Post on 21-Aug-2014
Ethical
Hacking
A Written Seminar Report By:
1. Dhairye Rakesh Kamra (333)
2. Ankit Satish Taparia (396)
3. Jinali Rakesh Shah (378)
4. Bhumin Shah (407)
Seminar report on
Ethical Hacking
3rd
year seminar report of
Trimester-VII
Submitted in the partial fulfillment of the requirements for the degree of
Bachelor of Technology
In
Computer Engineering
By
Dhairye R. Kamra
333
Jinali Shah
378
Ankit Taparia
396
Bhumin Shah
407
Under the guidance of
Ms. Pallavi Halarnkar Department of Computer Engineering
Mukesh Patel School of Technology Management & Engineering
JVPD Scheme Bhaktivedanta swami Marg,
Vile Parle (w), Mumbai- 400 056.
Mukesh Patel School of Technology Management & Engineering
JVPD Scheme Bhaktivedanta swami Marg,
Vile Parle (w), Mumbai- 400 056.
Certificate This is to certify that the Seminar report entitled Ethical Hacking submitted by Dhairye Kamra, Jinali
Shah, Ankit Taparia, Bhumin Shah for the partial fulfillment of B.Tech Degree, as per the norms
prescribed by NMIMS Deemed-to-be University, during Trimester VII of the academic year 2011-2012,
has been assessed and found to be satisfactory.
Internal Examiner(s) External Examiner(s)
__________________ ____________________
__________________ ____________________
Mentor Name: Ms. Pallavi Halarnkar
_______________________
DEAN
Dr. D. J. SHAH
ABSTRACT
The explosive growth of the Internet has brought many good things: electronic commerce, easy
access to vast stores of reference material, collaborative computing, e-mail, and new avenues for
advertising and information distribution, to name a few. As with most technological advances,
there is also a dark side: criminal hackers. Governments, companies, and private citizens around
the world are anxious to be a part of this revolution, but they are afraid that some hacker will
break into their Web server and replace their logo with pornography, read their e-mail, steal their
credit card number from an on-line shopping site, or implant software that will secretly transmit
their organization's secrets to the open Internet. With these concerns and others, the ethical
hacker can help. This paper describes ethical hackers: their skills, their attitudes, and how they
go about helping their customers find and plug up security holes.
Keywords: Armet, synchronization, stimuli, latency, degrees of freedom, position trackers,
quaternion, perceptual cues, haptic
ACKNOWLEDGEMENT
We would like to acknowledge and extend our heartfelt gratitude to the following people for
their magnificent support and contributions who have made the completion of this report
possible; Mr. Sudeep Thepade, HOD of the Computer Department and Mrs. Dimple Parekh for
the constant reminders and much needed motivation, and Ms. Pallavi Halarnkar, for generously
sharing her wisdom, knowledge, guiding us and supporting us meticulously.
Above all, we would like to thank God and our parents for their support, guidance and blessings
which have made this report possible.
DECLARATION
We, Dhairye Kamra (333), Jinali Shah (378), Ankit Taparia (396) and Bhumin Shah (407)
understand that plagiarism is defined as any one or the combination of the following:
1. Unaccredited verbatim copying of individual sentences, paragraphs or illustrations (such
as graphs, diagrams, etc.) from any source, published, including the internet.
2. Unaccredited improper paraphrasing of pages or paragraphs (changing a few words or
phrases, or rearranging the original sentence order).
3. Credited verbatim copying of a major portion of a paper (or thesis chapter) without clear
delineation of who did or wrote what.
We have made sure that all the ideas, expressions, graphs, diagrams, etc., that are not a result of
any work are properly credited. Long phrases or sentences that had to be used verbatim from
published literature have been clearly identified using quotation mark.
We affirm that no portion of our work can be considered as plagiarism and we take full
responsibility if such a complaint occurs. We understand fully well that the guide of
seminar/project report may not be in a position to check for the possibility of such incidences of
plagiarism in this body of work.
Signature:
Name: Dhairye Kamra Jinali Shah Ankit
Taparia
Bhumin Shah
Roll No.: 333 378 396 407
Date:
1 | P a g e
Chapter 1
INTRODUCTION
1.1. Hacking And Their Disadvantages
Social implications accompany technological advances. Social change resulting from
technological advances may manifest itself in the changing perceptions of self, shearing
definitions of moral behavior, and increasing demands for protection from newly perceived
dangers. This paper examines a social behavior rooted in the poor state of information security
on the internet that was first documented in 1987. Ethical hackers believe one can best protect
systems by probing them while causing no damage and subsequently fixing the vulnerabilities
found. Ethical hackers simulate how an attacker with no inside knowledge of a system might try
to penetrate and believe their activities benefit society by exposing system weaknesses - stressing
that if they can break these systems so could terrorists. The result is not only enhanced local
security for the ethical hacker but also enhanced overall Internet security. Hacking is a loaded
term ~ the distinction between hacking and cracking is not universal. The concept of hacking is
derived from the dictionary meaning of ―hack‖ as a verb ―to chop or cut roughly, to make rough
cuts‘‘ as in programming using ad hoc methods based on experience without necessarily having
a formal plan or methodology for evaluation . While hacking has in the past been considered as
counter-cultural, this is changing. Hacking may have been counter-cultural at one time but it was
never anti-social since the result of hacking is a ―hack‖ (a clever but unstructured programming
solution to a problem) that can only be realized if it is shared with others - there is no such thing
as a ―private hack―. Unauthorized computer intrusions are considered illegal in all but the most
desperate of circumstances.
