Embed Size (px)
Citation preview
A Seminar report on
HACKING AND ITS TYPES
BY
RISHAB GUPTA(1005210043)
SUBMITTED TO
COMPUTER SCIENCE DEPARTMENT
IN PARTIAL FULFILLMENT OF THE REQUIREMENTS
FOR THE DEGREE OF
BACHELOR OF TECHNOLOGY
IN
COMPUTER SCIENCE AND ENGINEERING
INSTITUTE OF ENGINEERING AND TECHNOLOGY,LUCKNOW
G.B. Technical University
6th MAY, 2013
Student Name: TEJASVI SINGH (1005210053) Seminar Guide Name: Mr. VIMAL KUMAR
RISHAB GUPTA (1005210043) Seminar Guide Signature: GAURAV SRIVASTAVA(1005210025) Seminar Guide Name:Ms. Ritika Yaduvanshi
(CSE 3rd YEAR) Seminar Guide Signature:
CERTIFICATE
I certify that this report satisfies all the requirements as a seminar report for the degree of Bachelor of Technology.
_____________________Prof. S.P. TRIPATHIHead of Department
This is to certify that I have read this report and that in our opinion it is fully adequate, in scope and quality, as a seminar report for the degree of Bachelor of Technology.
________________________ _______________________Mr. VIMAL KUMAR Ms. RITIKA YADUVANSHI
Seminar Guide Seminar Guide
ACKNOWLEDGMENTS
The elation and gratification of this seminar will be incomplete without mentioning all the people who
helped me to make it possible, whose gratitude and encouragement were invaluable to me.
Firstly, I would like to thank GOD, almighty, our supreme guide, for bestowing his blessings upon me in my entire
endeavour. I express my sincere gratitude to Dr S.P. Tripathi , Head of Department for his support and guidance.
I also like to thank Mr.Vimal Kumar (lecturer) and Ms.Ritika Yaduvanshi (lecturer) for their valuable
words of advice.
I am also thankful to all the other lecturers in our department and students of my class for their support
and suggestions.
RISHAB GUPTA
i
ABSTRACT
Today more and more software are developing and people are getting
more and more options in their present software. But many are not aware
that they are being hacked without their knowledge. One reaction to this
state of affairs is a behavior termed Ethical Hacking" which attempts to
proactively increase security protection by identifying and patching
known security vulnerabilities on systems owned by other parties. A
good ethical hacker should know the methodology chosen by the hacker
like reconnaissance, host or target scanning, gaining access, maintaining
access and clearing tracks. For ethical hacking we should know about the
various tools and methods that can be used by a black hat hacker apart
from the methodology used by him. From the point of view of the user
one should know at least some of these because some hackers make use
of those who are not aware of the various hacking methods to hack into a
system. Also when thinking from the point of view of the developer, he
also should be aware of these since he should be able to close holes in
his software even with the usage of the various tools. With the advent of
new tools the hackers may make new tactics. But at least the software
will be resistant to some of the tools.
ii
TABLE OF CONTENTS
Acknowledgments i
Abstract ii
CHAPTER 1. INTRODUCTION
1.1 Brief introduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
1.2 History of hacking . . . . . . . . . . . . . . . . . . . . . . . . . . 4
CHAPTER 2. SCOPE OF HACKING 2.1 Careers in network security and ethical hacking. . . . . . . . . . . . 6 2.1.1 Network security system manager. . . . . . . . . . . . . . . . . . . . . . 6 2.1.2 High salaries in IT Security Careers . . . . . . . . . . . . . . . . . . . . . 7 2.1.3 Specializing in Net Security . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
CHAPTER 3. IMPORTANCE OF HACKING
3.1 Role in cyber security . . . . . . . . . . . . . . . 11
3.2 Role in business security . . . . . . . . . . . . . . . . . . . . 13
3.3 Role in education. . . . . . . . . . . . . . . . . . . . . . . . . . . . 14 .
CHAPTER 4. ETHICAL HACKING 4.1 What is Ethical Hacking? . . . . . . . . . . . . . . . . . . . . . . . 15
4.2 Different Shades of Ethical Hacking . . . . . . . . . . . . . 15
4.2.1 Black Box Approach
4.2.1.2 Five Phases of Black Box Approach
4.2.2 White Box Approach
4.2.2.1 Upper Management
4.2.2.2 Technical Support Management
4.2.2.3 Human Resources and Legal
4.2.3 The Grey Box Approach
iii
CHAPTER 5: METHODOLOGY OF HACKING 24
5.1 Reconnaissance 24 5.2 Scanning & Enumeration 24 5.3 Enumeration 24
5.4 Gaining access 25
5.5 Maintaining Access 25
5.6 Clearing Tracks 25
CHAPTER 6: ADVANTAGES AND DISADVANTAGES 26
6.1 Advantages 26
6.2 Disadvantages 26
CHAPTER 7: CONCLUSION 27
CHAPTER 8: REFERENCES 28
i
vCHAPTER 1
INTRODUCTION
Brief introductionHacking is the art of exploiting computers to get access to otherwise unauthorised information. Now that the world is using IT systems to gather, store and manipulate important information there is also a need to make sure that data is secure. However, no system is without its problems. Holes are often present within security systems which, if exploited, allow hackers to gain access to this otherwise restricted information. This WikiBook aims to give you the information required to think like hackers, so as to be able to secure your systems and keep your information safe.
