custom search

live forex charts

powered by Forex Goer

Thursday, November 13, 2008

Location

Location
The tests you’re performing dictate where you must run them from. Your goal
is to hack your systems from locations where malicious hackers can access
the systems. You can’t predict whether you’ll be attacked by a hacker from
outside or inside your network, so cover all your bases. Combine external
(public Internet) tests and internal (private network) tests.
You can perform some tests, such as password cracking and network-infrastructure
assessments, from the comfort of your office — inside the network.
But it may be better to have a true outsider perform other tests on routers,
firewalls, and public Web applications.
For your external hacks that require network connectivity, you may have to
go off-site (a good excuse to work from home) or use an external proxy server.
Better yet, if you can assign an available public IP address to your computer,
plug into the network on the outside of the firewall for a hacker’s-eye view of
your systems. Internal tests are easy because you need only physical access
to the building and the network.
Reacting to major exploits that you find
Determine ahead of time whether you’ll stop or keep going when you find a
critical security hole. Your manager or your customer may not ask you to,
but I think it’s best to keep going to see what else you can discover. I’m not
saying to keep hacking until the end of time or until you crash all your systems.
Simply pursue the path you’re going down until you can’t hack it any
longer (pun intended).
Silly assumptions
You’ve heard what you make of yourself when you assume things. Even so,
you must make assumptions when you hack your systems. Here are some
examples of those assumptions:
Computers, networks, and people are available when you’re testing.
You have all the proper hacking tools.
The hacking tools you’re using won’t crash your systems.
Your hacking tools actually work.
You know all the risks of your tests.
You should document all assumptions and have management or your customer
sign off on them as part of your overall approval process.
36 Part I: Building the Foundation for Ethical Hacking
Selecting Tools
The required security-assessment tools (hacking tools) depend on the tests
you’re running. You can perform some ethical hacking tests with a pair of
sneakers, a telephone, and a basic workstation on the network. However,
comprehensive testing is easier with hacking tools.
Not only do you need an arsenal of tools, but you should also use the right
tool for the task:
If you’re cracking passwords, a general port scanner such as SuperScan
or Nmap may not do the trick. For this task, you need a tool such as LC4,
John the Ripper, or pwdump.
If you’re attempting an in-depth analysis of a Web application, a Webapplication
assessment tool (such as Nikto or WebInspect) is more
appropriate than a network analyzer such as Ethereal.
If you’re not sure what tools to use, fear not. Throughout this book, I introduce
a wide variety of tools — both free and commercial — that you can use
to accomplish your tasks.
You can choose among hundreds, if not thousands, of tools for ethical
hacking — everything from your own words and actions to software-based
vulnerability-assessment programs to hardware-based network analyzers.
Here’s a rundown of some of my favorite commercial, freeware, and opensource
security tools:
@stake L0phtcrack (now called LC4)
Ethereal
Foundstone SuperScan
Qualys QualysGuard
GFI LANguard Network Security Scanner
John the Ripper
Network Stumbler
Nessus
Nikto
Nmap
Pwdump2
SPI Dynamics WebInspect
THC-RUT
ToneLoc

Specific tests

Specific tests
You may have been charged with performing a general penetration test, or you
may want to perform specific tests, such as cracking passwords or war-dialing
into a network. Or you might be performing a social-engineering test or assessing
the Windows operating systems on the network. However you’re testing,
you may want to conceal the specifics of the testing to keep what you’re doing
covert or to protect your methodologies. In fact, your manager or customer
may not want the details. Either way, document and make known at a high level
what you’re doing. This can help eliminate any potential miscommunication
and keep you out of hot water.
A good way to provide evidence of what was tested, when it was tested, and
more is to enable logging on the systems you’re testing.
34 Part I: Building the Foundation for Ethical Hacking
Sometimes, you may know the general tests that you’re performing, but if you’re
using automated tools, it may be next to impossible to understand completely
every test you’re performing. This is especially true if the software you’re using
receives real-time vulnerability-testing updates from the vendor every time you
run it. The potential for frequent updates underscores the importance of reading
the documentation and readme files that come with the tools you’re using.
I have experienced surprising vulnerability updates in the past. I was performing
an automated assessment on a customer’s Web site — the same test I had
just performed the previous week. The customer and I had scheduled the test
date and time in advance. What I didn’t know is that the software vendor made
some changes to its Web form submission tests, and I flooded the customer’s
Web application, creating a DoS condition.
Luckily, this DoS condition occurred after business hours and didn’t affect
the customer’s operations. However, the customer’s Web application was
coded to generate an alert e-mail for every form submission. The application
developer and company’s president received 4,000 e-mails in their inboxes
within about 10 minutes — ouch! I was lucky that the president was techsavvy
and understood the situation. It’s important to have a contingency plan
in case a situation like this occurs.
Blind versus knowledge assessments
It may be good to have some knowledge of the systems you’re testing, but it’s
not required. However, a basic understanding of the systems you’re hacking
can protect you and others. Obtaining this knowledge shouldn’t be difficult if
you’re hacking your own in-house systems. If you’re hacking a customer’s
systems, you may have to dig a little deeper into how the systems work so
you know what’s what. That’s how I’ve always done it. In fact, I’ve never had
a customer ask for a fully blind assessment. Most people are scared of these
assessments. This doesn’t mean that blind assessments aren’t valuable. The
type of assessment you carry out depends on your specific needs.
The best approach is to plan on unlimited attacks, wherein any test is possible.
The bad guys aren’t hacking your systems within a limited scope, so why
should you?
Consider whether the tests should be undetected. This isn’t required but
should be considered, especially for social-engineering and physical security
tests. I outline specific tests for those subjects in Chapter 5 and Chapter 6.
A false sense of vigilance can be created if too many insiders know about your
testing which can end up negating the hard work you’re putting into this.
This doesn’t mean you shouldn’t tell anyone. Always have a main point of
contact within the organization — preferably someone with decision-making
authority — that both you and all employees can contact if and when something
goes wrong.

