Page 68

Gyandeep - Anniversary Issue ‘15

Ethical hacking- An information security enhancement technique

Shri.V.Balasubramaniam, Instructor Telecom/IRISET

AbstractAs public and private

organizations migrate more oftheir critical functions to theInternet, criminals have moreopportunity and incentive to gainaccess to sensitive informationthrough the Web application. The

state of security on the internet is bad and gettingworse. One reaction to this state of affairs istermed as Ethical Hacking which attempts toincrease security protection by identifying andpatching known security vulnerabilities onsystems owned by other parties. Thus the needof protecting the systems from the nuisance ofhacking generated by the hackers is to promotethe persons who will punch back the illegal attackson our computer systems. So, Ethical hacking isan assessment to test and check an informationtechnology environment for possible weak linksand vulnerabilities. Ethical hacking describes theprocess of hacking a network in an ethical way,therefore with good intentions. So, to overcomefrom these major issues, ethical hackers or whitehat hackers came into existence. One of thefastest growing areas in network security, andcertainly an area that generates much discussion.The main purpose of this study is to reveal thebrief idea of the ethical hacking and its affairswith the corporate security. This paper describeswhat ethical hacking is, what it can do, an ethicalhacking methodology as well as some tools whichcan be used for an ethical hack.1. INTRODUCTION

The Internet is enormously growing and e-commerce is on it’s own advance. The vast growthof Internet has brought many good things likeelectronic commerce, email, easy access to vaststores of reference material etc. More and morecomputers get connected to the Internet, wireless& mobile devices and networks are booming. Dueto the vast usage of the Internet technology, thegovernment, private industry and the everycomputer user have fears of their data or privateinformation being comprised by a cyber criminal

called hackers. There are different types ofhackers like black hat hacker, white hat hackersor the ethical hackers etc. Those types of hackersare called black hat hackers who will secretly stealthe organization’s information and transmit it tothe open internet .

So, to overcome from these major issuescaused by black hat hackers, another categoryof hackers came into existence and these hackersare termed as ethical hackers or white hathackers. So, this paper describes ethical hackers,their skills and how they go about helping theircustomers and plug up security holes. Ethicalhackers perform the hacks as security tests fortheir systems. This type of hacking is always legaland trustworthy. In other terms ethical hacking isthe testing of resources for the betterment oftechnology and is focussed on securing andprotecting IP systems. So, in case of computersecurity, the teams or ethical hackers wouldemploy the same tricks and techniques thathacker use but in a legal manner and they wouldneither damage the target systems nor stealinformation. Instead, they would evaluate thetarget system’s security and report back to theowners with the vulnerabilities they found andinstructions for how to remedy them.

Ethical hacking is a way of doing a securityassessment. Like all other assessments an ethicalhack is a random sample and passing an ethicalhack doesn’t mean there are no security issues.An ethical hack’s results is a detailed report ofthe findings as well as a testimony that a hackerwith a certain amount of time and skills is or isn’table to successfully attack a system or get accessto certain information. Ethical hacking can becategorized as a security assessment, a kind oftraining, a test for the security of an informationtechnology environment.

An ethical hack shows the risks an informationtechnology environment is facing and actions canbe taken to reduce certain risks or to accept them.We can easily say that Ethical hacking doesperfectly fit into the security life cycle shown inthe figure.

Page 69

Gyandeep - Anniversary Issue ‘15

2. TYPES OF ATTACKSNontechnical attacks

Exploits that involve manipulating people ,endusers and even yourself, are the greatestvulnerability within any computer or networkinfrastructure. Humans are trusting by nature,which can lead to social-engineering exploits.Social engineering is defined as the exploitationof the trusting nature of human beings to gaininformation for malicious purpose. Other commonand effective attacks against information systemsare physical. Hackers break into buildings,computer rooms, or other areas containing criticalinformation or property. Physical attacks caninclude dumpster diving (rummaging throughtrash cans and dumpsters for intellectual property,passwords, network diagrams, and otherinformation).

