Popular Ways To Hack And Crack A Website

Tweet Hacking a website not only means taking the whole control of website but can be either changing the website datas or make the website down by making denial of serviceattack.Here in this article we will see some possible ways of attacking a website.A website can be attacked in any one of the following ways.

• Password Cracking
• Simple SQL Injection Hack
• Brute force attack for servers
• Denial of service
• PASSWORD CRACKING

The first and foremost thing that every hacker must need to hack a website is the hostingIP address of the website.You can directly find the IP address of any website from yourcommand prompt itself.

1. For that open command prompt (window + r) and type cmd and hit enter.
2. Type the following command followed by the URL of the website

nslookup URL addressFor example

nslookup www.realhackings.comand hit enter.you can see a window as shown below with the ip address of the website


Now you have got the IP address of the website.next step is to scan the IP we have got just now to see which protocols the Website at this IP is using 

For scanninng DOWNLOAD IP scanner and open it you can see a window as shown below.Just paste the IP you have just got and click scan button.


In the above image FTP is shown,That means this website is using FTP to access to its servers.just double click on the FTP to see a window as shown below


Now this is the final stage.When you enter exact username and password you can login to that website and do whatever you like.To find this username and password we have to dobrute force attack

BRUTE FORCE ATTACK

In cryptanalysis, a brute force attack is a method of defeating a cryptographic scheme by trying a large number of possibilities; for example, exhaustively working through all possible keys in order to decrypt a message.Well, to put it in simple words, brute-force attack guess a password by trying all probable variants by given character set. Eg. checking all combination in lower Latin character set, that is 'abcdefghijklmnopqrstuvwxyz'. Brute-force attack is very slow. For example, once you set lower Latin charset for your brute-force attack, you'll have to look through 217 180 147 158 variants for 1-8 symbol password. It must be used only if other attacks have failed to recover your password.For attacking any account using this technique you should need high patience and it will take a lot of time depending upon the number of characters

Denial of service ( Ddos attack ):

A denial of service attack (DOS) is an attack through which a person can render a system unusable or significantly slow down the system for legitimate users by overloading the resources, so that no one can access it.this is not actually hacking a webite but it is used to take down a website.

If an attacker is unable to gain access to a machine, the attacker most probably will just crash the machine to accomplish a denial of service attack,this one of the most used method for website hacking

SQL INJECTION

SQL injection is a vulnerability that allows an attacker to influence the queries that are passed to the back-end database.It has been present since the time databases have been attached to the web applications.Before understanding the how SQL injection attacks we need to understand the Simple Three Tier Architecture or a Four Tier Architecture.This will clear your basics and give you a rough idea of how database-driven web applicationswork.

Paper by Devils Cafe

All Application Hacking Methods - Wide Range

Tweet Parameter manipulation

* Arbitary File Deletion
* Code Execution
* Cookie Manipulation ( meta http-equiv & crlf injection )
* CRLF Injection ( HTTP response splitting )
* Cross Frame Scripting ( XFS )
* Cross-Site Scripting ( XSS )
* Directory traversal
* Email Injection
* File inclusion
* Full path disclosure
* LDAP Injection
* PHP code injection
* PHP curl_exec() url is controlled by user
* PHP invalid data type error message
* PHP preg_replace used on user input
* PHP unserialize() used on user input
* Remote XSL inclusion
* Script source code disclosure
* Server-Side Includes (SSI) Injection
* SQL injection
* URL redirection
* XPath Injection vulnerability
* EXIF



This list below fits in category MultiRequest parameter manipulation

* Blind SQL injection (timing)
* Blind SQL/XPath injection (many types)



This list below fits in category File checks

* 8.3 DOS filename source code disclosure
* Search for Backup files
* Cross Site Scripting in URI
* PHP super-globals-overwrite
* Script errors ( such as the Microsoft IIS Cookie Variable Information Disclosure )



This list below fits in category Directory checks

* Cross Site Scripting in path
* Cross Site Scripting in Referer
* Directory permissions ( mostly for IIS )
* HTTP Verb Tampering ( HTTP Verb POST & HTTP Verb WVS )
* Possible sensitive files
* Possible sensitive files
* Session fixation ( jsessionid & PHPSESSID session fixation )
* Vulnerabilities ( e.g. Apache Tomcat Directory Traversal, ASP.NET error message etc )
* WebDAV ( very vulnerable component of IIS servers )



This list below fits in category Text Search Disclosure

* Application error message
* Check for common files
* Directory Listing
* Email address found
* Local path disclosure
* Possible sensitive files
* Microsoft Office possible sensitive information
* Possible internal IP address disclosure
* Possible server path disclosure ( Unix and Windows )
* Possible username or password disclosure
* Sensitive data not encrypted
* Source code disclosure
* Trojan shell ( r57,c99,crystal shell etc )
* ( IF ANY )Wordpress database credentials disclosure



This list below fits in category File Uploads

* Unrestricted File Upload



This list below fits in category Authentication

* Microsoft IIS WebDAV Authentication Bypass
* SQL injection in the authentication header
* Weak Password
* GHDB - Google hacking database ( using dorks to find what google crawlers have found like passwords etc )



This list below fits in category Web Services - Parameter manipulation & with multirequest

* Application Error Message ( testing with empty, NULL, negative, big hex etc )
* Code Execution
* SQL Injection
* XPath Injection
* Blind SQL/XPath injection ( test for numeric,string,number inputs etc )
* Stored Cross-Site Scripting ( XSS )
* Cross-Site Request Forgery ( CSRF )

Crypters Guide for beginners

Tweet What is a crypter?
A crypter is a program used to make viruses undetectable by anti-viruses.
Crypter types:
Runtime: Crypters that crypt your virus and when you run it in a computer it is undetectable by the anti-virus.
Scantime: Crypters that crypt your virus and when you scan it it is undetectable but when your run it in a computer the anti-virus detects it.
Crypter parts:

• Client: The porgram where you can load your file and crypt it.
• Stub: Stub is a filter for the file you chose at the client. If you delete it the client is useless but some crypters don’t have a stub.exe (internal stub).

FUD & UD
UD means UnDetectable.
FUD means Fully UnDetectable.
You can check if your crypted virus is FUD or UD at NoVirusThanks.
http://scanner.novirusthanks.org/

Always check “Do not distribute the sample”!
If your virus is FUD it will be like this:

Security Paper By : http://beginnerhacking.wordpress.com/2010/06/11/crypters-guide-for-beginners/

Free VPN Downloads & Proxy Servers

Tweet What is a VPN?
VPN stands for virtual private network. A VPN keeps your wireless communications safe by creating a secure “tunnel,” though which your encrypted data travels. These tunnels cannot be entered by data that is not properly encrypted. Not only is data encrypted when you use a VPN, but the originating and receiving network addresses are also encrypted. This adds an extra layer of security.

What is a proxy?
Proxy sites enable you to bypass your own Internet provider and browse through the proxy web site. All that you have to do is type the web site address you would like to visit in the form they provide, and start browsing. Once you keep browsing using that form, you are protected and your real IP address is not being logged.
VPN downloads!
1) UltraVPN
UltraVPN is a free VPN that hides your connection from unwanted ears and allows you to use blocked application. Traffic is quota is unlimited. Bandwidth is up to 500Ko/s depending on network conditions.

Click here to download UltraVPN!
Click here to use UltraVPN with Linux!
2) Loki VPN
Loki Network allows you to surf the Internet anonymously and hides your real location (IP address). Everything you do through the Loki Network is done from the name of the Loki Network server and from its IP address. Connection between your computer and Loki Network is secured with SSL.
However, to protect your anonymity you still have to be careful about any data you fill in Web forms and network applications you use locally (any locally running application still have the complete access to your real IP address).

Click here to download Loki VPN!
3) Tor
An anonymous Internet communication system, Tor is a toolset for a wide range of organizations and people that want to improve their safety and security on the Internet. Using Tor can help you anonymize Web browsing and publishing, instant messaging, IRC, and SSH. Tor also provides a platform on which software developers can build new applications with built-in anonymity, safety, and privacy features.

