Ethical Hacking Philip Robbins August 31, 2013 Information - - PowerPoint PPT Presentation

ethical hacking
SMART_READER_LITE
LIVE PREVIEW

Ethical Hacking Philip Robbins August 31, 2013 Information - - PowerPoint PPT Presentation

Aug 17, 2022 285 likes •1.17k views

ISA 330 Introduction to Proactive System Security Week #1 Ethical Hacking Philip Robbins August 31, 2013 Information Security & Assurance Program University of Hawai'i West Oahu 1 Ethical Hacking Topics Introductions Syllabus

slide-1
SLIDE 1

ISA 330 Introduction to Proactive System Security Philip Robbins – August 31, 2013

Ethical Hacking

Information Security & Assurance Program University of Hawai'i West Oahu Week #1

1

slide-2
SLIDE 2

2

Ethical Hacking

Topics

  • Introductions
  • Syllabus Review
  • Fundamentals of Ethical Hacking
  • Class Discussion
  • Tools
  • Security Resources
  • Review Questions, Q&A
slide-3
SLIDE 3

3

Introductions

Who am I?

  • Information Systems Authorizing Official Representative

‐ United States Pacific Command (USPACOM) ‐ Risk Management Field ‐ Assessments to USPACOM Authorizing Official / CIO

  • Former Electronics & Environmental Engineer
  • Bachelor of Science in Electrical Engineering
  • Master of Science in Information Systems
  • Ph.D. Student in Communication & Information Sciences
  • Certified Information Systems Security Professional (CISSP) and Project

Management Professional (PMP)

slide-4
SLIDE 4

4

Syllabus

Class Textbook

slide-5
SLIDE 5

5

Fundamentals

“A locked door keeps an honest man out.”

slide-6
SLIDE 6

6

Fundamentals

  • Introduction to Proactive System Security

What this class IS about:

An introductory course in adopting a proactive (v.s. reactive) stance towards systems security.

What this class IS NOT about:

An offensive class in hacking. How does one better understand how to defend against system security attacks? By performing and testing against them.

slide-7
SLIDE 7

7

Fundamentals

  • In the news:

Facebook CEO personal page hacked by Palestinian white hat. Chinese suffers largest internet attack in history. Syrian Electronic Army takes down the New York Times.

http://www.cnn.com/video/data/2.0/video/world/2013/08/19/worldone‐clancy‐zuckerberg‐facebook‐security‐flaw.cnn.htm

slide-8
SLIDE 8

8

Fundamentals

  • In the news:

Facebook CEO personal page hacked by Palestinian white hat. Chinese suffers largest internet attack in history. Syrian Electronic Army takes down the New York Times.

http://money.cnn.com/2013/08/26/technology/china‐cyberattacks/index.html

slide-9
SLIDE 9

9

Fundamentals

  • In the news:

Facebook CEO personal page hacked by Palestinian white hat. Chinese suffers largest internet attack in history. Syrian Electronic Army takes down the New York Times.

http://www.cnn.com/2013/08/30/opinion/lewis‐hackers‐nyt/index.html?iref=allsearch

slide-10
SLIDE 10

10

Fundamentals

  • What is Hacking?

Classical Definition: Seeking to understand computer systems strictly for the love of having that knowledge. Modern Definition: Illegal access to computer or network systems.

BEFORE NOW

slide-11
SLIDE 11

11

Fundamentals

  • What is a “Hacker”?
slide-12
SLIDE 12

12

slide-13
SLIDE 13

13

Fundamentals

Who/what is a “Cracker”?

Term used to describe a hacker with malicious intent. Crackers (cyber criminals) get into all kinds of mischief, including breaking or "cracking" copy protection on software programs, breaking into systems and causing harm, changing data, or stealing.

slide-14
SLIDE 14

14

Fundamentals

  • “Hacker” v.s. “Cracker”?

‐ Today there’s no real distinction between the two terms. Hacker = Cracker However… ‐ Some hackers regard crackers as less educated. ‐ Some crackers don’t create their own work; simply steal other people's work to cause mischief, or for personal gain.

slide-15
SLIDE 15

15

Fundamentals

  • Who are “Script kiddies”?

