internet

314 views

Published on

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
314
On SlideShare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
24
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

internet

  1. 1. Hands-On Ethical Hacking and Network Defense Second Edition Chapter 4Footprinting and Social Engineering
  2. 2. Objectives• After reading this chapter and completing the exercises, you will be able to: – Use Web tools for footprinting – Conduct competitive intelligence – Describe DNS zone transfers – Identify the types of social engineeringHands-On Ethical Hacking and Network Defense, Second Edition 2
  3. 3. Using Web Tools for Footprinting• “Case the joint” – Look over the location – Find weakness in security systems – Types of locks and alarms used• Footprinting – Finding information on company’s network – Passive and nonintrusive – Several available Web toolsHands-On Ethical Hacking and Network Defense, Second Edition 3
  4. 4. Table 4-1 Summary of Web toolsHands-On Ethical Hacking and Network Defense, Second Edition 4
  5. 5. Table 4-1 Summary of Web tools (cont’d.)Hands-On Ethical Hacking and Network Defense, Second Edition 5
  6. 6. Conducting Competitive Intelligence• Numerous resources to find information legally – Competitive intelligence • Gathering information using technology• Security professionals must: – Explain methods used to gather information • Have a good understanding of methodsHands-On Ethical Hacking and Network Defense, Second Edition 6
  7. 7. Analyzing a Company’s Web Site• Easy source of critical information – Many available tools• Paros – Powerful tool for UNIX and Windows OSs – Requires Java J2SEHands-On Ethical Hacking and Network Defense, Second Edition 7
  8. 8. Figure 4-1 The main window of ParosHands-On Ethical Hacking and Network Defense, Second Edition 8
  9. 9. Analyzing a Company’s Web Site (cont’d.)• Paros: searching for a Web site – Click Tools, Spider – Enter Web site’s URL – Check resultsHands-On Ethical Hacking and Network Defense, Second Edition 9
  10. 10. Figure 4-2 Entering a URL in the Input dialog boxHands-On Ethical Hacking and Network Defense, Second Edition 10
  11. 11. Figure 4-3 Displaying filenames of all Web pages on a siteHands-On Ethical Hacking and Network Defense, Second Edition 11
  12. 12. Analyzing a Company’s Web Site (cont’d.)• Paros: getting Web site structure – Click Tree, Scan All – Report includes: • Vulnerabilities • Risk levels• Gathering information this way: – Time consumingHands-On Ethical Hacking and Network Defense, Second Edition 12
  13. 13. Figure 4-4 The Paros scanning reportHands-On Ethical Hacking and Network Defense, Second Edition 13
  14. 14. Using Other Footprinting Tools• Whois – Commonly used – Gathers IP address and domain information – Attackers can also use it Figure 4-5 Viewing information with the SamSpade Whois utilityHands-On Ethical Hacking and Network Defense, Second Edition 14
  15. 15. Using E-mail Addresses• E-mail addresses – Help retrieve even more information• Find e-mail address format – Guess other employees’ e-mail accounts• Tool to find corporate employee information – Groups.google.comHands-On Ethical Hacking and Network Defense, Second Edition 15
  16. 16. Using HTTP Basics• HTTP operates on port 80• HTTP commands – Pull information from a Web server• Basic understanding of HTTP – Beneficial for security testers• Return codes – Reveal information about OS used• HTTP methods – GET/ HTTP/1.1.Hands-On Ethical Hacking and Network Defense, Second Edition 16
  17. 17. Table 4-2 HTTP client errorsHands-On Ethical Hacking and Network Defense, Second Edition 17
  18. 18. Table 4-3 HTTP server errorsHands-On Ethical Hacking and Network Defense, Second Edition 18
  19. 19. Table 4-4 HTTP methodsHands-On Ethical Hacking and Network Defense, Second Edition 19
  20. 20. Figure 4-6 Using the OPTIONS HTTP methodHands-On Ethical Hacking and Network Defense, Second Edition 20
  21. 21. Figure 4-7 Using the HEAD HTTP methodHands-On Ethical Hacking and Network Defense, Second Edition 21
  22. 22. Other Methods of Gathering Information• With just a URL, you can determine: – Web server – OS – Names of IT personnel• Other methods: – Cookies – Web bugsHands-On Ethical Hacking and Network Defense, Second Edition 22
  23. 23. Detecting Cookies and Web Bugs• Cookie – Text file generated by a Web server – Stored on a user’s browser – Information sent back to Web server when user returns – Used to customize Web pages – Some cookies store personal information • Security issueHands-On Ethical Hacking and Network Defense, Second Edition 23
  24. 24. Detecting Cookies and Web Bugs (cont’d.)• Web bug – One-pixel by one-pixel image file – Referenced in an <IMG> tag – Usually works with a cookie – Purpose similar to spyware and adware – Comes from third-party companies • Specializing in data collectionHands-On Ethical Hacking and Network Defense, Second Edition 24