Click here to download Tor!
4) Cyberghost VPN
The Internet has long since become an interactive means of communication. Everyone writes e-mails, and many are making use of online storage sites, blogging, or sharing their views on Web forums. Fortunately, CyberGhost VPN gives users a way to surf anonymously and keep their private information from the eyes of others. CyberGhost VPN provides you with anonymous IP address and encrypts transmissions between you and the Web.

Click here to download CyberGhost VPN!
5) JAP
JAP Anon Proxy provides the functionality to surf the web without being observed. This means that neither the requested server nor any observer on the Internet can know which user has viewed which web page – in short, anonymity.

Click here to download JAP!
6) Free Proxy
FreeProxy enables many users to share an Internet connection. The basic features include proxying HTTP, SMTP, POP, FTP Proxy, TCP Tunneling, and SOCKS 4/4a/5. The application works well with a wide range of clients including browsers, ICQ, and MSN messenger and comprehensive help illustrates the setup of these clients. In addition, FreeProxy includes authentication to both an internal user database or to a windows domain, extensive reporting, comprehensive control of resource permissions, URL filtering, IP address filtering, local port binding, demand dialing, calendar control, proxy chaining, and includes a functional Web server, plus numerous other features.

Click here to download FreeProxy!
7) AnalogX Proxy
AnalogX Proxy supports FTP (file transfer), HTTP (web), HTTPS (secure web), NNTP (newsgroups), POP3 (recieve mail), SMTP (send mail) and Socks4/4a and partial Socks5 (no UDP) protocols! It works great with Internet Explorer, Netscape, Instant Messenger.

Click here to download AnalogX Proxy!

8) Hotspot Shield
Hotspot Shield is a freeware which ensures anonymous and censor-free internet usage. With Hotspot Shield you can even access blocked websites. For example: Skype is blocked in certain parts of the world. With Hotspot Shield, anyone can access Skype (and any other site they choose). The free software ensures censor-free internet usage by encrypting all communications to and from your computer to protect you from online spying. While advertising supported, HotSpot Shield is is not an invasive adware or pervasive spyware application.

Click here to download Hotspot Shield!
9) TheGreenBow VPN Client
TheGreenBow VPN Client is a standard-based IPSec VPN Client, compliant with most of the popular VPN gateways allowing fast integration in existing networks. Highly efficient and extremely easy to configure, it provides the remote users an IPSec VPN Client to securely connect to the corporate network. It also allows peer-to-peer VPN with full IPSec standards, full IKE NAT Traversal, IP address emulation, strong encryption (X509, AES, MD5, DES, DH group 1 to 5), Strong authentication (Certificates, X-Auth, Pre-shared key, USB token), redundant gateway and DPD detection, high performances, no system overhead, DNS and WINS resolutions supported, operates as a Service, allowing the use on unattended Servers, accepts incoming IPsec Tunnels, optional ‘IPsec only’ traffic filtering. Wireless connectivity (GPRS, WiFi, Bluetooth).

Click here to download TheGreenBow VPN Client!
*Download link untested, please scan any crack/keygen before use
10) ProxyWay
ProxyWay is free proxy tool that provides easy way to scan proxy lists, check proxy, filter and change proxy servers on fly. You can use ProxyWay with browsers and different applications to visit different sites, download movies, files, send messages, etc.
To simlify ProxyWay configuration you can use ‘ProxyWay Auto Configuration’ option. Using this option you don’t need to download proxy lists, check proxies, create services and configure browser settings manually. ProxyWay will do it for you. The only one thing you should do is start surfing.
ProxyWay main features:
● Easy setup – Proxy Way ‘Auto Configuration’ option automatically updates proxy list, checks proxies, creates services and configures your browser
● Hide Your Real IP
● Proxy Finder
● Proxy Checker
● Proxy Management System – creates proxy chains and easily changes them on fly
● Supports web proxies

Click here to download ProxyWay!
11) InterWAP
Free SSH and VPN FULL SPEED UNLIMITED tunnel anonymizer. Bypass provider restrictions and surf anonymous. Use any services, games and applications even if your provider blocks the access. The speed is not affected.

Click here to download InterWAP!
12) Free VPN
Free VPN protects your entire web surfing session; securing your connection at both your home Internet network & Public Internet networks (both wired and wireless). Free VPN protects your identity by ensuring that all web transactions (shopping, filling out forms, downloads) are secured through HTTPS. Free VPN also makes you private online making your identity invisible to third party websites and ISP’s. Unless you choose to sign into a certain site, you will be anonymous for your entire web session with FreeVPN. We love the web because of the Freedom that it creates to explore, organize, and communicate. Free VPN enables access to all information online, providing freedom to access all web content freely and securely. Secure your entire web session and ensure your privacy online; your passwords, credit card numbers, and all of your data is secured with Free VPN.

Click here to download Free VPN!
13) Barracuda Proxy
BdProxy – SOCKS, HTTP, and HTTPS Proxy Server. The BdProxy acts as a SOCKS, HTTP, and HTTPS proxy server. The proxy allows you to use your Internet applications anonymously, despite firewalls. The BdProxy is a free and complementary BarracudaDrive product. The BdProxy client connects and establishs a secure tunnel to the HTTPS Tunnel server integrated into the BarracudaDrive Web Server. This product requires the BarracudaDrive server.

Click here to download Barracuda Proxy!
14) ProxyMaster
ProxyMaster is an Internet utility to let you browse the Web anonymously by hiding your IP address.
When you surf the Internet your unique identification number (IP number) can be detected by any Website you visit.
ProxyMaster lets you use another IP number which is provided by a server called anonymous proxy server as a unique.
- Hide your IP number from people.
- Check the availability of multiple anonymous proxy servers with a blazing fast speed.
- Import any list of anonymous proxy servers into Winnow Anonymous Proxy
- Export the list of anonymous proxy servers contained in Winnow Anonymous Proxy to text file
- ProxyMaster automatically deletes dead anonymous proxy servers.

Click here to download ProxyMaster!
Proxy Sites
Use these for quick access to websites your workplace/college/school has blocked.
Bypasshack
OnlineEducationz
Pagewash
Surfproxy
Passall
Keep checking back, it’s regularly updated!
Enjoy anonymous surfing!
Bookmark This Page!

Thanks beginnerhacking for the post !

How Can I Hack Hotmail/Gmail/Yahoo/Facebook?

Tweet

I’m merely disappointed by the number of technically illiterate people around the world. The most popular question in any hacking related site is “How to hack e-mail” its not tolerated in any security/hacking related forum and if asked you can expect to get a rant from people. the reason is simple because there are NO ways of hacking a e-mail address by easy means and the people who know this fact often get very annoyed when most people don’t understand WHY its NOT POSSIBLE !

The hacking of a e-mail is possible when a person who owns the account gets hacked. the other way is to hack them directly from the e-mail servers which is most unlikely because these sites use sophisticated Intrusion Detection and highly skilled consultants who are up to date with exploits and patch’s. unless you are a real professional hacker its highly unlikely you will ever break into a e-mail server.

People MUST understand that there are NO PROGRAMS/SOFTWARE’S that can hack a e-mail password when you enter an e-mail address. to understand this

better let me explain you how e-mail works

Lets say you have a gmail account

When you enter your username and password and hit login what happens is your outgoing e-mail server encrypts the login information and sends over the network to its destination which is a gmail server which can ONLY decrypt the encrypted credentials then these were checked against its database and if they match it will re direct you to your mail inbox. to authenticate you with the gmail server, it will send you a cookie ( a text file ) with a session ID to your browser confirming that you are authenticated so the gmail server.

So there was a time when e-mail servers gave the option to NOT to use SSL cause it slows down the e-mail. because of the time it takes to encrypt. it was a “happy time” for the hackers who simply used a wifi hotspot to sniff session ID and break into emails !!! why ? because If anyone sniffs your session ID he can use it to login into you mail WITHOUT the password because the session ID is the proof of authentication as I mentioned earlier ^ but with almost all the e-mail servers NOW use a SSL encryption and the Session ID is also encrypted so by sniffing its NOT possible to decrypt the ID !