Network-infrastructure attacksHacker attacks against network infrastructures

can be easy, because many networks can bereached from anywhere in the world via theInternet. Here are some examples of network-infrastructure attacks:

Connecting into a network through a roguemodem attached to a computer behind afirewall.Exploiting weaknesses in network transportmechanisms, such as TCP/IP and NetBIOS.Flooding a network with too many requests,creating a denial of service (DoS) for legitimaterequests.Installing a network analyzer on a network andcapturing every packet that travels across it,revealing confidential information in clear text,Piggybacking onto a network through an inse-cure 802.11b wireless configuration.

Operating-system attacksHacking operating systems (OSs) is a

preferred method of the bad guys. OSs comprisea large portion of hacker attacks simply becauseevery computer has one and so many well-known

exploits can be used against them. Occasionally,some operating systems that are moresecure out of the box, such as Novell NetWareand the flavors of BSD UNIX, are attacked, andvulnerabilities turn up. But hackers preferattacking operating systems like Windows andLinux because they are widely used and betterknown for their vulnerabilities. Here are someexamples of attacks on operating systems:

Exploiting specific protocol implementationsAttacking built-in authentication systems.Breaking file-system security.Cracking passwords and encryption mecha-nisms.

Application and other specialized attacksApplications take a lot of hits by hackers.

Programs such as e-mail server software andWeb applications often are beaten down:

Hypertext Transfer Protocol (HTTP) andSimple Mail Transfer Protocol (SMTP) appli-cations are frequently attacked because mostfirewalls and other security mechanisms areconfigured to allow full access to these pro-grams from the Internet.Malicious software (malware) includes vi-ruses, worms, Trojan horses, and spyware.Malware clogs networks and takes down sys-tems.Spam (junk e-mail) is wreaking havoc on sys-tem availability and storage space. And it cancarry malware. Ethical hacking helps revealsuch attacks against your computer systems.

3. THE INTRUDER’S MAIN MOTIVES ARETo perform network scanning to find out vul-nerable hosts in the network.To install an FTP server for distributing illegalcontent on network (ex. pirated software ormovies)To use the host as a spam relay to continuousflood in the network.To establish a web server (non-privileged port)to be used for some phishing scam.

4. TOOLS USED BY HACKERSThere are several common tools used by

computer criminals to penetrate network as:

• Trojan horse- These are malicious programsor legitimate software is to be used set up aback door in a computer system so that thecriminal can gain access.

• Virus- A virus is a self-replicating program that

Page 70

Gyandeep - Anniversary Issue ‘15

spreads by inserting copies of itself into otherexecutable code or documents.

• Worm - The worm is a like virus and also a selfreplicating program. The difference between avirus and a worm is that a worm does not at-tach itself to other code.

• Vulnerability scanner – This tool is used byhackers & intruders for quickly check comput-ers on a network for known weaknesses. Hack-ers also use port scanners. This check to seewhich ports on a specified computer are "open"or available to access the computer.

• Sniffer – This is an application that capturespassword and other data in transit either withinthe computer or over the network.

• Exploit – This is an application to takes advan-tage of a known weakness.

• Social engineering – Through this to obtainsome form of information.

• Root kit - This tool is for hiding the fact that acomputer's security has been compromised.

5. TYPES OF HACKING• Inside Jobs : Most security breaches originate

inside the network that is under attack. Insidejobs include stealing passwords (which hack-ers then use or sell), performing industrial es-pionage, causing harm (as disgruntled employ-ees), or committing simple misuse. Soundpolicy enforcement and observant employeeswho guard their passwords and PCs can thwartmany of these security breaches.

• Rogue Access Points : Rogue access points(APs) are unsecured wireless access pointsthat outsiders can easily breech. Rogue APsare most often connected by well-meaning butignorant employees.

• Back Doors Hackers can gain access to a net-work by exploiting back doors administrativeshortcuts, configuration errors, easily deci-phered passwords, and unsecured dial-ups.

• Denial of Service : DOS attacks give hackersa way to bring down a network without gaininginternal access. DOS attacks work by floodingthe access routers with bogus traffic (which canbe e-mail or Transmission Control Protocol,TCP, packets).

• Distributed Doss : (DDOSS) are coordinatedDOS attacks from multiple sources. A DDOSSmore difficult to block because it uses multiple,changing, source IP addresses.

