Topic 1 Importance of Security in Todays World

End User Best Practices

General knowledge

***

Characteristics of Information
Ch01 (slide 14)

Availability
Accuracy
Authenticity
Confidentiality
Integrity
Utility
Possession

Layers of Security Identify & Describe

Ch01 (slide 12)

A successful organization should have multiple layers of security in place:

Physical security
To protect the physical items, objects, or areas of an organization from unauthorized access
and misuse
Personal security
To protect the individual or group of individuals who are authorized to access the organization
and its operations
Operations security
To protect the details of a particular operation or series of activities
Communication security
To protect an organizations communications media, technology, and content
Network security
To protect networking components, connections, and contents.
Common computer security Threats
Ch01 (slide 26)

Management must be informed of the various kinds of threats facing by the organization
A threat is an object, person or other entity that represents a constant danger to an asset
By examining each threat category in turn, management effectively protects its information
through policy, education and training, and technology control
Topic 2 Elements of Security

Common computer security Terminologies

Ch02 (slide 4 6)

Confidentiality
Preserving authorized restrictions on information access and disclosure,
including means for protecting personal privacy and proprietary information
Integrity
Guarding against improper information modification or destruction,
including ensuring information nonrepudiation and authenticity
Availability
Ensuring timely and reliable access to and use of information

Common computer security Threats

Ch02 (slide 9 20)

Trojan Horse Programs

- Trojan horses are programs that are installed without the knowledge of the user
- Trojan horse programs can perform a wide variety of covert talks such as modifying and
deleting files, transmitting files to the intruder, installing programs, installing viruses and
other Trojan horse programs etc.
Backdoor and Remote Administration Programs
- Installation of remote administration programs such as BackOrifice, Netbus and SubSeven
- Allows remote access to the computer from anywhere on the Internet
Denial of Service (DoS)
Intermediary for Other Attacks
- Client computer is used to launch mostly DoS attacks on other computers
- An agent is usually installed using a Trojan horse program to launch the DoS attack on
other computers
Unprotected Windows Share
- Malicious code can be stored in protected Windows share for propagation
Mobile code (Java/JavaScript/ActiveX)
- Mobile codes in Java, JavaScript, and ActiveX can be executed by a web browser is
generally useful, but it can also be used to run malicious code on the client computer
- Disabling Java, JavaScript, and ActiveX from running in the Web browser must be
considered when accessing websites that cannot be trusted
- Email received in HTML format is also susceptible to mobile code attack because it could
also carry the mobile code
Cross-site Scripting
- A malicious script can be sent and stored by a web developer on a website to be
downloaded by an unsuspecting surfer
- When this website is accessed by a user, the script is transferred to the local web browser
Email Spoofing
- Email spoofing tricks the user in believing that the email originated from a certain user
such as an administrator although it actually originated from a hacker
- Such emails may solicit personal information such as credit card details and passwords
Email Borne Viruses
- Malicious code is often distributed through email as attachments
- Attachments must thus be opened with caution
Hidden File Extensions
- An attachment may have a hidden file extension
- Such files may execute the attachment
Chat Clients
- Internet chat applications such as Instant Messaging Applications and Internet Relay Chat
involve the exchange of information including files that may contain malicious executable
codes
Packet Sniffing
- Packet Sniffer Programs capture the contents of packets that may include passwords and
other sensitive information that could later be used for compromising the client computer
- For example, a sniffer installed on a cable modem in one cable trunk may be able to sniff
the password from other users on the same trunk
Topic 3 Various Phases of the Hacking Cycle

Types of information obtained from Footprinting

Identify locations Dial-in phone numbers

Domain names Systems used
IP address ranges Administrator names
Email addresses Network topology

Using public information

Without Network / Physical connection to the target

Importance of Reconnaissance (Information Gathering)

Passive / Active

Reconnaissance can be described as the pre-attack phase and is a systematic attempt to

locate, gather, and identify the target.
Gathering information on a target is one of the most important skills of an ethical hacker.
The more information you have on a target the easier and faster they will be to compromise.
Active Reconnaissance is a type of computer attack in which an intruder engages with the
targeted system to gather information about vulnerabilities.
Passive Reconnaissance is an attempt to gain information about targeted computers and
networks without actively engaging with the systems.

Examples of Social Engineering

General knowledge / Case studies

A non-technical kind of intrusion that relies heavily on human interaction and often involves
tricking other people to break normal security procedures

Phishing
Pretexting
Baiting
Tailgating
Quid pro quo
Diversion theft
Topic 4 Types of Hacker Attacks

Common security threats

Ch04 (slide 24) / Ch02 (slide 9 20)

Social Engineering
Organizational Attacks
Automated Attacks
Accidental Breaches in Security
Viruses
Trojan Horse
Worms
Denial of Service (DoS)

CSRF Cross-Site Request Forgery

Explanation / Diagram

Cross-Site Request Forgery (CSRF) is an attack that forces an end user to execute unwanted
actions on a web application in which they're currently authenticated. CSRF attacks specifically
target state-changing requests, not theft of data, since the attacker has no way to see the
response to the forged request. With a little help of social engineering, an attacker may trick the
users of a web application into executing actions of the attacker's choosing.

