Presentation is loading. Please wait.

Presentation is loading. Please wait.

Hands-On Ethical Hacking and Network Defense

Published byNeal Kennedy Modified over 7 years ago

Similar presentations

Presentation on theme: "Hands-On Ethical Hacking and Network Defense"— Presentation transcript:

1 Hands-On Ethical Hacking and Network Defense
Chapter 1 Ethical Hacking Overview Last modified jw

2 Objectives Describe the role of an ethical hacker
Describe what you can do legally as an ethical hacker Describe what you cannot do as an ethical hacker Hands-On Ethical Hacking and Network Defense

3 Introduction to Ethical Hacking

4 Introduction to Ethical Hacking
Ethical hackers Employed by companies to perform penetration tests Penetration test Legal attempt to break into a company’s network to find its weakest link Tester only reports findings, does not solve problems Hands-On Ethical Hacking and Network Defense

5 Introduction to Ethical Hacking
Vulnerability assessment Tester attempts to enumerate all vulnerabilities found in an application or on a system Security test More than an attempt to break in; also includes analyzing company’s security policy and procedures Tester offers solutions to secure or protect the network Hands-On Ethical Hacking and Network Defense

6 The Role of Security and Penetration Testers
Hackers Access computer system or network without authorization Breaks the law; can go to prison Crackers Break into systems to steal or destroy data U.S. Department of Justice calls both hackers Ethical hacker Performs most of the same activities but with owner’s permission Hands-On Ethical Hacking and Network Defense

7 The Role of Security and Penetration Testers
Script kiddies or packet monkeys Young inexperienced hackers Copy codes and techniques from knowledgeable hackers Experienced penetration testers write programs or scripts using these languages Practical Extraction and Report Language (Perl), C, C++, Python, Ruby, JavaScript, Visual Basic, SQL, and many others Script Set of instructions that runs in sequence to perform tasks Hands-On Ethical Hacking and Network Defense

8 The Role of Security and Penetration Testers
Hacktivist A person who hacks computer systems for political or social reasons The Role of Security and Penetration Testers Hacktivist A person who hacks computer systems for political or social reasons Penetration testers usually have: A laptop computer with multiple OSs and hacking tools Hands-On Ethical Hacking and Network Defense, 3rd Edition

9 The Role of Security and Penetration Testers
Job requirements for a penetration tester might include: Perform vulnerability, attack, and penetration assessments in Intranet and wireless environments Perform discovery and scanning for open ports Apply appropriate exploits to gain access Participate in activities involving application penetration Produce reports documenting discoveries Debrief with the client at the conclusion The Role of Security and Penetration Testers Job requirements for a penetration tester might include: Perform vulnerability, attack, and penetration assessments in Intranet and wireless environments Perform discovery and scanning for open ports Apply appropriate exploits to gain access Participate in activities involving application penetration Produce reports documenting discoveries Debrief with the client at the conclusion

10 It Takes Time to Become a Hacker
This class alone won’t make you a hacker, or an expert It might make you a script kiddie It usually takes years of study and experience to earn respect in the hacker community It’s a hobby, a lifestyle, and an attitude A drive to figure out how things work Hands-On Ethical Hacking and Network Defense

11 The Role of Security and Penetration Testers
Penetration testers usually have: A laptop computer with multiple OSs and hacking tools Tiger box Collection of OSs and hacking tools Usually on a laptop Helps penetration testers and security testers conduct vulnerabilities assessments and attacks Hands-On Ethical Hacking and Network Defense

12 Penetration-Testing Methodologies
White box model Tester is told everything about the network topology and technology Network diagram Tester is authorized to interview IT personnel and company employees Makes tester’s job a little easier Hands-On Ethical Hacking and Network Defense

13 Network Diagram From ratemynetworkdiagram.com
Hands-On Ethical Hacking and Network Defense

14 This is a Floor Plan Figure 1-1 A sample floor plan
Hands-On Ethical Hacking and Network Defense

15 Penetration-Testing Methodologies
Black box model Company staff does not know about the test Tester is not given details about the network Burden is on the tester to find these details Tests if security personnel are able to detect an attack Hands-On Ethical Hacking and Network Defense

