In this chapter, you will learn about the five phases of ethical hacking and the different types of hacker attacks.
Identify the five phases of ethical hacking.
Identify the different types of hacker attacks.
Ethical Hacking
Companies employ ethical hackers to do what illegal hackers do: exploit vulnerabilities. Ethical hackers also go by the names of security testers or penetration testers . In this chapter, you will take a look at the skills required to protect a network from an attack. You will focus on the key points listed below as you progress through each chapter.
Information: Assets of information must be secured.
Assumptions: Assume that the upper management recognizes the need for security and that there is a security policy in place that defines how objects can interact in a security domain.
Challenge: Your task is to prevent exploits of the infrastructure by being mindful of those who can use a similar infrastructure for their own motives.
Solution: Employ an ethical hacker with a malicious hacker’s capabilities.
Vulnerability
Weakness in a target owing to analytical, design, operation, or organizational failures
Information system weakness due to system security procedures, infrastructure design, or controls that can be exploited
Weakness, design error, or implementation error leading to an unexpected event that compromises device, network, application, or protocol security
Attack
Active attacks alter a target system to affect privacy, credibility, and accessibility.
Passive attacks breach the confidentiality of the data of a system without impacting the system’s state.
Inside attacks are launched by an authorized user from inside a network.
Outside attacks are conducted by an attacker without network authorization.
Security vs. Functionality and Ease of Use
Phases of an Attack
Reconnaissance: In the reconnaissance phase, which is the planning phase, an attacker gathers as much information as possible about the target. Plain old research may be the first activity in this phase. The attacker can then move on to other reconnaissance methods such as dumpster diving or scanning. Consider the types of reconnaissance methods: passive (where the attacker does not interact with the system directly such as social engineering or dumpster diving) or active (which involves the attacker using tools to directly interact with the system). The latter could include using tools to detect open ports, router locations, network mapping, and operating system details.
Scanning: During the scanning phase, the attacker tries to identify specific vulnerabilities. Vulnerability scanners are the most widely used tools. Port scanners are used to recognize listening ports that provide clues to the types of services that are running.
Scanning is a logical extension of the reconnaissance phase, but it involves more in-depth probing, which is considered an extension of active reconnaissance.
Gaining access: Gaining access is usually the goal of an attacker. However, keep in mind that this is not always the case. A denial-of-service attack, for example, causes a resource to be unavailable, and it is not necessary for an attacker to gain access to that resource in order to be successful. There are several factors affecting whether or not an attacker can successfully gain access, such as target system architecture and configuration, skill level, or the level of access gained.
Maintaining access: Once an attacker has successfully gained access, they need to maintain access through installing a backdoor or a rootkit. So as not to be detected, the attacker also removes any evidence of their breech by changing the log files, for example.
An organization may employ an intrusion detection system (IDS) or a honeypot to detect potential intruders.
Covering tracks: Be aware that an attacker will erase all evidence of their presence. Tools such as Netcat or other trojans can be used to erase the evidence from log files. Other options include steganography, hiding data in other data, and tunneling (which carries one protocol in another).
Types of Hacker Attacks
Operating system: Increased features amplify complexity.
Application level: For application developers, security is not always a priority.
Shrink-wrap code: Free libraries and code approved from other sources are used by developers.
Misconfiguration: Build an effective configuration, removing all unnecessary applications and services.
Hacktivism
Black hats employ computer skills for illicit motives.
White hats utilize their strength for defensive purposes.
Gray hats believe in complete disclosure.
Suicide hackers are eager to become martyrs for their objective.
Ethical Hackers
Ethical hackers are employed for threat evaluation and security. It is important to note that an ethical hacker has the consent of the organization that hired them. Ethical hackers use the same techniques and tools as attackers. Ethical hackers must possess the following skills: thorough knowledge of both software and hardware, a good understanding of networking and programming, and knowledge of installing and managing several operating systems.
What would an attacker see on a target?
How does an attacker use this information?
Are the attempts of the attackers on the target being recognized?
Vulnerability Research
Since attackers are using research to find exploits, this is important for the good guys as well. There are always new products being introduced, and you must keep up with the latest technologies.
There are also numerous hacking websites that you can monitor for information. Two excellent sites to visit are the United States Computer Emergency Readiness Team (www.us-cert.gov/) and the National Vulnerability Database (https://nvd.nist.gov/).
Ethical Hacking Assignment
- 1.
You begin with an initial meeting with the client to provide an overview and prepare a nondisclosure agreement.
- 2.
The nondisclosure agreement puts in writing that the ethical hacker has the full consent of the client.
- 3.
You then create a team and prepare the testing schedule. When conducting the test, one of two approaches can be taken: black or white box testing. With black box testing, the tester has no prior knowledge or information about the system. White box testing is just the opposite: the tester has advance knowledge of the system. For example, the tester is told about the network topology and provided a network diagram showing all of the company’s routers, switches, firewalls, and instruction detection systems (IDS).
- 4.
Once the testing is complete, you analyze the results and prepare a report to be delivered to the client.
Computer Crime
Computer crime can be accomplished with the use of a computer or by targeting a computer. It is important to be mindful of the laws enacted and to be in compliance as an ethical hacker. To learn more, review the Cyber Security Enhancement Act (http://beta.congress.gov/bill/113th-congress/house-bill/756).
Summary
In this chapter, you were introduced to ethical hacking, hacktivism, and the different types of hackers and hacker attacks. You now know the five phases of an attack and have a foundational understanding of vulnerability research and associated tools. You can describe the different ways an ethical hacker can test a target network. Lastly, you understand the various categories of crime and the importance of knowing laws in the field to maintain compliance.
Resources
United States Computer Emergency Readiness Team: www.us-cert.gov/
National Vulnerability Database: https://nvd.nist.gov/
Cyber Security Enhancement Act: http://beta.congress.gov/bill/113th-congress/house-bill/756