In This Chapter
Understanding hacker objectives
Outlining
the differences between ethical hackers
and malicious hackers
Examining
how the ethical hacking process has come about
Understanding the dangers that
your computer systems face
Starting
the ethical hacking process
His book is about hacking ethically — the science of testing your comput- ers
and network for security
vulnerabilities and plugging the holes you
find before the
bad guys get a chance to exploit
them.
Although ethical is an
often overused and misunderstood word, the Merriam- Webster dictionary defines ethical
perfectly for the context of this book
and the professional security
testing techniques that I cover — that is, conforming to accepted professional
standards of conduct. IT practitioners
are obligated to perform all the tests
covered in this book aboveboard and only after
permis- sion has been obtained by
the owner(s) of the systems — hence the disclaimer in the introduction.
How Hackers Beget Ethical Hackers
We’ve all heard of
hackers. Many of us have even suffered the
consequences of hacker actions. So who are these hackers? Why is it
important to know about them? The next
few sections give you the lowdown
on hackers.
Defining hacker
Hacker is a word that has two meanings:
Traditionally, a hacker
is someone who likes to tinker with software or electronic systems. Hackers
enjoy exploring and learning how computer systems operate. They love discovering new ways to work electronically.
Recently, hacker has
taken on a new meaning — someone who maliciously breaks into systems for personal gain. Technically, these
criminals are crackers (criminal
hackers). Crackers break into (crack)
systems with malicious intent. They
are out for personal gain: fame, profit, and even revenge. They modify,
delete, and steal critical
information, often making other people
miserable.
The good-guy
(white-hat) hackers don’t like
being in the same category as the bad-guy (black-hat)
hackers. (These terms come from Western movies where the good
guys wore white cowboy hats and the
bad guys wore black
cowboy hats.) Whatever the case,
most people give hacker a negative
connotation.
Many malicious hackers
claim that they don’t cause damage but instead are altruistically helping others.
Yeah, right. Many malicious hackers are
elec- tronic thieves.
In this
book, I use the following terminology:
Hackers (or bad guys) try to compromise computers.
Ethical hackers (or good guys) protect computers
against illicit entry.
Hackers go for almost
any system they think they
can compromise. Some prefer prestigious, well-protected systems,
but hacking into anyone’s system
increases their status in hacker circles.
Ethical Hacking 101
You need protection
from hacker shenanigans. An ethical hacker
possesses the skills, mindset, and
tools of a hacker but is also trustworthy. Ethical hack- ers perform the
hacks as security tests for their systems.
If you perform ethical
hacking tests for customers or simply
want to add another certification
to your credentials, you may want to consider the ethi- cal hacker certification Certified
Ethical Hacker, which is sponsored by
EC- Council. See
www.eccouncil.org/CEH.htm for more information.
Ethical hacking —
also known as penetration testing or white-hat hacking
— involves the same tools,
tricks, and techniques that hackers
use, but
with one major difference: Ethical hacking is legal. Ethical hacking is
performed with the target’s permission. The intent of ethical hacking is to
discover vulnera- bilities from a hacker’s viewpoint so systems can be better
secured. It’s part of an overall information risk management program that
allows for ongoing security
improvements. Ethical hacking can also
ensure that vendors’ claims about the
security of their products are legitimate.
To hack
your own systems like the bad
guys, you must think like
they think. It’s absolutely critical to
know your enemy; see Chapter 2 for details.
Understanding the Need to
Hack Your Own Systems
To catch a thief, think like a thief. That’s the basis for ethical hacking.
The law of averages
works against security. With the increased numbers and expanding knowledge of
hackers combined with the growing number
of system vulnerabilities and other
unknowns, the time will come when all computer systems are hacked or compromised
in some way. Protecting your systems
from the bad guys — and
not just the
generic vulnerabilities that everyone knows about — is absolutely critical. When you know
hacker tricks, you can see how
vulnerable your systems are.
Hacking preys on weak
security practices and undisclosed
vulnerabilities. Firewalls, encryption, and
virtual private networks (VPNs) can create a false feeling of safety.
These security systems often focus on high-level vulnerabili- ties, such as viruses and traffic through a
firewall, without affecting how hack- ers work. Attacking your own systems to discover vulnerabilities is a
step to making them more secure. This is
the only proven method of greatly hardening your systems from attack. If you don’t identify weaknesses, it’s a matter of time
before the vulnerabilities are
exploited.
As hackers expand their
knowledge, so should you. You must think
like them to protect your systems
from them. You, as the ethical hacker,
must know activities hackers carry out
and how to stop their efforts.