‐ Unskilled individuals who use scripts or programs developed by knowledgeable programmers to attack computer systems. ‐ Generally considered “posers” or “kiddies” lacking the ability to write sophisticated scripts or programs on their own. ‐ Usually seeking to gain credit or impress their friends.

slide-16
SLIDE 16

16

Fundamentals

What is an “Ethical Hacker”?

  • Oxymoron: Honest Criminal

‐ A new breed of network defenders. ‐ Performs the same activities a hacker does but with the owner / company’s permission. ‐ Usually contracted to perform penetration testing.

slide-17
SLIDE 17

17

Fundamentals

  • Penetration Testing

‐ Discover vulnerabilities. ‐ Perform attack and penetration assessments. ‐ Perform discovery and scanning for open ports & services. ‐ Apply exploits to gain access and expand access as necessary. ‐ Activities involving application penetration testing and application source review. ‐ Interact with the client as required. ‐ Produce reports documenting discoveries during the engagement. ‐ Report your findings with the client at the conclusion of each engagement.

v.s.

  • Security Testing

+ Participate in research and provide recommendations for improvement. + Participate in knowledge sharing.

slide-18
SLIDE 18

18

Fundamentals

  • Why perform Penetration Tests?
slide-19
SLIDE 19

19

Fundamentals

  • Steps for a Penetration Test

Step #1: Planning Phase

‐ Scope & Strategy of the assignment is determined. ‐ Existing security policies and standards are used for defining the scope.

Step #2: Discovery Phase

‐ Collect as much information as possible about the system including data in the system, user names and even passwords (fingerprinting). ‐ Scan and Probe into the ports. ‐ Check for vulnerabilities of the system.

Step #3: Attack Phase

‐ Find exploits for various vulnerabilities. ‐ Obtain necessary security Privileges to exploit the system & exploit.

slide-20
SLIDE 20

20

Fundamentals

  • Steps for a Penetration Test

Step #4: Reporting Phase

‐ Report must contain detailed findings. ‐ Risks of vulnerabilities found and their impact on business ‐ Recommendations for solutions, if any (Security Testing).

slide-21
SLIDE 21

21

Fundamentals

  • Penetration Testing Limitations

‐ Can’t find all the vulnerabilities on a system. ‐ Time for tester ‐ Budget ‐ Scope ‐ Skills of testers ‐ Data loss and corruption ‐ Downtime for organization ‐ Increased costs for organization* * How could pen testing decrease costs for an organization?

slide-22
SLIDE 22

22

Fundamentals

  • Roles & Responsibilities of the Pen‐Tester

‐ Testers should collect required information from the Organization to enable penetration tests (depending on the type of testing model). ‐ Find flaws that could allow hackers to attack a target machine. ‐ Pen Testers should think & act like real hackers (ethically). ‐Tester should be responsible for any loss in the system or information during the testing. ‐ Tester should keep data and information confidential.

slide-23
SLIDE 23

23

Fundamentals

  • Types of Pen‐Testing Methodologies

White Box Model

‐ Tester is given the company network topology, info on technology used, and permission to interview all employees (including IT personnel).

Black Box Model

‐ Tester is not given any information. ‐ Management doesn’t tell staff about the pen test being conducted. ‐ Help determine if company’s security personnel are able to detect attacks.

Gray Box Model

‐ Hybrid of the white and black box models. ‐ Tester may get partial information.

slide-24
SLIDE 24

24

Class Discussion

  • Which pen‐testing category / model closely mimics

that of an insider threat?

  • Which type of pen‐testing model is better suited for an
  • rganization on a extremely limited budget?
  • Which pen‐testing model is most

accurate? Which can be considered to have the greatest drawback?

slide-25
SLIDE 25

25

Class Discussion

slide-26
SLIDE 26

26

Fundamentals

  • Types of Hats
  • White Hats (Ethical / Pen-Testers improving security)
  • Black Hats (Hackers / Crackers degrading security)
  • Grey Hats (In-between White and Black)
  • Red Hat (Enterprise Linux)
slide-27
SLIDE 27

27

Fundamentals

  • What can you do Legally?

What about: ‐ Port scanning? ‐ Possession of hacking tools? ‐ Photographing? ‐ ISP Acceptable Use Policy (AUP)? ‐ Installing viruses on a computer network denying users?