The Internet was born in 1969. Almost immediately after the network was established, researchers were confronted with a disturbing fact: The Internet was not secure and could easily be cracked. Today, writers try to minimize this fact, reminding you that the security technologies of the time were primitive. This has little bearing. Today, security technology is quite complex and the Internet is still easily cracked.
We work in the darkWe do what we can
We give what we haveOur doubt is our passion, and our passion is our task
The rest is the madness of art.
-- Henry James
A hacker is a person intensely interested in the arcane and recondite workings of any computer operating system. Most often, hackers are programmers. As such, hackers obtain advanced knowledge of operating systems and programming languages. They may know of holes within systems and the reasons for such holes. Hackers constantly seek further knowledge, freely share what they have discovered, and never ever intentionally damage data.
A cracker is a person who breaks into or otherwise violates the system integrity of remote machines, with malicious intent.
1
Crackers, having gained unauthorized access, destroy vital data, deny legitimate users service, or basically cause problems for their targets. Crackers can easily be identified because their actions are malicious.
Please go through The Jargon File - a great source of trivia, lore, and translations for difficult concepts. The Jargon File contains a bunch of definitions of the term ‘hacker’, most having to do with technical adeptness and a delight in solving problems and overcoming limits.
The Hacker Attitude
1. The world is full of fascinating problems waiting to be solved.
2. No problem should ever have to be solved twice.
3. Boredom and drudgery are evil.
4. Freedom is good.
5. Attitude is no substitute for competence.
Basic Hacking Skills
1. Learn how to program.
2. Get one of the open-source UNIX and learn to use and run it.
3. Learn how to use the World Wide Web and write HTML.
4. If you don't have functional English, learn it.
Familiarization with Some Tools
SCANNER: A Scanner is a program that automatically detects security weaknesses in a remote or local host.
PASSWORD CRACKER: A Password Cracker is any program that can decrypt passwords or otherwise disable password protection. Sometimes a dictionary attack is performed.
TROJAN HORSE: A Trojan Horse an unauthorized program contained within a legitimate program. This unauthorized program performs functions unknown (and probably unwanted) by the user.
2
SNIFFER: A Sniffer is any device, whether software or hardware, that grabs information traveling along a network. That network could be running any protocol: Ethernet, TCP/IP, IPX, or others (or any combination of these). The purpose of the sniffer is to place the network interface into promiscuous mode and by doing so, to capture all network traffic
The Hackers
Richard Stallman: Stallman joined the Artificial Intelligence Laboratory at MIT in 1971. He received the 250K McArthur Genius award for developing software. He ultimately founded the Free Software Foundation, creating hundreds of freely distributable utilities and programs for use on the UNIX platform. He worked on some archaic machines, including the DEC PDP-10 (to which he probably still has access somewhere). He is a brilliant programmer.
Dennis Ritchie, Ken Thompson, and Brian Kernighan: Ritchie, Thompson, and Kernighan are programmers at Bell Labs, and all were instrumental in the development of the UNIX operating system and the C programming language. Take these three individuals out of the picture, and there would likely be no Internet (or if there were, it would be a lot less functional). They still hack today. (For example, Ritchie is busy working on Plan 9 from Bell Labs, a new operating system that will probably supplant UNIX as the industry-standard super-networking operating system.)
The Crackers
Kevin Mitnik: Mitnik, also known as Condor, is probably the world's best-known cracker. Mitnik began his career as a phone phreak. Since those early years, Mitnik has successfully cracked every manner of secure site you can imagine, including but not limited to military sites, financial corporations, software firms, and other technology companies. (When he was still a teen, Mitnik cracked the North American Aerospace Defense Command.)
Kevin Poulsen: Having followed a path quite similar to Mitnik, Poulsen is best known for his uncanny ability to seize control of the Pacific Bell telephone system. (Poulsen once used this talent to win a radio contest where the prize was a Porsche. He manipulated the telephone lines so that his call would be the wining one.)
3
Poulsen has also broken nearly every type of site, but has a special penchant for sites containing defense data.This greatly complicated his last period of incarceration, which lasted five years. (This is the longest period ever served by a hacker in the United States.) Poulsen was released in 1996 and has apparently reformed.
History of hacking:
2.2 A short history about hacking
Being a hacker also means being part of the hacker culture, whether you like it or not. In this paragraph I will summarize noticeable events in the history of hacking. Since this guide focusses on hacking in the software-context, Iwill limit the timeline to that of computers in general. You could say a person like Leonardo Da Vinci was a hacker as well, but this guide isn't made for teaching history.
