Hands-On Ethical Hacking

and Network Defense, 3rd

Edition

Chapter 1
Ethical Hacking Overview
Adapted from Cengage Hands-On Ethical Hacking and Network Defense, 3rd Edition, 2017
 Objectives

After completing this chapter, you will be able to:

• Describe the role of an ethical hacker
• Describe what you can do legally as an ethical
hacker
• Describe what you can’t do as an ethical hacker

SEC432 Ethical Hacking @Zayed University 2

 Introduction to Ethical Hacking
• Hackers
– Access computer system or network without
authorization
• Breaks the law; can go to prison
• Crackers
– Break into systems to steal or destroy data, or
remove protections from IP.
• U.S. Department of Justice calls both hackers
• Ethical hacker
– Performs most of the same activities with owner’s
permission
SEC432 Ethical Hacking @Zayed University 3
 Ethical Hacking vs Pen Testing
• Both Offensive Security roles
– No difference from learning perspective
• Penetration testing aims to find vulnerabilities,
malicious content and risks.
– The goal is to strengthen the security posture.
– Penetration test narrow focus and regular event
• Attempt to break into a company’s network to find the
weakest link without causing any damage
• Minimize the possibility of a successful attack but no
comprehensive security answers.
– Internal/External?

SEC432 Ethical Hacking @Zayed University 4

 Ethical Hacking vs Pen Testing
• Ethical hackers are more comprehensive/broader
– Identify vulnerabilities and fix them before the
hackers exploit them.
Penetration Testing Ethical Hacking
Security assessment on specific IT systems Assesses all system security flaws through
many hacking approaches, including pen
testing
Knowledge/skills in the specific area Wider and thorough knowledge
• Vulnerability assessment: attempts to enumerate
all vulnerabilities found in an application/system
• Security test
– Besides a break in attempt; includes analyzing
company’s security policy and procedures
5
*Source: InfoSec Institute.
 The Role of Security and Penetration
Testers
• Script kiddies or packet monkeys
– Younger, inexperienced hackers who copy codes
from knowledgeable hackers
• Hacktivist
– A person who hacks computer systems for political
or social reasons
• Penetration testers usually have:
– A laptop computer with multiple OSs and hacking
tools

SEC432 Ethical Hacking @Zayed University 6

 The Role of Security and Penetration
Testers
• Programming languages used by experienced
penetration testers
– Python, Ruby, Practical Extraction and Report
Language (Perl), C language
• Script
– Set of instructions
– Runs in sequence to perform tasks

SEC432 Ethical Hacking @Zayed University 7

 The Role of Security and Penetration
Testers
• Job requirements for a penetration tester might
include:
– Perform vulnerability, attack, and penetration
assessments in Intranet and wireless environments
– Perform discovery and scanning for open ports
– Apply appropriate exploits to gain access
– Participate in activities involving application
penetration
– Produce reports documenting discoveries
– Debrief with the client at the conclusion

SEC432 Ethical Hacking @Zayed University 8

 Penetration-Testing Methodologies
• White box model
– Tester is told about network topology and technology
• May be given a floor plan
– Tester is permitted to interview IT personnel and
company employees
• Makes tester’s job a little easier
• Black box model
– Staff does not know about the test
– Tester is not given details about technologies used
• Burden is on tester to find details
– Tests security personnel’s ability to detect an attack
SEC432 Ethical Hacking @Zayed University 9
 Penetration-Testing Methodologies
• Gray box model
– Hybrid of the white and black box models
– Company gives tester partial information (e.g., OSs
are used, but no network diagrams)

SEC432 Ethical Hacking @Zayed University 10

 Certification Programs for Network
Security Personnel
• Certification programs
– Available in almost every area of network security
• Highly revered and required by industry to secure a
job in ethical hacking/penetration testing
• Minimum certification
– CompTIA Security+ or equivalent knowledge
• Prerequisite for Security+ certification is CompTIA
Network+

SEC432 Ethical Hacking @Zayed University 11

 Offensive Security Certified
Professional/Expert
• OSCP/OSCE
– An advanced certification that require students to
demonstrate hands-on abilities to earn it
– Covers network and application exploits
– Gives students experience in developing
rudimentary buffer overflows, writing scripts to collect
and manipulate data, and trying exploits on
vulnerable systems
– It is a notoriously difficult and lengthy exam but is
well worth the effort!
– Retired Cracking the Perimeter (CTP) 15/12/20
SEC432 Ethical Hacking @Zayed University 12
 Certified Ethical Hacker/Practical
• Developed by the International Council of
Electronic Commerce Consultants (EC-Council)
– Based on 22 domains (subject areas)
– Web site: www.eccouncil.org
• Most likely be placed on a team that conducts
penetration tests
– Called a Red team
• Conducts penetration tests
• Composed of people with varied skills
• Unlikely that one person will perform all tests

SEC432 Ethical Hacking @Zayed University 13

OSSTMM Professional Security Tester
(OPST)
• Open Source Security Testing Methodology Manual
(OSSTMM) Professional Security Tester
– Designated by the Institute for Security and Open
Methodologies (ISECOM)
– Based on Open Source Security Testing
Methodology Manual (OSSTMM)
• Written by Peter Herzog
– Five main topics (i.e., professional, enumeration,
assessments, application, and verification)
– Web site: www.isecom.org

