Chapter 1 Introduction to Ethical Hacking

1 Chapter 1 Introduction to Ethical HackingIn This Chapter Understanding hacker objectives Outlining the differences between Ethical hackers and malicious hackers Examining how the Ethical Hacking process has come about Understanding the dangers that your computer systems face Starting the Ethical Hacking processThis book is about Hacking ethically the science of testing your comput-ers and network for security vulnerabilities and plugging the holes youfind before the bad guys get a chance to exploit ethicalis an often overused and misunderstood word, the Merriam-Webster dictionary defines ethicalperfectly for the context of this book andthe professional security testing techniques that I cover that is, conformingto accepted professional standards of conduct. IT practitioners are obligated toperform all the tests covered in this book aboveboard and only after permis-sion has been obtained by the owner(s) of the systems hence the disclaimerin the Hackers Beget Ethical HackersWe ve all heard of hackers.

2 Many of us have even suffered the consequencesof hacker actions. So who are these hackers? Why is it important to knowabout them? The next few sections give you the lowdown on hackerHackeris a word that has two meanings: Traditionally, a hacker is someone who likes to tinker with software orelectronic systems. Hackers enjoy exploring and learning how computersystems operate. They love discovering new ways to work 55784x 3/29/04 4:16 PM Page 9 COPYRIGHTED MATERIAL Recently, hacker has taken on a new meaning someone who maliciouslybreaks into systems for personal gain. Technically, these criminals arecrackers(criminal hackers). Crackers break into (crack) systems withmalicious intent. They are out for personal gain: fame, profit, and evenrevenge. They modify, delete, and steal critical information, often makingother people good-guy (white-hat) hackers don t like being in the same category as thebad-guy (black-hat) hackers.

3 (These terms come from Western movies wherethe good guys wore white cowboy hats and the bad guys wore black cowboyhats.) Whatever the case, most people give hackera negative malicious hackers claim that they don t cause damage but instead arealtruistically helping others. Yeah, right. Many malicious hackers are elec-tronic this book, I use the following terminology: Hackers (or bad guys) try to compromise computers. Ethical hackers(or good guys) protect computers against illicit go for almost any system they think they can compromise. Someprefer prestigious, well-protected systems, but Hacking into anyone s systemincreases their status in hacker Hacking 101 You need protection from hacker shenanigans. An Ethical hacker possessesthe skills, mindset, and tools of a hacker but is also trustworthy. Ethical hack-ers perform the hacks as security tests for their you perform Ethical Hacking tests for customers or simply want to addanother certification to your credentials, you may want to consider the ethi-cal hacker certification Certified Ethical Hacker, which is sponsored by EC-Council.

4 See more Hacking also known as penetration testing or white-hat Hacking involves the same tools, tricks, and techniques that hackers use, but with onemajor difference: Ethical Hacking is legal. Ethical Hacking is performed withthe target s permission. The intent of Ethical Hacking is to discover vulnera-bilities from a hacker s viewpoint so systems can be better secured. It s partof an overall information risk management program that allows for ongoingsecurity improvements. Ethical Hacking can also ensure that vendors claimsabout the security of their products are I: Building the Foundation for Ethical Hacking 04 55784x 3/29/04 4:16 PM Page 10To hack your own systems like the bad guys, you must think like they s absolutely critical to know your enemy; see Chapter 2 for the Need toHack Your Own SystemsTo catch a thief, think like a s the basis for Ethical law of averages works against security .

5 With the increased numbers andexpanding knowledge of hackers combined with the growing number of systemvulnerabilities and other unknowns, the time will come when all computersystems are hacked or compromised in some way. Protecting your systemsfrom the bad guys and not just the generic vulnerabilities that everyoneknows about is absolutely critical. When you know hacker tricks, you cansee how vulnerable your systems preys on weak security practices and undisclosed , encryption, and virtual private networks (VPNs) can create a falsefeeling of safety. These security systems often focus on high-level vulnerabili-ties, such as viruses and traffic through a firewall, without affecting how hack-ers work. Attacking your own systems to discover vulnerabilities is a step tomaking them more secure. This is the only proven method of greatly hardeningyour systems from attack.