1960-1970 :The first hackersIn the ages of the first electronic computers like the ENIAC and PDP11, every computer-programmer could be considered a hacker. During these years there were no integrated development environments, no high level programming languages, just the programmer and the machine. The term hacker wasn't used yet, they just called themselves computer programmers.Most sources give the credit for first hackers to the group of students at theMIT's Artificial Intelligence lab, who were playing around with software usedby a very advanced miniature railroad switching system. They were allowed access to the university's supercomputers, which in these days was a big privilege. This was the first time computers were used for anything besides science or military usage.
1970-1980 :To phreak or not to phreakWith the rise of the telephone system a new technological system presented itself for hackers to try out their skills. When Bell, the largest telephone operator in the United States, switched from human operators to a computer managed phone system, the shit really hit the fan. This system used frequency notes to operate the computers, for example a 2600Hz tone caused the line to open for a new call, without charges.
4
It didn't take very long for the first generation of telephone-hackers to find out this 'feature' and a new movement of hackers hatched, calling themselves phreakers.Perhaps the best known hack from this period was using the whistle from a box of Cap'n Crunch cereals, which emitted a perfect 2600Hz tone, to make free calls.
1980-1990:Hacker uprisingUntil the personal computer, hacking was limited to phreakers or users of main frame computers. But when the computer became accessible for ‘normal' people , hacking really started to take over. This also meant the interest of Hollywood. In this period a lot of movies about `hacking' were produced, such as War Games (1983). With this new generationof younger hackers the cult kept growing, and soon groups of hackers started to form. Using BBS's (Bulletin Board System) they could communicate with each other, anonymously, by using self-picked handles. Most boards were not publically accessible to keep the knowledge from the masses, preventing abuse. Unfortunately, when hacking became more popular, it also caused more crackers to appear and damage the profile of the
hacking scene. The media loved it when a `hacker' was arrested for breaking into a bank computer system or something similar. Also, the first viruses were released in this period, the first one hitting the University of Delaware in 1987.
1990-2000 : The InternetWe will talk about the internet in detail in the chapter about Networks, but in the history of hacking, the emergingof the Internet as a global communication network gave hackers a vast playground to put their skills to the test. The way information could be shared grew enormously, and the concept script kiddie was born. Another movie hit the screens in 1995: `Hackers', in which curiously dressed up teenagers with techno-obsessions takes place.
5
CHAPTER 2
SCOPE OF HACKING
2.1 CAREERS IN NETWORK SECURITY AND EHICAL
HACKING:
Corporations need trained professionals to ensure that their Internet,
Intranet, VPN, network and database systems are safe.
Government agencies, including military and law enforcement , need
security specialists to keep their own systems safe. In addition, in the
ongoing battle against cyber terrorism and cybercrime, security
specialists are needed to track down and prosecute hackers, fraud artists
and terrorists. Places like the Central Intelligence Agency, the National
Security Agency and the Federal Bureau of Information need trained
agents who are savvy in computer science.
Consulting firms need security specialists, engineers and technicians to
provide professional expertise for corporations and government
agencies. Or think about going into business for yourself as an
independent security consultant.
2.1.1 Network Security Systems Manager: Manages all network
security systems for LAN/WAN, telecommunications and voice systems.
Network Security Administrator: Troubleshoots network access
problems and implements network security policies and procedures.
6
Network Security Engineer: Evaluates designs, integrates and develops
computer security systems.
Systems/Applications Security Executive: Develops and implements
security standards and procedures to ensure that all applications are
functional and secure.
Web Security Administrator: Develops implements and maintains
technologies that keep an organization's website secure.
Web Security Manager: Creates and maintains security measures to
support the information and data security needs of a web site.
2.1.2 High Salaries in IT Security Careers
Network and Internet security are two of the fastest-growing industries
around and they need technology graduates immediately
Certifications in Network Security:
CEH, CISA, CISSP, CHFI, MSS, SCNP and many more...
2.1.3 Specialising in Net security
Q. I wish to specialize in the field of Internet Security. What is the scope
for ethical hacking in India? Where can I get the required training?
A. How do credit card companies acquire foolproof safety? Who ensures
safe access to bank accounts over the Net, and security of messages on
local
7
computers and servers. Hackers (as opposed to crackers) are the experts
whose services are hired by organizations to test the robustness of their
network security systems. What differentiates ethical hackers from
crackers is that the former are actually paid to find a security breach in
an organization’s network. It is "ethical" or legal because it is done with
the client’s permission. With more and more organizations moving their
offline transactions online, e-security has emerged as a major issue.
Almost every Fortune 500 company employs hackers to protect their
critical data from possible cracker attacks. They also educate
government, defense services, banks and law enforcement bodies on how
to better use technology to get their jobs done securely.