You should know what to look for
and how to use that information to thwart hackers’ efforts.
You don’t have
to protect your systems from
everything. You can’t. The only
protection against everything is to unplug your
computer systems and lock them
away so no one can touch them — not
even you. That’s not the
best approach to information security. What’s important is to protect
your sys- tems from known vulnerabilities and common hacker attacks.
It’s impossible to
buttress all possible vulnerabilities on all your systems. You can’t plan
for all possible attacks — especially the ones that are currently unknown. However, the
more combinations you try — the more you test whole systems instead of
individual units — the better your chances of discovering vulnerabilities that
affect everything as a whole.
Don’t take ethical hacking too far, though. It makes little sense to harden
your systems from unlikely attacks. For
instance, if you don’t have a lot of
foot traffic
in your office and
no internal Web server running, you may not have
as much to worry about as an Internet hosting provider would have.
However, don’t forget about
insider threats from malicious employees!
Your
overall goals as an ethical hacker
should be as follows:
Hack
your systems in a nondestructive
fashion.
Enumerate
vulnerabilities and, if necessary, prove
to upper management that vulnerabilities exist.
Apply
results to remove vulnerabilities and
better secure your systems.
Understanding the Dangers
Your Systems Face
It’s one thing to know that your systems generally are under fire from hackers
around the world. It’s another to
understand specific attacks against your
sys- tems that are possible. This section offers some well-known attacks but is by no means a comprehensive listing. That
requires its own book: Hack
Attacks Encyclopedia, by John Chirillo (Wiley Publishing, Inc.).
Many
information-security vulnerabilities aren’t critical by themselves. However,
exploiting several vulnerabilities at the
same time can take its toll. For
example, a default Windows OS configuration, a weak SQL Server admin- istrator
password, and a server hosted on a
wireless network may not be major
security concerns separately. But exploiting all three of these vulnera- bilities
at the same time can be a serious issue.
Nontechnical
attacks
Exploits that
involve manipulating people — end users and
even yourself — are the greatest vulnerability within any computer or
network infrastructure. Humans are trusting by nature, which can lead to social-engineering exploits. Social
engineering is defined as the exploitation of the trusting nature of human
beings to gain information for malicious purposes. I cover social engineering
in depth in Chapter 5.
Other common and effective
attacks against information systems are physical. Hackers break into buildings,
computer rooms, or other areas containing crit- ical information or property.
Physical attacks can include dumpster diving (rummaging through trash cans and dumpsters for intellectual property,
passwords, network diagrams, and other
information).
Network-infrastructure attacks
Hacker attacks against network infrastructures can
be easy, because many networks can be
reached from anywhere in the world via
the Internet. Here are some examples of
Network-infrastructure
attacks:
Connecting into a network through a rogue modem
attached to a computer behind a firewall
Exploiting weaknesses in network transport
mechanisms, such as TCP/IP
and NetBIOS
Flooding a network with too many
requests, creating a denial of service
(DoS) for legitimate requests
Installing a
network analyzer on a network and
capturing every packet that travels across it, revealing confidential
information in clear text
Piggybacking
onto a network through an insecure 802.11b wireless configuration
Operating-system attacks
Hacking operating
systems (OSs) is a preferred method of the
bad guys. OSs comprise a
large portion of hacker attacks simply because every computer has one and
so many well-known exploits can
be used against them.
Occasionally, some
operating systems that are more secure out
of the box — such as Novell
NetWare and the flavors of BSD UNIX — are attacked, and
vulnerabilities turn up. But hackers prefer attacking operating systems like
Windows and Linux because they are widely
used and better known for their vulnerabilities.
Here are some examples of attacks on operating
systems:
Exploiting specific protocol implementations
Attacking built-in
authentication systems
Breaking
file-system security
Cracking
passwords and encryption mechanisms
Application
and other specialized attacks
Applications take a lot of hits
by hackers. Programs such as e-mail server software and Web applications often are beaten down:
Hypertext
Transfer Protocol (HTTP) and Simple Mail
Transfer Protocol (SMTP) applications are frequently attacked because most
firewalls and other security mechanisms are configured to allow full access to
these programs from the Internet.
Malicious
software (malware) includes viruses, worms, Trojan horses, and spyware. Malware
clogs networks and takes down
systems.
Spam (junk e-mail) is wreaking havoc on system
availability and storage space. And it
can carry malware.
Ethical
hacking helps reveal such attacks against your
computer systems. Parts II through V of this book
cover these attacks in detail, along
with spe- cific countermeasures you can implement against attacks on
your systems.