n o f th e devices

be fore th e y are de ployed in th e n e tw o rk. Failure to do th is allow s th e d e fa u lt
settings to be used to attack th e system
In o rd e r to o p tim ize th e co n fig u ra tio n o f th e m achine, re m ove any

re d u n d a n t services o r s o ftw a re
M i s c o n f i g u r a t i o n A t t a c k s
M is c o n fig u r a tio n v u ln e ra b ilitie s a ffe c t w e b s e rv e rs , a p p lic a tio n p la tfo rm s , d a ta b a s e s ,
n e t w o r k s , o r f r a m e w o r k s t h a t m a y r e s u l t in i l l e g a l a c c e s s o r p o s s i b l e o w n i n g o f t h e s y s t e m . If a
s y s t e m is m i s c o n f i g u r e d , s u c h a s w h e n a c h a n g e is m a d e i n t h e f i l e p e r m i s s i o n , i t c a n n o l o n g e r
b e c o n s id e re d s e c u re . A d m in is tra to r s a re e x p e c te d to c h a n g e th e c o n fig u r a tio n o f t h e d e v ic e s
b e fo re th e y a re d e p lo y e d in t h e n e tw o rk . F a ilu re t o d o th is a llo w s th e d e fa u lt s e ttin g s t o be
u s e d t o a t t a c k t h e s y s t e m . In o r d e r t o o p t i m i z e t h e c o n f i g u r a t i o n o f t h e m a c h in e , r e m o v e a n y
r e d u n d a n t s e rv ic e s o r s o ftw a re .

A p p lic a tio n -L e v e l A tta c k s CEH
0 0
A tta c k e rs e x p lo it th e v u ln e r a b ilitie s in a p p lic a tio n s r u n n in g o n
o r g a n iz a tio n s ' in fo r m a t io n s y s te m to g a in u n a u th o r iz e d a cce ss
a n d s te a l o r m a n ip u la te d a ta
0 0
0 0 0 0
P oor o r n o n e x is te n t e r ro r ch e c kin g O th e r a p p lic a tio n -le v e l a ttacks

in a p p lic a tio n s leads to : in clu d e :
9 Buffer overflow attacks 9 Phishing
9 Sensitive inform ation disclosure
9 Session hijacking
9 Cross-site scripting
9 Session hijacking and man-in-the- 9 Man-in-the-middle attack
middle attacks 9 Parameter/form tampering
9 Denial-of-service attacks
9 Directory traversal attacks
9 SQL injection attacks
0 0 0 0
A p p l i c a t i o n - l e v e l A t t a c k s
A p p lic a tio n s a re b e in g re le a s e d w ith m ore fe a tu re s and m o re c o m p le x c o d in g . W it h
t h i s in c r e a s e d d e m a n d in f u n c t i o n a l i t y a n d f e a t u r e s , d e v e l o p e r s g e n e r a l l y o v e r l o o k t h e s e c u r i t y
o f t h e a p p lic a t io n , w h i c h g iv e s ris e t o v u l n e r a b i l i t i e s in a p p lic a t io n s . A t t a c k e r s f in d a n d e x p l o i t
t h e s e v u l n e r a b i l i t i e s in t h e a p p lic a tio n s u s in g d if f e r e n t t o o ls a n d t e c h n iq u e s . T h e a p p lic a tio n s
a re v u ln e ra b le to a tta c k b e c a u s e o f th e fo llo w in g re a so n s:
0 S o ftw a re d e v e lo p e rs h a v e t ig h t s c h e d u le s t o d e liv e r p ro d u c ts o n tim e
0 S o ftw a re a p p lic a tio n s c o m e w ith a m u lt it u d e o f fe a tu r e s a n d fu n c t io n a lit ie s
0 T h e r e is a d e a r t h o f t i m e t o p e r f o r m c o m p l e t e t e s t i n g b e f o r e r e l e a s i n g p r o d u c t s
0 S e c u r i t y is o f t e n a n a f t e r t h o u g h t , a n d f r e q u e n t l y d e l i v e r e d a s a n " a d d - o n " c o m p o n e n t
P o o r o r n o n e x i s t e n t e r r o r c h e c k i n g in a p p l i c a t i o n s le a d s t o :
0 B u ffe r o v e rflo w a tta c k s
0 A c tiv e c o n te n t
0 C ro s s -s ite s c r ip tin g
0 D e n ia l- o f-s e rv ic e a n d SYN a tta c k s

Q SQL in je c tio n a tta c k s
Q M a lic io u s b o ts
O th e r a p p lic a tio n - le v e l a tta c k s in c lu d e :
Q P h is h in g
© S e s s io n h ija c k in g
e M a n - in - th e - m id d le a tta c k s
e P a ra m e te r/fo rm ta m p e rin g
0 D ir e c to r y tra v e rs a l a tta c k s

E x a m p le s o f A p p lic a t io n - L e v e l
CEH
A tta c k s
S e s s io n H ij a c k i n g
V u ln e ra b le C ode S ecure Code

< configuration> < configuration>
< s y s te m .w e b > <system.web>
a u t h e n t ic a t io n mode="Forms"> Attacker may a u t h e n t ic a t io n mode="Forn£3n> The code can

exploit session be secured by
<forms co o k ie ie ss = "U se U ri"> ■ inform ation in <forms c o o k i e l e s s = " U s e C o o k i e s " > using
U s e C o o k ie s
the vulnerable
</system.web> </system.web> instead of
code to perform
U seU ri
< /co nfig ura tion > session hijacking < /co nfig uration >
D e n ia l- o f- S e r v ic e
V u ln e ra b le C ode S ecure Code
S ta te m e n t stm n t ■ c o n n . c r e a te S ta te m e n t < ); S ta te m e n t stm n t;
tr y { s tm n t ■ c o n n . c r e a t e S t a t e m e n t ();
R e s u ltS e t r s l t s e t - s tm n t .e x e c u t e Q u e r y < );
s t m n t .e x e c u t e Q u e r y (); )
s t m n t .c lo s e ();
fin a lly {
The code can
I f (stmnt! « n u ll) {
be secured by
The code below is vulnerable to denial-of- t r y { stm n t.clo s e ();
releasing the
service attack, as it fails to release } c atch (SQLException sqlexp) { } resources in a
i f connection resource } c atch (SQLException sqlexp) { ) finally block
Note: For m o re in fo rm a tio n a b o u t a p p lica tio n v u ln e ra b ilitie s and h o w to fix th e m a tten d EC-Council's ECSP program
E x a m p le s o f A p p l i c a t i o n - L e v e l A t t a c k s
S e s s io n H ija c k in g
A tta c k e r s m a y e x p lo it s e s s io n in f o r m a t io n in t h e v u l n e r a b l e c o d e t o p e rfo rm s e s s io n
h ija c k in g w h e n y o u e n a b l e c o o k ie le s s a u t h e n t i c a t i o n in y o u r a p p lic a t io n . W h e n t h e t a r g e t t r ie s
to b ro w s e th ro u g h a URL, th e s e s s io n or a u th e n tic a tio n to k e n a p p e a rs in th e re q u e st URL
in s te a d o f th e s e cu re c o o k ie , to g iv e access to th e URL re q u e s te d by th e ta rg e t. H e re, an
a t t a c k e r u s i n g h is o r h e r s k ills a n d m o n i t o r i n g t o o l s c a n h i j a c k t h e t a r g e t s s e s s io n a n d s t e a l a ll
s e n s itiv e in fo r m a tio n .
V u ln e ra b le C o d e
A t t a c k e r s m a y e x p lo it s e s s io n i n f o r m a t i o n in t h e v u l n e r a b l e c o d e t o p e rfo rm s e s s io n h ija c k in g .

