EC-Council
Ethical Hacking Workshop
Ethical Hacking
Presented by:
Name of Speaker
Certified Ethical Hacker
Institute Name
To Stop a Hacker is to Think Like One!
EC-Council
Background

Seminar Objectives
•
Provide insight into current efforts and future plans
for network security.
•
Provide helpful perspective on nature of today’s
Internet security risk
•
Provide guidelines to achieving goals.
•
Demonstrations of tools used by hackers
EC-Council
Presentation Outline

Part 1: Threats to Security

Part 2: Performing a Risk Assessment

Part 3: Hacker Technologies


Part 4: Buffer Overflow Exploits

Part 5: Firewalls

Part 6: Denial of Service and Trojans

Part 7: Security Policy

Part 8: How to Handle an Attack?

Part 9: Educational Resources
EC-Council
Why Security

90% of large companies & govt. agencies had computer
security breaches in 2001

Three-quarters suffered financial losses

Most frequent problems
•
Computer viruses (85%)
•
Abuse of Internet access (79%)
•
Web-site vandalism (64%)
Source: 2002 CSI/FBI Computer Crime and Security Survey
EC-Council
External threats, such
as social engineering

or viruses
Internal threats, such as
internal attacks or code
vulnerabilities
Threats to Security
EC-Council
Addressing Internal Threats

Failure to update hotfixes and security patches

Blank or weak passwords

Default installation with unnecessary services
Internal attacks
Restricted Area
of Network
EC-Council
External Threats
Organizational
Attacks
Acquire confidential
information to gain a business
or competitive advantage
Organizational
Attacks
Bypasses Technology to
gain network access
Social
Engineering
Organizational

Attacks
Social
Engineering
Automated
Attacks
Uses software to gain
network access
Organizational
Attacks
Social
Engineering
Automated
Attacks
Denial of
Service (DoS)
User
Connection Fails
Blocks access to data
or services
DoSDoS
Organizational
Attacks
Social
Engineering
Denial of
Service (DoS)
Automated
Attacks
Viruses,
Trojan Horses,

and Worms
Harmful code, malicious
programs, self replicating
Organizational
Attacks
Social
Engineering
Denial of
Service (DoS)
Automated
Attacks
Viruses, Trojan Horses,
and Worms
Improper permissions can
result in access to restricted
data
Accidental Breaches
In Security
Restricted
Data
FC
Organizational
Attacks
Social
Engineering
Viruses, Trojan Horses,
and Worms
Denial of
Service (DoS)
Automated

Attacks
Accidental Breaches
in Security
EC-Council
General Prevention

Test and apply service packs and hotfixes

Run and maintain antivirus software

Run an intrusion detection system at the perimeter to
your network

Block all messages containing Readme.exe or
Admin.dll attachments

Reinstall infected systems
EC-Council

Microsoft Outlook e-mail security update
•
Blocks common script and executable extensions
•
Disables active scripting
•
Warns users about attempts to access
the Outlook address book or send e-mail

Internet Explorer service packs for Microsoft Outlook Express
•

Internet Explorer 5.01 SP2
•
Internet Explorer 5.5 SP2
•
Internet Explorer 6 (full installation required on upgrades)
Protecting E-Mail
EC-Council
Protecting Web Servers

Apply the latest hotfixes

Install the latest service pack

Install the security roll-up packages

Remove unnecessary IIS components

Install UrlScan with the default rule set
Internet
Information Service
Internet
Information Service
EC-Council
Protecting File Servers

Remove unnecessary file shares

Use an AGDLP or AGUDLP Strategy

Assign the minimum required permissions


Enforce complex passwords
EC-Council
Microsoft Strategic Technology
Protection Program

Two-phase program that integrates Microsoft
products, services, and support
•
Phase 1: Get Secure
•
Phase 2: Stay Secure
EC-Council
Phase 1: Get Secure

The Microsoft Security Tool Kit
•
Contains tools that provide a baseline level of security for
servers that are connected to the Internet.
•
Provides support for Windows NT 4.0 and Windows 2000.

Toll-free virus support
EC-Council
Phase 2: Stay Secure

Worldwide security-readiness events

Tools, updates, and patches
•

Enterprise security tools
•
Windows Update auto-update functionality
•
Bimonthly product roll-up patches

Consulting engagements
EC-Council
Part 2: Performing a Risk Assessment
EC-Council
Strategies to Manage Risk
Avoidance
Avoidance
Mitigation
Mitigation
Contingency
Plans
Contingency
Plans
Acceptance
Acceptance
Risk
Risk
EC-Council
Analyzing Risk
1. Identify
Resources
1. Identify
Resources
5. Review

Plan
5. Review
Plan
4. Implement
Security
Measures
4. Implement
Security
Measures
3. Calculate
Exposure
3. Calculate
Exposure
2. Identify
Threats
2. Identify
Threats
EC-Council
Identifying the Resources to Protect
Hardware
Hardware
Software
Software
Data
Data
People
People
Documentation
Documentation
1. Identify

Resources
1. Identify
Resources
EC-Council
Identifying the Threats to Resources
Viruses, Trojan
Horses,
and Worms
Social
Engineering
Automated
Attacks
Accidental
Breaches in
Security
Denial of
Service (DoS)
Organizational
Attacks
Restricted
Data
2. Identify
Threats
2. Identify
Threats
EC-Council
Calculating Exposure

Example
•

A security risk to data valued at $500,000 has a
75% probability of occurring
•
Multiply 75% x $500,000 to calculate a $375,000
exposure value.

Rank risks to an organization based on
exposure value
–
Exposure = Probability x Impact
–
Exposure = Probability x Impact
3. Calculating
Exposure
3. Calculating
Exposure
EC-Council
External Attacks Most Frequent

Greater use of
Internet

Tools & techniques
evolve to enable new
opportunities for
attack
Source: 2000 CSI/FBI Computer Crime and Security Survey
Frequent Points of Attack
38
59

0 20 40 60 80
Internal
systems
Internet
connection
Percent of respondents
EC-Council
password
guessing
self-replicating
code
password
cracking
exploiting
known
vulnerabilities
disabling
audits
back
doors
hijacking
sessions
sniffer /
sweepers
stealth
diagnostics
packet forging /
spoofing
GUI
Hacking

Tools
Average
Intruder
1980 1985 1990 1995
Relative Technical Complexity
Source: GAO Report to Congress, 1996
20-Year Trend: Stronger Attack Tools
EC-Council
Trend Has Continued
Windows
Remote
Control
Stacheldraht
Trinoo
Melissa
PrettyPark
1998 1999 2000
?
DDoS
Insertion
Tools
Hacking
Tools
Kiddie
Scripter
2001
Relative Technical Complexity
EC-Council
Part 3: Hacker Technologies