Determining What Systems to Hack

Determining What Systems to Hack
You probably don’t want — or need — to assess the security of all your systems
at the same time. This could be quite an undertaking and could lead to
problems. I’m not saying you shouldn’t eventually assess every computer and
application you have. I’m just suggesting that whenever possible, you should
break your ethical hacking projects into smaller chunks to make them more
manageable. You may decide which systems to test based on a high-level risk
analysis, answering questions such as:
What are your most critical systems? Which systems, if hacked, would
cause the most trouble or the greatest losses?
Which systems appear to be most vulnerable to attack?
Which systems are not documented, are rarely administered, or are the
ones you know the least about?
After you’ve established your overall goals, decide which systems to test.
This step helps you carefully define a scope for your ethical hacking so that
you not only establish everyone’s expectations up front, but also better estimate
the time and resources for the job.
The following list includes systems and applications that you may consider
performing your hacking tests on:
Routers
Firewalls
Network infrastructure as a whole
Wireless access points and bridges
Web, application, and database servers
E-mail and file/print servers
Workstations, laptops, and tablet PCs
Mobile devices (such as PDAs and cell phones) that store confidential
information
Client and server operating systems
Client and server applications, such as e-mail or other in-house systems
32 Part I: Building the Foundation for Ethical Hacking
What specific systems you should test depends on several factors. If you have
a small network, you can test everything from the get-go. You may consider
testing just public-facing hosts such as e-mail and Web servers and their
associated applications. The ethical hacking process is flexible. Base these
decisions on what makes the most business sense.
Start with the most vulnerable systems, and consider the following factors:
Where the computer or application resides on the network
Which operating system and application(s) it runs
The amount or type of critical information stored on it
If you’re hacking your own systems or a customer’s systems, a previous
security-risk assessment or vulnerability test may already have generated
this information. If so, that documentation may help identify systems for
more testing.
Ethical hacking goes a few steps beyond the higher-level information risk
assessments and vulnerability testing. As an ethical hacker, you first glean
information on all systems — including the organization as a whole — and
then further assess the systems that appear most vulnerable. I discuss the
ethical hacking methodology in more detail in Chapter 4.
Another factor to help you decide where to start is to assess the systems that
have the greatest visibility. For example, focusing on a database or file server
that stores customer or other critical information may make more sense — at
least initially — than concentrating on a firewall or Web server that hosts
marketing information about the company.
Creating Testing Standards
One miscommunication or slip-up can send your systems crashing during
your ethical hacking tests. No one wants that to happen. To prevent mishaps,
develop and document testing standards. These standards should include
When the tests are performed, along with the overall timeline
What tests are performed
How the tests are performed, and from where
How much knowledge of the systems you acquire in advance
What you do when a major vulnerability is discovered
This is a list of general best practices. You can apply more standards for your
situation.
Chapter 3: Developing Your Ethical Hacking Plan 33
Timing
You know they say that it’s “all in the timing.” This is especially true when
performing ethical hacking tests. Make sure that the tests you’re performing
minimize disruption to business processes, information systems, and people.
You want to avoid situations like miscommunicating the timing of tests and
causing a DoS attack against a high-traffic e-commerce site in the middle of
the day, or forcing yourself or others to perform password-cracking tests in
the middle of the night. It’s amazing what a 12-hour time difference can make!
Everyone in the project should agree on a detailed timeline before you begin.
This puts everyone on the same page and sets correct expectations.
Notify any Internet Service Providers (ISP) or Application Service Providers
(ASPs) involved before performing any tests across the Internet. This way,
ISPs and ASPs will be aware of the testing going on, which will minimize the
chance that they will block your traffic if they suspect malicious behavior
that shows up on their firewalls or Intrusion Detection Systems (IDSs).
The timeline should include specific short-term dates and times of each test,
the start and end dates, and any specific milestones in between. You can
develop and enter your timeline into a simple spreadsheet or Gantt chart, or
you can include the timeline as part of your initial customer proposal and
contract. For example, you could use a timeline similar to the following:
Test Performed Tester Start Time Projected End Time
War dial Tommy Tinker July 1, 6:00 a.m. July 1, 10:00 a.m.
Password cracking Amy Trusty July 2, 12:00 p.m. July 2, 5:00 p.m.
This timeline will keep things simple and provide a reference during testing.

