3. Hacker Terms
•Hacking - showing computer expertise.
•Cracking - breaking security on software or
systems
•Phreaking - cracking telecom networks
•Spoofing - faking the originating IP address in a
datagram
•Denial of Service (DoS) - flooding a host with
sufficient network traffic so that it can’t respond
anymore
•Port Scanning - searching for vulnerabilities
4. Legal and ethical questions?
♦ What is Ethical Hacking?
♦ Who are ethical hackers?
♦ Attack exploit the vulnerabilities
♦ Being prepared
♦ Kinds of testing
♦ Final Report
♦ Ethical hacking-commandments
♦ Suggestion
5. Hacking through the ages
♦ 1969 - Unix ‘hacked’ together
♦ 1971 - Cap ‘n Crunch phone exploit discovered
♦ 1988 - Morris Internet worm crashes 6,000 servers
♦ 1994 - $10 million transferred from CitiBank accounts
♦ 1995 - Kevin Mitnick sentenced to 5 years in jail
♦ 2000 - Major websites succumb to DDoS
♦ 2000 - 15,700 credit and debit card numbers stolen from Western Union
(hacked while web database was undergoing maintenance)
♦ 2001 Code Red
– exploited bug in MS IIS to penetrate & spread
– probes random IPs for systems running IIS
– had trigger time for denial-of-service attack
– 2nd
wave infected 360000 servers in 14 hours
♦ Code Red 2 - had backdoor installed to allow remote control
♦ Nimda -used multiple infection mechanisms email, shares, web client, IIS
♦ 2002 – Slammer Worm brings web to its knees by attacking MS SQL Server
6. Types of hacker
♦ Professional hackers
– Black Hats – the Bad Guys
– White Hats – Professional Security Experts
♦ Script kiddies
– Mostly kids/students
• User tools created by black hats,
– To get free stuff
– Impress their peers
– Not get caught
♦ Underemployed Adult Hackers
– Former Script Kiddies
• Can’t get employment in the field
• Want recognition in hacker community
• Big in eastern European countries
♦ Ideological Hackers
– hack as a mechanism to promote some political or ideological purpose
– Usually coincide with political events
7. Gaining access
♦ Front door
– Password guessing
– Password/key stealing
♦ Back doors
– Often left by original developers as debug and/or diagnostic tools
– Forgot to remove before release
♦ Trojan Horses
– Usually hidden inside of software that we download and install
from the net (remember nothing is free)
– Many install backdoors
♦ Software vulnerability exploitation
– Often advertised on the OEMs web site along with security
patches
– Fertile ground for script kiddies looking for something to do
8. Back doors & Trojans
♦ e.g. Whack-a-mole / NetBus
♦ Cable modems / DSL very vulnerable
♦ Protect with Virus Scanners, Port Scanners,
Personal Firewalls
9. Software vulnerability exploitation
♦ Buffer overruns
♦ HTML / CGI scripts
♦ Poor design of web applications
– Javascript hacks
– PHP/ASP/ColdFusion URL hacks
♦ Other holes / bugs in software and services
♦ Tools and scripts used to scan ports for vulnerabilities
10. Password guessing
♦ Default or null passwords
♦ Password same as user name (use finger)
♦ Password files, trusted servers
♦ Brute force
– make sure login attempts audited!
11. Ethical Hacking
♦ Independent computer security
Professionals breaking into the
computer systems.
♦ Neither damage the target
systems nor steal information.
♦ Permission is obtain from target.
♦ Part of an overall security
program.
12. Ethical Hackers but not Criminal
Hackers
♦ Completely trustworthy.
♦ Strong programming and computer
networking skills.
♦ Learn about the system and trying to
find its weaknesses.
♦ Techniques of Criminal hackers-
Detection-Prevention.
♦ Published research papers or released
security software.
♦ No Ex-hackers.
13. Who are ethical hackers?
♦ An ethical hacker is a computer and
networking expert who systematically
attempts to penetrate a computer system
or network on behalf of its owners for the
purpose of finding security
vulnerabilities that a malicious hacker
could potentially exploit.
♦ It posses same skills, mindset and tools of
hacker but attack are done in non-
destructive manner
14. ♦ Any organization that has a network connected to
the Internet or provides an online service should
consider subjecting it to a penetration test. Various
standards such as the Payment Card Industry Data
Security Standard require companies to conduct
penetration testing from both an internal and
external perspective on an annual basis and after
any significant change in the infrastructure or
applications. Many large companies, such as IBM,
maintain employee teams of ethical hackers, while
there are plenty of firms that offer ethical hacking
as a service.
15. Attack-exploit the vulnerabilities
♦ Exploiting implementation of HTTP, SMTP
protocols.
♦ SQL injection.
♦ Spamming.
♦ Gaining access to application database.
♦ Free exploits from hacker website.
♦ Internally develpoed.
16. Being Prepared
♦ Identification of target-company websites, mail
servers, etc.
♦ Does anyone at the target What can an intruder do
with that information?
♦ Notice the intruder's attempts or successes?
♦ Signing of contract
1. Time window for attacks.
2. Total time for testing.
3. Prior knowledge of the system.
4. Key people who are made aware of the testing.
17. Kinds of Testing
♦ Remote Network
♦ Remote dial-up network
♦ Local network
♦ Stolen laptop computer
♦ Social engineering
♦ Physical entry
1.Total outsider
2.Semi-outsider
3.Valid user
18. Final Report
♦ Collection of all discoveries made during
evaluation.
♦ Specific advice on how to close the
vulnerabilities.
♦ Testers techniques never revealed.
♦ Delivered directly to an officer of the client
organization in hard-copy form.
♦ Steps to be followed by clients in future.