< c o n f ig u r a tio n >
< s y s te m .w e b >
< a u th e n t ic a tio n m o d e = "F o rm s ">
4r 4 < fo rm s c o o k ie le s s = " U s e U r i" >
< /s y s te m .w e b >
< /c o n fig u r a tio n >
TABLE 1.1: S ession H ija c k in g V u ln e ra b le C ode
S e cu re C ode
T h e c o d e c a n b e s e c u r e d b y u s in g U s e C o o k ie s in s t e a d o f U s e L J ri.
< c o n fig u r a tio n >
< s y s te m .w e b >
< a u th e n t ic a tio n m o d e = "F o rm s ">
< fo rm s c o o k ie le s s = " U s e C o o k ie s ">
< /s y s te m .w e b >
< /c o n f ig u r a tio n >
TABLE 1.2: S ession H ija c k in g S ecure C ode
D e n ia l- o f- S e r v ic e
V u ln e ra b le C o d e
The code th a t fo llo w s is v u ln e ra b le to a d e n ia l-o f-s e rv ic e a tta c k , as it fa ils to re le a s e a
c o n n e c tio n re s o u rc e .
S ta te m e n t s tm n t = c o n n . c re a te S ta te m e n t ();
R e s u lt S e t r s lts e t = s tm n t.e x e c u te Q u e ry ();
s t m n t.c lo s e ();
TABLE 1.3: D e n ia l-o f-S e rv ic e V u ln e ra b le C ode
S e cu re C ode
T h e c o d e c a n b e s e c u r e d b y r e l e a s in g t h e r e s o u r c e s in a f i n a l l y b lo c k .

1 S ta te m e n t s t m n t ;
2 try { s tm n t = c o n n .c r e a te S ta te m e n t ();
3 s tm n t.e x e c u te Q u e r y (); }
4 fin a lly {
5 I f (s tm n t! = n u ll) {
6 try { s tm n t.c lo s e ();
7 } c a tc h ( S Q L E x c e p t io n s q le x p ) { }
8 } c a tc h ( S Q L E x c e p t io n s q le x p ) { }
TABLE 1.4: D e n ia l-o f-S e rv ic e S ecure C ode

Ethical Hacking a n d C o u n te rm e a s u re s Exam 3 1 2 -5 0 C ertified Ethical H acker
In tro d u c tio n to Ethical H acking
S h r in k W r a p C o d e A tta c k s C E H
l iiB S h r in k W r a p C o d e A tta c k s
W hen you install an O S /a p plicatio n , it comes w ith many sample scripts to make the
a d m in istra to r's life easy.
© The problem is "n o t fin e tu n in g " or custom izing these scripts
Q This w ill lead to d e fa u lt code or sh rin k w ra p code attacks
Code fo r sh rin k w ra p s code attacks
M o d u le 0 1 P ag e 60 Ethical H acking a n d C o u n te rm e a s u re s C opyright © by EC-C0UnCil

All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .
01522 P iirtk F 1 w i» n (l« u ^ L m ( B v V a l1 L m .\1 S trin g ) A t S tring

01523 D im lQ u o t* C o u n t As Long
01524 D l» lc o v n t As Long
01525 D u sC h ar As Sc r in g
01526 D iik sP r« v C h a r As S tr i n g
01527
01528 ' S t e r t s 1* n t h R em i t is e com m ent
01529 s L i n t ■ T r 1 » ( s L 1n • )
01530 [ If L « ft< s L 1n • , 3) ■ "Ram* T h e n
01531 C l«& nU pL 1 n • ■ "*
01532
01533
01534 E x it F u n c tio n
E nd I f
01535 ' S ta r ts w ith ‘ i t i s 4 com m ent
01536 [ L e*t tf t ( s L i n • , 1) ■ ■ ‫• י‬
- II t L Th*n
01537 l♦ *. n U p L 1 n • ‫י‬
C l*
01538 tExxi ti t F u n c t i o n
01539 E nd I f
01540
01541 ' C o n t a i n s * m i y * re f m e »• 30 t+ s t i f it is e c o u m r( o r m th e
01542 • body o f e s tr in g
01543 ~ I t I n S t r ( s L i n « , 0 < (‫ ־ * ־‬T h * n
01544 s P r •v C h ax » ■ •
01545 1 Q u o t•C o u n t ■ 0
01546
01547 -F o r l c o v n t ■ 1 To L « n ( s L 1 n • )
01548 fC h » r ■ H1 d ( s L 1 n t , 1 c o u n t , 1)
01549
01550 ‫ י‬I f m fo u n d ‫ • י ״‬th e n e n «v«nnum ber o f "c h t r e c t e r s m fr o n t
01 SSI ' m eens i t i s th e s t e r t o f e c o m m e n t .e n d o d d n u m b e rM eans i t xs
01552 • p e rt o f e s tr in g
01553 r‫־‬I f
s C h a r ■ ‫ ־ • ־‬A nd s P r « v C h * r • ‫ ־ ־‬T h « n
01554 r I f 1 0 u o t« C o u n t n o d 2 » 0 T h e n
01555 s L i n * ■ T r i a ( L « f t < sL 1 n « , l c o v n t - 1 ) )
01556 E x it For
01557 L ln d I f
01558 - l l s « I f sC h ar ■ ‫ ־ ־ ־ ־‬T h e n
01559 lQ u o t• C o u n t ■ lO u o t•C o u n t ♦ 1
01560 L In d I f
01561 sP ra v C h a r * *C har
01562 N ax t 1c o u n t
01563 1 En d I f
01564
01565 C l« a n U p L ln « ■ s L l n •
01566 In d F u n c tio n
FIGURE 1.3: S h rin k W ra p s C ode

F lo w C E H
(•rtifwd itkitjl
^/‫—ייייי‬
Hacking Types o f Inform ation S ecurity
Phases A tta cks Controls
M o d u le flo w
In the previous section, we discussed how an a ttacker can com prom ise an
in fo rm a tio n system and w h a t type o f attacks an a ttacker can perform . Now, we w ill discuss
in fo rm a tio n se curity co n tro ls. In fo rm a tio n security co ntrols p re ve n t u n w a n te d events fro m
occurring and reduces the risk to the in fo rm a tio n assets o f the organization w ith se curity
policies.
In fo rm a tio n S ecurity O vervie w Hacking Phases

£‫—־‬
s ' In fo rm a tio n S ecurity Threats
Types o f A ttacks
and A tta ck V ectors
f Hacking Concepts In fo rm a tio n S ecurity C ontrols

• * 5OL
This section highlights the im portance o f ethical hacking and discusses various se curity policies.

W h y E t h ic a l H a c k in g is N e c e s s a r y
To beat a hacker, you need to think like one!

E th ic a l h a c k in g is n e c e s s a ry b e c a u s e it a llo w s t h e c o u n te r in g o f a tta c k s
fr o m m a lic io u s h a c k e rs b y a n tic ip a tin g m e th o d s th e y can use to b re a k
in to a s y s te m
Reasons why Organizations Ethical Hackers Try to Answer

Recruit Ethical Hackers the Following Questions
To prevent hackers from gaining access to information What can the intruder see on the target system?
breaches (Reconnaissance and Scanning phases)
To fight against terrorism and national security What can an intruder do with that information?
breaches (Gaining Access and Maintaining Access phases)
To build a system that avoids hackers from Does anyone at the target notice the intruders'
penetrating attempts or successes? (Reconnaissance and
Covering Tracks phases)
To test if organization's security settings are in fact
secure If all the components of information system are
adequately protected, updated, and patched
How much effort, time, and money is required to
|}> obtain adequate protection?

Does the information security measures are in
compliance to industry and legal standards?
W h y E th ic a l H a c k in g Is N e c e s s a ry
There is rapid g ro w th in technology, so th e re is g ro w th in the risks associated w ith the

technology. Ethical hacking helps to p re d ic t the various possible v u ln e ra b ilitie s w ell in advance
and re ctify the m w ith o u t incurring any kind o f attack fro m outsiders.
© Ethical Hacking: As hacking involves creative thinking , v u ln e ra b ility te s tin g and se curity
audits cannot ensure th a t the n e tw o rk is secure.
Q D efense-in-D epth S trategy: To achieve this, organizations need to im p le m e n t a

"d e fe n s e -in -d e p th " strategy by p en e tratin g th e ir netw orks to e stim a te v u ln e ra b ilitie s
and expose them .
0 C ounter th e A ttacks: Ethical hacking is necessary because it allows co un terin g o f attacks

fro m m alicious hackers by a n tic ip a tin g m e tho d s th e y can use to break in to a system.

