CEH is one of the ethical learning blog helps the beginners to climb CEH ladder easily without any difficulties in CEH plan.
[CEH] - Introduction to Ethical Hacking
Internet Crime Current Report: IC3
The Internet Crime Complaint Center, also known as IC3, is a multi-agency task force made up by the Federal Bureau of Investigation (FBI), the National White Collar Crime Center (NW3C), and the Bureau of Justice Assistance (BJA).Purpose:
IC3's purpose is to serve as a central hub to receive, develop, and refer criminal complaints regarding the rapidly expanding occurrences of cyber-crime. The IC3 gives the victims of cybercrime a convenient and easy-to-use reporting mechanism that alerts authorities of suspected criminal or civil violations on the internet. IC3 develops leads and notifies law enforcement and regulatory agencies at the federal, state, local and international level, IC3 act as a central referral mechanism for complaints involving Internet related crimes.
Link: ic3 - Government Site
Data Breach Investigations Report
A data breach is the intentional or unintentional release of secure information to an untrusted environment. Other terms for this phenomenon include unintentional information disclosure, data leak and also data spill. Incidents range from concerted attack by black hats with the backing of organized crime or national governments to careless disposal of used computer equipment or data storage media. Definition "A data breach is a security incident in which sensitive, protected or confidential data is copied, transmitted, viewed, stolen or used by an individual unauthorized to do so." Data breaches may involve financial information such as credit card or bank details, personal health information (PHI), Personally identifiable information (PII), trade secrets of corporations or intellectual property. According to the nonprofit consumer organization Privacy Rights Clearinghouse, a total of 227,052,199 individual records containing sensitive personal information were involved in security breaches in the United States between January 2005 and May 2008, excluding incidents where sensitive data was apparently not actually exposed.
Source: Wikipedia Link: For more details
Types of Data Stolen From the Organizations
This is the most critical part of hacking - this is nothing but information gathering, all the required information is first and it is studied perfectly to get into the target area.
Some of the important data like social details, emails, credit card, identity ....
To get more details on this topic internet - wikipedia is good resource. [Dig it ]
Essential Terminologies
Threat – An action or
event that might prejudice security. A threat is a potential
violation of security.
Vulnerability –
Existence of a weakness, design, or implementation error that can
lead to an unexpected undesirable event compromising the security of
the system.
Target of Evaluation –
An IT system, product, or component that is identified/subjected as
requiring security evaluation.
Attack – An assault on
system security that derives from an intelligent threat. An attack is
any action that attempts to or violates security.
Exploit - A defined way
to breach the security of an IT system through vulnerability.
Threat variously
defined in the current context as:
Sequences of
circumstances and event that allows a human or other agent to cause
an information-related misfortune by exploiting vulnerabilities in an
IT product. A threat can be either "intentional"
or"accidental".
Any circumstances or
event with the potential to cause harm to a system in the form of
destruction, disclosure, modification of data, or denial of service.
A potential for violation
of security, which exists when there is a circumstances, capability,
action, or event that could breach security and cause harm.
The technical and
operational capability of a hostile entity to detect, exploit, or
subvert friendly information systems and the demonstrated, presumed,
or inferred intent of that entity to conduct such activity.
This brings us to
discussing the term 'vulnerability'.
A security weakness in a
Target of Evaluation.
Weakness in an
information system or components that could be exploited to produce
an information-related misfortune.
Vulnerability is the
existence of a weakness,design, or implementation error that can lead
to an unexpected, undesirable event comprising the security of the
system, network, application, or protocol involved.
Attacks can be broadly
classified as active and passive.
Active attacks are those
that modify the target system or message.
Passive attacks are those
that violate the confidentiality without affecting the state of the
system.
Elements of Information Security
More details are provided in the PDF
Authenticity and Non-Repudiation
Authenticity
Refers to the characteristic of a communication, document or any data ensures the quality of being genuine or not corrupted from the original. Major roles of authentication include confirming that the user is who he or she claims to be and ensuring the message is authentic and not altered or forged. Biometrics, smart cards, or digital certificates are used to ensure authenticity of data, transactions, communications or documents.
Non-Repudiation
It refers to ability to ensure that a party to a contract or a communication cannot deny the authenticity of their signature on a document or the sending of a message that they originated. It is a way to guarantee that the sender of a message cannot later deny having sent the message and that the recipient cannot deny having received the message. Digital signatures and encryption are used to establish authenticity and non-repudiation of a document or message.