To be a good hacker, you need to be an experienced and intelligent
programmer in the first place. You need to know at least one operating
system inside out. You have to be comfortable with networking, TCP/IP
and various other protocols. There are no shortcuts and the best approach
is to get hold of as many technical manuals. You can learn hacking
techniques from three main sources: The Net, books, and hacking clubs.
However, the best training is on the job, which requires expertise in
different tools and techniques.
As a fresher you would require rigorous training on various networking
technologies, operating systems, scripting, languages, security tools etc.
Experts in this field command huge salaries. Starting salaries would be
higher than standard networking and software professionals.
8
What is the entry level post? Network Security Administrator,
Application Security Tester, Forensics Tester, Ethical Hacker, Junior
Security Auditor, Security Certified Programmer, Security Certified
Information User
-What is the starting salary?
In India the starting salaries are of the range Rs 15K-50k depending on
qualifications. For e. g- A person who has done B. Tech computer
science along with a security certification like MASE will normally get
around Rs 30K as a starting salary and a person who has done diplomas
etc. with security certification like MASE will get around Rs 15K once
he completes the probabation period. Then he moves on to drawing
higher salaries with time and experience. Security sector is one of the
highest paid sector in the world and for India it will be no different. The
salaries go up to infinite range and security experts earn 15 lakh per
annum and company’s CISO ( Chief Information Security Officer ) earns
around Rs 25 lakhs per annum
-What is the growth curve like starting as a fresher, where can he
go?
Network Security administrator -> Network Security Manager ->
Security Officer -> Chief Information Security Officer
9
Ethical Hacker/Penetration Tester -> Security Consultant and Manager
-> Chief Information Security Officer
Application Security Tester -> Application Security Developer ->
Application Security Manager -> Chief Application Security Officer
Forensics Tester -> Forensics Manager – > Forensics head
Junior Security Auditor -> Security Auditor
10
CHAPTER 3
IMPORTANCE OF HACKING
3.1 ROLE IN CYBER SECURITY
A defense contractor faced repeated hacks from Chinese spies who
gained access to terabytes of confidential data, Bloomberg reports. More
security tools could help, QinetiQ North America, a prominent defense
contractor to the U.S. government, endured extensive on-again-off-again
hacks in 2007-2010 from spies in China, resulting in the loss of many
terabytes of sensitive data, including more than 10,000 passwords, chip
architecture for military robots and weapon information, according to an
article from Bloomberg Thursday.
The hackers accessed confidential data across multiple facilities from
laptops and servers alike, the article stated. To avoid being observed on a
company network, in one instance the hackers siphoned out data in small
quantities. And QinetiQ’s own employees apparently removed software
11
put on their computers to detect malware after becoming frustrated with
how it impacted the performance of their computers: with the IT
department’s permission.
Despite the known hacks, the federal government awarded a
cybersecurity contract to QinetiQ in 2012, according to the article.
QinetiQ sells two cybersecurity products, the Knowledge Discovery
Appliance and the Social Engineering Protection Appliance among other
offerings, although the article noted that many defense contractors have
also suffered from cyberattacks.
While federal agencies have investigated the hacks, QinetiQ retains its
ability to work with military technology, according to the Bloomberg
report, even though hacks have resurfaced many times over a several-
year period, and even when it’s in the government’s best interest to shut
down what has effectively served as a back door into federal networks.
The article reported that “the State Department lacks the computer
forensics expertise to evaluate the losses.” That’s pretty bad — and the
12
problem might only get worse as the the federal government looks at
ways to consolidate its IT footprint.
Following on a string of cyberattacks on companies earlier this year, the
news of the QinetiQ hacks is another example of the need for better
security protections for businesses and other organizations. It also calls
into question whether the feds can do more to prevent cyberattacks and
the government could do more to protect itself.
3.2 ROLE IN BUSINESS SECURITY
The current scenario of testing the efficiency of an organization's network to validate the protection of its confidential data and information is conducted with the practice of hacking. These hacking attempts uncover the possible loopholes and potential vulnerabilities present in a network, which could be harmful for an organization in case any other un-trustworthy hacker attempts to breach the network.
The term coined for such network security testing activity or routine is called Ethical Hacking, White Hat Hacking, red team etc. These hackers function in the same way as conventional or black-hat hacker will do with a difference of trust and intentions. While unethical hackers intrude the network to gain materialistic benefits like monetary benefits and confidential information, white hat hackers on the other hand, aim at finding weak security areas and potential threat areas within a network and suggesting appropriate measures to check those critical conditions. Primary goals of an ethical hacking procedure are:
building awareness about the protection and security at all levels
finding out the possible vulnerabilities
13
suggesting effective security procedure
providing a support for current and future IT activities
Many businesses have been victims of hacking attempts in recent years including the fortune 500 companies like Apple, Twitter and New York Times. Each attempt has injected some major or minor issues related to the data of users or of the organization itself. No organization is hidden from the threats of hacking as most of the businesses are based on network these days and large number of hacker attempts is made to penetrate the perimeter and gain advantage of loose security.