  25. 25. Using Domain Name Service Zone Transfers• Domain Name System (DNS) – Resolves host names to IP addresses – People prefer URLs to IP addresses • Extremely vulnerable• Zone transfer tools – Dig and Host• Determining primary DNS server – Start of Authority (SOA) record • Shows zones or IP addresses – Zone transfer gives network diagramHands-On Ethical Hacking and Network Defense, Second Edition 25
  26. 26. Figure 4-9 Using the Dig commandHands-On Ethical Hacking and Network Defense, Second Edition 26
  27. 27. Introduction to Social Engineering• Older than computers – Targets human component of a network• Goals – Obtain confidential information (passwords) – Obtain other personal information• Tactics – Persuasion – Intimidation – Coercion – Extortion/blackmailingHands-On Ethical Hacking and Network Defense, Second Edition 27
  28. 28. Introduction to Social Engineering (cont’d.)• Biggest security threat – Most difficult to protect against• Main idea: – “Why try to crack a password when you can simply ask for it?” • Users divulge passwords to IT personnel• Human behavior studied – Personality traits – Body languageHands-On Ethical Hacking and Network Defense, Second Edition 28
  29. 29. Introduction to Social Engineering (cont’d.)• Techniques – Urgency – Quid pro quo – Status quo – Kindness – Position• Train users – Not to reveal information – To verify caller identity • Ask questions and call back to confirmHands-On Ethical Hacking and Network Defense, Second Edition 29
  30. 30. Figure 4-10 The OSSTMM social- engineering templateHands-On Ethical Hacking and Network Defense, Second Edition 30
  31. 31. The Art of Shoulder Surfing• Shoulder surfer – Reads what users enter on keyboards • Logon names • Passwords • PINs• Tools – Binoculars or high-powered telescopes – Key positions and typing techniques – Popular letter substitutions • $ equals s, @ equals aHands-On Ethical Hacking and Network Defense, Second Edition 31
  32. 32. The Art of Shoulder Surfing (cont’d.)• Prevention – Avoid typing when: • Someone is nearby • Someone nearby is talking on cell phone – Computer monitors: • Face away from door or cubicle entryway – Immediately change password if you suspect someone is observing youHands-On Ethical Hacking and Network Defense, Second Edition 32
  33. 33. The Art of Dumpster Diving• Attacker finds information in victim’s trash – Discarded computer manuals – Passwords jotted down – Company phone directories – Calendars with schedules – Financial reports – Interoffice memos – Company policy – Utility bills – ResumesHands-On Ethical Hacking and Network Defense, Second Edition 33
  34. 34. The Art of Dumpster Diving (cont’d.)• Prevention – Educate users • Dumpster diving • Proper trash disposal – Format disks before disposing them • Software writes binary zeros • Done at least seven times – Discard computer manuals offsite – Shred documents before disposalHands-On Ethical Hacking and Network Defense, Second Edition 34
  35. 35. The Art of Piggybacking• Trailing closely behind an employee cleared to enter restricted areas• How it works: – Watch authorized personnel enter an area – Quickly join them at security entrance – Exploit desire to be polite and helpful – Attacker wears a fake badge or security cardHands-On Ethical Hacking and Network Defense, Second Edition 35
  36. 36. The Art of Piggybacking (cont’d.)• Prevention – Use turnstiles – Train personnel to notify security about strangers – Do not hold secured doors for anyone • Even people they know – All employees must use access cardsHands-On Ethical Hacking and Network Defense, Second Edition 36
  37. 37. Phishing• Phishing e-mails – “Update your account details” – Usually framed as urgent request to visit a Web site • Web site is a fake• Spear phishing – Combines social engineering and exploiting vulnerabilities – E-mail attacks directed at specific people • Comes from someone the recipient knows • Mentions topics of mutual interestHands-On Ethical Hacking and Network Defense, Second Edition 37
  38. 38. Figure 4-12 A phishing e-mailHands-On Ethical Hacking and Network Defense, Second Edition 38
  39. 39. Summary• Footprinting – Gathering network information with Web tools• Competitive intelligence – Gathered through observation and Web tools• IP addresses and domain names – Found by using tools (e.g., SamSpade)• Cookies and Web bugs – Collect and retrieve user’s information• Zone transfers – Used to obtain network topologiesHands-On Ethical Hacking and Network Defense, Second Edition 39
  40. 40. Summary (cont’d.)• Social engineering – Attacks using human nature • Many methods – Educate personnel• Attacker techniques – Shoulder surfing – Dumpster diving – Piggybacking – PhishingHands-On Ethical Hacking and Network Defense, Second Edition 40

×