So there goes Packet Sniffing

You may ask so what ? why the encryption cannot be cracked ?

Because The encryption uses Hypertext Transfer Protocol over Secure Socket Layer and public/Private key encryptions technique which is almost impossible to crack. Do some Research on these terms and you will know why its not possible to crack/

If you’re curious and patient enough read this else Skip

http://www.cohn-family.com/encryption.htm

So now the next possible way is to somehow hack into the gmail servers and pull the password hash’s and then crack them. well, sadly not many people have succeeded doing it because its highly impossible and way too risky

Now after reading all this you might have a slight idea why I ask people who claim “they can hack any e-mail” to prove it !! so if you can make a program that can somehow bypass all the security and bring the password from the gmail server then you deserve a noble prize !!!

<But I must tell you that professional hackers do have few techniques to override these terms I mentioned in certain cases….>

NOW ASK ME HOW TO HACK A E-MAIL ?

Ok you clearly know its almost impossible but the good news is that its possible to hack a individuals computer or a web server. most people lack of common sense and so many people have NO technical knowledge whatsoever. so by hacking them its possible to steal their passwords.

Because we can’t hack the password from the servers but we can hack it from the people who use it..

There are so many ways.. here are some of the methods,

1. Fake Login page – Fake page also known as phishing. This process involves creating a fake login page of a certain e-mail and tweaking the password authentication process so when the user inserts login details it will be sent to the hacker. This is the easiest way to hack when the victim has no technical knowledge.

2. Social Engineering – Humans have certain weaknesses and this process involves exploiting someone’s weakness to retrieve a credential such as a password. for an e.g: There are many incidents in the past like once when a hacker phoned a employee of a company (victim) and identified himself as the Technical Engineer of that company and instructed the employee (victim) to follow a set of FAKE system error checking and eventually received his login password from him by simply convincing him to reveal them. its just simple as that/ it does takes lot of confidence and skill.

3. Keylogger – Its an application which runs hidden from a user in the background and logs/records all the keystrokes of a user. when a user types something it will be recorded and saved. when the system goes online the recorded details will be sent to the hacker. which can contain a e-mail login detail. the keyloggers are outdated and most of them are detected by anti-virus programs. but when used in a LAN network or when the hacker has physical access to a system it proves to be effective. so if your girlfriend/boyfriend is cheating on you this is the way to go.. but I still think smart people don’t keep “cheating related e-mails in their inbox” he he

The downfall of keyloggers are that not many keyloggers can be deployed remotely and they are often picked by anti-virus programs (which can be avoided by using code obfuscation or packing/crypting, changing Entry point..but its more complex)

Another downfall of keylogger is that most of them don’t use any encryption and the data is sent as it is, with a skilled reverse engineer its possible to track down the hacker by breaking the file and analysing the code.

4. Trojans – Programs which are often known as backdoors. these programs are similar to keyloggers but they can execute certain commands sent by the hacker. most Trojans have a built in password stealer which is an application that can steal stored browser passwords. also in addition they have far more sophisticated functions such as webcam capture (YES the hacker can see you when you pick your nose) ability to browse/download/edit your files and folders, audio recording, etc.. different Trojans have different functions. All hacker has to do is create a server and send it to the victim and once the victim opens the file it will drop into the victims system and connect to hackers client. now he can issue commands to his server which is in the victims computer and manipulate it whatever the way he likes.

Trojans are very easy to use and most of them use encryption and security evasion techniques and there are TONS of tutorials all over internet if anyone interested in using them.

I hope I have covered enough information. so next time when you see someone asking “How to hack email” Please point it to this thread. so he/she don’t waste his/her time and money.

My advise is if you have a personal issue such as cheating/breaking up I encourage you to sort them by other means. or maybe Go see a doctor. if she dumped you… MOVE ON !

DON’T EVER PAY ANYONE TO HACK ANY EMAIL because… I hope you read the whole thing ^
written by securityfactor.wordpress.com

SSH Tunneling and Secure web surfing

Tweet   SSH Socks5 Proxy set up for Secure Web Browsing away from home

If you have ever been scared to surf the over the internet at an internet cafe like starbucks or Barnes & Nobles…etc I have the perfect and “FREE” way of staying secure while your browsing the web away from your home. I made this for all my Top-Hat-Sec friends who might get some use out of this. Lets begin shall we..

Step 1: You first would want to install Backbox or backtrack…etc on a spare machine.

Step 2: You are going to need to forward your ports for on the spare machine your setting up, so set a static IP on that machine through your network manager. Mine is set to 192.168.0.109 for example. And now well forward port 8080 and port 22 on your router “Make sure you forward the ports to the IP of your spare computer which mine would be once again 192.168.0.109 on port 8080 & 22



Step 3: You’ll want to start the SSH service on either backbox or backtrack in your start menu. Services > SSH > SSH Start

Step 4: once the service is running well be able to go to another computer which is not on your local network and SSH in to the spare computer and be able to use it as a socks5 Proxy to encrypt our traffic and actually be surfing the web through the spare computers connection..
The way we would connect I’ll describe below:
“Note this is on another computer and out of your home network & IP Adress”
Type: root@21.116.178.14 -D 8080

—–> root being whatever user name your using on your account of the spare computer you set up backbox or backtrack on.
—–> 21.116.178.14 being your external IP address of your home network
—–> -D 8080 this creates the dynamic socks proxy using port 8080
Now we’ll need to set up the socks 5 proxy in firefox
Go to Edit > Preference > Network > Settings & click on Manual proxy configuration. Now under socks Host in the little box type 127.0.0.1 and in the port box you’ll want to type in 8080 and click ok..



Now you can check your IP address using www.ipchicken.com and see that your IP has changed and you are now using your home connection to browse the internet.
I hope you guys enjoyed this tutorial and find it of use. Thanks for checking it out Any questions just post them and I’ll try to help you work through it.

Thanks to n1tr0g3n for this White Paper !

How to Protect When Downloading Torrents (Ads,Malware,etc))

Tweet

 
PeerBlock lets you control who your computer "talks to" on the Internet.  By selecting appropriate lists of "known bad" computers, you can block communication with advertising or spyware oriented servers, computers monitoring your p2p activities, computers which have been "hacked", even entire countries!  They can't get in to your computer, and your computer won't try to send them anything either.
And best of all, it's free!

This software will protect those torrent users out there from Ads, Malicious spyware sites, “bad P2P sites” caugh caugh!!! Block annoying video ads on sites that load up automatically as well as has a blacklist you can configure.and help you stay secure on the web none the less. If you are reading this you probably already know the best use of this software so go ahead and download it. The set up is easy and only takes a second. It’s a little piece of mind that you probably didn’t have before.

Download Page:    http://www.peerblock.com/

Thanks to http://geekblog.tv  for this find..

Introduction For Cyber Security and Hacking

Tweet Introduction

This lesson introduces you to the world of ethical hacking. Ethical hacking is a form of legal hacking that is done with the permission of an organization to help increase its security. This lesson discusses many of the business aspects of penetration (pen) testing. Information about how to perform a pen test, what types can be performed, what are the legal requirements, and what type of report should be delivered are all basic items that you will need to know before you perform any type of security testing. However, first, you need to review some security basics. This lesson starts with a discussion of confidentiality, integrity, and availability. Finally, the lesson finishes up with the history of hacking and a discussion of some of the pertinent laws.

NOTE

Nothing learned in this class is intended to teach or encourage the use of security tools or methodologies for illegal or unethical purposes. Always act in a responsible manner. Make sure that you have written permission from the proper individuals before you use any of the tools or techniques described within. Always obtain permission before installing any of these tools on a network.