A professional hacker can protect and reduce the risk of exposure to a considerable extent as the company already possesses the information on possible attacks and has implemented the security measures. A hacker helps an organization in understanding the importance of network security with their experience of hacking, and displays the ways or series of steps an intruder can actually perform to harness the company resources for his own purpose.
A professional security expert or a White Hat expert can efficiently by-pass the security solutions like
secure hardware
encrypted data
anti-malware, anti-viruses and firewalls
and conducts a hacking algorithm to gain access to the confidential data repository and network resources without any authentication. Afterwards, he reports all the possible threat areas and appropriate solution for the same in order to secure the organizational resources and perimeter efficiently.
3.3 ROLE IN EDUCATION
Computer hacking is most common among teenagers and young adults, although there are
many older hackers as well. Many hackers are true technology buffs who enjoy learning
more about how computers work and consider computer hacking an “art” form. They often
enjoy programming and have expert-level skills in one particular program. It’s a chance to
demonstrate their abilities, not an opportunity to harm others.
CHAPTER 4
4.1 WHAT IS ETHICAL HACKING
Ethical hacking is a process in which an authenticated person,who is a computer and network expert, attacks a security system on behalf of its owners a security system on behalf of its owners, seeking vulnerabilities that a malicious hacker could exploit. In order to test the system an ethical hacker will use the same principles as the usual hacker uses, but reports those vulnerabilities instead of using them for their own advantage.
4.2 DIFFERENT SHADES OF ETHICAL HACKING
4.2.1 BLACK BOX APPROACH
The Black Box model follows a stochastic approach to the attack. [26] This signifies that there are many more unknowns or variables to be learned when utilizing this modus operandi of attack than when one uses other approaches. However, this does not mean that this method is anarchistic or without bounds. The static portion of this attack centers on the operational constraints that are placed upon the hacking team. These limiting parameters may be quite extensive and detailed based on the levels of risk that the client is willing to assume. Consequently, the hacking team must know the “rules of engagement” beforehand. Andrew T. Robinson views the perspective of the Black Box hacker as one who is a distrusted outsider with little or no knowledge concerning either the network or any security policies in effect. [16] Therefore, this model assumes that the network attackers proceed from the unknown to the known much as a criminal hacker would in real life during the initial phases of the attack. However, one must also differentiate between the various kinds of criminal hackers in order to determine
15
which categories of attackers will be used during the Black Box test.
There are four basic competencies or types of criminal hackers: script kiddies or novices,
technically astute hackers, sophisticated “Ueberhackers”, and disgruntled insider attackers. Webopedia.com at http://www.webopedia.com/TERM/s/script_kiddie.html
gives the following definition of script kiddie: A person, normally someone who is not technically sophisticated, who randomly seeks out a specific weakness over the Internet in order to gain root access to a system without really understanding what it is s/he is exploiting because the weakness was discovered by someone else. A script kiddie is not looking to target specific information or a specific company but rather uses knowledge of a vulnerability to scan the entire Internet for a victim that possesses that vulnerability. [23] This level of attacker tends to approach hacking from a more-or-less “helter- skelter” form point of view where they run roughshod over any target that they may find using any sort of attack tool that works. This being the case, it is especially important that the penetration team clear this approach with the client in order to determine the appropriateness of this “shotgun” technique. Technically astute hackers represent a higher caliber of threat than the script kiddies do. Typically, they have obtained quite a high level of understanding and experience with operating systems, programming or network theory. This variety of intruder is one who can serve as an excellent attacker model for the hacking team since their skill level would very likely be encountered in a real hacker attack. The most menacing class of attacker is the so-called “Ueberhacker”. Both Dan Farmer and Wietse Venema categorize this individual as being one who has extensive knowledge and experience about a myriad of computing subjects, ranging from developing their own vulnerability programs to erasing any evidence of their attacks. [7] This villain is most insidious about how they go about their assault. They are extremely methodical and tend to be very particular about their targets. For the ethical hacking team to emulate this attacker requires a great deal of resourcefulness and patience. This patience may not translate well into the time framework allocated for the penetration attack, so it is conceivable that the “Ueberhacker" approach may be outside the scope of the Black Box or any model of penetration tests.
The last form of attacker is the insider. We are all familiar with this type of individual: the disgruntled worker who has an “axe to grind” with
either their current or past employer. Paul Midian points out that this kind of hacker is not
16
necessarily technically astute; however, they either have or have had access to information about the network that makes them potentially dangerous to the client. [10] Insider attacks are well known and very effective, but the Black Box model usually does not use this sort of category for hacking since it is an attack that begins externally, not internally. One is more likely to see this category utilized in either the White Box or the Gray Box methods where either internal information is
provided to the hacking team or where one of the attack members is surreptitiously placed on the customer’s staff .
