Ethical hacking presentation_october_2006
-
Upload
umang-patel -
Category
Technology
-
view
4.470 -
download
0
Transcript of Ethical hacking presentation_october_2006
Ethical Hacking for Ethical Hacking for EducatorsEducators
Presented ByPresented By
Regina DeLisse Hartley, Ph.D.Regina DeLisse Hartley, Ph.D.Caldwell Community College & Caldwell Community College &
Technical InstituteTechnical Institute
OverviewOverview
Old School Hackers: History of HackingOld School Hackers: History of Hacking Ec-Council: Certified Ethical HackerEc-Council: Certified Ethical Hacker Learning CompetenciesLearning Competencies Teaching Resources: Ethical Hacking Teaching Resources: Ethical Hacking
TextbooksTextbooks Hacking ToolsHacking Tools Hacker Challenge WebsitesHacker Challenge Websites Additional Web SitesAdditional Web Sites Questions and Answers Questions and Answers
Old School Hackers: Old School Hackers: History of Hacking History of Hacking
PREHISTORY PREHISTORY 1960s: The Dawn of 1960s: The Dawn of
HackingHackingOriginal meaning of the word Original meaning of the word "hack" started at MIT; meant "hack" started at MIT; meant elegant, witty or inspired way elegant, witty or inspired way of doing almost anything; of doing almost anything; hacks were programming hacks were programming shortcutsshortcuts
ELDER DAYS (1970-1979)ELDER DAYS (1970-1979) 1970s: Phone Phreaks and 1970s: Phone Phreaks and
Cap'n Crunch: Cap'n Crunch: One phreak, One phreak, John Draper (aka "Cap'n John Draper (aka "Cap'n Crunch"), discovers a toy Crunch"), discovers a toy whistle inside Cap'n Crunch whistle inside Cap'n Crunch cereal gives 2600-hertz signal, cereal gives 2600-hertz signal, and can access AT&T's long-and can access AT&T's long-distance switching system.distance switching system.
DraperDraper builds a "blue box" builds a "blue box" used with whistle allows used with whistle allows phreaks to make free calls.phreaks to make free calls.
Steve WozniakSteve Wozniak and Steve and Steve Jobs, future founders of Apple Jobs, future founders of Apple Computer, make and sell Computer, make and sell blue boxes.blue boxes.THE GOLDEN AGE (1980-THE GOLDEN AGE (1980-1991)1991)
1980: Hacker Message 1980: Hacker Message Boards and GroupsBoards and GroupsHacking groups form; such as Hacking groups form; such as Legion of Doom (US), Chaos Legion of Doom (US), Chaos Computer Club (Germany).Computer Club (Germany).
1983: Kids' Games1983: Kids' GamesMovie "War Games" Movie "War Games" introduces public to hacking.introduces public to hacking.
THE GREAT HACKER WARTHE GREAT HACKER WAR Legion of DoomLegion of Doom vs Masters of vs Masters of
Deception; online warfare; Deception; online warfare; jamming phone lines.jamming phone lines.
1984: Hacker 'Zines1984: Hacker 'ZinesHacker magazine 2600 Hacker magazine 2600 publication; online 'zine Phrack.publication; online 'zine Phrack.
CRACKDOWN (1986-1994)CRACKDOWN (1986-1994) 1986: 1986: Congress passes Computer Congress passes Computer
Fraud and Abuse Act; crime to Fraud and Abuse Act; crime to break into computer systems.break into computer systems.
11988: The Morris Worm988: The Morris WormRobert T. Morris, Jr., launches self-Robert T. Morris, Jr., launches self-replicating worm on ARPAnet.replicating worm on ARPAnet.
1989: The Germans , 1989: The Germans , the KGB and Kevin the KGB and Kevin Mitnick.Mitnick.
German HackersGerman Hackers arrested for breaking into arrested for breaking into U.S. computers; sold U.S. computers; sold information to Soviet information to Soviet KGB.KGB.
Hacker "The Mentor“Hacker "The Mentor“ arrested; publishes arrested; publishes Hacker's Manifesto. Hacker's Manifesto.
