Ethical Hacking and

Countermeasures: Attack
Phases, Second Edition
Chapter 1
Introduction to Ethical Hacking
 Objectives

After completing this chapter, you should be able to:

• Understand the importance of information security
in today’s world
• Understand the elements of security
• Identify the phases of the hacking cycle
• Identify the different types of hacker attacks
• Understand hacktivism

Ethical Hacking and Countermeasures: © Cengage Learning 2017 2

Attack Phases, Second Edition
 Objectives

After completing this chapter, you should be able to

(cont’d):
• Understand ethical hacking
• Understand vulnerability research and identify tools
assisting in vulnerability research
• Identify steps for conducting ethical hacking
• Understand computer crimes and implications

Ethical Hacking and Countermeasures: © Cengage Learning 2017 3

Attack Phases, Second Edition
 Introduction to Ethical Hacking

• Hackers have various motivations for breaking into

secure systems
• Duty of system administrators and network security
professionals
– To guard their infrastructure against exploits by
knowing the enemies who seek to use the same
infrastructure for their own purposes
• One of the best ways to do this is to hire an ethical
hacker
– Someone who has all of the skills of a malicious
hacker, but is on the client’s side
Ethical Hacking and Countermeasures: © Cengage Learning 2017 4
Attack Phases, Second Edition
 Importance of Security

• Today, companies are completely networked,

exchanging information almost instantly
– Of utmost importance to secure assets from outside
threats
• Security policy
– Specification for how objects in a security domain
are allowed to interact
• There is an increased dependency on computers
– Any disruption in their operation or integrity can
mean the loss of time, the loss of money, and
sometimes even the loss of life
Ethical Hacking and Countermeasures: © Cengage Learning 2017 5
Attack Phases, Second Edition
 Threats and Vulnerabilities

• Vulnerability
– Weakness in a defined asset that could be taken
advantage of or exploited by some threat
• Threat
– Action or event that might compromise security
• Every vulnerability does not lead to an attack, and
all attacks do not result in success
• Factors that result in the success of an attack
– Degree of vulnerability, the strength of the attack,
and the extent to which countermeasures are
adopted
Ethical Hacking and Countermeasures: © Cengage Learning 2017 6
Attack Phases, Second Edition
 Attacks

• Target of evaluation
– Information resource or asset that is being protected
from attacks
• Attack
– Deliberate assault on that system’s security
• Attacks can be classified as
– Active – modify the target system
– Passive – violate the confidentiality of a system’s
data without affecting the state of that system
• Example: electronic eavesdropping

Ethical Hacking and Countermeasures: © Cengage Learning 2017 7

Attack Phases, Second Edition
 Attacks

• Attacks can also be categorized as inside or

outside attacks
– Inside – initiated from within a network by an
authorized user
– Outside – caused by an external intruder who does
not have authorization to access the network

Ethical Hacking and Countermeasures: © Cengage Learning 2017 8

Attack Phases, Second Edition
 Security Breaches

• Exploit
– A specific way to breach the security of an IT system
through a vulnerability
• Exposure
– A breach in security
– Can vary from one company to another, or even
from one department to another
• Imperative for organizations to address both
penetration and protection issues

Ethical Hacking and Countermeasures: © Cengage Learning 2017 9

Attack Phases, Second Edition
 Exposure

• Exposure
– Loss due to an exploit
• Examples of loss include
– Disclosure, deception, disruption, and usurpation
• Vulnerability is the primary entry point an attacker
can use to gain access to a system or to its data
– Once the system is exposed, an attacker can collect
confidential information with relative ease, and
usually erase his or her tracks afterwards

Ethical Hacking and Countermeasures: © Cengage Learning 2017 10

Attack Phases, Second Edition
 Elements of Security

• Security: the state of well-being of a system’s data

and infrastructure
• Assurance
– Confidence that the system will behave according to
its specifications

Ethical Hacking and Countermeasures: © Cengage Learning 2017 11

Attack Phases, Second Edition
 Accountability

• Accountability
– System administrators or concerned authorities need
to be able to know by whom, when, how and why
system resources have been accessed
– An audit trail or log files can address this

Ethical Hacking and Countermeasures: © Cengage Learning 2017 12

Attack Phases, Second Edition
 Reusability

• Reusability
– Generally, not all resources are available to all users
– Having access controls on predefined parameters
can help increase the level of security
– One user or program may not reuse or manipulate
objects that another user or program is currently
accessing in order to prevent violation of security
– Also known as availability

Ethical Hacking and Countermeasures: © Cengage Learning 2017 13

Attack Phases, Second Edition
 The Security, Functionality, and Ease
of Use Triangle

