Hands-On Ethical Hacking and Network Defense   Chapter 4 Footprinting and Social Engineering Last modified 2-23-09
Objectives <ul><li>Use Web tools for footprinting </li></ul><ul><li>Conduct competitive intelligence </li></ul><ul><li>Des...
Using Web Tools for Footprinting <ul><li>“ Case the joint” </li></ul><ul><ul><li>Look over the location </li></ul></ul><ul...
Web Tools for Footprinting
Conducting Competitive Intelligence <ul><li>Numerous resources to find information legally </li></ul><ul><li>Competitive I...
Analyzing a Company’s Web Site <ul><li>Web pages are an easy source of information </li></ul><ul><li>Many tools available ...
Analyzing a Company’s Web Site (continued) <ul><li>Paros </li></ul><ul><ul><li>Start Paros </li></ul></ul><ul><ul><li>Set ...
Setting a Proxy Server in Firefox <ul><ul><li>Tools </li></ul></ul><ul><ul><li>Options </li></ul></ul><ul><ul><li>Advanced...
Spider Results <ul><li>In Paros: </li></ul><ul><ul><li>Analyze </li></ul></ul><ul><ul><li>Spider </li></ul></ul><ul><li>Fi...
Scan Results <ul><li>In Paros: </li></ul><ul><ul><li>Analyze </li></ul></ul><ul><ul><li>Scan </li></ul></ul><ul><li>Finds ...
Using Other Footprinting Tools <ul><li>Whois </li></ul><ul><ul><li>Commonly used tool </li></ul></ul><ul><ul><li>Gathers I...
ARIN Whois from Linux <ul><li>host mit.edu </li></ul><ul><li>nc whois.arin.net </li></ul><ul><li>18.7.22.69 </li></ul><ul>...
Sam Spade <ul><li>GUI tool </li></ul><ul><li>Available for UNIX and Windows </li></ul><ul><li>Easy to use </li></ul>
Using E-mail Addresses <ul><li>E-mail addresses help you retrieve even more information than the previous commands </li></...
Using HTTP Basics <ul><li>HTTP operates on port 80 </li></ul><ul><li>Use HTTP language to pull information from a Web serv...
Using HTTP Basics (continued) <ul><li>HTTP methods </li></ul><ul><ul><li>GET / HTTP/1.1. is the most basic method </li></u...
Using Netcat as a Browser <ul><li>Use Ubuntu Linux </li></ul><ul><li>nc www.ccsf.edu 80 </li></ul><ul><li>HEAD / HTTP/1.0 ...
Example: OPTIONS  (Not in Lecture Notes) <ul><li>To use HTTP OPTIONS Method </li></ul><ul><li>In a Linux Terminal Window <...
Other Methods of Gathering Information <ul><li>Cookies </li></ul><ul><li>Web bugs </li></ul>
Detecting Cookies and Web Bugs <ul><li>Cookie </li></ul><ul><ul><li>Text file generated by a Web server </li></ul></ul><ul...
Viewing Cookies <ul><li>In Firefox </li></ul><ul><li>Tools, Options  </li></ul><ul><li>Privacy tab </li></ul><ul><li>Show ...
Detecting Cookies and Web Bugs (continued) <ul><li>Web bug </li></ul><ul><ul><li>1-pixel x 1-pixel image file (usually tra...
Bugnosis <ul><li>Bugnosis is gone, </li></ul><ul><li>but Firefox has  </li></ul><ul><li>an experimental  </li></ul><ul><li...
Using Domain Name Service (DNS) Zone Transfers <ul><li>DNS </li></ul><ul><ul><li>Resolves host names to IP addresses </li>...
Primary DNS Server <ul><li>Determining company’s primary DNS server </li></ul><ul><ul><li>Look for the Start of Authority ...
Using dig to find the SOA <ul><li>dig soa mit.edu </li></ul><ul><li>Shows three servers, with IP addresses </li></ul><ul><...
Using (DNS) Zone Transfers <ul><li>Zone Transfer </li></ul><ul><ul><li>Enables you to see all hosts on a network </li></ul...
Blocking Zone Transfers (not in Lecture Notes) <ul><ul><li>See link Ch 4e </li></ul></ul>
Introduction to Social Engineering <ul><li>Older than computers </li></ul><ul><li>Targets the human component of a network...
Tactics <ul><ul><li>Persuasion </li></ul></ul><ul><ul><li>Intimidation </li></ul></ul><ul><ul><li>Coercion </li></ul></ul>...
Introduction to Social Engineering (continued) <ul><li>The biggest security threat to networks </li></ul><ul><li>Most diff...
Studies human behavior <ul><ul><li>Recognize personality traits </li></ul></ul><ul><ul><li>Understand how to read body lan...
Introduction to Social Engineering (continued) <ul><li>Techniques </li></ul><ul><ul><li>Urgency </li></ul></ul><ul><ul><li...
Preventing Social Engineering <ul><li>Train user not to reveal any information to outsiders </li></ul><ul><li>Verify calle...
The Art of Shoulder Surfing <ul><li>Shoulder surfer </li></ul><ul><ul><li>Reads what users enter on keyboards </li></ul></...
Tools for Shoulder Surfing <ul><li>Binoculars or telescopes or cameras in cell phones </li></ul><ul><li>Knowledge of key p...
The Art of Shoulder Surfing (continued) <ul><li>Prevention </li></ul><ul><ul><li>Avoid typing when someone is nearby </li>...
Dumpster Diving <ul><li>Attacker finds information in victim’s trash </li></ul><ul><ul><li>Discarded computer manuals </li...
The Art of Dumpster Diving (continued) <ul><li>Prevention </li></ul><ul><ul><li>Educate your users about dumpster diving <...
The Art of Piggybacking <ul><li>Trailing closely behind an employee cleared to enter restricted areas </li></ul><ul><li>Ho...
The Art of Piggybacking (continued) <ul><li>Prevention </li></ul><ul><ul><li>Use turnstiles </li></ul></ul><ul><ul><li>Tra...
Upcoming SlideShare
Loading in …5
×

