1 / 28

COMP1321 Digital Infrastructures

COMP1321 Digital Infrastructures. Richard Henson University of Worcester April 2018. Week 22: “Offensive” security and ethical hacking. Objectives: Explain the principles of hacking ethically Explain “ Footprinting ” and reconnaissance from a penetration testers perspective

dryer
Download Presentation

COMP1321 Digital Infrastructures

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. COMP1321Digital Infrastructures Richard Henson University of Worcester April 2018

  2. Week 22: “Offensive” security and ethical hacking • Objectives: • Explain the principles of hacking ethically • Explain “Footprinting” and reconnaissance from a penetration testers perspective • Use of vulnerability/penetration testing to passively” scan networks & check access to the organisation’s network (and information about it!) from outside • Exploit Known vulnerabilities through specific unguarded TCP ports • “

  3. Ethical Hacking Principles • Hacking is a criminal offence in the UK • covered through The Computer Misuse Act (1990) • tightened by further legislation (2006) • It can only be done ”legally” by a trained (or trainee) professional • a computing student would be considered in this context under the law

  4. Ethical Hacking principles • Even if it is legal… • doesn’t mean it is ethical! • Professionals only hack without owner’s permission if there is reason to believe a law is being broken • if not… they must ask permission • otherwise definitely unethical (and possibly illegal)

  5. Ethical Hacking Principles • What is “hacking”? • breaching a computer system without permission • How is it done? • using software tools to get through the security of the system • also called penetration testing (again… if done with permission…)

  6. Penetration Testers Toolkit • Many penetration testing tools available • Also a body of knowledge that shows how to use them… • Together, provide the expertise to penetration test a client’s site • but this should only be undertaken with the client’s permission…

  7. Preparing to use a Toolkit • Ethical Hacking Professionals need to be familiar with both Windows Server, and Linux • To fully engage with principles of penetration testing,install the following as virtual machines on your own computer: • Windows 2008 Server • Linux, with Backtrack (as VM) … • Remember: this should only be used ethically! • Instead, you may wish to just take an overview (plenty of excellent youtube videos)

  8. What and Why of “Footprinting” • Definition: • “Gathering information about a “target” system” • Could be passive (non-penetrative) or active • Find out as much information about the digital and physical evidence of the target’s existence as possible • need to use multiple sources… • may (e.g. “black hat” hacking) need to be done secretly

  9. Useful hacker “intelligence”about a network • Domain Names • User/Group names • System Names • IP addresses • Employee Details/Company Directory • Network protocols used & VPN start/finish • Company documents • Intrusion detection system used

  10. Network Infrastructure Revision • Windows networks dependent on active directory • large object-orientated database • installed on servers that become part of domain log in

  11. Desktop Security • Windows desktop security managed through the system registry • area of protected memory, thousands of hardware/software settings • viewed using regeditutility • some settings can be changed using regedit • other settings cannot be seen with regedit

  12. System Registry • System registry settings stored on local hard disk • Loaded into memory during bootup • Local log on: • system policy files can overwrite settings in memory • Network log on: • group policy files are downloaded and overwrite files during log on

  13. Group Policy and Resource Access • Network resource access also controlled via downloaded registry settings • in this way, user access can be controlled through group policy • policy files, group membership need to be held securely

  14. Rationale for “passive” Footprinting • The ethical hacker can gather a lot of information from publicly available sources • organisation needs to know what is “out there” • Methodology: • start by finding the URL (search engine) • e.g. www.worc.ac.uk • from main website, find other external-facing names • e.g. staffweb.worc.ac.uk

  15. Website Connections & History • History: use www.archive.org: • The Wayback Machine • Connections: use robtex.com • Business Intelligence: • sites that reveal company details • e.g. www.companieshouse.co.uk

  16. More Company Information… • “Whois” & CheckDNS.com: • lookups of IP/DNS combinations • details of who owns a domain name • details of DNS Zones & subdomains • Job hunters websites: • e.g. www.reed.co.uk • www.jobsite.co.uk • www.totaljobs.com • IT technicians “blog entries”

  17. People Information • Company information will reveal names • Use names in • search engines • Facebook • LinkedIn • Google Earth reveals: • company location(s)

  18. Physical Network Information (“active” footprinting or phishing) • External “probing” • should be detectable by a good defence system… (could be embarrassing!) • e.g. Traceroute: • Uses ICMP protocol “echo” • no TCP or UDP port • reveals names/IP addresses of intelligent hardware: • e.g. Routers, Gateways, DMZs

  19. Email Footprinting • Using the email system to find the organisation’s email names structure • “passive” monitor emails sent • IP source address • structure of name • “active” email sending programs : • test whether email addresses actually exist • test restrictions on attachments

  20. Utilizing Google etc. (“passive”) • Google: Advanced Search options: • Uses [site:] [intitle:] [allintitle:] [inurl:] • In each case a search string should follow • e.g. “password” • Maltego • graphical representations of data

  21. Perusing Network Firewall settings • Firewall acts between transport layer and application layer • each application transfers data using a logical port • can restrict entry of packets to the application layer by blocking that port • hacker will wish to know wish ports are blocked and which could be exploited

  22. TCP/UDP ports and Hacking • Schematic TCP/IP stack interacting at three of the 7 OSI levels (network, transport, application): TELNET FTP SMTP NFS DNS SNMP X X X X ports X X TCP UDP IP

  23. TCP & UDP ports • Hackers use these to get inside firewalls etc. • Essential to know the important ones: • 20, 21 ftp 80 http 389 Ldap • 22 ssh 88 Kerberos 443 https • 23 telnet 110 pop3 636 Ldap/SSL • 25 smtp 135 smb • 53 dns 137-9 NetBIOS • 60 tftp 161 snmp

  24. Reconnaissance/Scanning • Three types of scan: • Network (already mentioned) • identifies active hosts • Port • send client requests until a suitable active port has been found… • Vulnerability • assessment of devices for weaknesses that can be exploited

  25. A “Scanning” Methodology for Ethical Hackers… • Check for Live Systems • Check for open ports • “Banner Grabbing” • e.g. bad html request • Scan for vulnerabilities • Draw Network diagram(s) • Prepare proxies…

  26. Proxy Hacking (or Hijacking) • Attacker creates a copy of the targeted web page on a proxy server • Now uses methods like: • keyword stuffing • linking to the copied page from external sites… • Artificially raises search engine ranking • authentic page will rank lower… • may even be seen as duplicated content, in which case a search engine may remove it from its index

  27. Now you try it! • Download OWASP software tools… • Try out the tools on an informal basis without infringing “ethical hacking” rules • Gather evidence documenting your activities • after Campbell Murray’s presentation (27th April) • Present evidence to hand in with assignment 2…

  28. Thanks for Listening

More Related