In Hawaii, the state must prove that the person charged with committing a crime on a computer had the “intent to commit a crime.”

slide-28
SLIDE 28

28

Fundamentals

  • Federal Laws:

‐ Computer Fraud and Abuse Act, Title 18 Crime to access classified information with authorization. ‐ Electronic Communication and Abuse Act Illegal to intercept any communication, regardless of how it was transmitted. ‐ Stored Wire and Electronic Communications and Transactional Records Act Defines unauthorized access to computers that store classified information.

slide-29
SLIDE 29

29

Class Discussion

  • What are the advantages of using a written contract

when engaged in a computer consulting job?

  • Why is it important that your attorney read over the

contract before you sign it?

  • What is upper management’s role

for a penetration test?

slide-30
SLIDE 30

30

Class Discussion

  • Why do you think the government does not define a

common law for computer‐related crimes, rather than allowing each state to address these issues?

slide-31
SLIDE 31

31

Fundamentals

  • Ethical Hacking in a Nutshell

‐ Must have a good understanding of networks & computer technology. ‐ Must be able to communicate with management & IT personnel. ‐ Must have an understanding of the laws that apply to your location. ‐ Must be able to apply the necessary tools to perform your tasks.

slide-32
SLIDE 32

32

Fundamentals

  • Professional Certifications

Certified Ethical Hacker (CEH) Cisco Certified Network Associate (CCNA) Project Management Professional (PMP) Certified Information Systems Security Professional (CISSP)

slide-33
SLIDE 33

33

Fundamentals

  • Careers
slide-34
SLIDE 34

34

Fundamentals

  • CEH 22 Domains
slide-35
SLIDE 35

35

Fundamentals

  • CEH: Domain #1
slide-36
SLIDE 36

36

Fundamentals

  • CEH: Domain #2
slide-37
SLIDE 37

37

Fundamentals

  • CEH: Domain #3
slide-38
SLIDE 38

38

Fundamentals

  • CEH: Domain #4
slide-39
SLIDE 39

39

Fundamentals

  • CEH: Domain #5
slide-40
SLIDE 40

40

Fundamentals

  • CEH: Domain #6
slide-41
SLIDE 41

41

Fundamentals

  • CEH: Domain #7
slide-42
SLIDE 42

42

Fundamentals

  • CEH: Domain #8
slide-43
SLIDE 43

43

Fundamentals

  • CEH: Domain #9
slide-44
SLIDE 44

44

Fundamentals

  • CEH: Domain #10
slide-45
SLIDE 45

45

Fundamentals

  • CEH: Domain #11
slide-46
SLIDE 46

46

Fundamentals

  • CEH: Domain #12
slide-47
SLIDE 47

47

Fundamentals

  • CEH: Domain #13
slide-48
SLIDE 48

48

Fundamentals

  • CEH: Domain #14
slide-49
SLIDE 49

49

Fundamentals

  • CEH: Domain #15
slide-50
SLIDE 50

50

Fundamentals

  • CEH: Domain #16
slide-51
SLIDE 51

51

Fundamentals

  • CEH: Domain #17
slide-52
SLIDE 52

52

Fundamentals

  • CEH: Domain #18
slide-53
SLIDE 53

53

Fundamentals

  • CEH: Domain #19
slide-54
SLIDE 54

54

Fundamentals

  • CEH: Domain #20
slide-55
SLIDE 55

55

Fundamentals

  • CEH: Domain #21
slide-56
SLIDE 56

56

Fundamentals

  • CEH: Domain #22
slide-57
SLIDE 57

57

Tools

Backtrack 5r3

Ubuntu Linux Distribution providing a comprehensive collection of security‐related tools for digital forensics and pen testing use. http://www.backtrack‐linux.org/downloads/

slide-58
SLIDE 58

58

Tools

Kali Linux (a.k.a. Backtrack 6)

A debian Linux Distribution rewritten from Backtrack. Preinstalled with numerous penetration‐ testing programs, including nmap (a port scanner), Wireshark (a packet analyzer), John the Ripper (a password cracker), and Aircrack‐ng (a software suite for penetration‐testing wireless LANs). http://www.kali.org/downloads

slide-59
SLIDE 59

59

Tools

Metasploitable 2.0

Intentionally vulnerable Linux virtual machine. http://www.offensive‐security.com/metasploit‐unleashed/Metasploitable http://sourceforge.net/projects/metasploitable/files/Metasploitable2/

slide-60
SLIDE 60

60

Tools

Damn Vulnerable Linux (DVL) 1.5 Infectious Disease

Originally formed from Slackware with the goal of being an intentionally vulnerable system for practice/teaching purposes in regards to Network and Computer Security. Now considered discontinued. http://distrowatch.com/table.php?distribution=dvl http://download.vulnhub.com/dvl/DVL_1.5_Infectious_Disease.iso

slide-61
SLIDE 61

61

General Security Resources

  • Cyber Hui

http://www.cyberhui.org/ Cyber Hui is a community of Hawaii Cyber security professionals dedicated to sharing skills and knowledge with high school and college students. Join the Hui; check out their resources and discussion forums.

