Computer Security and Penetration Testing. Chapter 2 Reconnaissance



Similar documents
Attacks and Defense. Phase 1: Reconnaissance

Guide to Preventing Social Engineering Fraud

Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs

1. Any requesting personal information, or asking you to verify an account, is usually a scam... even if it looks authentic.

Network Detective. HIPAA Compliance Module RapidFire Tools, Inc. All rights reserved V

Learn to protect yourself from Identity Theft. First National Bank can help.

Security Awareness For Server Administrators. State of Illinois Central Management Services Security and Compliance Solutions

How-to: DNS Enumeration

Port Scanning and Vulnerability Assessment. ECE4893 Internetwork Security Georgia Institute of Technology

AUTHOR CONTACT DETAILS

Course Content: Session 1. Ethics & Hacking

Ethical Hacking Course Layout

Penetration Testing. NTS330 Unit 1 Penetration V1.0. February 20, Juan Ortega. Juan Ortega, juaorteg@uat.edu. 1 Juan Ortega, juaorteg@uat.

Section 12 MUST BE COMPLETED BY: 4/22

Hacking: Information Gathering and Countermeasures

Security Threat Kill Chain What log data would you need to identify an APT and perform forensic analysis?

The Trivial Cisco IP Phones Compromise

FAQ (Frequently Asked Questions)

Penetration Testing Workshop

Internetworking Microsoft TCP/IP on Microsoft Windows NT 4.0

Agenda. Taxonomy of Botnet Threats. Background. Summary. Background. Taxonomy. Trend Micro Inc. Presented by Tushar Ranka

LEARNING COMPUTER SYSTEMS VULNERABILITIES EXPLOITATION THROUGH PENETRATION TEST EXPERIMENTS

Procedure: You can find the problem sheet on Drive D: of the lab PCs. 1. IP address for this host computer 2. Subnet mask 3. Default gateway address

Hands-On Ethical Hacking and Network Defense Second Edition Chapter 8 Desktop and Server OS Vulnerabilities

Social Engineering and Reverse Social Engineering Ira S. Winkler Payoff

BASIC ANALYSIS OF TCP/IP NETWORKS

CHAINED EXPLOITS Advanced Hacking Attacks from Start to Finish

An Introduction to Network Vulnerability Testing

Tools for penetration tests 1. Carlo U. Nicola, HT FHNW With extracts from documents of : Google; Wireshark; nmap; Nessus.

Windows Operating Systems. Basic Security

WHITE PAPER. An Introduction to Network- Vulnerability Testing

Domain 5.0: Network Tools

2. From a control perspective, the PRIMARY objective of classifying information assets is to:

Part I - Gathering WHOIS Information

Before deploying SiteAudit it is recommended to review the information below. This will ensure efficient installation and operation of SiteAudit.

REPORT ON AUDIT OF LOCAL AREA NETWORK OF C-STAR LAB

1 hours, 30 minutes, 38 seconds Heavy scan. All scanned network resources. Copyright 2001, FTP access obtained

Internet Security [1] VU Engin Kirda

Targeted attacks: Tools and techniques

Identity Theft Protection

4. Getting started: Performing an audit

1. LAB SNIFFING LAB ID: 10

Description: Objective: Attending students will learn:

Pension Benefit Guaranty Corporation. Office of Inspector General. Evaluation Report. Penetration Testing An Update

The purpose of this report is to educate our prospective clients about capabilities of Hackers Locked.

Foundstone ERS remediation System

Securing an Internet Name Server

NETWORK AND CERTIFICATE SYSTEM SECURITY REQUIREMENTS

Glossary of Technical Terms Related to IPv6

ITEC441- IS Security. Chapter 15 Performing a Penetration Test

NETWORK PENETRATION TESTING

Web Security School Final Exam

FREQUENTLY ASKED QUESTIONS


Advanced Honeypot System for Analysing Network Security

Different Types of Adware and Services

Footprinting and Reconnaissance Tools

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. Chapter 4 Finding Network Vulnerabilities

Ed Ferrara, MSIA, CISSP Fox School of Business

CYBS Penetration Testing and Vulnerability Assessments. Mid Term Exam. Fall 2015

VULNERABILITY ASSESSMENT WHITEPAPER INTRODUCTION, IMPLEMENTATION AND TECHNOLOGY DISCUSSION

DC Agent Troubleshooting

IDS and Penetration Testing Lab ISA656 (Attacker)

