Presentation is loading. Please wait.

Presentation is loading. Please wait.

COMP1321 Digital Infrastructures

Published byIna Nygård Modified over 6 years ago

Similar presentations

Presentation on theme: "COMP1321 Digital Infrastructures"— Presentation transcript:

1 COMP1321 Digital Infrastructures
Richard Henson University of Worcester April 2018

2 Week 22: “Offensive” security and ethical hacking
Objectives: Explain the principles of hacking ethically Explain “Footprinting” and reconnaissance from a penetration testers perspective Use of vulnerability/penetration testing to passively” scan networks & check access to the organisation’s network (and information about it!) from outside Exploit Known vulnerabilities through specific unguarded TCP ports

3 Ethical Hacking Principles
Hacking is a criminal offence in the UK covered through The Computer Misuse Act (1990) tightened by further legislation (2006) It can only be done ”legally” by a trained (or trainee) professional a computing student would be considered in this context under the law

4 Ethical Hacking principles
Even if it is legal… doesn’t mean it is ethical! Professionals only hack without owner’s permission if there is reason to believe a law is being broken if not… they must ask permission otherwise definitely unethical (and possibly illegal)

5 Ethical Hacking Principles
What is “hacking”? breaching a computer system without permission How is it done? using software tools to get through the security of the system also called penetration testing (again… if done with permission…)

6 Penetration Testers Toolkit
Many penetration testing tools available Also a body of knowledge that shows how to use them… Together, provide the expertise to penetration test a client’s site but this should only be undertaken with the client’s permission…

7 Preparing to use a Toolkit
Ethical Hacking Professionals need to be familiar with both Windows Server, and Linux To fully engage with principles of penetration testing,install the following as virtual machines on your own computer: Windows 2008 Server Linux, with Backtrack (as VM) … Remember: this should only be used ethically! Instead, you may wish to just take an overview (plenty of excellent youtube videos)

8 What and Why of “Footprinting”
Definition: “Gathering information about a “target” system” Could be passive (non-penetrative) or active Find out as much information about the digital and physical evidence of the target’s existence as possible need to use multiple sources… may (e.g. “black hat” hacking) need to be done secretly

9 Useful hacker “intelligence” about a network
Domain Names User/Group names System Names IP addresses Employee Details/Company Directory Network protocols used & VPN start/finish Company documents Intrusion detection system used

10 Network Infrastructure Revision
Windows networks dependent on active directory large object-orientated database installed on servers that become part of domain log in

11 Desktop Security Windows desktop security managed through the system registry area of protected memory, thousands of hardware/software settings viewed using regedit utility some settings can be changed using regedit other settings cannot be seen with regedit

12 System Registry System registry settings stored on local hard disk
Loaded into memory during bootup Local log on: system policy files can overwrite settings in memory Network log on: group policy files are downloaded and overwrite files during log on

13 Group Policy and Resource Access
Network resource access also controlled via downloaded registry settings in this way, user access can be controlled through group policy policy files, group membership need to be held securely

14 Rationale for “passive” Footprinting
The ethical hacker can gather a lot of information from publicly available sources organisation needs to know what is “out there” Methodology: start by finding the URL (search engine) e.g. from main website, find other external-facing names e.g. staffweb.worc.ac.uk

15 Website Connections & History
History: use The Wayback Machine Connections: use robtex.com Business Intelligence: sites that reveal company details e.g.

16 More Company Information…
“Whois” & CheckDNS.com: lookups of IP/DNS combinations details of who owns a domain name details of DNS Zones & subdomains Job hunters websites: e.g. IT technicians “blog entries”

17 People Information Company information will reveal names Use names in
search engines Facebook LinkedIn Google Earth reveals: company location(s)

18 Physical Network Information (“active” footprinting or phishing)
External “probing” should be detectable by a good defence system… (could be embarrassing!) e.g. Traceroute: Uses ICMP protocol “echo” no TCP or UDP port reveals names/IP addresses of intelligent hardware: e.g. Routers, Gateways, DMZs

19 Footprinting Using the system to find the organisation’s names structure “passive” monitor s sent IP source address structure of name “active” sending programs : test whether addresses actually exist test restrictions on attachments

20 Utilizing Google etc. (“passive”)
Google: Advanced Search options: Uses [site:] [intitle:] [allintitle:] [inurl:] In each case a search string should follow e.g. “password” Maltego graphical representations of data

21 Perusing Network Firewall settings
Firewall acts between transport layer and application layer each application transfers data using a logical port can restrict entry of packets to the application layer by blocking that port hacker will wish to know wish ports are blocked and which could be exploited

22 TCP/UDP ports and Hacking
Schematic TCP/IP stack interacting at three of the 7 OSI levels (network, transport, application): TELNET FTP SMTP NFS DNS SNMP ports X X X X X X TCP UDP IP

