Ethical Hacking and Network Defence.

Michael T. Simpson, Kent Backman, James

Corley
Hacking Exposed—Network Security Secrets
& Solutions, Stuart McClure Joel Scambray,
George Kurtz
Ethical Hacking and Penetration Testing
Guide, Rafay Baloch , CRC Press

Hacking
Computer hacking is when someone modifies
computer hardware or software in a way that
alters the creator's original intent.

People who hack computers are known as

hackers.

In its modern sense, computer hacking

means gaining unauthorized access to
computer and network resources often, but
not always, with malicious intent.

1
 Hacker
Hackers break into computer systems by
exploiting security vulnerabilities, such as
poor configuration of Web servers
disabled security controls
poorly chosen or default passwords

Hackers may modify existing computer

resources and settings without consent and,
in so doing, cause damage or disruption to
computer systems or networks.

Threat and Attack (RFC 2828)

The terms threat and attack are commonly used to
mean more or less the same thing

A threat is a category of objects, persons, or other

entities that represents a constant danger to an asset.
An attack is an act or event that exploits
vulnerability.
threat can be either intentional or unintentional
where as an attack is intentional.

2
 Cyber Attack

A cyber attack is deliberate exploitation of

computer systems, technology-dependent
enterprises and networks.

Cyber attacks use malicious code to alter

computer code, logic or data, resulting in
disruptive consequences that can
compromise data and lead to cybercrimes,
such as information and identity theft.

3
Make the appropriate changes in the

C:\WINDOWS\system32\drivers\etc\Hosts

4
 VULNERABILITY

Flaw or weakness in system that can be exploited

to violate system integrity.
Security Procedures
Design
Implementation
Threats trigger vulnerabilities
Accidental
Malicious

Vulnerability

Flaw or weakness in system

Anything that offers a potential
avenue of attack against a system
poorly written code
incorrectly-configured systems
weak passwords

5
 Weak Passwords
A password that is easy to detect both by
humans and by computer
Password Guessing
blank (none)
the word "password", "passcode", "admin" and their
derivatives
the user's name or login name
the name of their significant other or another
person (loved one) their birthplace or date of
birth
a pet's name

Weak Passwords
a dictionary word in any language

automobile license plate number

a row of letters from a standard keyboard layout
(eg, the qwerty keyboard -- qwerty itself, asdf, or
qwertyuiop)

6
 Default Password
A moderately high number of local and
online applications have inbuilt default
passwords that have been configured by
programmers during development stages of
software.
There are lots of applications running on the
internet on which default passwords are
enabled.
So, it is quite easy for an attacker to enter
default password and gain access to sensitive
information.

14

7
 Ethical Hacking
An ethical hacker is a computer and network
expert who attacks a security system on
behalf of its owners, seeking vulnerabilities
that a malicious hacker could exploit.
Hackers think that what they do is like an art
form.
hacking gives them the opportunity to use
their problem-solving skills and a chance to
show off their abilities.
Most of them do not wish to harm others.
Consultant for law enforcement Agencies-


Ethical Hacking
Ethical hackers
Employed by companies to perform penetration
tests
Penetration test
Legal attempt to break into a company’s network
to find its weakest link
Tester only reports findings, does not solve
problems
Security test
More than an attempt to break in; also includes
analyzing company’s security policy  and
procedures
Tester offers solutions to secure or protect the
network

8
 Security Policy
Security policy (also called an information
security policy or IT security policy) is a
document that spells out the rules,
expectations, and overall approach that an
organization uses to maintain the
confidentiality, integrity, and availability of
its data.

Acceptable Use Policy – An acceptable use policy

(AUP) can explain to your employees how your
organization’s data assets, computer equipment,
and other sensitive resources should be used.
Email, Netflix, HPC, Web Page

Security Policy

Network Security Policy – Outlines the principles,

procedures, and guidelines to enforce, manage,
monitor, and maintain data security on a
corporate network. – Ai based firewall, Network
Device Protection
Allow access to Outside Campus , VPN, CCMT
Counselling

Data Management Policy - A data management

policy (DMP) governs the use, monitoring, and
management of an organization’s data.
A DMP usually describes what data is collected; how
it is collected, processed, and stored; who has access
to it; where it is located; and when it must be deleted.

9
 Security Policy

Password Management Policy- A password

management policy (PMP) governs the creation,
management, and protection of user credentials
in your organization.
A PMP can enforce healthy password habits such as
sufficient complexity, length, uniqueness, and regular
rotation.
A removable media policy- It governs and guides
the proper and secure use of USB devices such as
flash memory devices, SD cards, cameras,and
removable hard drives.

Example of Policy

Definition of a Hacker

Hacker noun (see Raymond, 1991)

– A person who enjoys learning the details of
computer systems and how to stretch their
capabilities – as opposed to the most users
of computers, who prefer to learn only the
minimum amount necessary.
– One who programs enthusiastically or who
enjoys programming rather than just
theorizing about programming

10
Types of Hackers (Terminology)
White hat

Grey hat

Black hat

Type of Hackers
Black hat hackers are criminals who break into
computer networks with malicious intent. They
may also release malware that destroys files,
holds computers hostage, or steals passwords,
credit card numbers, and other personal
information.