Developing Your Ethical Hacking Plan

Getting Your Plan Approved
Getting approval for ethical hacking is critical. First, obtain project sponsorship.
This approval can come from your manager, an executive, a customer,
or yourself (if you’re the boss). Otherwise, your testing may be canceled suddenly,
or someone can deny authorizing the tests. There can even be legal
consequences for unauthorized hacking. Always make sure that what you’re
doing is known and visible — at least to the decision-makers. Chapter 20
outlines ten tips for getting upper management’s buy-in on your security
initiatives.
If you’re an independent consultant or have a business with a team of ethical
hackers, consider getting professional liability (also known as errors and
omissions) insurance from an agent who specializes in business insurance
coverage. This kind of insurance can be expensive, but it can be well worth it.
The authorization can be as simple as an internal memo from upper management
if you’re performing these tests on your own systems. If you’re performing
testing for a customer, you must have a signed contract in place, stating
the customer’s support and authorization. Get written approval as soon as
possible to ensure that your time and efforts are not wasted. This documentation
is your security if anyone questions what you’re doing.
Establishing Your Goals
Your ethical hacking plan needs goals. The main goal of ethical hacking is to
find vulnerabilities in your systems so you can make them more secure. You
can then take this a step further:
Define more specific goals. Align these goals with your business
objectives.
Create a specific schedule with start and end dates. These dates are
critical components of your overall plan.
Before you begin any ethical hacking, you absolutely, positively need everything
in writing and signed-off on.
Document everything, and involve upper management in this process. Your
best ally in your ethical hacking efforts is a manager who supports what
you’re doing.
The following questions can start the ball rolling:
Does ethical hacking support the mission of the business and its IT and
security departments?
What business goals are met by performing ethical hacking?
These goals may include the following:
• Prepping for the internationally accepted security framework of
ISO 17799 or a security seal such as SysTrust or WebTrust
• Meeting federal regulations
• Improving the company’s image
How will ethical hacking improve security, IT, and the general business?
What information are you protecting?
30 Part I: Building the Foundation for Ethical Hacking
This could be intellectual property, confidential customer information,
or private employee information.
How much money, time, and effort are you and your organization willing
to spend on ethical hacking?
What specific deliverables will there be?
Deliverables can include anything from high-level executive reports to
detailed technical reports and write-ups on what you tested along with
the outcomes of your tests. You can deliver specific information that is
gleaned during your testing, such as passwords and other confidential
information.
What specific outcomes do you want?
Desired outcomes include the justification for hiring or outsourcing security
personnel, increasing your security budget, or enhancing security
systems.
People within your organization may attempt to keep you from performing
your ethical hacking plans. The best antidote is education. Show how ethical
hacking helps support the business in everyone’s favor.
After you know your goals, document the steps to get there. For example, if
one goal is to develop a competitive advantage to keep existing customers
and attract new ones, determine the answers to these questions:
When will you start your ethical hacking?
Will your ethical hacking be blind, in which you know nothing about the
systems you’re testing, or a knowledge-based attack, in which you’re
given specific information about the systems you’re testing such as IP
addresses, hostnames, and even usernames and passwords?
Will this testing be technical in nature or involve physical security
assessments or even social engineering?
Will you be part of a larger ethical hacking team, often called a tiger team
or red team?
Will you notify your customers of what you’re doing? If so, how?
Customer notification is a critical issue. Many customers appreciate that
you’re taking steps to protect their information. Approach the testing in
a positive way. Don’t say, “We’re breaking into our systems to see what
information of yours is vulnerable to hackers.” Instead, you can say that
you’re assessing the overall security of your systems so the information
is as secure as possible from the bad guys.
How will you notify customers that the organization is taking steps to
enhance the security of their information?
What measurements can ensure that these efforts are paying off?

Maintaining Anonymity

Maintaining Anonymity
Smart hackers want to be as low-key as possible. Covering their tracks is a
priority. In fact, success often depends on it. They don’t want to raise suspicion
so they can come back and access the systems in the future. Hackers
often remain anonymous by using one of the following techniques:
Borrowed or stolen dial-up accounts from friends or previous employers
Public computers at libraries, schools, or kiosks at the local mall
Internet proxy servers or anonymizer services
Anonymous or disposable e-mail accounts from free e-mail services
Chapter 2: Cracking the Hacker Mindset 27
Open e-mail relays
Unsecured computers — also called zombies — at other organizations
Workstations or servers on the victim’s own network
If hackers use enough steppingstones for their attacks, they are hard to trace.

Planning and Performing Attacks

Planning and Performing Attacks
Hacking styles vary widely:
Some hackers prepare far in advance of a large attack. They gather
small bits of information and methodically carry out their hacks, as I
outline in Chapter 4. These hackers are more difficult to track.
Other hackers — usually, the inexperienced script kiddies — act
before they think things through. For example, such hackers may try to
telnet directly into an organization’s router without hiding their identities.
Other hackers may try to launch a DoS attack against a Microsoft
Exchange e-mail server without first determining what version of
Exchange is running or what patches are installed.
These are the guys who usually get caught.
Although the hacker underground is a community, many of the hackers —
especially the elite hackers — don’t share information with the crowd. Most
hackers do much of their work independently from other hackers. Hackers
who network with one another use private bulletin board systems (BBSs),
anonymous e-mail addresses, hacker Web sites, and Internet Relay Chat (IRC).
You can log on to many of these sites to see what hackers are doing.
Whatever approach they take, most malicious hackers prey on ignorance.
They know the following aspects of real-world security:
The majority of systems that hackers want to attack aren’t managed
properly. The computer systems aren’t properly patched, hardened, and
monitored as they should be. Hackers often can attack by flying below
the average radar of the firewalls, IDSs, and authentication systems.
26 Part I: Building the Foundation for Ethical Hacking
Hacking in the name of liberty
Many hackers exhibit behaviors that contradict
what they’re fighting for — that is, they fight for
civil liberties and want to be left alone, and at the
same time, they love prying into other people’s
business. Many hackers claim to be civil libertarians
supporting the principles of personal privacy
and freedom. However, they act in an
entirely different way by intruding on the privacy
and property of others. They often steal the
property and rights of others, yet are willing to
go to great lengths to get their own rights back
from anyone who tries to take them away.
The case against copyrighted materials and
the Recording Industry Association of America
(RIAA) is a classic example. Hackers have gone
to great lengths to prove a point, from defacing
the Web sites of organizations that support copyrights
to illegally sharing music by using otherwise
legal mediums such as Kazaa, Gnutella,
and Morpheus.
Most network and security administrators simply can’t keep up with the
deluge of new vulnerabilities.
Information systems grow more complex every year. This is yet another
reason why overburdened administrators find it difficult to know what’s
happening across the wire and on the hard drives of their systems.
Time is a hacker’s friend — and it always seems to be on the hacker’s side. By
attacking through computers rather than in person, hackers have more control
over when they can carry out their attacks.
Hack attacks can be carried out slowly, making them hard to detect.
They’re frequently carried out after typical business hours — often, in
the middle of the night. Defenses are often weaker at night — with less
physical security and less intrusion monitoring — when the typical network
administrator (or security guard) is sleeping.
If you want detailed information on how some hackers work or want to keep
up with the latest hacker methods, several magazines are worth checking out:
2600 — The Hacker Quarterly magazine (www.2600.com). I’ve found gobs
of great information in 2600.
PHRACK (www.phrack.org).
Computer Underground Digest (www.soci.niu.edu/~cudigest).
Also, check out Lance Spitzner’s Web site www.tracking-hackers.com for
some great information on using honeypots to track hacker behavior.
Hackers learn from their hacking mistakes. Every mistake moves them one
step closer to breaking into someone’s system. They use this wisdom when
carrying out future attacks.

