1 / 21

Introduction to Reconnaissance

Introduction to Reconnaissance. Information gathering Social engineering Physical break-in Dumpster diving Scanning Modems/Wireless Access Points Hosts Network hardware Services Vulnerabilities. Reconnaissance – Step 1.

suki
Download Presentation

Introduction to Reconnaissance

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Introduction to Reconnaissance • Information gathering • Social engineering • Physical break-in • Dumpster diving • Scanning • Modems/Wireless Access Points • Hosts • Network hardware • Services • Vulnerabilities

  2. Reconnaissance – Step 1 • Information gathering – investigate the target using publicly-available information • Analogy: a bank robber “casing the joint” • Visit the bank • Note times employees (especially security guard) arrive and leave • Note location of security cameras, guards, safe, etc. • Determine make and model of alarm system and safe; Research them • Plan the robbery • Plan getaway route

  3. Information Gathering • Prior to launching an attack, skilled computer attackers often try to learn as much as possible about: • The systems and networks they plan to attack • Hardware and software • Topology • Typical operation • Owners, users, and administrators

  4. Tools for Information Gathering • The Web • Target organization’s web site may contain: • Employee contact information and phone numbers • Business partners • Technologies in use • Other information about the target: • Search engines • Customers and business partners • Whois databases • ARIN • DNS servers

  5. Goals of Information Gathering • Determine: • What is available to steal/deface/shutdown? • What avenue of attack is most likely to succeed? • What are the chances of getting caught? • Etc.

  6. Social Engineering • Deceiving people into revealing sensitive/useful information • May be attempted: • In person or remotely (e.g. phone, e-mail, etc.) • Once or over a period of time • Can result in: • Sensitive information • Unauthorized access • Passwords • Etc.

  7. Social Engineering from The Master • The Art of Deception by Kevin Mitnick

  8. Social Engineering - Examples • A “new employee” calls the help desk to get help with a particular task • An “angry manager” calls a lower-level employee because the manager’s password has suddenly stopped working • An “administrator” calls an employee because there is something wrong with the employee’s account • An “employee” in the field calls to get a remote access phone number

  9. Defenses Against Social Engineering • Policies • Information that should never be divulged over the phone • Procedures for maintenance, password resets, etc. • User education

  10. Social Engineering Examples • Lottery Tickets • Inheritance from Africa • I Love You Virus • Disk Space Over Quota • Bank Account Suspicious Activity • Bank Account updating system

  11. Physical Break-ins • An attacker might show up at an organization and attempt to: • Physically access computer systems • Install malicious hardware or software • Steal sensitive documents, storage media, or a computer system • Etc.

  12. Defenses Against Physical Break-ins • Policy • Locks • Alarms • Badges • Guards • User education

  13. Dumpster Diving • What might an attacker be able to find by going through the trash? • Old versions of sensitive documents or e-mail • Discarded disks, tapes, and other media • Post-it note with a username and password • Etc.

  14. Defenses Against Dumpster Diving • Policy • Paper shredders • Media cleansers • Special trash cans for sensitive material • User education

  15. Reconnaissance – Step 2 • Scanning – many tools are available to automate the search for: • Modems • Hosts • Network hardware • Services • Vulnerabilities

  16. War Dialers • Obtain a range of phone numbers used by the target organization • Phone book • Web • Social engineering • A war dialer is a program that will dial each number and record whether or not a modem answers

  17. War Dialers (cont) • Once modems are found: • Nudging – send characters to modem and note the reply (hopefully a banner) • Look for modems which do not require passwords • For those that do require passwords, try some guesses • Finding modems can be very valuable: • Can give remote (sometimes privileged) access to networks and systems • PCanywhere, LapLink, ControlIT • Completely bypass Internet gateways and firewalls

  18. Modem Exploitation • http://seclists.org/pen-test/2001/Sep/233 • http://www.blackhat.com/presentations/bh-usa-09/TRAMMELL/BHUSA09-TrammellDruid-MetasploitTele-PAPER.pdf

  19. Defenses Against War Dialers • Policies • Who can have a modem? • How will it be secured? • How can employees remotely access their systems? • Periodic checks for compliance • User education

  20. WarDriving/WarBiking/WarWalking • Search for accessible wireless networks • Examples: • Kismet (http://www.kismetwireless.net/ ) • NetStumbler (http://www.stumbler.net/ ) • Defenses • Policy • Periodic compliance checks • User education

  21. Reconnaissance - Summary • Information gathering • Social engineering • Physical break-in • Dumpster diving • Scanning • Modems • Wireless Access Points • User Education!

More Related