Data & Software Security

Computer science / Cybersecurity

Lab 03
Introduction to
Ethical Hacking
What You Can Do Legally

• Laws involving technology change as rapidly as

technology itself
• Find what is legal for you locally
• Laws change from place to place

• Be aware of what is allowed and what is not allowed

2
Laws of the Land

• Tools on your computer might be illegal to possess

• Contact local law enforcement agencies before installing
hacking tools
• Written words are open to interpretation
• Governments are getting more serious about punishment
for cybercrimes

3
Is Port Scanning Legal?
 Some states deem it legal
 Not always the case
 Federal Government does not see it as a violation
▪ Allows each state to address it separately
 Read your ISP’s “Acceptable Use Policy”
 IRC “bots” may be forbidden
▪ Program that sends automatic responses to users
▪ Gives the appearance of a person being present

4
What You Cannot Do Legally

• Accessing a computer without permission is illegal

• Other illegal actions
• Installing worms or viruses
• Denial of Service attacks
• Denying users access to network resources
• Be careful your actions do not prevent customers from doing their
jobs
5
Ethical Hacking in a Nutshell

• What it takes to be a security tester

• Knowledge of network and computer technology
• Ability to communicate with management and IT personnel
• Understanding of the laws
• Ability to use necessary tools

6
Risk and Its Protection by Implementing CIA
CIA Risk Control
Confidentiality Loss of privacy. Encryption.
Unauthorized access to Authentication. Access
information. Control
Identity theft.
Integrity Information is no longer reliable Maker/Checker. Quality
or accurate. Fraud. Assurance.
Audit Logs
Availability Business disruption. Loss of Business continuity.
customer’s confidence. Loss of Plans and test. Backup
revenue. storage. Sufficient
capacity.
7
Information Security Threats and Attack Vectors

8
Information Security Threats and Attack Vectors
• Network Threats
• Information gathering
• Sniffing & Eavesdropping Spoofing
• Session hijacking
• Man-in-the-Middle Attack
• DNS & ARP Poisoning
• Password-based Attacks
• Denial-of-Services Attacks
Compromised Key Attacks
• Firewall & IDS Attacks
• Host Threats
• Malware Attacks
• Footprinting
• Password Attacks
• Denial-of-Services Attacks
• Arbitrary code execution
• Unauthorized Access
• Privilege Escalation
• Backdoor Attacks
• Physical Security Threats
9
Information Security Threats and Attack Vectors

• Application Threats • Mobile Threats

• Improper Data / Input Validation • Data leakage

• Authentication & Authorization
Attack • Unsecured Wi-Fi
• Security Misconfiguration • Network Spoofing
• Information Disclosure
• Broken Session Management
• Phishing Attacks
• Buffer Overflow Issues • Spyware
• Cryptography Attacks • Broken Cryptography
• SQL Injection
• Improper Error handling & Exception
• Improper Session Handling
Management
10
Hacking Phases

Reconnaissance
Scanning Gaining Access
and Footprinting

Maintaining
Clearing Tracks
Access

11
Reconnaissance
• Reconnaissance is an initial preparing phase for the attacker to get ready for
an attack by gathering the information about the target before launching an
attack using different tools and techniques.

• Gathering of information about the target makes it easier for an attacker, even
on a large scale. Similarly, in large scale, it helps to identify the target range.

12
Type of Reconnaissance
• In Passive Reconnaissance, the hacker is acquiring the information about
target without interacting the target directly.
• An example of passive reconnaissance is public or social media
searching for gaining information about the target.

• Active Reconnaissance is gaining information by acquiring the target

directly.
• Examples of active reconnaissance are via calls, emails, help desk or
technical departments.

13
Scanning
• Scanning phase is a pre-attack phase. In this phase, attacker scans the
network by information acquired during the initial phase of
reconnaissance.
• Scanning tools include Dialler, Scanners such as Port scanners,
Network mappers, client tools such as ping, as well as vulnerabilities
scanner.

• During the scanning phase, attacker finally fetches the information of

ports including port status, operating system information, device type, live
machines, and other information depending upon scanning.

14
Gaining Access
• Gaining access phase of hacking is the point where the hacker gets the
control over an operating system, application or computer network.
• Control gained by the attacker defines the access level such as operating
system level, application level or network level access.
• Techniques include password cracking, denial of service, session hijacking
or buffer overflow and others are used to gain unauthorized access. After
accessing the system; the attacker escalates the privileges to obtain
complete control over services and process and compromise the connected
intermediate systems.

15
Maintaining Access / Escalation of Privileges

• Maintaining access phase is the point when an attacker is trying to maintain

the access, ownership & control over the compromised systems.
• Similarly, attacker prevents the owner from being owned by any other hacker.
They use Backdoors, Rootkits or Trojans to retain their ownership.
• In this phase, an attacker may steal information by uploading the information
to the remote server, download any file on the resident system, and
manipulate the data and configuration. To compromise other systems, the
attacker uses this compromised system to launch attacks.

16
Clearing Tracks

• An attacker must hide his identity by covering the tracks.

Covering tracks are those activities which are carried out
to hide the malicious activities.

• Covering track, clearing the identity and evidence, the

attacker overwrites the system, application, and other
related logs to avoid suspicion.
17
Technical Skills of an Ethical Hacker

1. Ethical Hacker has in-depth knowledge of almost all operating

systems, including all popular, widely- used operating systems such
as Windows, Linux, Unix, and Macintosh.
2. These ethical hackers are skilled at networking, basic and detailed
concepts, technologies, and exploring capabilities of hardware and
software.
3. Ethical hackers must have a strong command over security areas,
related issues, and technical domains.
4. They must have detailed knowledge of older, advanced, sophisticated
attacks.
18
Non-Technical Skills of an Ethical Hacker

1. Learning ability
2. Problem-solving skills
3. Communication skills
4. Committed to security policies
5. Awareness of laws, standards, and regulations.

19
Mind Map

20
Network Vulnerability Assessment Methodology

21