Why Hackers Hack

Why Hackers Hack
The main reason hackers hack is because they can! Okay, it goes a little deeper
than that. Hacking is a casual hobby for some hackers — they just hack to see
what they can and can’t break into, usually testing only their own systems.
These aren’t the folks I’m writing about here. I’m focusing on those hackers
who are obsessive and often have criminal intent.
Many hackers get a kick out of outsmarting corporate and government IT and
security administrators. They thrive on making headlines and being notorious
cyberoutlaws. Defeating an entity or possessing knowledge makes them feel
better about themselves. Many of these hackers feed off instant gratification.
They become obsessed with this feeling. Hackers can’t resist the adrenaline
rush they get when breaking into someone else’s systems. Often, the more
difficult the job is, the greater the thrill.
The knowledge that malicious hackers gain and the elevated ego that comes
with that knowledge are like an addiction and a way of life. Some hackers want
to make your life miserable, and others simply want to be seen or heard. Some
common hacker motives are revenge, basic bragging rights, curiosity, boredom,
challenge, vandalism, theft for financial gain, sabotage, blackmail, extortion, and
corporate espionage.
Hackers often promote individualism — or at least the decentralization of
information — because many believe that all information should be free.
They think cyberattacks are different from attacks in the real world. They
easily ignore or misunderstand their victims and the consequences of hacking.
24 Part I: Building the Foundation for Ethical Hacking
Many hackers say they don’t intend to harm or profit through their bad deeds,
which helps them justify their work. They often don’t look for tangible payoffs.
Just proving a point is often a good enough reward for them.
Many business owners and managers — even some network and security
administrators — believe that they don’t have anything that a hacker wants or
that hackers can’t do much damage if they break in. This couldn’t be further
from the truth. This kind of thinking helps support hackers and their objectives.
Hackers can compromise a seemingly unimportant system to access
the network and use it as a launching pad for attacks on other systems.
It’s worth repeating that hackers often hack because they can. Some hackers
go for high-profile systems, but hacking into anyone’s system helps them fit
into hacker circles. Hackers use the false sense of security that many people
have and go for almost any system they think they can compromise. They
know that electronic information can be in more than one place at the same
time. It’s tough to prove that hackers took the information and possess it.
Similarly, hackers know that a simple defaced Web page — however easily
attacked — is not good for business. The following Web sites show examples
of Web pages that have been defaced in the past few years:
www.2600.com/hacked_pages
www.onething.com/archive
Hacked sites like these can persuade management and other nonbelievers
that information threats and vulnerabilities should be addressed.
Hacking continues to get easier for several reasons:
Increasing use of networks and Internet connectivity
Anonymity provided by computer systems working over the Internet
Increasing number and availability of hacking tools
Computer-savvy children
Unlikelihood that hackers are investigated or prosecuted if caught
Although most hacker attacks go unnoticed or unreported, hackers who are
discovered are often not pursued or prosecuted. When they’re caught, hackers
often rationalize their services as being altruistic and a benefit to society:
They’re merely pointing out vulnerabilities before someone else does.
Regardless, if justice is ever served, it helps eliminate the “fame and glory”
reward system that hackers thrive on.
These criminal hackers are in the minority, so don’t think that you’re up
against millions of these villains. Many other hackers just love to tinker and

Who Hacks

Who Hacks
Computer hackers have been around for decades. Since the Internet became
widely used in the late 1990s, we’ve started to hear more and more about hacking.
Only a few hackers, such as John Draper (also known as Captain Crunch)
and Kevin Mitnick, are well known. Gobs more unknown hackers are looking
to make a name for themselves. They’re the ones to look out for.
In a world of black and white, it’s easy to describe the typical hacker. A general
stereotype of a typical hacker is an antisocial, pimple-faced teenage boy.
But the world has many shades of gray and, therefore, many types of hackers.
Hackers are human like the rest of us and are, therefore, unique individuals,
so an exact profile is hard to outline. The best broad description of hackers is
that all hackers aren’t equal. Each hacker has motives, methods, and skills.
But some general characteristics can help you understand them.
Not all hackers are antisocial, pimple-faced teenagers. Regardless, hackers
possess curiosity, bravado, and often very sharp minds.

