Ethical Hacking Terminology - USALearning

2y ago
73 Views
38 Downloads
1.47 MB
34 Pages
Last View : 18d ago
Last Download : 2m ago
Upload by : Eli Jorgenson
Transcription

Ethical Hacking TerminologyTable of ContentsTerminology . 2Terminology -1 . 3Terminology -2 . 5Defense in Depth . 6Confidentiality, Integrity and Availability . 8The "Ease of Use" Triangle . 11Types of Hackers – Black Hats. 13Types of Hackers – Gray Hats . 15Types of Hackers – White Hats . 17Hacktivism . 18Required Ethical Hacking Skills . 19Hacking Laws . 21Hacking Laws . 2218 U.S.C. 1029 . 2318 U.S.C. 1030 . 24FISMA . 26Privacy Act of 1974, U.S.C. 552 . 27SPY ACT (2007) . 29USA PATRIOT Act of 2001 . 30International Cyber Crime Laws. 31Notices . 34Page 1 of 34

TerminologyTerminology14**014 So we have a bunch of terms that weneed to go through.Page 2 of 34

Terminology -1Terminology -1ThreatAn entity or action that has the capacity to exploit avulnerabilityVulnerabilityA bug or glitch in software, operating systems, orfirmware that can be exploited, leading to a systemcompromiseRiskAttackThe probability of a threat exploiting a vulnerability.The action of a threat exploiting a vulnerability on asystem or networkA system, program, or network that is the subject ofTarget(of Evaluation) a security analysis or attack15**015 We'll just kind of startlisting various things out here. What is athreat? A threat would be me.A threat would be my compatriot over here.Somebody who is going to- or an actorwho is going to do something to you.What is a vulnerability? A vulnerability issomething that I can take advantage of.It's a flaw in a software program. It's amisconfiguration. It's something wrongwith your systems that I can takeadvantage of. A risk. A risk is probablythose of you who have had riskmanagement or risk assessmentbackgrounds, you might disagree with thisdefinition but the risk here is theprobability of a threat and vulnerabilityPage 3 of 34

being exploited. An attack, this is theactual action of exploiting a vulnerability.And then a target is what I'm actuallygoing against, a system, an application,something like that.What happens when all of these cometogether? What do I have? A breach?Okay. I have a problem. Might be abreach, might be somebody exfiltratinginformation. It might be a denial of serviceattack, I have a problem. If you take awayany one of these, what do I have? Let'ssay I have a threat, a vulnerability and arisk and I have an attack but I have notarget. What happens?Student: Still there's a problem.Chris Evans: Could be a problem. But ifI'm missing any one of these what I'mgetting at is if I have all of them together, Ihave a problem and it's a very interestingtalk at Black Hat or DEF CON. If I havetwo out of the five or four out of the five, Ihave a little interesting idea and maybe aside discussion at Black Hat or DEFCON. Generally it's not a big deal. Youmight have a problem but without all fiveof these it's not definite. If you have allfive of these, you really have a problem.Page 4 of 34

Terminology -2Terminology -2ExploitA procedure or code that takes advantage of avulnerability in software, an operating system, orfirmwareRemoteExploitLocal ExploitAn exploit that executes over a network, withoutphysical access to the target systemAn exploit that executes directly on a target systemdue to previous access to the target system16**016 A couple other issues here or definitionsof exploit, what do we mean by exploit?This is a procedure or code that takesadvantage of a vulnerability so your actoror your threat which we define before willhave an exploit that they will run against atarget. There are two types of exploitsthat are out there, the general categoriesof them are a remote exploit meaning thisis a piece of code that I can again sit in ahotel room halfway across the world andaffect directly that system right there. Alocal exploit is something that I have toactually have access to the systemalready to be able to run that so I can't runthese local exploits from around the worldunless I've got some other method toaccess that system. So remember remotePage 5 of 34

exploits are things that make very bignews. These are usually things that arerated as critical vulnerability when itcomes to patching. There are things thatyou can fire off at a system. As long as it'sconnected to the Internet and it mightwork. Local exploit you have to be sittingon that box already in order to run it. Thatmeans either physically on the box ormaybe you've got some other malwarethat you put on there in order to takeadvantage of it.Defense in DepthDefense in DepthUsing multiple security controls to protect an asset The idea is if one security control fails, another will hopefully stopthe attack.Example: A screening router, a network firewall, a networkIDS, and a host-based firewallInternetExtranetDMZIntranet17**017 You'll see a lot a term called "defense indepth". This is the idea that you've gotmultiple systems, multiple controlssecurity controls in place to preventvarious types of attacks. The thinking isPage 6 of 34

