Report

Ethical

Hacking

A Written Seminar Report By:

1. Dhairye Rakesh Kamra (333)

2. Ankit Satish Taparia (396)

3. Jinali Rakesh Shah (378)

4. Bhumin Shah (407)

Seminar report on

Ethical Hacking

3rd

year seminar report of

Trimester-VII

Submitted in the partial fulfillment of the requirements for the degree of

Bachelor of Technology

In

Computer Engineering

By

Dhairye R. Kamra

333

Jinali Shah

378

Ankit Taparia

396

Bhumin Shah

407

Under the guidance of

Ms. Pallavi Halarnkar Department of Computer Engineering

Mukesh Patel School of Technology Management & Engineering

JVPD Scheme Bhaktivedanta swami Marg,

Vile Parle (w), Mumbai- 400 056.

Mukesh Patel School of Technology Management & Engineering

JVPD Scheme Bhaktivedanta swami Marg,

Vile Parle (w), Mumbai- 400 056.

Certificate This is to certify that the Seminar report entitled Ethical Hacking submitted by Dhairye Kamra, Jinali

Shah, Ankit Taparia, Bhumin Shah for the partial fulfillment of B.Tech Degree, as per the norms

prescribed by NMIMS Deemed-to-be University, during Trimester VII of the academic year 2011-2012,

has been assessed and found to be satisfactory.

Internal Examiner(s) External Examiner(s)

__________________ ____________________

__________________ ____________________

Mentor Name: Ms. Pallavi Halarnkar

_______________________

DEAN

Dr. D. J. SHAH

ABSTRACT

The explosive growth of the Internet has brought many good things: electronic commerce, easy

access to vast stores of reference material, collaborative computing, e-mail, and new avenues for

advertising and information distribution, to name a few. As with most technological advances,

there is also a dark side: criminal hackers. Governments, companies, and private citizens around

the world are anxious to be a part of this revolution, but they are afraid that some hacker will

break into their Web server and replace their logo with pornography, read their e-mail, steal their

credit card number from an on-line shopping site, or implant software that will secretly transmit

their organization's secrets to the open Internet. With these concerns and others, the ethical

hacker can help. This paper describes ethical hackers: their skills, their attitudes, and how they

go about helping their customers find and plug up security holes.

Keywords: Armet, synchronization, stimuli, latency, degrees of freedom, position trackers,

quaternion, perceptual cues, haptic

ACKNOWLEDGEMENT

We would like to acknowledge and extend our heartfelt gratitude to the following people for

their magnificent support and contributions who have made the completion of this report

possible; Mr. Sudeep Thepade, HOD of the Computer Department and Mrs. Dimple Parekh for

the constant reminders and much needed motivation, and Ms. Pallavi Halarnkar, for generously

sharing her wisdom, knowledge, guiding us and supporting us meticulously.

Above all, we would like to thank God and our parents for their support, guidance and blessings

which have made this report possible.

DECLARATION

We, Dhairye Kamra (333), Jinali Shah (378), Ankit Taparia (396) and Bhumin Shah (407)

understand that plagiarism is defined as any one or the combination of the following:

1. Unaccredited verbatim copying of individual sentences, paragraphs or illustrations (such

as graphs, diagrams, etc.) from any source, published, including the internet.

2. Unaccredited improper paraphrasing of pages or paragraphs (changing a few words or

phrases, or rearranging the original sentence order).

3. Credited verbatim copying of a major portion of a paper (or thesis chapter) without clear

delineation of who did or wrote what.

We have made sure that all the ideas, expressions, graphs, diagrams, etc., that are not a result of

any work are properly credited. Long phrases or sentences that had to be used verbatim from

published literature have been clearly identified using quotation mark.

We affirm that no portion of our work can be considered as plagiarism and we take full

responsibility if such a complaint occurs. We understand fully well that the guide of

seminar/project report may not be in a position to check for the possibility of such incidences of

plagiarism in this body of work.

Signature:

Name: Dhairye Kamra Jinali Shah Ankit

Taparia

Bhumin Shah

Roll No.: 333 378 396 407

Date:

1 | P a g e

Chapter 1

INTRODUCTION

1.1. Hacking And Their Disadvantages

Social implications accompany technological advances. Social change resulting from

technological advances may manifest itself in the changing perceptions of self, shearing

definitions of moral behavior, and increasing demands for protection from newly perceived

dangers. This paper examines a social behavior rooted in the poor state of information security

on the internet that was first documented in 1987. Ethical hackers believe one can best protect

systems by probing them while causing no damage and subsequently fixing the vulnerabilities

found. Ethical hackers simulate how an attacker with no inside knowledge of a system might try

to penetrate and believe their activities benefit society by exposing system weaknesses - stressing

that if they can break these systems so could terrorists. The result is not only enhanced local

security for the ethical hacker but also enhanced overall Internet security. Hacking is a loaded

term ~ the distinction between hacking and cracking is not universal. The concept of hacking is

derived from the dictionary meaning of ―hack‖ as a verb ―to chop or cut roughly, to make rough

cuts‘‘ as in programming using ad hoc methods based on experience without necessarily having

a formal plan or methodology for evaluation . While hacking has in the past been considered as

counter-cultural, this is changing. Hacking may have been counter-cultural at one time but it was

never anti-social since the result of hacking is a ―hack‖ (a clever but unstructured programming

solution to a problem) that can only be realized if it is shared with others - there is no such thing

as a ―private hack―. Unauthorized computer intrusions are considered illegal in all but the most

desperate of circumstances.

