1 / 24

EC-Council’s Certified Ethical Hacker (CEH)

EC-Council’s Certified Ethical Hacker (CEH). Richard Henson r.henson@worc.ac.uk May 2012. Session 1. This will cover: Structure of the course Principles of hacking ethically CEH ethical hackers toolkit and dummy client site “Footprinting” and reconnaissance Scanning networks.

reece
Download Presentation

EC-Council’s Certified Ethical Hacker (CEH)

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. EC-Council’sCertified Ethical Hacker (CEH) Richard Henson r.henson@worc.ac.uk May 2012

  2. Session 1 • This will cover: • Structure of the course • Principles of hacking ethically • CEH ethical hackers toolkit and dummy client site • “Footprinting” and reconnaissance • Scanning networks

  3. Certificate of Attendance • Certificate achieved through: • attending the seminars • doing the “lab” exercises

  4. CEH qualification • Achieved through: • certificate of attendance • passing the examination (take any time at recognised Pearson or Vue centres) • can retake… • cost: approx £120

  5. Ethical Hacking Principles • Hacking is a criminal offence in the UK • covered through The Computer Misuse Act (1990) • tightened by further legislation (2006) • It can only be done ”legally” by a trained (or trainee) professional • a computing student would be considered in this context under the law

  6. Ethical Hacking principles • Even if it legal, doesn’t mean it is ethical! • Professionals only hack without permission if there is reason to believe a law is being broken • if not… they must ask permission • otherwise definitely unethical (and possibly illegal)

  7. Ethical Hacking Principles • What is “hacking”? • breaching a computer system without permission • How is it done? • using software tools to get through the security of the system • also called penetration testing (if done with permission…)

  8. Course Toolkit • This course provides access to penetration testing tools • Also a body of knowledge that shows how to use them… • theory: covered by these slides • practical: exercises provided; up to you to work through them • Together, provide the expertise to penetration test a client’s site • Dummy site: http://www.certifiedhacker.com

  9. Preparing to use the Toolkit • You’ll need to install the following on a computer to do the exercises: • Windows 2008 Server (basic os) running Hyper-V • Windows 7 (as VM – Virtual Machine) • Windows XP (as VM) • Windows 2003 Server (as VM) • Backtrack and Linux (as VM) • All the Windows versions and virtual machine platform are available to download using MSDN • Guidance in CEHintro.pdf file

  10. Virtualisation (Hyper-V on Windows 2008 Server, Citrix, VMware, etc.) • The use of software to allow a piece of hardware to run multiple operating system images at the same time • Possible to run Windows OS under Mac OS • run multiple versions of Windows OS on the same PC • Enables the creation of a “virtual” (rather than actual) version of any software environment on the desktop, e.g. Operating Systems, a server, a storage device or networks, an application

  11. What and Why of Footprinting • Definition: • “Gathering information about a “target” system” • Could be Passive (non-penetrative) or active • Find out as much information about the digital and physical evidence of the target’s existence as possible • need to use multiple sources… • may (“black hat” hacking) need to be done secretly

  12. What to Gather • Domain Names • User/Group names • System Names • IP addresses • Employee Details/Company Directory • Network protocols used & VPN start/finish • Company documents • Intrusion detection system used

  13. Rationale for “passive” Footprinting • Real hacker may be able to gather what they need from public sources • organisation needs to know what is “out there” • Methodology: • start by finding the URL (search engine) • e.g. www.worc.ac.uk • from main website, find other external-facing names • e.g. staffweb.worc.ac.uk

  14. Website Connections & History • History: use www.archive.org: • The Wayback Machine • Connections: use robtex.com • Business Intelligence: • sites that reveal company details • e.g. www.companieshouse.co.uk

  15. More Company Information… • “Whois” & CheckDNS.com: • lookups of IP/DNS combinations • details of who owns a domain name • details of DNS Zones & subdomains • Job hunters websites: • e.g. www.reed.co.uk • www.jobsite.co.uk • www.totaljobs.com

  16. People Information • Company information will reveal names • Use names in • search engines • Facebook • LinkedIn • Google Earth reveals: • company location(s)

  17. Physical Network Information (“active” footprinting or phishing) • External “probing” • should be detectable by a good defence system… (could be embarrassing!) • e.g. Traceroute: • Uses ICMP protocol “echo” • no TCP or UDP port • reveals names/IP addresses of intelligent hardware: • e.g. Routers, Gateways, DMZs

  18. Email Footprinting • Using the email system to find the organisation’s email names structure • “passive” monitor emails sent • IP source address • structure of name • “active” email sending programs : • test whether email addresses actually exist • test restrictions on attachments

  19. Utilizing Google etc. (“passive”) • Google: Advanced Search options: • Uses [site:] [intitle:] [allintitle:] [inurl:] • In each case a search string should follow • e.g. “password” • Maltego • graphical representations of data

  20. Network Layers and Hacking • Schematic TCP/IP stack interacting at three of the 7 OSI levels (network, transport, application): TELNET FTP SMTP NFS DNS SNMP X X X X ports X X TCP UDP IP

  21. TCP & UDP ports • Hackers use these to get inside firewalls etc. • Essential to know the important ones: • 20, 21 ftp 80 http 389 Ldap • 22 ssh 88 Kerberos 443 https • 23 telnet 110 pop3 636 Ldap/SSL • 25 smtp 135 smb • 53 dns 137-9 NetBIOS • 60 tftp 161 snmp

  22. Reconnaissance/Scanning • Three types of scan: • Network (already mentioned) • identifies active hosts • Port • send client requests until a suitable active port has been found… • Vulnerability • assessment of devices for weaknesses that can be exploited

  23. Scanning Methodology • Check for Live Systems • Check for open ports • “Banner Grabbing” • Scan for vulnerabilities • Draw Network diagram(s) • Prepare proxies…

  24. Now you try it! • Download software through MSDN • Set up your ethical hacking toolkit • Go through lab 1 • Gather evidence that you’ve done the lab • Bring evidence to the June meeting…

More Related