Hands-On Ethical hacking and Network Defense -2 nd Edition Chapter 4 - - PDF document

Hands-On Ethical hacking and Network Defense -2nd Edition Chapter 4 Summary - Footprinting and Social Engineering Objectives

• After reading this chapter and completing the exercises, you will be able to:

– Use Web tools for footprinting – Conduct competitive intelligence – Describe DNS zone transfers – Identify the types of social engineering Using Web Tools for Footprinting

• “Case the joint”

– Look over the location

• What information in freely available

– Find weakness in security systems

• Determine what types of security measures and OS’s are in place

– Types of locks and alarms used

• Determine physical security controls, manufactures, and types are in place
• Footprinting

– Finding information on company’s network

• Publically available and obtainable data

– Passive and nonintrusive – Several available Web tools Whois – Commonly used – Gathers IP address and domain information – Attackers can also use it

• Web-based Whois

– Just as reliable – Many sources – Keyword

• Whois by IP
• Whois by domain
• IP Address to Physical Location correlation

– Several sites provide direct correlations Conducting Competitive Intelligence

• Numerous resources to find information legally

– Competitive intelligence

• Gathering information using technology
• Security professionals must:

– Explain methods used to gather information

• Have a good understanding of methods

Hands-On Ethical hacking and Network Defense -2nd Edition Chapter 4 Summary - Footprinting and Social Engineering

• Easy source of critical information

– Many available tools (most passive and difficult to detect) Analyzing a Company’s Web Site

• Paros

– Powerful tool for UNIX and Windows OSs – Requires Java J2SE

• Searching a Web site using Paros

– Click Tools, Spider – Enter Web site’s URL – Check results

• Paros: getting Web site structure

– Click Tree, Scan All – Report includes:

• Vulnerabilities
• Risk levels
• Gathering information this way:

– Time consuming – Requires altering client local configuration

• Requires latest JRE file installed
• Requires resetting proxy to

127.0.0.1 / 8080 Using E-mail Addresses

• E-mail addresses

– Help retrieve even more information for social engineering users

• E-mail address formatting

– Provides the framework to guess unknown possible high value targets addresses

• Tool to find corporate employee information

– Groups.google.com – Google hacking – extracts results for search engine archives Using HTTP Basics

• HTTP (Web Server Operations)

– Operates on port 80 or Port 443 (SSL) but others possible – Commands: Retrieve information from the server – Basic understanding of HTTP is beneficial for security testers – Data returned from probes can tell you about the OS and Web services used to host a site

• With just a URL, you can determine:

Hands-On Ethical hacking and Network Defense -2nd Edition Chapter 4 Summary - Footprinting and Social Engineering – Web server – OS – Names of IT personnel

• Other methods:

– Cookies – Web bugs – HTTP Methods Overview Detecting Cookies and Web Bugs

• Cookie

– Text file generated by a Web server – Stored on a user’s browser – Information sent back to Web server when user returns – Used to customize Web pages – Some cookies store personal information

• Security & Privacy issues:

– Can be used to track a users activities – Data traded between 3rd party site to form a more complete picture of surfing interests (even from disassociated sites and logons).

• Web bug

– One-pixel by one-pixel image file – Referenced in an <IMG> tag – Usually works with a cookie – Purpose similar to spyware and adware – Comes from third-party companies

• Specializing in data collection

– Calls to host web server log viewers data in server logs – Security and Privacy issues related to tracking Domain Name Service Reconnaissance

• Domain Name System (DNS)

– Converts a URL into an IP address – Seamless (usually) to the end user – Extremely vulnerable to poisoning

• Zone transfer tools

– Dig and Host

• Determining Primary DNS server

– Only the Primary Server holds the Start of Authority (SOA) record

• Shows zones or IP addresses

Hands-On Ethical hacking and Network Defense -2nd Edition Chapter 4 Summary - Footprinting and Social Engineering – Request Zone Transfer Records from DNS servers provides valuable network topology information

• DNS Transfer Record Request

Introduction to Social Engineering

• Older than computers

– Targets human component of a network

• Goals

– Obtain confidential information (passwords) – Obtain other personal information

• Tactics

– Persuasion – Intimidation – Coercion – Extortion/blackmailing

• Biggest security threat

– Most difficult to protect against

• Main idea:

– “Why try to crack a password when you can simply ask for it?”

• Users divulge passwords to IT personnel
• Human behavior studied

– Personality traits – Body language

• Techniques

– Urgency – Quid pro quo – Status quo – Kindness – Position

• Train users

– Not to reveal information – Follow published procedures – Refer to a supervisor is suspicious – To verify caller identity

• Ask questions and call back to confirm

The Art of Shoulder Surfing

• Shoulder Surfer

– Reads what users enter on keyboards

• Logon names
• Passwords

Hands-On Ethical hacking and Network Defense -2nd Edition Chapter 4 Summary - Footprinting and Social Engineering

• PINs
• Tools

– Binoculars or high-powered telescopes – Key positions and typing techniques – Popular letter substitutions

• $ equals s, @ equals a
• Prevention

– Avoid typing when:

• Someone is nearby
• Someone nearby is talking on cell phone

– Computer monitors:

• Face away from door , cubicle entryway, or

windows – Countermeasures

• Immediately change password if you suspect

someone is observing you

• Report suspected attempts to IT security and your Manager

The Art of Dumpster Diving

• Attacker finds information in victim’s trash:

– Discarded computer manuals - Passwords jotted down – Company phone directories - Calendars with schedules – Financial reports - Interoffice memos – Company policy - Utility bills – Resumes

• Never throw away information containing IP’s, user names, purchase data on software, etc…
• Shred using a cross-cut shredder is best method to destroy paper products.
• Perform physical destruction of disks and hardware (dispose off-site if possible)

The Art of Piggybacking

• Trailing closely behind an employee cleared to enter restricted areas
• How it works:

– Watch authorized personnel enter an area – Quickly join them at security entrance – Exploit desire to be polite and helpful – Attacker wears a fake badge or security card

• Prevention

– Use turnstiles – Train personnel to notify security about strangers – Do not hold secured doors for anyone

• Even people they know

Hands-On Ethical hacking and Network Defense -2nd Edition Chapter 4 Summary - Footprinting and Social Engineering – All employees must use access cards – Phishing

• Phishing e-mails

– “Update your account details” – Usually framed as urgent request to visit a Web site

• Web site is a fake
• Spear phishing

– Combines social engineering and exploiting vulnerabilities – E-mail attacks directed at specific people

• Appears to comes from someone the recipient knows
• Mentions topics of mutual interest