2 | P a g e

1.2. About Non-Ethical Hackers (Black Hats)

‗Once hacking ability is used to commit a crime the hacker becomes a criminal [9]. Criminal

hackers or ―crackers‖ gain unauthorized access primarily to seek financial gain hut recently other

motivations of crackers have been categorized such as seeking to subvert systems, doing damage

to systems (vandalism), promoting political causes (hactivism), and acting as an agent of a

foreign state (cyber terrorism and information warfare). The misapplication of the term cracker

to a law-abiding hacker is due to celebrated incidents of unauthorized intrusions into computer

systems that have incorrectly been attributed to backers due to the extensive programming skill

needed to achieve success. In this seminar report we will maintain this distinction, the term

hacker to mean a law abiding programmer of special characteristics and cracker to mean a

criminal programmer.

1.3. About Ethical Hackers (White Hats)

When ―ethical‖ is placed in front of the term hacking it denotes moral activity, Unethical hacking

has no permission to intrude on systems. Ethical hacking includes permission to intrude such as

contracted consulting services, hacking contests, and beta testing. If there is no permission to

intrude, ethical hackers still find ad hoc ways to become aware of the system security of other

systems. The end goal of ethical hackers is to learn system vulnerabilities so that they can be

repaired for community self-interest - and as a side-product also the common good. Networked

systems are dependent upon each other for system security so awareness of the security of

machines within one‘s community-of-interest is not entirely altruistic but rather concerned with

system security.

These early efforts province good examples of ethical hackers. Successful ethical hackers

possess a variety of skills. First and foremost, they must be completely trustworthy. While

testing the security of a client's systems, the ethical hacker may discover information about the

client that should remain secret. In many cases, this information, if publicized, could lead to real

intruders breaking into the systems, possibly leading to financial losses. During an evaluation,

3 | P a g e

the ethical hacker often holds the "keys to the company," and therefore must be trusted to

exercise tight control over any information about a target that could be misused. The sensitivity

of the information gathered during an evaluation requires that strong measures be taken to ensure

the security of the systems being employed by the ethical hackers themselves: limited-access

labs with physical security protection and full ceiling-to-floor walls, multiple secure Internet

connections, a safe to hold paper documentation from clients, strong cryptography to protect

electronic results, and isolated networks for testing.

Ethical hackers typically have very strong programming and computer networking skills and

have been in the computer and networking business for several years. They are also adept at

installing and maintaining systems that use the more popular operating systems (e.g., UNIX**

or Windows NT**) used on target systems. These base skills are augmented with detailed

knowledge of the hardware and software provided by the more popular computer and networking

hardware vendors. It should be noted that an additional specialization in security is not always

necessary, as strong skills in the other areas imply a very good understanding of how the security

on various systems is maintained. These systems management skills are necessary for the actual

vulnerability testing, but are equally important when preparing the report for the client after the

test..

Finally, good candidates for ethical hacking have more drive and patience than most people.

Unlike the way someone breaks into a computer in the movies, the work that ethical hackers do

demands a lot of time and persistence. This is a critical trait, since criminal hackers are known to

be extremely patient and willing to monitor systems for days or weeks while waiting for an

opportunity. A typical evaluation may require several days of tedious work that is difficult to

automate. Some portions of the evaluations must be done outside of normal working hours to

avoid interfering with production at "live" targets or to simulate the timing of a real attack. When

they encounter a system with which they are unfamiliar, ethical hackers will spend the time to

learn about the system and try to find its weaknesses. Finally, keeping up with the ever-changing

world of computer and network security requires continuous education and review.

One might observe that the skills we have described could just as easily belong to a criminal

hacker as to an ethical hacker. Just as in sports or warfare, knowledge of the skills and

techniques of your opponent is vital to your success. In the computer security realm, the ethical

hacker's task is the harder one. With traditional crime anyone can become a shoplifter, graffiti

4 | P a g e

artist, or a mugger. Their potential targets are usually easy to identify and tend to be localized.

The local law enforcement agents must know how the criminals ply their trade and how to stop

them. On the Internet anyone can download criminal hacker tools and use them to attempt to

break into computers anywhere in the world. Ethical hackers have to know the techniques of the

criminal hackers, how their activities might be detected, and how to stop them.

Given these qualifications, how does one go about finding such individuals The best ethical

hacker candidates will have successfully published research papers or released popular open-

source security software. The computer security community is strongly self-policing, given the

importance of its work. Most ethical hackers, and many of the better computer and network

security experts, did not set out to focus on these issues. Most of them were computer users from

various disciplines, such as astronomy and physics, mathematics, computer science, philosophy,

or liberal arts, who took it personally when someone disrupted their work with a hack.

The Ethical Hacker is an individual who is usually employed with the organization and who can

be trusted to undertake an attempt to penetrate networks and/or computer systems using the same

methods as a Hacker. The most important point is that an Ethical Hacker has authorization to

probe the target. The CEH Program certifies individuals in the specific network security

discipline of Ethical Hacking from a vendor-neutral perspective. The Certified Ethical Hacker

certification will fortify the application knowledge of security officers, auditors, security

professionals, site administrators, and anyone who is concerned about the integrity of the

network infrastructure. A Certified Ethical Hacker is a skilled professional who understands and

knows how to look for the weaknesses and vulnerabilities in target systems and uses the same

knowledge and tools as a malicious hacker.

