COMP1321 Digital Infrastructures Richard Henson University of Worcester April 2016
Week 21: Web Communications - Securing Web Pages n Objectives: Explain the principles of hacking ethically Access and exploit a “test” client site Explain “Footprinting” and reconnaissance from a penetration testers perspective “Passively” scan networks from the outside
Ethical Hacking Principles n Hacking is a criminal offence in the UK covered through The Computer Misuse Act (1990) tightened by further legislation (2006) n It can only be done ”legally” by a trained (or trainee) professional a computing student would be considered in this context under the law
Ethical Hacking principles n Even if it is legal… doesn’t mean it is ethical! n Professionals only hack without owner’s permission if there is reason to believe a law is being broken if not… they must ask permission otherwise definitely unethical (and possibly illegal)
Ethical Hacking Principles n What is “hacking”? breaching a computer system without permission n How is it done? using software tools to get through the security of the system also called penetration testing (again… if done with permission…)
Penetration Testers Toolkit n Many penetration testing tools available n Also a body of knowledge that shows how to use them… n Together, provide the expertise to penetration test a client’s site but this should only be undertaken with the client’s permission…
Preparing to use a Toolkit n Ethical Hacking Professionals need to be familiar with both Windows Server, and Linux To fully engage with principles of penetration testing,install the following as virtual machines on your own computer: To fully engage with principles of penetration testing,install the following as virtual machines on your own computer: Windows 2008 Server Linux, with Backtrack (as VM) … Remember: this should only be used ethically! n Instead, you may wish to just take an overview (plenty of excellent youtube videos)
Reminder of Virtualisation… n The use of software to allow hardware to run multiple operating system images at the same time Possible to run Windows OS under Mac OS run multiple versions of Windows OS on the same PC n Enables the creation of a “virtual” (rather than actual) version of any software environment on the desktop, e.g. Operating Systems, a server, a storage device or networks, an application
What and Why of “Footprinting” n Definition: “Gathering information about a “target” system” n Could be passive (non-penetrative) or active Find out as much information about the digital and physical evidence of the target’s existence as possible »need to use multiple sources… »may (e.g. “black hat” hacking) need to be done secretly
Useful Info to Gather about a network n Domain Names n User/Group names n System Names n IP addresses n Employee Details/Company Directory n Network protocols used & VPN start/finish n Company documents n Intrusion detection system used
Rationale for “passive” Footprinting n The ethical hacker can gather a lot of information from publicly available sources organisation needs to know what is “out there” n Methodology: start by finding the URL (search engine) »e.g. from main website, find other external-facing names »e.g. staffweb.worc.ac.uk
Website Connections & History n History: use The Wayback Machine n Connections: use robtex.com n Business Intelligence: sites that reveal company details e.g.
More Company Information… n “Whois” & CheckDNS.com: lookups of IP/DNS combinations details of who owns a domain name details of DNS Zones & subdomains n Job hunters websites: e.g. n IT technicians “blog entries”
People Information n Company information will reveal names n Use names in search engines Facebook LinkedIn n Google Earth reveals: company location(s)
Physical Network Information (“active” footprinting or phishing) n External “probing” should be detectable by a good defence system… (could be embarrassing!) n e.g. Traceroute: Uses ICMP protocol “echo” »no TCP or UDP port reveals names/IP addresses of intelligent hardware: »e.g. Routers, Gateways, DMZs
Footprinting n Using the system to find the organisation’s names structure “passive” monitor s sent »IP source address »structure of name “active” sending programs : »test whether addresses actually exist »test restrictions on attachments
Utilizing Google etc. (“passive”) n Google: Advanced Search options: n Uses [site:] [intitle:] [allintitle:] [inurl:] In each case a search string should follow e.g. “password” n Maltego graphical representations of data
Network Layers and Hacking n Schematic TCP/IP stack interacting at three of the 7 OSI levels (network, transport, application): TELNETFTP NFSDNS SNMP TCP UDP IP SMTP X XX X X X ports
TCP & UDP ports n Hackers use these to get inside firewalls etc. n Essential to know the important ones: 20, 21 ftp80 http389 Ldap 22 ssh88 Kerberos443 https 23 telnet 110 pop3636 Ldap/SSL 25 smtp135 smb 53 dns137-9 NetBIOS 60 tftp161 snmp
Reconnaissance/Scanning n Three types of scan: Network (already mentioned) »identifies active hosts Port »send client requests until a suitable active port has been found… Vulnerability »assessment of devices for weaknesses that can be exploited
A “Scanning” Methodology for Ethical Hackers… n Check for Live Systems n Check for open ports n “Banner Grabbing” e.g. e.g. bad html request n Scan for vulnerabilities n Draw Network diagram(s) n Prepare proxies…
Proxy Hacking (or Hijacking) n Attacker creates a copy of the targeted web page on a proxy server n Now uses methods like: keyword stuffing linking to the copied page from external sites… n Artificially raises search engine ranking authentic page will rank lower… »may even be seen as duplicated content, in which case a search engine may remove it from its index
Lots more “tricks” ethically available!
Now you try it! n Download software tools first… n Try out the tools on an informal basis without infringing “ethical hacking” rules n Gather evidence documenting your activities after Campbell Murray’s presentation (27 th April) n Present evidence for assignment 2, guidance 4/11 th May…
Thanks for Listening Thanks for Listening