Certified Ethical Hacker v12 Module 0 : Ethical Hacking Concepts

Certified Ethical Hacker v12 Module 0 : Ethical Hacking Concepts

Introduction

Lab Topology

Exercise 1 — Information Security and Ethical Hacking Overview

Learning Outcomes

In this module, you will complete the following exercises:

  • Exercise 1 — Information Security and Ethical Hacking Overview

After completing this module, you will have further knowledge of:

  • Information Security Overview
  • Cyber Kill Chain Concepts
  • Hacking Concepts
  • Ethical Hacking Concepts
  • Information Security Controls
  • Information Security Laws and Standards

CertMaster Lab Duration

It will take approximately 30 minutes to complete this lab.

Lab Topology

This module contains supporting materials for CEH v12.

Exercise 1 — Information Security and Ethical Hacking Overview

In today’s world, Gigabytes of information are being generated every second. Some of this information is shareable, which means it can be put in a public view, but there is a lot of sensitive and confidential information meant not to be shared. Information security is about protecting the information that needs to be protected — to safeguard the confidentiality, integrity, and availability of confidential information. Several measures and practices need to be applied to safeguard this information.

In this module, you will learn about the concepts of information security and ethical hacking.

Learning Outcomes

After completing this exercise, you will have a further knowledge of:

  • Information Security Overview
  • Cyber Kill Chain Concepts
  • Hacking Concepts
  • Ethical Hacking Concepts
  • Information Security Controls
  • Information Security Laws and Standards

Information Security Overview

Information security is about protecting the information that you create. Information can be personal, private, and confidential, which means that its access needs to be restricted only to certain authorized people to view, modify, or discard it.

Information security essentially relies on the five core pillars or elements:

  • Confidentiality — this means protecting data from falling into the wrong hands and providing access only on a need-to-know basis.
  • Integrity — this means maintaining the accuracy and consistency of data. It is about protecting data from any kind of tampering.
  • Availability — this means making data available as and when required. It is about ensuring that data is available when an authorized person needs to access it.
  • Authenticity — this means ensuring information is genuine and legitimate and that no unauthorized modification occurs.
  • Non-repudiation — this means ensuring that the sender cannot deny sending a message. On the other hand, the receiver cannot deny receiving a message. Digital signatures are used for non-repudiation.

Cyber Kill Chain Concepts

As part of intelligence-driven defense, the Cyber Kill Chain (or Kill Chain) helps identify an attackers’ steps to conduct an attack. It lists a series of steps that an attacker must perform as part of an attack. Using Cyber Kill Chain, you can gain insights into an attackers’ methods and procedures that can be used for conducting an attack and preventing attacks on infrastructure.

There are various stages or phases in the Cyber Kill Chain. These stages are as shown in the exhibit:

ReconnaissanceWeaponizationDeliveryExploitationInstallationCommand &ControlActions onObjectives

Figure 1.1 Diagram showing the Reconnaissance, Weaponization, Delivery, Exploitation, Installation, Command & Control and the Actions on Objectives phases of the Cyber Kill Chain.

The breakdown of each includes some of the following activities:

  • Reconnaissance: Identifying and selecting a target
  • Weaponization: Creating a package with malware / deliverable payload
  • Delivery: Sending the malicious package to a target system via any delivery methods, such as E-mail, USB or Download
  • Exploitation: Triggering a malicious package after delivering it to the target’s system
  • Installation: Installing a backdoor for easy persistent access to the target’s system
  • Command & Control: Initiating communication with the target’s system using an external system, plus managing the target system
  • Actions on objectives: Meeting the objective by exfiltrating data or spreading it to other systems

Hacking Concepts

Hacking is a method of exploiting vulnerabilities with an application, system, or network. A hacker is a person with malicious intent to disrupt an application, system, or network’s functionality or steal confidential information, such as social security numbers, credit cards, or financial information. The hacking process ultimately intends to get unauthorized access to the resources the hacker does not have access to.