The principles of the Hacker Ethic were:

Access to computersۥand anything which might teach you something about the way the world

works should be unlimited and total. Always yield to the Hands-on Imperative!

All information should be free.

Hackers should be judged by their hacking, not bogus criteria such as degrees, age, race, or

position.

You can create art and beauty on a computer. Computers can change your life for the better.

One rule that IBM's ethical hacking effort had from the very beginning was that we would not

hire ex-hackers. While some will argue that only a "real hacker" would have the skill to actually

5 | P a g e

do the work, we feel that the requirement for absolute trust eliminated such candidates. We

likened the decision to that of hiring a fire marshal for a school district: while a gifted ex-arsonist

might indeed know everything about setting and putting out fires, would the parents of the

students really feel comfortable with such a choice This decision was further justified when the

service was initially offered: the customers themselves asked that such a restriction be observed.

Since IBM's ethical hacking group was formed, there have been numerous ex-hackers who have

become security consultants and spokespersons for the news media. While they may very well

have turned away from the "dark side," there will always be a doubt.

The goal of the ethical hacker is to help the organization take preemptive measures against

malicious attacks by attacking the system himself; all the while staying within legal limits. This

philosophy stems from the proven practice of trying to catch a thief, by thinking like a thief. The

Ethical Hacker is an individual who is usually employed with the organization and who can be

trusted to undertake an attempt to penetrate networks and/or computer systems using the same

methods as a Hacker. The most important point is that an Ethical Hacker has authorization to

probe the target. The CEH Program certifies individuals in the specific network security

discipline of Ethical Hacking from a vendor-neutral perspective. The Certified Ethical Hacker

certification will fortify the application knowledge of security officers, auditors, security

professionals, site administrators, and anyone who is concerned about the integrity of the

network infrastructure. A Certified Ethical Hacker is a skilled professional who understands and

knows how to look for the weaknesses and vulnerabilities in target systems and uses the same

knowledge and tools as a malicious hacker.

6 | P a g e

1.4. Understanding Ethical Hacking Diagrammatically

Internet Concerns

Vulnerabilities Bugs & Faults Exploits & Attacks

1.5 White Hats Vs Black Hats

The white hat is also one of Edward de Bono's Six Thinking Hats.

A white hat hacker, also rendered as ethical hacker, is, in the realm of information

technology, a person who is ethically opposed to the abuse of computer systems. The

term is derived from American western movies, where the good cowboy typically wore a

white cowboy hat and the bad cowboy wore a black one. Realizing that the Internet now

represents human voices from all around the world makes the defense of its integrity an

So

lut

io

n

Sol

uti

on

Ethical Hacking

Solution

7 | P a g e

important pastime for many. A white hat generally focuses on securing IT systems,

whereas a black hat (the opposite) would like to break into them ― but this is a

simplification. A black hat will wish to secure his own machine, and a white hat might

need to break into a black hat's machine in the course of an investigation. What exactly

Department of Computer Science & Engineer:

SNGCE, Kadayiruppu..

differentiates white hats and black hats is open to interpretation, but white hats tend to

cite altruistic motivations.

The term white hat hacker is also often used to describe those who attempt to break into

systems or networks in order to help the owners of the system by making them aware of

security flaws, or to perform some other altruistic activity. Many such people are

employed by computer security companies; these professionals are sometimes called

sneakers. Groups of these people are often called tiger teams.

The primary difference between white and black hat hackers is that a white hat hacker

claims to observe the hacker ethic. Like black hats, white hats are often intimately

familiar with the internal details of security systems, and can delve into obscure machine

code when needed to find a solution to a tricky problem.

An example of a hack: Microsoft Windows ships with the ability to use cryptographic

libraries built into the operating system. When shipped overseas this feature becomes

nearly useless as the operating system will refuse to load cryptographic libraries that

haven't been signed by Microsoft, and Microsoft will not sign a library unless the U.S.

government authorizes it for export. This allows the U.S. government to maintain some

perceived level of control over the use of strong cryptography beyond its borders.

While hunting through the symbol table of a beta release of Windows, a couple of

overseas hackers managed to find a second signing key in the Microsoft binaries. That

is, without disabling the libraries that are included with Windows (even overseas), these

individuals learned of a way to trick the operating system into loading a library that

hadn't been signed by Microsoft, thus enabling the functionality which had been lost to

non-U.S. users.

Whether this is good or bad may depend on whether you respect the letter of the law, but

is considered by some in the computing community to be a white hat type of activity.

8 | P a g e

Some use the term grey hat or (very rarely) brown hat to describe someone on the

borderline between black and white.

In recent years the terms White hat and Black hat have been applied to the Search

Engine Optimization (SEO) industry. Black hat SEO tactics, also called spamdexing,

attempt to redirect search results to particular target pages, whereas white hat methods

are generally approved by the search engines.

9 | P a g e

Chapter 2

Ethical Hacking

2.1. What is Ethical Hacking?

Although Ethical might cringe at the idea of unleashing hackers in our companies‘ systems, we

have, in fact, been doing so for years. We do it through software testing, looking for weaknesses

before releasing applications as well as testing external vulnerabilities through red team

activities. Yet, at this conference, it‘s called what it is: hacking.

Hacking involves creativity and out-of-the-box thinking, looking for different ways to get in—if

not the door, then the windows, any of them (no pun intended); if not the windows, then the duct

work, or the basement or attic. You get the idea. The ethical hacker is a trusted employee hired to

attempt to penetrate networks and computer systems using the same methods as hackers.