• Anarchists, Crackers, and Kiddies Anar-chists are people who just like to break stuff.They usually exploit any target of opportunity.

Crackers are hobbyists or professionals whobreak passwords and develop Trojan horsesor other SW (called wares). They either usethe SW themselves (for bragging rights) or sellit for profit. Script kiddies are hacker wannabes.They have no real hacker skills, so they buy ordownload wares, which they launch.

• Sniffing and Spoofing Sniffing refers to theact of intercepting TCP packets. This intercep-tion can happen through simple eavesdroppingor something more sinister. Spoofing is the actof sending an illegitimate packet with an ex-pected acknowledgment (ACK), which a hackercan guess, predict, or obtain by snooping.

6. ETHICAL HACKING PROCESSThe Ethical hacking process needs to be

planned in advance. All technical, managementand strategical issues must be considered.Planning is important for any amount of testing –from a simple password test to all out penetrationtest on a web application. Backup off data mustbe ensured, otherwise the testing may be calledoff unexpectedly if someone claims they neverauthorises for the tests. So, a well defined scopeinvolves the following information:

1. Specific systems to be tested.2. Risks that are involved.3. Preparing schedule to carry test and overall

timeline.4. Gather and explore knowledge of the systems

we have before testing.5. What is done when a major vulnerability is dis-

covered?6. The specific deliverables- this includes secu-

rity assessment reports and a higher level re-port outlining the general vulnerabilities to beaddressed, along with counter measures thatshould be implemented when selecting sys-tems to test, start with the most critical or vul-nerable systems.The overall hacking methodology consists of

certain steps which are as follows:

Page 71

Gyandeep - Anniversary Issue ‘15

1. Reconnaissance: To be able to attack a sys-tem systematically, a hacker has to know asmuch as possible about the target. It is impor-tant to get an overview of the network and theused systems. Information as DNS servers,administrator contacts and IP ranges can becollected.

2. Probe and Attack: This is a phase 2 processas shown in the above fig. The probe and at-tack phase is about digging in, going closerand getting a feeling for the target. It’s time totry the collected, possible vulnerabilities fromthe reconnaissance phase.

3. Listening: This is again a phase 2 processi.e. scanning which is a combination of Probeand attack and listening. Listening to networktraffic or to application data can sometimes helpto attack a system or to advance deeper into acorporate network. Listening is especially pow-erful as soon as one has control of an impor-tant communication bottleneck. Sniffers areheavily used during the listening phase.

4. First Access: This is a phase 3 process whichis not about getting root access, it’s about get-ting any access to a system be it a user or rootaccount. Once this option is available it’s timeto go for higher access levels or new systemswhich are now reachable through the acquiredsystem.

5. Advancement: Phase 4 i.e. Maintaining ac-cess is a combination of Advancement andStealth process. The advancement phase isprobably the most creative demanding stage,as unlimited possibilities are open. Sniffingnetwork traffic may unveil certain passwords,needed usernames or e-mail traffic with usableinformation. Sending mails to administrators

faking some known users may help in gettingdesired information or even access to a newsystem.

6. Stealth: Some systems may be of high value– systems which act as routers or firewalls, sys-tems where a root account could be acquired.To have access to such systems at a later timeit is important clean relevant log files.

7. Takeover: Takeover is a phase 5 process.Once root access could be attained, the sys-tem can be considered won. From there on it’spossible to install any tools, do every actionand start every services on that particular ma-chine.

8. Cleanup: This could be instructions in the fi-nal report on how to remove certain trojans butmost of the time this will be done by the hackeritself. Removing all traces as far as possible iskind of a duty for the hacking craft.

CONCLUSIONThis paper addressed ethical hacking from

several perspectives. Ethical hacking seems tobe a new buzz word although the techniques andideas of testing security by attacking aninstallation aren’t new at all. But, with the presentpoor security on the internet, ethical hacking maybe the most effective way to plug security holesand prevent intrusions. So, at present the tacticalobjective is to stay one step ahead of the hackers.Ethical Hacking is a tool, which if properly utilized,can prove useful fo r understanding theweaknesses of a network and how they might beexploited. After all, ethical hacking will play acertain role in the security assessment offeringsand certainly has earned its place among othersecurity assessments.