16 Penetration-Testing Methodologies
Gray box model Hybrid of the white and black box models Company gives tester partial information Hands-On Ethical Hacking and Network Defense

17 Certification Programs

18 Certification Programs for Network Security Personnel
Basics: Windows and Linux skills Network+ or Cisco CCNA CompTIA Security+ Hands-On Ethical Hacking and Network Defense

19 Certified Ethical Hacker (CEH)
Need additional Advanced Ethical Hacking

20 Certified Ethical Hacker
Developed by the International Council of Electronic Commerce Consultants (EC-Council) Based on 22 domains (subject areas) Web site: Most likely be placed on a team that conducts penetration tests Called a Red team Conducts penetration tests Composed of people with varied skills Unlikely that one person will perform all tests Certified Ethical Hacker Developed by the International Council of Electronic Commerce Consultants (EC-Council) Based on 22 domains (subject areas) Web site: Most likely be placed on a team that conducts penetration tests Called a Red team Conducts penetration tests Composed of people with varied skills Unlikely that one person will perform all tests

21 Offensive Security Certified Professional
OSCP An advanced certification that requires students to demonstrate hands-on abilities to earn their certificates Covers network and application exploits Gives students experience in developing rudimentary buffer overflows, writing scripts to collect and manipulate data, and trying exploits on vulnerable systems Offensive Security Certified Professional OSCP An advanced certification that requires students to demonstrate hands-on abilities to earn their certificates Covers network and application exploits Gives students experience in developing rudimentary buffer overflows, writing scripts to collect and manipulate data, and trying exploits on vulnerable systems Hands-On Ethical Hacking and Network Defense, 3rd Edition

22 OSSTMM Professional Security Tester (OPST)
Designated by the Institute for Security and Open Methodologies (ISECOM) Based on Open Source Security Testing Methodology Manual (OSSTMM) Written by Peter Herzog Five main topics (i.e., professional, enumeration, assessments, application, and verification) Web site:

23 Certified Information Systems Security Professional (CISSP)
Issued by the International Information Systems Security Certifications Consortium (ISC2) Tests security-related managerial skills Usually more concerned with policies and procedures than technical details Consists of ten domains Web site:

24 SANS Institute SysAdmin, Audit, Network, Security (SANS) Institute
Offers training and IT security certifications through Global Information Assurance Certification (GIAC) Top 25 Software Errors list One of the most popular SANS Institute documents Details most common network exploits Suggests ways of correcting vulnerabilities Web site: Hands-On Ethical Hacking and Network Defense

25 Which Certification is Best?
Penetration testers and security testers Need technical skills to perform duties effectively Must also have: A good understanding of networks and the role of management in an organization Skills in writing and verbal communication Desire to continue learning Danger of certification exams Some participants simply memorize terminology Don’t have a good grasp of subject matter Which Certification is Best? Penetration testers and security testers Need technical skills to perform duties effectively Must also have: A good understanding of networks and the role of management in an organization Skills in writing and verbal communication Desire to continue learning Danger of certification exams Some participants simply memorize terminology Don’t have a good grasp of subject matter

26 What You Can Do Legally

27 What You Can Do Legally Laws involving technology change as rapidly as technology itself Find what is legal for you locally Laws change from place to place Be aware of what is allowed and what is not allowed Hands-On Ethical Hacking and Network Defense

28 Laws of the Land Tools on your computer might be illegal to possess
Contact local law enforcement agencies before installing hacking tools Laws are written to protect society Written words are open to interpretation Governments are getting more serious about punishment for cybercrimes US State Law summary Hands-On Ethical Hacking and Network Defense

29 The Security Circus & DoS Attacks
Recent Hacking Cases The Security Circus & DoS Attacks Hands-On Ethical Hacking and Network Defense

30

31 Namecheap Hit by 100 Gbps DDoS Attack (February 20, 2014)
Webhosting company Namecheap says it was targeted by a huge 100 Gbps distributed denial-of-service (DDoS) attack. Namecheap said the attack bombarded its DNS servers with traffic measured at up to 100 Gbps.