that if you have one black box andnothing else around it and that's what youcall network security, if the attacker getsby that black box there's nothing else tostop them. And so defense in depth is thisnotion of having multiple controls, multiplesteps, multiple hurdles that the attackerhas to go through in order to do what theywant to do.Let's talk really quickly about motivationlevels of hackers. If let's say Laurie has asystem that's got really good defense indepth and it's protected by two fire wallsand has a host-based intrusion detectionsystem on it but there's really good criticalinformation stored on that and then has asystem that has critical information on itbut it's only protected by let's say networkaddress translation or something like that.No firewall, no intrusion detection system.Me as the hacker, who do you think I'mgoing to go after. They both have thesame information on them. One is veryheavily defended and guarded, one is not.Which one am I going to go after? Theweaker one, right? Because me as ahacker I am inherently lazy and whywould I go through all of the speed bumpsand the hurdles that she's put in place if Ican get the same information by gettinginto the system very easily? The generalhacking mindset is unless you are anadvanced persistent threat and that termhas been overused and undermisunderstood for a while but unlessyou're a very well-resourced attacker andvery persistent in what you do, generallyhackers are lazy folks. They're out thereto make a name for themselves. They'reout there to do what they need to do asquickly as possible and then go on to thenext bright shiny object. And so whatPage 7 of 34

you'll see is that the defense in depthstrategies work because not becausethey're the silver bullet of networksecurity but because they are adeterrence factor. It's so much work to getthrough all these layers of defense thatI'm not even going to bother with it. I'mnot going to do it. I'm just going to go afterthe easier target. And that's the pointbehind implementing a defense in depthstrategy.Confidentiality, Integrity and AvailabilityConfidentiality, Integrity, and AvailabilityCore security principles that ensure layers of defense againstdisclosure, alteration, and denial or the DAD triadConfidentialityEnsuring information is only available tothose authorized to have access to theinformationIntegrityDescribes the wholeness and completenessof the information without any alterationexcept by authorized sourcesAvailabilityThe ability to use theinformation or resource when it is needed18**018 Confidentiality, integrity, andavailability, you see this a lot within the networksecurity world because everybody kind oflatches onto this and go says we have toprovide confidentiality. We have toprovide integrity, we have to providePage 8 of 34

availability. Well confidentiality is nothingmore than making sure that information isonly available to those who areauthorized or who have access to see it.Integrity is protection of that informationand make sure that it's not modifiedexcept by people who are supposed tomodify it. And availability is making surethat that information is accessible whenit's needed. So how would you go aboutensuring confidentiality of something?What are some strategies that you can doto provide confidentiality? I'm willing tobet you use one or two of them everyday? What would you do? If I said "Thisemail message has to remainconfidential," what would you do toprotect it?Student: Encrypt it.Chris Evans: Encrypt it, yep, use your PKIor CAT card or something to encrypt thatmessage. What else could you do with it?Student: Provide an authentication to see it?Chris Evans: Authentication orauthorization methods to actually see it,right. You could also delete it but thatwould kind of impact the availability of it.What about integrity? What could you doto make sure that that message isn'tchanged by people who aren't supposedto change it?Student: Provide a checksum?Chris Evans: Checksum or hashingalgorithms, yep, signatures, digitalsignatures. What about availability? Howwould you provide availability of email ormore accurately the email system itself?Page 9 of 34

Student: Redundancy.Chris Evans: Redundancy right, so youhave encryption, hashing, andredundancy. Those are the three primarymethods that you go about accomplishingall this. So what is your job as an ethicalhacker? Circumvent encryption, getaround, find ways to break hashingalgorithms or hashing schemes that havebeen put in place. Or for availability howdo you defeat redundancy? Find thesingle points of failure and go after those.Again, so if your organization subscribesto this model that you need to provide:confidentiality, integrity and availability,your job now as an ethical hacker is to gothrough and find ways of defeating theseprotection measures that you've put inplace.Page 10 of 34