SEC432 Ethical Hacking @Zayed University 14

Certified Information Systems Security
Professional
• CISSP
– Issued by the International Information Systems
Security Certification Consortium (ISC2)
– Not geared toward technical IT professionals
– Tests security-related managerial skills
• Usually more concerned with policies and procedures
– Consists of ten domains
– Web site: www.isc2.org

SEC432 Ethical Hacking @Zayed University 15

 SANS Institute
• SysAdmin, Audit, Network, Security (SANS)
Institute
– Offers training and IT security certifications through
Global Information Assurance Certification (GIAC)
• Top 25 Software Errors list
– One of the most popular SANS Institute documents
– Details most common network exploits
– Suggests ways of correcting vulnerabilities
– Web site: www.sans.org

SEC432 Ethical Hacking @Zayed University 16

 Which Certification is Best?
• Penetration testers and security testers
– Need technical skills to perform duties effectively
– Must also have:
• A good understanding of networks and the role of
management in an organization
• Skills in writing and verbal communication
• Desire to continue learning
• Danger of certification exams
– Some participants simply memorize terminology
• Don’t have a good grasp of subject matter

SEC432 Ethical Hacking @Zayed University 17

 What Can You Do Legally
• Laws involving technology change as rapidly as
technology itself
– Keep abreast of what’s happening in your area
• Find out what is legal for you locally
– Be aware of what is allowed and what you should
not or cannot do
• Laws vary from state to state and country to country
– Example: In some states, the possession of
lockpicking tools constitutes a crime

SEC432 Ethical Hacking @Zayed University 18

 Laws of the Land
• Some hacking tools on your computer might be
illegal
– Contact local law enforcement agencies before
installing hacking tools
• Laws are written to protect society
– Written words are open to interpretation
– Example: In Hawaii, the state must prove the person
charged had the “intent to commit a crime”
• Government is getting more serious about
cybercrime punishment

SEC432 Ethical Hacking @Zayed University 19

 Laws of the Land

Table 1-1 An overview of recent hacking cases (continues)

SEC432 Ethical Hacking @Zayed University 20

 Is Port Scanning Legal?
• Some states consider it legal
– Not always the case
– Be prudent before using penetration-testing tools
• Federal government does not see it as a violation
– Allows each state to address it separately
• Research state laws
• Read your ISP’s “Acceptable Use Policy”
• Is it illegal in the UAE?
– Students to provide the answer!

SEC432 Ethical Hacking @Zayed University 21

 Is Port Scanning Legal?

Figure 1-2 An example of an acceptable use policy

SEC432 Ethical Hacking @Zayed University 22

 Is Port Scanning Legal?
• IRC “bot”
– Program that sends automatic responses to users
– Gives the appearance of a person being present
• Some ISP’s may prohibit the use of IRC bots
• Now we have social bots, manual or automated AI
robots that might chat with customers or post on
social media.

SEC432 Ethical Hacking @Zayed University 23

 Federal Laws

SEC432 Ethical Hacking @Zayed University 24

 What You Cannot Do Legally
• Illegal actions:
– Accessing a computer without permission
– Destroying data without permission
– Copying information without permission
– Installing viruses that deny users access to network
resources
• Be careful to avoid actions that can prevent client’s
employees from doing their jobs

SEC432 Ethical Hacking @Zayed University 25

 Get It In Writing
• Using a contract is good business
– May be useful in court
• Books on working as an independent contractor
– Getting Started as an Independent Computer
Consultant by Mitch Paioff and Melanie Mulhall
– The Consulting Bible: Everything You Need to Know
to Create and Expand a Seven-Figure Consulting
Practice by Alan Weiss
• Internet can also be a helpful resource
– Free modifiable templates
• Have an attorney read your contract before signing
SEC432 Ethical Hacking @Zayed University 26
 Ethical Hacking in a Nutshell
• Skills needed to be a security tester
– Knowledge of network and computer technology
– Ability to communicate with management and IT
personnel
– An understanding of the laws in your location
– Ability to apply necessary tools to perform your tasks

SEC432 Ethical Hacking @Zayed University 27

 Hacking Steps
1. Reconnaissance: Information Gathering
1. Footprinting
2. Port Scanning
2. Enumeration/Threat-modeling/Vulnerability Analysis
3. Exploitation/Gaining Access/System Hacking
4. Post Exploitation
– Privilege Escalation
– Lateral Movement
– Maintaining Access
5. Clearing Tracks
6. Reporting/Exfiltration
28
 Summary
• Companies hire ethical hackers to perform
penetration tests
– Penetration tests discover vulnerabilities in a
network
– Security tests are performed by a team of people
with varied skills
• Penetration test models
– White box model
– Black box model
– Gray box model

SEC432 Ethical Hacking @Zayed University 29

 Summary
• Security testers can earn certifications
– CEH
– CISSP
– OPST
• As a security tester, be aware
– What you are legally allowed or not allowed to do
• ISPs may have an acceptable use policy
– May limit ability to use tools

SEC432 Ethical Hacking @Zayed University 30

 Summary
• Laws should be understood before conducting a
security test
– Federal laws
– State laws
• Get it in writing
– Use a contract
– Have an attorney read the contract
• Understand tools available to conduct security tests
– Learning how to use them should be a focused and
methodical process

SEC432 Ethical Hacking @Zayed University 31