2 | P a g e
1.2. About Non-Ethical Hackers (Black Hats)
‗Once hacking ability is used to commit a crime the hacker becomes a criminal [9]. Criminal
hackers or ―crackers‖ gain unauthorized access primarily to seek financial gain hut recently other
motivations of crackers have been categorized such as seeking to subvert systems, doing damage
to systems (vandalism), promoting political causes (hactivism), and acting as an agent of a
foreign state (cyber terrorism and information warfare). The misapplication of the term cracker
to a law-abiding hacker is due to celebrated incidents of unauthorized intrusions into computer
systems that have incorrectly been attributed to backers due to the extensive programming skill
needed to achieve success. In this seminar report we will maintain this distinction, the term
hacker to mean a law abiding programmer of special characteristics and cracker to mean a
criminal programmer.
1.3. About Ethical Hackers (White Hats)
When ―ethical‖ is placed in front of the term hacking it denotes moral activity, Unethical hacking
has no permission to intrude on systems. Ethical hacking includes permission to intrude such as
contracted consulting services, hacking contests, and beta testing. If there is no permission to
intrude, ethical hackers still find ad hoc ways to become aware of the system security of other
systems. The end goal of ethical hackers is to learn system vulnerabilities so that they can be
repaired for community self-interest - and as a side-product also the common good. Networked
systems are dependent upon each other for system security so awareness of the security of
machines within one‘s community-of-interest is not entirely altruistic but rather concerned with
system security.
These early efforts province good examples of ethical hackers. Successful ethical hackers
possess a variety of skills. First and foremost, they must be completely trustworthy. While
testing the security of a client's systems, the ethical hacker may discover information about the
client that should remain secret. In many cases, this information, if publicized, could lead to real
intruders breaking into the systems, possibly leading to financial losses. During an evaluation,
3 | P a g e
the ethical hacker often holds the "keys to the company," and therefore must be trusted to
exercise tight control over any information about a target that could be misused. The sensitivity
of the information gathered during an evaluation requires that strong measures be taken to ensure
the security of the systems being employed by the ethical hackers themselves: limited-access
labs with physical security protection and full ceiling-to-floor walls, multiple secure Internet
connections, a safe to hold paper documentation from clients, strong cryptography to protect
electronic results, and isolated networks for testing.
Ethical hackers typically have very strong programming and computer networking skills and
have been in the computer and networking business for several years. They are also adept at
installing and maintaining systems that use the more popular operating systems (e.g., UNIX**
or Windows NT**) used on target systems. These base skills are augmented with detailed
knowledge of the hardware and software provided by the more popular computer and networking
hardware vendors. It should be noted that an additional specialization in security is not always
necessary, as strong skills in the other areas imply a very good understanding of how the security
on various systems is maintained. These systems management skills are necessary for the actual
vulnerability testing, but are equally important when preparing the report for the client after the
test..
Finally, good candidates for ethical hacking have more drive and patience than most people.
Unlike the way someone breaks into a computer in the movies, the work that ethical hackers do
demands a lot of time and persistence. This is a critical trait, since criminal hackers are known to
be extremely patient and willing to monitor systems for days or weeks while waiting for an
opportunity. A typical evaluation may require several days of tedious work that is difficult to
automate. Some portions of the evaluations must be done outside of normal working hours to
avoid interfering with production at "live" targets or to simulate the timing of a real attack. When
they encounter a system with which they are unfamiliar, ethical hackers will spend the time to
learn about the system and try to find its weaknesses. Finally, keeping up with the ever-changing
world of computer and network security requires continuous education and review.
One might observe that the skills we have described could just as easily belong to a criminal
hacker as to an ethical hacker. Just as in sports or warfare, knowledge of the skills and
techniques of your opponent is vital to your success. In the computer security realm, the ethical
hacker's task is the harder one. With traditional crime anyone can become a shoplifter, graffiti
4 | P a g e
artist, or a mugger. Their potential targets are usually easy to identify and tend to be localized.
The local law enforcement agents must know how the criminals ply their trade and how to stop
them. On the Internet anyone can download criminal hacker tools and use them to attempt to
break into computers anywhere in the world. Ethical hackers have to know the techniques of the
criminal hackers, how their activities might be detected, and how to stop them.
Given these qualifications, how does one go about finding such individuals The best ethical
hacker candidates will have successfully published research papers or released popular open-
source security software. The computer security community is strongly self-policing, given the
importance of its work. Most ethical hackers, and many of the better computer and network
security experts, did not set out to focus on these issues. Most of them were computer users from
various disciplines, such as astronomy and physics, mathematics, computer science, philosophy,
or liberal arts, who took it personally when someone disrupted their work with a hack.
The Ethical Hacker is an individual who is usually employed with the organization and who can
be trusted to undertake an attempt to penetrate networks and/or computer systems using the same
methods as a Hacker. The most important point is that an Ethical Hacker has authorization to
probe the target. The CEH Program certifies individuals in the specific network security
discipline of Ethical Hacking from a vendor-neutral perspective. The Certified Ethical Hacker
certification will fortify the application knowledge of security officers, auditors, security
professionals, site administrators, and anyone who is concerned about the integrity of the
network infrastructure. A Certified Ethical Hacker is a skilled professional who understands and
knows how to look for the weaknesses and vulnerabilities in target systems and uses the same
knowledge and tools as a malicious hacker.
