Posts: 2,051
Threads: 1,405
Joined: Jun 2011
Abstract
We’ve all heard of hackers. Many of us have even suffered the consequences of hacker actions. So who are these hackers? Traditionally, a hacker is someone who likes to tinker with software or electronic systems. Hackers enjoy exploring and learning how computer systems operate. They love discovering new ways to work electronically. Recently, hacker has taken on a new meaning — someone who maliciously breaks into systems for personal gain. Technically, these criminals are crackers (criminal hackers). Crackers break into (crack) systems with malicious intent. They are out for personal gain: fame, profit, and even revenge. They modify, delete, and steal critical information, often making other people miserable.
Introduction
Hacking ethically — the science of testing your computers and network for security vulnerabilities and plugging the holes you find before the bad guys get a chance to exploit them. The good-guy (white hat) hackers don’t like being in the same category as the bad-guy (black-hat) hackers. (These terms come from Western movies where the good guys wore white cowboy hats and the bad guys wore black cowboy hats.) Whatever the case, most people give hacker a negative connotation. Many malicious hackers claim that they don’t cause damage but instead are altruistically helping others. Yeah, right. Many malicious hackers are electronic thieves.
_ Hackers (or bad guys) try to compromise computers.
_ Ethical hackers (or good guys) protect computers against illicit entry.
Hackers go for almost any system they think they can compromise. Some prefer prestigious, well protected systems, but hacking into anyone’s system increases their status in hacker circles. You need protection from hacker shenanigans. An ethical hacker possesses the skills, mindset, and tools of a hacker but is also trustworthy. Ethical hackers perform the hacks as security tests for their systems.
Ethical hacking — also known as penetration testing or white-hat hacking — involves the same tools, tricks, and techniques that hackers use, but with one major difference: Ethical hacking is legal. Ethical hacking is performed with the target’s permission. The intent of ethical hacking is to discover vulnerabilities from a hacker’s viewpoint so systems can be better secured. To hack your own systems like the bad guys, you must think like they think.
Explanation
To hack your own systems like the bad guys, you must think like they think. To catch a thief, think like a thief. That’s the basis for ethical hacking. The law of averages works against security. With the increased numbers and expanding knowledge of hackers combined with the growing number of system vulnerabilities and other unknowns, the time will come when all computer systems are hacked or compromised in some way. Protecting your systems from the bad guys — and not just the generic vulnerabilities that everyone knows about — is absolutely critical. When you know hacker tricks, you can see how vulnerable your systems are. Attacking your own systems to discover vulnerabilities is a step to making them more secure. This is the only proven method of greatly hardening your systems from attack. As hackers expand their knowledge, so should you. You must think like them to protect your systems from them. You, as the ethical hacker, must know activities hackers carry out and how to stop their efforts. You should know what to look for and how to use that information to thwart hackers’ efforts. Your overall goals as an ethical hacker should be as follows: _ Hack your systems in a nondestructive fashion.
_ Enumerate vulnerabilities and, if necessary, prove to upper management that vulnerabilities exist.
_ Apply results to remove vulnerabilities and better secure your systems. Hackers prefer attacking operating systems like Windows and Linux because they are widely used and better known for their vulnerabilities.
Here are some examples of attacks on operating systems:
_ Exploiting specific protocol implementations
_ Attacking built-in authentication systems
_ Breaking file-system security
_ Cracking passwords and encryption mechanisms
Application and other specialized attacks
Applications take a lot of hits by hackers. Programs such as e-mail server software and Web applications often are beaten down:
Hypertext Transfer Protocol (HTTP) and Simple Mail Transfer Protocol (SMTP) applications are frequently attacked because most firewalls and other security mechanisms are configured to allow full access to these programs from the Internet.
_ Malicious software (malware) includes viruses, worms, Trojan horses, and spy ware. Malware clogs networks and takes down systems.
_ Spam (junk e-mail) is wreaking havoc on system availability and storage space. And it can carry malware.
Ethical hacking helps reveal such attacks against your computer systems. The word ethical in this context can be defined as working with high professional morals and principles. Treat the information you gather with the utmost respect. All information you obtain during your testing from Web-application log files to clear-text passwords must be kept private. Don’t use this information to snoop into confidential corporate information or private lives. If you sense that someone should know there’s a problem, consider sharing that information with the appropriate manager. Many security-assessment tools can control how many tests are performed on a system at the same time. These tools are especially handy if you need to run the tests on production systems during regular business hours. You can even create an account or system lockout condition by social engineering someone into changing a password, not realizing that doing so might create a system lockout condition.
The Ethical Hacking Process
Like practically any IT or security project, ethical hacking needs to be planned in advance. Strategic and tactical issues in the ethical hacking process should be determined and agreed upon. Planning is important for any amount of testing from a simple password-cracking test to an all-out penetration test on a Web application.
Formulating your plan
You need a detailed plan, but that doesn’t mean you have to have volumes of testing procedures. One slip can crash your systems not necessarily what anyone wants. A well-defined scope includes the following information:
_ Specific systems to be tested
_ Risks that are involved
_ When the tests are performed and your overall timeline
_ How the tests are performed
_ How much knowledge of the systems you have before you start testing
_ What is done when a major vulnerability is discovered
_ The specific deliverables this includes security-assessment reports
and a higher-level report outlining the general vulnerabilities to be addressed, along with countermeasures that should be implemented When selecting systems to test, start with the most critical or vulnerable systems. For instance, you can test computer passwords or attempt social engineering attacks before drilling down into more detailed systems. Don’t stop with one security hole. This can lead to a false sense of security. Keep going to see what else you can discover. I’m not saying to keep hacking.