Hacking is a felony in most countries, but it‘s legal when done by request and under a contract

between the ethical hacker and the organization that owns the systems being hacked. A certified

ethical hacker is a skilled professional who understands and knows how to look for weaknesses

and vulnerabilities in target systems using the same knowledge and tools as a malicious hacker.

Through this class, students are immersed in an interactive environment in which they learn to

scan, test, hack, and secure their own systems. They will come to understand how perimeter

defenses work, how to scan and attack their networks, and how intruders escalate privileges.

This is just one of the many classes advertised on the Black Hat site. Attendees believe the

classes present a lot of important information about issues such as the vulnerabilities in Web 2.0

technologies, the Cisco IOS (Input/output Services) rootkit, Google gadgets, and Microsoft

products. Ellen Messmer of Network World refers to this conference as a ―funhouse‖ where

experts ―seek to shock and amaze by poking holes in today‘s network technologies‖ (E.

Messmer) The conference also offers many other interesting presentations, including ―How to

Impress Girls with Browser Memory Bypasses,‖ ―The Internet Is Broken‖ and ―Get Rich or Die

Trying‖ .

10 | P a g e

2.2. What Does Ethical Hacking Mean To Us?

The Internet has become indispensable to business by allowing organizations to conduct

Ecommerce, provide better customer service, collaborate with partners, reduce communications

costs, improve internal communications, and access needed information rapidly. While computer

networks have revolutionized the way businesses operate, the risks they introduce via

interconnectivity can be devastating.

Attacks on computer systems via the Internet can lead to lost money, time, products, reputation,

sensitive information, and lives. In the rush to benefit from using the Internet, organizations have

often not come to terms with significant risks including: Time-to-market pressures are forcing

vendors release products too early with inadequate or no testing. The impact of defective

software is immense; causing firms to lose a lot of monetary value per annum in repair costs,

downtime, and lost productivity.

Current software engineering practices used by vendors do not produce systems that are immune

from attack. System operators do not have the people or best practices to defend against attacks

or minimize damage. Policy and law in cyberspace is immature and lags the state-of-the-art in

attacks. There is a continued movement to complex, client-server, and heterogeneous

configurations with distributed management.

There is very little evidence of security improvements in most systems since new vulnerabilities

are routinely discovered. Current security tools are lacking in that they only address parts of the

problem and not the system as a whole. Lack of understanding leads to reliance upon partial

solutions. System administration is difficult and becoming unmanageable due to patching against

increased vulnerabilities. As if the situation needed to be any worse, intruders are building a

growing technical base of knowledge and skills leveraged through automation and exploiting

network interconnectivity.

In response, the market for security products and services is growing faster than the supply of

quality products and service providers. Consumers need to go beyond awareness to critical

11 | P a g e

understanding but urgency has also created many problem products and services have moved to

this niche unfortunately only selling snake oil - ―If you want it badly, you‘ll get it badly‖. It is

becoming a consensus that there is no single product or group of products that can be bought to

create security but rather a combination of products with skilled personnel and business

processes. The end result is a ―wild west‖ scenario where the average time for a PC to be broken

into directly out-of the- box from the store and attached to the Internet is less than 24 hours with

a worst case scenario of 15 minutes?

Many, who can afford it, are honing to ―hired guns‖ for protection. To continue this western

metaphor, the ‗‗town sheriff‘ who maintains community protection is the ethical hacker.

2.3. How Does Ethical Hacking Work?

The idea of testing the security of a system by trying to break into it is not new. This type of

testing is notably used to determine automobile crashworthiness as one example. The earliest

work on penetration testing in computer systems dates back to 1975 [SI. Penetration testing is

not sufficient by itself - passing a penetration test does not mean the tested system cannot be

compromised [6]. The penetration tests are often only as thorough as the people administering

them so known vulnerabilities may be missed. Scans have been known to miss important ―pop-

up‖ servers that periodically connect and then quickly disconnect from the network. Since

scanners only check for known vulnerabilities, a system that successfully passes a scan may still

be wide open to a new unknown attack. Penetration testing by ethical hackers is among the most

thorough methods for finding vulnerabilities and increasing protection for a dynamic network of

computers. Correctly performed, a penetration test is a covert test in which a paid consultant or

ethical hacker plays the role of a hostile attacker who tries to compromise system security. Since

the ultimate goal is penetration, the test is camed out without warning - ideally upper

management has approved the test. Incorrectly performed, penetration testing also has a potential

for creating damage. While other types of testing are usually performed cooperatively with an

organization‘s staff, damage caused by penetration testing may go unnoticed for some time.