32 KrebsOnSecurity Hit With 600+ Gbps DDoS
KrebsOnSecurity website was targeted by a huge 620Gbps distributed denial-of-service (DDoS) attack.

33 150,000 IoT Devices Abused for Massive 1.5 Tbps DDoS Attacks on OVH
The hosting provider OVH continues to be targeted by massive distributed denial-of-service (DDoS) attacks powered by a large botnet capable of generating significant attack traffic.

34 Recent Credit Card Reader Hacks
2013 Target 2014 Home Depot Michael’s Craft Stores Goodwill Dairy Queen Jimmy John’s UPS Stores Jewel Grocery Stores Staples

35 Recent Credit Card Reader Hacks
2015 Trump Hotels Sally Beauty

36 Wikileaks Published <1000 US Gov't diplomatic cables from a leak of 250,000 Distributed an encrypted "Insurance" file by BitTorrent Widely assumed to contain the complete, uncensored leaked data Encrypted with AES-256--no one is ever getting in there without the key Key to be released if Assange is jailed or killed. Since June 2012, he has been inside the Ecuadorian embassy in London, where he has been granted diplomatic asylum.

37 NSA Backdoors Cisco and Juniper

38 SSL / TLS Vulnerabilities
SSL Strip The Beast Heartbleed Shellshock SSL 3.0 Poodle

39 Hacktivism  Act of hacking, or breaking into a computer system, for a politically or socially motivated purpose

40 Anonymous

41 Operation Payback 4chan's Anonymous group
Attacked Scientology websites in 2008 Attacked the RIAA and other copyright defenders Using the Low Orbit Ion Cannon with HiveMind (DDoS) "Opt-in Botnet"

42 HB Gary Federal Aaron Barr
Developed a questionable way to track people down online By correlating Twitter, Facebook, and other postings Announced in Financial Times that he had located the “leaders” of Anonymous and would reveal them in a few days

43 HB Gary Federal In 2011, HBGary Federal’s CEO Aaron Barr found his hacked, and 50,000 internal business messages posted online, an event that led to Barr stepping down from the company. The hackers from the LulzSec group detailed how they exploited weak passwords and unpatched servers at HBGary Federal, but they were eventually caught, among them Jake Davis, who confessed to the crime in a London court.

44

45 Social Engineering & SQLi

46 Leaked HB Gary Emails For Bank of America For the Chamber of Commerce
Discredit Wikileaks Intimidate Journalist Glenn Greenwald For the Chamber of Commerce Discredit the watchdog group US Chamber Watch Using fake social media accounts For the US Air Force Spread propaganda with fake accounts

47 Drupal Exploit

48 OpBART Dumped thousands of commuter's addresses and BART passwords on the Web Defaced MyBart.org

49 Booz Allen Hamilton "LulzSec" hacked it in July 2011
Dumped 150,000 US Military addresses & passwords

50 Booz Allen Hamilton Government contractor Booz Allen Hamilton was supposed to be providing security support for the National Security Agency, but was shocked to discover last June that one of its contactors, Edward Snowden, had leaked reams of stop-secret NSA information to the press.

51 Missouri Sheriff's Association
Hacked by AntiSec, another part of Anonymous Published credit cards, informant personal info, police passwords, and more

52 Th3j35t3r "Hacktivist for Good" Claims to be ex-military
Originally performed DoS attacks on Jihadist sites Bringing them down for brief periods, such as 30 minutes Announces his attacks on Twitter, discusses them on a blog and live on irc.2600.net

53 Th3j35t3r v. Wikileaks He brought down Wikileaks single-handed for more than a day

54 Wikileaks Outage One attacker, no botnet ???

55 Westboro Baptist Outage
4 sites held down for 8 weeks From a single 3G cell phone???

56 LulzSec The "skilled" group of Anons who hacked US Senate AZ Police
Pron.com Booz Hamilton Sony NATO Infragard The Sun PBS Fox News H B Gary Federal Game websites