Security Fundamentals

Security is about finding a balance, as all systems have limits. No one person or company has unlimited funds to secure everything, and we cannot always take the most secure approach. One way to secure a system from network attack is to unplug it and make it a standalone system. Although this system would be relatively secure from Internet-based attackers, its usability would be substantially reduced. The opposite approach of plugging it in directly to the Internet without any firewall, antivirus, or security patches would make it extremely vulnerable, yet highly accessible. So, here again, you see that the job of security professionals is to find a balance somewhere between security and usability. Figure 1.1 demonstrates this concept.


To find this balance, you need to know what the goals of the organization are, what security is, and how to measure the threats to security. The next section discusses the goals of security.

Goals of Security

Objective:

Understand the security triangle, also known as CIA (confidentiality, integrity, and availability).

There are many ways in which security can be achieved, but it’s universally agreed that the security triad of confidentiality, integrity, and availability (CIA) form the basic building blocks of any good security initiative.

Confidentiality addresses the secrecy and privacy of information. Physical examples of confidentiality include locked doors, armed guards, and fences. Logical examples of confidentiality can be seen in passwords, encryption, and firewalls. In the logical world, confidentiality must protect data in storage and in transit. For a real-life example of the failure of confidentiality, look no further than the recent news reports that have exposed how several large-scale breaches in confidentiality were the result of corporations, such as Time Warner and City National Bank, misplacing or losing backup tapes with customer accounts, names, and credit information. The simple act of encrypting thebackup tapes could have prevented or mitigated the damage.

Integrity is the second piece of the CIA security triad. Integrity provides for the correctness of information. It allows users of information to have confidence in its correctness. Correctness doesn’t mean that the data is accurate, just that it hasn’t been modified in storage or transit. Integrity can apply to paper or electronic documents. It is much easier to verify the integrity of a paper document than an electronic one. Integrity in electronic documents and data is much more difficult to protect than in paper ones. Integrity must be protected in two modes: storage and transit.

Information in storage can be protected if you use access and audit controls. Cryptography can also protect information in storage through the use of hashing algorithms. Real-life examples of this technology can be seen in programs such as Tripwire, MD5Sum, and Windows File Protection (WFP). Integrity in transit can be ensured primarily by the protocols used to transport the data. These security controls include hashing and cryptography.

Availability is the third leg of the CIA triad. Availability simply means that when a legitimate user needs the information, it should be available. As an example, access to a backup facility 24x7 does not help if there are no updated backups from which to restore. Backups are one of the ways that availability is ensured. Backups provide a copy of critical information should files and data be destroyed or equipment fail. Failover equipment is another way to ensure availability. Systems such as redundant array of inexpensive disks (RAID) and subscription services such as redundant sites (hot, cold, and warm) are two other examples. Disaster recovery is tied closely to availability, as it’s all about getting critical systems up and running quickly. Denial of service (DoS) is an attack against availability. Although these attacks might not give access to the attacker, they dodeny legitimate users the access they require.

Assets, Threats, and Vulnerabilities

Objectives:

Recall essential terminology
List the elements of security

As with any new technology topic, terminology is used that must be learned to better understand the field. To be a security professional, you need to understand the relationship between threats, assets, and vulnerabilities.

Risk is the probability or likelihood of the occurrence or realization of a threat. There are three basic elements of risk: assets, threats, and vulnerabilities. Let’s discuss each of these.

An asset is any item of economic value owned by an individual or corporation. Assets can be real — such as routers, servers, hard drives, and laptops — or assets can be virtual, such as formulas, databases, spreadsheets, trade secrets, and processing time. Regardless of the type of asset discussed, if the asset is lost, damaged, or compromised, there can be an economic cost to the organization.

A threat is any agent, condition, or circumstance that could potentially cause harm, loss, damage, or compromise to an IT asset or data asset. From a security professional’s perspective, threats can be categorized as events that can affect the confidentiality, integrity, or availability of the organization’s assets. These threats can result in destruction, disclosure, modification, corruption of data, or denial of service. Some examples of the types of threats an organization can face include the following:

Unauthorized Access

If userids and passwords to the organization’s infrastructure are obtained and confidential information is compromised and unauthorized, access is granted to the unauthorized user who obtained the userids and passwords.

Stolen/Lost/Damaged/Modified Data

A critical threat can occur if the information is lost, damaged, or unavailable to legitimate users.

Disclosure of Confidential Information

Anytimethere is a disclosure of confidential information, it can be a critical threat to an organization if that disclosure causes loss of revenue, causes potential liabilities, or provides a competitive advantage to an adversary.

Hacker Attacks

An insider or outsider who is unauthorized and purposely attacks an organization’s components, systems, or data.

Cyber Terrorism

Attackers whotarget critical, national infrastructures such as water plants, electric plants, gas plants, oil refineries, gasoline refineries, nuclear power plants, waste management plants, and so on.

Viruses and Malware

An entirecategory of software tools that are malicious and are designed to damage or destroy a system or data.

Denial of Service (DoS) or Distributed Denial of Service Attacks

An attack against availability that isdesigned to bring the network and/or access to a particular TCP/IP host/server to its knees by flooding it with useless traffic. Many DoSattacks, such as the Ping of Death and Teardrop, exploit limitations in the TCP/IP protocols. Like malware, hackers constantly develop new DoS attacks, so they form a continuous threat.

Natural Disasters, Weather, or Catastrophic Damage

Hurricanes, such as Katrina that hit New Orleans in 2005, storms, weather outages, fire, flood, earthquakes, and other natural events compose an ongoing threat.

If the organization is vulnerable to any of these threats, there is an increased risk of successful attack.

A vulnerability is a weakness in the system design, implementation, software or code, or the lack of a mechanism. A specific vulnerability might manifest as anything from a weakness in system design to the implementation of an operational procedure. Vulnerabilities might be eliminated or reduced by the correct implementation of safeguards and security countermeasures.

Vulnerabilities and weaknesses are common with software mainly because there isn’t any perfect software or code in existence. Vulnerabilities in software can be found in each of the following:

Firmware

This software is usually stored in ROM and loaded during system power up.

Operating System

This operating system software is loaded in workstations and servers.

Configuration Files

The configuration file and configuration setup for the device.

Application Software

The application or executable file that is run on a workstation or server.

Software Patch

This is a small piece of software or code snippet that the vendor or developer of the software typically releases as software updates, software maintenance, and known software vulnerabilities or weaknesses.

Vulnerabilities are not the only concern the ethical hacker will have. Exploits are a big concern, as they are a common mechanism used to gain access. That’s discussed next.

Defining an Exploit

An exploit refers to a piece of software, tool, or technique that takes advantage of a vulnerability that leads to privilege escalation, loss of integrity, or denial of service on a computer system. Exploits are dangerous because all software has vulnerabilities; hackers and perpetrators know that there are vulnerabilities and seek to take advantage of them. Although most organizations attempt to find and fix vulnerabilities, some organizations lack sufficient funds for securing their networks. Even those that do are burdened with the fact that there is a window between when a vulnerability is discovered and when a patch is available to prevent the exploit. The more critical the server, the slower it is typically patched. Management might be afraid of interrupting the server or afraid that the patch might affect stability or performance. Finally, the time required to deploy and install the software patch on production servers and workstations exposes an organization’s IT infrastructure to an additional period of risk.

Security Testing

Objective:

Define the modes of ethical hacking
Security testing is the primary job of ethical hackers. These tests might be configured in such way that the ethical hackers have no knowledge, full knowledge, or partial knowledge of the target of evaluation (TOE).

NOTE

The term target of evaluation (TOE) is widely used to identify an IT product or system that is the subject of an evaluation. The EC-Council and some security guidelines and standards use the term to describe systems that are being tested to measure their confidentiality, integrity, and availability.

The goal of the security test (regardless of type) is for the ethical hacker to test the security system and evaluate and measure its potential vulnerabilities.

