Ceh v5 module 01 introduction to ethical hacking

Module I
Introduction to Ethical
Hacking
Ethical Hacking
Version 5

EC-Council
Copyright © by EC-Council
All Rights reserved. Reproduction is strictly prohibited
Module Objective
This module will familiarize you with the following:
Importance of Information security in today’s world
Elements of security
Various phases of the Hacking Cycle
Types of hacker attacks
Hacktivism
Ethical Hacking
Vulnerability research and tools that assist in the same
Steps for conducting ethical hacking
Computer crimes and implications
Cyber Laws prevailing in various parts around the World

EC-Council
Module Flow
Importance of security
Legal perspective
Phases to perform
malicious hacking
Elements of security
Ethical Hacking
Hacktivism
Computer crimes
and implicationsTypes of hacker attacks
Conducting ethical hacking
vulnerability research
and tools

EC-Council
Problem Definition – Why Security?
Evolution of technology
focused on ease of use
Decreasing skill level needed for exploits
Increased network
environment and network
based applications

EC-Council
Essential Terminologies
Threat – An action or event that
might compromise security. A
threat is a potential violation of
security
Vulnerability – Existence of a weakness,
design, or implementation error that can
lead to an unexpected, undesirable event
compromising the security of the system
Target of Evaluation – An IT system,
product, or component that is
identified/subjected as requiring security
evaluation
Attack – An assault on system security
that derives from an intelligent threat. An
attack is any action that violates security
Exploit – A
defined way to
breach the
security of an IT
system through
vulnerability

EC-Council
Elements of Security
Security – A state of well-being of
information and infrastructures in
which the possibility of successful
yet undetected theft, tampering,
and disruption of information and
services is kept low or tolerable
Security rests on confidentiality,
authenticity, integrity, and availability
•Confidentiality – The
concealment of information or
resources
•Authenticity – The identification
and assurance of the origin of
information
•Integrity – The trustworthiness
of data or resources in terms of
preventing improper and
unauthorized changes
•Availability – The ability to use
the information or resource
desired
Any hacking event will affect any one or
more of the essential security elements

EC-Council
The Security, Functionality, and Ease
of Use Triangle
The number of exploits gets minimized when the number of
weaknesses is reduced => greater security
Takes more effort to conduct same task => reduced functionality
Functionality
Ease of Use
Security
Moving the ball towards
security means moving
away from functionality
and ease of use

EC-Council
What Does a Malicious Hacker Do?
Reconnaissance
• Active/passive
Scanning
Gaining access
• Operating system
level/application level
• Network level
• Denial of service
Maintaining access
• Uploading/altering/
downloading programs
or data
Clearing tracks
Clearing
Tracks
Maintaining
Access
Gaining
Access
Scanning
Reconnaissance

EC-Council
Phase 1 - Reconnaissance
Reconnaissance refers to the preparatory phase where an attacker
seeks to gather as much information as possible about a target of
evaluation prior to launching an attack
Business Risk: Notable - Generally noted as "rattling the door
knobs" to see if someone is watching and responding
Could be future point of return when noted for ease of entry for an
attack when more about the target is known on a broad scale

EC-Council
Reconnaissance Types
Passive reconnaissance involves
acquiring information without
directly interacting with the
target
For example, searching public
records or news releases
Active reconnaissance involves
interacting with the target directly
by any means
For example, telephone calls to the
help desk or technical department

EC-Council
Phase 2 - Scanning
Scanning refers to the pre-attack phase when the hacker scans the
network for specific information on the basis of information
gathered during reconnaissance
Business Risk: High – Hackers have to get a single point of entry
to launch an attack
Scanning can include use of dialers, port scanners, network
mapping, sweeping, vulnerability scanners, and so on
NMAP Scanner
Front End

EC-Council
Phase 3 - Gaining Access
Gaining Access refers to the penetration phase. The hacker exploits the
vulnerability in the system
The exploit can occur over a LAN, the Internet, or as a deception or theft.
Examples include buffer overflows, denial of service, session hijacking, and
password cracking
Influencing factors include architecture and configuration of the target
system, the skill level of the perpetrator, and the initial level of access
obtained
Business Risk: Highest – The hacker can gain access at the operating system
level, application level, or network level

EC-Council
Phase 4 - Maintaining Access
Maintaining Access refers to the phase when the hacker tries to
retain his ownership of the system
The hacker has compromised the system
Hackers may harden the system from other hackers as well (to own
the system) by securing their exclusive access with Backdoors,
RootKits, or Trojans
Hackers can upload, download, or manipulate data, applications,
and configurations on the owned system

EC-Council
Phase 5 - Covering Tracks
Covering Tracks refers to the activities that the hacker undertakes
to hide his misdeed
Reasons include the need for prolonged stay, continued use of
resources, removing evidence of hacking, or avoiding legal action
Examples include Steganography, tunneling, and altering log files

EC-Council
Types of Hacker Attacks
There are several ways an attacker can gain access to a
system
The attacker must be able to exploit a weakness or
vulnerability in a system
Attack Types:
1. Operating System attacks
2. Application-level attacks
3. Shrink Wrap code attacks
4. Misconfiguration attacks