The principles of the Hacker Ethic were:
Access to computersۥand anything which might teach you something about the way the world
works should be unlimited and total. Always yield to the Hands-on Imperative!
All information should be free.
Hackers should be judged by their hacking, not bogus criteria such as degrees, age, race, or
position.
You can create art and beauty on a computer. Computers can change your life for the better.
One rule that IBM's ethical hacking effort had from the very beginning was that we would not
hire ex-hackers. While some will argue that only a "real hacker" would have the skill to actually
5 | P a g e
do the work, we feel that the requirement for absolute trust eliminated such candidates. We
likened the decision to that of hiring a fire marshal for a school district: while a gifted ex-arsonist
might indeed know everything about setting and putting out fires, would the parents of the
students really feel comfortable with such a choice This decision was further justified when the
service was initially offered: the customers themselves asked that such a restriction be observed.
Since IBM's ethical hacking group was formed, there have been numerous ex-hackers who have
become security consultants and spokespersons for the news media. While they may very well
have turned away from the "dark side," there will always be a doubt.
The goal of the ethical hacker is to help the organization take preemptive measures against
malicious attacks by attacking the system himself; all the while staying within legal limits. This
philosophy stems from the proven practice of trying to catch a thief, by thinking like a thief. The
Ethical Hacker is an individual who is usually employed with the organization and who can be
trusted to undertake an attempt to penetrate networks and/or computer systems using the same
methods as a Hacker. The most important point is that an Ethical Hacker has authorization to
probe the target. The CEH Program certifies individuals in the specific network security
discipline of Ethical Hacking from a vendor-neutral perspective. The Certified Ethical Hacker
certification will fortify the application knowledge of security officers, auditors, security
professionals, site administrators, and anyone who is concerned about the integrity of the
network infrastructure. A Certified Ethical Hacker is a skilled professional who understands and
knows how to look for the weaknesses and vulnerabilities in target systems and uses the same
knowledge and tools as a malicious hacker.
6 | P a g e
1.4. Understanding Ethical Hacking Diagrammatically
Internet Concerns
Vulnerabilities Bugs & Faults Exploits & Attacks
1.5 White Hats Vs Black Hats
The white hat is also one of Edward de Bono's Six Thinking Hats.
A white hat hacker, also rendered as ethical hacker, is, in the realm of information
technology, a person who is ethically opposed to the abuse of computer systems. The
term is derived from American western movies, where the good cowboy typically wore a
white cowboy hat and the bad cowboy wore a black one. Realizing that the Internet now
represents human voices from all around the world makes the defense of its integrity an
So
lut
io
n
Sol
uti
on
Ethical Hacking
Solution
7 | P a g e
important pastime for many. A white hat generally focuses on securing IT systems,
whereas a black hat (the opposite) would like to break into them ― but this is a
simplification. A black hat will wish to secure his own machine, and a white hat might
need to break into a black hat's machine in the course of an investigation. What exactly
Department of Computer Science & Engineer:
SNGCE, Kadayiruppu..
differentiates white hats and black hats is open to interpretation, but white hats tend to
cite altruistic motivations.
The term white hat hacker is also often used to describe those who attempt to break into
systems or networks in order to help the owners of the system by making them aware of
security flaws, or to perform some other altruistic activity. Many such people are
employed by computer security companies; these professionals are sometimes called
sneakers. Groups of these people are often called tiger teams.
The primary difference between white and black hat hackers is that a white hat hacker
claims to observe the hacker ethic. Like black hats, white hats are often intimately
familiar with the internal details of security systems, and can delve into obscure machine
code when needed to find a solution to a tricky problem.
An example of a hack: Microsoft Windows ships with the ability to use cryptographic
libraries built into the operating system. When shipped overseas this feature becomes
nearly useless as the operating system will refuse to load cryptographic libraries that
haven't been signed by Microsoft, and Microsoft will not sign a library unless the U.S.
government authorizes it for export. This allows the U.S. government to maintain some
perceived level of control over the use of strong cryptography beyond its borders.
While hunting through the symbol table of a beta release of Windows, a couple of
overseas hackers managed to find a second signing key in the Microsoft binaries. That
is, without disabling the libraries that are included with Windows (even overseas), these
individuals learned of a way to trick the operating system into loading a library that
hadn't been signed by Microsoft, thus enabling the functionality which had been lost to
non-U.S. users.
Whether this is good or bad may depend on whether you respect the letter of the law, but
is considered by some in the computing community to be a white hat type of activity.
8 | P a g e
Some use the term grey hat or (very rarely) brown hat to describe someone on the
borderline between black and white.
In recent years the terms White hat and Black hat have been applied to the Search
Engine Optimization (SEO) industry. Black hat SEO tactics, also called spamdexing,
attempt to redirect search results to particular target pages, whereas white hat methods
are generally approved by the search engines.
9 | P a g e
Chapter 2
Ethical Hacking
2.1. What is Ethical Hacking?
Although Ethical might cringe at the idea of unleashing hackers in our companies‘ systems, we
have, in fact, been doing so for years. We do it through software testing, looking for weaknesses
before releasing applications as well as testing external vulnerabilities through red team
activities. Yet, at this conference, it‘s called what it is: hacking.