The "Ease of Use" TriangleThe “Ease of Use” TriangleSecurityMoving the targetcloser to Securitycauses loss to “Ease ofUse” and /or“Functionality”FunctionalityEase of Use19**019 There's a constant battle betweennetwork security and convenience. Ninetimes out of ten what wins?Student: Ease of use.Chris Evans: Ease of use or convenience,right? Because we're not willing to impactthe end user experience for draconiansecurity measures. And so what you'll seeis that generally if you have functionalityand ease of use over here security, if youstart putting in more ease of use,generally you're getting rid of security oryou're reducing the effectiveness ofsecurity measures or maybe reducingfunctionality. So again, as you're goingthrough your ethical hacking routine andPage 11 of 34

you're coming up with recommendations,understand that your recommendationsare going to have to balance these threethings. Because if you come in and sayyou've got to have this security measure,you've got to have this control, no moresingle sign on. Everybody can't go browseMSNBC or something like that. We'reshutting off all Internet access on thenetwork because we're getting hackedthrough the internet. That generally is notgoing to work. You will probably getlaughed right out of your, or screamed at,right out of your out brief. So understandthat as you go through ethical hackingand you're finding these problems, youhave to recommend solutions to thoseproblems and they have to balance thesethree areas because without that they'regoing to end up draconian security or nosecurity at all with ease of use. So that'sone of the challenges you'll have to do isbalance that.Page 12 of 34

Types of Hackers – Black HatsTypes of Hackers – Black HatsUse their skills for malicious and illegal purposes Script Kiddies – Individuals who download and use scripts/exploittools with no real understanding of the concepts being employed incausing an effect. Hacktivists – The non-violent use of illegal or legally ambiguousdigital tools in pursuit of political ends. Business/For Profit – Hackers who use their skills to earn a profitfrom selling the capabilities of their exploits or rent the use of hostsunder their control. Crackers – Reference for hackers who use theirskills for malicious purposes.20**020 There are various types of hackers outthere: black hats, gray hats, white hats.What would you define a black hat hackeras? Clearly somebody who has maliciousintent, right? They're there to break intothe system. They're there to do it forprofit, all of the things that we kind ofmentioned before. They're there to do thismaliciously. There are a couple ofdifferent kinds of black hat hackers, scriptkiddies which are the person who goesout and downloads something off theInternet because it's cool and they plug inan IP address and click a button and sayit says "Start Attack." They don't knowwhat's going on behind the scenes. Theydon't know what that tool is doing. They'rejust kind of hopping on the hackingPage 13 of 34

bandwagon and having a good time withit. Hacktivisits, these are folks who usuallyhave some type of political message orstatement that they want to make. Look ateverything that the Anonymous and[Inaudible] security groups have beendoing over the last two or three years.This is predominantly hacktivism. They'rethere to make a statement. They're notdoing it primarily for profit. They're doing itfor a statement to make some kind of gettheir message out.There are cyber criminals out there whodo this as a business and do this for aprofit. It's amazing. You can take a look atYouTube for hackers for hire and you'llsee videos out there of people who arebasically putting themselves up and saylook, I'll hack for money. You send me atask and a check for 500 dollars. As soonas the check clears I'll go out and do thistask for you. You can actually find ads outthere for these hackers for hire. And thenthere's another term up here, "crackers".The idea that these are folks who arehackers but using their skills for maliciouspurposes. There's a lot of confusion aboutwhat is a cracker, what is a hacker?Generally these are the definitions thatare used. If you stick with these this ismaking sure that everybody is on thesame page with regard to terms.Page 14 of 34

Types of Hackers – Gray HatsTypes of Hackers – Gray HatsUse their skills for both offensive and defensive purposes thatare not illegal or malicious and have approval to operate Penetration Testers – Take a holistic look at an organization inidentifying vulnerabilities to a network and systems. Red Teams – Team of experts acting as an adversary (hacker) topenetrate an organization just as a Black Hat would do but with theintention of stressing and/or training the organizations securityprograms and processes.21**021 Grey hat hackers, a little bit differentcategory here. These are people who areusing offensive skills for defensivepurposes. What does it sound like? Whattype of hacker would be doing offensivestuff for defensive purposes? What's theprimary role of an ethical hacker? Doingbad stuff for good purposes right? So ifyou were going to look at where doesethical hacking fit into am I a white hat,am I a grey hat, am I a black hat, it'sprobably more squarely fit in here withgrey hat hackers.And so you've got pen testers and redteams. Those of you who are within theDepartment of Defense community areprobably very familiar with the idea of aPage 15 of 34