Selecting tools
As with any project, if you don’t have the right tools for ethical hacking, accomplishing the task effectively is difficult. Having said that, just because you use the right tools doesn’t mean that you will discover all vulnerabilities. Know the personal and technical limitations. Many security-assessment tools generate false positives and negatives (incorrectly identifying vulnerabilities). Others may miss vulnerabilities. If you’re performing tests such as social engineering or physical-security assessments, you may miss weaknesses. Many tools focus on specific tests, but no one tool can test for everything. For the same reason that you wouldn’t drive in a nail with a screwdriver, you shouldn’t use a word processor to scan your network for open ports. This is why you need a set of specific tools that you can call on for the task at hand. The more tools you have, the easier your ethical hacking efforts are. Make sure you that you’re using the right tool for the task:
_ To crack passwords, you need a cracking tool such as LC4, John the Ripper, or pwdump.
A general port scanner, such as SuperScan, may not crack passwords.
_ For an in-depth analysis of a Web application, a Web-application assessment tool (such as Whisker or WebInspect) is more appropriate than a network analyzer (such as Ethereal).
When selecting the right security tool for the task, ask around. Get advice from your colleagues and from other people online. A simple Groups search on Google (google.com) or perusal of security portals, such as SecurityFocus.com, SearchSecurity.com, and ITsecurity.com, often produces great feedback from other security experts.
Hundreds, if not thousands, of tools can be used for ethical hacking — from your own words and actions to software-based vulnerability-assessment programs
to hardware-based network analyzers. The following list runs down some of my favorite commercial, freeware, and open-source security tools:
_ Nmap
_ EtherPeek
_ SuperScan
_ QualysGuard
_ WebInspect
_ LC4 (formerly called L0phtcrack)
_ LANguard Network Security Scanner
_ Network Stumbler
_ ToneLoc
Here are some other popular tools:
_ Internet Scanner
_ Ethereal
_ Nessus
_ Nikto
_ Kismet
_ THC-Scan
I discuss these tools and many others in Parts II through V when I go into the specific hack attacks. The capabilities of many security and hacking tools are often misunderstood.
This misunderstanding has shed negative light on some excellent tools, such as SATAN (Security Administrator Tool for Analyzing Networks) and Nmap (Network Mapper).
Some of these tools are complex. Whichever tools you use, familiarize yourself with them before you start using them. Here are ways to do that:
_ Read the readme and/or online help files for your tools.
_ Study the user’s guide for your commercial tools.
_ Consider formal classroom training from the security-tool vendor or another third-party training provider, if available.
Look for these characteristics in tools for ethical hacking:
_ Adequate documentation.
_ Detailed reports on the discovered vulnerabilities, including how they may be exploited and fixed.
_ Updates and support when needed.
_ High-level reports that can be presented to managers or nontechie types.
These features can save you time and effort when you’re writing the report. As with any project, if you don’t have the right tools for ethical hacking, accomplishing the task effectively is difficult. Having said that, just because you use the right tools doesn’t mean that you will discover all vulnerabilities.
Some of these tools are complex. Whichever tools you use, familiarize yourself with them before you start using them. Here are ways to do that:
_ Read the readme and/or online help files for your tools.
_ Study the user’s guide for your commercial tools.
_ Consider formal classroom training from the security-tool vendor or another third-party training provider, if available.
Look for these characteristics in tools for ethical hacking:
_ Adequate documentation.
_ Detailed reports on the discovered vulnerabilities, including how they may be exploited and fixed.
_ Updates and support when needed.
_ High-level reports that can be presented to managers or nontechie types.
These features can save you time and effort when you’re writing the report.
Executing the plan
Ethical hacking can take persistence. Time and patience are important. Be careful when you’re performing your ethical hacking tests. A hacker in your network or a seemingly benign employee looking over your shoulder may watch what’s going on. This person could use this information against you.
It’s not practical to make sure that no hackers are on your systems before you start. Just make sure you keep everything as quiet and private as possible. This is especially critical when transmitting and storing your test results. If possible, encrypt these e-mails and files using Pretty Good Privacy (PGP) or something similar. At a minimum, password-protect them. You’re now on a reconnaissance mission. Harness as much information as possible about your organization and systems, which is what malicious hackers do. Start with a broad view and narrow your focus:
1. Search the Internet for your organization’s name, your computer and network system names, and your IP addresses. Google is a great place to start for this.
2. Narrow your scope, targeting the specific systems you’re testing. Whether physical-security structures or Web applications, a casual assessment can turn up much information about your systems.
3. Further narrow your focus with a more critical eye. Perform actual scans and other detailed tests on your systems.
4. Perform the attacks, if that’s what you choose to do.
Results
This is where knowledge counts. Evaluating the results and correlating the specific vulnerabilities discovered is a skill that gets better with experience. You’ll end up knowing your systems as well as anyone else. This makes the evaluation process much simpler moving forward.
