Understanding Ethical Hacking and Penetration Testing

mis 5211 001 week 1 site n.w
1 / 73
Embed
Share

This content delves into the philosophy of ethical hacking, TCP/IP and network architecture, Google hacking, vulnerability scanning, social engineering, malware, web application hacking, SQL injection, and more. It emphasizes the importance of using hacking tools responsibly and legally, providing insights on what hacking entails and the ethical considerations involved.

  • Ethical Hacking
  • Penetration Testing
  • Cybersecurity
  • Network Security
  • Tools & Techniques
rayaanacharya
malicki_b Follow

Uploaded on | 0 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.

Download Presentation

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.

E N D

Presentation Transcript

  1. MIS 5211.001 Week 1 Site: http://community.mis.temple.edu/mis5211sec001f15/

  2. Wade T Mackey Wade.mackey@temple.com 717-682-2925 MIS 5211.001 2

  3. 1 Philosophy of Ethical Hacking and Penetration Testing, and the hacking process. TCP/IP and Network Architecture and its impact on the process of hacking. Google Hacking Reconnaissance Vulnerability scanning and analysis of results Assignment presentation System and User enumeration Assignment presentation Sniffers 1st Test NetCat Social Engineering, Encoding, and Encryption Malware including Trojans, Backdoors, Zero-days, Virus, Worms, and Polymorphic malware Web application hacking, Intercepting Proxies, and URL Editing SQL injection Assignment presentation Web Services Evasion Techniques 2nd Test 2 3 4 5 6 7 8 9 10 11 12 13 14 MIS 5211.001 3

  4. Our focus will be to provide you with an understanding of the process involved in penetration test and the primary tools sets used Organized around the workflow of a professional tester Tips for avoiding common pitfalls MIS 5211.001 4

  5. The tools and techniques discussed and used in this course should only be used on systems you personally own, or have written permission to use. Some of the tools used have the potential to disrupt or break computer systems. MIS 5211.001 5

  6. What is hacking? What is Ethical about Hacking MIS 5211.001 6

  7. A hacker explores the difference between how something is supposed to work and how it really works. MIS 5211.001 7

  8. In the computer security context, a hacker is someone who seeks and exploits weaknesses in a computer system or computer network. MIS 5211.001 8

  9. Successful penetration testers look at the world through a different lens They think outside the box They do things differently They don t look at the glass as half full or half empty, instead they look at the glass and think If I hit the glass just right, I can crack it and drain out just what I want. MIS 5211.001 9

  10. Successful penetration tester also need to have the following work habits Methodical Thorough Careful Ethical habitual note taker and documentation fiend If you can t duplicate a finding, you didn t find it! MIS 5211.001 10

  11. Threat: Any circumstance or event with the potential to adversely impact organizational operations. Vulnerability: Weakness in an information system, system security procedures, internal controls, or implementation that could be exploited by a threat source. Risk: A measure of the extent to which an entity is threatened by a potential circumstance or event A risk exist when a threat actor (or agent) targets a vulnerability Source: NIST SP 800-30 r1 MIS 5211.001 11

  12. A penetration tester: identifies vulnerabilities Evaluates likely threats Recommends Mitigation Activities Recommends corrective actions In other words, you don t just say you found something bad. You also have to explain why it is bad and suggest how to fix it. MIS 5211.001 12

  13. Attacks violate CIA (Confidentiality, Integrity, or Availability. Active Attack Manipulates or changes systems or information Examples Malware, Spear Phishing, Man-in-the- Middle Passive Attack No manipulation or Change Monitoring only Example Sniffing wireless traffic MIS 5211.001 13

  14. Internal Launched from within an organization Typically considered insider threat Could also be a trespasser External From the internet From partners on leased lines From exposed WiFi MIS 5211.001 14

  15. Focused on finding vulnerabilities Uses many of the same tools and techniques as criminals Penetration Testing is a subset of Ethical Hacking Penetration Testing and Ethical Hacking are often used interchangeably Penetration Testing usually means going a bit further then Ethical Hacking in order to prove a system can be breached and data obtained MIS 5211.001 15

