Ethical hacking
Download as PPTX, PDF1 like1,924 views
The document provides an overview of ethical hacking, including definitions, legal aspects, and certification programs. It describes the role of an ethical hacker as someone who performs penetration testing and security assessments with a company's permission to help identify vulnerabilities. Key points covered include common tools used in security testing, examples of legal and illegal activities, and various certification programs for security professionals like the Certified Ethical Hacker and CISSP certifications.
Ethical hacking
- 1. Intro to “Ethical” Hacking110/14/11Definitions, Examples, MoreWhat You Can and Cannot Do Legally
- 2. Intro to “Ethical” HackingLesson Goals:Describe the role of an ethical hackerDescribe what you can do legally as an ethical hackerDescribe what you can’t do as an ethical hacker210/14/11
- 3. “Ethical” HackingEthical means …Hacking means … “Ethical Hacking” – oxymoron?Ethical Hacking – Contractual (Get it in writing) Penetration Testing Report findings to the companySecurity TestingOffer solutions for securing or protecting the company310/14/11
- 4. More on Ethical HackingHacker = cracker = “all illegal access to computer or network systems”.“Ethical Hacker” – performs the same duties as a hacker/cracker BUT with the owner’s permission. Distinction IMPORTANT – illegal vs. legalCompanies understand the risks of hacking; that’s why they hire “ethical hackers” to set up policies and procedures to prevent their companies from being “hacked”.410/14/11
- 5. Penetration TestersPerform vulnerability, attack, and penetration assessments in Internet, intranet, and wireless environments.Perform discovery and scanning for open ports and services.Apply appropriate exploits to gain access and expand access as necessary.Participate in activities involving application penetration testing and application source code review.Interact with the client as required throughout the engagement.Produce reports documenting discoveries during the engagement.Debrief with the client at the conclusion of each engagement.Participate in research and provide recommendations for continuous improvement.Participate in knowledge sharing.510/14/11
- 6. Penetration/Security Testers - ToolsPenetration testers and security testers usually have: a laptop computerconfigured with multiple Operating Systems.hacking tools. The BackTrack DVD accompanying the course textbook contains the Linux OS and many tools needed to conduct actual network attacks.This collection of tools for conducting vulnerability assessments and attacks is sometimes referred to as a “tiger box.” You can order tiger boxes on the Internet, but if you want to gain more experience, you can install multiple OSs and security tools on your own system. Learning how to install an OS isn’t covered in this book, but you can find books on this topic easily. The procedure for installing security tools varies, depending on the OS.“Red Team” – team that conducts penetration tests.610/14/11
- 7. Certification Programs for Network Security PersonnelInternational Council of Electronic Commerce Consultants (EC-Council) has => certification designation called Certified Ethical Hacker (CEH).Currently, the multiple-choice CEH exam is based on 22 domains (See http://www.eccouncil.org ) for the most up to-date information. The 22 domains tested for the CEH exam are as follows:710/14/11Ethics and legal issuesFoot printingScanningEnumerationSystem hackingTrojans and backdoorsSniffersDenial of serviceSocial engineeringSession hijackingHacking Web serversWeb application vulnerabilitiesWeb-based password-cracking techniquesStructured Query Language (SQL) injectionHacking wireless networksViruses and wormsPhysical securityHacking LinuxIntrusion detection systems (IDSs), firewalls, and honeypotsBuffer overflowsCryptographyPenetration-testing methodologies
- 8. Certification Programs for Network Security PersonnelThe Open Source Security Testing Methodology Manual (OSSTMM) Professional Security Tester (OPST) certification => Institute for Security and Open Methodologies (ISECOM) OSSTMM), written by Peter Herzog, is one of the most widely used security testing methodologies to date and is available on the DVD accompanying the course textbook. Seehttp://www.isecom.org for updated information regarding OPST certification– which includes the following topics:Professional—Rules of engagement (defining your conduct as a security tester)Enumeration—Internet packet types, denial-of-service testingAssessments—Network surveying, controls, competitive intelligence scoutingApplication—Password cracking, containment measuresVerification—Problem solving, security testing810/14/11
- 9. Certified Information Systems Security Professional Certification - CISSPThe Certified Information Systems Security Professional (CISSP) certificationfor security professionals is issued by the International Information Systems Security Certification Consortium (ISC2). 0CISSP certification isn’t geared toward the technical IT professionalThe exam doesn’t require testers to have technical knowledge in IT; it tests security-related managerial skills. CISSPs are usually more concerned with policies and procedures than the actual tools for conducting security tests or penetration tests, so they don’t need the skills of a technical IT professional. ISC2 requires exam takers to have five years’ experience before taking the five-hour exam.The exam covers questions from the following 10 domains:Access control systems and methodologyTelecommunications and network securitySecurity management practicesApplication and systems development securityCryptographySecurity architecture and modelsOperations securityBusiness continuity planning and disaster recovery planningLaws, investigations, and ethicsPhysical securityFor more information on this certification, visit www.isc2.org.910/14/11