57

58

59 Ryan Cleary Arrested June 21, 2011
Accused of DDoSing the UK’s Serious Organised Crime Agency Released June 2013

60 T-Flow Arrested July 19, 2011

61 LulzSec spokesman Topiary Arrested
On Released from Prison

62 http://mpictcenter. blogspot

63 Stay Out of Anonymous

64 Sabu, LulzSec co-founder, Hacker "God" to "Snitch”, pleads guilty August 2011
Served 7 months in prison

65 Sony aftermath

66 Many Attackers – One Target Bandwidth Consumption
Layer 4 DDoS Many Attackers – One Target Bandwidth Consumption

67 Companies that Refused Service to Wikileaks
Amazon Paypal Mastercard Visa Many others

68 Low Orbit Ion Cannon Primitive DDoS Attack, controlled via IRC
Sends thousands of packets per second from the attacker directly to the target Like throwing a brick through a window Takes thousands of participants to bring down a large site They tried but failed to bring down Amazon

69 Low Orbit Ion Cannon

70 Operation Payback v. Mastercard
December 2012 Brought down Visa, Mastercard, and many other sites Easily tracked, and easily blocked High bandwidth, cannot be run through anonymizer Dutch police have already arrested two participants

71 Mastercard Outage 3,000 to 30,000 attackers working together

72 Operation Megaupload In retaliation for the shut down of the file sharing service Megaupload and the arrest of four workers, Anonymous DDoSed the websites of UMG, the United States Department of Justice, the United States Copyright Office, the FBI, the MPAA, Warner Brothers Music and the RIAA, and HADOPI, all on the afternoon of January 19, 2012

73 http://news. softpedia

74

75 One Attacker – One Target Exhausts Server Resources
Layer 7 DoS One Attacker – One Target Exhausts Server Resources

76 Layer 7 DoS Subtle, concealable attack Can be routed through proxies
Low bandwidth Can be very difficult to distinguish from normal traffic

77 HTTP GET

78 SlowLoris Send incomplete GET requests
Freezes Apache with one packet per second

79 R-U-Dead-Yet Incomplete HTTP POSTs
Stops IIS, but requires thousands of packets per second

80 Keep-Alive DoS HTTP Keep-Alive allows 100 requests in a single connection HEAD method saves resources on the attacker Target a page that is expensive for the server to create, like a search A php script pkp keep-dead.php

81 keep-dead

82 XerXes Th3j35t3r's DoS Tool Routed through proxies like Tor to hide the attacker's origin No one knows exactly what it does Layer 7 DoS? Video Demo -

83 XerXes

84 IPv6 - The Ping of Death returns

85 IPv6 Router Advertisements
Link-Local DoS IPv6 Router Advertisements

86 IPv4: DHCP PULL process Client requests an IP Router provides one
I need an IP Use this IP Host Router

87 IPv6: Router Advertisements
PUSH process Router announces its presence Every client on the LAN creates an address and joins the network JOIN MY NETWORK Yes, SIR Host Router

88 Router Advertisement Packet

89 RA Flood

90 Windows Vulnerability
It takes a LOT of CPU for Windows to process those Router Advertisements 5 packets per second drives the CPU to 100% And they are sent to every machine in the LAN (ff02::1 is Link-Local All Nodes Multicast) One attacker kills all the Windows machines on a LAN

91 Responsible Disclosure
Microsoft was alerted by Marc Heuse on July 10, 2010 Microsoft does not plan to patch this Juniper and Cisco devices are also vulnerable Cisco has released a patch, Juniper has not

92 Defenses from RA Floods
Disable IPv6 Turn off Router Discovery Block rogue RAs with a firewall Get a switch with RA Guard

93 Defending Websites

94 Attack > Defense Right now, your website is only up because
Not even one person hates you, or All the people that hate you are ignorant about network security

95 Defense Mod Security--free open-source defense tool
Latest version has some protections against Layer 7 DoS Akamai has good defense solutions Caching DNS Redirection Javascript second-request trick

96 Load Balancer

97 Counterattacks Reflecting attacks back to the command & control server
Effective against dumb attackers like Anonymous' LOIC Will lose effect if they ever learn about Layer 7 DoS, which is happening now

98 Free DDoS Protection Uses a network of proxy servers Stopped th3j35t3r in real attack

99 Is Port Scanning Legal? Some states consider it legal
Not always the case Be prudent before using penetration-testing tools Federal government does not see it as a violation Allows each state to address it separately Research state laws Hands-On Ethical Hacking and Network Defense

