1 / 23

Internet Security 1 ( IntSi1 )

Internet Security 1 ( IntSi1 ). 1.6 The Hacking Cycle. Prof. Dr. Peter Heinzmann Prof. Dr. Andreas Steffen Institute for Internet Technologies and Applications (ITA). The Hacking Cycle. Patch available. Risk. Vulnerability widely known. Vulnerabilitiy fixed ( Patch installed).

vanya
Download Presentation

Internet Security 1 ( IntSi1 )

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Internet Security 1 (IntSi1) 1.6 The Hacking Cycle Prof. Dr. Peter HeinzmannProf. Dr. Andreas SteffenInstitute for Internet Technologies and Applications (ITA)

  2. The Hacking Cycle Patch available Risk Vulnerability widely known Vulnerabilitiy fixed (Patch installed) Vulnerability detected Vulnerability announced React fast to reduce time of high risk Vulnerability not known Time days …weeks days ... months

  3. passive passive or active active Anatomy of a Hack - Details Footprinting (gather target information)  names, addresses, system types, ... Fingerprinting (identify topologies & systems)  network layout, operating systems, services Sniffing(collect network traffic)  addresses, names, information (passwords, ...) Information Gathering Enumeration (collect access information)  list of user accounts, share names, … Scanning (detect systems and services)  response from network stack, applications, ... Gain Access (use passwords, vulnerabilities)  access to accounts, resources, ...  read,  write,  make unavailable Escalate privileges(pilfering, vulnerab.)  admin, root access, ... Create Backdoors(install programs)  batch jobs, remote control, services, sniffers, ... Cover Tracks(clear logs, hide tools)no traces (root kits)

  4. Internet Security 1 (IntSec1) 1.7 Information Gathering

  5. Footprinting • Identify locations, domain names, IP address ranges, e-mail addresses, dial-in phone numbers, systems used, administrator names, network topology. • Using public information. • Without network connection to the target. • Without physical connection to the target.

  6. Information Search • General search engines (Google, Yahoo, …) • Web search • Blogs, news feeds • “Who is” service • Domain Name service (nslookup) • Vulnerability Data Bases • Special “Hacker Sites” • Social Media (Facebook, Google+, LinkedIn, Xing, …) • Chats and Fora • Instant Messaging sessions

  7. Social Engineering • Describes a non-technical kind of intrusion that relies heavily on human interaction and often involves tricking other people to break normal security procedures. • Probably the most powerful tool • See Kevin D. Mitnick’s book“The Art of Deception: Controlling theHuman Element of Security”John Wiley & Sons, October 2002

  8. Fingerprinting (Scanning) • Network Topology • Identify network topology with network connection or (physical) access to the target. • Methods: ping, traceroute (tracert on Windows systems) • Tools: fping, nmap, SuperScan • Operating System • Identify operating system (type, version, patch level) with network connection or (physical) access to the target. • Methods: banners, TCP/IP stack fingerprinting, SNMP • Tools: nmap, queso • Services • Identify services (active hosts and ports) with network connection or (physical access to the target). • Tools: netcat, nmap, LanGuard, SuperScan

  9. > ftp ftp.netscape.com Trying 207.200.74.26 ... Connected to ftp.netscape.com. Escape character is '^]'. 220 ftp29 FTP server (UNIX(r) System V Release 4.0) ready. SYST 215 UNIX Type: L8 Version: SUNOS > telnet hpux.u-aizu.ac.jp Trying 163.143.103.12 ... Connected to hpux.u-aizu.ac.jp. Escape character is '^]'. HP-UX hpux B.10.01 A 9000/715 (ttyp2) login: Banner

  10. TCP/IP-Stack Fingerprinting • OS use different default parameters • Initial TTL value, sequence number, window size • ACK value may be SEQ or SEQ+1 • “Don’t fragement bit” set • Type of Service • Window size • OS respond specifically to certain probes • Target should not respond to a FIN probe – Win NT responds with FIN/ACK • handling of overlapping IP fragments • ICMP response • …

  11. Rootkits • Goal: get root privileges and hide programs • Hide intruder’s processes (pwdlogger.exe, backdoor.exe, etc…) • Hide registry keys responsible for starting intruder’s tools after system reboot • Sometimes to hide some files (intruder’s tools) • Types • User-modeFunction hooking or patching of commonly used APIs, for example, to mask a running process or file that resides on a filesystem • Kernel-modeAdds code or replaces portions of the core operating system, including both the kernel and associated device drivers. • Bootkits • Hypervisor Level • Hardware/Firmware

  12. Internet Security 1 (IntSec1) 1.8 Integrated Tools

  13. Nmap Security Scanner • Probablymostusedportscanner • Support fordifferentscanningtechniques • Detectsoperatingsystemof remote hosts • Manyconfigurationoptions - timing - scannedportrange - scanmethod - … • Consoletool • Various front endsforeasierhandling

  14. Tenable Nessus Vulnerability Scanner

  15. GFI LanGuardNetwork Security Scanner

  16. Cain Password Recovery Tool • Cain available from http://www.oxid.it/cain.html • ARP poisoning, SSL/TLS man-in-the-middleattacks

  17. Cain – Password Cracking • Cain available from http://www.oxid.it/cain.html • ARP poisoning, SSL/TLS man-in-the-middleattacks

  18. Cain – MAC Address Scanner

  19. Cain – ARP Cache Poisoning

  20. Cain – Faked TLS Server Certificates

  21. Cain – Self-Signed ZKB Certificate

  22. Internet Security 1 (IntSec1) 1.9 CybercrimeConvention

  23. CybercrimeConvention des Europarats • Die “Budapest Convention on Cybercrime” ausdemJahr 2001tritt in derSchweiz am 1. Januar 2012 in Kraft. • Konsequenzen • Hacken wird auch dann bestraft, wenn es ohne nachgewiesene Bereicherungsabsicht erfolgt ist. Das alleinige Eindringen in einSystem kann also bestraft werden. • Neu macht sich strafbar, wer Passwörter oder ähnliche Daten im Wissen zugänglich macht, dass diese für das illegale Eindringenin ein Computersystem verwendet werden sollen. • Verboten istauch die Herstellung und Verbreitung von technischenMittelnzurBegehung von Computerdelikten (insbesondereHackersoftware). • Verschärfung des bestehendenStrafrechts!

More Related