Cracking the Hacker Mindset

Cracking the Hacker Mindset
In This Chapter
 Understanding the enemy
 Profiling hackers
 Understanding why hackers do what they do
 Examining how hackers go about their business
Before you start assessing the security of your own systems, it helps to
know something about the enemies you’re up against. Many information-
security product vendors and other professionals claim that you should
protect your systems from the bad guys — both internal and external. But
what does this mean? How do you know how these bad guys think and work?
Knowing what hackers want helps you understand how they work. Understanding
how they work helps you look at your information systems in a whole
new way. In this chapter, I describe what you’re up against, who’s actually
doing the hacking, and what their motivations and methods are so you’re
better prepared for your ethical hacking tests.
What You’re Up Against
Thanks to sensationalism, the definition of hacker has transformed from
harmless tinkerer to malicious criminal. Hackers often state that the general
public misunderstands them, which is mostly true. It’s easy to prejudge what
you don’t understand. Hackers can be classified by both their abilities and
underlying motivations. Some are skilled, and their motivations are benign;
they’re merely seeking more knowledge. At the other end of the spectrum,
hackers with malicious intent seek some form of personal gain. Unfortunately,
the negative aspects of hacking usually overshadow the positive aspects,
resulting in the stereotyping.
Historically, hackers have hacked for the pursuit of knowledge and the thrill
of the challenge. Script kiddies aside, hackers are adventurous and innovative
thinkers, and are always thinking about exploiting computer vulnerabilities.
(For more on script kiddies, see “Who Hacks,” later in this chapter.) They see
what others often overlook. They wonder what would happen if a cable were
unplugged, a switch were flipped, or lines of code were changed in a program.
These old-school hackers are like Tim the Toolman Taylor — Tim Allen’s character
on the late, great sitcom Home Improvement — thinking mechanical and
electronic devices can be improved if they’re “rewired.” More recent evidence
shows that many hackers are hacking for political, competitive, and even financial
purposes, so times are changing.
When they were growing up, hackers’ rivals were monsters and villains on
video game screens. Now hackers see their electronic foes as only that —
electronic. Hackers who perform malicious acts don’t really think about the
fact that human beings are behind the firewalls and Web applications they’re
attacking. They ignore that their actions often affect those human beings in
negative ways, such as jeopardizing their job security.
Hackers and the act of hacking drive the advancement of security technology.
After all, hackers don’t create security holes; they expose and exploit existing
holes in applications. Unfortunately, security technology advances don’t ward
off all hacker attacks, because hackers constantly search for new holes and
weaknesses. The only sure-fire way to keep the bad guys at bay is to use behavior
modification to change them into productive, well-adjusted members of
society. Good luck with that.
However you view the stereotypical hacker, one thing is certain: Some people
always will try to take down your computer systems through manual hacking
or by creating and launching automated worms and other malware. You must
take the appropriate steps to protect your systems against them.

Executing the plan

Executing the plan
Ethical hacking can take persistence. Time and patience are important. Be
careful when you’re performing your ethical hacking tests. A hacker in your
network or a seemingly benign employee looking over your shoulder may
watch what’s going on. This person could use this information against you.
It’s not practical to make sure that no hackers are on your systems before
you start. Just make sure you keep everything as quiet and private as possible.
This is especially critical when transmitting and storing your test results.
If possible, encrypt these e-mails and files using Pretty Good Privacy (PGP) or
something similar. At a minimum, password-protect them.
You’re now on a reconnaissance mission. Harness as much information as
possible about your organization and systems, which is what malicious hackers
do. Start with a broad view and narrow your focus:
1. Search the Internet for your organization’s name, your computer and
network system names, and your IP addresses.
Google is a great place to start for this.
2. Narrow your scope, targeting the specific systems you’re testing.
Whether physical-security structures or Web applications, a casual
assessment can turn up much information about your systems.
3. Further narrow your focus with a more critical eye. Perform actual
scans and other detailed tests on your systems.
4. Perform the attacks, if that’s what you choose to do.

The Ethical Hacking Process

The Ethical Hacking Process
Like practically any IT or security project, ethical hacking needs to be planned
in advance. Strategic and tactical issues in the ethical hacking process should
be determined and agreed upon. Planning is important for any amount of
testing — from a simple password-cracking test to an all-out penetration test
on a Web application.
Formulating your plan
Approval for ethical hacking is essential. Make what you’re doing known and
visible — at least to the decision makers. Obtaining sponsorship of the project
is the first step. This could be your manager, an executive, a customer, or
even yourself if you’re the boss. You need someone to back you up and sign
off on your plan. Otherwise, your testing may be called off unexpectedly if
someone claims they never authorized you to perform the tests.
Chapter 1: Introduction to Ethical Hacking 15
The authorization can be as simple as an internal memo from your boss if
you’re performing these tests on your own systems. If you’re testing for a
customer, have a signed contract in place, stating the customer’s support and
authorization. Get written approval on this sponsorship as soon as possible
to ensure that none of your time or effort is wasted. This documentation is
your Get Out of Jail Free card if anyone questions what you’re doing.
You need a detailed plan, but that doesn’t mean you have to have volumes of
testing procedures. One slip can crash your systems — not necessarily what
anyone wants. A well-defined scope includes the following information:
Specific systems to be tested
Risks that are involved
When the tests are performed and your overall timeline
How the tests are performed
How much knowledge of the systems you have before you start testing
What is done when a major vulnerability is discovered
The specific deliverables — this includes security-assessment reports
and a higher-level report outlining the general vulnerabilities to be
addressed, along with countermeasures that should be implemented
When selecting systems to test, start with the most critical or vulnerable
systems. For instance, you can test computer passwords or attempt socialengineering
attacks before drilling down into more detailed systems.
It pays to have a contingency plan for your ethical hacking process in case
something goes awry. What if you’re assessing your firewall or Web application,
and you take it down? This can cause system unavailability, which can
reduce system performance or employee productivity. Even worse, it could
cause loss of data integrity, loss of data, and bad publicity.
Handle social-engineering and denial-of-service attacks carefully. Determine
how they can affect the systems you’re testing and your entire organization.
Determining when the tests are performed is something that you must think
long and hard about. Do you test during normal business hours? How about
late at night or early in the morning so that production systems aren’t affected?
Involve others to make sure they approve of your timing.
The best approach is an unlimited attack, wherein any type of test is possible.
The bad guys aren’t hacking your systems within a limited scope, so why
should you? Some exceptions to this approach are performing DoS, socialengineering,
and physical-security tests.
Don’t stop with one security hole. This can lead to a false sense of security.
Keep going to see what else you can discover. I’m not saying to keep hacking
16 Part I: Building the Foundation for Ethical Hacking
until the end of time or until you crash all your systems. Simply pursue the
path you’re going down until you can’t hack it any longer (pun intended).
One of your goals may be to perform the tests without being detected. For
example, you may be performing your tests on remote systems or on a remote
office, and you don’t want the users to be aware of what you’re doing. Otherwise,
the users may be on to you and be on their best behavior.
You don’t need extensive knowledge of the systems you’re testing — just a
basic understanding. This will help you protect the tested systems.
Understanding the systems you’re testing shouldn’t be difficult if you’re hacking
your own in-house systems. If you’re hacking a customer’s systems, you
may have to dig deeper. In fact, I’ve never had a customer ask for a fully blind
assessment. Most people are scared of these assessments. Base the type of
test you will perform on your organization’s or customer’s needs.