- 10. SANS Institute - The SysAdmin, Audit, Network, Security (SANS) Instituteoffers training and IT security certifications through Global Information Assurance Certification (GIAC). disseminates research documents on computer and network security worldwide at no cost. One of the most popular SANS Institute documents is the Top 20 list, which details the most common network exploits and suggests ways of correcting vulnerabilities. This list offers a wealth of information for penetration testers or security professionals.For more information on security certification exams, visit www.sans.orgor www.giac.org .1010/14/11
- 11. What you can do legally1110/14/11Keep abreast of federal, state and local laws – they differ from state to state – see www.ncsl.orgRead and understand your ISPs “Acceptable Use Policy” (slow downs, preventing access, etc.)Ethical Hackers – “get it in writing” and have contract reviewed by attorneyRecent federal activity regarding cybercrime – US Cyber Command, Patriot Act, Homeland Security Act, Computer Fraud and Abuse Act, Stored Wired and Electronics Communications Act
- 12. What You Can’t Do Legally (New York State)1210/14/11New York Penal LawN.Y. Penal Law § 155.00 Larceny; definitions of termsN.Y. Penal Law § 156.00 Offenses involving computers; definitions of termsN.Y. Penal Law § 156.05 Unauthorized use of a computerN.Y. Penal Law § 156.10 Computer trespassN.Y. Penal Law § 156.20 Computer tampering in the fourth degreeN.Y. Penal Law § 156.25 Computer tampering in the third degreeN.Y. Penal Law § 156.26 Computer tampering in the second degreeN.Y. Penal Law § 156.27 Computer tampering in the first degreeN.Y. Penal Law § 156.29 Unlawful duplication of computer-related material in the second degreeN.Y. Penal Law § 156.30 Unlawful duplication of computer-related material in the first degreeN.Y. Penal Law § 156.35 Criminal possession of computer related materialN.Y. Penal Law § 156.50 Offenses involving computers; defenses
- 13. Practical Exercise - Examining the Top 20 List1310/14/11Time Required: 15 minutesObjective: Examine the SANS list of the most common network exploits.Description: As fast as IT security professionals attempt to correct network vulnerabilities, someone creates new exploits, and network security professionals must keep up to date on these exploits. In this activity, you examine some current exploits used to attack networks. Don’t worry—you won’t have to memorize your findings. This activity simply gives you an introduction to the world of network security. Be aware that Web sites change often. You might have to dig around to find the information you’re looking for. Think of it as practice for being a skilled security tester.1. Start your Web browser, and go to www.sans.org .2. Under Free Resources, click the Top Cyber Security Risks. 3. Read the contents of the SANS Top Cyber Security Risks. (Note that this document changes often to reflect the many new exploits created daily.) The list is organized into several categories, including server-side and client-side vulnerabilities.4. Click a few links to investigate some client side vulnerabilities. 5. Go back to the Top Cyber Security Risks, and in the section on server-side vulnerabilities, click the Unix and Mac OS Services link.6. Pick a risk (client or server side) and be prepared to summarize it for the rest of the class. How best to prevent the vulnerability? 7. When you’re finished, exit your Web browser.
- 14. Ethical Hacking in a Nutshell1410/14/11The skills a security tester needs to help determine whether you have what it takes to do this job:Knowledge of network and computer technologyTCP/IP and routing conceptsbe able to read network diagrams. good understanding of computer technologies and OSs (particular attention to *nix (UNIX and Linux) systemsWindows Oss Ability to communicate with management and IT personnel—good listeners be able to communicate verbally and in writing with members of management and IT personnelreports should be clear and succinct offer constructive feedback and recommendations.An understanding of the laws that apply to your locationas a security tester, you must be aware of what you can and can’t do legallycan be difficult when working with global companies, as laws can vary widely in other countries.Ability to apply the necessary tools to perform your tasksgood understanding of tools for conducting security testsbe able to think outside the boxDiscoveringCreatingmodifying tools when current tools don’t meet your needs.
- 15. Summary1510/14/11Many companies hire ethical hackers to perform penetration and/or security tests. penetration tests discover vulnerabilities in a network. security tests are typically performed by a team of people with varied skills“red team” recommends solutions for addressing vulnerabilities.Penetration tests white box modelblack box modelgray box model. Security testers can earn certifications from multiple sourcesCEH CISSPOPST Be aware of what you’re legally allowed or not allowed to do. Contacting your local law enforcement agency is a good place to start before beginning any security testing.Your ISP might have an acceptable use policy in the contract you signed. Could limit your ability to use many of the tools available to security testers. Running scripts or programs not authorized by the ISP can result in termination of services.State and federal laws pertaining to computer crime should be understood before conducting a security test.Federal laws are applicable for all states, whereas state laws can vary.Being aware of the laws that apply is imperative.Get it in writing. Have the client sign a written contract allowing you to conduct penetration testing before you begin is critical. You should also have an attorney read the contract, especially if you or the company representative made any modifications.You need to understand the tools available to conduct security tests.