Ethical Hacking

Hacker Terms

•Hacking - showing computer expertise.•Cracking - breaking security on software or systems•Phreaking - cracking telecom networks•Spoofing - faking the originating IP address in a datagram•Denial of Service (DoS) - flooding a host with sufficient network traffic so that it can’t respond anymore•Port Scanning - searching for vulnerabilities

Legal and ethical questions?

♦ What is Ethical Hacking?♦ Who are ethical hackers?♦ Attack exploit the vulnerabilities♦ Being prepared♦ Kinds of testing♦ Final Report♦ Ethical hacking-commandments♦ Suggestion

Hacking through the ages♦ 1969 - Unix ‘hacked’ together♦ 1971 - Cap ‘n Crunch phone exploit discovered♦ 1988 - Morris Internet worm crashes 6,000 servers♦ 1994 - $10 million transferred from CitiBank accounts♦ 1995 - Kevin Mitnick sentenced to 5 years in jail♦ 2000 - Major websites succumb to DDoS♦ 2000 - 15,700 credit and debit card numbers stolen from Western Union

(hacked while web database was undergoing maintenance)♦ 2001 Code Red

– exploited bug in MS IIS to penetrate & spread– probes random IPs for systems running IIS– had trigger time for denial-of-service attack– 2nd wave infected 360000 servers in 14 hours

♦ Code Red 2 - had backdoor installed to allow remote control♦ Nimda -used multiple infection mechanisms email, shares, web client, IIS♦ 2002 – Slammer Worm brings web to its knees by attacking MS SQL Server

Types of hacker♦ Professional hackers

– Black Hats – the Bad Guys– White Hats – Professional Security Experts

♦ Script kiddies– Mostly kids/students

• User tools created by black hats,– To get free stuff– Impress their peers– Not get caught

♦ Underemployed Adult Hackers – Former Script Kiddies

• Can’t get employment in the field• Want recognition in hacker community• Big in eastern European countries

♦ Ideological Hackers– hack as a mechanism to promote some political or ideological purpose– Usually coincide with political events

Gaining access

♦ Front door– Password guessing

– Password/key stealing

♦ Back doors– Often left by original developers as debug and/or diagnostic tools

– Forgot to remove before release

♦ Trojan Horses– Usually hidden inside of software that we download and install

from the net (remember nothing is free)

– Many install backdoors

♦ Software vulnerability exploitation– Often advertised on the OEMs web site along with security

patches

– Fertile ground for script kiddies looking for something to do

Back doors & Trojans

♦ e.g. Whack-a-mole / NetBus♦ Cable modems / DSL very vulnerable♦ Protect with Virus Scanners, Port Scanners,

Personal Firewalls

Software vulnerability exploitation

♦ Buffer overruns♦ HTML / CGI scripts♦ Poor design of web applications

– Javascript hacks

– PHP/ASP/ColdFusion URL hacks

♦ Other holes / bugs in software and services♦ Tools and scripts used to scan ports for vulnerabilities

Password guessing

♦ Default or null passwords♦ Password same as user name (use finger)♦ Password files, trusted servers♦ Brute force

– make sure login attempts audited!

Ethical Hacking

♦ Independent computer security Professionals breaking into the computer systems.

♦ Neither damage the target systems nor steal information.

♦ Permission is obtain from target.♦ Part of an overall security

program.

Ethical Hackers but not Criminal Hackers♦ Completely trustworthy.♦ Strong programming and computer

networking skills.♦ Learn about the system and trying to

find its weaknesses.♦ Techniques of Criminal hackers-

Detection-Prevention.♦ Published research papers or released

security software.♦ No Ex-hackers.

Who are ethical hackers?♦ An ethical hacker is a computer and

networking expert who systematically attempts to penetrate a computer system or network on behalf of its owners for the purpose of finding security vulnerabilities that a malicious hacker could potentially exploit.

♦ It posses same skills, mindset and tools of hacker but attack are done in non-destructive manner

♦ Any organization that has a network connected to the Internet or provides an online service should consider subjecting it to a penetration test. Various standards such as the Payment Card Industry Data Security Standard require companies to conduct penetration testing from both an internal and external perspective on an annual basis and after any significant change in the infrastructure or applications. Many large companies, such as IBM, maintain employee teams of ethical hackers, while there are plenty of firms that offer ethical hacking as a service.

Attack-exploit the vulnerabilities

♦ Exploiting implementation of HTTP, SMTP protocols.

♦ SQL injection.♦ Spamming.♦ Gaining access to application database.♦ Free exploits from hacker website.♦ Internally develpoed.

Being Prepared♦ Identification of target-company websites, mail

servers, etc. ♦ Does anyone at the target What can an intruder do

with that information?♦ Notice the intruder's attempts or successes? ♦ Signing of contract

1. Time window for attacks.2. Total time for testing.3. Prior knowledge of the system.4. Key people who are made aware of the testing.

Kinds of Testing ♦ Remote Network♦ Remote dial-up network♦ Local network♦ Stolen laptop computer♦ Social engineering♦ Physical entry

1.Total outsider2.Semi-outsider3.Valid user

Final Report

♦ Collection of all discoveries made during evaluation.

♦ Specific advice on how to close the vulnerabilities.

♦ Testers techniques never revealed.♦ Delivered directly to an officer of the client

organization in hard-copy form.♦ Steps to be followed by clients in future.

Ethical hacking-commandments

♦ Working ethically

1. Trustworthiness

2. Misuse for personal gain.♦ Respecting privacy♦ Not crashing the system.

Suggestions?