No Knowledge Tests (Blackbox)

No knowledge testing is also known as blackbox testing. Simply stated, the security team has no knowledge of the target network or its systems. Blackbox testing simulates an outsider attack as outsiders usually don’t know anything about the network or systems they are probing. The attacker must gather all types of information about the target to begin to profile its strengths and weaknesses. The advantages of blackbox testing include

The test is unbiased as the designer and the tester are independent of each other. The tester has no prior knowledge of the network or target being examined. Therefore there are no preset thoughts or ideas about the function of the network. A wide range of resonances work and are typically done to footprint the organization, which can help identify information leakage. The test examines the target in much the same way as an external attacker.

The disadvantages of blackbox testing include
It can take more time to perform the security tests.
It is usually more expensive as it takes more time to perform.
It focuses only on what external attackers see, while in reality, most attacks are launched by insiders.

Full Knowledge Testing (Whitebox)

Whitebox testing takes the opposite approach of blackbox testing. This form of security test takes the premise that the security tester has full knowledge of the network, systems, and infrastructure. This information allows the security tester to follow a more structured approach and not only review the information that has been provided but also verify its accuracy. So, although blackbox testing will typically spend more time gathering information, whitebox testing will spend that time probing for vulnerabilities.

Partial Knowledge Testing (Graybox)

In the world of software testing, graybox testing is described as a partial knowledge test. EC-Council literature describes graybox testing as a form of internal test. Therefore, the goal is to determine what insiders can access. This form of test might also prove useful to the organization as so many attacks are launched by insiders.

Types of Security Tests

Objective:

State security testing methodologies

Several different types of security tests can be performed. These can range from those that merely examine policy to those that attempt to hack in from the Internet and mimic the activities of true hackers. These security tests are also known by many names, including

Vulnerability Testing
Network Evaluations
Red Team Exercises
Penetration Testing
Host Vulnerability Assessment
Vulnerability Assessment
Ethical Hacking

No matter what the security test is called, it is carried out to make a systematic examination of an organization’s network, policies, and security controls. Its purpose is to determine the adequacy of security measures, identify security deficiencies, provide data from which to predict the effectiveness of potential security measures, and confirm the adequacy of such measures after implementation. Security tests can be defined as one of three types, which include highlevel assessments, network evaluations, and penetration tests. Each is described as follows:

High-level assessments

Also called a level I assessment, it is a top-down look at the organization’s policies, procedures, and guidelines. This type of vulnerability assessment does not include any hands-on testing. The purpose of a top-down assessment is to answer three questions: Do the applicable policies exist?

Are they being followed?
Is there content sufficient to guard against potential risk?

Network evaluations

Also called a level II assessment, it has all the elements specified in a level I assessment plus includes hands-on activities. These hands-on activities would include information gathering, scanning, vulnerability assessment scanning, and other hands-on activities. Throughout this book, tools and techniques used to perform this type of assessment are discussed.

Penetration tests

Unlike assessments and evaluations, penetration tests are adversarial in nature. Penetration tests are also referred to as level III assessments. These events typically take on an adversarial role and look to see what the outsider can access and control. Penetration tests are less concerned with policies and procedures and are more focused on finding low hanging fruit and seeing what a hacker can accomplish on this network.

NOTE

Just remember that penetration tests are not fully effective if an organization does not have the policies and procedures in place to control security. Without adequate policies and procedures, it’s almost impossible to implement real security. Documented controls are required.

How do ethical hackers play a role in these tests? That’s the topic of the next section.

Hacker and Cracker Descriptions

Objective:

Discuss malicious hackers

To understand your role as an ethical hacker, it is important to know the players. Originally, the term hacker was used for a computer enthusiast. A hacker was a person who enjoyed understanding the internal workings of a system, computer, and computer network. Over time, the popular press began to describe hackers as individuals who broke into computers with malicious intent. The industry responded by developing the word cracker, which is short for criminal hacker. The term cracker was developed to describe individuals who seek to compromise the security of a system without permission from an authorized party. With all this confusion over how to distinguish the good guys from the bad guys, the term ethical hacker was coined. An ethical hacker is an individual who performs security tests and other vulnerability assessment activities to help organizations secure their infrastructures. Sometimes ethical hackers are referred to as White Hat Hackers.

Hacker motives and intentions vary. Some hackers are strictly legitimate, whereas others routinely break the law. Let’s look at some common categories:

Whitehat Hackers

These individuals perform ethical hacking to help secure companies and organizations. Their belief is that you must examine your network in the same manner as a criminal hacker to better understand its vulnerabilities. Reformed Blackhat Hackers — These individuals often claim to have changed their ways and that they can bring special insight into the ethical hacking methodology.

Grayhat Hackers —

These individuals typically follow the law but sometimes venture over to the darker side of blackhat hacking. It would be unethical to employ these individuals to perform security duties for your organization as you are never quite clear where they stand.

Who Attackers Are
Ethical hackers are up against several individuals in the battle to secure the network. The following list presents some of the more commonly used terms for these attackers:

Phreakers —

The original hackers. These individuals hacked telecommunication and PBX systems to explore the capabilities and make free phone calls. Their activities include physical theft, stolen calling cards, access to telecommunication services, reprogramming of telecommunications equipment, and compromising userids and passwords to gain unauthorized use of facilities, such as phone systems and voice mail.

Script/Click Kiddies —

A term used to describe often younger attackers who use widely available freeware vulnerability assessment tools and hacking tools that are designed for attacking purposes only. These attackers typically do not have any programming or hacking skills and, given the techniques used by most of these tools, can be defended against with the proper security controls and risk mitigation strategies.

Disgruntled Employee —

Employees who have lost respect and integrity for the employer. These individuals might or might not have more skills than the script kiddie. Many times, their rage and anger blind them. They rank as a potentially high risk because they have insider status, especially if access rights and privileges were provided or managed by the individual.

Whackers —

Whackers are typically newbies who focus their limited skills and abilities on attacking wireless LANs and WANs.

Software Cracker/Hacker —

Individualswho have skills in reverse engineering software programs and, in particular, licensing registration keys used by software vendors when installing software onto workstations or servers. Although many individuals are eager to partake of their services, anyone who downloads programs with cracked registration keys are breaking the law and can be a greater potential risk and subject to malicious code and malicious software threats that might have been injected into the code.

Cyber-Terrorists/Cyber-Criminals

An increasing category of threat that can be used to describe individuals or groups of individuals who are typically funded to conduct clandestine or espionage activities on governments, corporations, and individuals in an unlawful manner. These individuals are typically engaged in sponsored acts of defacement; DoS/DDoS attacks identify theft, financial theft, or worse, compromising critical infrastructures in countries, such as nuclear power plants, electric plants, water plants, and so on.

System Cracker/Hacker —

Elite hackers who have specific expertise in attacking vulnerabilities of systems and networks by targeting operating systems. These individuals get the most attention and media coverage because of the globally affected viruses, worms, and Trojans that are created by System Crackers/Hackers. System Crackers/Hackers perform interactive probing activities to exploit security defects and security flaws in network operating systems and protocols.

Now that you have an idea who the legitimate security professionals are up against, let’s briefly discuss some of the better known crackers and hackers.

Hacker and Cracker History

The well-known hackers of today grew out of the phone phreaking activities of the 1960s. In 1969, Mark Bernay, also known as “The Midnight Skulker,” wrote a computer program that allowed him to read everyone else’s ID and password at the organization where he worked. Although he was eventually fired, no charges were ever filed, as computer crime was so new, there were no laws against it.

Computer innovators include:

Steve Wozniak and Steve Jobs —

Members of the Homebrew Computer Club of Palo Alto. John Draper was also a member of this early computer club. Wozniak and Jobs went on to become co-founders of Apple Computer.

Dennis Ritchie and Ken Thompson —

While not criminal hackers, their desire for discovery led to the development of UNIX in 1969 while working at Bell Labs.

Well-known hackers and phreakers include:

John Draper —

Dubbed “Captain Crunch” for finding that a toy whistle shipped in boxes of Captain Crunch cereal had the same frequency as the trunking signal of AT&T, 2,600Hz. This discovery was made with the help of Joe Engressia. Although Joe was blind, he could whistle into a phone and produce a perfect 2,600Hz frequency. This tone was useful for placing free long distance phone calls.