Kevin MitnickKevin Mitnick convicted; first person convicted; first person convicted under law convicted under law against gaining access to against gaining access to interstate network for interstate network for criminal purposes.criminal purposes.
1993: Why Buy a Car 1993: Why Buy a Car When You Can Hack When You Can Hack One?One?Radio station call-in Radio station call-in contest; hacker-fugitive contest; hacker-fugitive Kevin Poulsen and friends Kevin Poulsen and friends crack phone; they crack phone; they allegedly get two Porsches, allegedly get two Porsches, $20,000 cash, vacation $20,000 cash, vacation trips; Poulsen now a trips; Poulsen now a freelance journalist freelance journalist covering computer crime. covering computer crime.
First Def ConFirst Def Con hacking hacking conference in Las Vegasconference in Las Vegas
ZERO TOLERANCE (1994-ZERO TOLERANCE (1994-1998)1998)
1995: The Mitnick 1995: The Mitnick Takedown:Takedown: Arrested Arrested again; charged with again; charged with stealing 20,000 credit card stealing 20,000 credit card numbers. numbers.
1995: Russian Hackers1995: Russian Hackers Siphon $10 million from Siphon $10 million from Citibank; Vladimir Levin, Citibank; Vladimir Levin, leader.leader.
Oct 1998Oct 1998 teenager hacks teenager hacks into Bell Atlantic phone into Bell Atlantic phone system; disabled system; disabled communication at airport communication at airport disables runway lights.disables runway lights.
1999 1999 hackers attack hackers attack Pentagon, MIT, FBI web Pentagon, MIT, FBI web sites.sites.
1999:1999: E-commerce E-commerce company attacked; company attacked; blackmail threats followed blackmail threats followed by 8 million credit card by 8 million credit card numbers stolen. numbers stolen. ((www.blackhat.infowww.blackhat.info; ; www.h2k2.netwww.h2k2.net; ; www.slais.ubc.ca/www.slais.ubc.ca/; ; www.sptimes.comwww.sptimes.com; ; www.tlc.discovery.comwww.tlc.discovery.com))
Ec-Council: Certified Ethical Ec-Council: Certified Ethical HackerHacker
EC-Council has certified IT EC-Council has certified IT professionals from the following professionals from the following
organizations as CEH:organizations as CEH:
Novell, Canon, Hewlett Packard, US Air Force Novell, Canon, Hewlett Packard, US Air Force Reserve, US Embassy, Verizon, PFIZER, HDFC Reserve, US Embassy, Verizon, PFIZER, HDFC Bank, University of Memphis, Microsoft Bank, University of Memphis, Microsoft Corporation, Worldcom, Trusecure, US Department Corporation, Worldcom, Trusecure, US Department of Defense, Fedex, Dunlop, British Telecom, Cisco, of Defense, Fedex, Dunlop, British Telecom, Cisco, Supreme Court of the Philippines, United Nations, Supreme Court of the Philippines, United Nations, Ministry of Defense, UK, Nortel Networks, MCI, Ministry of Defense, UK, Nortel Networks, MCI, Check Point Software, KPMG, Fleet International, Check Point Software, KPMG, Fleet International, Cingular Wireless, Columbia Daily Tribune, Johnson Cingular Wireless, Columbia Daily Tribune, Johnson & Johnson, Marriott Hotel, Tucson Electric Power & Johnson, Marriott Hotel, Tucson Electric Power Company, Singapore Police Force Company, Singapore Police Force
PriceWaterhouseCoopers, SAP, Coca-Cola PriceWaterhouseCoopers, SAP, Coca-Cola Corporation, Quantum Research, US Military, IBM Corporation, Quantum Research, US Military, IBM Global Services, UPS, American Express, FBI, Global Services, UPS, American Express, FBI, Citibank Corporation, Boehringer Ingelheim, Wipro, Citibank Corporation, Boehringer Ingelheim, Wipro, New York City Dept Of IT & Telecom – DoITT, New York City Dept Of IT & Telecom – DoITT, United States Marine Corps, Reserve Bank of India, United States Marine Corps, Reserve Bank of India, US Air Force, EDS, Bell Canada, SONY, Kodak, US Air Force, EDS, Bell Canada, SONY, Kodak, Ontario Provincial Police, Harris Corporation, Ontario Provincial Police, Harris Corporation, Xerox, Philips Electronics, U.S. Army, Schering, Xerox, Philips Electronics, U.S. Army, Schering, Accenture, Bank One, SAIC, Fujitsu, Deutsche BankAccenture, Bank One, SAIC, Fujitsu, Deutsche Bank
(Cont.)(Cont.)