Hacking involves creativity and out-of-the-box thinking, looking for different ways to get in—if
not the door, then the windows, any of them (no pun intended); if not the windows, then the duct
work, or the basement or attic. You get the idea. The ethical hacker is a trusted employee hired to
attempt to penetrate networks and computer systems using the same methods as hackers.
Hacking is a felony in most countries, but it‘s legal when done by request and under a contract
between the ethical hacker and the organization that owns the systems being hacked. A certified
ethical hacker is a skilled professional who understands and knows how to look for weaknesses
and vulnerabilities in target systems using the same knowledge and tools as a malicious hacker.
Through this class, students are immersed in an interactive environment in which they learn to
scan, test, hack, and secure their own systems. They will come to understand how perimeter
defenses work, how to scan and attack their networks, and how intruders escalate privileges.
This is just one of the many classes advertised on the Black Hat site. Attendees believe the
classes present a lot of important information about issues such as the vulnerabilities in Web 2.0
technologies, the Cisco IOS (Input/output Services) rootkit, Google gadgets, and Microsoft
products. Ellen Messmer of Network World refers to this conference as a ―funhouse‖ where
experts ―seek to shock and amaze by poking holes in today‘s network technologies‖ (E.
Messmer) The conference also offers many other interesting presentations, including ―How to
Impress Girls with Browser Memory Bypasses,‖ ―The Internet Is Broken‖ and ―Get Rich or Die
Trying‖ .
10 | P a g e
2.2. What Does Ethical Hacking Mean To Us?
The Internet has become indispensable to business by allowing organizations to conduct
Ecommerce, provide better customer service, collaborate with partners, reduce communications
costs, improve internal communications, and access needed information rapidly. While computer
networks have revolutionized the way businesses operate, the risks they introduce via
interconnectivity can be devastating.
Attacks on computer systems via the Internet can lead to lost money, time, products, reputation,
sensitive information, and lives. In the rush to benefit from using the Internet, organizations have
often not come to terms with significant risks including: Time-to-market pressures are forcing
vendors release products too early with inadequate or no testing. The impact of defective
software is immense; causing firms to lose a lot of monetary value per annum in repair costs,
downtime, and lost productivity.
Current software engineering practices used by vendors do not produce systems that are immune
from attack. System operators do not have the people or best practices to defend against attacks
or minimize damage. Policy and law in cyberspace is immature and lags the state-of-the-art in
attacks. There is a continued movement to complex, client-server, and heterogeneous
configurations with distributed management.
There is very little evidence of security improvements in most systems since new vulnerabilities
are routinely discovered. Current security tools are lacking in that they only address parts of the
problem and not the system as a whole. Lack of understanding leads to reliance upon partial
solutions. System administration is difficult and becoming unmanageable due to patching against
increased vulnerabilities. As if the situation needed to be any worse, intruders are building a
growing technical base of knowledge and skills leveraged through automation and exploiting
network interconnectivity.
In response, the market for security products and services is growing faster than the supply of
quality products and service providers. Consumers need to go beyond awareness to critical
11 | P a g e
understanding but urgency has also created many problem products and services have moved to
this niche unfortunately only selling snake oil - ―If you want it badly, you‘ll get it badly‖. It is
becoming a consensus that there is no single product or group of products that can be bought to
create security but rather a combination of products with skilled personnel and business
processes. The end result is a ―wild west‖ scenario where the average time for a PC to be broken
into directly out-of the- box from the store and attached to the Internet is less than 24 hours with
a worst case scenario of 15 minutes?
Many, who can afford it, are honing to ―hired guns‖ for protection. To continue this western
metaphor, the ‗‗town sheriff‘ who maintains community protection is the ethical hacker.
2.3. How Does Ethical Hacking Work?
The idea of testing the security of a system by trying to break into it is not new. This type of
testing is notably used to determine automobile crashworthiness as one example. The earliest
work on penetration testing in computer systems dates back to 1975 [SI. Penetration testing is
not sufficient by itself - passing a penetration test does not mean the tested system cannot be
compromised [6]. The penetration tests are often only as thorough as the people administering
them so known vulnerabilities may be missed. Scans have been known to miss important ―pop-
up‖ servers that periodically connect and then quickly disconnect from the network. Since
scanners only check for known vulnerabilities, a system that successfully passes a scan may still
be wide open to a new unknown attack. Penetration testing by ethical hackers is among the most
thorough methods for finding vulnerabilities and increasing protection for a dynamic network of
computers. Correctly performed, a penetration test is a covert test in which a paid consultant or
ethical hacker plays the role of a hostile attacker who tries to compromise system security. Since
the ultimate goal is penetration, the test is camed out without warning - ideally upper
management has approved the test. Incorrectly performed, penetration testing also has a potential
for creating damage. While other types of testing are usually performed cooperatively with an
organization‘s staff, damage caused by penetration testing may go unnoticed for some time.