S c o p e a n d L im ita tio n s o f E th ic a l
C E H
H a c k in g
Scope
Ethical hacking is a crucial com ponent o f risk assessment, au diting,

c ou nterfrau d, best practices, and good governance
It is used to id e n tify risks and highlight th e rem edial actions, and also
'G tJ
reduces info rm atio n and com m unications technology (ICT) costs by
resolving those vulnerabilities
Limitations
However, unless the businesses first know w hat it is at th a t they are looking
fo r and why they are hiring an outside ven dor to hack systems in the first
place, chances are there w ould no t be much to gain fro m the experience
An ethical hacker thus can only help the organization to be tter understand
th e ir security system, but it is up to the organization to place the righ t
guards on the netw ork
S c o p e a n d L im ita tio n s o f E t h ic a l H a c k in g
Ethical hacking has a scope, and th e re are various lim ita tio n s o f ethical hacking, as
w ell.
S cope
The fo llo w in g is the scope o f ethical hacking:
Q Ethical hacking is a crucial co m p on e nt o f risk assessment, a u d itin g , co u n te r fra u d , best
practices, and good governance.
© It is used to id e n tify risks and h ig hligh t rem edial actions, and it reduces in fo rm a tio n and
c o m m u n ica tio n s te ch n o lo g y (ICT) costs by resolving those vu ln erabilities.
L im it a t io n s
e
The fo llo w in g are th e lim ita tio n s o f ethical hacking:
Q Unless businesses firs t know w h a t it is th e y are looking fo r and w hy the y are hiring an
outside ve nd o r to hack systems in the firs t place; chances are th a t th e re w ill not be
much to gain fro m the experience.
© An ethical hacker th e re fo re can help the organization only to b e tte r understand th e ir
se curity system , b ut it is up to the organization to im p le m e n t the rig h t safeguards on
the netw ork.

S k ills o f a n E t h ic a l H a c k e r C E H
CwtMM IthKJl lUck•*
P la tfo r m K n o w le d g e Has in-d epth know ledge o f m a jo r operating

en vironm ents, such as W indow s, Unix, and Linux
a
N e t w o r k K n o w le d g e
Has in-d epth know ledge o f n e tw o rkin g concepts,
technologies and related hardw are and softw a re
o
C o m p u te r E x p e r t Should be a com p u te r exp ert ad ept at technical
dom ains
S e c u r ity K n o w le d g e Has know ledge o f security areas and related issues
Has "h ig h te ch n ica l" know ledge to launch th e

u
T e c h n ic a l K n o w le d g e
sophisticated attacks
S k ills o f a n E th ic a l H a c k e r
Ethical hacking is the legal hacking p erfo rm ed by pen te ste r to fin d v u ln e ra b ilitie s in
the in fo rm a tio n technology e nviron m e n t. In o rd er to p e rfo rm ethical hacking, the ethical
hacker requires the skills o f a co m p u te r expert. Ethical hackers should also have strong
c o m p u te r know ledge including p ro g ra m m in g and n e tw o rk in g . They should be p ro ficie n t at
installing and m aintaining systems using popular operating systems (e.g. UNIX, W indow s, or
Linux).
Detailed know ledge o f h ard w a re and s o ftw a re provided by popular co m p u te r and netw o rkin g
hardw are vendors co m p lem en t this basic know ledge. It is n ot always necessary th a t ethical
hackers possess any a dditional specialization in security. However, it is an advantage to know
how various systems m aintain th e ir security. M a n a g e m e n t skills p ertaining to these systems
are necessary fo r actual vu ln e ra b ility testin g and fo r preparing the re p o rt a fte r the testin g is
carried out.
An ethical hacker should possess im m ense patience as the analysis stage consumes m ore tim e
than the testing stage. The tim e fra m e fo r an evaluation may va ry fro m a fe w days to several
weeks, depending on the nature o f the task. W hen an ethical hacker encounters a system w ith
w hich he or she is n ot fam ilia r, it is im perative th e person takes the tim e to learn everything
about the system and try to find its v u ln e ra b le spots.

Ethical Hacking a n d C o u n te rm e a s u re s Exam 3 1 2-50 C ertified Ethical H acker
D e fe n s e ‫־‬i n ‫־‬D e p th
M u ltip le defense-in-depth counterm easures are taken to p ro te c t in fo rm a tio n assets

o f a com pany. The strategy is based on the m ilita ry principle th a t it is m ore d iffic u lt fo r an
enem y to defeat a com plex and m u lti-la y e re d defense system than to penetrate a single
barrier. If a hacker gains access to a system, defense-in-depth m inim izes the adverse im pact
and gives a dm inistrato rs and engineers tim e to deploy new o r updated counterm easures to
p revent a recurrence.
Q Defense-in-depth is a security strategy in w hich several p ro te c tio n layers are placed

th ro u g h o u t an in fo rm a tio n system.
© It helps to prevent d ire ct attacks against an in fo rm a tio n system and data because a
break in one layer only leads the a ttacker to the next layer.

D efense in D epth L a ye rs
FIGURE 1.4: D e fe n se in D e p th Layers D ia g ra m

In c id e n t M a n a g e m e n t P r o c e s s CEH
Urtifwl tthKJl lUck•*
~‫־‬i 11--- -
3 <9J
Incid ent m a nagem ent is a set Purpose of incident management process
o f defined processes to
id e n tify , analyze, p rio ritiz e , 1 Improves service quality
and resolve s e c u rity inc id e n ts
to restore n o rm a l service 2 Pro-active problem resolution
o p e ra tio n s as q u ickly as
possible and prevent fu tu re 3 Reduces impact of incidents on business/organization
reoccurrence o f th e in c id e n t
4 Meets service availability requirements
/‫ץ ־‬
5 Increases staff efficiency and productivity
a
6 Improves user/customer satisfaction
a a a /‫ץ ־׳‬
7 Assists in handling future incidents
O In c id e n t M a n a g e m e n t P ro c e s s
‫־׳‬V *,'3 ‫י‬
^ ^ Incident m anagem ent is a set o f defined processes to id e ntify, analyze, p rio ritize , and
resolve security incidents to restore the system to norm al service operations as soon as
possible and p revent the recurrence o f the same incident.
The purpose o f th e in cid en t m anagem ent process:
Q Im proves service qua lity
Q Pro-active problem resolution
Q Reduces im pact o f incidents on business/organization
0 M eets service a vailability requirem ents
e Increases staff efficiency and p ro d u ctivity
Q Im proves u ser/cu sto m er satisfaction
Q Assists in handling fu tu re incidents
M o d u le 0 1 P ag e 68 Ethical H acking a n d C o u n te rm e a s u re s C opyright © by EC-C0linCil

In c id e n t M a n a g e m e n t P r o c e s s E H
( C o n t 'd )
\S N
',ha * '°ft
, f
‫׳‬eW
% ‫׳‬%
r«lr
In c id e n t M a n a g e m e n t P ro c e s s (C o n t’d )
Incident m anagem ent is the process o f logging, recording, and resolving incidents
th a t take place in the organization. The incident may occur due to fa u lt, service degradation,
error, etc. The incidents are re p orte d by users, technical staff, or som etim es detected
auto m a tically by event m o n ito rin g to o ls. The main objective o f the in cident m anagem ent
process is to restore the service to a norm al stage as early as possible to custom ers, w hile
m aintaining a vailability and q u a lity o f service. Any occurrence o f the in cident in an organization
is handled and resolved by fo llo w in g these incident m anagem ent steps:
0 Preparation fo r Incident Handling and Response
0 D etection and Analysis
0 Classification and P rioritization
0 N o tifica tion
0 C ontainm ent
0 Forensic Investigation
0 Eradication and Recovery
0 P ost-incident A ctivities

In f o r m a t io n S e c u r it y P o lic ie s
J S e c u rity p o lic ie s a re th e fo u n d a tio n o f th e s e c u r ity in f r a s t r u c t u r e
J A s e c u rity p o lic y is a d o c u m e n t o r s e t o f d o c u m e n ts th a t d e s c rib e s t h e s e c u r ity

c o n tr o ls th a t w ill be im p le m e n te d in th e c o m p a n y a t a h ig h le v e l
G oals o f S e c u rity P o licie s
M aintain an outline fo r the management and Prevent unauthorized m odifications of