100 Is Port Scanning Legal? Read your ISP’s “Acceptable Use Policy”
Comcast hSpeedInternetAUP.html?SCRedirect=true AT&T More than likely – NO from ISP prospective Remember - Big Brother may be watching! Hands-On Ethical Hacking and Network Defense

101 Is Port Scanning Legal? IRC “bot”
Program that sends automatic responses to users Gives the appearance of a person being present Some ISP’s may prohibit the use of IRC bots Is Port Scanning Legal? IRC “bot” Program that sends automatic responses to users Gives the appearance of a person being present Some ISP’s may prohibit the use of IRC bots Hands-On Ethical Hacking and Network Defense, 3rd Edition

102 COD Student Code of Conduit
Hands-On Ethical Hacking and Network Defense

103 Federal Laws Federal computer crime laws are getting more specific
Cover cybercrimes and intellectual property issues Computer Hacking and Intellectual Property (CHIP) New government branch to address cybercrimes and intellectual property issues Hands-On Ethical Hacking and Network Defense

104 Federal Laws (continued)
The Cyber Security Enhancement Act of 2002 Mandates life sentences for hackers who “recklessly” endanger the lives of others. Securely Protect Yourself Against Cyber Trespass Act of 2007 (SPY ACT) Defines popups spyware and spam as illegal 18 USC §1029 and 1030 (US Code) Defines unauthorized access and malicious software Strict penalties for hacking, no matter what the intent. Hands-On Ethical Hacking and Network Defense

105 Federal Laws (continued)
ADA Section 508 all users, regardless of disability status, can access technology. Children's Online Privacy Protection Act of 1998 (COPPA) Computer Security Act of 1987 Provide for Government-wide computer security, and to provide for the training in security matters of persons who are involved in the management, operation, and use of Federal computer systems, and for other purposes. Hands-On Ethical Hacking and Network Defense

106 Hands-On Ethical Hacking and Network Defense

107 What You Cannot Do Legally
Accessing a computer without permission Destroying data without permission Copying information without permission Installing malicious software Denial of Service attacks Denying users access to network resources Be careful your actions do not prevent customers from doing their jobs Hands-On Ethical Hacking and Network Defense

108 Get It in Writing Using a contract is just good business
Contracts may be useful in court Books on working as an independent contractor Getting Started as an Independent Computer Consultant by Mitch Paioff and Melanie Mulhall The Consulting Bible: Everything You Need to Know to Create and Expand a Seven-Figure Consulting Practice by Alan Weiss Internet can also be a useful resource Have an attorney read over your contract before sending or signing it Hands-On Ethical Hacking and Network Defense

109 Ethical Hacking in a Nutshell
What it takes to be a security tester Knowledge of network and computer technology Ability to communicate with management and IT personnel Understanding of the laws Ability to use necessary tools Hands-On Ethical Hacking and Network Defense

110 Summary Companies hire ethical hackers to perform penetration tests
Penetration tests discover vulnerabilities in a network Security tests are performed by a team of people with varied skills Penetration test models White box model Black box model Gray box model Summary Companies hire ethical hackers to perform penetration tests Penetration tests discover vulnerabilities in a network Security tests are performed by a team of people with varied skills Penetration test models White box model Black box model Gray box model

111 Summary Security testers can earn certifications
CEH CISSP OPST As a security tester, be aware What you are legally allowed or not allowed to do ISPs may have an acceptable use policy May limit ability to use tools Summary Security testers can earn certifications CEH CISSP OPST As a security tester, be aware What you are legally allowed or not allowed to do ISPs may have an acceptable use policy May limit ability to use tools Hands-On Ethical Hacking and Network Defense, 3rd Edition

112 Summary Laws should be understood before conducting a security test
Federal laws State laws Get it in writing Use a contract Have an attorney read the contract Understand tools available to conduct security tests Learning how to use them should be a focused and methodical process Summary Laws should be understood before conducting a security test Federal laws State laws Get it in writing Use a contract Have an attorney read the contract Understand tools available to conduct security tests Learning how to use them should be a focused and methodical process

Download ppt "Hands-On Ethical Hacking and Network Defense"

Similar presentations

Ethical Hacking: New Web 2.0 Attacks and Defenses HI-TEC 2011.