12 | P a g e

Active scanning can be very disruptive since some computers are fragile and do not handle port

scanning well. Database servers and mainframes are notorious for being crippled by tools such as

ISS Scanner and NMAP. Crackers routinely scan networks of computers for security flaws that

can be exploited (exploits) and then post this sensitive information on the Internet for others to

take advantage of. This is one reason why ethical hackers regularly browse known cracker

websites and mailing lists to monitor cracker activity. Finding security flaws before crackers do

lower the risk exposure of an organization: even a single incident could cost significantly -both

financial and reputation damage. It reduces vulnerabilities and points of intrusion. A tight system

reduces the probability of attack - the attackers will go to easier and more attractive targets. An

on-going program lowers insurance rates. Penetration testing using ethical hacking provides both

assurance and insurance: assurance that the given environment will resist attack and insurance

that the organization is acting in a prudent manner. Because penetration testing invariably ends

up discovering security holes on client networks computers, most clients do not want to talk on

record about the results of such tests. However, numerous generic examples exist where

penetration testing has saved businesses embarrassment and loss of reputation: Online services

organization always tested prior to new releases. Another financial institution has a policy of

testing before any Internet application goes live. Once the contractual agreement is in place, the

testing may begin as defined in the agreement. It should be noted that the testing itself poses

some risk to the client, since a criminal hacker monitoring the transmissions of the ethical

hackers could learn the same information. If the ethical hackers identify a weakness in the

client's security, the criminal hacker could potentially attempt to exploit that vulnerability. This

is especially vexing since the activities of the ethical hackers might mask those of the criminal

hackers. The best approach to this dilemma is to maintain several addresses around the Internet

from which the ethical hacker's transmissions will emanate, and to switch origin addresses often.

Complete logs of the tests performed by the ethical hackers are always maintained, both for the

final report and in the event that something unusual occurs. In extreme cases, additional intrusion

monitoring software can be deployed at the target to ensure that all the tests are coming from the

ethical hacker's machines. However, this is difficult to do without tipping off the client's staff and

may require the cooperation of the client's Internet service provider.

The line between criminal hacking and computer virus writing is becoming increasingly blurred.

When requested by the client, the ethical hacker can perform testing to determine the client's

13 | P a g e

vulnerability to e-mail or Web-based virus vectors. However, it is far better for the client to

deploy strong antivirus software, keep it up to date, and have a clear and simple policy in place

for the reporting of incidents. IBM's Immune System for Cyberspace is another approach that

provides the additional capability of recognizing new viruses and reporting them to a central lab

that automatically analyzes the virus and provides an immediate vaccine.

2.4. Impact Of The Hackers

The Internet has become indispensable to business by allowing organizations to conduct

Ecommerce, provide better customer service, collaborate with partners, reduce communications

costs, improve internal communications, and access needed information rapidly. While computer

networks have revolutionized the way businesses operate, the risks they introduce via

interconnectivity can be devastating. Attacks on computer systems via the Internet can lead to

lost money, time, products, reputation, sensitive information, and lives. In the rush to benefit

from using the Internet, organizations have often not come to terms with significant risks

including:

Time-to-market pressures are forcing vendors release products too early with inadequate

or no testing. The impact of defective software is immense; causing firms to lose nearly

billion last year in repair costs, downtime, and lost productivity .

Current software engineering practices used by vendors do not produce systems that are

immune from attack.

System operators do not have the people or best practices to defend against attacks or

minimize damage.

Policy and law in cyberspace is immature and lags the state-of-the-art in attacks.

There is a continued movement to complex, client-server, and heterogeneous

configurations with distributed management.

There is little evidence of security improvements in most systems since new

vulnerabilities are routinely discovered.

14 | P a g e

Current security tools are lacking in that they only address parts of the problem and not

the system as a whole.

Lack of understanding leads to reliance upon partial solutions.

System administration is difficult and becoming unmanageable due to patching against

increased vulnerabilities.

As if the situation needed to be any worse, intruders are building a growing technical base of

knowledge and skills leveraged through automation and exploiting network interconnectivity.

2.5. Functions of Ethical Hackers

An ethical hacker's evaluation of a system's security seeks answers to three basic questions:

What can an intruder see on the target systems

What can an intruder do with that information

Does anyone at the target notice the intruder's attempts or successes

While the first and second of these are clearly important, the third is even more important: If

the owners or operators of the target systems do not notice when someone is trying to break

in, the intruders can, and will, spend weeks or months trying and will usually eventually

succeed.

When the client requests an evaluation, there is quite a bit of discussion and paperwork that

must be done up front. The discussion begins with the client's answers to questions similar to

those posed by Garfinkel and Spafford:

1. What are you trying to protect

2. What are you trying to protect against

3. How much time, effort, and money are you willing to expend to obtain adequate protection

A surprising number of clients have difficulty precisely answering the first question: a

medical center might say "our patient information," an engineering firm might answer "our

new product designs," and a Web retailer might answer "our customer database."

All of these answers fall short, since they only describe targets in a general way. The client

usually has to be guided to succinctly describe all of the critical information assets for which

15 | P a g e

loss could adversely affect the organization or its clients. These assets should also include

secondary information sources, such as employee names and addresses (which are privacy

and safety risks), computer and network information (which could provide assistance to an

intruder), and other organizations with which this organization collaborates (which provide

alternate paths into the target systems through a possibly less secure partner's system).

A complete answer to (2) specifies more than just the loss of the things listed in answer to

(1). There are also the issues of system availability, wherein a denial-of-service attack could

cost the client actual revenue and customer loss because systems were unavailable. The

world became quite familiar with denial-of-service attacks in February of 2000 when attacks

were launched against eBay, Yahoo, ETRADE, CNN and other popular Web sites. During

the attacks, customers were unable to reach these Web sites, resulting in loss of revenue and

"mind share." The answers to (1) should contain more than just a list of information assets on

the organization's computer. The level of damage to an organization's good image resulting

from a successful criminal hack can range from merely embarrassing to a serious threat to

revenue. As an example of a hack affecting an organization's image, on January 17, 2000, a

U.S. Library of Congress Web site was attacked. As is often done, the criminal hacker left his

or her nickname, or handle, near the top of the page in order to guarantee credit for the break-

in.