  16. Generally focused on identifying vulnerabilities without actually compromising systems Vulnerability Scanning Architectural Reviews Configuration Reviews Code Reviews Audits MIS 5211.001 16

  17. Unlikely to crash systems Staff performing these evaluations often bring different and unique skill sets to the table Different perspectives on the organization MIS 5211.001 17

  18. Find vulnerabilities before the Bad guys do Ensure management understands the risks in their systems Informs Security Operations as to what to look for in their monitoring systems Security Operations is often not informed of work to test if appropriate monitoring is in place MIS 5211.001 18

  19. Document the findings From the client perspective: Document issues Develop action plans Mitigate OR Risk Acceptance MIS 5211.001 19

  20. Infrastructure (Network) Web Dial-Up (War Driving) Wireless Social Engineering Physical Application MIS 5211.001 20

  21. Reconnaissance What technology is in use in the target environment Scanning What vulnerabilities exist within the target environment Exploitation Can the vulnerabilities be used MIS 5211.001 21

  22. Malicious attackers go further Maintaining access Covert Channels Exfiltrating Data Covering Tracks MIS 5211.001 22

  23. Phases are not usually this clean Some jumping around is to be expected Skilled testers often get a feel for where vulnerabilities may exist based on their experience in similar systems MIS 5211.001 23

  24. Penetration Testing cant find everything Limited time Limited scope Some vulnerabilities are only exposed in specific conditions that may not exist at the time of testing Testers have different strengths and weaknesses Some techniques will be off-limits due to potential negative impacts on a target environment MIS 5211.001 24

  25. Tool sets only find known vulnerabilities Few tester have the skill set to find unknown vulnerabilities and develop custom attacks Even fewer organizations want to fund this level of investigation May violate terms and conditions of software or hardware licensing MIS 5211.001 25

  26. A number of groups publish methodologies for testing systems for vulnerabilities Can be useful as guidelines for establishing how you pursue testing Examples: Open Source Security Testing Methodology Manual (OSSTMM) http://www.isecom.org/research/osstmm.html OWASP Testing Framework https://www.owasp.org/index.php/The_OWASP_Testing_Framewor k NIST SP800-115 http://csrc.nist.gov/publications/nistpubs/800-115/SP800-115.pdf Penetration Testing Framework http://www.pen-tests.com/penetration-testing-framework.html Penetration Testing Framework 0.59 http://www.vulnerabilityassessment.co.uk/Penetration%20Test.html MIS 5211.001 26

  27. Software Tools Hardware Network Infrastructure We will cover some basics Adjust to suite need Dependent on type of targets and tests MIS 5211.001 27

  28. Penetration Testers need to shift between multiple operating systems Some tools are only available on one platform Some tools may be available on multiple platforms, but work better (or worse) on specific platforms At a minimum, some Linux and Windows proficiency is needed MIS 5211.001 28

  29. Kali 2.0 BackTrack Reborn according to Offensive Security, the providers of Kali Available at: http://www.kali.org/downloads/ Kali is large (2.9G), so give yourself some time VMWare Player Free for personal use, scroll down Available at: http://www.vmware.com/products/player/ VMWare Workstation is available from Temple s software repository (Good for 1 year). MIS 5211.001 29

  30. Many other tools are available A handful will be required for this class. I will cover them when we get there. If you go on to do penetration testing, you will likely collect a number of tools Be careful Research tool before downloading Run them in a test environment first MIS 5211.001 30

  31. Exploit Database http://www.exploit-db.com/ Packet Storm http://packetstormsecurity.com/ Pentest-Tools https://pentest-tools.com/home Security Audit Systems http://www.security-audit.com/blog/penetration- testing-tools/ I am not endorsing these sites, just making you aware of them. MIS 5211.001 31