The use of different hacking methods leads to different results. For example, a hacker may program or create malware to steal confidential information to sell to competitors or other hackers.

Hackers use various hacking methods to steal the data or intellectual property of an individual or an organization. A hacker may employ different hacking methods with the use of:

  • Malware
  • Denial-of-service attacks
  • Unauthorized remote access
  • Backdoors
  • Phishing
  • Password cracking
  • Sniffing

Hackers can be divided into three different broad categories:

  • Black hat hackers: these hackers break into systems with malicious intent.
  • White hat hackers: these are ethical hackers. They are usually hired or contracted by organizations to evaluate their security parameters.
  • Grey hat hackers: these combine white hat and black hat hacking methodologies. They break into systems without seeking permission, even though their intentions are not malicious, such as stealing valuable information or destroying data for different reasons, such as simply demonstrating their skills. Their actions are still considered illegal, however.

Black hat hackers are divided into different classes based on their intentions and skillset.

Script KiddiesA script kiddie is an unskilled hacker who compromises a system by running scripts, via using tools or software written by more experienced hackers.HacktivistsHacktavists are individuals who promote a political agenda by hacking, especially by defacing or disabling websites.Nation-States/State SponsoredThese threat actors are employed by a government to penetrate and gain top-secret information form and do damage to the information systems of other governments.Suicide HackerSuicide hackers are individuals who look to bring down critical infrastructure for a cause, and are not worried about facing jail terms or any other type of punishment.Cyber TerroristCyber Terrorists are individuals who are motivated by religious or political beliefs to create fear through large-scale disruption of computer networks.

Hacking Phases

Hacking is divided into five phases:

  • Reconnaissance
  • Scanning
  • Gaining access
  • Maintaining access
  • Clearing tracks

Let’s look at each phase in detail:

Reconnaissance

Reconnaissance is about collecting information about the target. The more information an attacker collects, the better he can penetrate the systems and the networks. The core intent of reconnaissance is to know as much as possible about the target to plan the attack. Depending on the information collected, an attacker can plan the attack.

Reconnaissance is of two types:

  • Active: This is conducted by directly interacting with the target. For example, a hacker may use a tool to scan for open ports.
  • Passive: This Is conducted without interacting with the target. For example, the hacker may find information about the target using various websites, such as Whois.com.

ScanningThe scanning phase is an extension of active reconnaissance. Often, the scanning and reconnaissance phases are combined. In scanning, you perform in-depth probing of the target using various tools, such as port scanners and vulnerability scanners. Most hackers focus on finding the vulnerabilities in this phase.Gaining AccessThis is another hacking phase. Vulnerabilities discovered in the Scanning phase are exploited in this phase. An attacker gains access to a vulnerable system and then can perform various activities, such as stealing data or modifying the system configuration to retain long-term access. You also perform privilege escalation to control the accounts with higher privileges. It is important to note that privilege escalation may also be listed as a separate phase.Maintaining Access

After an attacker is inside the system or network, it is time to ensure that they can access the system whenever they want because it is generally a time-consuming activity to perform a comprehensive attack on a system or network.

Therefore, attackers generally do not want to restart the entire exercise and regain access to a system. Because of this, an attacker usually installs a backdoor or creates a user account with administrative privileges to get back into the system as and when required.

Clearing TracksHacking is illegal, and therefore, an attacker attempts to clear the traces of the attack that has taken place. An attacker must do this to avoid any legal complications. An attacker may simply clear the logs or use tools, such as Netcat.

Ethical Hacking Concepts

In the broad sense, Ethical Hacking is a simulated cyber-attack to find risks in the security configuration of existing systems, which first locates vulnerabilities and then attempts to exploit them. A person conducting ethical hacking can attempt a breach of applications, protocols, Application Programming Interfaces (APIs), servers, firewalls, and anything that can be exploited on a network. The core intent is to discover the vulnerabilities before an attacker from the outside world can and then exploit them to simulate the damage caused.