red team contrasted to a pen tester.So a pen testers comes in and they take areally kind of broad look at your networkand go look, here are the things that wecan take advantage of to access thenetwork, access information, these arethe holes that you need to fix.Vulnerability assessment or vulnerabilitytesters are there to find all the possibleholes in the network. Pen testers onlylook at specific ones or give them accessto meet their objectives. Red teams kindof apply all of that. When you're using ared team the notion is that you wantsomebody to be able to provide astimulus or replicate some type of threatand so you kind of see that to a littleextent with pen testers. Maybe they'll dosocial engineering. Maybe they'll do sometype of exploit, zero-day exploits againstyou, but it's not really guided by any setcriteria or any type of motivation. Redteams are motivated by threats and sowhat they'll do is they'll go out and they'llresearch various threat entities andvarious actors and then they'll apply thatin an exercise environment or as part ofthe pen test or something like that. Redteamers are informed by threats, whereasa pen test may just be general threats.Page 16 of 34

Types of Hackers – White HatsTypes of Hackers – White HatsUse their skills for defensive purposes System Administrators – Those individuals tasked with themanagement and security of an organization’s network infrastructureand systems.22**022 White hats are there to use theirskills for defensive purposes. These are systemadministrators. So people who arepushing patches, configuring theirsystems, generally doing things from adefensive standpoint, that's how theydefine white hat hacking.Page 17 of 34

HacktivismHacktivismThe act of hacking for a causeHacktivism has received the most attention during conflictsbetween nation-states such as: Estonia GeorgiaMore recently, the group Anonymous epitomizes hacktivism.Can take the shape of any person or organization defacing,hacking or DoS’ing another organization’s websites, systemsor networks due to a difference in beliefs, policies, and/oractions.23**023 Hacktivism we talked a little bit aboutthis earlier but it's the idea that you're hackingfor a cause. Look at groups likeAnonymous, [Inaudible] th

through your ethical hacking routine and . Page 11 of 34. you're coming up with recommendations, understand that your recommendations . are going to have to balance these three . things. Because if you come i

Related Documents:

Hacking Concepts 1.10 What is Hacking? 1.11Who is a Hacker? 1.12 Hacker Classes 1.13 Hacking Phases o Reconnaissance o Scanning o Gaining Access o Maintaining Access o Clearing Tracks Ethical Hacking Concepts 1.14 What is Ethical Hacking? 1.15 Why Ethical Hacking is Necessary 1.16 Scope and Limitations of Ethical Hacking

private sectors is ethical hacking. Hacking and Ethical Hacking Ethical hacking can be conceptualized through three disciplinary perspectives: ethical, technical, and management. First, from a broad sociocultural perspective, ethical hacking can be understood on ethical terms, by the intentions of hackers. In a broad brush, ethical

Benefits of Ethical Hacking Topic 1: Ethical Hacking Discuss the main benefits and risks of ethical hacking. Provide examples and/or details to support your ideas. If you have seen examples of ethical hacking, please share thes

to as “ethical hacking”—hacking for an ethical reason—whereby it will be argued that law and policy ought not to be the same here as for those hacking activities that are purely for economic gain or to cause harm or mischief. As will be seen, I have grouped ethical hacking int

what is ethical hacking?-what is hacking and it's intent?-what determines if a person is a hacker? - what is ethical hacking?-in what ways can hackers gain unauthorized access into system?-common tools used by malicious hackers-ethical hacking and how it plays a role in combating unauthorized access by malicious hackers?

Why Ethical Hacking is Necessary Ethical Hacker needs to think like malicious Hacker. Ethical hacking is necessary to defend against malicious hackers attempts, by anticipating methods they can use to break into a system. To fight against cyber crimes. To protect information from getting into wrong hands.

Definition: Ethical Hacking Hacking - Manipulating things to do stuff beyond or contrary to what was intended by the designer or implementer. Ethical Hacking - Using hacking and attack techniques to find and exploit vulnerabilities for the purpose of improving security with the following: Permission of the owners

Ethical Hacking Foundation Exam Syllabus 8 Literature A Georgia Weidman - Penetration testing, A Hands-On Introduction to Hacking San Francisco, ISBN:978-1-59327-564-8 B Article EXIN Ethical Hacking Foundation. Free download at www.exin.com Optional C D E Stuart McClure, Joel Scambray, George Kurtz - Hacking Exposed 7: Network