Some clients are under the mistaken impression that their Web site would not be a target.

They cite numerous reasons, such as "it has nothing interesting on if or "hackers have never

heard of my company." What these clients do not realize is that every Web site is a target.

The goal of many criminal hackers is simple: Do something spectacular and then make sure

that all of your pals know that you did it. Another rebuttal is that many hackers simply do not

care who your company or organization is; they hack your Web site because they can. For

example, Web administrators at UNICEF (United Nations Children's Fund) might very well

have thought that no hacker would attack them. However, in January of 1998. Many other

examples of hacked Web pages can be found at archival sites around the Web.

Answers to the third question are complicated by the fact that computer and network security

costs come in three forms. First there are the real monetary costs incurred when obtaining

security consulting, hiring personnel, and deploying hardware and software to support

security needs. Second, there is the cost of usability: the more secure a system is, the more

16 | P a g e

difficult it can be to make it easy to use. The difficulty can take the form of obscure password

selection rules, strict system configuration rules, and limited remote access. Third, there is

the cost of computer and network performance. The more time a computer or network spends

on security needs, such as strong cryptography and detailed system activity logging, the less

time it has to work on user problems. Because of Moore's Law. this may be less of an issue

for mainframe, desktop, and laptop machines. Yet, it still remains a concern for mobile

computing.

17 | P a g e

Chapter 3

Types And Flow Of Ethical Hacking

3.1. Types/Approaches Of Ethical Hacking

3.1.1. Penetration Ethical Hacking

Fig 3.1

A penetration test, occasionally pen test, is a method of evaluating the security of a computer

system or network by simulating an attack from malicious outsiders (who do not have an

authorized means of accessing the organization's systems) and malicious insiders (who have

some level of authorized access). The process involves an active analysis of the system for any

potential vulnerabilities that could result from poor or improper system configuration, both

known and unknown hardware or software flaws, or operational weaknesses in process or

Penetration

System Page 1

System Page 2

System Page 4

System Page ‘n’

System Page 3

Ethical Hacker

18 | P a g e

technical countermeasures. This analysis is carried out from the position of a potential attacker

and can involve active exploitation of security vulnerabilities.

3.1.2. Alpha Testing - Ethical Hacking

Fig 3.2

Developer’s Side (Alpha Testing)

Looping ‘n’ times

Connection Pages

Ethical Hacker

19 | P a g e

Alpha Testing is nothing but Acceptance testing.

So in Alpha testing the Client has to verify the Product is developed according to their

1. Requirement and Specification.

2. SLA (Service Level Agreement) i.e., Time Line

3. DRE (Defect Rate Efficiency)<0.8 DRE = DRE=A/A+B = 0.8

A = Testing Team (Defects by testing team)

B = customer ( " " customer )

Alpha Testing with Ethical hacking comprises of scrutiny check at the developer‘s end before the

project can be deployed at the customer‘s end.

3.1.3. Front & Back Approach

Front and Back-Stage approach into Ethical hacking, justifies the effectiveness of decoupling

front and back-stage for service, security in dealing with the feature of customer contact in

service process. And it also identifies the role of alpha check in both BPR project and security.

Front Approach Back Approach

Ethical Hacker

Ethical Hacker

20 | P a g e

Chapter 4

Analysis of Ethical Hacking Concepts

Analyzing the Ethical Hacker’s Approach

You need protection from hacker shenanigans. An ethical hacker possesses the skills,

mindset, and tools of a hacker but is also trustworthy. Ethical hackers perform the hacks as

security tests for their systems.

Ethical hacking - also known as white-hat hacking —

involves the same tools, tricks, and techniques that hackers use, but with one major

difference: Ethical hacking is legal. Ethical hacking is performed with the target‘s

permission. The intent of ethical hacking is to discover vulnerabilities from a hacker‘s

viewpoint so systems can be better secured. It‘s part of an overall information risk

management program that allows for ongoing security improvements. Ethical hacking can

also ensure that vendors‘ claims about the security of their products are legitimate.

Hacking preys on weak security practices and undisclosed vulnerabilities. Firewalls

encryption, and virtual private networks (VPNs) can create a false feeling of safety. These

security systems often focus on high-level vulnerabilities, such as viruses and traffic through

a firewall, without affecting how hackers work.

Attacking your own systems to discover vulnerabilities is a step to making them more secure.

This is the only proven method of greatly hardening your systems from attack. If you don‘t

identify weaknesses, it‘s a matter of

time before the vulnerabilities are exploited.

21 | P a g e

Things Ethical Hackers Keep in mind before Starting any sort of test.

– Authority to Perform Test

• This must be in writing!

– A Specific Set of Ground Rules That Should

Answer at Least the Following Questions

• Is this test covert or overt?

• Are there any ―off-limits‖ systems or networks?

• Who is our trusted POC?