4.2.1.2 FIVE PHASES OF BLACK BOX APPROACH
Although there are numerous ways of delineating the breakdown of the Black Box methodology (note: some aspects of this breakdown are also applicable to the White Box and Gray Box models as well), one very useful framework developed for this attack method is described by Paul Midian. There are five basic phases to the Black Box test: the initial reconnaissance, service determination, enumeration, gaining access, and privilege escalation. [11]
The initial reconnaissance phase is an extremely important facet of the attack. Gabriel Serafini states that this phase centers on investigating the target organization by means of readily available public information. [18]
A great deal of insight can be gained concerning the objective just by accessing the client’s own web page. Often, important information concerning key personnel is listed here as well as other information that can be utilized when attempting to use social engineering tactics. Other sources of useful public information include using the various WHOIS databases, (i.e. ARIN, InterNIC, RIPE etc.), to glean important insights
concerning a company’s network and personnel. For example, the ARIN WHOIS database provides the following information about establishments, which utilize its services at http://ww1.arin.net/whois: ARIN’s WHOIS service provides a mechanism for finding contact and registration information for resources registered with ARIN. ARIN’s database contains IP addresses, autonomous system (AS) numbers, organizations or customers that are associated
17
with these resources, and related points of contact. [1]
As anyone can see, a great deal of information about a company can be gathered just by using this one resource. There are many other valuable sources of information that may be utilized: trade magazines, web search engines, newspaper articles, advertisements, and even such mundane items as the telephone directory. Information that may seem to be innocuous in and of itself, can be particularly valuable in combination with other seemingly harmless data. Through this aggregation of public domain information, the Black Box team can begin to paint a vivid picture of the target establishment.
The next stage of the Black Box approach is called the service determination or scanning phase. Namji describes this phase as one that attempts to derive information about the various listening services and ports that are currently operational on the client’s network. From this information, the penetration team should be able to determine the type of operating system that the client is using. [12]
Different operating systems have unique characteristics in that they will listen on specific TCP ports for service traffic which is particular to that OS. For example, Microsoft’s operating systems are famous for their utilization of such well-known ports as TCP-UDP137, 138, 139 and 445. [14] When a port scanner indicates that these ports are listening, then it is a good bet that that organization is running on a Microsoft platform. Among the various tools that the team may utilize to gather this data are the well-known NMap and others. The testing team will also use this time to scrutinize the network for various vulnerabilities. They may utilize “war dialing” techniques to determine if there are any errant dial-in modems existing on the network. Modems often provide the Ethical Hacker with a means to bypass the perimeter defenses of a network, (i.e. firewalls and routers), thus giving the attack team direct access to the
internal protected network. The penetration team will also utilize vulnerability scanners, (i.e. ISS, Nessus, SARA, SATAN, SAINT etc.,), in order to automate the process of determining possible weaknesses in the companies network. Webopedia.com provides a useful definition of vulnerability scanning at http://www.webopedia.com/TERM/v/vulnerability_scanning.html, which states that it is: The automated process of proactively identifying vulnerabilities of computing systems in a network in order to determine if and where a system can be exploited and/or threatened. While public servers are important for communication and data transfer over the Internet, they open the door to potential security breaches by threat agents, such as malicious hackers. Vulnerability scanning
18
employs software that seeks out security flaws based on a database of known
flaws, testing systems for the occurrence of these flaws and generating a report of the findings that an individual or an enterprise can use to tighten the network’s security. [24] Every application and operating system has built-in flaws. The automated vulnerability scanners enable the hacking team to be able to document these defects in a quick and effective manner. With this vital information, they can research not only what methods can be used to capitalize on these vulnerabilities, but also they can determine what avenues are available for mitigating the risks associated with them. The third element in the Black Box attack is the enumeration phase. Ida Mae Boyd breaks the objectives of the enumeration attack into three distinct focal points: “network resources and shares, users and groups, and applications and banners.” [2] If any of these items have not been properly guarded, then this provides the hacking team with an avenue for gaining initial access to the network system.
4.2.2 WHITE BOX APPROACH
The White Box approach is another attack method that may be used by the Ethical Hacker. This is a more deterministic plan of attack than the
Black Box one. [26] What is meant by this is that the White Box ethical hacking team will have much more information divulged to them prior to the penetration test, so there will be fewer unknowns or variables. Since the variables are limited, the methods utilized in the attack will probably be more controlled, hence more deterministic.
The rationale behind using the White Box mode versus the Black Box mode is twofold: time and money. The ethical hacking team only has a limited amount of time in order to access the network and the longer it takes them, the more resources they will have to utilize and ultimately the more it will cost the customer. By giving the ethical hacker the information about the network and its security posture in advance, the White Box method can reduce the amount of investment required to accomplish this task significantly. However, there are those who feel that the Black Box approach is a more accurate way to access the strength of a network’s defense because it illustrates how a criminal hacker might attempt to attack the network.