12 | P a g e
Active scanning can be very disruptive since some computers are fragile and do not handle port
scanning well. Database servers and mainframes are notorious for being crippled by tools such as
ISS Scanner and NMAP. Crackers routinely scan networks of computers for security flaws that
can be exploited (exploits) and then post this sensitive information on the Internet for others to
take advantage of. This is one reason why ethical hackers regularly browse known cracker
websites and mailing lists to monitor cracker activity. Finding security flaws before crackers do
lower the risk exposure of an organization: even a single incident could cost significantly -both
financial and reputation damage. It reduces vulnerabilities and points of intrusion. A tight system
reduces the probability of attack - the attackers will go to easier and more attractive targets. An
on-going program lowers insurance rates. Penetration testing using ethical hacking provides both
assurance and insurance: assurance that the given environment will resist attack and insurance
that the organization is acting in a prudent manner. Because penetration testing invariably ends
up discovering security holes on client networks computers, most clients do not want to talk on
record about the results of such tests. However, numerous generic examples exist where
penetration testing has saved businesses embarrassment and loss of reputation: Online services
organization always tested prior to new releases. Another financial institution has a policy of
testing before any Internet application goes live. Once the contractual agreement is in place, the
testing may begin as defined in the agreement. It should be noted that the testing itself poses
some risk to the client, since a criminal hacker monitoring the transmissions of the ethical
hackers could learn the same information. If the ethical hackers identify a weakness in the
client's security, the criminal hacker could potentially attempt to exploit that vulnerability. This
is especially vexing since the activities of the ethical hackers might mask those of the criminal
hackers. The best approach to this dilemma is to maintain several addresses around the Internet
from which the ethical hacker's transmissions will emanate, and to switch origin addresses often.
Complete logs of the tests performed by the ethical hackers are always maintained, both for the
final report and in the event that something unusual occurs. In extreme cases, additional intrusion
monitoring software can be deployed at the target to ensure that all the tests are coming from the
ethical hacker's machines. However, this is difficult to do without tipping off the client's staff and
may require the cooperation of the client's Internet service provider.
The line between criminal hacking and computer virus writing is becoming increasingly blurred.
When requested by the client, the ethical hacker can perform testing to determine the client's
13 | P a g e
vulnerability to e-mail or Web-based virus vectors. However, it is far better for the client to
deploy strong antivirus software, keep it up to date, and have a clear and simple policy in place
for the reporting of incidents. IBM's Immune System for Cyberspace is another approach that
provides the additional capability of recognizing new viruses and reporting them to a central lab
that automatically analyzes the virus and provides an immediate vaccine.
2.4. Impact Of The Hackers
The Internet has become indispensable to business by allowing organizations to conduct
Ecommerce, provide better customer service, collaborate with partners, reduce communications
costs, improve internal communications, and access needed information rapidly. While computer
networks have revolutionized the way businesses operate, the risks they introduce via
interconnectivity can be devastating. Attacks on computer systems via the Internet can lead to
lost money, time, products, reputation, sensitive information, and lives. In the rush to benefit
from using the Internet, organizations have often not come to terms with significant risks
including:
Time-to-market pressures are forcing vendors release products too early with inadequate
or no testing. The impact of defective software is immense; causing firms to lose nearly
billion last year in repair costs, downtime, and lost productivity .
Current software engineering practices used by vendors do not produce systems that are
immune from attack.
System operators do not have the people or best practices to defend against attacks or
minimize damage.
Policy and law in cyberspace is immature and lags the state-of-the-art in attacks.
There is a continued movement to complex, client-server, and heterogeneous
configurations with distributed management.
There is little evidence of security improvements in most systems since new
vulnerabilities are routinely discovered.
14 | P a g e
Current security tools are lacking in that they only address parts of the problem and not
the system as a whole.
Lack of understanding leads to reliance upon partial solutions.
System administration is difficult and becoming unmanageable due to patching against
increased vulnerabilities.
As if the situation needed to be any worse, intruders are building a growing technical base of
knowledge and skills leveraged through automation and exploiting network interconnectivity.
2.5. Functions of Ethical Hackers
An ethical hacker's evaluation of a system's security seeks answers to three basic questions:
What can an intruder see on the target systems
What can an intruder do with that information
Does anyone at the target notice the intruder's attempts or successes
While the first and second of these are clearly important, the third is even more important: If
the owners or operators of the target systems do not notice when someone is trying to break
in, the intruders can, and will, spend weeks or months trying and will usually eventually
succeed.
When the client requests an evaluation, there is quite a bit of discussion and paperwork that
must be done up front. The discussion begins with the client's answers to questions similar to
those posed by Garfinkel and Spafford:
1. What are you trying to protect
2. What are you trying to protect against
3. How much time, effort, and money are you willing to expend to obtain adequate protection
A surprising number of clients have difficulty precisely answering the first question: a
medical center might say "our patient information," an engineering firm might answer "our
new product designs," and a Web retailer might answer "our customer database."
All of these answers fall short, since they only describe targets in a general way. The client
usually has to be guided to succinctly describe all of the critical information assets for which
15 | P a g e
loss could adversely affect the organization or its clients. These assets should also include
secondary information sources, such as employee names and addresses (which are privacy
and safety risks), computer and network information (which could provide assistance to an
intruder), and other organizations with which this organization collaborates (which provide
alternate paths into the target systems through a possibly less secure partner's system).
A complete answer to (2) specifies more than just the loss of the things listed in answer to
(1). There are also the issues of system availability, wherein a denial-of-service attack could
cost the client actual revenue and customer loss because systems were unavailable. The
world became quite familiar with denial-of-service attacks in February of 2000 when attacks
were launched against eBay, Yahoo, ETRADE, CNN and other popular Web sites. During
the attacks, customers were unable to reach these Web sites, resulting in loss of revenue and
"mind share." The answers to (1) should contain more than just a list of information assets on
the organization's computer. The level of damage to an organization's good image resulting
from a successful criminal hack can range from merely embarrassing to a serious threat to
revenue. As an example of a hack affecting an organization's image, on January 17, 2000, a
U.S. Library of Congress Web site was attacked. As is often done, the criminal hacker left his
or her nickname, or handle, near the top of the page in order to guarantee credit for the break-
in.