Gray hat hackers may sometimes violate laws or

usual ethical standards, but they do not have the
malicious intent typical of a black hat hacker.

also called “ethical hackers” or “good hackers” –

are the antithesis of black hats. They exploit
computer systems or networks to identify their
security flaws so they can make
recommendations for improvement.

11
 Ethical Hacker
1. Crack Password.
2. Identifying and recording security flaws and
breatches.
3. Bypass and crack the wireless encryption.
4. Hijack the web server and web application.
5. Install backdoor program to access attacker/victim
machine.
6. Perform the footprinting.
7. Sniffing network.
8. Evidence corelated.
9. Suggestion for security upgrade.

24

12
 How the Hack in

General Steps
Locate the victim host by some scanning
program
Identify the victim host vulnerability
Attack the victim host via this vulnerability
Establish backdoors for later access

What Can Do Legally

Laws involving technology change as rapidly

as technology itself
Find what is legal for you locally
Laws change from place to place
Be aware of what is allowed and what is not
allowed

13
 What You Cannot Do Legally

Accessing a computer without permission is

illegal
Other illegal actions
Installing worms or viruses
Denial of Service attacks
Denying users access to network resources
Be careful your actions do not prevent
customers/end users from doing their jobs

Ethical Hacker Requirement

In-depth knowledge of parameter

manipulation, session hijacking, buffer over
run and cross-site scripting.
Technical knowledge of routers, firewalls, and
server systems.
Good troubleshooting skills.
Ability to see big-picture system flaws.

14
The Role of Security and Penetration
Testers
Script kiddies or packet monkeys
– Young inexperienced hackers
– Copy codes and techniques from knowledgeable
hackers
Experienced penetration testers write
programs or scripts using these languages
Practical Extraction and Report Language (Perl),
C, C++, Python, JavaScript, Visual Basic, SQL, and
many others Script
Set of instructions that runs in sequence

30

15
 Hacker Hierarchy
Script kiddies – These are the wannabe
hackers. They are looked down upon in the
hacker community because they are the
people that make hackers look bad.
Script kiddies usually have no hacking skills
and use the tools developed by other.
hackers without any knowledge of what’s
happening behind the scenes.

Hacker Hierarchy
Intermediate hackers – These people usually
know about computers, networks, and have
enough programming knowledge to
understand relatively what a script might do,
but like the script kiddies they use pre-
developed well-known exploits
a piece of code that takes advantage of a bug or
vulnerability in a piece of software that allows
you to take control of a computer system) to
carry out attacks

16
 Hacker Hierarchy
Elite Hackers – These are the skilled hackers.
They are the ones that write the many hacker
tools and exploits out there.
They can break into systems and hide their
tracks or make it look like someone else did
it. You should strive to eventually reach this
level.

Ports
• The Internet Assigned Numbers Authority (IANA)
recommends globally-unique names and numbers
for use in TCP and UDP.
• According to IANA recommendation (IAN 2009), the
port number are divided into three groups,
– the Well Known Ports (0 – 1023),
– the Registered Ports (1024 – 49151),
– and the Dynamic and/or Private Ports (49152 – 65535).

17
 Network Scanning

Ping sweeping (which host is alive?)

Port scanning (what services are
available?)
OS detection (What platform sitting
there?)
Firewalking (What’s behind the firewall)

PORT SCANNING
(what services are available?)

PORT SCANNING means to scan the

target system to obtain a list of open
ports which are listening for connection
or in other words a list of open ports
that have certain services or daemons
running.

18
 Ping Sweep
Ping sweep
A ping sweep (also known as an ICMP
sweep) is a basic network scanning technique
used to determine which of a range of IP
addresses map to live hosts (computers).

Ping Sweep send multiple packets at the

same time and allow the user to resolve host
names and save output to a file.
nmap -sP 172.24.17.1-255

NMAP

The best known and documented tool is

Network Mapper (NMAP). NMAP tool which
is a free, open source port scanner is used to
conduct port scanning
Gordon Lyon, “Nmap Free Security Scanner, Tools “¸[Online].
Available: http://www.insecure.Org, [Accessed: Aug 2008].

19
 Syntax for conducting port scanning through NMAP

• nmap [ <Scan Type> ...] [ <Options> ] { <target

specification> }
• nmap -sT -p 1-200 192.168.1.2
-sT means scan type which TCP SYN scan
• -p means option such as –p 1-200 port range
• 192.168.1.2 is the IP address of the target
machine

20
 Hacking Tools
protocol analyzer, or sniffer, that lets you
capture and interactively browse the
contents of network frames.
Wireshark
Ethereal
TCP Dump
Key logger
Steganography Tools

21
 Reference
1. Ethical Hacking and Network Defense.
Michael T. Simpson, Kent Backman, James
Corley
2. SANS Institute InfoSec Reading Room : Three
Different Shades of Ethical Hacking: Black,
White and Gray
Available at :
http://www.sans.org/reading_room/whitep
apers/hackers/shades-ethical-hacking-black-
white-gray_1390

43

22