GFI Product Manual. Administration and Configuration Manual

Information Security Organizations trends are becoming increasingly reliant upon information technology in

Detecting Web Application Vulnerabilities Using Open Source Means. OWASP 3rd Free / Libre / Open Source Software (FLOSS) Conference 27/5/2008

Penetration Testing Getting the Most out of Your Assessment. Chris Wilkinson Crowe Horwath LLP September 22, 2010

SAFE-T RSACCESS REPLACEMENT FOR MICROSOFT FOREFRONT UNIFIED ACCESS GATEWAY (UAG)

This chapter covers the following topics: Why Network Security Is Necessary Secure Network Design Defined Categorizing Network Security Threats How

Build Your Own Security Lab

Client Server Registration Protocol

Trend Micro Hosted Security. Best Practice Guide

N-CAP Users Guide Everything You Need to Know About Using the Internet! How Firewalls Work

Common Cyber Threats. Common cyber threats include:

Penetration Testing: Lessons from the Field

SCADA Security Example

Penetration Testing Service. By Comsec Information Security Consulting

CISO's Guide to. Penetration Testing. James. S. Tiller. A Framework to Plan, Manage, and Maximize Benefits. CRC Press. Taylor & Francis Group

Universities and Schools Under Cyber-Attack: How to Protect Your Institution of Excellence

Jumpstarting Your Security Awareness Program

Basic Vulnerability Issues for SIP Security

HE WAR AGAINST BEING AN INTERMEDIARY FOR ANOTHER ATTACK

A43. Modern Hacking Techniques and IP Security. By Shawn Mullen. Las Vegas, NV IBM TRAINING. IBM Corporation 2006

Penetration Testing. Presented by

Field Description Example. IP address of your DNS server. It is used to resolve fully qualified domain names

Joint Universities Computer Centre Limited ( JUCC ) Information Security Awareness Training - Session One

Chris Gates

Web App Security Audit Services

Database Security Guideline. Version 2.0 February 1, 2009 Database Security Consortium Security Guideline WG

Information Technology Career Cluster Introduction to Cybersecurity Course Number:

Learn Ethical Hacking, Become a Pentester

IDS and Penetration Testing Lab ISA 674

Appalachian Regional Commission Evaluation Report. Table of Contents. Results of Evaluation Areas for Improvement... 2

Transcription:

Computer Security and Penetration Testing Chapter 2 Reconnaissance

Objectives Identify various techniques for performing reconnaissance Distinguish and discuss the methods used in social engineering Discuss the importance of dumpster diving in reconnaissance Identify a variety of phases of Internet footprinting Cengage Learning 2014 2

Reconnaissance Reconnaissance Act of locating targets and developing the methods necessary to attack those targets successfully May be extremely flexible and creative Reconnaissance is not by definition illegal Many reconnaissance techniques are completely legal Cengage Learning 2014 3

Figure 2-1 Abridged organization chart Cengage Learning 2014 4

Some Legal Reconnaissance Legal activities Looking up all of the information about a company available on the Internet Calling with a problem requiring customer service assistance Interviewing a member of the staff for a school project Physical entry of a facility, including attending a tour of the facility Making friends with somebody who works there or used to work there Cengage Learning 2014 5

Some Questionable Reconnaissance Questionable activities Performing a passive port scan Reading the names on the mail sitting on a mail cart Scanning the document lying loose on a desk Picking up trash in the parking lot Picking up a copy of the employee newsletter Asking for a phone list, business card or product specs Looking through a garbage can War driving Cengage Learning 2014 6

Some Illegal Reconnaissance Illegal activities Developing a front company for the purpose of robbing or defrauding Stealing garbage Entering a home or office to look for information Dropping a keylogger Leaving a sniffer Cengage Learning 2014 7

Social Engineering Social engineering works, for the most part, because people are trusting and helpful The weakest link in any security scheme is the user The success or failure of social engineering Depends on the ability of hackers to manipulate human psychology, contacts, and physical workstations Cengage Learning 2014 8

Social Engineering Techniques Impersonation Could be at an instance level (impersonating someone) Could be on a role or function level (dressing like a service person) Bribery Hacker can pit a person s greed and ignorance against his loyalty to the organization Blackmail is a common tactic to keep a target employee fruitful Cengage Learning 2014 9