Obeying the Ethical Hacking Commandments

Obeying the Ethical Hacking
Commandments
Every ethical hacker must abide by a few basic commandments. If not, bad
things can happen. I’ve seen these commandments ignored or forgotten when
planning or executing ethical hacking tests. The results weren’t positive.
Working ethically
The word ethical in this context can be defined as working with high professional
morals and principles. Whether you’re performing ethical hacking tests
against your own systems or for someone who has hired you, everything you
do as an ethical hacker must be aboveboard and must support the company’s
goals. No hidden agendas are allowed!
Trustworthiness is the ultimate tenet. The misuse of information is absolutely
forbidden. That’s what the bad guys do.
Respecting privacy
Treat the information you gather with the utmost respect. All information
you obtain during your testing — from Web-application log files to clear-text
passwords — must be kept private. Don’t use this information to snoop into
confidential corporate information or private lives. If you sense that someone
should know there’s a problem, consider sharing that information with the
appropriate manager.
14 Part I: Building the Foundation for Ethical Hacking
Involve others in your process. This is a “watch the watcher” system that can
build trust and support your ethical hacking projects.
Not crashing your systems
One of the biggest mistakes I’ve seen when people try to hack their own systems
is inadvertently crashing their systems. The main reason for this is poor
planning. These testers have not read the documentation or misunderstand
the usage and power of the security tools and techniques.
You can easily create DoS conditions on your systems when testing. Running
too many tests too quickly on a system causes many system lockups. I know
because I’ve done this! Don’t rush things and assume that a network or specific
host can handle the beating that network scanners and vulnerabilityassessment
tools can dish out.
Many security-assessment tools can control how many tests are performed
on a system at the same time. These tools are especially handy if you need to
run the tests on production systems during regular business hours.
You can even create an account or system lockout condition by social engineering
someone into changing a password, not realizing that doing so might
create a system lockout condition.

Understanding the Dangers Your Systems Face

Understanding the Dangers
Your Systems Face
It’s one thing to know that your systems generally are under fire from hackers
around the world. It’s another to understand specific attacks against your systems
that are possible. This section offers some well-known attacks but is by
no means a comprehensive listing. That requires its own book: Hack Attacks
Encyclopedia, by John Chirillo (Wiley Publishing, Inc.).
Many information-security vulnerabilities aren’t critical by themselves.
However, exploiting several vulnerabilities at the same time can take its toll.
For example, a default Windows OS configuration, a weak SQL Server administrator
password, and a server hosted on a wireless network may not be
major security concerns separately. But exploiting all three of these vulnerabilities
at the same time can be a serious issue.
Nontechnical attacks
Exploits that involve manipulating people — end users and even yourself —
are the greatest vulnerability within any computer or network infrastructure.
Humans are trusting by nature, which can lead to social-engineering exploits.
Social engineering is defined as the exploitation of the trusting nature of human
beings to gain information for malicious purposes. I cover social engineering
in depth in Chapter 5.
Other common and effective attacks against information systems are physical.
Hackers break into buildings, computer rooms, or other areas containing critical
information or property. Physical attacks can include dumpster diving
(rummaging through trash cans and dumpsters for intellectual property,
passwords, network diagrams, and other information).
12 Part I: Building the Foundation for Ethical Hacking
Network-infrastructure attacks
Hacker attacks against network infrastructures can be easy, because many
networks can be reached from anywhere in the world via the Internet. Here
are some examples of network-infrastructure attacks:
Connecting into a network through a rogue modem attached to a
computer behind a firewall
Exploiting weaknesses in network transport mechanisms, such as TCP/IP
and NetBIOS
Flooding a network with too many requests, creating a denial of service
(DoS) for legitimate requests
Installing a network analyzer on a network and capturing every packet
that travels across it, revealing confidential information in clear text
Piggybacking onto a network through an insecure 802.11b wireless
configuration
Operating-system attacks
Hacking operating systems (OSs) is a preferred method of the bad guys. OSs
comprise a large portion of hacker attacks simply because every computer
has one and so many well-known exploits can be used against them.
Occasionally, some operating systems that are more secure out of the box —
such as Novell NetWare and the flavors of BSD UNIX — are attacked, and
vulnerabilities turn up. But hackers prefer attacking operating systems like
Windows and Linux because they are widely used and better known for their
vulnerabilities.
Here are some examples of attacks on operating systems:
Exploiting specific protocol implementations
Attacking built-in authentication systems
Breaking file-system security
Cracking passwords and encryption mechanisms
Application and other specialized attacks
Applications take a lot of hits by hackers. Programs such as e-mail server
software and Web applications often are beaten down:
Chapter 1: Introduction to Ethical Hacking 13
Hypertext Transfer Protocol (HTTP) and Simple Mail Transfer Protocol
(SMTP) applications are frequently attacked because most firewalls and
other security mechanisms are configured to allow full access to these
programs from the Internet.
Malicious software (malware) includes viruses, worms, Trojan horses,
and spyware. Malware clogs networks and takes down systems.
Spam (junk e-mail) is wreaking havoc on system availability and storage
space. And it can carry malware.
Ethical hacking helps reveal such attacks against your computer systems.
Parts II through V of this book cover these attacks in detail, along with specific
countermeasures you can implement against attacks on your systems.

