Phases of EH - Chapter 2
Chapter 2
**Please read this article only after reading my articles on Cybersecurity Introduction. Not because you will not understand this chapter, but it’s important that you should know how to be secured in the first place. **
What is Ethical Hacking?
Ethical Hacking sometimes called as Penetration Testing is an act of intruding/penetrating into system or networks to find out threats, vulnerabilities in those systems which a malicious attacker may find and exploit causing loss of data, financial loss or other major damages. The purpose of ethical hacking is to improve the security of the network or systems by fixing the vulnerabilities found during testing. Ethical hackers may use the same methods and tools used by the malicious hackers but with the permission of the authorized person for the purpose of improving the security and defending the systems from attacks by malicious users.
Ethical hackers are expected to report all the vulnerabilities and weakness found during the process to the management.
Who is an Ethical Hacker?
An Ethical Hacker is a skilled professional who has excellent technical knowledge and skills and knows how to identify and exploit vulnerabilities in target systems. He works with the permission of the owners of systems. An ethical Hacker must comply with the rules of the target organization or owner and the law of the land and their aim is to assess the security posture of a target organization/system.
Phases of Hacking:
There are mainly 5 phases in hacking. Not necessarily a hacker has to follow these 5 steps in a sequential manner. It’s a stepwise process and when followed yields a better result.
1. Reconnaissance:
This is the first step of Hacking. It is also called as Footprinting and information gathering Phase. This is the preparatory phase where we collect as much information as possible about the target.
We usually collect information about three groups: Network, Host and People involved
There are two types of Footprinting:
Active: Directly interacting with the target to gather information about the target. Eg Using Nmap tool to scan the target
Passive: Trying to collect the information about the target without directly accessing the target. This involves collecting information from social media, public websites etc.
2. Scanning:
Three types of scanning are involved:
Port scanning: This phase involves scanning the target for the information like open ports, Live systems, various services running on the host.
Vulnerability Scanning: Checking the target for weaknesses or vulnerabilities which can be exploited. Usually done with help of automated tools
Network Mapping: Finding the topology of network, routers, firewalls servers if any, and host information and drawing a network diagram with the available information. This map may serve as a valuable piece of information throughout the hacking process.
3. Gaining Access:
This phase is where an attacker breaks into the system/network using various tools or methods. After entering into a system, he has to increase his privilege to administrator level so he can install an application he needs or modify data or hide data.
4. Maintaining Access:
Hacker may just hack the system to show it was vulnerable or he can be so mischievous that he wants to maintain or persist the connection in the background without the knowledge of the user. This can be done using Trojans, Rootkits or other malicious files. The aim is to maintain the access to the target until he finishes the tasks he planned to accomplish in that target.
5. Clearing Track:
No thief wants to get caught. An intelligent hacker always clears all evidence so that in the later point of time, no one will find any traces leading to him. This involves modifying/corrupting/deleting the values of Logs, modifying registry values and uninstalling all applications he used and deleting all folders he created.
Attack Types:
Operating System Attacks:
Finding OS Vulnerabilities and Exploit them For.eg. buffer overflow, un-patched system.
Misconfiguration Attacks:
Targeted towards databases, networks, web servers, application platforms etc, It Happens due to the misconfiguration of the deployed devices or system..
Application Level Attacks:
Attacks are targeted towards the installed applications, e.g: Buffer overflow, cross-site scripting, SQL injection etc.
Shrink Wrap Code Attacks:
Using default or off the shelf components, it happens if the code/script is not fine-tuned.
Vulnerability Assessment:
It is the process of identifying vulnerabilities {We'll discuss about this in future chapters} in the computer systems, networks, and the communication channels. It is performed as a part of auditing and also to defend the systems from further attacks. The vulnerabilities are identified, classified and reported to the authorities so that necessary measures can be taken to fix them and protect the organization.
Penetration Testing:
It is the process of evaluating the security of an organization by exploiting the vulnerabilities in a way the attackers could exploit them and thereby defending as well as documenting the procedure of attack.
Types of penetration testing:
Black box: The penetration tester will not be given any details pertaining to the network, or infrastructure of the network/ organization
White Box: the penetration tester will be aware of the complete details of the infrastructure to be tested
Grey box: The penetration tester will be provided with a limited knowledge about the systems to be tested.
Information Security Laws, Standards and frameworks:
PCI-DSS: Payment card industry Data security standard
HIPPA – Health Insurance Privacy Protection Act
ISO:IEC 27001:2013
Sarbanes Oxley attack (SOX)
The digital Millenium copyright Act (DMCA)
The federal Information secuirty Management act (FISMA)
I will go in depth about all the above topics in future.. Please stay tuned......
Comments
Post a Comment