Refers to the characteristic of a communication, document or any data ensures the quality of being genuine or not corrupted from the original. Major roles of authentication include confirming that the user is who he or she claims to be and ensuring the message is authentic and not altered or forged. Biometrics, smart cards, or digital certificates are used to ensure authenticity of data, transactions, communications or documents.
Non-Repudiation
It refers to ability to ensure that a party to a contract or a communication cannot deny the authenticity of their signature on a document or the sending of a message that they originated. It is a way to guarantee that the sender of a message cannot later deny having sent the message and that the recipient cannot deny having received the message. Digital signatures and encryption are used to establish authenticity and non-repudiation of a document or message.
Download : PPT
The Security, Functionality, and Usability Triangle
Level of security in any system can be defined by the strenght of three components:
Functionality - Feature
Usability - GUI
Security - Restrictions
Moving towards security means less functionality and usability.
Functionality - Feature
Usability - GUI
Security - Restrictions
Moving towards security means less functionality and usability.
Note: Security challenges should be followed.
Effects of Hacking
1. Computer hacking is the break of computer security. It exposes the sensitive data of the user and risks user privacy. These activities disclose the secret user information such as personal details, social security numbers, credit card numbers, bank account data, etc. This can lead to illegitimate use and modification of users' information.
2. Modification of important data with intent to achieve personal gain is another effect of computer hacking. This can lead to the loss of all the data stored in the computer. The modification of sensitive data is a worst effect of hacking.
3. Another significant consequence of hacking is identity theft. This fraud involves pretention to be someone else, with determination to gain unauthorized access to information property. It meant to be an illegal use of someone else's identity for personal use.
4. With the advancement in technology, several key-logging software have been evolved which are capable of tracking and recording key stroke by the user, causing stealing of passwords and account details. Another ill effect of computer hacking is the refusal of service attack. This refers to the DOS attack, which makes computer resources inaccessible to authorized users. Often, websites fall prey to denial of service attack which causes unavailability of them for longer period of time.
5. Computer hacking can also cause theft of significant business information. This can disclose email addresses to hackers which could be used by them to use it for spamming and destroying email privacy.
6. If the information related to national security, confidential government data, information related to national defence and security, if exposed by mean of hacking can lead to severe consequences.
7. Hacking can be used to convert computer into zombies. Zombie computers are used by the hackers for fraudulent activities.
Most of the hackers are less noble and use their skills to steal personal information. But this type of computer hacking can sent them to a federal prison for up to 20 years.
2. Modification of important data with intent to achieve personal gain is another effect of computer hacking. This can lead to the loss of all the data stored in the computer. The modification of sensitive data is a worst effect of hacking.
3. Another significant consequence of hacking is identity theft. This fraud involves pretention to be someone else, with determination to gain unauthorized access to information property. It meant to be an illegal use of someone else's identity for personal use.
4. With the advancement in technology, several key-logging software have been evolved which are capable of tracking and recording key stroke by the user, causing stealing of passwords and account details. Another ill effect of computer hacking is the refusal of service attack. This refers to the DOS attack, which makes computer resources inaccessible to authorized users. Often, websites fall prey to denial of service attack which causes unavailability of them for longer period of time.
5. Computer hacking can also cause theft of significant business information. This can disclose email addresses to hackers which could be used by them to use it for spamming and destroying email privacy.
6. If the information related to national security, confidential government data, information related to national defence and security, if exposed by mean of hacking can lead to severe consequences.
7. Hacking can be used to convert computer into zombies. Zombie computers are used by the hackers for fraudulent activities.
Most of the hackers are less noble and use their skills to steal personal information. But this type of computer hacking can sent them to a federal prison for up to 20 years.
Effects of Hacking on Business
It's common for businesses to install security systems to keep their properties safe and to purchase insurance in the event of a disaster or robbery. Arguably, though, a security system feature that is of equal importance is one that business owners can implement to protect company computers from hackers and viruses. Hacking on the whole costs businesses billions of dollars each year. But there's more than just money at stake if your business were ever to encounter a computer hacker.
Identity Theft
Businesses likely have information such as credit cards and confidential accounts, not to mention personal financial information of their customers on file in a computer database. In addition to this, there's also likely other personal employee information like social security numbers, home addresses and health care information on file. A computer hacker can access this sensitive information, which in turn could lead to identity theft. This may not only be harmful to your employees and current customers, but also to your business' reputation.