Understanding the Need to hack your own systems

Understanding the Need to
Hack Your Own Systems
To catch a thief, think like a thief. That’s the basis for ethical hacking.
The law of averages works against security. With the increased numbers and
expanding knowledge of hackers combined with the growing number of system
vulnerabilities and other unknowns, the time will come when all computer
systems are hacked or compromised in some way. Protecting your systems
from the bad guys — and not just the generic vulnerabilities that everyone
knows about — is absolutely critical. When you know hacker tricks, you can
see how vulnerable your systems are.
Hacking preys on weak security practices and undisclosed vulnerabilities.
Firewalls, encryption, and virtual private networks (VPNs) can create a false
feeling of safety. These security systems often focus on high-level vulnerabilities,
such as viruses and traffic through a firewall, without affecting how hackers
work. Attacking your own systems to discover vulnerabilities is a step to
making them more secure. This is the only proven method of greatly hardening
your systems from attack. If you don’t identify weaknesses, it’s a matter of
time before the vulnerabilities are exploited.
As hackers expand their knowledge, so should you. You must think like them
to protect your systems from them. You, as the ethical hacker, must know
activities hackers carry out and how to stop their efforts. You should know
what to look for and how to use that information to thwart hackers’ efforts.
You don’t have to protect your systems from everything. You can’t. The only
protection against everything is to unplug your computer systems and lock
them away so no one can touch them — not even you. That’s not the best
approach to information security. What’s important is to protect your systems
from known vulnerabilities and common hacker attacks.
It’s impossible to buttress all possible vulnerabilities on all your systems. You
can’t plan for all possible attacks — especially the ones that are currently
unknown. However, the more combinations you try — the more you test whole
systems instead of individual units — the better your chances of discovering
vulnerabilities that affect everything as a whole.
Don’t take ethical hacking too far, though. It makes little sense to harden your
systems from unlikely attacks. For instance, if you don’t have a lot of foot traffic
Chapter 1: Introduction to Ethical Hacking 11
in your office and no internal Web server running, you may not have as much
to worry about as an Internet hosting provider would have. However, don’t
forget about insider threats from malicious employees!
Your overall goals as an ethical hacker should be as follows:
Hack your systems in a nondestructive fashion.
Enumerate vulnerabilities and, if necessary, prove to upper management
that vulnerabilities exist.
Apply results to remove vulnerabilities and better secure your systems.

Introduction to Ethical Hacking

Introduction to Ethical Hacking
In This Chapter
 Understanding hacker objectives
 Outlining the differences between ethical hackers and malicious hackers
 Examining how the ethical hacking process has come about
 Understanding the dangers that your computer systems face
 Starting the ethical hacking process
This book is about hacking ethically — the science of testing your computers
and network for security vulnerabilities and plugging the holes you
find before the bad guys get a chance to exploit them.
Although ethical is an often overused and misunderstood word, the Merriam-
Webster dictionary defines ethical perfectly for the context of this book and
the professional security testing techniques that I cover — that is, conforming
to accepted professional standards of conduct. IT practitioners are obligated to
perform all the tests covered in this book aboveboard and only after permission
has been obtained by the owner(s) of the systems — hence the disclaimer
in the introduction.
How Hackers Beget Ethical Hackers
We’ve all heard of hackers. Many of us have even suffered the consequences
of hacker actions. So who are these hackers? Why is it important to know
about them? The next few sections give you the lowdown on hackers.
Defining hacker
Hacker is a word that has two meanings:
Traditionally, a hacker is someone who likes to tinker with software or
electronic systems. Hackers enjoy exploring and learning how computer
systems operate. They love discovering new ways to work electronically.
Recently, hacker has taken on a new meaning — someone who maliciously
breaks into systems for personal gain. Technically, these criminals are
crackers (criminal hackers). Crackers break into (crack) systems with
malicious intent. They are out for personal gain: fame, profit, and even
revenge. They modify, delete, and steal critical information, often making
other people miserable.
The good-guy (white-hat) hackers don’t like being in the same category as the
bad-guy (black-hat) hackers. (These terms come from Western movies where
the good guys wore white cowboy hats and the bad guys wore black cowboy
hats.) Whatever the case, most people give hacker a negative connotation.
Many malicious hackers claim that they don’t cause damage but instead are
altruistically helping others. Yeah, right. Many malicious hackers are electronic
thieves.
In this book, I use the following terminology:
Hackers (or bad guys) try to compromise computers.
Ethical hackers (or good guys) protect computers against illicit entry.
Hackers go for almost any system they think they can compromise. Some
prefer prestigious, well-protected systems, but hacking into anyone’s system
increases their status in hacker circles.
Ethical Hacking 101
You need protection from hacker shenanigans. An ethical hacker possesses
the skills, mindset, and tools of a hacker but is also trustworthy. Ethical hackers
perform the hacks as security tests for their systems.
If you perform ethical hacking tests for customers or simply want to add
another certification to your credentials, you may want to consider the ethical
hacker certification Certified Ethical Hacker, which is sponsored by ECCouncil.
See www.eccouncil.org/CEH.htm for more information.
Ethical hacking — also known as penetration testing or white-hat hacking —
involves the same tools, tricks, and techniques that hackers use, but with one
major difference: Ethical hacking is legal. Ethical hacking is performed with
the target’s permission. The intent of ethical hacking is to discover vulnerabilities
from a hacker’s viewpoint so systems can be better secured. It’s part
of an overall information risk management program that allows for ongoing
security improvements. Ethical hacking can also ensure that vendors’ claims
about the security of their products are legitimate.
10 Part I: Building the Foundation for Ethical Hacking
To hack your own systems like the bad guys, you must think like they think.
It’s absolutely critical to know your enemy; see Chapter 2 for details.

