Professional Documents
Culture Documents
Reconnaissance
Techniques
CHAPTER 1
Packet Capture
Virtualization Technologies
Cloud Computing Security
SAAS
PAAS
IAAS
Information Gathering and getting to know the target systems is the first process in ethical hacking. Reconnaissance
is a set of processes and techniques (Footprinting, Scanning & Enumeration) used to covertly discover and collect
information about a target system.
During reconnaissance, an ethical hacker attempts to gather as much information about a target system as possible,
following the seven steps listed below −
Gather initial information
Determine the network range
Identify active machines
Discover open ports and access points
Fingerprint the operating system
Uncover services on ports
Map the network
Job Sites
Social Media
DNS
You can use http://www.whois.com/whois website to get detailed information about a domain
name information including its owner, its registrar, date of registration, expiry, name server,
owner's contact information, etc
WHOIS web service
Scanning
This is a method that can be used by the adversary to get more detail on your network. This
method are used to find openings on the network and is being used to deduce what devices are
on the other end of the network.
Network Mapping - NMAP
Network Mapping is done to understand the topology of the network, including the perimeter
network, demilitarized zones and key network devices. To understand the topology of the
Network the user or adversary conduct a sweep. The sweep is done by sending a message to
each device and record the response and one of the most popular to tool to get this done is a
Network Mapper or (NMAP).
The next step for the adversary is to fill in the details to perform further analysis.
Port scanners are programs designed to probe a host to determine of ports are opened. The use
of ports are important to for services communicating to a server. However, it allows an attacker
to add details into the network by seeing what ports are open.
A port scan may reveal well-known ports 80 and port 25 running and may determine a web-
based application is running.
The Web application vulnerability scanner is an automated tool used to scan web applications
for security vulnerabilities. These scans are based on preexisting database of known exploits, so
please bear this in mind.
Some of the tests from these scanners relate to SQL injections, command injections, cross-site
scripting and improper server configuration.
Once a packet is captured, it is stored temporarily so that it can be analyzed. The packet is inspected to
help diagnose and solve network problems and determine whether network security policies are being
followed.
Hackers can also use packet capturing techniques to steal data that is being transmitted over a network.
• Security: Data capturing is used to identify security flaws and breaches by determining the
point of intrusion.
• Identification of Data Leakage: Content analysis and monitoring helps to ascertain the
leakage point and its sources.
• Troubleshooting: Managed through data capturing, troubleshooting detects the occurrence
of undesired events over a network and helps solve them. If the network administrator has full
access to a network resource, he can access it remotely and troubleshoot any issues.
• Identifying Data/Packet Loss: When data is stolen, the network administrator can retrieve
the stolen or lost information easily using data capturing techniques.
• Forensics: Whenever viruses, worms or other intrusions are detected in computers, the
network administrator determines the extent of the problem. After initial analysis, she may block
some segments and network traffic in order to save historical information and network data.
Wireless networks use various technologies such as radio frequencies (RF). Because there are no
way to limit the signal it goes beyond the limits of a home or organization’s physical presence
and passerby can easily observe network traffic with the right tools in hand.
If you are already connected to a wireless network and are only trying to record the traffic
between connected devices on the network Wireshark will work well for this situation. Wireless
Network operate on IEEE 802.11 broadcasts.
Virtualization is the creation of a virtual -- rather than actual -- version of something, such as an
operating system, a server, a storage device or network resources.
Hypervisors
A hypervisor is a function which abstracts -- isolates -- operating systems and applications from
the underlying computer hardware. This abstraction allows the underlying host machine
hardware to independently operate one or more virtual machines as guests, allowing multiple
guest VMs to effectively share the system's physical compute resources, such as processor
cycles, memory space, network bandwidth and so on. A hypervisor is sometimes also called a
virtual machine monitor.
Cloud computing is a general term for the delivery of hosted services over the internet.
Cloud computing enables companies to consume a compute resource, such as a virtual machine
(VM), storage or an application, as a utility -- just like electricity -- rather than having to build and
maintain computing infrastructures in-house.
Security remains a primary concern for businesses contemplating cloud adoption -- especially
public cloud adoption. Public cloud service providers share their underlying hardware
infrastructure between numerous customers, as public cloud is a multi-tenant environment. This
environment demands copious isolation between logical compute resources. At the same time,
access to public cloud storage and compute resources is guarded by account login credentials.
Many organizations bound by complex regulatory obligations and governance standards are still
hesitant to place data or workloads in the public cloud for fear of outages, loss or theft.
However, this resistance is fading, as logical isolation has proven reliable, and the addition of
data encryption and various identity and access management tools has improved security within
the public cloud.
(https://nmap.org/)
Nikto is an Open Source web server scanner which performs comprehensive tests against web
servers for multiple items, including over 6700 potentially dangerous files/programs, checks for
outdated versions of over 1250 servers, and version specific problems on over 270 servers.
It also checks for server configuration items such as the presence of multiple index files, HTTP
server options, and will attempt to identify installed web servers and software. Scan items and
plugins are frequently updated and can be automatically updated.
Nikto is not designed as a stealthy tool. It will test a web server in the quickest time possible,
and is obvious in log files or to an IPS/IDS.
(https://cirt.net/Nikto2)
(
https://www.tenable.com/products/nessus-vulnerability-scanner
)
(https://www.wireshark.org/)
Reconnaisance
Packet Capture
Virtualization Technologies
Cloud Computing Security
SAAS
PAAS
IAAS