Introduction to Ethical Hacking

au
Last updated 8 months ago

Overview

Terminology

  • Hack Value: Notion among hackers that something is worth doing or interesting

  • Vulnerability: Existence of a weakness, design, or implementation error that can lead to an expected event compromising the security of the system

  • Exploit: A breach of IT system security through vulnerabilities

  • Payload: Part of an exploit code that perform the intended malicious action

  • Zero-Day Attack: An attack that exploits computer app vulnerabilities before the software developer releases a patch for the vulnerability

  • Daisy Chaining: Gaining access to one network and/or computer and then using the same info to gain access to multiple networks and computer that contains desirable info

  • Doxing: Publishing personally identifiable information

  • Bot: software app that can be controlled remotely to execute or automate pre-defined tasks

Elements of Information Security

  • Non-Repudiation: Sender of a message cannot later deny having sent the message

  • Confidentiality: Only authorized users able to view content

  • Integrity: Trustworthiness of data or resource in prevention of unauthorized changes

  • Availability: assurance systems are accessible

  • Authenticity: The quality of being genuine

Threats and Attack Vectors

  • Cloud computing: is an on-demand delivery of IT capabilities, and stores data. Must be secure

  • Advanced Persistent Threats: APT focus on stealing info from victim machine w/o user aware

  • Viruses and Worms: Capable of infecting a network within seconds

  • Mobile Threats: Many attackers see mobile phone as a way to gain access

  • Botnet: huge network of compromised systems

  • Insider Attack: an attack performed on a corporate network by an entrusted person w/ access

  • Threat categories:

    • Network Threats

    • Host Threats

    • Application Threats

  • Types of Attacks:

    • OS Attacks

    • Mis-Config attacks

    • App Level Attacks,

    • Shrink Wrap Code Attacks

Hacking Concepts, Types, Phases

Hacking: Exploiting system vulnerabilities and compromising security

Five Phases of Hacking:

  • Reconnaissance - Preparation phase when an attacker seeks to gather information Does not directly interact with the system, and relies on social engineering and public info.

  • Scanning - Identify specific vulnerabilities (in-depth probing) Using Port scanners to

    detect listening ports (companies should shut down ports that are not required)

  • Gaining Access - Using vulnerabilities identified during reconnaissance [DoS, Logic/Time

    Exploit, reconfiguring/crashing system]

  • Maintaining Access - Keeping a low profile, keeping system as a launch pad, etc

  • Clearing Tracks - Hiding malicious acts while continuing to have access, avoiding

    suspicion

Security Controls

Information Assurance

Threat Modeling

  1. Identify Security Objectives

  2. Application overview

  3. Decompose Application

  4. Identify Threats

  5. Identify Vulnerabilities

Network Security Zoning (High to Low)

  • Internet Zone

  • Internet DMZ

  • Production Network Zone

  • Intranet Zone

  • Management Network Zone

Security Policies

Information security policy defines basic requirements and rules to be implemented in order to protect and secure organizations information systems.

4 Types of Security Policies

  • Promiscuous Policy

  • Permissive Policy

  • Prudent Policy

  • Paranoid Policy

Vulnerability Assessments

Types of Assessments

  • Active Assessments

  • Passive Assessments

  • Host-Based assessment

  • Internal Assessment

  • External Assessment

  • Application Assessments

  • Network Assessments

  • Wireless Network Assessments

Methodology of Assessments

  • Acquisition

  • Identification

  • Analyzing

  • Evaluation

  • Reports

Penetration Testing

Penetration Testing: Simulating an attack to find out vulnerabilities

  • Blue Team: Detect and Mitigate

  • Red Team: Attack w/ limited access w/ or w/o warning

Types of Penetration Testing

  • Black-Box (no prior knowledge)

  • White-Box (complete knowledge)

  • Grey-Box (limited knowledge)

Security Testing Methodologies

  • OWASP

  • NIST

Security Laws and Standards

United States

Laws

  • Sarbanes Oxley Act (SOX) -Protect investors and public by increasing reliability of

    corporate disclosures

  • Digital Millennium Copyright Act (DMCA) - Protects intellectual property

  • Gramm-Leech Bliley Act (GLBA) - Controls use of personal financial data

  • Health Information Portability and Protection Act (HIPPA) - Privacy for medical records

  • Family Educational Rights and Privacy Act (FERPA) - Protection for education records

  • Federal Information Security Management Act (FISMA) - Government networks must have security standards

Standards

  • Payment card Industry Data Security Standard (PCI-DSS) -Payment Systems

Europe

Laws

  • Computer Misuse Act of 1990 - Addresses hacking activities

  • Human Rights Act of 1990 - Ensures Privacy