Social Engineering Techniques Deception (continued) Achieve access to information by joining the company As an employee or a consultant Conformity Hacker convinces the victim that they have a lot in common and that they share the same values Hacker becomes the victim s good friend Reverse social engineering Hacker projects herself as an authority vested with the power to solve peoples problems Cengage Learning 2014 10

Physical Intrusion Foremost traditional technique of social engineering Requires Learning the schedules of the organization Knowing the floor plan of the building or buildings Baselining the security procedures Hacker can develop fake identification cards Last step is to acquire useful or valuable information Cengage Learning 2014 11

Physical Intrusion (continued) Avoiding suspicion Never collect all the required information from a single user or source Never hold a position after the value of the position has ended The more valuable the information is, the more likely hackers are working with a team When physical intrusion is not a possibility, hackers use communication media Cengage Learning 2014 12

Communication Media Postal Mail Powerful tool for social engineers Typical attack E-mail Victim receives a letter announcing that he or she has won a prize Mailer asks for tax information, phone numbers, e-mail addresses, and other information Greed leads the victim to happily surrender all sorts of information Used in a variety of scams and false offerings Cengage Learning 2014 13

Communication Media (continued) E-mail Attacks Hacker sends an e-mail purported to be from a legitimate IT e-mail account Asks for user s password to help solve a problem Hacker sends e-mail message invitations to join online competitions for receiving prizes Joining requires sending sensitive information Phishing User is tricked into giving private information about his or her account with a known large organization Cengage Learning 2014 14

Figure 2-2 Typical phishing form Cengage Learning 2014 15

Communication Media (continued) Instant Messaging Social engineer attempts to befriend the victim To gather information or send the victim to a Web link she might be likely to visit Telephone Communication Social engineers may manipulate background sounds and their own voice to produce a required effect Help desk personnel are vulnerable targets Social engineers often impersonate technicians Cengage Learning 2014 16

Countering Social Engineering Steps to counter social engineering attempts: Do not provide any information to unknown people Do not disclose any confidential information to anyone over the telephone Do not type passwords or other confidential information in front of unknown people Do not submit information to any insecure Web site Do not use same username/password for all accounts Verify credentials of persons asking for passwords Cengage Learning 2014 17

Countering Social Engineering (continued) Steps to counter social engineering attempts: Keep confidential documents locked Lock or shut down computers when away from the workstation Instruct help desk employees to provide information only after they have gained proper authentication Cengage Learning 2014 18

Dumpster Diving Dumpster diving Often the mother lode of sensitive information as well as actual hardware and software Hackers look specifically for sales receipts and paperwork That contain personal data or credit card information Shredded documents can lead to data leaks Drafts of letters are routinely left whole in the trash Company directory sheets, catalog lists, unused or misprinted labels, and policy manuals Cengage Learning 2014 19

Importance of Proper Discarding of Refuse Security policy must carefully address what is sensitive information And decide how to treat refuse Best solution to theft of trash paper Crosscut-shred it and keep it in locked trash receptacles Hackers search for outdated hardware There are tools that can restore data from damaged data-storage devices Cengage Learning 2014 20

Prevention of Dumpster Diving Guidelines that help preventing dumpster diving Develop a written recycling and trash-handling policy Use the policy to develop a consistent, systematic method for handling trash The trash-handling policy should state that all papers be shredded Erase all data from tapes, floppies, and hard disks Simply breaking CD-ROMs is not sufficient, place them in a microwave and heat them Cengage Learning 2014 21

Internet Footprinting A technical method of reconnaissance Hackers like this method because it is clean, legal, and safe Four methods used in Internet footprinting Web searching Network enumeration Domain Name System (DNS) based reconnaissance Network-based reconnaissance Cengage Learning 2014 22

Search Engines Web Searching Can be used to collect information about any subject or organization Companies basic information are available through search engines Any company or organization is vulnerable to innocent searches HTML Source Code You can view the source code of any Web page Area of interest in an HTML source code is its comment entries and the hints of the organization of the site Cengage Learning 2014 23

Web Searching (continued) HTML Source Code (continued) Knowing the format of usernames or passwords can be useful You should have a default or an index page in every subdirectory Newsgroups Text-based online groups in which users discuss subjects that interest them Part of an online bulletin board system called USENET Hackers read postings in newsgroups to discover information and documents relating to targeted systems Cengage Learning 2014 24