Ch04 Footprinting and Social Engineering

2,035 views

Published on

Footprinting and Social Engineering

Published in: Education, Business, Technology
1 Comment
2 Likes
Statistics
Notes
  • I want quiz in this chapter
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
No Downloads
Views
Total views
2,035
On SlideShare
0
From Embeds
0
Number of Embeds
3
Actions
Shares
0
Downloads
91
Comments
1
Likes
2
Embeds 0
No embeds

No notes for slide

Ch04 Footprinting and Social Engineering

  1. 1. Hands-On Ethical Hacking and Network Defense Chapter 4 Footprinting and Social Engineering Last modified 2-23-09
  2. 2. Objectives <ul><li>Use Web tools for footprinting </li></ul><ul><li>Conduct competitive intelligence </li></ul><ul><li>Describe DNS zone transfers </li></ul><ul><li>Identify the types of social engineering </li></ul>
  3. 3. Using Web Tools for Footprinting <ul><li>“ Case the joint” </li></ul><ul><ul><li>Look over the location </li></ul></ul><ul><ul><li>Find weakness in security systems </li></ul></ul><ul><ul><li>Types of locks, alarms </li></ul></ul><ul><li>In computer jargon, this is called footprinting </li></ul><ul><ul><li>Discover information about </li></ul></ul><ul><ul><ul><li>The organization </li></ul></ul></ul><ul><ul><ul><li>Its network </li></ul></ul></ul>
  4. 4. Web Tools for Footprinting
  5. 5. Conducting Competitive Intelligence <ul><li>Numerous resources to find information legally </li></ul><ul><li>Competitive Intelligence </li></ul><ul><ul><li>Gathering information using technology </li></ul></ul><ul><li>Identify methods others can use to find information about your organization </li></ul><ul><li>Limit amount of information company makes public </li></ul>
  6. 6. Analyzing a Company’s Web Site <ul><li>Web pages are an easy source of information </li></ul><ul><li>Many tools available </li></ul><ul><li>Paros </li></ul><ul><ul><li>Powerful tool for UNIX and Windows </li></ul></ul><ul><ul><li>www.parosproxy.org </li></ul></ul><ul><ul><li>Requires having Java J2SE installed </li></ul></ul><ul><ul><ul><li>www.sun.com </li></ul></ul></ul>
  7. 7. Analyzing a Company’s Web Site (continued) <ul><li>Paros </li></ul><ul><ul><li>Start Paros </li></ul></ul><ul><ul><li>Set proxy server in a browser </li></ul></ul><ul><ul><li>Then go to a site in the browser </li></ul></ul><ul><ul><ul><li>mtsconsulting.net is a good test </li></ul></ul></ul><ul><ul><li>Analyze -> Spider to find all the pages </li></ul></ul>
  8. 8. Setting a Proxy Server in Firefox <ul><ul><li>Tools </li></ul></ul><ul><ul><li>Options </li></ul></ul><ul><ul><li>Advanced </li></ul></ul><ul><ul><li>Settings </li></ul></ul><ul><li>Then go to </li></ul><ul><ul><li>mtjconsulting.com </li></ul></ul>
  9. 9. Spider Results <ul><li>In Paros: </li></ul><ul><ul><li>Analyze </li></ul></ul><ul><ul><li>Spider </li></ul></ul><ul><li>Finds all the pages in a site </li></ul><ul><li>Don’t scan any sites without permission! </li></ul><ul><li>Just mtjconsulting.com </li></ul>
  10. 10. Scan Results <ul><li>In Paros: </li></ul><ul><ul><li>Analyze </li></ul></ul><ul><ul><li>Scan </li></ul></ul><ul><li>Finds security risks in a site </li></ul><ul><li>Again, don’t scan sites without permission! </li></ul>