& adm inistration of netw ork security © the data
‫־‬ ‫־‬
Reduce risks caused by illegal use of the system
Protection of organization's com puting
resource, loss of sensitive, confidential data, and
resources potential property
Elim ination o f legal lia b ility from employees

® or th ird parties © D ifferentiate the user's access rights
Ensure customers' integrity and prevent waste Protect confidential, proprietary inform ation
o f company com puting resources fro m th e ft, misuse, unauthorized disclosure
In fo r m a tio n S e c u r ity P o lic ie s
A security policy is a docum ent or set o f docum ents th a t describes the security
co ntrols th a t should be im p le m e n te d in the com pany at a high level fo r safeguarding the
organizational n e tw o rk fro m inside and outside attacks. This d ocu m e n t defines the com plete
security arch itectu re o f an organization and the d ocum ent includes clear objectives, goals, rules
and regulations, fo rm a l procedures, and so on. It clearly m entions the assets to be protected
and the person w ho can log in and access sites, w ho can vie w the selected data, as w ell as the
people w ho are allow ed to change the data, etc. W ith o u t these policies, it is im possible to
p ro te c t the com pany fro m possible lawsuits, lost revenue, and so on.
Security policies are the fo u n d a tio n o f the se curity in fra s tru c tu re . These policies secure and
safeguard the in fo rm a tio n resources o f an organization and provide legal p ro te ctio n to the
organization. These policies are beneficial since th e y help bring awareness o f the s ta ff w orking
in the organization to w o rk to g e th e r to secure its co m m unication, as w ell as m inim izing the
risks o f security weaknesses throu g h "h u m a n -fa c to r" mistakes such as disclosing sensitive
in fo rm a tio n to unauthorized o r unknow n sources, im p ro p e r use o f Inte rn e t, etc. In a dd ition,
these policies provide p ro te ctio n against cyber-attacks, m alicious threats, foreign intelligence,
and so on. They m ainly address physical security, n e tw o rk security, access authorizations, virus
p ro te ctio n , and disaster recovery.

The goals o f se curity policies include:
0 M a in tain an o u tlin e fo r the m anagem ent and a dm in istra tio n o f n e tw o rk security
0 P rotection o f organization's co m p utin g resources
0 E lim in a tio n o f legal lia b ility fro m em ployees or th ird parties
0 Ensure custom ers' in te g rity and prevent wasting o f com pany co m p utin g resources
0 P revent u n a u th o rize d m o d ific a tio n s o f data
0 Reduce risks caused by illegal use o f the system resources and loss o f sensitive,
co nfid e ntia l data and p ote n tia l p ro p e rty
0 D iffe re n tia te a user's access rights
0 P rotect confid e ntia l, p ro p rie ta ry in fo rm a tio n fro m th e ft, misuse, or u n a u th o rize d

disclosure

C la s s ific a tio n o f S e c u r ity P o lic ie s C E H
User Policy
<30- » Defines what kind of user is using the network
<5X5X3
« Defines the limitations that are applied on
users to secure the network
« Ex: Password management policy
Issue Specific Policies IT Policy

9 Recognize specific areas of » Designed for IT department to
concern and describe the keep the network secure and
organization's status for stable
top level management w Ex: Backup policies, server
9 Ex: Physical security policy, configuration, patch update,
personnel security policy, and modification policies,
communications security firewall policies
Partner Policy General Policies

Policy that is defined among a « Defines the responsibility for general
group of partners business purposes
e Ex: High level program policy, business
continuity plans, crisis management,
disaster recovery
Copyright © by EG-GlOOCil. All Rights Reserved. Reproduction Is Strictly Prohibited.
C la s s ific a tio n o f S e c u r ity P o lic ie s

Security policies are sets o f policies th a t are developed to p ro te ct or safeguard a
com pany's in fo rm a tio n assets, netw orks, etc. These policies are applicable to users, IT
departm ents, organization, and so on. For effe ctive security m anagem ent, security policies are
classified in to five d iffe re n t areas:
I—-
U s e r P o lic y
0 Defines w h a t kind o f user is using the n e tw o rk
0 Defines the lim ita tio n s th a t are applied on users to secure the n e tw o rk
0 Ex: Password M anagem ent Policy
I T P o lic y
Designed fo r an IT d e p a rtm e n t to keep th e n e tw o rk secure and stable
Ex: backup policies, server co nfig u ra tion , patch updates, m o d ifica tio n policies, fire w a ll policies
G e n e r a l P o lic ie s
^ Define th e responsibility fo r general business purposes

Ex: high-level program policy, business c o n tin u ity plans, crisis m anagem ent, disaster recovery
P a r tn e r P o lic y
Policy th a t is defined among a group o f partners
^ I s s u e - s p e c ific P o lic ie s
x
Recognize specific areas o f concern and describe the organization's status fo r to p -
level m anagem ent
Ex: physical security policy, personnel security policy, com m unications security

S tru c tu re a n d C o n te n ts o f
C E H
S e c u r ity P o lic ie s
S ecurity Contents of
Policy S tructure S ecurity Policies
» Detailed description o f th e policy » High-level security requirem ents:
issues Requirem ent o f a system to
im plem ent security policies
e Description about the status o f th e
policy » Policy de scription : Focuses on
« A pplicability o f the policy to the security disciplines, safeguards,
e n vironm ent procedures, con tinuity o f operations,
and docum entation
» Functionalities o f those affected by the
policy » Security concept o f o p eratio n:
Defines the roles, responsibilities,
w C o m p a tib ility level o f the policy is
and functions o f a security policy
necessary
» A llo cation o f security en forcem ent
« End-consequences o f non-com pliance
to architectu re elem ents: Provides a
com puter system architecture
allocation to each system o f the
X program
Copyright © by EG-C*ancil. All Rights Reserved. Reproduction is Strictly Prohibited.
S tru c tu re a n d C o n te n ts o f S e c u r ity P o lic ie s
*I S tr u c tu r e o f S e c u r ity P o lic ie s
A security policy is the docum ent th a t provides the w ay o f securing the com pany's
physical personnel and data fro m threa ts o r se curity breaches. Security policies should be
stru cture d very carefully and should be review ed p ro pe rly to make sure th a t th e re is no
w o rd in g th a t som eone could take advantage of. The basic s tru c tu re o f security policies should
include the follo w in g :
0 D etailed d e scrip tio n o f the policy issues
0 Description o f the status o f the policy
0 A p p lica b ility o f the policy to the e n viro n m e n t
0 Functionalities o f those affected by the policy
0 Specific consequences th a t w ill occur if the policy is n ot com patible w ith the
organizational standards
r
C o n te n t o f S e c u r ity P o lic ie s
■‫־‬ ‘1
Security policies contain the fo llo w in g elem ents:

0 H igh-level S ecurity R equirem ents: Explains the re q u ire m e n ts o f a system fo r the

security policies to be im plem ented. The fo u r d iffe re n t types o f re quirem ents are
discipline, safeguard, p ro cedural, and assurance.
t? D iscipline S ecurity R equirem ents: This re q u ire m e n t includes various security

policies such as co m m u n ica tio n s security, c o m p u te r security, o p e ra tio n s security,
e m a na tio ns security, n e tw o rk security, personnel security, in fo rm a tio n security,
and physical security.
ti Safeguard S ecurity R equirem ents: This re q u ire m e n t m ainly contains access co ntro l,
archive, audit, a u th e n ticity, a v a ila b ility , c o n fid e n tia lity , cryptography, id e n tifica tio n
and a u th e n tica tio n , in te g rity, interfaces, m arking, n o n -re p u d ia tio n , o bject reuse,
recovery, and virus p ro te c tio n .
- P rocedural S ecurity R equirem ents: This re q u ire m e n t m ainly contains access

policies, a c c o u n ta b ility rules, c o n tin u ity -o f-o p e ra tio n s plans, and docu m e n ta tio n.
t? Assurance S ecurity: This includes c e rtific a tio n and a ccre d ita tio n review s and
sustaining planning docum ents used in the assurance process.
© Policy D e scription: Focuses on security disciplines, safeguards, procedures, c o n tin u ity o f

operations, and d o cu m e n ta tio n. Each subset o f this p o rtio n o f the policy describes how
the system 's arch itectu re w ill enforce security.
0 S ecurity Concept o f O p e ra tio n : M a inly defines the roles, re sp on sib ilitie s, and fu n c tio n s
o f a security policy. It focuses on mission, com m unications, e ncryption, user and
m aintenance rules, id le -tim e m anagem ent, use o f p riva tely ow ned versus public-dom ain
softw are, shareware softw are rules, and a virus p ro te ctio n policy.
0 A llo ca tio n o f S ecurity E nforcem ent to A rc h ite c tu re Elem ents: Provides a co m p u te r

system a rch itectu re allocation to each system o f the program .