19
Corsair Limited Corporation, an information assurance corporation, feels that this is not necessarily the case. They argue that the criminal hacker may have extensive knowledge of the target organization since the hacker might have been an previous employee or because hackers have a great amount of time to gather intelligence .
4.2.2.1 UPPER MANAGEMENT
It must be stated that everything begins with upper management. They are not only the ones who create policy, but also they are the ones who have the vision for the organization. Thus, it is extremely important that the White Box hacking team “be on the same sheet of music” with them.If the penetration team fails to win the trust and cooperation of these individuals, then the penetration attack is doomed to failure. Upper management should provide to the penetration team a clear understanding of the current security policies that under gird their business. If upper management has not seen fit to establish a credible security policy or if the current one is not enforced or up-to-date, then the organization has unwittingly conceded defeat to any future attacks on
their network assets. With this knowledge available to the hacking team, they can strongly urge upper management to develop a plan of attack forinstituting a strong security policy. In addition to having an understanding of the security policy of an organization, the penetration specialists may also need uppermanagement to provide insight into their overall corporate structure and their current business models. Many times a company’s network structure will mirror (at least functionally) its corporate formation. This information is particularly helpful in assessing where the most sensitive and valuable network assets are located. Knowing a business’ current business model is advantageous to the hacking team because it may direct them in determining where their security plans need to focus in the future.
The White Box penetration team will probably need to know something about the types of customers an organization has. Every organization and business has customers since both render either some sort of service or product to someone. Upper management will also be primary resource for this information as well. By being aware of the customer base of the client, the penetration team will know why certain administrative and regulatory constraints are in place in order to protect the privacy and integrity of the customer.
Upper management knows their competitors. The ethical hacking team needs to know them as well since competitors; vendors, and partners may occasionally decide to use unethical means to gather information about a company.
20Knowing what the competition is after is a good way to determine whether the business is adequately defending these targets. This forces upper management to know what assets they are seeking to protect and knowing what measures they are willing to take to defend them. Once again, the specter of perception versus reality may come into play especially if the upper management is unaware of the true value oftheir informational assets.
Finally, upper management will have to delineate the parameters of theattack. They must determine what is suitable for exploitation and to whatextent it may be exploited . In addition, upper management has a rightto be made aware of just how these vulnerabilities will be tested so thatthey may seek the appropriate intervention should something go awry. [9]Upper management will also be responsible for notifying the appropriatepersonnel of the ethical hackers’ agenda.
4.2.2.2 TECHNICAL SUPPORT MANAGEMENT
The hacking team will enlist the help of the technical support team forseveral key areas:
• Physical topology and key access points to the network• Logical topology and the protocols used on the network• Major applications and the network operating systems• Firewalls, Routers, Switches, IDS and other devices andtheir configurations• RAS and VPN services• Modems• Wireless networks• Telecommunications devices: PBXs etc.• Intranet and extranet services• Web and e-mail servers• DNS and DHCP servers• Other specialty servers• Authentication methods• Patch management• Antivirus software
The technical support group will be conscious of possible downstream liability issues should one of the attacks result in a denial of service against some other organization. This is imperative if the company has intranet or extranet services utilized with partners or other company divisions. If in doubt, then corporate legal will have to be consulted in order to determine the extent of the corporate accountability. One final area where the technical support management will be providing input is for the security procedures of
21the network. This information is essential in determining whether or not their security lists and guidelines need to be revised in light of the results of the penetration test. The client needs to know if their security countermeasures have enough thoroughness and depth so that their network administrators will be able to adjust to varying types and degrees of attack with a high level of proficiency.
4.2.2.3 HUMAN RESOURCES AND LEGAL
The Human Resources department can provide useful insight about the company’s organization. They are a good source for revealing decision makers and they may know the leaders who are “in the trenches”. This type of knowledge is valuable to the ethical hacking team because it may help
them to determine the frontline personnel who will put up roadblocks or other objections to their penetration analysis. In addition, HumanResources’ understanding of the personnel roster is usually more granular than that of the upper management. Furthermore, they will be able to fill in the gaps of knowledge concerning corporate policy which should minimize the amount of personnel interviewing the attack team may have to do.
Last, but certainly not least is the legal department. They will help to insure that the hacking team doesn’t “step on the wrong toes” and end up creating a legal quagmire that nobody wishes to occur. They will be involved in the contractual agreement phase prior to the commencement of any type of ethical hack, so their importance is not to be underestimated. They will be aware of any kind of network boundary sharing with other groups or organizations. This will help the ethical hacking team to avoid any areas ambiguity when it comes to the demarcation point of the network. In addition, they will be partner to the agreement of limitations of legal liability for the penetration team. Furthermore, the legal department will provide detailed regulatory and administrative information to the attack group. If an organization is bound by certain security rules and regulations, then the ethical hackers should have this knowledge so that they may determine whether the target organization is in compliance. Once the level of compliance is determined, then this information will be brought to both upper management and to the legal department for their perusal.