Website Security
Websites are crucial to a business, both in terms of attracting new customers through online searches and offering an Internet resource for your existing customers. However, computer hackers can damage websites, typically with a virus. Such viruses are able to destroy website data and compromise website security from consumer transactions. What's more is that some viruses can be so malicious that the data they destroy can't be recovered, meaning that you have to start your site over from scratch.
Email
Computer hard drives and company websites aren't the only means by which hackers can access sensitive and confidential information -- there's also email hacking. By accessing the email accounts of employees, hackers can obtain confidential documents, personal information and other time-sensitive data that can be used against a person or business via malicious means. There's also the threat of compromising the email system.
Credibility
Hacking can spur a snowball effect on your business and its reputation, which can be very damaging to operations. For instance, if your customers have fallen victim to identity theft either from a transaction over your website or a hacker gaining access to their personal data on your computer hardware, they're likely never to do business with you again and may seek to reclaim damages from you. Worse: the hacking may leak to local news outlets, which can put you and your business in the negative spotlight.
Identity Theft
Businesses likely have information such as credit cards and confidential accounts, not to mention personal financial information of their customers on file in a computer database. In addition to this, there's also likely other personal employee information like social security numbers, home addresses and health care information on file. A computer hacker can access this sensitive information, which in turn could lead to identity theft. This may not only be harmful to your employees and current customers, but also to your business' reputation.
Website Security
Websites are crucial to a business, both in terms of attracting new customers through online searches and offering an Internet resource for your existing customers. However, computer hackers can damage websites, typically with a virus. Such viruses are able to destroy website data and compromise website security from consumer transactions. What's more is that some viruses can be so malicious that the data they destroy can't be recovered, meaning that you have to start your site over from scratch.
Computer hard drives and company websites aren't the only means by which hackers can access sensitive and confidential information -- there's also email hacking. By accessing the email accounts of employees, hackers can obtain confidential documents, personal information and other time-sensitive data that can be used against a person or business via malicious means. There's also the threat of compromising the email system.
Credibility
Hacking can spur a snowball effect on your business and its reputation, which can be very damaging to operations. For instance, if your customers have fallen victim to identity theft either from a transaction over your website or a hacker gaining access to their personal data on your computer hardware, they're likely never to do business with you again and may seek to reclaim damages from you. Worse: the hacking may leak to local news outlets, which can put you and your business in the negative spotlight.
Who is a Hacker?
In one sense it's silly to argue about the ``true'' meaning of a word. A word means whatever people use it to mean. I am not the Academic Franchise; I can't force Newsweek to use the word ``hacker'' according to my official definition.Still, understanding the etymological history of the word ``hacker'' may help in understanding the current social situation.
The concept of hacking entered the computer culture at the Massachusetts Institute of Technology in the 1960s. Popular opinion at MIT posited that there are two kinds of students, tools and hackers. A ``tool'' is someone who attends class regularly, is always to be found in the library when no class is meeting, and gets straight As. A ``hacker'' is the opposite: someone who never goes to class, who in fact sleeps all day, and who spends the night pursuing recreational activities rather than studying. There was thought to be no middle ground.
What does this have to do with computers? Originally, nothing. But there are standards for success as a hacker, just as grades form a standard for success as a tool. The true hacker can't just sit around all night; he must pursue some hobby with dedication and flair. It can be telephones, or rail roads (model, real, or both), or science fiction fandom, or ham radio, or broadcast radio. It can be more than one of these. Or it can be computers. [In 1986, the word ``hacker'' is generally used among MIT students to refer not to computer hackers but to building hackers, people who explore roofs and tunnels where they're not supposed to be.]
A ``computer hacker,'' then, is someone who lives and breathes computers, who knows all about computers, who can get a computer to do anything. Equally important, though, is the hacker's attitude. Computer programming must be a hobby, something done for fun, not out of a sense of duty or for the money. (It's okay to make money, but that can't be the reason for hacking.)
A hacker is an aesthete.
There are specialities within computer hacking. An algorithm hacker knows all about the best algorithm for any problem. A system hacker knows about designing and maintaining operating systems. And a ``password hacker'' knows how to find out someone else's password. That's what Newsweek should be calling them.
Someone who sets out to crack the security of a system for financial gain is not a hacker at all. It's not that a hacker can't be a thief, but a hacker can't be a professional thief. A hacker must be fundamentally an amateur, even though hackers can get paid for their expertise. A password hacker whose primary interest is in learning how the system works doesn't therefore necessarily refrain from stealing information or services, but someone whose primary interest is in stealing isn't a hacker. It's a matter of emphasis.