T y p e s o f S e c u r it y P o lic ie s C E H
‫י‬ m
P ro m isc u o u s P e rm issiv e P ru d e n t P a ra n o id
P o licy P o licy P o licy P o licy
□ ------
No restrictions on Policy begins w ide It provides maximum It forbids everything,
In te rn e t o r re m ote open and on ly security w h ile no In te rn e t
access k no w n dangerous allow ing know n but con nection , or
services/attacks necessary dangers severely lim ite d
blocked, w hich In te rn e t usage
It blocks all services
makes it d iffic u lt to
and only safe/
keep up w ith
necessary services are
c u rre n t exploits
enabled individually;
everything is logged
H -|t‫־‬ T y p e s o f S e c u r ity P o lic ie s
A security policy is a d o cu m e n t th a t contains in fo rm a tio n on the w ay th e com pany

plans to p ro te ct its in fo rm a tio n assets fro m kn ow n and u n kn o w n th re a ts. These policies help
to m aintain the co nfid e ntia lly, availability, and in te g rity o f in fo rm a tio n . The fo u r m ajor types o f
security policies are as follow s:
A P r o m is c u o u s P o lic y
m rk
W ith a prom iscuous policy, the re is no re s tric tio n on In te rn e t access. A user can
access any site, dow nload any application, and access a co m p u te r or a n e tw o rk fro m a rem ote
location. W hile this can be useful in co rp orate businesses w here people w ho travel or w o rk at
branch offices need to access the organizational netw orks, many m alware, virus, and Trojan
threa ts are present on the Inte rn e t. Due to free In te rn e t access, this m alw are can come as
a ttachm ents w ith o u t the know ledge o f the user. N e tw o rk a d m in is tra to rs m ust be extrem ely
a le rt if this type o f policy is chosen.
P e r m is s iv e P o lic y
i!L 1 ‫•׳‬ In a permissive policy, the m a jo rity o f In te rn e t tra ffic is accepted, b ut several know n
dangerous services and attacks are blocked. Because only know n attacks and exploits are

blocked, it is im possible fo r adm inistrato rs to keep up w ith cu rre n t exploits. A dm in istra to rs are
always playing catch-up w ith new attacks and exploits.
P r u d e n t P o lic y
A p ru de n t policy starts w ith all services blocked. The a d m in istra to r enables safe and
necessary services individually. This provides m a xim u m security. Everything, such as system
and n e tw o rk activities, is logged.
P a r a n o id P o lic y
cw - In a paranoid policy, everything is fo rb id d e n . There is s tric t re s tric tio n on all usage o f

com pany com puters, w h e th e r it is system usage o r n e tw o rk usage. There is e ith e r no In te rn e t
connection o r severely lim ite d In te rn e t usage. Due to these overly severe restrictions, users
o fte n try to find ways around them .

S te p s to C re a te a n d Im p le m e n t
S e c u r ity P o lic ie s
Make fin a l version available to all

Include senior m anagem ent o f the staff in the organization
Perform risk assessment and all oth e r staff in policy

to iden tify risks to the developm ent
organization's assets
4 Train your em ployees

and educate them
Set clear penalties and about the policy
enforce the m and also
review and update o f
Learn fro m standard the security policy Ensure every m em ber o f
guidelines and oth e r your staff read, sign, and
organizations understand th e policy
S te p s to C r e a te a n d I m p le m e n t S e c u r ity P o lic ie s
Im p lem enting se curity policies reduces the risk o f being attacked. Thus, every
com pany m ust have its own security policies based on its business. The fo llo w in g are the steps
to be fo llo w e d by every organization in o rd er to create and im p le m e n t security policies:
1. Perform risk assessm ent to id e n tify risks to th e organization's assets
2. Learn fro m standard g uidelines and o th e r organizations
3. Include senior m anagem ent and all o th e r sta ff in policy deve lo p m en t
4. Set clear p enalties and enforce the m and also review and update the security policy
5. Make the final version available to all sta ff in the organization
6. Ensure every m em ber o f yo u r sta ff reads, signs, and understands the policy
7. Install the too ls you need to enforce th e policy
8. Train yo ur em ployees and educate the m about the policy

Acceptable-Use Policy It defines the acceptable use of system resources
It defines the account creation process and authority, rights and responsibilities
User-Account Policy
of user accounts
It defines who can have remote access, and defines access medium and remote
Remote-Access Policy
access security controls
Inform ation- It defines the sensitivity levels of information, who may have access, how is it
Protection Policy i WT stored and transmitted, and how should it be deleted from storage media
Firewall- It defines access, management, and monitoring of firewalls in the organization

M anagem ent Policy
This policy defines the terms and conditions of granting special access to system
Special-Access Policy
resources
N etw ork- It defines who can install new resources on the network, approve the installation
Connection Policy of new devices, document network changes, etc.
Email Security Policy It is created to govern the proper usage of corporate email
It provides guidelines for using strong password protection on organization's

Passwords Policy
resources
E x a m p le s o f S e c u r ity P o lic ie s
The fo llo w in g are some examples o f security polies th a t are created, accepted, and
used by organizations w o rld w id e to secure th e ir assets and im p o rta n t resources.
A cceptable-U se Policy
Defines the acceptable use o f system resources
U ser-A ccount Policy
Defines th e account creation process and a u th o rity , rights, and re sp o n sib ilitie s o f user
accounts
Remote-Access Policy
Defines w ho can have re m o te access, and defines access m e d ium and re m o te access security
controls
In fo rm a tio n -P ro te c tio n Policy
Defines the s e n s itiv ity levels o f in fo rm a tio n , w ho may have access, how is it stored and
tra n s m itte d , and how should it be deleted fro m storage media
F ire w a ll-M a n a g e m e n t Policy

Defines access, m anagem ent, and m o n ito rin g o f fire w a lls in the organization
Special-Access Policy
This policy defines th e te rm s and co n d itio n s o f granting special access to system resources
N e tw o rk-C o n n e ctio n Policy
Defines w ho can install n ew resources on the n etw o rk, approve the in stallation o f new devices,
d ocum ent n e tw o rk changes, etc.
Email S ecurity Policy
Created to govern the p ro pe r usage o f co rp o ra te em ail
Password Policy
Provides guidelines fo r using stro ng passw ord p ro te c tio n on organization's resources

V u ln e r a b ilit y R e s e a r c h
J T h e p ro c e s s o f d is c o v e r in g v u ln e r a b ilit ie s a n d d e s ig n fla w s th a t w ill

o p e n an o p e r a tin g s y s te m a n d its a p p lic a tio n s to a tta c k o r m is u s e
J V u ln e r a b ilitie s a re c la s s ifie d b a s e d o n s e v e r ity le v e l (lo w , m e d iu m , o r

h ig h ) a n d e x p lo it ra n g e (lo c a l o r re m o te )
An administrator needs vulnerability research:
To gather in fo rm a tio n ab out To find weaknesses and a le rt the

security trends, threats, and n e tw o rk a d m in istra to r before a
‫י‬ attacks n e tw o rk attack
o
To get in fo rm a tio n th a t helps
To know ho w to recover fro m a
© to prevent th e security
problem s
n e tw o rk attack
V u ln e r a b ility R e s e a rc h
V u ln e ra b ility research means discovering system design fa u lts and weaknesses th a t

m ight help attackers com prom ise the system. Once the a ttacker finds o u t the v u ln e ra b ility in
the p ro du ct or th e application, he or she trie s to e x p lo it it.
V u ln e ra b ility research helps both security adm inistrato rs and attackers:
© Discovering system design faults and weaknesses th a t m ight help attackers to
com prom ise the system
Q Keeping abreast o f the latest v e n d o r-su p p o rte d p roducts and o th e r technologies in
o rd er to find news related to cu rre n t exploits
e Checking new ly released alerts regarding relevant innovations and p roduct
im p rovem ents fo r security systems
e V u ln e ra b ility research is based on the fo llo w in g classification:
Q S everity level (low, m edium , or high)
Q E xploit range (local or rem ote)
An a d m in is tra to r needs v u ln e ra b ility research:
Q To gather in fo rm a tio n about security trends, threats, and attacks
© To find weaknesses and a le rt the n e tw o rk a d m in istra to r before a n e tw o rk attack
Q To get in fo rm a tio n th a t helps to p revent security problem s
Q To know how to recover fro m a n e tw o rk attack