  • SANS Institute

http://www.sans.org/ Source for information security training and security certification; develops, maintains, and makes available at no cost, a collection of research documents about various aspects of information security. Find whitepapers here that interest you.

  • Symantec Connect http://www.securityfocus.com/

Technical community for Symantec customers, end‐users, developers, and partners.

  • SearchSecurity http://searchsecurity.techtarget.com/

Online Information Security Magazine providing immediate access to late breaking industry news, virus alerts, new hacker threats and attacks.

  • Internet Storm Center https://isc.sans.edu/forums/Diary+Discussions/

Community forums, discussions, and daily podcasts on auditing, forensics, network security, pen testing.

slide-62
SLIDE 62

62

General Security Resources

  • CyberPatriot

http://www.uscyberpatriot.org/CP5/Training.aspx Air Force Cyber Defense Competition.

slide-63
SLIDE 63

63

General Security Resources

  • IASE

http://iase.disa.mil/policy‐guidance/ Most comprehensive compilation of DoD Policies & Guidance documentation for Information Assurance .

slide-64
SLIDE 64

64

Review Questions

  • Question #1

The U.S. Department of Justice defines a hacker as which

  • f the following?

a. A person who accesses a computer or network without the

  • wner’s permission.

b. A penetration tester. c. A person who uses telephone services without payment. d. A person who accesses a computer or network with the

  • wner’s permission.
slide-65
SLIDE 65

65

Review Questions

  • Question #1

The U.S. Department of Justice defines a hacker as which

  • f the following?

a. A person who accesses a computer or network without the

  • wner’s permission.

b. A penetration tester. c. A person who uses telephone services without payment. d. A person who accesses a computer or network with the

  • wner’s permission.
slide-66
SLIDE 66

66

Review Questions

  • Question #2

A penetration tester is which of the following?

a. A person who accesses a computer or network without permission from the owner. b. A person who uses telephone services without payment. c. A security professional who’s hired to hack into a network to discover vulnerabilities. d. A hacker who accesses a system without permission but does not delete or destroy files.

slide-67
SLIDE 67

67

Review Questions

  • Question #2

A penetration tester is which of the following?

a. A person who accesses a computer or network without permission from the owner. b. A person who uses telephone services without payment. c. A security professional who’s hired to hack into a network to discover vulnerabilities. d. A hacker who accesses a system without permission but does not delete or destroy files.

slide-68
SLIDE 68

68

Review Questions

  • Question #3

Some experienced hackers refer to inexperienced hackers who copy or use prewritten scripts or programs as which of the following?

a. Script Monkey b. Packet Kiddies. c. Packet Monkeys. d. Script Kiddies.

slide-69
SLIDE 69

69

Review Questions

  • Question #3

Some experienced hackers refer to inexperienced hackers who copy or use prewritten scripts or programs as which of the following?

a. Script Monkey b. Packet Kiddies. c. Packet Monkeys. d. Script Kiddies.

slide-70
SLIDE 70

70

Review Questions

  • Question #4

A team composed of people with varied skills who attempt to penetrate a network is referred to as which of the following?

a. Green Team b. Blue Team c. Black Team d. Red Team

slide-71
SLIDE 71

71

Review Questions

  • Question #4

A team composed of people with varied skills who attempt to penetrate a network is referred to as which of the following?

a. Green Team b. Blue Team c. Black Team d. Red Team

slide-72
SLIDE 72

72

Review Questions

  • Question #5

What portion of your ISP contract might affect your ability to conduct a penetration test over the internet?

a. Scanning Policy b. Port Access Policy c. Acceptable Use Policy d. Warranty Policy

slide-73
SLIDE 73

73

Review Questions

  • Question #5

What portion of your ISP contract might affect your ability to conduct a penetration test over the internet?