The fundamental difference between hacking and ethical hacking is permissions. Ethical hacking is permitted by a person or an organization to explore the possibility of vulnerabilities within a system or a network. The person performing ethical hacking is contracted or employed by an organization. Looking at the number of attacks conducted, several mid-sized and large organizations employ ethical hackers who help them strengthen their network security.

An ethical hacker does not use their knowledge to exploit the network or system security. Instead, they help the organization discover these vulnerabilities and then help them with suggestions to cover up vulnerabilities.

Information Security Controls

Irrespective of the size of the IT infrastructure, you would want to protect it from different types of security threats. To do that, you need to apply different security measures and ensure that the organization’s assets are protected and safeguarded. These security measures are known as security controls, which help you protect the infrastructure, physical or logical.

Security controls are implemented to handle risks in different ways. They can be implemented to protect the infrastructure by reducing or eliminating the risks. There is no fixed method of applying security controls in the infrastructure.

Defense in Depth

It is important to note that no control works in isolation. Multiple layers of controls must be used in conjunction with one another. This is known as defense in depth or a layered defense strategy and includes the following:

  • Policies, Procedures and Awareness
  • Physical
  • Perimeter
  • Internal Network
  • Host
  • Applications

These layers protect the most important asset — the company’s data

Risk Management

Risk management is the process of reducing and maintaining risk at an acceptable level. This is accomplished by having a thorough and active security program. Phases of a risk management process include:

  • Identification
  • Assessment
  • Treatment
  • Tracking (also known as monitoring)
  • Review

Incident Management and Handling

Incident management involves having a set of defined processes in place to identify, analyze, prioritize and resolve security incidents such that normal service operations are restored and processes put in place to prevent future occurrences of that incident. This includes the following steps:

  • Preparation
  • Identification
  • Containment
  • Eradication
  • Recovery
  • Lessons Learned

Information Security Laws and Standards

Several organizations and government agencies practice several regulations, standards, and legislation. Almost every country has its own national and state-level laws. These laws apply depending on where you perform your duties as an ethical hacker and where the actual data resides.

Let’s look at some of the regulations and standards.

General Data Protection Regulations

The General Data Protection Regulations (GDPR) is a European Union (EU) directive that replaces the previously existing regulation known as the Data Protection Directive. The key focus of GDPR is to regulate how the organizations should protect the data of the EU citizens. GDPR also focuses on the data movement outside the EU. There are seven principles of GDPR:

  • Lawfulness, fairness, and transparency
  • Purpose limitation
  • Data minimization
  • Accuracy
  • Storage limitation
  • Integrity and confidentiality (security)
  • Accountability

National, Territory, or State Laws

Depending on which country you live in, there can be national, territory, or even state laws for security. For example, the United States has several laws applicable at the national level. Some key examples of US based laws include:

  • US Privacy Act of 1974: applicable to the government agencies for the data they hold
  • GRAMM-LEACH-BILLEY ACT (GLBA): focuses on protecting financial non-public information
  • Health Insurance Portability and Accountability Act (HIPAA): focuses on protecting healthcare information
  • Children’s Online Privacy Protection Act (COPPA): focuses on protecting personal information of children below the age of 12
  • Federal Information Security Management Act (FISMA): provides the mandates to federal agencies to protect data
  • Sarbanes Oxley Act (SOX): focuses on protecting the investors and public from corporate financial fraud

Other than the national laws, the laws can be specific to a territory or even the state. For example, California has implemented the Notice of Security Breach Act. This act clearly states that if there is an organization that maintains the personal information of California citizens and is a victim of any security breach, the organization must disclose the incident.

Payment Card Industry Data Security Standard (PCI-DSS)PCI-DSS is a regulatory framework for an organization that deals with credit or debit card payments on the Internet. This is specific to the credit card industry.

Leave a Comment

Your email address will not be published. Required fields are marked *

Open Whatsapp chat
Whatsapp Us
Chat with us for faster replies.