V u ln e r a b ility R e s e a r c h W e b s ite s C E H
/
C o d e R e d C e n te r H a c k e r S to rm
1 http://www.eccouncil.org ‫ץ‬ http://www.hackerstorm.co.uk
‫ר־־־‬
j % TechN et £3| SC M a g a z in e
I
‫ןיין י ^ ו‬ http://blogs. technet.com -1—1 / » f fp : / / w w w .s c m o g o z / n e .c o m
S e c u r ity M a g a z in e C o m p u te r w o r ld
http://www.5ecuritymagazine.com http://www.computerworld. com
S e c u rity F o c u s H a c k e rJ o u rn a ls
http://www.securityfocus. com < http://www.hackerjournals.com
c
H e lp N e t S e c u r ity W in d o w s S e c u r ity B lo g s
\o*M
™ http://www.net-security.org http://blogs.windowsecurity.com
v > ------
V u l n e r a b ilit y R e s e a r c h W e b s ite s
The fo llo w in g are the some v u ln e ra b ility research w ebsites th a t you can use:
ill...... C o d e R e d C e n te r
f -L11lilll |
Source: h ttp ://w w w .e c c o u n c il.o rg
The CodeRed Center is a com prehensive se curity resource a d m in is tra to rs can tu rn to fo r daily,
accurate, u p-to -d a te in fo rm a tio n on the latest viruses, Trojans, m alw are, threats, security tools,
risks, and vulnerabilities.
( P TechN et
Source: h ttp ://b lo g s.te ch n e t.co m
TechN et is a p ro ject team fro m across M ic ro s o ft Lync Server team s and the co m m u n ity at
large. It is led by the Lync Server d o cu m e n ta tio n team ; th e ir w rite rs and technical review ers
come fro m all disciplines, including p ro du ct engineers, fie ld engineers, su pp o rt engineers,
d ocu m e n ta tio n engineers, and some o f the m ost respected technology bloggers and authors in
the Lync Server universe.

X S e c u r ity M a g a z in e
mVn
Source: h ttp ://w w w .se cu ritym a g a zin e .co m
Security Magazine is uniquely focused on solutions fo r enterprise security leaders. It is designed

and w ritte n fo r business-m inded executives w ho manage e n te rp rise risk and security. Security
Magazine provides m anagem ent-focused features, opinions, and trends fo r leaders in business.
S e c u r ity F o c u s
Source: h ttp ://w w w .s e c u rity fo c u s .c o m
The Security Focus w ebsite focuses on a fe w key areas th a t are o f greatest im portance to the
security co m m unity.
Q BugTraq is a high-volum e, full-disclosure m ailing list fo r the detailed discussion and

announcem ent o f co m p u te r security vu ln era b ilitie s. BugTraq serves as the cornerstone
o f th e In te rn e t-w id e security co m m unity.
0 The SecurityFocus V u ln e ra b ility Database provides security professionals w ith the m ost
u p-to -d a te in fo rm a tio n on vu ln era b ilitie s fo r all p la tfo rm s and services.
H e lp N e t S e c u r ity
Source: h ttp ://w w w .n e t-s e c u rity .o rg
Net Security is a daily security news site th a t has been covering th e latest co m p u te r and
n e tw o rk security news since its inception in 1998.
Besides covering news around the globe, HNS focuses on q u a lity technical articles and papers,
vu ln era b ilitie s, ve nd o r advisories, m alware, and hosts th e largest security softw are dow nload
area w ith so ftw a re fo r W indow s, Linux, and Mac OS X.
H a c k e rS to rm
Source: http://www.hackerstorm.co.uk
HackerStorm is a security resource fo r e thical hackers and p e n e tra tio n teste rs to create b e tte r
p en e tra tio n testin g plans and scopes, and conduct vu ln e ra b ility research.
S C M a g a z in e
^ Source: h ttp ://w w w .scm a g a zin e .co m
SC Magazine is published by H aym arket Media Inc. and is part o f a global brand. There are
th re e separate editions o f the magazine:
© N orth Am erica - U.S. and Canada
© Inte rn a tion a l - U.K. and m ainland Europe

Q Asia Pacific O nline - read by decision-m akers in over 20 co u n trie s in the Pacific Rim
region
The magazine is published m o n th ly, usually in the firs t w eek o f each m o n th . It is th e longest
running in fo rm a tio n security magazine in the w o rld , w ith the w idest d istrib u tio n .
SC Magazine provides IT security professionals w ith in -d ep th and unbiased in fo rm a tio n in one

incom parable publication. In each m o n th ly issue it has tim e ly news, com prehensive analysis,
cutting-edge features, co n trib u tio n s fro m th o u g h t leaders and the best, m ost extensive
co llection o f p ro du ct reviews in the business. They been doing this since 1989, w hen it firs t
began cam paigning fo r organizations' in fo rm a tio n security leaders, making it the longest
established IT security title in the United States.
C o m p u te r w o r ld
““ “ — Source: h ttp ://w w w .c o m p u te rw o rld .c o m
For m ore than 40 years, C o m p ute rw o rld has been the leading source o f technology news and
in fo rm a tio n fo r IT influencers w o rld w id e . C o m p u te rw o rld 's w e b site (C om puterw orld.com ),
tw ic e -m o n th ly publication, focused conference series, and custom research fo rm the hub o f the
w o rld 's largest global IT media netw ork.
Source: h ttp ://w w w .h a c k e rio u rn a ls .c o m
Hacker Journals is an online In fo rm a tio n S ecurity C o m m u n ity. It propagates news specifically

related to in fo rm a tio n security threa ts and issues fro m all over the w o rld . Its research team s
search and com pile news fro m tens o f thousands o f sites to bring you the m ost relevant Cyber
Security title s in one location. In a dd itio n to news, it hosts blogs and discussions, education
videos, as w ell as its W orld Famous Hack.ED colum n, providing education series in Ethical
Hacking and C ounterm easure Techniques and technologies.
\— /
- W in d o w s S e c u r it y B lo g s
Source: h ttp ://b lo g s.w in d o w se cu rity.co m
W indow s security has blogs posted by fam ou s auth ors w ho are leading industry experts. It has
various features such as articles and tu to ria ls, blogs, message boards, security tests, and w h ite
papers.

