internet

Hands-On Ethical Hacking and Network Defense

Second Edition

Chapter 4Footprinting and Social Engineering

Objectives

• After reading this chapter and completing the exercises, you will be able to:– Use Web tools for footprinting– Conduct competitive intelligence– Describe DNS zone transfers– Identify the types of social engineering

Hands-On Ethical Hacking and Network Defense, Second Edition 2

Using Web Tools for Footprinting

• “Case the joint”– Look over the location– Find weakness in security systems– Types of locks and alarms used

• Footprinting– Finding information on company’s network– Passive and nonintrusive– Several available Web tools



Table 4-1 Summary of Web tools


Table 4-1 Summary of Web tools (cont’d.)

Conducting Competitive Intelligence

• Numerous resources to find information legally– Competitive intelligence

• Gathering information using technology

• Security professionals must:– Explain methods used to gather information

• Have a good understanding of methods


Analyzing a Company’s Web Site

• Easy source of critical information– Many available tools

• Paros– Powerful tool for UNIX and Windows OSs– Requires Java J2SE



Figure 4-1 The main window of Paros


Analyzing a Company’s Web Site (cont’d.)

• Paros: searching for a Web site– Click Tools, Spider– Enter Web site’s URL– Check results


Figure 4-2 Entering a URL in the Input dialog box


Figure 4-3 Displaying filenames of all Web pages on a site

Analyzing a Company’s Web Site (cont’d.)

• Paros: getting Web site structure – Click Tree, Scan All– Report includes:

• Vulnerabilities

• Risk levels

• Gathering information this way: – Time consuming



Figure 4-4 The Paros scanning report

Using Other Footprinting Tools

• Whois– Commonly used – Gathers IP address

and domain information

– Attackers can also use it


Figure 4-5 Viewing information with the SamSpade Whois utility

Using E-mail Addresses

• E-mail addresses – Help retrieve even more information

• Find e-mail address format– Guess other employees’ e-mail accounts

• Tool to find corporate employee information– Groups.google.com


Using HTTP Basics

• HTTP operates on port 80

• HTTP commands – Pull information from a Web server

• Basic understanding of HTTP – Beneficial for security testers

• Return codes– Reveal information about OS used

• HTTP methods– GET/ HTTP/1.1.



Table 4-2 HTTP client errors


Table 4-3 HTTP server errors


Table 4-4 HTTP methods


Figure 4-6 Using the OPTIONS HTTP method


Figure 4-7 Using the HEAD HTTP method

Other Methods of Gathering Information

• With just a URL, you can determine:– Web server – OS – Names of IT personnel

• Other methods:– Cookies– Web bugs


Detecting Cookies and Web Bugs

• Cookie– Text file generated by a Web server– Stored on a user’s browser– Information sent back to Web server when user

returns– Used to customize Web pages– Some cookies store personal information

• Security issue


Detecting Cookies and Web Bugs (cont’d.)

• Web bug– One-pixel by one-pixel image file– Referenced in an <IMG> tag– Usually works with a cookie– Purpose similar to spyware and adware– Comes from third-party companies

• Specializing in data collection


Using Domain Name Service Zone Transfers

• Domain Name System (DNS)– Resolves host names to IP addresses– People prefer URLs to IP addresses

• Extremely vulnerable

• Zone transfer tools– Dig and Host

• Determining primary DNS server– Start of Authority (SOA) record

• Shows zones or IP addresses

– Zone transfer gives network diagram



Figure 4-9 Using the Dig command

Introduction to Social Engineering

• Older than computers– Targets human component of a network

• Goals– Obtain confidential information (passwords)– Obtain other personal information

• Tactics– Persuasion– Intimidation– Coercion– Extortion/blackmailing


Introduction to Social Engineering (cont’d.)

• Biggest security threat – Most difficult to protect against

• Main idea:– “Why try to crack a password when you can simply

ask for it?”• Users divulge passwords to IT personnel

• Human behavior studied– Personality traits– Body language


Introduction to Social Engineering (cont’d.)

• Techniques– Urgency– Quid pro quo– Status quo– Kindness– Position

• Train users – Not to reveal information– To verify caller identity

• Ask questions and call back to confirm



Figure 4-10 The OSSTMM social-engineering template

The Art of Shoulder Surfing

• Shoulder surfer– Reads what users enter on keyboards

• Logon names

• Passwords

• PINs

• Tools– Binoculars or high-powered telescopes– Key positions and typing techniques– Popular letter substitutions

• $ equals s, @ equals a


The Art of Shoulder Surfing (cont’d.)

• Prevention– Avoid typing when:

• Someone is nearby

• Someone nearby is talking on cell phone

– Computer monitors: • Face away from door or cubicle entryway

– Immediately change password if you suspect someone is observing you


The Art of Dumpster Diving

• Attacker finds information in victim’s trash– Discarded computer manuals– Passwords jotted down– Company phone directories– Calendars with schedules– Financial reports– Interoffice memos– Company policy– Utility bills– Resumes


The Art of Dumpster Diving (cont’d.)

• Prevention– Educate users

• Dumpster diving

• Proper trash disposal

– Format disks before disposing them• Software writes binary zeros

• Done at least seven times

– Discard computer manuals offsite– Shred documents before disposal


The Art of Piggybacking

• Trailing closely behind an employee cleared to enter restricted areas

• How it works:– Watch authorized personnel enter an area– Quickly join them at security entrance– Exploit desire to be polite and helpful– Attacker wears a fake badge or security card


The Art of Piggybacking (cont’d.)

• Prevention– Use turnstiles– Train personnel to notify security about strangers– Do not hold secured doors for anyone

• Even people they know

– All employees must use access cards


Phishing

• Phishing e-mails– “Update your account details”– Usually framed as urgent request to visit a Web site

• Web site is a fake

• Spear phishing– Combines social engineering and exploiting

vulnerabilities– E-mail attacks directed at specific people

• Comes from someone the recipient knows

• Mentions topics of mutual interest



Figure 4-12 A phishing e-mail

Summary

• Footprinting– Gathering network information with Web tools

• Competitive intelligence – Gathered through observation and Web tools

• IP addresses and domain names – Found by using tools (e.g., SamSpade)

• Cookies and Web bugs– Collect and retrieve user’s information

• Zone transfers– Used to obtain network topologies


Summary (cont’d.)

• Social engineering– Attacks using human nature

• Many methods

– Educate personnel

• Attacker techniques – Shoulder surfing– Dumpster diving– Piggybacking– Phishing


Date post:	09-Jun-2015
Category:	Documents
Upload:	rajender-singh-oberoi
View:	154 times
Download:	0 times

internet

Documents