Hackers are here. Where are Hackers are here. Where are you?you?
The explosive growth of the Internet has brought The explosive growth of the Internet has brought many good things…As with most technological many good things…As with most technological advances, there is also a dark side: criminal advances, there is also a dark side: criminal hackers. hackers.
The term “hacker” has a dual usage in the The term “hacker” has a dual usage in the computer industry today. Originally, the term computer industry today. Originally, the term was defined as: was defined as:
HACKER HACKER noun. noun. 1. A person who enjoys learning 1. A person who enjoys learning the details of computer systems and how to the details of computer systems and how to stretch their capabilities…. 2. One who programs stretch their capabilities…. 2. One who programs enthusiastically or who enjoys programming enthusiastically or who enjoys programming rather than just theorizing about programming. rather than just theorizing about programming.
What is a Hacker?What is a Hacker? Old School Hackers:Old School Hackers: 1960s style Stanford or MIT 1960s style Stanford or MIT
hackers. Do not have malicious intent, but do have hackers. Do not have malicious intent, but do have lack of concern for privacy and proprietary lack of concern for privacy and proprietary information. They believe the Internet was information. They believe the Internet was designed to be an open system.designed to be an open system.
Script Kiddies or Cyber-Punks:Script Kiddies or Cyber-Punks: Between 12-30; Between 12-30; predominantly white and male; bored in school; get predominantly white and male; bored in school; get caught due to bragging online; intent is to caught due to bragging online; intent is to vandalize or disrupt systems.vandalize or disrupt systems.
Professional Criminals or Crackers:Professional Criminals or Crackers: Make a Make a living by breaking into systems and selling the living by breaking into systems and selling the information.information.
Coders and Virus Writers:Coders and Virus Writers: See themselves as an See themselves as an elite; programming background and write code but elite; programming background and write code but won’t use it themselves; have their own networks won’t use it themselves; have their own networks called “zoos”; leave it to others to release their called “zoos”; leave it to others to release their code into “The Wild” or Internet. code into “The Wild” or Internet. ((www.tlc.discovery.comwww.tlc.discovery.com))
What is Ethical Hacking?What is Ethical Hacking? Ethical hackingEthical hacking – defined “methodology adopted – defined “methodology adopted
by ethical hackers to discover the vulnerabilities by ethical hackers to discover the vulnerabilities existing in information systems’ operating existing in information systems’ operating environments.”environments.”
With the growth of the Internet, computer security With the growth of the Internet, computer security has become a major concern for businesses and has become a major concern for businesses and governments. governments.
In their search for a way to approach the problem, In their search for a way to approach the problem, organizations came to realize that one of the best organizations came to realize that one of the best ways to evaluate the intruder threat to their ways to evaluate the intruder threat to their interests would be to have independent computer interests would be to have independent computer security professionals attempt to break into their security professionals attempt to break into their computer systems. computer systems.
Who are Ethical Hackers?Who are Ethical Hackers? ““One of the best ways to evaluate the intruder One of the best ways to evaluate the intruder
threat is to have an independent computer threat is to have an independent computer security professionals attempt to break their security professionals attempt to break their computer systems” computer systems”
Successful ethical hackers possess a variety of skills. Successful ethical hackers possess a variety of skills. First and foremost, they must be completely First and foremost, they must be completely trustworthy. trustworthy.
Ethical hackers typically have very strong programming Ethical hackers typically have very strong programming and computer networking skills. and computer networking skills.