W h a t I s P e n e t r a t io n T e s t in g ? C E H
UrtrfW* I ttfciul lUilwt
P e n e tra tio n te s tin g is a m e th o d o f e v a lu a tin g T e s tin g in v o lv e s a c tiv e a n a ly s is o f

th e s e c u rity o f an in fo r m a t io n s y s te m o r s y s te m c o n fig u ra tio n s , d e s ig n
n e tw o r k b y s im u la tin g a n a tta c k to w e a k n e s s e s , n e tw o r k
f in d o u t v u ln e r a b ilit ie s th a t an a r c h ite c tu re , te c h n ic a l fla w s ,
a tta c k e r c o u ld e x p lo it a n d v u ln e r a b ilitie s
B lack b o x te s tin g s im u la te s an A c o m p re h e n s iv e r e p o r t w ith

a tta c k fr o m s o m e o n e w h o has d e ta ils o f v u ln e ra b ilitie s
n o p r io r k n o w le d g e o f th e s y s te m , d is c o v e re d a n d s u ite o f
a n d w h ite b o x te s tin g s im u la te s an re c o m m e n d e d c o u n te rm e a s u re s
a tta c k fr o m s o m e o n e w h o has is d e liv e re d to th e e x e c u tiv e ,
c o m p le te k n o w le d g e a b o u t th e s y s te m m a n a g e m e n t, a n d te c h n ic a l a u d ie n c e s
Copyright © by EG-G(IIIICil. All Rights Reserved. Reproduction is Strictly Prohibited.
W h a t I s P e n e t r a t io n T e s tin g ?
P enetration testing is a m ethod o f e va lu a tin g se curity levels o f a p articula r system or

n etw o rk. This helps you d ete rm ine th e flaw s related to h a rd w a re and so ftw a re . The early
id e n tific a tio n helps p ro te c t th e n e tw o rk . If the vu ln era b ilitie s a re n 't id e n tifie d early, the n the y
becom e an easy source fo r the attacker fo r the intrusion.
During p en e tratio n testing, a pen te ste r analyzes all the se curity measures em ployed by the
organization fo r design weaknesses, technical flaws, and vu ln era b ilitie s. There are tw o types o f
testing; black box te s tin g and w h ite b o x te stin g . Black box testin g sim ulates an attack fro m
som eone w ho is u n fa m ilia r w ith the system, and w h ite box testing sim ulates an a ttacker th a t
has kn ow led g e abo u t the system. Once all the tests are conducted, th e pen te ste r prepares a
re p o rt and includes all the te st results and the tests conducted along w ith the vu ln era b ilitie s
fou n d and the respective counterm easures th a t can be applied. Finally, the pen te ste r delivers
the re p o rt to executive, m anagem ent, and technical audiences.

‫ב‬
W h y P e n e t r a t io n T e s t in g C E H
(•rtifwd itkitjl
a
e Identify the threats © For testing and
A facing an organization's
information assets
validating the efficiency
of security protections
and controls
S Reduce an organization's expenditure 8 For changing or upgrading existing

on IT security and enhance Return ^ infrastructure of software,
On Security Investment (ROSI) by hardware, or network design
identifying and remediating
vulnerabilities or weaknesses W Focus on high-severity
vulnerabilities and emphasize
Provide assurance with application-level security issues to
comprehensive assessment of development teams and
organization's security including management
policy, procedure, design, and
Implementation » Provide a comprehensive approach
of preparation steps that can be
Gain and maintain certification to an
taken to prevent upcoming
industry regulation (BS7799, HIPAA
exploitation
etc.)
w Evaluate the efficiency of network
Adopt best practices in compliance
to legal and industry regulations security devices such as firewalls,
routers, and web servers
Ip fe W h y P e n e t r a t io n T e s t in g ?
P enetration testing is required because it helps you to:
© Id e n tify the threa ts facing an organization's in fo rm a tio n assets
© Reduce an organization's IT security costs and provide a b e tte r Return
On S ecurity In ve stm e n t (ROSI) by id e n tifyin g and resolving vu ln era b ilitie s and
weaknesses
© Provide an organization w ith assurance: a tho ro u gh and com prehensive assessment o f
organizational security covering policy, procedure, design, and im p le m e n ta tio n
© Gain and m aintain ce rtifica tio n to an in dustry regulation (BS7799, HIPAA etc.)
© A do p t best practices by co nfo rm ing to legal and in d u s try re g ula tio ns
© Test and validate the efficiency o f se curity p ro te c tio n s and co n tro ls
© Change or upgrade existing in fra stru ctu re o f softw are, hardw are, or n e tw o rk design
© Focus on h ig h-se ve rity v u ln e ra b ilitie s and emphasize a p p lica tio n -le ve l se curity issues
to d eve lo p m en t team s and m anagem ent
© Provide a com prehensive approach o f pre pa ra tio n steps th a t can be taken to prevent
upcom ing e xploita tio n
© Evaluate the efficiency o f n e tw o rk security devices such as fire w a lls, routers, and web
servers

P e n e tr a tio n T e s tin g M e th o d o lo g y
As a pen tester, you should never overlook any in fo rm a tio n resource. All possible
in fo rm a tio n sources m ust be tested fo r vuln era b ilitie s. Not ju st the in fo rm a tio n sources, but
every m echanism and the s o ftw a re involved in yo u r business m ust be tested because if the
a ttacker is n ot able to com prom ise the in fo rm a tio n system, the n he o r she may try to gain
access to the system and then to th e sensitive in fo rm a tio n . A fe w attacks, such as d enial-of-
service attacks, d o n 't even need access to the system. Therefore, to ensure th a t you check all
possible ways o f com prom ising a system or n etw o rk, you should fo llo w the p en e tra tio n testing
m ethodology. This ensures the full scope o f the test.

FIGURE 1.5: P e n e tra tio n T e s tin g M e th o d o lo g y P a rt -1

P e n e tr a tio n T e s t in g M e t h o d o lo g y ( C o n t’ d )
Mobile Email
►Tff ►H ►
Devices Security
Penetration Penetration
Testing 3 Testing
SAP
Penetration
Testing
FIGURE 1.6: P e n e tra tio n T e s tin g M e th o d o lo g y P a rt 2‫־‬
M o d u le 0 1 P ag e 8 9 Ethical H acking a n d C o u n te rm e a s u re s C opyright © by EC-C0l1nCil

M o d u le S u m m a r y C E H
C o m p le x ity o f s e c u rity r e q u ir e m e n ts is in c re a s in g d a y b y d a y as a re s u lt o f
e v o lv in g te c h n o lo g y , c h a n g in g h a c k in g ta c tic s , e m e rg in g s e c u rity v u ln e r a b ilitie s , e tc.
□ H a c k e r o r c ra c k e r is o n e w h o acce sses a c o m p u te r s y s te m b y e v a d in g its s e c u rity s y s te m
□ E th ic a l h a c k in g in v o lv e s th e use o f h a c k in g to o ls , tric k s , a n d te c h n iq u e s to id e n tify

v u ln e r a b ilitie s so as to e n s u re s y s te m s e c u rity
E th ic a l h a c k e rs h e lp o r g a n iz a tio n to b e tte r u n d e rs ta n d t h e ir s e c u rity s y s te m s a n d id e n tify

th e risks, h ig h lig h t th e re m e d ia l a c tio n s , a n d a ls o re d u c e ICT c o s ts b y re s o lv in g th o s e
v u ln e r a b ilitie s
E th ic a l h a c k e r s h o u ld p o sses p la t fo r m k n o w le d g e , n e tw o r k k n o w le d g e , c o m p u te r e x p e rt,
s e c u rity k n o w le d g e , a n d te c h n ic a l k n o w le d g e s kills
E th ic a l h a c k in g is a c ru c ia l c o m p o n e n t o f ris k a s s e s s m e n t, a u d itin g , c o u n te r fra u d , b e s t

p ra c tic e s , a n d g o o d g o v e rn a n c e
M o d u le S u m m a ry
This m odule is sum m arized as follow s:
© The co m p lexity o f se curity re q u ire m e n ts is increasing day by day as a result o f

evolving technology, changing hacking tactics, em erging security vu ln era b ilitie s, etc.
© A hacker o r cracker is som eone w h o accesses a co m p u te r system by evading its se curity

system.
Q Ethical hacking involves the use o f hacking tools, tricks, and techniques to id e n tify
v u ln e ra b ilitie s to ensure system security.
0 Ethical hackers help organizations to b e tte r understand th e ir security systems and

id e n tify th e risks, highlight the re m e d ial actions, and also reduce ICT costs by resolving
those vu ln erabilities.
Q An ethical hacker possesses p la tfo rm know ledge, n e tw o rk know ledge, c o m p u te r

expert, se curity know ledge, and tech n ica l kn ow led g e skills.
Q Ethical hacking is a crucial co m p on e nt o f risk assessment, auditing, co u n te r fraud, best

practices, and good governance.
M o d u le 0 1 P ag e 9 0 Ethical H acking a n d C o u n te rm e a s u re s C opyright © by EC-C0UnCil


CEHV8 Module 01 Introduction To Ethical Hacking PDF

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

CEHV8 Module 01 Introduction To Ethical Hacking PDF

Uploaded by

Copyright:

Available Formats

Introduction to

Module 01 Page 2 Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil

Oct 17 2012, 0:45am 1ST

Copyright © by EG-G*ancil. All Rights Reserved. Reproduction is Strictly Prohibited.