Application Hacking

Part V: Application Hacking
Application security is gaining more visibility in the information-security arena
these days. An increasing number of attacks are aimed directly at various
applications, which are often able to bypass firewalls, intrusion-detection
systems, and antivirus software. This part discusses hacking specific applications,
including coverage on malicious software and messaging systems,
along with practical countermeasures that you can put in place to make your
applications more secure.
One of the most common network attacks is on Web applications. Practically
every firewall lets Web traffic into and out of the network, so most attacks are
against the millions of Web applications available to almost anyone. This part
covers Web application hack attacks, countermeasures, and some application
hacking case studies for real-world security testing scenarios.
Part VI: Ethical Hacking Aftermath
After you’ve performed your ethical hack attacks, what do you do with the
information you’ve gathered? Shelve it? Show it off? How do you move forward?
This part answers all these questions and more. From developing
reports for upper management to remediating the security flaws that you discover
to establishing procedures for your ongoing ethical hacking efforts,
this part brings the ethical hacking process full circle. This information not
only ensures that your effort and time are well spent, but also is evidence
that information security is as an essential element for success in any business
that depends on computers and information technology.
Part VII: The Part of Tens
This part contains tips to help ensure the success of your ethical hacking
program. You find out how to get upper management to buy into your ethical
hacking program so you can get going and start protecting your systems. This
part also includes the top ten ethical hacking mistakes to avoid and my top
ten tips for ethical hacking success.
Part VIII: Appendixes
This part includes two appendixes that cover ethical hacking reference materials.
This includes a one-stop reference listing of ethical hacking tools and
resources, as well as information on the Hacking For Dummies Web site.

How This Book Is Organized

How This Book Is Organized
This book is organized into eight parts — six regular chapter parts, a Part of
Tens, and a part with appendixes. These parts are modular, so you can jump
around from one part to another as needed. Each chapter provides practical
methodologies and best practices you can utilize as part of your ethical hacking
efforts, including checklists and references to specific tools you can use,
as well as resources on the Internet.
Introduction 3
Part I: Building the Foundation
for Ethical Hacking
This part covers the fundamental aspects of ethical hacking. It starts with an
overview of the value of ethical hacking and what you should and shouldn’t
do during the process. You get inside the hacker’s mindset and discover how
to plan your ethical hacking efforts. This part covers the steps involved in
the ethical hacking process, including how to choose the proper tools.
Part II: Putting Ethical Hacking in Motion
This part gets you rolling with the ethical hacking process. It covers several
well-known hack attacks, including social engineering and cracking passwords,
to get your feet wet. The techniques presented are some of the most
widely used hack attacks. This part covers the human and physical elements
of security, which tend to be the weakest links in any information-security
program. After you plunge into these topics, you’ll know the tips and tricks
required to perform common general hack attacks against your systems, as
well as specific countermeasures to keep your information systems secure.
Part III: Network Hacking
Starting with the larger network in mind, this part covers methods to test
your systems for various well-known network infrastructure vulnerabilities.
From weaknesses in the TCP/IP protocol suite to wireless network insecurities,
you find out how networks are compromised using specific methods of
flawed network communications, along with various countermeasures that
you can implement to keep from becoming a victim. This part also includes
case studies on some of the network hack attacks that are presented.
Part IV: Operating System Hacking
Practically all operating systems have well-known vulnerabilities that hackers
often use. This part jumps into hacking three widely used operating systems:
Windows, Linux, and NetWare. The hacking methods include scanning your
operating systems for vulnerabilities and enumerating the specific hosts to
gain detailed information. This part also includes information on exploiting
well-known vulnerabilities in these operating systems, taking over operating
systems remotely, and specific countermeasures that you can implement to
make your operating systems more secure. This part also includes case studies
on operating-system hack attacks.

What You Don’t Need to Read

What You Don’t Need to Read
Depending on your computer and network configurations, you may be able to
skip chapters. For example, if you aren’t running Linux or wireless networks,
you can skip those chapters.
Foolish Assumptions
I make a few assumptions about you, aspiring information-security person:
 You’re familiar with basic computer-, network-, and information-securityrelated
concepts and terms.
 You have a basic understanding of what hackers do.
 You have access to a computer and a network on which to test these
techniques.
 You have access to the Internet in order to obtain the various tools used
in the ethical hacking process.
 You have permission to perform the hacking techniques in this book.

How to Use This Book

How to Use This Book
This book includes the following features:
 Various technical and nontechnical hack attacks and their detailed
methodologies
 Hack-attack case studies from well-known and anonymous hackers and
other security experts
 Specific countermeasures to protect against hack attacks
Each chapter is an individual reference on a specific ethical hacking subject.
You can refer to individual chapters that pertain to the type of systems you’re
assessing, or you can read the book straight through.
2 Hacking For Dummies
Before you start hacking your systems, familiarize yourself with the information
in Part I so you’re prepared for the tasks at hand. The adage “if you fail
to plan, you plan to fail” rings true for the ethical hacking process. You must
get written permission and have a solid game plan.
This material is not intended to be used for unethical or illegal

About This Book

About This Book
Hacking For Dummies is a reference guide on hacking computers and network
systems. The ethical hacking techniques are based on the unwritten rules of
computer system penetration testing and information-security best practices.
This book covers everything from establishing your hacking plan to testing
your systems to managing an ongoing ethical hacking program. Realistically,
for many networks, operating systems, and applications, thousands of possible
hacks exist. I cover the major ones that you should be concerned about.
Whether you need to assess security vulnerabilities on a small home-office
network, a medium-size corporate network, or across large enterprise systems,
Hacking For Dummies provides the information you need.

adsense links

Forex Chart - GBP/USD | Forex-Toolbar.Com