Ethical hacking and its role to

Business Continuity

!@ #
 Ethical Hacking - ?

Incident Reports

Business Continuity Management

Business Vulnerabilities & Exploits

Ethical Hacking - Process

Ethical Hacking – Commandments

Case Studies

2
!@ #
What is Ethical Hacking
Also Called – Attack & Penetration Testing,
White-hat hacking, Red teaming

Hacking

Process of breaking into systems for:

Personal or Commercial Gains
Malicious Intent – Causing sever damage to Information & Assets

Ethical
Conforming to accepted professional standards of conduct

Black-hat – Bad guys White-hat - Good Guys

3
!@ #
What is Ethical Hacking
 It is Legal
 Permission is obtained from the target
 Ethical hackers possesses same skills, mindset
and tools of a hacker but the attacks are done in
a non-destructive manner

4
!@ #
Why – Ethical Hacking
2008

Defacement Statistics for Indian Websites

Source: CERT-India

5
!@ #
Why – Ethical Hacking

Source: CERT India

6
!@ #
Business Continuity Management
 A process of evaluation of the impacts
which would have the greatest effect on
the ability of a firm to continue trading.

7
!@ #
 Steps in BCM
Assess Architect Align
Assure

8
!@ #
Vulnerabilities of Business

 Internal

 External

9
!@ #
Vulnerabilities of Business
Social
Engineering
Automated
Organizational Attacks
Attacks

Restricted
Data

Accidental
Breaches in
Security Denial of
Viruses, Trojan Service (DoS)
Horses,
and Worms
10
!@ #
 VULNERABILITIES EXPLOITED….

11
!@ #
 The Melissa virus
 Written by David Smith spread to more
than 300 companies across the world
completely destroying their computer
networks.
 Damages reported amounted to nearly
$400 million

12
!@ #
 MafiaBoy
 Hacked eBay, Amazon and Yahoo
between February 6 and Valentine's Day in
2000.

 He gained access to 75 computers in 52

networks, and ordered a Denial of Service
attack

 Damages reported: 90 million $

13
!@ #
 “Logic Bomb"
 Timothy Lloyd planted six lines of
malicious software code in the computer
network of Omega Engineering.

 Deleted all software running in the

network

 Affected Networks: NASA and the US Navy

 Damage reported: 10 million $

14
!@ #
 SQL INJECTION
 Russian Vladimir Levin used Sql Injection to
steal credit cards info,
admin pass,
transfer money from different accounts.

Target Bank: CitiBank US

Damage Report: 10 million $

15
!@ #
 The Solution

 An Ethical hacker

16
!@ #
Ethical Hacking - Process
1. Preparation
2. Footprinting
3. Enumeration & Fingerprinting
4. Identification of Vulnerabilities
5. Attack – Exploit the Vulnerabilities
6. Reports

17
!@ #
 Preparation

 Identification of Targets – company websites,

mail servers, extranets, etc.

 Signing of Contract
 Agreement on protection against any legal issues
 Contracts to clearly specifies the limits and dangers of
the test

18
!@ #
 Footprinting
Collecting as much information about the target
 DNS Servers
 IP Ranges

Information Sources
 Search engines
 Forums
 Tools – PING, whois, Traceroute, DIG, nslookup,
sam spade

19
!@ #
 Enumeration & Fingerprinting
 Specific targets determined
 Identification of Services / open ports
 Operating System Enumeration

20
!@ #
Identification of Vulnerabilities
Vulnerabilities

 Insecure Configuration
 Weak passwords
 Possible Vulnerabilities in Services,
Operating Systems
 Insecure programming
 Weak Access Control

21
!@ #
Identification of Vulnerabilities
Methods
 Weak Passwords – Default Passwords, Brute
force, Social Engineering, Listening to Traffic
 Insecure Programming – SQL Injection, Listening
to Traffic
 Weak Access Control – Using the Application
Logic

22
!@ #
Identification of Vulnerabilities
Tools
Vulnerability Scanners – Angry ip scanner, SAINT, Super Scan
Listening to Traffic – Ethercap, tcpdump
Password Crackers – John the ripper, LC4, Pwdump
Intercepting Web Traffic – Achilles, Whisker, Legion

23
!@ #
Attack – Exploit the vulnerabilities
 Obtain as much information (trophies) from the
Target Asset
 Gaining Normal Access
 Exploiting privileges
 Obtaining access to other connected systems

Denial of Service

24
!@ #
Attack – Exploit the vulnerabilities
Application Specific Attacks
 Exploiting implementations of HTTP, SMTP
protocols
 Gaining access to application Databases
 SQL Injection

25
!@ #
Reporting
 Methodology
 Exploited Conditions & Vulnerabilities that
could not be exploited
 Proof for Exploits
 Practical Security solutions

26
!@ #
Ethical Hacking - Commandments
 Working Ethically
 Trustworthiness
 Misuse for personal gain
 Respecting Privacy
 Not Crashing the Systems

27
!@ #
 CASE STUDIES

28
!@ #
 PIVOT POINT SECUIRITY(US)
 Client Organization finds unusual data transfer
from its servers amounting to GBs per week.

 Client Organization hires PPS Principal security

analyst Mr. John Verry, to check the
vulnerabilities of the server and its integrity.

 A meeting takes place between the client org and

the PPS regarding the reconfirmation of the
norms to be followed for the penetration test and
noting any information available from the clients
side.
29
!@ #
 Nmap software was used to check the open ports for FTP
servers..

 Unexpected results poped out.. Instead of port 21 to be

open, another 4 ports were found open.

 Port 14120 was running another FTP Server, which was not
stated in the ports usage of the organization.

 After analyzing the traffic on the port using the software

“Whisker” it was found that adult content was uploaded in
the organizations servers as hidden files and downloaded
on demand using the FTP server.

 Before providing the information to the client the data was

authenticated by the forensic dept to be genuine.

30
!@ #
 Encase Software was used to get a image of the server
hard drives that was sent to the forensic dept.

 On submission of the Report the client organization

requested to find the source of the hack.

 To the request, John retrieved the username and password

saved in the log files in the clients server, and searched for
it in the IRC and found a match..

 Then using the IP tracer software over the IRC on the

traffic sent and received by the associated username, his
ISP was identified.

 Then Contacting the ISP, and providing them the

information about the IP and time, the user of the line was
revealed.

 The data was again authenticated and submitted to the

client.

31
!@ #
Reporting agencies, suggested by PPS

32
!@ #
 Recommendations provided.

33
!@ #
 Benefits:
 Saved Bandwidth of the Clients org.
 Saved the Client from getting exposed to
host adult content in their official servers.
 System Vulnerabilities exposed.
 System Vulnerabilities rectified.
 Helped in their Business Continuity.

34
!@ #
 Use of activity Monitor to track
employee activities

35
!@ #
 References
Cert in
Reuters (us,uk)
TechRepublic
Ieee.org
Cc parmer, “Ethical hacking” IBM Journals.
www.ethicalhacker.net
Wikipedia.org
Hackmysite.org
Netsecuirity.about.com
36
!@ #
 Questions???

37
!@ #