Mark Abene —

Known as Phiber Optik. Mark helped form the “Masters of Deception” in 1990. Before being arrested in 1992, they fought an extended battle with “Legion of Doom.”

Kevin Poulsen —

Known asDark Dante. Kevin took over all phones in Los Angeles in 1990 to ensure victory in a phone “call-in contest,” for a Porsche 944. He was later arrested.

Robert Morris —

The son of a chief scientist at the NSA. Morris accidentally released the “Morris Worm” in 1988 from a Cornell University lab. This is now widely seen as the first release of a worm onto the Internet.

Kevin Mitnick —

Known as “Condor,” Mitnick was the first hacker to hit the FBI Most Wanted list. Broke into such organizations as Digital Equipment Corp., Motorola, Nokia Mobile Phones, Fujitsu, and others. He was arrested in 1994 and has now been released and works as a legitimate security consultant.

Vladimir Levin —

A Russian hacker who led a team of hackers who siphoned off $10 million from Citibank and transferred the money to bank accounts around the world. Levin eventually stood trial in the United States and was sentenced to three years in prison. Authorities recovered all but $400,000.00 of the stolen money.

Adrian Lamo —

Known asthe “Homeless Hacker” because of his transient lifestyle. Lamo spent his days squatting in abandoned buildings and traveling to Internet cafes, libraries, and universities to exploit security weaknesses in high-profile company networks, such as Microsoft, NBC, and the New York Times. He was eventually fined and prosecuted for the New York Times hack.

Although this list does not include all the hackers, crackers, and innovators of the computer field, it should give you an idea of some of the people who have made a name for themselves in this industry. Let’s now talk more about ethical hackers.

Ethical Hackers

Objective:

Define ethical hacking

Ethical hackers perform penetration tests. They perform the same activities a hacker would but without malicious intent. They must work closely with the host organization to understand what the organization is trying to protect, who they are trying to protect these assets from, and how much money and resources the organization is willing to expend to protect the assets.

By following a methodology similar to that of an attacker, ethical hackers seek to see what type of public information is available about the organization. Information leakage can reveal critical details about an organization, such as its structure, assets, and defensive mechanisms. After the ethical hacker gathers this information, it will be evaluated to determine whether it poses any potential risk. The ethical hacker further probes the network at this point to test for any unseen weaknesses.

Penetration tests are sometimes performed in a double blind environment. This means that the internal security team has not been informed of the penetration test. This serves as an important purpose, allowing management to gauge the security team’s responses to the ethical hacker’s probing and scanning. Do they notice the probes or have the attempted attacks gone unnoticed? Now that the activities performed by ethical hackers have been described, let’s spend some time discussing the skills that ethical hackers need, the different types of security tests that ethical hackers perform, and the ethical hacker rules of engagement.

Required Skills of an Ethical Hacker

Objective:

Describe ethical hackers and their duties

Ethical hackers need hands-on security skills. Although you do not have to be an expert in everything, you should have an area of expertise. Security tests are typically performed by teams of individuals, where each individual typically has a core area of expertise. These skills include:

Routers —

Knowledgeof routers, routing protocols, and access control lists (ACLs). Certifications such a Cisco Certified Network Associate (CCNA) or Cisco Certified Internetworking Expert (CCIE) can be helpful.

Microsoft —

Skills in the operation, configuration, and management of Microsoft-based systems. These can run the gamut from Windows NT to Windows 2003. These individuals might be Microsoft Certified Administrator (MCSA) or Microsoft Certified Security Engineer (MCSE) certified.

Linux —

A good understanding of the Linux/UNIX OS. This includes security setting, configuration, and services such as Apache. These individuals may be Red Hat, or Linux+ certified.

Firewalls —

Knowledge of firewall configuration and the operation of intrusion detection systems (IDS) and intrusion prevention systems (IPS) can be helpful when performing a security test. Individuals with these skills may be certified in Cisco Certified Security Professional (CCSP) or Checkpoint Certified Security Administrator (CCSA).

Mainframes —

Although mainframes do not hold the position of dominance they once had in business, they still are widely used. If the organization being assessed has mainframes, the security teams would benefit from having someone with that skill set on the team.

Network protocols —

Most modern networks are Transmission Control Protocol/ Internet Protocol (TCP/IP), although you might still find the occasional network that uses Novell or Apple routing information. Someone with good knowledge of networking protocols, as well as how these protocols function and can be manipulated, can play a key role in the team. These individuals may possess certifications in other OSes, hardware, or even posses a Network+ or Security+ certification.

Project management —

Someone will have to lead the security test team, and if you are chosen to be that person, you will need a variety of the skills and knowledge types listed previously. It can also be helpful to have good project management skills. After all, you will be leading, planning, organizing, and controlling the penetration test team. Individuals in this role may benefit from having Project Management Professional (PMP) certification.

On top of all this, ethical hackers need to have good report writing skills and must always try to stay abreast of current exploits, vulnerabilities, and emerging threats as their goals are to stay a step ahead of malicious hackers.

Modes of Ethical Hacking

With all this talk of the skills that an ethical hacker must have, you might be wondering how the ethical hacker can put these skills to use. An organization’s IT infrastructure can be probed, analyzed, and attacked in a variety of ways. Some of the most common modes of ethical hacking are shown here:

Insider attack —

This ethical hack simulates the types of attacks and activities that could be carried out by an authorized individual with a legitimate connection to the organization’s network.

Outsider attack —

This ethical hack seeks to simulate the types of attacks that could be launched across the Internet. It could target Hypertext Transfer Protocol (HTTP), Simple Mail Transfer Protocol (SMTP), Structured Query Language (SQL), or any other available service.

Stolen equipment attack —

This simulation is closely related to a physical attack as it targets the organization’s equipment. It could seek to target the CEO’s laptop or the organization’s backup tapes. No matter what the target, the goal is the same — extract critical information, usernames, and passwords.

Physical entry —

This simulationseeks to test the organization’s physical controls. Systems such as doors, gates, locks, guards, closed circuit television (CCTV), and alarms are tested to see whether they can be bypassed.

Bypassed authentication attack —

This simulation is tasked with looking for wireless access points (WAP) and modems. The goal is to see whether these systems are secure and offer sufficient authentication controls. If the controls can be bypassed, the ethical hacker might probe to see what level of system control can be obtained.

Social engineering attack —

This simulation does not target technical systems or physical access. Social engineering attacks target the organization’s employees and seek to manipulate them to gain privileged information. Proper controls, policies, and procedures can go a long way in defeating this form of attack.

Rules of Engagement —

Every ethical hacker must abide by a few simple rules when performing the tests described previously. If not, bad things can happen to you, which might include loss of job, civil penalty, or even jail time.

Never exceed the limits of your authorization —

Every assignment will have rules of engagement. These not only include what you are authorized to target, but also the extent that you are authorized to control such system. If you are only authorized to obtain a prompt on the target system, downloading passwords and starting a crack on these passwords would be in excess of what you have been authorized to do.

The tester should protect himself by setting up limitation as far as damage is concerned. There has to be an NDA between the client and the tester to protect them both. There is a good example of a get out of jail document at

HYPERLINK "http://www.professionalsecuritytesters.org/modules.php?name=Downloads&d_op=viewdownload&cid=1 " http://www.professionalsecurityteste...download&cid=1

Be ethical —

That’s right; the big difference between a hacker and an ethical hacker is the word ethics. Ethics is a set of moral principles about what is correct or the right thing to do. Ethical standards are sometimes different from legal standards in that laws define what we must do, whereas ethics define what we should do.