S o u rce : h ttp ://a rs te c h n ic a .c o m

C o m p u te r a tta c k s th a t ta rg e t u n d is c lo s e d v u ln e ra b ilitie s a re m o re com m on and la s t lo n g e r

th a n m a n y s e c u rity re s e a rc h e rs p re v io u s ly th o u g h t. T h e fin d in g c o m e s f r o m a new s tu d y th a t

tr a c k e d th e n u m b e r a n d d u r a tio n o f s o -c a lle d z e ro - d a y e x p lo its o v e r t h r e e y e a rs .

The ty p ic a l ze ro -d a y a tta c k , by d e fin itio n , e x p lo its s o ftw a re fla w s b e fo re th e y a re p u b lic ly

d is c lo s e d . It la s ts on a ve ra g e 312 days, w ith som e la s tin g as lo n g as t w o and a h a lf ye a rs ,

a c c o rd in g to th e s tu d y by re se a rch e rs fro m a n tiv iru s p ro v id e r S y m a n te c . O f th e 18 z e ro -d a y

R e c e n t r e v e la tio n s t h a t t h e S t u x n e t m a lw a r e t h a t s a b o ta g e d Ira n ia n n u c le a r fa c ilitie s re lie d o n

fiv e z e ro d a y s a lre a d y u n d e r s c o r e d th e t h r e a t p o s e d b y su ch a tta c k s . B u t th e r e s e a r c h e r s s a id

"Z e ro -d a y a tta c k s a re d iffic u lt to p re v e n t because th e y e x p lo it unknow n v u ln e ra b ilitie s , fo r

w h ic h th e r e a re n o p a tc h e s a n d n o a n tiv iru s o r in t r u s io n - d e te c tio n s ig n a tu r e s ," th e y w r o te . "It

seem s th a t, as lo n g as s o ftw a re w ill have bugs and th e d e v e lo p m e n t of e x p lo its fo r new

Module 01 Page 3 Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil

v u ln e ra b ilitie s w ill b e a p ro fita b le a c tiv ity , w e w ill b e e x p o s e d to z e r o - d a y a t t a c k s . In f a c t , 6 0

R e s e a rc h e rs L e y la B ilg e and Tudor D u m itra s c o n d u c te d a s y s te m a tic s tu d y th a t a n a ly z e d

e x e c u ta b le file s c o lle c te d f r o m 11 m illio n c o m p u te rs a ro u n d th e w o rld fro m F e b ru a ry 2 0 0 8 to

M a rch 2012. T hre e o f th e ze ro -d a y e x p lo its t h e y fo u n d w e re d is c lo s e d in 2008, seven w e re

d is c lo s e d in 2009, s ix w e r e d is c lo s e d in 2010, and tw o w e re d is c lo s e d in 2011. (The b in a ry

r e p u ta tio n d a ta th e re s e a rc h e rs re lie d o n p r e v e n te d t h e m fro m i d e n t i f y i n g a t t a c k s in 2 0 1 2 . ) A n

a tta c k o n m a n y v e rs io n s o f M ic r o s o ft W in d o w s , w h ic h a p p e a rs to have gone u n d e te c te d as a

z e ro d a y u n til n o w , h a d th e s h o rte s t d u ra tio n : ju s t 19 days. A n e x p lo it o f a s e p a ra te s e c u rity

Of th e 18 a tta c k s s tu d ie d , 15 ta rg e te d 102 or fe w e r of th e 11 m illio n h o s ts th a t w e re

m o n ito re d . E ig h t o f th e e x p lo its w e re d ire c te d at th re e or fe w e r h o s ts . The d a ta c o n firm s

c o n v e n tio n a l w is d o m th a t z e ro -d a y a tta c k s a re ty p ic a lly re s e rv e d fo r h ig h -v a lu e ta rg e ts . O f th e

r e m a in in g t h r e e a tta c k s , o n e w a s e x p lo ite d b y S tu x n e t a n d a n o th e r w a s e x p lo ite d b y C o n fic k e r,

th e v iru le n t w o r m d is c o v e re d in 2 0 0 8 t h a t h a s i n f e c t e d m illio n s o f c o m p u te r s (and re p o rte d ly

"F or e x a m p le , C o n fic k e r e x p lo itin g th e v u ln e ra b ility C V E -2 0 0 8 -4 2 5 0 m anaged to in fe c t

w ro te . " T h is e x a m p le illu s tra te s th e e ffe c tiv e n e s s o f z e ro -d a y v u ln e ra b ilitie s fo r c o n d u c tin g

s te a lth c y b e r-a tta c k s ."

The re se a rch e rs c a u tio n e d th a t th e ir m e th o d of c o lle c tin g e x e c u ta b le file s had s ig n ific a n t

l im it a t io n s , c a u s in g it t o m is s 2 4 z e r o - d a y a tta c k s t r a c k e d b y S y m a n te c 's o w n In t e r n e t S e c u rity

T h re a ts R e p o rt o v e r th e tim e p e rio d s tu d ie d . S u rp ris in g ly , th e num ber o f a tta c k s o n ly g re w

once z e ro -d a y a tta c k s becam e p u b lic k n o w le d g e — b y m a rg in s o f tw o - to 1 0 0 ,0 0 0 -fo ld . The

n u m b e r o f a t t a c k v a r ia n t s a ls o ro s e , w i t h 183 to 8 5 ,0 0 0 m o re v a ria n ts d e te c te d ea ch day. O n e

Copyrights: ©2012 Conde Nast

Author: Dan Goodin

Module 01 Page 4 Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil

J D a ta B re a c h In v e s tig a tio n s R e p o rt J H a c k in g P hases

J E s s e n tia l T e rm in o lo g y J T yp e s o f A tta c k s o n a S yste m

J ‫׳‬j T yp e s o f S e c u rity P o licie s

J E ffe c ts o f H a c k in g o n B usiness j V u ln e r a b ility R esea rch

J W h o Is a H a c k e r? j W h a t Is P e n e tra tio n T e s tin g ?

of s y s te m a d m in is tra to rs and n e tw o rk s e c u rity p ro fe s s io n a ls to g u a rd th e ir in fra s tru c tu re

a g a in s t e x p lo its b y k n o w in g th e e n e m y — th e m a lic io u s h a cke r(s)— w h o seek to use th e sam e

in f r a s t r u c t u r e f o r ille g a l a c tiv itie s .

lo o p h o le s a n d v u ln e ra b ilitie s . T h e in d iv id u a ls o r e x p e rts w h o p e r fo r m e th ic a l h a c k in g a re c a lle d

w h ite h a ts . They p e rfo rm h a c k in g in e th ic a l w ays, w ith o u t c a u s in g any dam age to th e

Module 01 Page 5 Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil

0 T o p I n fo r m a tio n S e c u rity A tta c k 6 S k ills o f a n E th ic a l H a c k e r

Module 01 Page 6 Ethical Hacking and Countermeasures Copyright © by EC-C0UI1Cil

H a c k in g T ypes of In fo rm a tio n S e c u r ity

Copyright © by EC-G*ancil. All Rights Reserved. Reproduction is Strictly Prohibited.

in fo rm a tio n and in fo rm a tio n s y s te m s fro m u n a u th o riz e d access, d is c lo s u re , a lte ra tio n ,

d is ru p tio n , a n d d e s tru c tio n . F o r m o s t o rg a n iz a tio n s , in fo r m a tio n is t h e c ritic a l re s o u rc e t o be

s e c u re d . If s e n s itiv e in f o r m a t io n fa lls in t o w r o n g hands, th e n th e re s p e c tiv e o rg a n iz a tio n m ay

fa c e a g re a t th re a t. In an a tte m p t to u n d e rs ta n d how to s e cu re such c ritic a l in fo rm a tio n

re s o u rc e s , fir s t w e w ill lo o k a t an o v e r v ie w o f in f o r m a t io n s e c u rity .

s ' In fo r m a tio n S e c u rity T h re a ts

4 k - ‫!״‬ H a c k in g C o n c e p ts ‫ן‬ r^ U In fo r m a tio n S e c u rity C o n tro ls