They are also adept at installing and maintaining They are also adept at installing and maintaining systems that use the more popular operating systems systems that use the more popular operating systems (e.g., Linux or Windows 2000) used on target systems. (e.g., Linux or Windows 2000) used on target systems.
These base skills are augmented with detailed These base skills are augmented with detailed knowledge of the hardware and software provided by knowledge of the hardware and software provided by the more popular computer and networking hardware the more popular computer and networking hardware vendors. vendors.
What do Ethical Hackers do?What do Ethical Hackers do?
An ethical hacker’s evaluation of a system’s security An ethical hacker’s evaluation of a system’s security seeks answers to these basic questions: seeks answers to these basic questions: • What can an intruder see on the target systems? What can an intruder see on the target systems? • What can an intruder do with that information? What can an intruder do with that information? • Does anyone at the target notice the intruder’s at Does anyone at the target notice the intruder’s at
tempts or successes? tempts or successes? • What are you trying to protect? What are you trying to protect? • What are you trying to protect against? What are you trying to protect against? • How much time, effort, and money are you willing How much time, effort, and money are you willing
to expend to obtain adequate protection? to expend to obtain adequate protection?
How much do Ethical Hackers How much do Ethical Hackers get Paid?get Paid?
Globally, the hiring of ethical hackers is on Globally, the hiring of ethical hackers is on the rise with most of them working with the rise with most of them working with top consulting firms. top consulting firms.
In the United States, an ethical hacker can In the United States, an ethical hacker can make upwards of $120,000 per annum. make upwards of $120,000 per annum.
Freelance ethical hackers can expect to Freelance ethical hackers can expect to make $10,000 per assignment. make $10,000 per assignment.
Some ranges from $15,000 to Some ranges from $15,000 to $45,000 for a standalone ethical $45,000 for a standalone ethical hack. hack.
Certified Ethical Hacker (C|EH) Certified Ethical Hacker (C|EH) TrainingTraining
InfoSec AcademyInfoSec Academy http://www.infosecacademy.comhttp://www.infosecacademy.com
• Five-dayFive-day Certified Ethical Hacker (C|EH)Certified Ethical Hacker (C|EH) Training Camp Certification Training ProgramTraining Camp Certification Training Program
• (C|EH)(C|EH) examination examination• C|EH Certified Ethical C|EH Certified Ethical
Hacker Training CampHacker Training Camp(5-Day Package)(5-Day Package)$3,595$3,595($2,580 training only)($2,580 training only)
(Source: www.eccouncil.org)
Learning CompetenciesLearning Competencies
Required Skills of an Ethical Required Skills of an Ethical HackerHacker
Routers:Routers: knowledge of routers, routing protocols, and knowledge of routers, routing protocols, and access control listsaccess control lists
Microsoft:Microsoft: skills in operation, configuration and skills in operation, configuration and management.management.
Linux:Linux: knowledge of Linux/Unix; security setting, knowledge of Linux/Unix; security setting, configuration, and services.configuration, and services.
Firewalls:Firewalls: configurations, and operation of intrusion configurations, and operation of intrusion detection systems.detection systems.
MainframesMainframes Network Protocols:Network Protocols: TCP/IP; how they function and TCP/IP; how they function and
can be manipulated.can be manipulated. Project Management:Project Management: knowledge of leading, knowledge of leading,
planning, organizing, and controlling a penetration planning, organizing, and controlling a penetration testing team.testing team.
(Source: http://www.examcram.com)
Modes of Ethical HackingModes of Ethical Hacking
Insider attackInsider attack Outsider attackOutsider attack Stolen equipment attackStolen equipment attack Physical entryPhysical entry Bypassed authentication attack Bypassed authentication attack
(wireless access points)(wireless access points) Social engineering attackSocial engineering attack
(Source: http://www.examcram.com)
Anatomy of an attack:Anatomy of an attack:• ReconnaissanceReconnaissance – attacker gathers – attacker gathers
information; can include social engineering.information; can include social engineering.• ScanningScanning – searches for open ports (port scan) – searches for open ports (port scan)
probes target for vulnerabilities.probes target for vulnerabilities.• Gaining accessGaining access – attacker exploits – attacker exploits
vulnerabilities to get inside system; used for vulnerabilities to get inside system; used for spoofing IP.spoofing IP.
