Presentation is loading. Please wait.

Presentation is loading. Please wait.

EC-Council’s Certified Ethical Hacker (CEH) Richard Henson May 2012.

Published byErika Hubbard Modified over 8 years ago

Similar presentations

Presentation on theme: "EC-Council’s Certified Ethical Hacker (CEH) Richard Henson May 2012."— Presentation transcript:

1

2 EC-Council’s Certified Ethical Hacker (CEH) Richard Henson r.henson@worc.ac.uk May 2012

3 Session 1 This will cover: Structure of the course Principles of hacking ethically CEH ethical hackers toolkit and dummy client site “Footprinting” and reconnaissance Scanning networks

4 Certificate of Attendance Certificate achieved through: attending the seminars doing the “lab” exercises

5 CEH qualification Achieved through: certificate of attendance passing the examination (take any time at recognised Pearson or Vue centres) can retake… cost: approx £120

6 Ethical Hacking Principles Hacking is a criminal offence in the UK covered through The Computer Misuse Act (1990) tightened by further legislation (2006) It can only be done ”legally” by a trained (or trainee) professional a computing student would be considered in this context under the law

7 Ethical Hacking principles Even if it legal, doesn’t mean it is ethical! Professionals only hack without permission if there is reason to believe a law is being broken if not… they must ask permission otherwise definitely unethical (and possibly illegal)

8 Ethical Hacking Principles What is “hacking”? breaching a computer system without permission How is it done? using software tools to get through the security of the system also called penetration testing (if done with permission…)

9 Course Toolkit This course provides access to penetration testing tools Also a body of knowledge that shows how to use them… theory: covered by these slides practical: exercises provided; up to you to work through them Together, provide the expertise to penetration test a client’s site Dummy site: http://www.certifiedhacker.comhttp://www.certifiedhacker.com

10 Preparing to use the Toolkit You’ll need to install the following on a computer to do the exercises: Windows 2008 Server (basic os) running Hyper-V Windows 7 (as VM – Virtual Machine) Windows XP (as VM) Windows 2003 Server (as VM) Backtrack and Linux (as VM) All the Windows versions and virtual machine platform are available to download using MSDN Guidance in CEHintro.pdf file

11 Virtualisation (Hyper-V on Windows 2008 Server, Citrix, VMware, etc.) The use of software to allow a piece of hardware to run multiple operating system images at the same time Possible to run Windows OS under Mac OS run multiple versions of Windows OS on the same PC Enables the creation of a “virtual” (rather than actual) version of any software environment on the desktop, e.g. Operating Systems, a server, a storage device or networks, an application

12 What and Why of Footprinting Definition: “Gathering information about a “target” system” Could be Passive (non-penetrative) or active Find out as much information about the digital and physical evidence of the target’s existence as possible need to use multiple sources… may (“black hat” hacking) need to be done secretly

13 What to Gather Domain Names User/Group names System Names IP addresses Employee Details/Company Directory Network protocols used & VPN start/finish Company documents Intrusion detection system used

14 Rationale for “passive” Footprinting Real hacker may be able to gather what they need from public sources organisation needs to know what is “out there” Methodology: start by finding the URL (search engine) e.g. www.worc.ac.uk from main website, find other external-facing names e.g. staffweb.worc.ac.uk

15 Website Connections & History History: use www.archive.org: The Wayback Machine Connections: use robtex.com Business Intelligence: sites that reveal company details e.g. www.companieshouse.co.ukwww.companieshouse.co.uk

16 More Company Information… “Whois” & CheckDNS.com: lookups of IP/DNS combinations details of who owns a domain name details of DNS Zones & subdomains Job hunters websites: e.g. www.reed.co.ukwww.reed.co.uk www.jobsite.co.uk www.totaljobs.com

17 People Information Company information will reveal names Use names in search engines Facebook LinkedIn Google Earth reveals: company location(s)

18 Physical Network Information (“active” footprinting or phishing) External “probing” should be detectable by a good defence system… (could be embarrassing!) e.g. Traceroute: Uses ICMP protocol “echo” no TCP or UDP port reveals names/IP addresses of intelligent hardware: e.g. Routers, Gateways, DMZs

19 Email Footprinting Using the email system to find the organisation’s email names structure “passive” monitor emails sent IP source address structure of name “active” email sending programs : test whether email addresses actually exist test restrictions on attachments

20 Utilizing Google etc. (“passive”) Google: Advanced Search options: Uses [site:] [intitle:] [allintitle:] [inurl:] In each case a search string should follow e.g. “password” Maltego graphical representations of data

21 Network Layers and Hacking Schematic TCP/IP stack interacting at three of the 7 OSI levels (network, transport, application): TELNETFTP NFSDNS SNMP TCP UDP IP SMTP X XX X X X ports