Figure 1-1 Moving toward security means moving away from functionality and ease of use

Ethical Hacking and Countermeasures: © Cengage Learning 2017 14

Attack Phases, Second Edition
 The Growth of Hacking

• Originally, hacking required extraordinary computer

skills
– Today there are automated tools and codes
available on the Internet that make it possible for
almost anyone to successfully hack a system
• A victim will often keep the attack secret
– For fear of losing the goodwill and faith of
employees, customers, and partners
• Critical to take countermeasures to prevent any
exploits that can result in loss

Ethical Hacking and Countermeasures: © Cengage Learning 2017 15

Attack Phases, Second Edition
 Phases of an Attack

• In general, there are five phases that make up an

attack:
1. Reconnaissance
2. Scanning
3. Gaining access
4. Maintaining access
5. Covering tracks

Ethical Hacking and Countermeasures: © Cengage Learning 2017 16

Attack Phases, Second Edition
 Phase 1 - Reconnaissance

• Reconnaissance
– Preparatory phase where an attacker gathers as
much information as possible about the target prior
to launching the attack
• Reconnaissance may involve social engineering
– Convincing other people to reveal information such
as unlisted phone numbers, passwords, etc.
• Dumpster diving
– Looking through an organization’s trash for any
discarded sensitive information

Ethical Hacking and Countermeasures: © Cengage Learning 2017 17

Attack Phases, Second Edition
 Phase 1 - Reconnaissance

• Reconnaissance types
– Passive: attacker does not interact with the system
directly
– Active: attacker interacts with the target system by
using tools to detect open ports, accessible hosts,
router locations, network mapping, details of
operating systems, and applications
• An ethical hacker must be able to distinguish
among various reconnaissance methods
– Advocate preventative measures

Ethical Hacking and Countermeasures: © Cengage Learning 2017 18

Attack Phases, Second Edition
 Phase 2 - Scanning

• Attacker uses the details gathered during

reconnaissance to identify specific vulnerabilities
• An attacker can gather critical network information,
such as the mapping of systems, routers, and
firewalls
– By using simple tools such as the Windows utility
Traceroute
• Port scanners can be used to detect listening ports
to find information about the nature of services
running on the target machine
• Vulnerability scanners: most commonly used tools
Ethical Hacking and Countermeasures: © Cengage Learning 2017 19
Attack Phases, Second Edition
 Phase 3 – Gaining Access

• Gaining access
– Where most of the damage is usually done, yet
hackers can cause damage without gaining any
access to the system
• Access can be gained locally, offline, over a LAN,
or over the Internet
• Spoofing
– Technique used to exploit the system be pretending
to be a legitimate user

Ethical Hacking and Countermeasures: © Cengage Learning 2017 20

Attack Phases, Second Edition
 Phase 3 – Gaining Access

• Smurf attacks
– Attempt to cause users on a network to flood each
other with data, making it appear as if everyone is
attacking each other
• A hacker’s chances of gaining access into a target
system are influenced by factors such as:
– Architecture and configuration of the target system
– Skill level of the perpetrator
– Initial level of access obtained

Ethical Hacking and Countermeasures: © Cengage Learning 2017 21

Attack Phases, Second Edition
 Phase 4 – Maintaining Access

• Attackers, who choose to remain undetected

– Remove evidence of their entry
– Install a backdoor or a Trojan to gain repeat access
– Install rootkits at the kernel level to gain full
administrator access to the target compute
• Hackers can use Trojans to transfer user names,
passwords, and any other information stored on the
system
• Organizations can use intrusion detection systems
or deploy traps known as honeypots and
honeynets to detect intruders
Ethical Hacking and Countermeasures: © Cengage Learning 2017 22
Attack Phases, Second Edition
 Phase 5 – Covering Tracks

• Attackers will usually attempt to erase all evidence

of their actions
• Trojans such as ps or netcat are often used to
erase the attacker’s activities from the system’s log
files
• Steganography
– Process of hiding data in other data, for instance
image and sound files
• Tunneling
– Takes advantage of the transmission protocol by
carrying one protocol over another
Ethical Hacking and Countermeasures: © Cengage Learning 2017 23
Attack Phases, Second Edition
 Phase 5 – Covering Tracks

• System administrators can deploy host-based IDS

(intrusion detection systems)
– In order to detect Trojans and compromised files and
directories
• As an ethical hacker
– You must be aware of tools and techniques that
attackers deploy in order to advocate and implement
countermeasures

Ethical Hacking and Countermeasures: © Cengage Learning 2017 24

Attack Phases, Second Edition
 Types of Hacker Attacks

• Hacker attacks can be categorized as:

– Operating system attacks
– Application-level attacks
– Shrink-wrap code attacks
– Misconfiguration attacks

Ethical Hacking and Countermeasures: © Cengage Learning 2017 25

Attack Phases, Second Edition
 Operating System Attacks
• Today’s operating systems contain many features,
making them increasingly complex
• Keeping up with latest patches and hotfixes can be
challenging with today’s complex networks
• Attackers are constantly looking for OS
vulnerabilities to exploit

Ethical Hacking and Countermeasures: © Cengage Learning 2017 26

Attack Phases, Second Edition
 Application-Level Attacks
• Software developers often do not have time to
completely test their products before shipping them
– Leaving undiscovered security holes
• Security is frequently delivered as an “add-on”
component after release
– Not all instances of the software will have the same
level of security
• Error checking can be very poor
– Which leads to buffer overflow attacks

Ethical Hacking and Countermeasures: © Cengage Learning 2017 27

Attack Phases, Second Edition
 Shrink-Wrap Code Attacks

• Software developers will often use free libraries

and code licensed from other sources in their
programs
– If vulnerabilities in that code are discovered, many
pieces of software are at risk
• Developers need to customize and fine-tune code
in order to make it more secure
– And different enough that the same exploit will not
work

Ethical Hacking and Countermeasures: © Cengage Learning 2017 28

Attack Phases, Second Edition
 Misconfiguration Attacks

• System administrators need to be careful when

configuring systems
– Create a simple, but usable configuration
– Remove all unnecessary services and software

Ethical Hacking and Countermeasures: © Cengage Learning 2017 29

Attack Phases, Second Edition
 Hacktivism

• Hacktivism
– When hackers break into government or corporate
computer systems as an act of protest
– Use it to increase awareness of their social or
political agendas
– Considered a crime, irrespective of intentions

Ethical Hacking and Countermeasures: © Cengage Learning 2017 30

Attack Phases, Second Edition
 Hacker Classes

• Black hats
– Use skills for illegal or malicious purposes
• White hats
– Use skills for defensive purposes
• Gray hats
– Believe in full disclosure (information is better out in
the open than kept in secret)
• Suicide hackers
– Hacktivists who are willing to become martyrs for
their cause
Ethical Hacking and Countermeasures: © Cengage Learning 2017 31
Attack Phases, Second Edition
 Ethical Hackers

• Ethical hackers
– Information security professionals who specialize in
evaluating and defending against threats from
attackers
– Use excellent computer skills to protect the integrity
of computer systems rather than hurting them
• Ethical hackers categories:
– Former black hats
– White hats
– Consulting firms

Ethical Hacking and Countermeasures: © Cengage Learning 2017 32

Attack Phases, Second Edition
 What Do Ethical Hackers Do?

• Ethical hacker’s evaluation of a client’s information

system security seeks answers to three basic
questions:
1. What can an attacker see on the target system?
2. What can an intruder do with that information?
3. Are the attackers’ attempts being noticed on the
target systems?
• Ethical hacker must convey to the client that it is
never possible to guard systems completely
– However, they can always be improved

Ethical Hacking and Countermeasures: © Cengage Learning 2017 33

Attack Phases, Second Edition
 Can Hacking Be Ethical?
• Today, the term hacking is closely associated with
illegal and unethical activities
• Most companies use IT professionals to audit their
systems for known vulnerabilities
• Ethical hackers usually employ the same tools and
techniques as attackers
– With the exception that once access is gained, no
damage is done
• Distinction between ethical hackers and crackers is
consent
– Crackers attempt to gain unauthorized access
Ethical Hacking and Countermeasures: © Cengage Learning 2017 34
Attack Phases, Second Edition
 Skills of an Ethical Hacker

• Ethical hackers must be computer experts

– Must have a strong grasp on programming and
networking
– Should be comfortable with installing and
maintaining systems using all popular OSs
• Ethical hackers must possess detailed knowledge
of both hardware and software
• Any ethical hacker must have plenty of patience
– Analysis stage consumes more time than the testing
stage

Ethical Hacking and Countermeasures: © Cengage Learning 2017 35

Attack Phases, Second Edition
 What is Vulnerability Research?