• Maintaining accessMaintaining access – creates backdoor – creates backdoor through use of Trojans; once attacker gains through use of Trojans; once attacker gains access makes sure he/she can get back in.access makes sure he/she can get back in.
• Covering tracksCovering tracks – deletes files, hides files, – deletes files, hides files, and erases log files. So that attacker cannot and erases log files. So that attacker cannot be detected or penalized. be detected or penalized.
(Source: www.eccouncil.org)
Hacker classesHacker classes• Black hatsBlack hats – highly skilled, – highly skilled,
malicious, destructive “crackers”malicious, destructive “crackers”• White hatsWhite hats – skills used for – skills used for
defensive security analystsdefensive security analysts• Gray hatsGray hats – offensively and – offensively and
defensively; will hack for different defensively; will hack for different reasons, depends on situation.reasons, depends on situation.
HactivismHactivism – hacking for social and political – hacking for social and political cause.cause.
Ethical hackersEthical hackers – determine what attackers – determine what attackers can gain access to, what they will do with the can gain access to, what they will do with the information, and can they be detected.information, and can they be detected.
(Source: www.eccouncil.org)
Teaching Resources: Ethical Teaching Resources: Ethical Hacking TextbooksHacking Textbooks
Ec-CouncilEc-Council
Certified Ethical HackerCertified Ethical Hacker
www.eccouncil.org
ISBN 0-9729362-1-1
Ec-Council Topics CoveredEc-Council Topics Covered Introduction to Ethical HackingIntroduction to Ethical Hacking FootprintingFootprinting ScanningScanning EnumerationEnumeration System HackingSystem Hacking Trojans and BackdoorsTrojans and Backdoors SniffersSniffers Denial of ServiceDenial of Service Social EngineeringSocial Engineering Session HijackingSession Hijacking Hacking Web ServersHacking Web Servers
Ec-Council (Cont.)Ec-Council (Cont.)
Web Application VulnerabilitiesWeb Application Vulnerabilities Web Based Password Cracking TechniquesWeb Based Password Cracking Techniques SQL InjectionSQL Injection Hacking Wireless NetworksHacking Wireless Networks VirusesViruses Novell HackingNovell Hacking Linux HackingLinux Hacking Evading IDS, Firewalls and HoneypotsEvading IDS, Firewalls and Honeypots Buffer OverflowsBuffer Overflows CryptographyCryptography
Certified Ethical Hacker Exam Certified Ethical Hacker Exam Prep Prep
http://www.examcram.comISBN 0-7897-3531-8
Certified Ethical Hacker Exam Certified Ethical Hacker Exam PrepPrep
The Business Aspects of Penetration TestingThe Business Aspects of Penetration Testing The Technical Foundations of HackingThe Technical Foundations of Hacking Footprinting and ScanningFootprinting and Scanning Enumeration and System HackingEnumeration and System Hacking Linux and automated Security Assessment Linux and automated Security Assessment
ToolsTools Trojans and BackdoorsTrojans and Backdoors Sniffers, Session Hyjacking, and Denial of Sniffers, Session Hyjacking, and Denial of
ServiceService
Certified Ethical Hacker Exam Certified Ethical Hacker Exam Prep (Cont.)Prep (Cont.)
Web Server Hacking, Web Applications, Web Server Hacking, Web Applications, and Database Attacksand Database Attacks
Wireless Technologies, Security, and Wireless Technologies, Security, and AttacksAttacks
IDS, Firewalls, and HoneypotsIDS, Firewalls, and Honeypots Buffer Overflows, Viruses, and WormsBuffer Overflows, Viruses, and Worms Cryptographic Attacks and DefensesCryptographic Attacks and Defenses Physical Security and Social EngineeringPhysical Security and Social Engineering
Hands-On Information Security Hands-On Information Security Lab Manual, Second EditionLab Manual, Second Edition
http://www.course.com/ISBN 0-619-21631-X
1. Footprinting2. Scanning and Enumeration3. Operating System Vulnerabilities and Resolutions4. Network Security Tools and Technologies5. Security Maintenance6. Information Security Management7. File System Security and Cryptography8. Computer Forensics
Hacking Tools: Footprinting and Hacking Tools: Footprinting and ReconnaissanceReconnaissance
WhoisWhois
Whois (cont.)Whois (cont.)
http://www.allwhois.com/
Whois (cont.)Whois (cont.)