  11. 11. Using Other Footprinting Tools <ul><li>Whois </li></ul><ul><ul><li>Commonly used tool </li></ul></ul><ul><ul><li>Gathers IP address and domain information </li></ul></ul><ul><ul><li>Attackers can also use it </li></ul></ul><ul><li>Host command </li></ul><ul><ul><li>Can look up one IP address, or the whole DNS Zone file </li></ul></ul><ul><ul><ul><li>All the servers in the domain </li></ul></ul></ul>
  12. 12. ARIN Whois from Linux <ul><li>host mit.edu </li></ul><ul><li>nc whois.arin.net </li></ul><ul><li>18.7.22.69 </li></ul><ul><li>This shows registration information for the domain </li></ul>
  13. 13. Sam Spade <ul><li>GUI tool </li></ul><ul><li>Available for UNIX and Windows </li></ul><ul><li>Easy to use </li></ul>
  14. 14. Using E-mail Addresses <ul><li>E-mail addresses help you retrieve even more information than the previous commands </li></ul><ul><li>Find e-mail address format </li></ul><ul><ul><li>Guess other employees’ e-mail accounts </li></ul></ul><ul><li>Tool to find corporate employee information </li></ul><ul><ul><li>Groups.google.com </li></ul></ul>
  15. 15. Using HTTP Basics <ul><li>HTTP operates on port 80 </li></ul><ul><li>Use HTTP language to pull information from a Web server </li></ul><ul><li>Basic understanding of HTTP is beneficial for security testers </li></ul><ul><li>Return codes </li></ul><ul><ul><li>Reveal information about server OS </li></ul></ul>
  16. 16.
  17. 17.
  18. 18. Using HTTP Basics (continued) <ul><li>HTTP methods </li></ul><ul><ul><li>GET / HTTP/1.1. is the most basic method </li></ul></ul><ul><ul><li>Can determine information about server OS from the server’s generated output </li></ul></ul>
  19. 19.
  20. 20. Using Netcat as a Browser <ul><li>Use Ubuntu Linux </li></ul><ul><li>nc www.ccsf.edu 80 </li></ul><ul><li>HEAD / HTTP/1.0 </li></ul><ul><ul><li>Gets header </li></ul></ul><ul><li>GET / HTTP/1.0 </li></ul><ul><ul><li>Gets whole Web page </li></ul></ul><ul><ul><li>Open www.ccsf.edu in a browser and compare to source code </li></ul></ul><ul><li>Activity 4-3 in your book does not work </li></ul>
  21. 21. Example: OPTIONS (Not in Lecture Notes) <ul><li>To use HTTP OPTIONS Method </li></ul><ul><li>In a Linux Terminal Window </li></ul><ul><ul><ul><li>nc www.w3.org 80 </li></ul></ul></ul><ul><ul><ul><li>OPTIONS * HTTP/1.1 </li></ul></ul></ul><ul><ul><ul><li>Host: www.w3.org:80 </li></ul></ul></ul><ul><li>Press Enter twice </li></ul><ul><ul><li>See links Ch 4c, 4d </li></ul></ul>
  22. 22. Other Methods of Gathering Information <ul><li>Cookies </li></ul><ul><li>Web bugs </li></ul>
  23. 23. Detecting Cookies and Web Bugs <ul><li>Cookie </li></ul><ul><ul><li>Text file generated by a Web server </li></ul></ul><ul><ul><li>Stored on a user’s browser </li></ul></ul><ul><ul><li>Information sent back to Web server when user returns </li></ul></ul><ul><ul><li>Used to customize Web pages </li></ul></ul><ul><ul><li>Some cookies store personal information </li></ul></ul><ul><ul><ul><li>Security issue </li></ul></ul></ul>
  24. 24. Viewing Cookies <ul><li>In Firefox </li></ul><ul><li>Tools, Options </li></ul><ul><li>Privacy tab </li></ul><ul><li>Show Cookies </li></ul>
