Date post: | 09-Jun-2015 |
Category: |
Documents |
Upload: | rajender-singh-oberoi |
View: | 154 times |
Download: | 0 times |
Hands-On Ethical Hacking and Network Defense
Second Edition
Chapter 4Footprinting and Social Engineering
Objectives
• After reading this chapter and completing the exercises, you will be able to:– Use Web tools for footprinting– Conduct competitive intelligence– Describe DNS zone transfers– Identify the types of social engineering
Hands-On Ethical Hacking and Network Defense, Second Edition 2
Using Web Tools for Footprinting
• “Case the joint”– Look over the location– Find weakness in security systems– Types of locks and alarms used
• Footprinting– Finding information on company’s network– Passive and nonintrusive– Several available Web tools
Hands-On Ethical Hacking and Network Defense, Second Edition 3
Hands-On Ethical Hacking and Network Defense, Second Edition 4
Table 4-1 Summary of Web tools
Hands-On Ethical Hacking and Network Defense, Second Edition 5
Table 4-1 Summary of Web tools (cont’d.)
Conducting Competitive Intelligence
• Numerous resources to find information legally– Competitive intelligence
• Gathering information using technology
• Security professionals must:– Explain methods used to gather information
• Have a good understanding of methods
Hands-On Ethical Hacking and Network Defense, Second Edition 6
Analyzing a Company’s Web Site
• Easy source of critical information– Many available tools
• Paros– Powerful tool for UNIX and Windows OSs– Requires Java J2SE
Hands-On Ethical Hacking and Network Defense, Second Edition 7
Hands-On Ethical Hacking and Network Defense, Second Edition 8
Figure 4-1 The main window of Paros
Hands-On Ethical Hacking and Network Defense, Second Edition 9
Analyzing a Company’s Web Site (cont’d.)
• Paros: searching for a Web site– Click Tools, Spider– Enter Web site’s URL– Check results
Hands-On Ethical Hacking and Network Defense, Second Edition 10
Figure 4-2 Entering a URL in the Input dialog box
Hands-On Ethical Hacking and Network Defense, Second Edition 11
Figure 4-3 Displaying filenames of all Web pages on a site
Analyzing a Company’s Web Site (cont’d.)
• Paros: getting Web site structure – Click Tree, Scan All– Report includes:
• Vulnerabilities
• Risk levels
• Gathering information this way: – Time consuming
Hands-On Ethical Hacking and Network Defense, Second Edition 12
Hands-On Ethical Hacking and Network Defense, Second Edition 13
Figure 4-4 The Paros scanning report
Using Other Footprinting Tools
• Whois– Commonly used – Gathers IP address
and domain information
– Attackers can also use it
Hands-On Ethical Hacking and Network Defense, Second Edition 14
Figure 4-5 Viewing information with the SamSpade Whois utility
Using E-mail Addresses
• E-mail addresses – Help retrieve even more information
• Find e-mail address format– Guess other employees’ e-mail accounts
• Tool to find corporate employee information– Groups.google.com
Hands-On Ethical Hacking and Network Defense, Second Edition 15
Using HTTP Basics
• HTTP operates on port 80
• HTTP commands – Pull information from a Web server
• Basic understanding of HTTP – Beneficial for security testers
• Return codes– Reveal information about OS used
• HTTP methods– GET/ HTTP/1.1.
Hands-On Ethical Hacking and Network Defense, Second Edition 16
Hands-On Ethical Hacking and Network Defense, Second Edition 17
Table 4-2 HTTP client errors
Hands-On Ethical Hacking and Network Defense, Second Edition 18
Table 4-3 HTTP server errors
Hands-On Ethical Hacking and Network Defense, Second Edition 19
Table 4-4 HTTP methods
Hands-On Ethical Hacking and Network Defense, Second Edition 20
Figure 4-6 Using the OPTIONS HTTP method
Hands-On Ethical Hacking and Network Defense, Second Edition 21
Figure 4-7 Using the HEAD HTTP method
Other Methods of Gathering Information
• With just a URL, you can determine:– Web server – OS – Names of IT personnel
• Other methods:– Cookies– Web bugs
Hands-On Ethical Hacking and Network Defense, Second Edition 22
Detecting Cookies and Web Bugs
• Cookie– Text file generated by a Web server– Stored on a user’s browser– Information sent back to Web server when user
returns– Used to customize Web pages– Some cookies store personal information
• Security issue
Hands-On Ethical Hacking and Network Defense, Second Edition 23
Detecting Cookies and Web Bugs (cont’d.)