Sam SpadeSam Spade
Sam Spade (Cont.)Sam Spade (Cont.)
NslookupNslookup
Nslookup OptionsNslookup Options
TracerouteTraceroute
PingPing
Ping OptionsPing Options
Hacking Tools: Scanning and Hacking Tools: Scanning and EnumerationEnumeration
nmapnmap
NMapWinNMapWin
SuperScanSuperScan
SuperScan (Cont.)SuperScan (Cont.)
IP ScannerIP Scanner
HyenaHyena
RetinaRetina
LANguardLANguard
Hacking Tools: System HackingHacking Tools: System Hacking
telnettelnet
SnadboySnadboy
Password Cracking with Password Cracking with LOphtcrackLOphtcrack
KeyloggerKeylogger
Hacking Tools: Trojans and Hacking Tools: Trojans and BackdoorsBackdoors
NetBusNetBus
Game Creates Backdoor for Game Creates Backdoor for NetBusNetBus
SubSevenSubSeven
Hacking Tools: SniffersHacking Tools: Sniffers
Spoofing a MAC addressSpoofing a MAC addressOriginal ConfigurationOriginal Configuration
Spoofed MacSpoofed Mac
EtherealEthereal
IrisIris
SnortSnort
Hacking Tools: Web Based Hacking Tools: Web Based Password CrackingPassword Cracking
Cain and AbelCain and Abel
Cain and Abel (Cont.)Cain and Abel (Cont.)
Cain and Abel (Cont.)Cain and Abel (Cont.)
LegionLegion
BrutusBrutus
Hacking Tools: Covering TracksHacking Tools: Covering Tracks
ImageHideImageHide
ClearLogsClearLogs
ClearLogs (Cont.)ClearLogs (Cont.)
Hacking Tools: Google Hacking Hacking Tools: Google Hacking and SQL Injectionand SQL Injection
Google HackingGoogle Hacking
Google Cheat Sheet Google Cheat Sheet
SQL InjectionSQL Injection
Allows a remote attacker to Allows a remote attacker to execute arbitrary databaseexecute arbitrary databasecommandscommands
Relies on poorly formed database queries Relies on poorly formed database queries and insufficientand insufficientinput validationinput validation
Often facilitated, but does not rely on Often facilitated, but does not rely on unhandledunhandledexceptions and ODBC error messagesexceptions and ODBC error messages
Impact: MASSIVE. This is one of the most Impact: MASSIVE. This is one of the most dangerousdangerousvulnerabilities on the web.vulnerabilities on the web.
Common Database QueryCommon Database Query
Problem: Unvalidated InputProblem: Unvalidated Input
Piggybacking Queries withPiggybacking Queries withUNIONUNION
Hacker Challenge WebsitesHacker Challenge Websites
http://www.hackr.org/mainpage.php
Hackthissite.orgHackthissite.org
http://www.hackthissite.org
Answers revealed in codeAnswers revealed in code
HackitsHackits
http://www.hackits.de/challenge/
Additional Web SitesAdditional Web Sites
Legion of Ethical HackingLegion of Ethical Hacking
Legion of Ethical Hacking (Cont.)Legion of Ethical Hacking (Cont.)
Hacker HighschoolHacker Highschool
http://www.hackerhighschool.org/
Hacker HighschoolHacker Highschool
johnny.ihackstuff.com/johnny.ihackstuff.com/
HappyHacker.orgHappyHacker.org
FoundstoneFoundstone
Insecure.orgInsecure.org
SANS InstituteSANS Institute
Questions & AnswersQuestions & Answers