If the victim is a normal user, a successful CSRF attack can force the user to perform state
changing requests like transferring funds, changing their email address, and so forth. If the victim
is an administrative account, CSRF can compromise the entire web application.
Topic 5 Hacktivism

Crackers VS Script Kiddies VS

Ch04 (slide 7 11)

White Hat Hackers

A White Hat who specializes in penetration testing and in other testing methodologies to
ensure the security of an organization's information systems
Black Hat Hackers
A Black Hat is the villain or bad guy, especially in a western movie in which such a character
would stereotypically wear a black hat in contrast to the hero's white hat
Grey Hat Hackers
A Grey Hat, in the hacking community, refers to a skilled hacker whose activities fall
somewhere between white and black hat hackers on a variety of spectra
Script kiddies
User tools created by black hats, to get free stuff, impress their peers and not get caught
Cracker
Break into systems to steal or destroy data
Underemployed Adult Hackers
Former Script Kiddies, cant get employment in the field and want recognition in hacker
community
Ideological Hackers
Hack as a mechanism to promote some political or ideological purpose
Criminal Hackers
Real criminals, are in it for whatever they can get no matter who it hurts
Corporate Spies
Disgruntled Employees
Dangerous to an enterprise as they are insiders
Common attacks conducted by hacktivists (and why?)
Ch05 (slide 9 11)

Common Attacks
Web Defacement SQL Injection
DoS XSS
DDoS Password Attacks

Attraction
Global visibility Anonymity possible
Low cost Not life threatening
Fun Not get thrown in jail
Distance not a factor Easy to assemble large group

Trends
Cyber-attacks often accompany regional and global conflicts, both armed and unarmed
Politically motivated cyber-attacks are increasing in volume, sophistication, and coordination
Cyber attackers are attracted to high value and high-volume targets like networks, servers, and
routers

Protest Issues
War & Conflict Capitalism
Independence Laws & Regulations
Foreign policy Taxes
Domestics politics Smoking
Nuclear weapons Child Pornography
Human rights Terrorists
Animal rights Hacker arrests
Environment Internet security
Globalization
Topic 6 Ethical Hacking

Ethical Hacking Lifecycle Diagram

EHCML3a (slide 4)
Topic 7 Vulnerability Research & Tools

Importance of Vulnerability Analysis

Vulnerability Analysis Part 1 (slide 24)

System accreditation
Risk assessment
Network auditing
Provide direction for security controls
Can help justify resource expenditure
Can provide greater insight into process and architecture
Compliance checking
Continuous monitoring
Cross-site Scripting
How its done / Countermeasures
Vulnerability Analysis Part 1 (slide 7 9)

Cross-site scripting occurs when an attacker uses a web application to send malicious code
(JavaScript)
In cross-site scripting, end user files are disclosed, Trojan horse program are installed, the user
of to some other page is redirected, and presentation of the content is modified
Disclosure of the users session cookie allows an attacker to hijack the users session & take
over the account
Web servers, application servers and web application environments are susceptible to cross-
site scripting
Stored Attack are those where the injected code is permanently stored on the target servers
Reflected Attack are those where the injected code takes another route to the victim, such as
in an email message

Countermeasures
Validate all headers, cookies, query string, form fields, and hidden fields against a rigorous
specification
Adopt a stringent security policy
Filtering script output can also defeat XSS vulnerabilities by preventing them from being
transmitted to users
Topic 8 Steps for Conducting Ethical Hacking

White Box model

An expertise within your own organization

Tester is told everything about the network topology & technology
Tester is authorized to interview IT personnel & company employee
Makes testers job easier

Black Box model

An independent external agency

Company staff does not know about the test
Tester is not given details about the network
Tests if security personnel able to detect an attack

Steps_EthicalHacking notes
Topic 9 Computer Crimes & Implications

Computer as a target

Crimes that primarily target computer networks or devices include:

Computer viruses / Denial-of-service attacks / Malware (malicious code)

Computer as a tool

Crimes that use computer networks or devices to advance other ends include:
Fraud / Information warfare / Phishing scam / Spam

Computer tangential to a crime

It is used as a storage place for criminal records

Common examples of computer crimes and other related terminologies

Computer Theft
Computer Trespass
Computer Invasion of Privacy
Computer Forgery
Computer Password Disclosure

Computer Crimes notes

Topic 10 Cyberlaws

Given a sample court case and its outcome

Determine the Act breached
Identify the crime
Summarise the case

Deontology VS Utilitarianism

Deontology Utilitarianism
Principle inherent in action Outside the action
Individuals are valuable in themselves Criticized because it makes sacrifice
some people for sake of others
According to deontologists, utilitarian go wrong Concerned with total amount of happiness
when they fix on happiness as the highest
good.

They point out that happiness cannot be the

highest good for humans
Theory asserts that there are some actions Right or wrong are dependent on
that are always wrong, no matter what consequences vary with the circumstances
consequences