Web Searching (continued) Security-Related Web Sites Hackers study these Web sites to learn about new developments in information security Especially about new exploits Newsletters Provide cutting-edge developments to hackers Most of the time are available free of charge Automatically e-mailed to individuals Cengage Learning 2014 25

Network Enumeration Process of identifying domain names as well as other resources on the target network WHOIS Search WHOIS Internet tool that aids in retrieving domain name specific information from the NSI Registrar database Allows the InterNIC database to be queried Displays the information about the searched item Hackers use the WHOIS tool first to extract critical data about their target system And then to conduct hacking activities Cengage Learning 2014 26

Source: www.dnsstuff.com Cengage Learning 2014 27

Network Enumeration (continued) whois CLI Command WHOIS Web application is also available at the command-line interface (CLI) Of POSIX systems like UNIX, Solaris, and Linux Cengage Learning 2014 28

Figure 2-4 CLI view of the whois command (on Ubuntu Linux) Cengage Learning 2014 29

Domain Name System (DNS) Based DNS Lookup Reconnaissance Tools help Internet users discover the DNS names of target computers Web sites that provide DNS lookup tools www.dnsstuff.com www.network-tools.com www.networksolutions.com DNS Zone Transfer Every DNS server has a name space, known as a zone A zone stores data about domain names Cengage Learning 2014 30

Domain Name System (DNS) Based Reconnaissance (continued) DNS Zone Transfer (continued) Zone transfer is a DNS feature that lets a DNS server update its database With the list of domain names in another DNS server An incorrectly configured DNS server may allow any Internet user to perform a zone transfer Commands to perform a DNS zone transfer nslookup host Allows anyone to query a DNS server for information Program that permits you to perform DNS lookup Cengage Learning 2014 31

Domain Name System (DNS) Based Reconnaissance (continued) Figure 2-5 Nslookup command output for NetworkSolutions.com s NS1 nameserver Cengage Learning 2014 32

Source: Microsoft Paint Cengage Learning 2014 33

Source: Microsoft Paint Cengage Learning 2014 34

Domain Name System (DNS) Based Reconnaissance (continued) DNS Zone Transfer (continued) Commands to perform a DNS zone transfer dig Domain information groper (dig) Used to collect DNS-related data Cengage Learning 2014 35

Network-Based Reconnaissance ping Part of the Internet Control Message Protocol (ICMP) Helps to verify whether a host is active Command is available for all platforms There are two ping utilities available for a Linux or Unix machine: ping and ping6 traceroute A request for a Web page that resides on a remote server must pass through several servers on its way Command can track all of the intermediate servers Cengage Learning 2014 36

Source: Microsoft Paint Cengage Learning 2014 37

Source: Microsoft Paint Cengage Learning 2014 38

Network-Based Reconnaissance traceroute (continued) In UNIX-based operating systems use traceroute command In Windows operating systems use tracert command Cengage Learning 2014 39

Source: Microsoft Paint Cengage Learning 2014 40

netstat Network-Based Reconnaissance (continued) Allows all the transmission Control Protocol (TCP), User Datagram Protocol (UDP), and IP connections on a computer to be viewed Also helps to locate IP address of computers IP addresses of the hosts connected to the computers Port of the host to which a computer is connected Cengage Learning 2014 41

Source: Microsoft Paint Cengage Learning 2014 42

Summary Reconnaissance is the act of locating targets and developing the methods necessary to attack those targets successfully Social engineering works because people are, for the most part, trusting and helpful To counter social engineering, organizations must establish known security policies and conduct mandatory security training Dumpster diving can provide hackers with sensitive information, as well as hardware and software Cengage Learning 2014 43

Summary (continued) Four methods of Internet footprinting: Web searching, network enumeration, Domain Name System (DNS)- based reconnaissance, and network-based reconnaissance During Web searching, hackers collect information about a target organization by reading Web pages produced by that organization Network enumeration is the process of identifying domain names and other resources on the target network Cengage Learning 2014 44

Summary (continued) DNS-based reconnaissance uses information available from DNS servers about the IP addresses of target network domain names Network-based reconnaissance is the process of identifying active computers and services on a target network via tools such as ping, traceroute, and netstat Cengage Learning 2014 45

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information