• Is there a specific target (system, type of information, etc) of this test

Fig 4.1 [1]

Once the contractual agreement is in place, the testing may begin as defined in the agreement. It

should be noted that the testing itself poses some risk to the client, since a criminal hacker

monitoring the transmissions of the ethical hackers could learn the same information. If the

ethical hackers identify a weakness in the client‘s security, the criminal hacker could potentially

22 | P a g e

attempt to exploit that vulnerability. This is especially vexing since the activities of the ethical

hackers might mask those of the criminal hackers. The best approach to this dilemma is to

maintain several addresses around the Internet from which the ethical hacker‘s transmissions will

emanate, and to switch origin addresses often. Complete logs of the tests performed by the

ethical hackers are always maintained, both for the final report and in the event that something

unusual occurs. In extreme cases, additional intrusion monitoring software can be deployed at

the target to ensure that all the tests are coming from the ethical hacker‘s machines. However,

this is difficult to do without tipping off the client‘s staff and may require the cooperation of the

client‘s Internet service provider.

23 | P a g e

Chapter 5

Advantages & Disadvantages of

Ethical Hacking

5.1. Advantages of Ethical Hacking

An ethical hacker‘s evaluation of a system‘s security seeks answers to three basic

questions:

What can an intruder see on the target systems?

What can an intruder do with that information?

Does anyone at the target notice the intruder‘s attempts or successes?

While the first and second of these are clearly important, the third is even more

important: If the owners or operators of the target systems do not notice when someone is

trying to break in, the intruders can, and will, spend weeks or months trying and will

usually eventually succeed. When the client requests an evaluation, there is quite a bit of

discussion and paperwork that must be done up front. The discussion begins with the

client‘s an swears to questions similar to those posed by Garfinkel and Spafford:

1. What are you trying to protect?

2. What are you trying to protect against?

3. How much time, effort, and money are you willing to expend to obtain adequate

protection?

A surprising number of clients have difficulty precisely answering the first question: a

medical center might say ―our patient information,‖ an engineering firm might answer

―our new product designs,‖ and a Web retailer might answer ―our customer database.‖

All of these answers fall short, since they only describe targets in a general way. The

client usually has to be guided to succinctly describe all of the critical information assets

for which loss could adversely affect the organization or its clients. These assets should

also include secondary information sources, such as employee names and addresses

(which are privacy and safety risks), computer and network information (which could

provide assistance to an intruder), and other organizations with which this organization

collaborates (which provide alternate paths into the target systems through a possibly less

secure partner‘s system).

24 | P a g e

A complete answer to (2) specifies more than just the loss of the things listed in answer to

(1). There are also the issues of system availability, wherein a denial-of-service attack

could cost the client actual revenue and customer loss because systems were unavailable.

The world became quite familiar with denial-of-service attacks in February of 2000 when

attacks were launched against eBay**, Yahoo!**, E*TRADE**, CNN**, and other

popular Web sites. During the attacks, customers were unable to reach these Web sites,

resulting in loss of revenue and ―mind share.‖ The answers to (1) should contain more

than just a list of information assets on the organization‘s computer. The level of damage

to an organization‘s good image resulting from a successful criminal hack can range from

merely embarrassing to a serious threat to revenue. As an example of a hack affecting an

organization‘s image, on January 17, 2000, a U.S. Library of Congress Web site was

attacked. The original initial screen is whereas the hacked screen. As is often done, the

criminal hacker left his or her nickname, or handle, near the top of the page in order to

guarantee credit for the break-in.

25 | P a g e

Some clients are under the mistaken impression that their Web site would not be a target.

They cite numerous reasons, such as ―it has nothing interesting on it‖ or ―hackers have

never heard of my company.‖ What these clients do not realize is that every Web site is a

target. The goal of many criminal hackers is simple: Do something spectacular and then

make sure that all of your pals know that you did it. Another rebuttal is that many hackers

simply do not care who your company or organization is; they hack your Web site

because they can. For example, Web administrators at UNICEF (United Nations

Children‘s Fund) might very well have thought that no hacker would attack them.

However, in January of 1998, their page was defaced as shown in Figures 3 and

4. Many other examples of hacked Web pages can be found at archival sites around the

Web. Answers to the third question are complicated by the fact that computer and

network security costs come in three forms. First there are the real monetary costs

incurred when obtaining security consulting, hiring

26 | P a g e

personnel, and deploying hardware and software to support security needs. Second, there

is the cost of usability: the more secure a system is, the more difficult it can be to make it

easy to use. The difficulty can take the form of obscure password selection rules, strict

system configuration rules, and limited remote access. Third, there is the cost of computer

and network performance. The more time a computer or network spends on security

needs, such as strong cryptography and detailed system activity logging, the less time it

has to work on user problems. Because of Moore‘s Law, 15 this may be less of an issue

for mainframe, desktop, and laptop machines. Yet, it still remains a concern for mobile

computing.

5.2. Disadvantages of Ethical Hacking

Once answers to these three questions have been determined, a security evaluation plan is

drawn up that identifies the systems to be tested, how they should be tested, and any

limitations on that testing. Commonly referred to as a ―get out of jail free card,‖ this

27 | P a g e

is the contractual agreement between the client and the ethical hackers, who typically write

it together. This agreement also protects the ethical hackers against prosecution, since much

of what they do during the course of an evaluation would be illegal in most countries. The

agreement provides a precise description, usually in the form of network addresses or

modem telephone numbers, of the systems to be evaluated. Precision on this point is of the

utmost importance, since a minor mistake could lead to the evaluation of the wrong system

at the client‘s installation or, in the worst case, the evaluation of some other organization‘s

system. Once the target systems are identified, the agreement must describe how they should

be tested. The best evaluation is done under a ―no-holds-barred‖ approach. This means that

the ethical hacker can try anything he or she can think of to attempt to gain access to or

disrupt the target system. While this is the most realistic and useful, some clients balk at this

level of testing. Clients have several reasons for this, the most common of which is that the

target systems are ―in production‖ and interference with their operation could be damaging

to the organization‘s interests. However, it should be pointed out to such clients that these

very reasons are precisely why a ―no-holds-barred‖ approach should be employed. An

intruder will not be playing by the client‘s rules. If the systems are that important to the

organization‘s well-being, they should be tested as thoroughly as possible. In either case, the

client should be made fully aware of the risks inherent to ethical hacker evaluations. These

risks include alarmed staff and unintentional system crashes, degraded network or system

performance, denial of service, and log-file size explosions.