a. Scanning Policy b. Port Access Policy c. Acceptable Use Policy d. Warranty Policy

slide-74
SLIDE 74

74

Review Questions

  • Question #6

Which federal law prohibits unauthorized access of classified information?

a. Computer Fraud and Abuse Act, Title 18 b. Electronic Communication and Abuse Act c. Stored Wire and Electronic Communications and Transactional Records Act d. Fourth Amendment

slide-75
SLIDE 75

75

Review Questions

  • Question #6

Which federal law prohibits unauthorized access of classified information?

a. Computer Fraud and Abuse Act, Title 18 b. Electronic Communication and Abuse Act c. Stored Wire and Electronic Communications and Transactional Records Act d. Fourth Amendment

slide-76
SLIDE 76

76

Review Questions

  • Question #7

Which federal law prohibits intercepting any communication, regardless of how it was transmitted?

a. Computer Fraud and Abuse Act, Title 18 b. Electronic Communication and Abuse Act c. Stored Wire and Electronic Communications and Transactional Records Act d. Fourth Amendment

slide-77
SLIDE 77

77

Review Questions

  • Question #7

Which federal law prohibits intercepting any communication, regardless of how it was transmitted?

a. Computer Fraud and Abuse Act, Title 18 b. Electronic Communication and Abuse Act c. Stored Wire and Electronic Communications and Transactional Records Act d. Fourth Amendment

slide-78
SLIDE 78

78

Review Questions

  • Question #8

Which federal law amended Chapter 119 of Title 18, U.S. Code?

a. Computer Fraud and Abuse Act, Title 18 b. Electronic Communication and Abuse Act c. Stored Wire and Electronic Communications and Transactional Records Act d. U.S. Patriot Act, Sec. 217: Interception of Computer Trespasser Communications

slide-79
SLIDE 79

79

Review Questions

  • Question #8

Which federal law amended Chapter 119 of Title 18, U.S. Code?

a. Computer Fraud and Abuse Act, Title 18 b. Electronic Communication and Abuse Act c. Stored Wire and Electronic Communications and Transactional Records Act d. U.S. Patriot Act, Sec. 217: Interception of Computer Trespasser Communications

slide-80
SLIDE 80

80

Review Questions

  • Question #9

To determine whether scanning is illegal in your area, you should do which of the following?

a. Refer to the U.S. code b. Refer to the U.S. Patriot Act c. Refer to the state laws d. Contact your ISP

slide-81
SLIDE 81

81

Review Questions

  • Question #9

To determine whether scanning is illegal in your area, you should do which of the following?

a. Refer to the U.S. code b. Refer to the U.S. Patriot Act c. Refer to the state laws d. Contact your ISP

slide-82
SLIDE 82

82

Review Questions

  • Question #10

As a security tester, what should you do before installing hacking software on your computer?

a. Check with local law enforcement agencies. b. Contact your hardware vendor. c. Contact your software vendor. d. Contact your ISP.

slide-83
SLIDE 83

83

Review Questions

  • Question #10

As a security tester, what should you do before installing hacking software on your computer?

a. Check with local law enforcement agencies. b. Contact your hardware vendor. c. Contact your software vendor. d. Contact your ISP.

slide-84
SLIDE 84

84

Review Questions

  • Question #11

Before using hacking software over the Internet, you should contact which of the following?

a. Your ISP. b. Your vendor. c. Local law enforcement authorities to check for compliance d. The FBI

slide-85
SLIDE 85

85

Review Questions

  • Question #11

Before using hacking software over the Internet, you should contact which of the following?

a. Your ISP. b. Your vendor. c. Local law enforcement authorities to check for compliance d. The FBI

slide-86
SLIDE 86

86

Review Questions

  • Question #12

Which organization issues the Top 20 list of current network vulnerabilities?

a. SANS Institute b. ISECOM c. EC‐Council d. OPST

slide-87
SLIDE 87

87

Review Questions

  • Question #12

Which organization issues the Top 20 list of current network vulnerabilities?

a. SANS Institute b. ISECOM c. EC‐Council d. OPST

slide-88
SLIDE 88

88

Questions?

probbins@hawaii.edu

www2.hawaii.edu/~probbins https://www.dorkatron.com/docs/ISA330/