22 TCP & UDP ports Hackers use these to get inside firewalls etc. Essential to know the important ones: 20, 21 ftp80 http389 Ldap 22 ssh88 Kerberos443 https 23 telnet 110 pop3636 Ldap/SSL 25 smtp135 smb 53 dns137-9 NetBIOS 60 tftp161 snmp

23 Reconnaissance/Scanning Three types of scan: Network (already mentioned) identifies active hosts Port send client requests until a suitable active port has been found… Vulnerability assessment of devices for weaknesses that can be exploited

24 Scanning Methodology Check for Live Systems Check for open ports “Banner Grabbing” Scan for vulnerabilities Draw Network diagram(s) Prepare proxies…

25 Now you try it! Download software through MSDN Set up your ethical hacking toolkit Go through lab 1 Gather evidence that you’ve done the lab Bring evidence to the June meeting…

Download ppt "EC-Council’s Certified Ethical Hacker (CEH) Richard Henson May 2012."

Similar presentations

Instructor & Todd Lammle

Instructor & Todd Lammle
System Security Scanning and Discovery Chapter 14.

System Security Scanning and Discovery Chapter 14.
ITP 457 Network Security Network Hacking 101. Hacking Methodology (review) 1. Gather target information 2. Identify services and ports open on the target.

ITP 457 Network Security Network Hacking 101. Hacking Methodology (review) 1. Gather target information 2. Identify services and ports open on the target.
SESSION 9 THE INTERNET AND THE NEW INFORMATION NEW INFORMATIONTECHNOLOGYINFRASTRUCTURE.

SESSION 9 THE INTERNET AND THE NEW INFORMATION NEW INFORMATIONTECHNOLOGYINFRASTRUCTURE.
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.
Hands-On Ethical Hacking and Network Defense Second Edition Chapter 6 Enumeration.

Hands-On Ethical Hacking and Network Defense Second Edition Chapter 6 Enumeration.
TCP/IP Tools Lesson 5. Objectives Skills/ConceptsObjective Domain Description Objective Domain Number Using basic TCP/IP commands Understanding TCP/IP3.6.

TCP/IP Tools Lesson 5. Objectives Skills/ConceptsObjective Domain Description Objective Domain Number Using basic TCP/IP commands Understanding TCP/IP3.6.
Click to edit Master subtitle style Chapter 17: Troubleshooting Tools Instructor:

Click to edit Master subtitle style Chapter 17: Troubleshooting Tools Instructor:
Penetration Testing.

Penetration Testing.
1 Chapter 6 Network Security Threats. 2 Objectives In this chapter, you will: Learn how to defend against packet sniffers Understand the TCP, UDP, and.

1 Chapter 6 Network Security Threats. 2 Objectives In this chapter, you will: Learn how to defend against packet sniffers Understand the TCP, UDP, and.
Chapter Eleven An Introduction to TCP/IP. Objectives To compare TCP/IP’s layered structure to OSI To review the structure of an IP address To look at.

Chapter Eleven An Introduction to TCP/IP. Objectives To compare TCP/IP’s layered structure to OSI To review the structure of an IP address To look at.
CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.

CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.
IT 210 The Internet & World Wide Web introduction.

IT 210 The Internet & World Wide Web introduction.
Packet Filtering. 2 Objectives Describe packets and packet filtering Explain the approaches to packet filtering Recommend specific filtering rules.

Packet Filtering. 2 Objectives Describe packets and packet filtering Explain the approaches to packet filtering Recommend specific filtering rules.
CHAPTER 2 PCs on the Internet Suraya Alias. The TCP/IP Suite of Protocols Internet applications – client/server applications The client requested data.

CHAPTER 2 PCs on the Internet Suraya Alias. The TCP/IP Suite of Protocols Internet applications – client/server applications The client requested data.
Network Protocols. Why Protocols?  Rules and procedures to govern communication Some for transferring data Some for transferring data Some for route.

Network Protocols. Why Protocols?  Rules and procedures to govern communication Some for transferring data Some for transferring data Some for route.
Chapter 10 Intro to Routing & Switching.  Upon completion of this chapter, you should be able to:  Explain how the functions of the application layer,

Chapter 10 Intro to Routing & Switching.  Upon completion of this chapter, you should be able to:  Explain how the functions of the application layer,
1 Reconnaissance, Network Mapping, and Vulnerability Assessment ECE4112 – Internetwork Security Georgia Institute of Technology.

1 Reconnaissance, Network Mapping, and Vulnerability Assessment ECE4112 – Internetwork Security Georgia Institute of Technology.
Chapter 9.

Chapter 9.
Chapter 6: Packet Filtering

Chapter 6: Packet Filtering

Similar presentations

Ads by Google