Ethical Hacking: New Web 2.0 Attacks and Defenses HI-TEC 2011.
ITIS 1210 Introduction to Web-Based Information Systems Chapter 44 How Firewalls Work How Firewalls Work.

ITIS 1210 Introduction to Web-Based Information Systems Chapter 44 How Firewalls Work How Firewalls Work.
Chapter 1 Ethical Hacking Overview. Who Am I?  Kevin Riley  Systems / Network Analyst Orange Coast College   Phone 714.432.5949.

Chapter 1 Ethical Hacking Overview. Who Am I?  Kevin Riley  Systems / Network Analyst Orange Coast College   Phone
Software programs that enable you to view world wide web documents. Internet Explorer and Firefox are examples. Browser.

Software programs that enable you to view world wide web documents. Internet Explorer and Firefox are examples. Browser.
Web Defacement Anh Nguyen May 6 th, 2010. Organization Introduction How Hackers Deface Web Pages Solutions to Web Defacement Conclusions 2.

Web Defacement Anh Nguyen May 6 th, Organization Introduction How Hackers Deface Web Pages Solutions to Web Defacement Conclusions 2.
Prepared by: Nahed Al-Salah

Prepared by: Nahed Al-Salah
About the Presentations The presentations cover the objectives found in the opening of each chapter. All chapter objectives are listed in the beginning.

About the Presentations The presentations cover the objectives found in the opening of each chapter. All chapter objectives are listed in the beginning.
INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)

INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)
Security, Privacy, and Ethics Online Computer Crimes.

Security, Privacy, and Ethics Online Computer Crimes.
Hands-On Ethical Hacking and Network Defense

Hands-On Ethical Hacking and Network Defense
January 14, 2010 Introduction to Ethical Hacking and Network Defense MIS 4600 - © Abdou Illia.

January 14, 2010 Introduction to Ethical Hacking and Network Defense MIS © Abdou Illia.
100% Security “ The only system which is truly secure is one which is switched off and unplugged, locked in a titanium lined safe, buried in a concrete.

100% Security “ The only system which is truly secure is one which is switched off and unplugged, locked in a titanium lined safe, buried in a concrete.
Computer Networks IGCSE ICT Section 4.

Computer Networks IGCSE ICT Section 4.
Computer Hacking By: Caleb Herring Katie Edom. What is Computer Hacking Computer Hacking is defined as one who uses programming skills to access, legally.

Computer Hacking By: Caleb Herring Katie Edom. What is Computer Hacking Computer Hacking is defined as one who uses programming skills to access, legally.
Lecture 11 Electronic Business (MGT-485). Recap – Lecture 10 Transaction costs Network Externalities Switching costs Critical mass of customers Pricing.

Lecture 11 Electronic Business (MGT-485). Recap – Lecture 10 Transaction costs Network Externalities Switching costs Critical mass of customers Pricing.
Chapter 1 Ethical Hacking Overview. Hands-On Ethical Hacking and Network Defense2  Describe the role of an ethical hacker  Describe what you can do.

Chapter 1 Ethical Hacking Overview. Hands-On Ethical Hacking and Network Defense2  Describe the role of an ethical hacker  Describe what you can do.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
Threat to I.T Security By Otis Powers. Hacking Hacking is a big threat to society because it could expose secrets of the I.T industry that perhaps should.

Threat to I.T Security By Otis Powers. Hacking Hacking is a big threat to society because it could expose secrets of the I.T industry that perhaps should.
Security Awareness: Applying Practical Security in Your World Chapter 1: Introduction to Security.

Security Awareness: Applying Practical Security in Your World Chapter 1: Introduction to Security.
Business Computing 550 Lesson 6. 2 Security Threats on Web Sites Issues and vulnerabilities 1.Illegal Access and Use (Hacking the system or users exposing.

Business Computing 550 Lesson 6. 2 Security Threats on Web Sites Issues and vulnerabilities 1.Illegal Access and Use (Hacking the system or users exposing.

Similar presentations

Ads by Google