  25. 25. Detecting Cookies and Web Bugs (continued) <ul><li>Web bug </li></ul><ul><ul><li>1-pixel x 1-pixel image file (usually transparent) </li></ul></ul><ul><ul><li>Referenced in an <IMG> tag </li></ul></ul><ul><ul><li>Usually works with a cookie </li></ul></ul><ul><ul><li>Purpose similar to that of spyware and adware </li></ul></ul><ul><ul><li>Comes from third-party companies specializing in data collection </li></ul></ul>
  26. 26. Bugnosis <ul><li>Bugnosis is gone, </li></ul><ul><li>but Firefox has </li></ul><ul><li>an experimental </li></ul><ul><li>extension named </li></ul><ul><li>Foxbeacon </li></ul><ul><ul><li>http://www.shyyonk.net/foxbeacon/download.html </li></ul></ul><ul><li>See links Ch 4g, 4h </li></ul>
  27. 27. Using Domain Name Service (DNS) Zone Transfers <ul><li>DNS </li></ul><ul><ul><li>Resolves host names to IP addresses </li></ul></ul><ul><ul><li>People prefer using URLs to IP addresses </li></ul></ul><ul><ul><li>Extremely vulnerable </li></ul></ul><ul><li>Zone Transfer tools </li></ul><ul><ul><li>Dig </li></ul></ul><ul><ul><li>Host </li></ul></ul>
  28. 28. Primary DNS Server <ul><li>Determining company’s primary DNS server </li></ul><ul><ul><li>Look for the Start of Authority (SOA) record </li></ul></ul><ul><ul><li>Shows zones or IP addresses </li></ul></ul>
  29. 29. Using dig to find the SOA <ul><li>dig soa mit.edu </li></ul><ul><li>Shows three servers, with IP addresses </li></ul><ul><li>This is a start at mapping the MIT network </li></ul>
  30. 30. Using (DNS) Zone Transfers <ul><li>Zone Transfer </li></ul><ul><ul><li>Enables you to see all hosts on a network </li></ul></ul><ul><ul><li>Gives you organization’s network diagram </li></ul></ul><ul><ul><ul><li>MIT has protected their network – zone transfers no longer work </li></ul></ul></ul><ul><ul><ul><li>dig @BITSY.mit.edu mit.edu axfr </li></ul></ul></ul><ul><ul><ul><li>Command fails now </li></ul></ul></ul>
  31. 31. Blocking Zone Transfers (not in Lecture Notes) <ul><ul><li>See link Ch 4e </li></ul></ul>
  32. 32. Introduction to Social Engineering <ul><li>Older than computers </li></ul><ul><li>Targets the human component of a network </li></ul><ul><li>Goals </li></ul><ul><ul><li>Obtain confidential information (passwords) </li></ul></ul><ul><ul><li>Obtain personal information </li></ul></ul>
  33. 33. Tactics <ul><ul><li>Persuasion </li></ul></ul><ul><ul><li>Intimidation </li></ul></ul><ul><ul><li>Coercion </li></ul></ul><ul><ul><li>Extortion/blackmailing </li></ul></ul>
  34. 34. Introduction to Social Engineering (continued) <ul><li>The biggest security threat to networks </li></ul><ul><li>Most difficult to protect against </li></ul><ul><li>Main idea: </li></ul><ul><ul><li>“ Why to crack a password when you can simply ask for it?” </li></ul></ul><ul><ul><li>Users divulge their passwords to IT personnel </li></ul></ul>
  35. 35. Studies human behavior <ul><ul><li>Recognize personality traits </li></ul></ul><ul><ul><li>Understand how to read body language </li></ul></ul>
  36. 36. Introduction to Social Engineering (continued) <ul><li>Techniques </li></ul><ul><ul><li>Urgency </li></ul></ul><ul><ul><li>Quid pro quo </li></ul></ul><ul><ul><li>Status quo </li></ul></ul><ul><ul><li>Kindness </li></ul></ul><ul><ul><li>Position </li></ul></ul>
