Security Concepts

By | 19/03/2015

Basic concepts

  • Threat – An action or event that might reduce security
  • Threat Agent – A person who takes inappropriate action
  • Vulnerability – A weakness, design flaw or implementation error
  • Attack – An assault on a system
  • Exploit – A defined way to take advantage of a vulnerability
  • Hacker – a person who enjoys learning the details of a computer system and stretch their capabilities
  • Hacking – Rapid development of new programs or the reverse engineering of already existing software
  • Cracker – Refers to an attacker who uses hacking skills against organizations causing harm
  • Ethical Hacker – Security professionals who uses hacking skills for organizations to increase security
  • Penetration testing – Do what the attacker does before they do it to know the problem and fix it before it happens

Modes of Ethical Hacking:

  • Black-box – no prior knowledge
  • White-box – complete knowledge
  • Gray-box – access by insiders within the network

OSSTMM – Open Source Security Testing Methodology Manual – Created by ISECOM

Penetration testing methodology:

  • Discovery – Reconnaissance
  • Enumeration – Scanning
  • Mapping vulnerability – Find exploits
  • Exploiting – Gain & maintain control

CEH Phases:

  • Reconnaissance
  • Scanning
  • Gaining Access
  • Maintaining Access
  • Covering Tracks

Passwords

  • Password guessing
    • Consider account locks
    • Shoulder surfing
    • Dumpster diving
    • Social engineering
  • Password Attacks
    • Dictionary attack
    • Brute force attack
  • Password sniffing of the local segment

After getting access

  • Privilege escalation
  • Keystroke loggers
  • Covering Tracks (event viewer events for password guess)
  • Obtain SAM database – to get users and passwords
  • Hidden information
    • Alternate Data Streams – Information in the property fields
    • Stenography

DoS

Denial of service DoS – Attack to the availability of the resources

  • Bandwidth attacks
  • Protocol attacks
  • Logic attacks

Distributed DoS – Attack done from many hosts from many networks

Sustained attack – The attacker has many pools of hosts and it changes from one to the other before defense countermeasures are in place

DoS attack

  • Ping of Death – malformed ICMP
  • Land attack – same source and destination
  • Smurf attack – icmp to broadcast impersonating the victim
  • Fraggle attack – Smurf but using UDP
  • Syn flood – Initiating lots of TCP Handshakes

Hacking Web Servers and Web Applications

  • Webservers: ISS, Apache, Google, Ngix
  • Webserver applications: Sharepoint, CGI, ASP, PHP, Cold Fusion, JSP, ActiveX, Java, DCOM, VBScript, SQL
  • Webapplications common vulnerabilities: Unreliability of client side data, special characters not being escaped, OWASP Top 10

Code Injections

Languages susceptible to code injections: SQL, Hibernate, LDAP, XPath, XQuery, HTML, XML, XSLT, OS Commands, Shell commands

Steganography

Hide a message in another media in a way that other than source and destination don’t know that the message is being transmitted.