Introduction to Ethical Hacking

King, T. (2007). “Packet Sniffing In a Switched Environment”, SANS Institute InforSec Reading Room. The article introduces packet sniffing as largely a within network (“internal”) threat to unencrypted and poorly encrypted data traffic that includes user names, passwords and other sensitive data. King illustrates tools and techniques for capturing user names and passwords from data packets communicated within non-switched and switched IT networks. Address Resolution Protocol (ARP) spoofing and poisoning techniques within switched networks are illustrated as a basis for understanding how to conduct “man in the middle” attacks. The author discusses ways of detecting and combating packet sniffing, including network segmentation via virtual LANs (VLANs) and concludes: “the most viable solution to protect against packet sniffing is… to encrypt all network traffic by using IPSec.”

Question for Class: How does segmenting the network via VLANs make packet sniffing and man in the middle attacks more difficult?

News of the Week: Theodoros Arambatzis “DNS Spoofing/ARP poisoning for Advanced SETookit Attacks” walks the reader through techniques for spoofing Facebook’s website (http://centralgeekhub.com/dns-spoofingarp-poisoning/) as an improvement to the tools and methods of website cloning and credential stealing he illustrates in: “How to Acquire a User’s Facebook Credentials, Using the Credential Harvester Attack” (http://centralgeekhub.com/how-to-acquire-a-users-facebook-credentials-using-the-credential-harvester-attack/). These articles are brilliant in their terse illustration of hacking techniques that further apply and extend this weeks’ reading lesson on ARP spoofing in man in the middle attacks.

The reading this week talks about sniffing or “eavesdropping” on the packet information being sent on a network to begin to pick up sensitive information like usernames and passwords that are sent across the network when users are logging in. It clearly states that it is easier to sniff on a hub network rather than a switched network. The reason for this is that the switch allows the transmission of packets to be more direct. Essentially from point A to point B which makes it tougher for someone not on that line to break in. The way around this is by doing a man in the middle style attack where you as the sniffer trick the two communicating to thing your computer is the intended target of the information. It seems to me from the reading that the best ways to protect against sniffing on your network is if you’re running windows across the network you should restrict the apps you allow onto the network to exclude sniffers. The other best defense is encryption.

My question to the class is that the reading sounds like wireless networks are still incredibly easy to do a man in the middle attack over. Is this still the case or has this changed since publication?

The article for the week

http://www.zdnet.com/article/more-regulations-necessary-for-apac-cybersecurity/

This is a call for governments in the asia pacific to create more regulations around cybersecurity especially for financial institutions. What I gathered from the article is that institutions in the asia pacific region are very vulnerable. I included this article because it mentions the wide availability of hacking tools on the internet. I thought this was interesting since some of these same tools might be the ones we are learning about in class, although we use them for ethical purposes.

Intro-to-Ethical-Hacking-Week-5

Presentation Details:
Title: =MIS 5211.001_9/23/2015
Date: Wednesday, September 23, 2015
Time: 5:30 PM (UTC-05:00) Eastern Time (US & Canada)
Duration: 2:30:00
Link: http://tucapture.fox.temple.edu/Mediasite/Play/e8fd9deef17647e58cbe2a2ccd41393d1d

This weeks article covered why it is important to footprint systems. The article talks about how it is important to look at what footprints potential attackers are going to see on a system and modifying them so that attackers see what you want them to see. The benefit of proactive footprinting is that you can implement countermeasures.

Another article covered in the reading went over the steps that hackers take to attack and common tools and links to these tools. Using offensive tools will allow defenders to best think about defensive measures and tactics to help secure their organizations.

I found an interesting article on ArsTechnica about malware that able to get on the official Google Play store.

http://arstechnica.com/security/2014/03/malware-designed-to-take-over-cameras-and-record-audio-enters-google-play/

The War Is On:
Enumeration can help with discovering network resources, users, groups, banner grabbing, and operating system footprinting. There are different enumeration techniques depending on if your target is a Windows box or a Linux box. The enumeration tools assist in gathering the target’s NetBIOS name, what ports are open, what operating system is running, what users have been logging into the box, locations, and view the registry. Enumeration is useful since it gathers additional information on the target that is essential for selecting the right exploit and post exploitation techniques.

Footprinting:

Open source information is one of the easiest way to start footprinting. Information available online includes phone numbers, locations, types of systems, email addresses, physical addresses, and any carelessly posted documents. Network enumeration involves mapping out the target network through DNS zone transfers, matching IP addresses of computers, servers, domain controllers and websites to IP addresses, identifying the operating systems on the machines, seeing what machines are alive and can respond to TCP, UDP, or ICMP requests, and what the firewall will accept or block. Also useful is taking advantage of SNMP to discover their whole network map and activity.