4.2.3 THE GRAY BOX APPROACH
The Gray Box approach is essentially a hybrid attack model. It incorporates elements of both the Black Box and the White Box methods. Andrew T. Robinson says that there are two players in this scenario: the untrusted outsider who is working with the trusted insider to compromise the network.[16] Basically, this attack model allows for many interesting possibilities. The outsider may be in the process of initiating Black Box reconnaissance attacks while the insider is feeding important information to him or her. Now the external hacker will be able to tailor the scope of these attacks to the areas of true vulnerability. As with any attack model, the ultimate focus and direction comes from the clients’ management team. They will determine the criteria for specifying the rules of engagement and will dictate what levels of knowledge will be revealed to the hacking team. Therefore, the ethical hacking members may have to play different roles for this approach, some acting as insiders while others are acting as outsiders. This will posit some interesting problems for the team.
First, the management will have to determine what sort of communications channels will be allowed between the insiders and the outsiders. If the rules of engagement presuppose that the external attackers are thousands of miles away, then it would not be appropriate for the Black Box team to get with the White Box team at the end of the day to compare notes. Second, the ethical attack team must have a contingency plan in place should it just so happen that the communication link between insider and the outsider
becomes broken, (remember, there may be various scenarios acted out during the attack). The team must be ready to revert to a pure Black Box approach if this transpires. Since it may not be possible to regain insider access again, they must use any insider information previously obtained in a judicious fashion.
23
CHAPTER 5
METHODOLOGY OF HACKING
As described above there are mainly five steps in hacking like reconnaissance, scanning, and gaining access, maintaining access and clearing tracks. But it is not the end of the process. The actual hacking will be a circular one. Once the hacker completed the five steps then the hacker will start reconnaissance in that stage and the preceding stages to get in to the next level. The various stages in the hacking
methodology are: Reconnaissance Scanning & Enumeration Gaining access Maintaining access Clearing tracks
A) Reconnaissance:The literal meaning of the word reconnaissance means a preliminary survey to gain information. This is also known as foot-printing. This is the first stage in the methodology of hacking. As given in the analogy, this is the stage in which the hacker collects informationabout the company which the personal is going to hack. This is one of the pre-attacking phases. Reconnaissance refers to the preparatory phase where an attacker learns about all of the possible attack vectors that can be used in their plan.
B) Scanning & Enumeration:
Scanning is the second phase in the hacking methodology in which the hacker tries to make a blue print of the target network. It is similar to a thief going through your neighbourhood and checking every door and window on each house to see which ones are open and which ones are locked. The blue print includes the ip addresses of the target network which are live, the services which are running on those systems and so
24 on. Usually the services run on predetermined ports. There are different tools used for scanning war dialing and pingers were used earlier but nowadays both could be detected easily and hence are not in much use. Modern port scanning uses TCP protocol to do scanning and they could even detect the operating systems running on the particular hosts.
C) Enumeration:
Enumeration is the ability of a hacker to convince some servers to give them information that is vital to them to make an attack.
By doing this the hacker aims to find what resources and shares can be found in the system, what valid user account and user groups are there in the network, what applications will be there etc. Hackers may use this also to find other hosts in the entire network.
D) Gaining access:
This is the actual hacking phase in which the hacker gains access to the system. The hacker will make use of all the information he collected in the pre-attacking phases. Usually the main hindrance to gaining access to a system is the passwords. System hacking can be considered as many steps. First the hacker will try to get in to the system. Once he gets in to the system the next thing he wants will be to increase his privileges so that he can have more control over the system. As a normal user the hacker may not be able to see the confidential details or cannot upload or run the different hack tools for his own personal interest.
25
CHAPTER 6
6.1 ADVANTAGES
Provides security to banking and financial establishments
Prevents website defacements
An evolving technique
To catch a thief you have to think like a thief
6.2 Disadvantages
All depends upon the trustworthiness of the ethical hacker
Hiring professionals is expensive.
Future enhancements:
As it an evolving branch the scope of enhancement in technology is immense. No ethical hacker can ensure the system security by using the same technique repeatedly. He would have to improve, develop and explore new avenues repeatedly.
More enhanced software should be used for optimum protection. Tools used, need to be updated regularly and more efficient ones need to be developed
26
CHAPTER 7
CONCLUSIONS
One of the main aims of the seminar is to make others understand that there are so many tools through which a hacker can get in to a system. Let‘s check its various needs from various perspectives.
Student
A student should understand that no software is made with zero Vulnerabilities. So while they are studying they should study the various possibilities and should study how to prevent that because they are the professionals of tomorrow.
Professionals
Professionals should understand that business is directly related to Security. So they should make new software with vulnerabilities as less as possible. If they are not aware of these then they won‘t be cautious enough in security matters.
27
CHAPTER 8
REFERENCES
1. www.mycollegebook.net
2. www.wikipedia.org3. www.pdfcloud.net4. http://www.penetration-testing.com
5. www.faadooengineers.com
28