• Vulnerability research includes:

– Discovering system design faults and weaknesses
that might allow attackers to compromise a system
– Keeping informed of new products and technologies
in order to find news related to current exploits
– Checking underground hacking Web sites for newly
discovered vulnerabilities and exploits
– Checking newly released alerts regarding relevant
innovations and product improvements for security
systems

Ethical Hacking and Countermeasures: © Cengage Learning 2017 36

Attack Phases, Second Edition
 Why Hackers Need Vulnerability
Research?
• Reasons:
– To identify and correct network vulnerabilities
– To protect the network from being attacked
– To get information that helps to prevent security
issues
– To gather information about viruses and malware
– To find weaknesses in the network and to alert the
network administrator before a network attack
– To know how to recover from a network attack

Ethical Hacking and Countermeasures: © Cengage Learning 2017 37

Attack Phases, Second Edition
 Vulnerability Research Web Sites

• Vulnerability research web sites include:

– US-CERT (http://www.us-cert.gov)
– National Vulnerability Database (http://nvd.nist.gov)
– Securitytracker (http://www.securitytracker.com)
– SecuriTeam (http://www.securiteam.com)
– SecurityFocus (http://www.securityfocus.com)
– SCMagazine (http://www.scmagazine.com)

Ethical Hacking and Countermeasures: © Cengage Learning 2017 38

Attack Phases, Second Edition
 Conducting Ethical Hacking

• Each ethical hacking assignment has six basic

steps:
1. Talk with the client about the importance of security
and the necessity of testing
2. Prepare NDA (nondisclosure agreement)
documents and have the client sign them
3. Prepare an ethical hacking team and create a
schedule for testing
4. Conduct the test
5. Analyze the results and prepare the report
6. Deliver the report to the client
Ethical Hacking and Countermeasures: © Cengage Learning 2017 39
Attack Phases, Second Edition
 How Do They Go About It?

• Security testing involves three phases: preparation,

conduct, and conclusion
• After discussing security issues with the client, a
formal contract should be drawn up that contains
– NDA, to protect the client’s confidential data
– Clause stating that the ethical hacker has full
consent of the client to hack into their systems
• Conduct phase
– Two most common approaches:
• Limited vulnerability analysis
• Attack and penetration testing
Ethical Hacking and Countermeasures: © Cengage Learning 2017 40
Attack Phases, Second Edition
 How Do They Go About It?

• The needs of the client

– Clients will often prefer a limited vulnerability
analysis because they do not want to lose any data
or risk any unintended damage
– While conducting an evaluation, ethical hackers may
come across security holes that cannot be fixed
within the predetermined time frame
• Client should be warned of this
• Final phase is the conclusion phase
– A report is prepared for the client

Ethical Hacking and Countermeasures: © Cengage Learning 2017 41

Attack Phases, Second Edition
 Approaches to Ethical Hacking

• Ethical hacker will attempt attacks over various

channels:
– Remote network
– Remote dial-up network
– Local network
– Stolen equipment
– Social engineering
– Physical entry

Ethical Hacking and Countermeasures: © Cengage Learning 2017 42

Attack Phases, Second Edition
 Ethical Hacking Testing
• Approaches fall into one of three categories:
• Black box testing
– Ethical hacker is given no prior knowledge or
information about a system
• White box testing
– Ethical hacker is given full advance knowledge of the
system
• Gray box testing
– Internal testing performed by system administrator
and network professionals

Ethical Hacking and Countermeasures: © Cengage Learning 2017 43

Attack Phases, Second Edition
 Ethical Hacking Deliverables

• In the conclusion phase, the ethical hacker creates

a detailed report for the client
– Analyzing the possibility and impact of hacking
• Vulnerabilities that were detected are explained in
detail
– Along with specific recommendations to patch them
in order to bring about a permanent security solution
• Client may also solicit the participation of its
employees by asking them for suggestions or
observations during the course of the evaluation
• Final report should be delivered only in a hard copy
Ethical Hacking and Countermeasures: © Cengage Learning 2017 44
Attack Phases, Second Edition
 Computer Crimes and Implications

• Computer crimes can be separated into two

categories:
– Crimes facilitated by use of a computer
– Crimes where the computer is the target
• The Cyber Security Enhancement Act 2002 allows
life sentences for hackers who recklessly endanger
the lives of others
• For more information, visit the United States
Department of Justice’s Cyber Crime and
Intellectual Property section at
http://www.cybercrime.gov
Ethical Hacking and Countermeasures: © Cengage Learning 2017 45
Attack Phases, Second Edition
 Summary

• The importance of security in any network is often

underestimated
• Ethical hacking simulates a malicious attack
without trying to cause damage
• Hacking involves five distinct phases:
reconnaissance, scanning, gaining access,
maintaining access, and clearing tracks
• Vulnerability research can be done via several Web
sites

Ethical Hacking and Countermeasures: © Cengage Learning 2017 46

Attack Phases, Second Edition
 Summary

• Security testing involves three phases –

preparation, conduct, and conclusion
• Cyber crime is underreported, but taken very
seriously when it is

Ethical Hacking and Countermeasures: © Cengage Learning 2017 47

Attack Phases, Second Edition