23 TCP & UDP ports Hackers use these to get inside firewalls etc.
Essential to know the important ones: 20, 21 ftp 80 http 389 Ldap 22 ssh 88 Kerberos 443 https 23 telnet 110 pop Ldap/SSL 25 smtp 135 smb 53 dns NetBIOS 60 tftp 161 snmp

24 Reconnaissance/Scanning
Three types of scan: Network (already mentioned) identifies active hosts Port send client requests until a suitable active port has been found… Vulnerability assessment of devices for weaknesses that can be exploited

25 A “Scanning” Methodology for Ethical Hackers…
Check for Live Systems Check for open ports “Banner Grabbing” e.g. bad html request Scan for vulnerabilities Draw Network diagram(s) Prepare proxies…

26 Proxy Hacking (or Hijacking)
Attacker creates a copy of the targeted web page on a proxy server Now uses methods like: keyword stuffing linking to the copied page from external sites… Artificially raises search engine ranking authentic page will rank lower… may even be seen as duplicated content, in which case a search engine may remove it from its index

27 Now you try it! Download OWASP software tools…
Try out the tools on an informal basis without infringing “ethical hacking” rules Gather evidence documenting your activities after Campbell Murray’s presentation (27th April) Present evidence to hand in with assignment 2…

28 Thanks for Listening 

Download ppt "COMP1321 Digital Infrastructures"

Similar presentations

Enabling Secure Internet Access with ISA Server

Enabling Secure Internet Access with ISA Server
ITIS 1210 Introduction to Web-Based Information Systems Chapter 44 How Firewalls Work How Firewalls Work.

ITIS 1210 Introduction to Web-Based Information Systems Chapter 44 How Firewalls Work How Firewalls Work.
System Security Scanning and Discovery Chapter 14.

System Security Scanning and Discovery Chapter 14.
INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)

INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)
SESSION 9 THE INTERNET AND THE NEW INFORMATION NEW INFORMATIONTECHNOLOGYINFRASTRUCTURE.

SESSION 9 THE INTERNET AND THE NEW INFORMATION NEW INFORMATIONTECHNOLOGYINFRASTRUCTURE.
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.
COEN 252: Computer Forensics Router Investigation.

COEN 252: Computer Forensics Router Investigation.
1 Chapter 6 Network Security Threats. 2 Objectives In this chapter, you will: Learn how to defend against packet sniffers Understand the TCP, UDP, and.

1 Chapter 6 Network Security Threats. 2 Objectives In this chapter, you will: Learn how to defend against packet sniffers Understand the TCP, UDP, and.
Port Knocking Software Project Presentation Paper Study – Part 1 Group member: Liew Jiun Hau (20086034) Lee Shirly (20095815) Ong Ivy (20095040)

Port Knocking Software Project Presentation Paper Study – Part 1 Group member: Liew Jiun Hau ( ) Lee Shirly ( ) Ong Ivy ( )
CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.

CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.
EC-Council’s Certified Ethical Hacker (CEH) Richard Henson May 2012.

EC-Council’s Certified Ethical Hacker (CEH) Richard Henson May 2012.
Forensic and Investigative Accounting

Forensic and Investigative Accounting
Packet Filtering. 2 Objectives Describe packets and packet filtering Explain the approaches to packet filtering Recommend specific filtering rules.

Packet Filtering. 2 Objectives Describe packets and packet filtering Explain the approaches to packet filtering Recommend specific filtering rules.
Network Protocols. Why Protocols?  Rules and procedures to govern communication Some for transferring data Some for transferring data Some for route.

Network Protocols. Why Protocols?  Rules and procedures to govern communication Some for transferring data Some for transferring data Some for route.
Chapter 6: Packet Filtering

Chapter 6: Packet Filtering
Forensic and Investigative Accounting Chapter 14 Internet Forensics Analysis: Profiling the Cybercriminal © 2005, CCH INCORPORATED 4025 W. Peterson Ave.

Forensic and Investigative Accounting Chapter 14 Internet Forensics Analysis: Profiling the Cybercriminal © 2005, CCH INCORPORATED 4025 W. Peterson Ave.
Chapter 1: The Internet and the WWW CIS 275—Web Application Development for Business I.

Chapter 1: The Internet and the WWW CIS 275—Web Application Development for Business I.
COMP1321 Digital Infrastructure Richard Henson February 2014.

COMP1321 Digital Infrastructure Richard Henson February 2014.
Hour 7 The Application Layer 1. What Is the Application Layer? The Application layer is the top layer in TCP/IP's protocol suite Some of the components.

Hour 7 The Application Layer 1. What Is the Application Layer? The Application layer is the top layer in TCP/IP's protocol suite Some of the components.
# Ethical Hacking. 2 # Ethical Hacking - ? Why – Ethical Hacking ? Ethical Hacking - Process Ethical Hacking – Commandments Reporting.

# Ethical Hacking. 2 # Ethical Hacking - ? Why – Ethical Hacking ? Ethical Hacking - Process Ethical Hacking – Commandments Reporting.

Similar presentations

Ads by Google