For more details: what is a hacker?
Hacktivism
Hacktivism (a portmanteau of hack and activism) is the use of computers and computer networks to promote political ends, chiefly free speech, human rights, and information ethics. It is carried out under the premise that proper use of technology can produce results similar to those of conventional acts of protest, activism, and civil disobedience.
The term was coined in 1996 by a Cult of the Dead Cow member known as "Omega". However, similar to its root word hack, hacktivism is an ambiguous term (computer hacking is tied to several meanings).
The terms hacktivism and hacktivist are the subject of lexical warfare to define them. Some definitions of these terms include acts of cyberterrorism while others stop with the use of technology hacking to effect social change.
The term was coined in 1996 by a Cult of the Dead Cow member known as "Omega". However, similar to its root word hack, hacktivism is an ambiguous term (computer hacking is tied to several meanings).
The terms hacktivism and hacktivist are the subject of lexical warfare to define them. Some definitions of these terms include acts of cyberterrorism while others stop with the use of technology hacking to effect social change.
Source: Click Here
What Does a Hacker Do?
In theory, people who try to breach computer security should be called crackers rather than hackers. But the popular press has lost the distinction between the two, and I'm not going to make life difficult by trying to resurrect it.
So, hackers, as popularly defined, are computer experts who spend enormous amounts of time trying to breach the security of networks, Web servers and email servers. Usually they use a selection of specialist software to identify weaknesses, which are then exploited.
The majority do it for fun and as a challenge. They're not interested in attacking private individuals. It's the big companies and authorities they go for.
There are just two aspects of hacking that you have to worry about as a private individual. One is that your details are on various company databases, and when these are cracked, information about you can be stolen.
There's not a lot you can do about this, and it definitely happens from time to time. The good news is that you won't finish up with any financial liability if your credit card details are discovered. Your credit card company and the company that was cracked will sort it out between themselves. It's unlikely that you'll even know it happened.
The second problem is that serious hackers need to protect their anonymity. This means they can't mount their attacks on organisations like the FBI directly through their own computers and telephone lines. They need first to create an intermediary, like a kind of base camp for a mountain expedition.
To get their intermediate base they use purpose built programs called trojans and backdoors. A trojan is a program that looks innocent but carries a dangerous payload, like the Trojan Horse of Greek mythology. It may be disguised as a game or some other kind of executable program, in the same way that viruses are often disguised.
The payload it carries is a backdoor program (or maybe just a few lines of code that create a security hole so a backdoor program to be installed later). A backdoor program allows the hacker access to your computer whenever it's on the Internet. It's a remote control, and usually a very thorough one with full access to every facility and file on your computer.
Again, in the popular press the distinction between a trojan and a backdoor (or more specifically the client element of a backdoor program) has been lost and the two are often used interchangeably. (Glossary).
It's obviously important to avoid getting a backdoor program inside your computer. The best way is to use a competent virus protection program. Most of these will stop trojans and backdoors getting through.
Don't rely on secure procedures as a method of stopping hackers. They sometimes fire programs over the Internet at a random IP addresses to see if they stick. You could be happily surfing Disneyland, and from nowhere (certainly not the Web site server) a hacking program can turn up at your machine trying to get in.
Once it's inside, it will send a message back to the hacker to say it's colonized your computer. It may also send a message each time you log on to the Internet, because it's likely you'll be given a different IP address by your ISP each time you log on.
If your machine behaves strangely and you think you've got a parasitic backdoor (it's a bit like somebody else having a remote keyboard for the same computer) manually unplug the phone line to break the connection and get yourself a top virus protection program. Don't reconnect that machine to the Internet (not even to collect email) until you're sure it's clean.
Don't worry unnecessarily about hacking programs. They're quite rare on personal computers. It's network managers who lose sleep over them.
The exception is if you run a permanent (always-on) Internet connection, especially a broadband cable connection or DSL. Hackers just love to colonise these connections because they're so useful. If you've got one of these you must install extra security. Your service provider will be aware of the risk and should offer you advice on what kind of security you need.
A good start is to install a firewall. There's a free one that's easy to use called ZoneAlarm, available from ZDNet. It's also recommended for users of regular modems who want to improve their security.
So, hackers, as popularly defined, are computer experts who spend enormous amounts of time trying to breach the security of networks, Web servers and email servers. Usually they use a selection of specialist software to identify weaknesses, which are then exploited.
The majority do it for fun and as a challenge. They're not interested in attacking private individuals. It's the big companies and authorities they go for.