Some clients are under the mistaken impression that their Web site would not be a target.
They cite numerous reasons, such as "it has nothing interesting on if or "hackers have never
heard of my company." What these clients do not realize is that every Web site is a target.
The goal of many criminal hackers is simple: Do something spectacular and then make sure
that all of your pals know that you did it. Another rebuttal is that many hackers simply do not
care who your company or organization is; they hack your Web site because they can. For
example, Web administrators at UNICEF (United Nations Children's Fund) might very well
have thought that no hacker would attack them. However, in January of 1998. Many other
examples of hacked Web pages can be found at archival sites around the Web.
Answers to the third question are complicated by the fact that computer and network security
costs come in three forms. First there are the real monetary costs incurred when obtaining
security consulting, hiring personnel, and deploying hardware and software to support
security needs. Second, there is the cost of usability: the more secure a system is, the more
16 | P a g e
difficult it can be to make it easy to use. The difficulty can take the form of obscure password
selection rules, strict system configuration rules, and limited remote access. Third, there is
the cost of computer and network performance. The more time a computer or network spends
on security needs, such as strong cryptography and detailed system activity logging, the less
time it has to work on user problems. Because of Moore's Law. this may be less of an issue
for mainframe, desktop, and laptop machines. Yet, it still remains a concern for mobile
computing.
17 | P a g e
Chapter 3
Types And Flow Of Ethical Hacking
3.1. Types/Approaches Of Ethical Hacking
3.1.1. Penetration Ethical Hacking
Fig 3.1
A penetration test, occasionally pen test, is a method of evaluating the security of a computer
system or network by simulating an attack from malicious outsiders (who do not have an
authorized means of accessing the organization's systems) and malicious insiders (who have
some level of authorized access). The process involves an active analysis of the system for any
potential vulnerabilities that could result from poor or improper system configuration, both
known and unknown hardware or software flaws, or operational weaknesses in process or
Penetration
System Page 1
System Page 2
System Page 4
System Page ‘n’
System Page 3
Ethical Hacker
18 | P a g e
technical countermeasures. This analysis is carried out from the position of a potential attacker
and can involve active exploitation of security vulnerabilities.
3.1.2. Alpha Testing - Ethical Hacking
Fig 3.2
Developer’s Side (Alpha Testing)
Looping ‘n’ times
Connection Pages
Ethical Hacker
19 | P a g e
Alpha Testing is nothing but Acceptance testing.
So in Alpha testing the Client has to verify the Product is developed according to their
1. Requirement and Specification.
2. SLA (Service Level Agreement) i.e., Time Line
3. DRE (Defect Rate Efficiency)<0.8 DRE = DRE=A/A+B = 0.8
A = Testing Team (Defects by testing team)
B = customer ( " " customer )
Alpha Testing with Ethical hacking comprises of scrutiny check at the developer‘s end before the
project can be deployed at the customer‘s end.
3.1.3. Front & Back Approach
Front and Back-Stage approach into Ethical hacking, justifies the effectiveness of decoupling
front and back-stage for service, security in dealing with the feature of customer contact in
service process. And it also identifies the role of alpha check in both BPR project and security.
Front Approach Back Approach
Ethical Hacker
Ethical Hacker
20 | P a g e
Chapter 4
Analysis of Ethical Hacking Concepts
Analyzing the Ethical Hacker’s Approach
You need protection from hacker shenanigans. An ethical hacker possesses the skills,
mindset, and tools of a hacker but is also trustworthy. Ethical hackers perform the hacks as
security tests for their systems.
Ethical hacking - also known as white-hat hacking —
involves the same tools, tricks, and techniques that hackers use, but with one major
difference: Ethical hacking is legal. Ethical hacking is performed with the target‘s
permission. The intent of ethical hacking is to discover vulnerabilities from a hacker‘s
viewpoint so systems can be better secured. It‘s part of an overall information risk
management program that allows for ongoing security improvements. Ethical hacking can
also ensure that vendors‘ claims about the security of their products are legitimate.
Hacking preys on weak security practices and undisclosed vulnerabilities. Firewalls
encryption, and virtual private networks (VPNs) can create a false feeling of safety. These
security systems often focus on high-level vulnerabilities, such as viruses and traffic through
a firewall, without affecting how hackers work.
Attacking your own systems to discover vulnerabilities is a step to making them more secure.
This is the only proven method of greatly hardening your systems from attack. If you don‘t
identify weaknesses, it‘s a matter of
time before the vulnerabilities are exploited.
21 | P a g e
Things Ethical Hackers Keep in mind before Starting any sort of test.
– Authority to Perform Test
• This must be in writing!
– A Specific Set of Ground Rules That Should
Answer at Least the Following Questions
• Is this test covert or overt?
• Are there any ―off-limits‖ systems or networks?
• Who is our trusted POC?