EC-Council
1. Operating System Attacks
Today’s Operating systems are
complex in nature
Operating Systems run many
services, ports and modes of access
and requires extensive tweaking to
lock them down
The default install of most
operating systems has large
numbers of services running and
ports open
Applying patches and hotfixes are
not so easy in today’s complex
network
Attackers look for OS
vulnerabilities and exploit them to
gain access to a network system

EC-Council
2. Application Level Attacks
Software developers are under tight
schedules to deliver products on time
Extreme Programming is on the rise in
software engineering methodology
Software applications come with tons of
functionalities and features
There is not enough time to perform
complete testing before releasing
products
Security is often an afterthought and
usually delivered as "add-on”
component
Poor or non-existent error checking in
applications which leads to “Buffer
Overflow Attacks”

EC-Council
3. Shrink Wrap Code Attacks
Why reinvent the wheel when you
can buy off-the-shelf “libraries”
and code?
When you install an
OS/Application, it comes with
tons of sample scripts to make the
life of an administrator easy
The problem is “not fine
tuning” or customizing these
scripts
This will lead to default code or
shrink wrap code attack

EC-Council
4. Misconfiguration Attacks
Systems that should be fairly secure are hacked into because they
were not configured correctly
Systems are complex and the administrator does not have the
necessary skills or resources to fix the problem
Most often the administrator will create a simple configuration that
works
In order to maximize your chances of configuring a machine
correctly, remove any unneeded services or software

EC-Council
Remember This Rule!
If a hacker wants to get
inside your system, he will
and there is nothing you can
do about it
The only thing you can do is
make it harder for him to
get in

EC-Council
Hacktivism
Refers to the idea of hacking with or for a
cause
Comprises hackers with a social or political
agenda
Aims at sending a message through their
hacking activity and gaining visibility for their
cause and themselves
Common targets include government
agencies, MNCs, or any other entity perceived
as bad or wrong by these groups or individuals
It remains a fact, however, that gaining
unauthorized access is a crime, no matter what
the intent

EC-Council
Hacker Classes
Black Hats
Individuals with extraordinary
computing skills, resorting to
malicious or destructive
activities. Also known as
crackers
White Hats
Individuals professing hacker
skills and using them for
defensive purposes. Also known
as security analysts
Gray Hats
Individuals who work both
offensively and defensively at
various times
Suicide Hackers
Individuals who will aim to bring
down critical infrastructure for a
"cause" and not worry about facing
30 years in jail for their actions

EC-Council
Ethical Hacker Classes
Former Black Hats
– Reformed crackers
– First-hand experience
– Lesser credibility perceived
White Hats
– Independent security
consultants (may be groups as
well)
– Claim to be knowledgeable
about black hat activities
Consulting Firms
– Part of ICT firms
– Good credentials

EC-Council
What Do Ethical Hackers Do?
“If you know the enemy and know yourself, you need
not fear the result of a hundred battles”
– Sun Tzu, Art of War
Ethical hackers try to answer the
following questions:
What can the intruder see on the
target system? (Reconnaissance
and Scanning phases)
What can an intruder do with
that information? (Gaining
Access and Maintaining Access
phases)
Does anyone at the target notice
the intruders’ attempts or
successes? (Reconnaissance and
Covering Tracks phases)
If hired by any organization, an
ethical hacker asks the organization
what it is trying to protect, against
whom, and what resources it is willing
to expend in order to gain protection

EC-Council
Can Hacking be Ethical?
Hacker refers to a person who
enjoys learning the details of
computer systems and how to
stretch their capabilities
Hacking describes the rapid
development of new programs or the
reverse engineering of already existing
software to make the code better and
more efficient
Cracker refers to a person who uses
his hacking skills for offensive
purposes
Ethical hacker refers to
security professionals who
apply their hacking skills for
defensive purposes

EC-Council
How to Become an Ethical Hacker?
To become an ethical hacker you must
meet the following requirements:
Should be proficient with programming
and computer networking skills
Should be familiar with vulnerability
research
Should have mastery in different hacking
techniques
Should be prepared to follow a strict
code of conduct

EC-Council
Skill Profile of an Ethical Hacker
A computer expert adept at
technical domains
Has in-depth knowledge of target
platforms, such as Windows,
Unix, and Linux
Has exemplary knowledge of
networking and related hardware
and software
Knowledgeable about security
areas and related issues
In other words you must be
“highly technical” to launch
sophisticated attacks

EC-Council
What is Vulnerability Research?
Discovering vulnerabilities and design weaknesses that
will open an operating system and its applications to
attack or misuse
Includes both dynamic study of products and
technologies and ongoing assessment of the hacking
underground
Relevant innovations are released in the form of alerts
and are delivered within product improvements for
security systems
Can be classified based on:
• Severity level (low, medium, or high)
• Exploit range (local or remote)

EC-Council
Why Hackers Need Vulnerability
Research?
To identify and correct network vulnerabilities
To protect the network from being attacked by intruders
To get information that helps prevent security problems
To gather information about viruses
To find weaknesses in the network and to alert the network
administrator before a network attack
To know how to recover from a network attack