There are just two aspects of hacking that you have to worry about as a private individual. One is that your details are on various company databases, and when these are cracked, information about you can be stolen.
There's not a lot you can do about this, and it definitely happens from time to time. The good news is that you won't finish up with any financial liability if your credit card details are discovered. Your credit card company and the company that was cracked will sort it out between themselves. It's unlikely that you'll even know it happened.
The second problem is that serious hackers need to protect their anonymity. This means they can't mount their attacks on organisations like the FBI directly through their own computers and telephone lines. They need first to create an intermediary, like a kind of base camp for a mountain expedition.
To get their intermediate base they use purpose built programs called trojans and backdoors. A trojan is a program that looks innocent but carries a dangerous payload, like the Trojan Horse of Greek mythology. It may be disguised as a game or some other kind of executable program, in the same way that viruses are often disguised.
The payload it carries is a backdoor program (or maybe just a few lines of code that create a security hole so a backdoor program to be installed later). A backdoor program allows the hacker access to your computer whenever it's on the Internet. It's a remote control, and usually a very thorough one with full access to every facility and file on your computer.
Again, in the popular press the distinction between a trojan and a backdoor (or more specifically the client element of a backdoor program) has been lost and the two are often used interchangeably. (Glossary).
It's obviously important to avoid getting a backdoor program inside your computer. The best way is to use a competent virus protection program. Most of these will stop trojans and backdoors getting through.
Don't rely on secure procedures as a method of stopping hackers. They sometimes fire programs over the Internet at a random IP addresses to see if they stick. You could be happily surfing Disneyland, and from nowhere (certainly not the Web site server) a hacking program can turn up at your machine trying to get in.
Once it's inside, it will send a message back to the hacker to say it's colonized your computer. It may also send a message each time you log on to the Internet, because it's likely you'll be given a different IP address by your ISP each time you log on.
If your machine behaves strangely and you think you've got a parasitic backdoor (it's a bit like somebody else having a remote keyboard for the same computer) manually unplug the phone line to break the connection and get yourself a top virus protection program. Don't reconnect that machine to the Internet (not even to collect email) until you're sure it's clean.
Don't worry unnecessarily about hacking programs. They're quite rare on personal computers. It's network managers who lose sleep over them.
The exception is if you run a permanent (always-on) Internet connection, especially a broadband cable connection or DSL. Hackers just love to colonise these connections because they're so useful. If you've got one of these you must install extra security. Your service provider will be aware of the risk and should offer you advice on what kind of security you need.
A good start is to install a firewall. There's a free one that's easy to use called ZoneAlarm, available from ZDNet. It's also recommended for users of regular modems who want to improve their security.
Source: Click Here
Phase 1 - Reconnaissance -- PDF
Reconnaissance refers to the
preparatory phase where an attacker gathers as much information as
possible about the target prior to
launching the attack. Also in this phase, the attacker draws on
competitive intelligence to learn more
about the target. This phase may also involve network scanning,
either external or internal, without authorization.
This is the phase that allows the
potential attacker to strategize his/her attack. This may take some
time as the attacker waits to unearth crucial information. Part of
this reconnaissance may involve “social engineering.” A social
engineer is a person who smooth-talks people into revealing
information such as unlisted phone numbers, passwords, and other
sensitive information.
Another reconnaissance technique is
“dumpster diving.” Dumpster diving is the process of looking
through an organization’s trash for
discarded sensitive information. Attackers can use the Internet to
obtain information such as employee’s
contact information, business partners, technologies in use, and
other critical business knowledge, but “dumpster diving” may
provide them with even more sensitive information such as username,
password, credit card statement, bank statement, ATM slip, social
security number, telephone number, etc..
For example, a Whois database can
provide information about Internet addresses, domain names, and
contacts. If a potential attacker obtains DNS information from the
registrar, and is able to access it, he/she can obtain useful
information such as the mapping of domain names to IP addresses, mail
servers, and host information records. It is important that a company
has appropriate policies to protect its information assets, and also
provide guidelines to its users of the same. Building user awareness
of the precautions they must take in order to protect their
information assets is a critical factor in this context.
Reconnaissance Types
Reconnaissance techniques can be categorized broadly into active and passive reconnaissance.
When an attacker approaches the attack using passive reconnaissance techniques, he/she does not interact with the system directly. He uses publicly available information, social engineering, and dumpster diving as a means of gathering information.