Question for the class:

Are there any tools besides Enum4Linux that wraps up many enumeration tools into one tool?

Article:

The federal government claims it is not their responsibility to warn OPM when OPM had been hacked.
http://www.cnn.com/2015/09/17/politics/opm-hack-director-national-intelligence-response-wyden/index.html

Reading Summary: Enumeration is a powerful to which allows you to identify valid user accounts or any weak components at a target.    One of the first activities while conducting a penetration test in Unix environments is to perform a user enumeration in order to discover valid usernames.  There are several pieces of information that can be gathered by utilizing services standard tool available in Windows and Unix.  Footprinting is a commonly used practice utilized by hackers to asses a companies capabilities.  Performing reconnaissance on the company is a key tactic in identifying the company’s security weaknesses this can be utilized by the Penn Tester as well to defend against attacks. 

This article centers around the recent outbreak of Malware in the App Store which was targeting applications utilized in Asian countries.

http://www.databreachtoday.com/apple-battles-app-store-malware-outbreak-a-8538#

The reading this week focused on a number of tools and how to use them to footprint a company and their networks to piece together the network typography. This is important not only for a malicious hacker but for the security professionals working to secure the company. By using these techniques you can see what a malicious intruder would see and begin to cover up these tracks of your system. The second reading begins to talk deeper about enumeration and finding information about users and user groups to target a system. These techniques set off more alerts within a company’s detection systems so you should only try them on your own machines.

My question for the class would be: Are there ways that you can see using enumeration techniques to find information on an individual rather than a business?

In the News:

http://www.zdnet.com/article/hp-bulks-up-security-features-on-enterprise-laserjet-printers/

HP is enhancing security features on their enterprise laserjet printers. An interesting point from the article. “Citing a Ponemon Institute, HP claims that 64 percent of IT managers believe their networked printers are likely infected with malware, while 56 percent of enterprise companies ignore printers in their endpoint security strategy.”

McGreevy, J.P.  (2002). “Footprinting: What Is it, Who Should Do It, and Why?”, SANS Institute Information Security Reading Room, Sans Institute.   In planning an attack, the author instructs that “Footprinting” is the first step hackers take in gathering information and building a database about their perspective target “organization’s security posture, profile of their Intranet, remote access capabilities, and intranet/extranet presence.”  McGreevy suggests that to thwart a hacking attack, security specialists should gather the same information about the system they are tasked with protecting to understand its weakness and what an attacker can use against it.  He outlines a high-level four-step foot printing process that includes: (1) Open Source Searching, (2) Network Enumeration, (3) DNS Interrogation, and (3) Network Reconnaissance.  As footprinting an entire organization’s IT infrastructure can be a big and challenging task, McGreevy advises security personnel to focus initially on one department or segment of the network and broaden from their over time.

Owens, K.J. (2003). “Battle for the Internet: The War is On!” SANS Institute Information Security Reading Room, Sans Institute.  Owens places Footprinting in context as first of seven steps conducted by nefarious hackers, each of which must be mastered by security professionals if they are to protect systems from attacks.  He introduces each of the seven steps along with a rich collection of (likely outdated) resources and techniques for different operating system environment to master, sandwiching them all with warnings of legal and ethical consequences of their inappropriate use.

Question for Class: While Owen’s twelve year old article leaves the reader believing the techniques are likely still sound, do you think the Linux tools have more staying power and have outlasted the Windows ones?

InTheNews: The Value of a Hacked Email Account, Krebsonsecurity.com – http://krebsonsecurity.com/2013/06/the-value-of-a-hacked-email-account/   Signing up for any service online almost always requires you to supply your email address.  Almost always, any person in control of your email address can request a password reset email and take controls of your service or accounts. While there are not central exchanges for these accounts, credentials are being offered for resale by underground peddlers. For example: “iTunes accounts for $8, and Fedex.com, Continental.com and United.com accounts for USD $6. Groupon.com accounts fetch $5, while $4 buys hacked credentials at registrar and hosting providerGodaddy.com, as well as wireless providers Att.com, Sprint.com,Verizonwireless.com, and Tmobile.com. Active accounts at Facebook and Twitter retail for just $2.50 apiece.”  Hacked accounts, in contrast, “go for $1 to $3 for active accounts at dell.com, overstock.com,walmart.com, tesco.com, bestbuy.com and target.com.” The keys to unlocking access to files stored in online and cloud file-storage services such as DropBox, Google Drive, and Microsoft Skydrive also lie “in your inbox.”