  32. US-CERT https://www.us-cert.gov/ National Vulnerability Database http://nvd.nist.gov/home.cfm Mitre CVE http://cve.mitre.org/ Exploit Database http://www.exploit-db.com/ CVE Details http://www.cvedetails.com/ MIS 5211.001 32

  33. Many commercial tools are available, for a price Tenable - Commercial version of Nessus Qualys Vulnerability Scanner (alternative to Nessus) Rapid7 Commercial Metasploit, Nexpose Vulnerability Scanner Core Security Core Impact HP Fortify Code Scanner MIS 5211.001 33

  34. Talk to your developers May have already built scripts and tools May already own some commercial tools that can be leveraged MIS 5211.001 34

  35. Not needed for this course Consider building out a hardware lab Free tools should be tested in a lab before using them in testing Mimic what you expect to test Mix up OSs Does not need to be new equipment, recycle Good environment to continue learning MIS 5211.001 35

  36. Dedicated machines for conducting tests Not used for normal activity Do not keep any sensitive information May be tied up for long periods of time doing scanning If you expect to do a great deal of scanning, consider a separate server dedicated to scanning MIS 5211.001 36

  37. Host Machines VMWare Player VMWare Workstation ESX ZEN MicroSoft Virtual PC Guest machines may be ideal for testing Can be built for test Can be reset if corrupted Can be deleted after testing Can be duplicated if additional guests are need We will go over setting up VMWare for testing in week three MIS 5211.001 37

  38. Many ISPs monitor traffic for malicious activity Inform your ISP prior to starting Pen Testing May need to move to a business account May need to negotiate with the ISP MIS 5211.001 38

  39. Cloud can be very effective for replicating Distributed Denial of Service attacks Will require permission form cloud provider or your account may be closed Cloud providers are reluctant to host Penetration Testing activities May be possible after some negotiations MIS 5211.001 39

  40. Firewalls may block or minimize the capabilities of penetration testing. Pen testing activity, especially scanning, can cause performance issues in firewalls HTTP Proxies may alter encoding Next Generation firewalls (Like PaloAlto) may perform analysis and drop packets that are not well formed. MIS 5211.001 40

  41. Avoid using firewalls on your test network and attack machines May block activity before it ever leaves your systems Since this exposes test machines to attack, use a separate, off-network machine to take notes. Utilize USB drives to transfer information MIS 5211.001 41

  42. Machines in you testing network should be baselined and locked down as much as possible Keep patching up to date Turn off all unnecessary ports and services Increase security settings where possible Center for Internet Security provides some guidelines http://www.cisecurity.org/ MicroSoft Baseline Security Analyzer also helps http://www.microsoft.com/en- us/download/details.aspx?id=7558 MIS 5211.001 42

  43. Consider encrypting test findings as they accumulate Example PGP http://buy.symantec.com/estore/clp/smb_d4v2_9p9s_pgpe ncryption1_default BitLocker http://windows.microsoft.com/en- US/windows7/products/features/bitlocker Encryption technologies are changing, stay up to date on what works, and what has been broken MIS 5211.001 43

  44. When an engagement ends Move test results off of systems Scrub systems thorohly Secure Deletion Reimage Revert to baseline Note: Consider using Solid State Drive w/ Trim turned on, faster and deleted data auto zero s MIS 5211.001 44

  45. Preparation NDAs if applicable Client concerns Rules of Engagement Scope Written Permission and Acknowledgement of Testing Risks Testing Perform Test Conclusion Analyze results and retest as needed Develop report and presentation if needed MIS 5211.001 45

  46. Vital that written permission be obtained Without this you could be held criminally responsible Good intentions are no defense Ensure individual granting permission has the authority to do so Corporate Officer Director P&L Responsibility MIS 5211.001 46

  47. Permission alone is not sufficient If you are not working In-House Contract language needs Limitation of Liability language Time to call in the lawyers You, or the company you work for will also need liability insurance MIS 5211.001 47