When an attacker employs active reconnaissance techniques, he/she tries to interact with the system by using tools to detect open ports, accessible hosts, router locations, network mapping, details of operating systems, and applications.
The next phase of attacking is scanning, which is discussed in the following section. Some experts do not differentiate scanning from active reconnaissance. However, there is a slight difference as scanning involves more in-depth probing on the part of the attacker. Often reconnaissance and scanning phases overlap, and it is not always possible to demarcate these phases as watertight compartments.
Active reconnaissance is usually employed when the attacker discerns that there is a low probability that these reconnaissance activities will be detected. Newbies and script kiddies are often found attempting this to get faster, visible results, and sometimes just for the brag value they can obtain.
As an ethical hacker, you must be able to distinguish among the various reconnaissance methods, and be able to advocate preventive measures in the light of potential threats. Companies, on their part, must address security as an integral part of their business and/or operational strategy, and be equipped with proper policies and procedures to check for such activities.
When an attacker approaches the attack using passive reconnaissance techniques, he/she does not interact with the system directly. He uses publicly available information, social engineering, and dumpster diving as a means of gathering information.
When an attacker employs active reconnaissance techniques, he/she tries to interact with the system by using tools to detect open ports, accessible hosts, router locations, network mapping, details of operating systems, and applications.
The next phase of attacking is scanning, which is discussed in the following section. Some experts do not differentiate scanning from active reconnaissance. However, there is a slight difference as scanning involves more in-depth probing on the part of the attacker. Often reconnaissance and scanning phases overlap, and it is not always possible to demarcate these phases as watertight compartments.
Active reconnaissance is usually employed when the attacker discerns that there is a low probability that these reconnaissance activities will be detected. Newbies and script kiddies are often found attempting this to get faster, visible results, and sometimes just for the brag value they can obtain.
As an ethical hacker, you must be able to distinguish among the various reconnaissance methods, and be able to advocate preventive measures in the light of potential threats. Companies, on their part, must address security as an integral part of their business and/or operational strategy, and be equipped with proper policies and procedures to check for such activities.
Phase 2 - Scanning
Scanning is the method an attacker performs prior to attacking the network. In scanning, the attacker uses the details gathered during reconnaissance to identify specific vulnerabilities. Scanning can be considered a logical extension (and overlap) of the active reconnaissance. Often attackers use automated tools such as network/host scanners, and war dialers to locate systems and attempt to discover vulnerabilities.
An attacker can gather critical network information such as the mapping of systems, routers, and firewalls by using simple tools such as Traceroute. Alternatively, they can use tools such as Cheops to add sweeping functionality along with what Traceroute renders.
Port scanners can be used to detect listening ports to find information about the nature of services running on the target machine. The primary defense technique in this regard is to shut down services that are not required. Appropriate filtering may also be adopted as a defense mechanism. However, attackers can still use tools to determine the rules implemented for filtering.
An attacker follows a particular sequence of steps in order to scan any network. Though a generic
approach has been presented, the scanning methods may differ based on the attack objectives, which are set up before the attackers actually begin this process.
An attacker can gather critical network information such as the mapping of systems, routers, and firewalls by using simple tools such as Traceroute. Alternatively, they can use tools such as Cheops to add sweeping functionality along with what Traceroute renders.
Port scanners can be used to detect listening ports to find information about the nature of services running on the target machine. The primary defense technique in this regard is to shut down services that are not required. Appropriate filtering may also be adopted as a defense mechanism. However, attackers can still use tools to determine the rules implemented for filtering.
An attacker follows a particular sequence of steps in order to scan any network. Though a generic
approach has been presented, the scanning methods may differ based on the attack objectives, which are set up before the attackers actually begin this process.
The most commonly used tools are vulnerability scanners that can search for several known
vulnerabilities on a target network, and can potentially detect thousands of vulnerabilities. This gives the attacker the advantage of time because he/she only has to find a single means of entry while the systems’ professional has to secure many vulnerable areas by applying patches. Organizations that deploy intrusion detection systems still have reason to worry because attackers can use evasion techniques at both the application and network levels.
vulnerabilities on a target network, and can potentially detect thousands of vulnerabilities. This gives the attacker the advantage of time because he/she only has to find a single means of entry while the systems’ professional has to secure many vulnerable areas by applying patches. Organizations that deploy intrusion detection systems still have reason to worry because attackers can use evasion techniques at both the application and network levels.