The OSSTMM — An Open Methodology

In December 2001, the Open Source Security Testing Methodology Manual (OSSTMM) began. Hundreds of people contributed knowledge, experience, and peer-review to the project. Eventually, as the only publicly available methodology that tested security from the bottom of operations and up (as opposed to from the policy on down), it received the attention of businesses, government agencies, and militaries around the world. It also scored success with little security startups and independent ethical hackers who wanted a public source for client assurance of their security testing services. The primary purpose of the OSSTMM is to provide a scientific methodology for the accurate characterization of security through examination and correlation in a consistent and reliable way. Great effort has been put into the OSSTMM to assure reliable cross-reference to current security management methodologies, tools, and resources. This manual is adaptable to penetration tests, ethical hacking, security assessments, vulnerability assessments, red-teaming, blue-teaming, posture assessments, and security audits. Your primary purpose for using it should be to guarantee facts and factual responses, which in turn assures your integrity as a tester and the organization you are working for, if any. The end result is a strong, focused security test with clear and concise reporting. www.isecom.org is the main site for the nonprofit organization, ISECOM, maintaining the OSSTMM and many other projects. This “in the field” segment was contributed by Pete Herzog, Managing Director, ISECOM.

Maintain confidentiality —

During security evaluations, you will likely be exposed to many types of confidential information. You have both a legal and moral standard to treat this information with the utmost privacy. This information should not be shared with third parties and should not be used by you for any unapproved purposes. There is an obligation to protect the information sent between the tester and the client. This has to be specified in the agreement.

Do no harm —

It’s ofutmost importance that you do no harm to the systems you test. Again, a major difference between a hacker and an ethical hacker is that you should do no harm. Misused, security tools can lock out critical accounts, cause denial of service (DoS), and crash critical servers or applications. Care should be taken to prevent these events unless that is the goal of the test.

Test Plans — Keeping It Legal

Most of us probably make plans before we take a big trip or vacation. We think about what we want to see, how we plan to spend our time, what activities are available, and how much money we can spend and not regret it when the next credit card bill arrives. Ethical hacking is much the same minus the credit card bill. Many details need to be worked out before a single test is performed. If you or your boss is tasked with managing this project, some basic questions need to be answered, such as what’s the scope of the assessment, what are the driving events, what are the goals of the assessment, what will it take to get approval, and what’s needed in the final report.

Before an ethical hack test can begin, the scope of the engagement must be determined.

Defining the scope of the assessment is one of the most important parts of the ethical hacking process. At some point, you will be meeting with management to start the discussions of the how and why of the ethical hack. Before this meeting ever begins, you will probably have some idea what management expects this security test to accomplish. Companies that decide to perform ethical hacking activities don’t do so in a vacuum. You need to understand the business reasons behind this event. Companies can decide to perform these tests for various reasons.

Some of the most common reasons are listed as follows:

A breach in security - One or more events has occurred that has highlighted a lapse in security. It could be that an insider was able to access data that should have been unavailable to him, or it could be that an outsider was able to hack the organization’s web server.

Compliance with state, federal, regulatory, or other law or mandate — Compliance with state or federal laws is another event that might be driving the assessment. Companies can face huge fines and potential jail time if they fail to comply with state and federal laws. The Gramm-Leach-Bliley Act (GLBA), Sarbanes-Oxley (SOX), and Health Insurance Portability and Accountability Act (HIPAA) are three such laws. HIPAA requires organizations to perform a vulnerability assessment. Your organization might decide to include ethical hacking into this test regime.

NOTE

One such standard that the organization might be attempting to comply with is ISO 17799. This information security standard was first published in December 2000 by the International Organization for Standardization and the International Electrotechnical Commission. This code of practice for information security management is considered a security standard benchmark.
. Security Policy
. Security Organization
. Asset Control and Classification
. Environmental and Physical Security
. Employee Security
. Computer and Network Management
. Access Controls
. System Development and Maintenance
. Business Continuity Planning
. Compliance

Due diligence — Due diligence is another one of the reasons a company might decide to perform a penetration test. The new CEO might want to know how good the organization’s security systems really are, or it could be that the company is scheduled to go through a merger or is acquiring a new firm. If so, the penetration test might occur before the purchase or after the event. These assessments are usually going to be held to a strict timeline. There is only a limited amount of time before the purchase and if performed afterward, the organization will probably be in a hurry to integrate the two networks as soon as possible.

Test Phases

Security assessments in which ethical hacking activities will take place are composed of three phases. These include the scoping of the assessment in which goals and guidelines are established, performing the assessment, and performing post assessment activities. The post assessment activities are when the report and remediation activities would occur. Figure 1.2 shows the three phases of the assessment and their typical times.

Establishing Goals

The need to establish goals is also critical. Although you might be ready to jump in and begin hacking, a good plan will detail the goals and objectives of the test. Some common goals include system certification and accreditation, verification of policy compliance, and proof that the IT infrastructure has the capability to defend against technical attacks.

Are the goals to certify and accredit the systems being tested? Certification is a technical evaluation of the system that can be carried out by independent security teams or by the existing staff. Its goal is to uncover any vulnerabilities or weaknesses in the implementation. Your goal will be to test these systems to make sure that they are configured and operating as expected, that they are connected to and communicate with other systems in a secure and controlled manner, and that they handle data in a secure and approved manner.

If the goals of the penetration test are to determine whether current policies are being followed, the test methods and goals might be somewhat different. The security team will be looking at the controls implemented to protect information being stored, being transmitted, or being processed. This type of security test might not have as much hands-on hacking, but might use more social engineering techniques and testing of physical controls. You might even direct one of the team members to perform a little dumpster diving.

The goal of a technical attack might be to see what an insider or outsider can access. Your goal might be to gather information as an outsider and then use that data to launch an attack against a web server or externally accessible system.

Regardless of what type of test you are asked to perform, there are some basic questions you can ask to help establish the goals and objectives of the tests. These include the following:

What is the organization’s mission?
What specific outcomes does the organization expect?
What is the budget?
When will tests be performed — during work hours, after hours, or weekends?
How much time will the organization commit to completing the security evaluation?
Will insiders be notified?
Will customers be notified?
How far will the test proceed? Root the box, gain a prompt, or attempt to retrieve another prize, such as the CEO’s password.
Who do you contact should something go wrong?
What are the deliverables?
What outcome is management seeking from these tests?

Getting Approval

Getting approval is a critical event in the testing process. Before any testing actually begins, you need to make sure that you have a plan that has been approved in writing. If this is not done, you and your team might face unpleasant consequences, which might include being fired or even criminal charges.

TIP

Written approval is the most critical step of the testing process. You should never perform any tests without written approval.

If you are an independent consultant, you might also get insurance before starting any type of test. Umbrella policies and those that cover errors and omissions are commonly used. These types of liability policies can help protect you should anything go wrong. To help make sure that the approval process goes smoothly, you should make sure that someone is the champion of this project. This champion or project sponsor is the lead contact to upper management and your contact person. Project sponsors can be instrumental in helping you gain permission to begin testing and also to provide you with thefunding and materials needed to make this a success.

NOTE

Management support is critical in a security test to be successful (or in Kartik and Travis’ case, from being expeled).

Ethical Hacking Report

Objective:

Describe test deliverables

Although we have not actually begun testing, you do need to start thinking about the final report. Throughout the entire process, you should be in close contact with management to keep them abreast of your findings. There shouldn’t be any big surprises when you submit the report. While you might have found some serious problems, they should be discussed with management before the report is written and submitted. The goal is to keep them in the loop and advised of the status of the assessment. If you find items that present a critical vulnerability, you should stop all tests and immediately inform management. Your priority should always be the health and welfare of the organization.

The report itself should detail the results of what was found. Vulnerabilities should be discussed as should the potential risk they pose. Although people aren’t fired for being poor report writers, don’t expect to be promoted or praised for your technical findings if the report doesn’t communicate your findings clearly. The report should present the results of the assessment in an easy, understandable, and fully traceable way. The report should be comprehensive and self-contained. Most reports contain the following sections:

Introduction
Statement of work performed
Results and conclusions
Recommendations

Since most companies are not made of money and cannot secure everything, you should rank your recommendations so that the ones with the highest risk/highest probability are at the top of the list.

The report needs to be adequately secured while in electronic storage. Encryption should be used. The printed copy of the report should be marked “Confidential” and while in its printed form, care should be taken to protect the report from unauthorized individuals. You have an ongoing responsibility to ensure the safety of the report and all information gathered. Most consultants destroy reports and all test information after a contractually obligated period of time.