EC-Council
Vulnerability Research Tools
US-CERT publishes information regarding a variety of
vulnerabilities in “US-CERT Vulnerabilities Notes”
Similar to alerts but contain less information
Does not contain the solutions to all the vulnerabilities
Contains vulnerabilities that meet certain criteria
Contains information that is useful to the administrator
Vulnerability notes can be searched by several key fields:
name, vulnerability ID number, and CVE-name
Can be cross checked with the Common Vulnerabilities and
Exposures (CVE) catalog

EC-Council
Vulnerability Research Websites
www.securitytracker.com
www.microsoft.com/security
www.securiteam.com
www.packetstormsecurity.com
www.hackerstorm.com
www.hackerwatch.org

EC-Council
Secunia (secunia.com/product/)
Secunia monitors vulnerabilities in more than 9,500 products

EC-Council
Hackerstorm Vulnerability Database
Tool (www.hackerstorm.com)
You can search CVS Vulnerability database using this tool
– Updates provided daily and are free
– You can view Vulnerability database offline (without Internet
access)
– Easy to use Web-based GUI, requires a browser with flash
– Data includes description, solution, attack type, external
references, and credit
– Source is available for those who wish to contribute and enhance
the tool
– Data is provided by www.osvdb.org and its contributors

EC-Council
Hackerstorm

EC-Council
HackerWatch
www.hackerwatch.org
HackerWatch lets you report and share
information that helps identify, combat,
and prevent the spread of Internet threats
and unwanted network traffic
HackerWatch provides reports and
graphical up-to-date snapshots of unwanted
Internet traffic and threats
Snapshots include critical port incidents
graphs, worldwide port activity statistics,
and target and source maps showing
unwanted traffic and potential threats to
Internet security

EC-Council
Zone-h.org Reports Web Page
Defacement Mirror Images
Zone-h.org reports web attacks and cybercrimes as an
independent observatory and lists them on their website
You will be able to see tons of defaced webpages
The list is updated every day

EC-Council
MILWORM

EC-Council
How to Conduct Ethical Hacking?
Step 1: Talk to your client on the needs of testing
Step 2: Prepare NDA documents and ask the client to sign them
Step 3: Prepare an ethical hacking team and draw up schedule for
testing
Step 4: Conduct the test
Step 5: Analyze the results and prepare a report
Step 6: Deliver the report to the client
Note: In-depth Penetration Testing methodology is covered in EC-
Council’s LPT program

EC-Council
How Do They Go About It?
Any security evaluation involves three components:
Preparation – In this phase, a formal
contract is signed that contains a non-
disclosure clause as well as a legal clause
to protect the ethical hacker against any
prosecution that might otherwise attract
during the conduct phase. The contract
also outlines infrastructure perimeter,
evaluation activities, time schedules, and
resources available to him
Conduct – In this
phase, the evaluation
technical report is
prepared based on
testing potential
vulnerabilities
Conclusion – In this
phase, the results of
the evaluation are
communicated to
the organization or
sponsors and
corrective action is
taken if needed

EC-Council
Approaches to Ethical Hacking
Remote network – This
approach attempts to
simulate an intruder
launching an attack over the
Internet
Remote dial-up network –
This approach attempts to
simulate an intruder
launching an attack against
the client’s modem pools
Local network – This
approach simulates an
employee with legal access
gaining unauthorized access
over the local network
Stolen equipment – This approach
simulates theft of a critical
information resource, such as a laptop
owned by a strategist that was taken
from its owner and given to the ethical
hacker
Social engineering – This approach
attempts to check the integrity of the
organization’s employees
Physical entry – This approach
attempts to physically compromise
the organization’s ICT infrastructure

EC-Council
Ethical Hacking Testing
There are different forms of security testing. Examples include
vulnerability scanning, ethical hacking, and penetration testing
Approaches to testing are shown below
•Black box – With no prior knowledge of the infrastructure to be
tested
•White box – With a complete knowledge of the network
infrastructure
•Gray box – Also known as Internal Testing. Examines the extent of
access by insiders within the network

EC-Council
Ethical Hacking Deliverables
An Ethical Hacking Report :
Details the results of the hacking activity,
matching it against the work schedule
decided prior to the conduct phase
Vulnerabilities are detailed and prevention
measures suggested. Usually delivered in
hard copy format for security reasons
Issues to consider – Nondisclosure
clause in the legal contract (availing the
right information to the right person),
integrity of the evaluation team,
sensitivity of information

EC-Council
Summary
Security is critical across sectors and industries
Ethical Hacking is a methodology to simulate a
malicious attack without causing damage
Hacking involves five distinct phases
Security evaluation includes preparation, conduct, and
evaluation phases
Cyber crime can be differentiated into two categories
U.S. Statutes ξ 1029 and 1030 primarily address cyber
crime

Ceh v5 module 01 introduction to ethical hacking

Recommended

More Related Content

What's hot (20)

Viewers also liked (20)

Similar to Ceh v5 module 01 introduction to ethical hacking (20)

More from Vi Tính Hoàng Nam (20)

Ceh v5 module 01 introduction to ethical hacking