Phase 3 – Gaining Access
Gaining access is the most important phase of an attack in terms of potential damage. Attackers need not always gain access to the system to cause damage. For instance, denial-of-service attacks can either exhaust resources or stop services from running on the target system. Stopping of service can be carried out by killing processes, using a logic/time bomb, or even reconfiguring and crashing the system.
Resources can be exhausted locally by filling up outgoing communication links.
The exploit can occur locally, offline, over a LAN or the Internet as a deception or theft. Examples include stack-based buffer overflows, denial-of-service, and session hijacking. Attackers use a technique called spoofing to exploit the system by pretending to be strangers or different systems. They can use this technique to send a malformed packet containing a bug to the target system in order to exploit vulnerability. Packet flooding may be used to remotely stop availability of the essential services. Smurf attacks try to elicit a response from the available users on a network and then use their legitimate address to flood the victim.
Factors that influence the chances of an attacker gaining access into a target system include the
architecture and configuration of the target system, the skill level of the perpetrator, and the initial level of access obtained. The most damaging type of the denial-of-service attacks can be distributed denial-of- service attacks, where an attacker uses zombie software distributed over several machines on the Internet to trigger an orchestrated large scale denial of services.
Resources can be exhausted locally by filling up outgoing communication links.
The exploit can occur locally, offline, over a LAN or the Internet as a deception or theft. Examples include stack-based buffer overflows, denial-of-service, and session hijacking. Attackers use a technique called spoofing to exploit the system by pretending to be strangers or different systems. They can use this technique to send a malformed packet containing a bug to the target system in order to exploit vulnerability. Packet flooding may be used to remotely stop availability of the essential services. Smurf attacks try to elicit a response from the available users on a network and then use their legitimate address to flood the victim.
Factors that influence the chances of an attacker gaining access into a target system include the
architecture and configuration of the target system, the skill level of the perpetrator, and the initial level of access obtained. The most damaging type of the denial-of-service attacks can be distributed denial-of- service attacks, where an attacker uses zombie software distributed over several machines on the Internet to trigger an orchestrated large scale denial of services.
Phase 4 – Maintaining Access
Once an attacker gains access to the target system, the attacker can choose to use both the system and its resources, and further use the system as a launch pad to scan and exploit other systems, or to keep a low profile and continue exploiting the system. Both these actions can damage the organization. For instance, the attacker can implement a sniffer to capture all network traffic, including telnet and ftp sessions with other systems.
Attackers, who choose to remain undetected, remove evidence of their entry and use a backdoor or a Trojan to gain repeat access. They can also install rootkits at the kernel level to gain super user access. The reason behind this is that rootkits gain access at the operating system level while a Trojan horse gains access at the application level. Both rootkits and Trojans depend on users to install them.
Windows’ systems, most Trojans install themselves as a service and run as local system, which has administrative access. Attackers can use Trojan horses to transfer user names, passwords, and even credit card information stored on the system. They can maintain control over “their” system for a long time by “hardening” the system against other attackers, and sometimes, in the process, do render some degree of protection to the system from other attacks. They can then use their access to steal data, consume CPU cycles, and trade sensitive information or even resort to extortion.
Organizations can use intrusion detection systems or deploy honeypots and honeynets to detect intruders. The latter though is not recommended unless the organization has the required security professional to leverage the concept for protection.
Attackers, who choose to remain undetected, remove evidence of their entry and use a backdoor or a Trojan to gain repeat access. They can also install rootkits at the kernel level to gain super user access. The reason behind this is that rootkits gain access at the operating system level while a Trojan horse gains access at the application level. Both rootkits and Trojans depend on users to install them.
Windows’ systems, most Trojans install themselves as a service and run as local system, which has administrative access. Attackers can use Trojan horses to transfer user names, passwords, and even credit card information stored on the system. They can maintain control over “their” system for a long time by “hardening” the system against other attackers, and sometimes, in the process, do render some degree of protection to the system from other attacks. They can then use their access to steal data, consume CPU cycles, and trade sensitive information or even resort to extortion.
Organizations can use intrusion detection systems or deploy honeypots and honeynets to detect intruders. The latter though is not recommended unless the organization has the required security professional to leverage the concept for protection.
Phase 5 – Covering Tracks
An attacker would like to destroy evidence of his/her presence and activities for various reasons such as maintaining access and evading punitive action. Erasing evidence of a compromise is a requirement for any attacker who would like to remain obscure. This is one of the best methods to evade trace back. This usually starts with erasing the contaminated logins and any possible error messages that may have been generated from the attack process, e.g., a buffer overflow attack will usually leave a message in the system logs. Next, the attention is turned to effecting changes so that future logins are not logged. By manipulating and tweaking the event logs, the system administrator can be convinced that the output of his/her system is correct, and that no intrusion or compromise has actually taken place.