TIP

The report is a piece of highly sensitive material and should be protected in storage and when in printed form.

Ethics and Legality

Objective:

Know the laws dealing with computer crimes and their implications Recent FBI reports on computer crime indicate that unauthorized computer use in 2005 was reported at 56 percent of U.S. companies surveyed. This is an increase of 3 percent from 2004. Various website attacks were up 6 percent from 2004. These figures indicate that computer crime caused by hackers continues to increase. A computer or network can become the victim of a crime committed by a hacker. Hackers use computers as a tool to commit a crime or to plan, track, and control a crime against other computers or networks. Your job as an ethical hacker is to find vulnerabilities before the attackers do and help prevent them from carrying out malicious activities. Tracking and prosecuting hackers can be a difficult job as international law is often ill-suited to deal with the problem. Unlike conventional crimes that occur in one location, hacking crimes might originate in India, use a system based in Singapore, and target a computer network located in Canada. Each country has conflicting views on what constitutes cyber crime. Even if hackers can be punished, attempting to do so can be a legal nightmare. It is hard to apply national borders to a medium such as the Internet that is essentially borderless.

NOTE

Some individuals approach computing and hacking from the social perspective and believethat hacking can promote change. These individuals are known as hactivists, these “hacker activists” use computers and technology for hi-tech campaigning and social change. They believe that defacing websites and hacking servers is acceptable as long as it promotes their goals. Regardless of their motives, hacking remains illegal and they are subject to the same computer crime laws as any other criminal.


Overview of U.S. Federal Laws
Although some hackers might have the benefit of bouncing around the globe from system to system, your work will likely occur within the confines of the host nation. The United States and some other countries have instigated strict laws to deal with hackers and hacking. During the past five years, the U.S. federal government has taken an active role in dealing with computer, Internet, privacy, corporate threats, vulnerabilities, and exploits. These are laws you should be aware of and not become entangled in. Hacking is covered under law Title 18: Crimes and Criminal Procedure: Part 1: Crimes: Chapter 47: Fraud and False Statements: Section 1029 and 1030. Each are described here:

Section 1029
Fraud and related activity with access devices. This law gives the U.S. federal government the power to prosecute hackers that knowingly and with intent to defraud, produce, use, or traffic in one or more counterfeit access devices. Access devices can be an application or hardware that is created specifically to generate any type of access credentials, including passwords, credit card numbers, long distance telephone service access codes, PINs, and so on for the purpose of unauthorized access.

Section 1030
Fraud and related activity in connection with computers. The law covers just about any computer or device connected to a network or Internet. It mandates penalties for anyone who accesses a computer in an unauthorized manner or exceeds one’s access rights. This a powerful law because companies can use it to prosecute employees when they use the rights the companies have given them to carry out fraudulent activities.

TIP

Sections 1029 and 1030 are the main statutes that address computer crime in U.S. federal law. Understand its basic coverage and penalties.

The Evolution of Hacking Laws
In 1985, hacking was still in its infancy in England. Because of the lack of hacking laws, some British hackers felt there was no way they could be prosecuted. Triludan the Warrior was one of these individuals. Besides breaking into the British Telecom system, he also broke an admin password for Prestel. Prestel was a dialup service that provided online services, shopping, email, sports, and weather. One user of Prestel was His Royal Highness, Prince Phillip. Triludan broke into the Prince’s mailbox along with various other activities, such as leaving the Prestel system admin messages and taunts. Triludan the Warrior was caught on April 10, 1985, and was charged with five counts of forgery, as no hacking laws existed. After several years and a 3.5 million dollar legal battle, Triludan was eventually acquitted. Others were not so lucky because in 1990, Parliament passed The Computer Misuse Act, which made hacking attempts punishable by up to five years in jail. Today, the UK, along with most of the Western world, has extensive laws against hacking.

The federal punishment described in Sections 1029 and 1030 for hacking into computers ranges from a fine or imprisonment for no more than one year. It might also include a fine and imprisonment for no more than twenty years. This wide range of punishment depends on the seriousness of the criminal activity and what damage the hacker has done. Other federal laws that address hacking include:

Electronic Communication Privacy Act
Mandates provisions for access, use, disclosure, interception, and privacy protections of electronic communications. The law encompasses USC Sections 2510 and 2701. According to the U.S. Code, electronic communications “means any transfer of signs, signals, writing, images, sounds, data, or intelligence of any nature transmitted in whole or in part by a wire, radio, electromagnetic, photo electronic, or photo optical system that affects interstate or foreign commerce.” This law makes it illegal for individuals to capture communication in transit or in storage. Although these laws were originally developed to secure voice communications, it now covers email and electronic communication.

Computer Fraud and Abuse Act of 1984
The Computer Fraud and Abuse Act (CFAA) of 1984 protects certain types of information that the government maintains as sensitive. The Act defines the term “classified computer,” and imposes punishment for unauthorized or misused access into one of these protected computers or systems. The Act also mandates fines and jail time for those who commit specific computer - related actions, such as trafficking in passwords or extortion by threatening a computer. In 1992, Congress amended the CFAA to include malicious code, which was not included in the original Act.

The Cyber Security Enhancement Act of 2002 - This Act mandates that hackers who carry out certain computer crimes might now get life sentences in jail if the crime could result in another’s bodily harm or possible death. This means that if hackers disrupt a 911 system, they could spend the rest of their days in jail.

The Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism (USA PATRIOT) Act of 2001 - Originally passed because of the World Trade Center attack on September 11, 2001. Strengthens computer crime laws and has been the subject of some controversy. This Act gives the U.S. government extreme latitude in pursuing criminals. The Act permits the U.S. government to monitor hackers without a warrant and perform sneak and peek searches.

The Federal Information Security Management Act (FISMA) - Signed into law in 2002 as part of the E-Government Act of 2002, replacing the Government Information Security Reform Act (GISRA). FISMA was enacted to address the information security requirements for non-national security government agencies. FISMA provides a statutory framework for securing government owned and operated IT infrastructures and assets.

Federal Sentencing Guidelines of 1991 - Provide guidelines to judges so that sentences would be handed down in a more uniform manner.

Economic Espionage Act of 1996 - Defines strict penalties for those accused of espionage.

U.S. Child Pornography Prevention Act of 1996 - Enacted to combat and reduce the use of computer technology to produce and distribute pornography.

U.S. Health Insurance Portability and Accountability Act (HIPPA) - Established privacy and security regulations for the health care industry.

Summary

This lesson proves that security is based on the CIA triad. This triad considers confidentiality, integrity, and availability. The application of the principles of the CIA triad must be applied to Information Technology (IT) networks and their data. The data must be protected in storage and in transit.

Because the organization cannot provide complete protection for all of its assets, a system must be developed to rank risk and vulnerabilities. Organizations must seek to identify high risk and high impact events for protective mechanisms. Part of the job of an ethical hacker is to identify potential vulnerabilities to these critical assets and test systems to see whether they are vulnerable to exploits.

The activities described are security tests. Ethical hackers can perform security tests from an unknown perspective, blackbox testing, or with all documentation and knowledge, whitebox testing. The type of approach to testing that is taken will depend on the time, funds, and objective of the security test. Organizations can have many aspects of their protective systems tested, such as physical security, phone systems, wireless access, insider access, or external hacking. To perform these tests, ethical hackers need a variety of skills. They must be adept in the technical aspects of network but also understand policy and procedure. No single ethical hacker will understand all operating systems, networking protocols, or application software, but that’s okay, as security tests are performed by teams of individuals where each brings a unique skill to the table.

So, even though “God-like” knowledge isn’t required, an ethical hacker does need to understand laws pertaining to hackers and hacking. He must also understand that the most important part of the pre-test activities is to obtain written authorization. No test should be performed without the written permission of the network or service. Following this simple rule will help you stay focused on the legitimate test objectives and help protect you from any activities or actions that might be seen as unethical.

 

Article by : hacktree