  48. At a minimum Contact Information Periodic Debriefing (Daily?) Dates and Times for Testing When to start When to stop Hours when testing is acceptable Announced or Unannounced MIS 5211.001 48

  49. What if Sys Admins detect testing and attempt to block. Is this good, or bad? Stop test, or remove blocks and keep testing? Verify if client IDS, IPS, or WAF may block attacks This may be OK if test was focused on effectiveness of these systems However: Could cause Denial of Service Resource consumption May need to get you traffic excluded from protections to test systems behind these controls MIS 5211.001 49

  50. Black Box: No data provided to tester other than target IP Address or URL Mimics malicious attackers vantage point Time and resource consuming Crystal Box: Tester provided detailed data on systems and architecture Allows tester to quickly move to value added work May not uncover data leaked into public space that would have been found during reconnaissance phase MIS 5211.001 50

Related


Business Ethics Theories and Principles

Business Ethics Theories and Principles

addy
hacking

hacking

Ranjitha1
Man-in-the-Middle Attacks and Network Security Threats

Man-in-the-Middle Attacks and Network Security Threats

crash
Ethical Considerations in Self-Care for Behavioral Health Professionals

Ethical Considerations in Self-Care for Behavioral Health Professionals

rene
Ethical Considerations in School Psychology: Navigating Codes and Principles

Ethical Considerations in School Psychology: Navigating Codes and Principles

jeffrey
Applying Behavioural Ethics in Education for Justice (E4J)

Applying Behavioural Ethics in Education for Justice (E4J)

cassius
Ethical Hacking Essential Knowledge

Ethical Hacking Essential Knowledge

Ranjitha1
Ethical Decision Making in Clinical Practice: Understanding Dilemmas and Solutions

Ethical Decision Making in Clinical Practice: Understanding Dilemmas and Solutions

ajay
Protecting Your Work Environment from Hacking Threats

Protecting Your Work Environment from Hacking Threats

taly_760
Unveiling Google Hacking Techniques

Unveiling Google Hacking Techniques

aren_ra
Strategies for Growth Hacking in Child Welfare Tech Entrepreneurship

Strategies for Growth Hacking in Child Welfare Tech Entrepreneurship

afede
Ethical Hacking_ Principles, Practices, and Significance

Ethical Hacking_ Principles, Practices, and Significance

Hammad
The CPA's Guide to Ethical Behavior by Jolene A. Lampton, Ph.D., MBA, BSE, CPA, CGMA & CFE

The CPA's Guide to Ethical Behavior by Jolene A. Lampton, Ph.D., MBA, BSE, CPA, CGMA & CFE

ncado
Ethical Hacking: Understanding the Different Types of Hackers

Ethical Hacking: Understanding the Different Types of Hackers

jarn504
Comprehensive Guide to Hacking Techniques & Intrusion Detection

Comprehensive Guide to Hacking Techniques & Intrusion Detection

ssumm
Inside the Mind of Hackers: Behavior, Motivation, and Notable Cases

Inside the Mind of Hackers: Behavior, Motivation, and Notable Cases

putt_ace
Ethical Responsibility in Human Communication

Ethical Responsibility in Human Communication

jamerson_e
Engineering Ethics in Practice: A Guide for Engineers by Prof. Dr. Halit Hami Z. - Insights and Reflections

Engineering Ethics in Practice: A Guide for Engineers by Prof. Dr. Halit Hami Z. - Insights and Reflections

husmann_k
Applied Medical Ethics and Ethical Dilemmas in Healthcare

Applied Medical Ethics and Ethical Dilemmas in Healthcare

jaz_mcm
Declaration of Ethical Governance by CIGFARO & Partners

Declaration of Ethical Governance by CIGFARO & Partners

sandefur_t
Hacking: Types, Hackers, and Ethics

Hacking: Types, Hackers, and Ethics

barakat_m
Ethical Issues in Clinical Psychology: Understanding the APA Code of Ethics

Ethical Issues in Clinical Psychology: Understanding the APA Code of Ethics

sray

More Related Content