Since, the first thing a system administrator does to monitor unusual activity, is to check the system log files, it is common for intruders to use a utility to modify the system logs. In some extreme cases, rootkits can disable logging altogether and discard all existing logs. This happens if the intruders intend to use the system for a longer period of time as a launch base for future intrusions. They will then remove only those portions of logs that can reveal their presence.
It is imperative for attackers to make the system look like it did before they gained access and established backdoors for their use. Any files, which have been modified, need to be changed back to their original attributes. Information listed, such as file size and date, is just attribute information contained within the file.
Trojans such as ps or netcat come in handy for any attacker who wants to destroy the evidence from the log files or replace the system binaries with the same. Once the Trojans are in place, the attacker can be assumed to have gained total control of the system. Rootkits are automated tools that are designed to hide the presence of the attacker. By executing the script, a variety of critical files are replaced with trojanned versions, hiding the attacker with ease.
Other techniques include: Steganography and tunneling. Steganography is the process of hiding the data– for instance in images and sound files. Tunneling takes advantage of the transmission protocol by carrying one protocol over another. Even the extra space (e.g. unused bits) in the TCP and IP headers can be used for hiding information. An attacker can use the system as a cover to launch fresh attacks against other systems or use it as a means of reaching another system on the network without being detected. Thus, this phase of attack can turn into a new cycle of attack by using reconnaissance techniques all over again.
Types of Attacks on a System -PDF
Why Ethical Hacking is Necessary?
"Ethical hacking" - is the term an oxymoron, or is it one of today's necessities in the fight against cybercrime? Jay Bavisi, president and co-founder of the EC Council, feels strongly about why we need ethical hackers more today than ever before."Many people misunderstand what ethical hacking is," says Bavisi, who co-founded the EC Council in the wake of the Sept. 11 terrorist attacks.
"I was bombarded by the U.S. media for coming up with such a stupid term as 'ethical hacking,'" he recalls of the council's early days. "They said it was an oxymoron, that ethical hacking doesn't exist ..."
In layman's terms, Bavisi says, an ethical hacker is simply a bodyguard. "But instead of a human bodyguard, an ethical hacker is a computer bodyguard. Their job is to sit there and figure out: If a hacker were to attack a system, how would they do it, and they're trying to figure out how to protect your systems - if your systems have been sufficiently protected."
In an exclusive interview about ethical hacking, Bavisi discusses:
The recent Australian incident and what it tells us about ethical hacking;
Why we need ethical hacking;
The future of the profession - and career opportunities.
Bavisi is the president and co-founder of the International Council of E-Commerce Consultants, a global organization that certifies professionals in cybersecurity and e-commerce disciplines. He created the "Certified Ethical Hacker" standard now used by the Pentagon. His organization has trained more than 90,000 security professionals and has 450 training centers around the world. Bavisi is a regularly featured speaker at e-commerce and cybersecurity conferences in the U.S., Asia, Europe and the Middle East.
"I was bombarded by the U.S. media for coming up with such a stupid term as 'ethical hacking,'" he recalls of the council's early days. "They said it was an oxymoron, that ethical hacking doesn't exist ..."
In layman's terms, Bavisi says, an ethical hacker is simply a bodyguard. "But instead of a human bodyguard, an ethical hacker is a computer bodyguard. Their job is to sit there and figure out: If a hacker were to attack a system, how would they do it, and they're trying to figure out how to protect your systems - if your systems have been sufficiently protected."
In an exclusive interview about ethical hacking, Bavisi discusses:
The recent Australian incident and what it tells us about ethical hacking;
Why we need ethical hacking;
The future of the profession - and career opportunities.
Bavisi is the president and co-founder of the International Council of E-Commerce Consultants, a global organization that certifies professionals in cybersecurity and e-commerce disciplines. He created the "Certified Ethical Hacker" standard now used by the Pentagon. His organization has trained more than 90,000 security professionals and has 450 training centers around the world. Bavisi is a regularly featured speaker at e-commerce and cybersecurity conferences in the U.S., Asia, Europe and the Middle East.
Defense in Depth - PDF
Below are few of the topics to be known - These can be found easily in Wikipedia , Google..
Vulnerability Research
Vulnerability Research Websites
What is Penetration Testing?
Why Penetration Testing?
Penetration Testing Methodology