  37. 37. Preventing Social Engineering <ul><li>Train user not to reveal any information to outsiders </li></ul><ul><li>Verify caller identity </li></ul><ul><ul><li>Ask questions </li></ul></ul><ul><ul><li>Call back to confirm </li></ul></ul><ul><li>Security drills </li></ul>
  38. 38.
  39. 39.
  40. 40.
  41. 41. The Art of Shoulder Surfing <ul><li>Shoulder surfer </li></ul><ul><ul><li>Reads what users enter on keyboards </li></ul></ul><ul><ul><ul><li>Logon names </li></ul></ul></ul><ul><ul><ul><li>Passwords </li></ul></ul></ul><ul><ul><ul><li>PINs </li></ul></ul></ul>
  42. 42. Tools for Shoulder Surfing <ul><li>Binoculars or telescopes or cameras in cell phones </li></ul><ul><li>Knowledge of key positions and typing techniques </li></ul><ul><li>Knowledge of popular letter substitutions </li></ul><ul><ul><li>s equals $, a equals @ </li></ul></ul>
  43. 43. The Art of Shoulder Surfing (continued) <ul><li>Prevention </li></ul><ul><ul><li>Avoid typing when someone is nearby </li></ul></ul><ul><ul><li>Avoid typing when someone nearby is talking on cell phone </li></ul></ul><ul><ul><li>Computer monitors should face away from door or cubicle entryway </li></ul></ul><ul><ul><li>Immediately change password if you suspect someone is observing you </li></ul></ul>
  44. 44. Dumpster Diving <ul><li>Attacker finds information in victim’s trash </li></ul><ul><ul><li>Discarded computer manuals </li></ul></ul><ul><ul><ul><li>Notes or passwords written in them </li></ul></ul></ul><ul><ul><li>Telephone directories </li></ul></ul><ul><ul><li>Calendars with schedules </li></ul></ul><ul><ul><li>Financial reports </li></ul></ul><ul><ul><li>Interoffice memos </li></ul></ul><ul><ul><li>Company policy </li></ul></ul><ul><ul><li>Utility bills </li></ul></ul><ul><ul><li>Resumes of employees </li></ul></ul>
  45. 45. The Art of Dumpster Diving (continued) <ul><li>Prevention </li></ul><ul><ul><li>Educate your users about dumpster diving </li></ul></ul><ul><ul><li>Proper trash disposal </li></ul></ul><ul><ul><li>Use “disk shredder” software to erase disks before discarding them </li></ul></ul><ul><ul><ul><li>Software writes random bits </li></ul></ul></ul><ul><ul><ul><li>Done at least seven times </li></ul></ul></ul><ul><ul><li>Discard computer manuals offsite </li></ul></ul><ul><ul><li>Shred documents before disposal </li></ul></ul>
  46. 46. The Art of Piggybacking <ul><li>Trailing closely behind an employee cleared to enter restricted areas </li></ul><ul><li>How it works: </li></ul><ul><ul><li>Watch authorized personnel enter an area </li></ul></ul><ul><ul><li>Quickly join them at security entrance </li></ul></ul><ul><ul><li>Exploit the desire of other to be polite and helpful </li></ul></ul><ul><ul><li>Attacker wears a fake badge or security card </li></ul></ul>
  47. 47. The Art of Piggybacking (continued) <ul><li>Prevention </li></ul><ul><ul><li>Use turnstiles </li></ul></ul><ul><ul><li>Train personnel to notify the presence of strangers </li></ul></ul><ul><ul><li>Do not hold secured doors for anyone </li></ul></ul><ul><ul><ul><li>Even for people you know </li></ul></ul></ul><ul><ul><li>All employees must use secure cards </li></ul></ul>

×