• Web bug– One-pixel by one-pixel image file– Referenced in an <IMG> tag– Usually works with a cookie– Purpose similar to spyware and adware– Comes from third-party companies
• Specializing in data collection
Hands-On Ethical Hacking and Network Defense, Second Edition 24
Using Domain Name Service Zone Transfers
• Domain Name System (DNS)– Resolves host names to IP addresses– People prefer URLs to IP addresses
• Extremely vulnerable
• Zone transfer tools– Dig and Host
• Determining primary DNS server– Start of Authority (SOA) record
• Shows zones or IP addresses
– Zone transfer gives network diagram
Hands-On Ethical Hacking and Network Defense, Second Edition 25
Hands-On Ethical Hacking and Network Defense, Second Edition 26
Figure 4-9 Using the Dig command
Introduction to Social Engineering
• Older than computers– Targets human component of a network
• Goals– Obtain confidential information (passwords)– Obtain other personal information
• Tactics– Persuasion– Intimidation– Coercion– Extortion/blackmailing
Hands-On Ethical Hacking and Network Defense, Second Edition 27
Introduction to Social Engineering (cont’d.)
• Biggest security threat – Most difficult to protect against
• Main idea:– “Why try to crack a password when you can simply
ask for it?”• Users divulge passwords to IT personnel
• Human behavior studied– Personality traits– Body language
Hands-On Ethical Hacking and Network Defense, Second Edition 28
Introduction to Social Engineering (cont’d.)
• Techniques– Urgency– Quid pro quo– Status quo– Kindness– Position
• Train users – Not to reveal information– To verify caller identity
• Ask questions and call back to confirm
Hands-On Ethical Hacking and Network Defense, Second Edition 29
Hands-On Ethical Hacking and Network Defense, Second Edition 30
Figure 4-10 The OSSTMM social-engineering template
The Art of Shoulder Surfing
• Shoulder surfer– Reads what users enter on keyboards
• Logon names
• Passwords
• PINs
• Tools– Binoculars or high-powered telescopes– Key positions and typing techniques– Popular letter substitutions
• $ equals s, @ equals a
Hands-On Ethical Hacking and Network Defense, Second Edition 31
The Art of Shoulder Surfing (cont’d.)
• Prevention– Avoid typing when:
• Someone is nearby
• Someone nearby is talking on cell phone
– Computer monitors: • Face away from door or cubicle entryway
– Immediately change password if you suspect someone is observing you
Hands-On Ethical Hacking and Network Defense, Second Edition 32
The Art of Dumpster Diving
• Attacker finds information in victim’s trash– Discarded computer manuals– Passwords jotted down– Company phone directories– Calendars with schedules– Financial reports– Interoffice memos– Company policy– Utility bills– Resumes
Hands-On Ethical Hacking and Network Defense, Second Edition 33
The Art of Dumpster Diving (cont’d.)
• Prevention– Educate users
• Dumpster diving
• Proper trash disposal
– Format disks before disposing them• Software writes binary zeros
• Done at least seven times
– Discard computer manuals offsite– Shred documents before disposal
Hands-On Ethical Hacking and Network Defense, Second Edition 34
The Art of Piggybacking
• Trailing closely behind an employee cleared to enter restricted areas
• How it works:– Watch authorized personnel enter an area– Quickly join them at security entrance– Exploit desire to be polite and helpful– Attacker wears a fake badge or security card
Hands-On Ethical Hacking and Network Defense, Second Edition 35
The Art of Piggybacking (cont’d.)
• Prevention– Use turnstiles– Train personnel to notify security about strangers– Do not hold secured doors for anyone
• Even people they know
– All employees must use access cards
Hands-On Ethical Hacking and Network Defense, Second Edition 36
Phishing
• Phishing e-mails– “Update your account details”– Usually framed as urgent request to visit a Web site
• Web site is a fake
• Spear phishing– Combines social engineering and exploiting
vulnerabilities– E-mail attacks directed at specific people
• Comes from someone the recipient knows
• Mentions topics of mutual interest
Hands-On Ethical Hacking and Network Defense, Second Edition 37
Hands-On Ethical Hacking and Network Defense, Second Edition 38
Figure 4-12 A phishing e-mail
Summary
• Footprinting– Gathering network information with Web tools
• Competitive intelligence – Gathered through observation and Web tools
• IP addresses and domain names – Found by using tools (e.g., SamSpade)
• Cookies and Web bugs– Collect and retrieve user’s information
• Zone transfers– Used to obtain network topologies
Hands-On Ethical Hacking and Network Defense, Second Edition 39
Summary (cont’d.)
• Social engineering– Attacks using human nature
• Many methods
– Educate personnel
• Attacker techniques – Shoulder surfing– Dumpster diving– Piggybacking– Phishing
Hands-On Ethical Hacking and Network Defense, Second Edition 40