Upload
thiga-mwangi
View
58
Download
2
Tags:
Embed Size (px)
Citation preview
Introduction To Ethical HackingCLASS PRESENTATION
What is hacking?• In layman’s language, hacking is the process of cutting with rough or heavy blows.
•However, in the computer world, hacking refers to the process of using a computer to gain unauthorized access to data in a system.
Types Of Hackers
White hat hacker Gray hat hacker Black hat hacker
• an ethical computer hacker, or a computer security expert, who specializes in penetration testing and in other testing methodologies to ensure the security of an organization's information systems.
• A grey hat hacker lies between a black hat and a white hat hacker. A grey hat hacker may surf the Internet and hack into a computer system for the sole purpose of notifying the administrator that their system has a security defect, for example. They may then offer to correct the defect for a fee.
• violates computer security for little reason beyond maliciousness or for personal gain
Ethical HackingIN DETAILS
Ethical Hacking is:• Legal
• Permitted by the agent
• Part of an overal security programme
• When ethical hackers possess same skills,mindset and tools of a hacker but the attacks are done in a non destructive manner
A successful test doesn't necessarily mean a network or system is 100 percent secure, but it should be able to withstand automated attacks and unskilled hackers.
Why Ethical Hacking?1.Counter
defacements2.Protection from
possible external attacks
Introduction To Ethical Hacking• Ethical hackers use the same methods and techniques to test and bypass a system's defenses as their less-principled counterparts, but rather than taking advantage of any vulnerabilities found, they document them and provide advice on how to fix them.
• The purpose of ethical hacking is to evaluate the security of a system's infrastructure. It entails finding and attempting to exploit any vulnerabilities to determine whether unauthorized access or other malicious activities are possible.
Ethical Hacking Process• Preparation
• Footprinting
• Enumaration fingerprinting
• Identification of vulnerabilities
•Attack
ANY ORGANIZATION THAT HAS A NETWORK CONNECTED TO THE INTERNET OR PROVIDES AN ONLINE SERVICE SHOULD CONSIDER SUBJECTING IT TO A PENETRATION TEST.
Preparation• Identification of Targets – company websites, mail
servers, extranets, etc.
• Signing of Contract• Agreement on protection against any legal issues
• Contracts to clearly specifies the limits and dangers of the test
• Specifics on Denial of Service Tests, Social Engineering, etc.
• Time window for Attacks
• Total time for the testing
• Prior Knowledge of the systems
• Key people who are made aware of the testing
FootprintingCollecting as much information about the target
DNS Servers
IP Ranges
Administrative Contacts
Problems revealed by administrators
Information SourcesSearch enginesForumsDatabases – whois, ripe, arin, apnicTools – PING, whois, Traceroute, DIG, nslookup, sam spade
Enumeration & Fingerprinting
• Specific targets determined
• Identification of Services / open ports
• Operating System Enumeration
MethodsBanner grabbingResponses to various protocol (ICMP &TCP) commands Port / Service Scans – TCP Connect, TCP SYN, TCP FIN, etc.
ToolsNmap, FScan, Hping, Firewalk, netcat, tcpdump, ssh, telnet, SNMP Scanner
Identification of VulnerabilitiesVulnerabilities
• Insecure Configuration
• Weak passwords
• Unpatched vulnerabilities in services, Operating systems, applications
• Possible Vulnerabilities in Services, Operating Systems
• Insecure programming
• Weak Access Control
Identification of VulnerabilitiesMethods
• Unpatched / Possible Vulnerabilities – Tools, Vulnerability information Websites
• Weak Passwords – Default Passwords, Brute force, Social Engineering, Listening to Traffic
• Insecure Programming – SQL Injection, Listening to Traffic
• Weak Access Control – Using the Application Logic, SQL Injection
Identification of VulnerabilitiesTools
Vulnerability Scanners - Nessus, ISS, SARA, SAINT
Listening to Traffic – Ethercap, tcpdump
Password Crackers – John the ripper, LC4, Pwdump
Intercepting Web Traffic – Achilles, Whisker, Legion
Attack – Exploit the vulnerabilities• Obtain as much information (trophies) from the Target
Asset
• Gaining Normal Access
• Escalation of privileges
• Obtaining access to other connected systems
Last Ditch Effort – Denial of Service
Attack – Exploit the vulnerabilities
Network Infrastructure Attacks
Connecting to the network through modem
Weaknesses in TCP / IP, NetBIOS
Flooding the network to cause DOS
Operating System AttacksAttacking Authentication SystemsExploiting Protocol ImplementationsExploiting Insecure configurationBreaking File-System Security
Attack – Exploit the vulnerabilities
Application Specific Attacks• Exploiting implementations of HTTP, SMTP protocols
• Gaining access to application Databases
• SQL Injection
• Spamming
Attack – Exploit the vulnerabilitiesExploits
Free exploits from Hacker Websites
Customized free exploits
Internally Developed
Tools – Nessus, Metasploit Framework,
Reporting• Methodology
• Exploited Conditions & Vulnerabilities that could not be exploited
• Proof for Exploits - Trophies
• Practical Security solutions
Ethical Hacking - Commandments• Working Ethically• Trustworthiness
• Misuse for personal gain
• Respecting Privacy
• Not Crashing the Systems
prepared and Presented by: Group 1
•RefferencesWebsites:
Common Vulnerabilities & Exposures – http://cve.mitre.org
Bugtraq – www.securityfocus.com
Mwangi Thiga and Mwangi Edith