Some clients insist that as soon as the ethical hackers gain access to their network or to one

of their systems, the evaluation should halt and the client be notified. This sort of ruling

should be discouraged, because it prevents the client from learning all that the ethical

hackers might discover about their systems. It can also lead to the client‘s having a false

sense of security by thinking that the first security hole found is the only one present. The

evaluation should be allowed to proceed, since where there is one exposure there are

probably others.

The timing of the evaluations may also be important to the client. The client may wish to

avoid affecting systems and networks during regular working hours. While this restriction is

not recommended, it reduces the accuracy of the evaluation only somewhat, since most

intruders do their work outside of the local regular working hours. However, attacks

done during regular working hours may be more easily hidden. Alerts from intrusion

detection systems may even be disabled or less carefully monitored during the day.

Whatever timing is agreed to, the client should provide contacts within the organization who

can respond to calls from the ethical hackers if a system or network appears to have been

adversely affected by the evaluation or if an extremely dangerous vulnerability is found that

should be immediately corrected.

28 | P a g e

It is common for potential clients to delay the evaluation of their systems until only a few

weeks or days before the systems need to go on-line. Such last minute evaluations are of

little use, since implementations of corrections for discovered security problems might take

more time than is available and may introduce new system problems.

In order for the client to receive a valid evaluation, the client must be cautioned to limit

prior knowledge of the test as much as possible. Otherwise, the ethical hackers might

encounter the electronic equivalent of the client‘s employees running ahead of them, locking

doors and windows. By limiting the number of people at the target organization who

know of the impending evaluation, the likelihood that the evaluation will reflect the

organization‘s actual security posture is increased. A related issue that the client must be

prepared to address is the relationship of the ethical hackers to the target organization‘s

employees. Employees may view this ―surprise inspection‖ as a threat to their jobs, so the

organization‘s management team must be prepared to take steps to reassure them.

29 | P a g e

Chapter 6

Graphs, Analysis, Recent Study &

Gartner Study

Fig 6.1 – CSI study of worldwide hacks statistics

30 | P a g e

Recent Google Search Results (Research Supported by Gartner Study):

– Hacker 12,500,000 Hits

– Hacker Tools 757,000 Hits

– Hacker Exploits 103,000 Hits

– NT Exploits 99,000 Hits

– Unix Exploits 139,000 Hits

– Computer Vulnerabilities 403,000 Hits

– Hacking NT 292,000 Hits

– Hacking Windows 2000 271,000 Hits

– Hacking Unix 390,000 Hits

– Hacking Linux 1,290,000 Hits

Table 6.1 – Gartner Study

Fig 6.2 – Penetration examples

31 | P a g e

Chapter 7

Conclusion

One of the main aim of the seminar is to make others understand that there are so many tools

through which a hacker can get in to a system. There are many reasons for everybody should

understand about this basic. Let‘s check its various needs from various perspectives. Student A

student should understand that no software is made with zero vulnerability. So while they are

studying they should study the various possibilities and should study how to prevent that because

they are the professionals of tomorrow. Professionals should understand that business is directly

related to security. So they should make new software with vulnerabilities as less as possible. If

they are not aware of these then they won‘t be cautious enough in security matters.

Users the software is meant for the use of its users. Even if the software menders make the

software with high security options without the help of users it can never be successful. It's like a

highly secured building with all doors open carelessly by the insiders. So users must also be

aware of such possibilities of hacking so that they could be more cautious in their activities. In

the preceding sections we saw the methodology of hacking, why should we aware of hacking and

some tools which a hacker may use. Now we can see what we can do against hacking or to

protect ourselves from hacking.

The first thing we should do is to keep ourselves updated about those software we and using for

official and reliable sources. Educate the employees and the users against black hat hacking. Use

every possible security measures like Honey pots, Intrusion Detection Systems, Firewalls etc.

Every time make our password strong by making it harder and longer to be cracked. The final

and foremost thing should be to try ETHICAL HACKING at regular intervals.

32 | P a g e

Chapter 8

References

8.1. IEEE paper Referred :

Serial No Reference

1 Ethical Hacking The Security Justification Redux

Author: Bryan Smith William Yurcik David Doss

2 Embracing the Kobayashi Maru

Author: Cynthia Irvine

3 When Black Hats are really White

Author: Linda Wilbanks

4 Computer Security With Ethical Hacking

Author: Deborah A. Frincke

8.2. Web References:

1. http://fanaticmedia.com/infosecurity/archive/Sep09/others/Ethical%20Hacking%20

--%20fig-2%

2. http://netsecurity.about.com

3. http://researchweb.watson.ibm.com

4. http://www.eccouncil.org

5. http://www.ethicalhacker.net

6. http://www.infosecinstitute.com

7. http://searchsecurity.techtarget.com

8. Image References – images.google.com

Ethical