6 If you don t identify weaknesses, it s a matter oftime before the vulnerabilities are hackers expand their knowledge, so should you. You must think like themto protect your systems from them. You, as the Ethical hacker, must knowactivities hackers carry out and how to stop their efforts. You should knowwhat to look for and how to use that information to thwart hackers don t have to protect your systems from everything. You can t. The onlyprotection against everything is to unplug your computer systems and lockthem away so no one can touch them not even you. That s not the bestapproach to information security . What s important is to protect your sys-tems from known vulnerabilities and common hacker s impossible to buttress all possible vulnerabilities on all your systems. Youcan t plan for all possible attacks especially the ones that are currentlyunknown.

7 However, the more combinations you try the more you test wholesystems instead of individual units the better your chances of discoveringvulnerabilities that affect everything as a t take Ethical Hacking too far, though. It makes little sense to harden yoursystems from unlikely attacks. For instance, if you don t have a lot of foot traffic11 Chapter 1: Introduction to Ethical Hacking04 55784x 3/29/04 4:16 PM Page 11in your office and no internal Web server running, you may not have as muchto worry about as an Internet hosting provider would have. However, don tforget about insider threats from malicious employees!Your overall goals as an Ethical hacker should be as follows: Hack your systems in a nondestructive fashion. Enumerate vulnerabilities and, if necessary, prove to upper managementthat vulnerabilities exist. Apply results to remove vulnerabilities and better secure your the DangersYour Systems FaceIt s one thing to know that your systems generally are under fire from hackersaround the world.

8 It s another to understand specific attacks against your sys-tems that are possible. This section offers some well-known attacks but is byno means a comprehensive listing. That requires its own book: Hack AttacksEncyclopedia,by John Chirillo (Wiley Publishing, Inc.).Many information- security vulnerabilities aren t critical by , exploiting several vulnerabilities at the same time can take its example, a default Windows OS configuration, a weak SQL Server admin-istrator password, and a server hosted on a wireless network may not bemajor security concerns separately. But exploiting all three of these vulnera-bilities at the same time can be a serious attacksExploits that involve manipulating people end users and even yourself are the greatest vulnerability within any computer or network are trusting by nature, which can lead to social-engineering engineering is defined as the exploitation of the trusting nature of humanbeings to gain information for malicious purposes.

9 I cover social engineeringin depth in Chapter common and effective attacks against information systems are break into buildings, computer rooms, or other areas containing crit-ical information or property. Physical attacks can include dumpster diving(rummaging through trash cans and dumpsters for intellectual property,passwords, network diagrams, and other information).12 Part I: Building the Foundation for Ethical Hacking 04 55784x 3/29/04 4:16 PM Page 12 Network-infrastructure attacksHacker attacks against network infrastructures can be easy, because manynetworks can be reached from anywhere in the world via the Internet. Hereare some examples of network-infrastructure attacks: Connecting into a network through a rogue modem attached to acomputer behind a firewall Exploiting weaknesses in network transport mechanisms, such as TCP/IPand NetBIOS Flooding a network with too many requests, creating a denial of service(DoS) for legitimate requests Installing a network analyzer on a network and capturing every packetthat travels across it, revealing confidential information in clear text Piggybacking onto a network through an insecure wirelessconfigurationOperating-system attacksHacking operating systems (OSs) is a preferred method of the bad guys.

10 OSscomprise a large portion of hacker attacks simply because every computerhas one and so many well-known exploits can be used against , some operating systems that are more secure out of the box such as Novell NetWare and the flavors of BSD UNIX are attacked, andvulnerabilities turn up. But hackers prefer attacking operating systems likeWindows and Linux because they are widely used and better known for are some examples of attacks on operating systems: Exploiting specific protocol implementations Attacking built-in authentication systems Breaking file-system security Cracking passwords and encryption mechanismsApplication and other specialized attacksApplications take a lot of hits by hackers. Programs such as e-mail serversoftware and Web applications often are beaten down:13 Chapter 1: Introduction to Ethical Hacking04 55784x 3/29/04 4:16 PM Page 13 Hypertext Transfer Protocol (HTTP) and Simple Mail Transfer Protocol(SMTP) applications are frequently attacked because most firewalls andother security mechanisms are configured to allow full access to theseprograms from the Internet.