• Is there a specific target (system, type of information, etc) of this test
Fig 4.1 [1]
Once the contractual agreement is in place, the testing may begin as defined in the agreement. It
should be noted that the testing itself poses some risk to the client, since a criminal hacker
monitoring the transmissions of the ethical hackers could learn the same information. If the
ethical hackers identify a weakness in the client‘s security, the criminal hacker could potentially
22 | P a g e
attempt to exploit that vulnerability. This is especially vexing since the activities of the ethical
hackers might mask those of the criminal hackers. The best approach to this dilemma is to
maintain several addresses around the Internet from which the ethical hacker‘s transmissions will
emanate, and to switch origin addresses often. Complete logs of the tests performed by the
ethical hackers are always maintained, both for the final report and in the event that something
unusual occurs. In extreme cases, additional intrusion monitoring software can be deployed at
the target to ensure that all the tests are coming from the ethical hacker‘s machines. However,
this is difficult to do without tipping off the client‘s staff and may require the cooperation of the
client‘s Internet service provider.
23 | P a g e
Chapter 5
Advantages & Disadvantages of
Ethical Hacking
5.1. Advantages of Ethical Hacking
An ethical hacker‘s evaluation of a system‘s security seeks answers to three basic
questions:
What can an intruder see on the target systems?
What can an intruder do with that information?
Does anyone at the target notice the intruder‘s attempts or successes?
While the first and second of these are clearly important, the third is even more
important: If the owners or operators of the target systems do not notice when someone is
trying to break in, the intruders can, and will, spend weeks or months trying and will
usually eventually succeed. When the client requests an evaluation, there is quite a bit of
discussion and paperwork that must be done up front. The discussion begins with the
client‘s an swears to questions similar to those posed by Garfinkel and Spafford:
1. What are you trying to protect?
2. What are you trying to protect against?
3. How much time, effort, and money are you willing to expend to obtain adequate
protection?
A surprising number of clients have difficulty precisely answering the first question: a
medical center might say ―our patient information,‖ an engineering firm might answer
―our new product designs,‖ and a Web retailer might answer ―our customer database.‖
All of these answers fall short, since they only describe targets in a general way. The
client usually has to be guided to succinctly describe all of the critical information assets
for which loss could adversely affect the organization or its clients. These assets should
also include secondary information sources, such as employee names and addresses
(which are privacy and safety risks), computer and network information (which could
provide assistance to an intruder), and other organizations with which this organization
collaborates (which provide alternate paths into the target systems through a possibly less
secure partner‘s system).
24 | P a g e
A complete answer to (2) specifies more than just the loss of the things listed in answer to
(1). There are also the issues of system availability, wherein a denial-of-service attack
could cost the client actual revenue and customer loss because systems were unavailable.
The world became quite familiar with denial-of-service attacks in February of 2000 when
attacks were launched against eBay**, Yahoo!**, E*TRADE**, CNN**, and other
popular Web sites. During the attacks, customers were unable to reach these Web sites,
resulting in loss of revenue and ―mind share.‖ The answers to (1) should contain more
than just a list of information assets on the organization‘s computer. The level of damage
to an organization‘s good image resulting from a successful criminal hack can range from
merely embarrassing to a serious threat to revenue. As an example of a hack affecting an
organization‘s image, on January 17, 2000, a U.S. Library of Congress Web site was
attacked. The original initial screen is whereas the hacked screen. As is often done, the
criminal hacker left his or her nickname, or handle, near the top of the page in order to
guarantee credit for the break-in.
25 | P a g e
Some clients are under the mistaken impression that their Web site would not be a target.
They cite numerous reasons, such as ―it has nothing interesting on it‖ or ―hackers have
never heard of my company.‖ What these clients do not realize is that every Web site is a
target. The goal of many criminal hackers is simple: Do something spectacular and then
make sure that all of your pals know that you did it. Another rebuttal is that many hackers
simply do not care who your company or organization is; they hack your Web site
because they can. For example, Web administrators at UNICEF (United Nations
Children‘s Fund) might very well have thought that no hacker would attack them.
However, in January of 1998, their page was defaced as shown in Figures 3 and
4. Many other examples of hacked Web pages can be found at archival sites around the
Web. Answers to the third question are complicated by the fact that computer and
network security costs come in three forms. First there are the real monetary costs
incurred when obtaining security consulting, hiring
26 | P a g e
personnel, and deploying hardware and software to support security needs. Second, there
is the cost of usability: the more secure a system is, the more difficult it can be to make it
easy to use. The difficulty can take the form of obscure password selection rules, strict
system configuration rules, and limited remote access. Third, there is the cost of computer
and network performance. The more time a computer or network spends on security
needs, such as strong cryptography and detailed system activity logging, the less time it
has to work on user problems. Because of Moore‘s Law, 15 this may be less of an issue
for mainframe, desktop, and laptop machines. Yet, it still remains a concern for mobile
computing.
5.2. Disadvantages of Ethical Hacking
Once answers to these three questions have been determined, a security evaluation plan is
drawn up that identifies the systems to be tested, how they should be tested, and any
limitations on that testing. Commonly referred to as a ―get out of jail free card,‖ this
27 | P a g e
is the contractual agreement between the client and the ethical hackers, who typically write
it together. This agreement also protects the ethical hackers against prosecution, since much
of what they do during the course of an evaluation would be illegal in most countries. The
agreement provides a precise description, usually in the form of network addresses or
modem telephone numbers, of the systems to be evaluated. Precision on this point is of the
utmost importance, since a minor mistake could lead to the evaluation of the wrong system
at the client‘s installation or, in the worst case, the evaluation of some other organization‘s
system. Once the target systems are identified, the agreement must describe how they should
be tested. The best evaluation is done under a ―no-holds-barred‖ approach. This means that
the ethical hacker can try anything he or she can think of to attempt to gain access to or
disrupt the target system. While this is the most realistic and useful, some clients balk at this
level of testing. Clients have several reasons for this, the most common of which is that the
target systems are ―in production‖ and interference with their operation could be damaging
to the organization‘s interests. However, it should be pointed out to such clients that these
very reasons are precisely why a ―no-holds-barred‖ approach should be employed. An
intruder will not be playing by the client‘s rules. If the systems are that important to the
organization‘s well-being, they should be tested as thoroughly as possible. In either case, the
client should be made fully aware of the risks inherent to ethical hacker evaluations. These
risks include alarmed staff and unintentional system crashes, degraded network or system
performance, denial of service, and log-file size explosions.
Some clients insist that as soon as the ethical hackers gain access to their network or to one
of their systems, the evaluation should halt and the client be notified. This sort of ruling
should be discouraged, because it prevents the client from learning all that the ethical
hackers might discover about their systems. It can also lead to the client‘s having a false
sense of security by thinking that the first security hole found is the only one present. The
evaluation should be allowed to proceed, since where there is one exposure there are
probably others.
The timing of the evaluations may also be important to the client. The client may wish to
avoid affecting systems and networks during regular working hours. While this restriction is
not recommended, it reduces the accuracy of the evaluation only somewhat, since most
intruders do their work outside of the local regular working hours. However, attacks
done during regular working hours may be more easily hidden. Alerts from intrusion
detection systems may even be disabled or less carefully monitored during the day.
Whatever timing is agreed to, the client should provide contacts within the organization who
can respond to calls from the ethical hackers if a system or network appears to have been
adversely affected by the evaluation or if an extremely dangerous vulnerability is found that
should be immediately corrected.
28 | P a g e
It is common for potential clients to delay the evaluation of their systems until only a few
weeks or days before the systems need to go on-line. Such last minute evaluations are of
little use, since implementations of corrections for discovered security problems might take
more time than is available and may introduce new system problems.
In order for the client to receive a valid evaluation, the client must be cautioned to limit
prior knowledge of the test as much as possible. Otherwise, the ethical hackers might
encounter the electronic equivalent of the client‘s employees running ahead of them, locking
doors and windows. By limiting the number of people at the target organization who
know of the impending evaluation, the likelihood that the evaluation will reflect the
organization‘s actual security posture is increased. A related issue that the client must be
prepared to address is the relationship of the ethical hackers to the target organization‘s
employees. Employees may view this ―surprise inspection‖ as a threat to their jobs, so the
organization‘s management team must be prepared to take steps to reassure them.
29 | P a g e
Chapter 6
Graphs, Analysis, Recent Study &
Gartner Study
Fig 6.1 – CSI study of worldwide hacks statistics
30 | P a g e
Recent Google Search Results (Research Supported by Gartner Study):
– Hacker 12,500,000 Hits
– Hacker Tools 757,000 Hits
– Hacker Exploits 103,000 Hits
– NT Exploits 99,000 Hits
– Unix Exploits 139,000 Hits
– Computer Vulnerabilities 403,000 Hits
– Hacking NT 292,000 Hits
– Hacking Windows 2000 271,000 Hits
– Hacking Unix 390,000 Hits
– Hacking Linux 1,290,000 Hits
Table 6.1 – Gartner Study
Fig 6.2 – Penetration examples
31 | P a g e
Chapter 7
Conclusion
One of the main aim of the seminar is to make others understand that there are so many tools
through which a hacker can get in to a system. There are many reasons for everybody should
understand about this basic. Let‘s check its various needs from various perspectives. Student A
student should understand that no software is made with zero vulnerability. So while they are
studying they should study the various possibilities and should study how to prevent that because
they are the professionals of tomorrow. Professionals should understand that business is directly
related to security. So they should make new software with vulnerabilities as less as possible. If
they are not aware of these then they won‘t be cautious enough in security matters.
Users the software is meant for the use of its users. Even if the software menders make the
software with high security options without the help of users it can never be successful. It's like a
highly secured building with all doors open carelessly by the insiders. So users must also be
aware of such possibilities of hacking so that they could be more cautious in their activities. In
the preceding sections we saw the methodology of hacking, why should we aware of hacking and
some tools which a hacker may use. Now we can see what we can do against hacking or to
protect ourselves from hacking.
The first thing we should do is to keep ourselves updated about those software we and using for
official and reliable sources. Educate the employees and the users against black hat hacking. Use
every possible security measures like Honey pots, Intrusion Detection Systems, Firewalls etc.
Every time make our password strong by making it harder and longer to be cracked. The final
and foremost thing should be to try ETHICAL HACKING at regular intervals.
32 | P a g e
Chapter 8
References
8.1. IEEE paper Referred :
Serial No Reference
1 Ethical Hacking The Security Justification Redux
Author: Bryan Smith William Yurcik David Doss
2 Embracing the Kobayashi Maru
Author: Cynthia Irvine
3 When Black Hats are really White
Author: Linda Wilbanks
4 Computer Security With Ethical Hacking
Author: Deborah A. Frincke
8.2. Web References:
1. http://fanaticmedia.com/infosecurity/archive/Sep09/others/Ethical%20Hacking%20
--%20fig-2%
2. http://netsecurity.about.com
3. http://researchweb.watson.ibm.com
4. http://www.eccouncil.org
5. http://www.ethicalhacker.net
6. http://www.infosecinstitute.com
7. http://searchsecurity.techtarget.com
8. Image References – images.google.com
Ethical