Is hacking something left up to the bad guys? Certainly not! This revised text helps you recognize any vulnerabilities that are lurking in your system, allowing you to fix them before someone else finds them.
Penetration testing, vulnerability assessments, security best practices, and other aspects of ethical hacking are covered in this book, including Windows 10 hacks, Linux hacks, web application hacks, database hacks, VoIP hacks, and mobile computing hacks. Additionally, you have access to free testing tools and an appendix detailing valuable tools and resources.
Ethical hacking entails thinking like the bad guys to identify any vulnerabilities that they might find in your system—and fixing them before they do. Also called penetration testing, ethical hacking is essential to keeping your system, and all of its data, secure. Understanding how to perform effective ethical hacking can improve the safety of your network. Defend your system—and all of the data it holds—against the latest Windows 10 and Linux hacks Develop an effective ethical hacking plan that keeps your system safe Protect your web applications, databases, laptops, and smartphones by going beyond simple hacking strategies Leverage the latest testing tools and techniques when using ethical hacking to keep your system secure.
Total books Book Summary Additional Information Learn to hack your own system to protect against malicious attacks from outside Is hacking something left up to the bad guys? Hacking Exposed Mobile. Hacking For Dummies, 5th Edition is a fully updated resource that guides you in hacking your own system to protect it—and it will become your go-to reference when ethical hacking is on your to-do list. Learn to hack your own system to protect against malicious attacks from outside Is hacking something left up to the bad guys?
Penetration testing, vulnerability assessments, security best practices, and other aspects of ethical hacking are covered in this book, including Windows 10 hacks, Linux hacks, web application hacks, database hacks, VoIP hacks, and mobile computing hacks. Additionally, you have access to free testing tools and an appendix detailing valuable tools and resources. Ethical hacking entails thinking like the bad guys to identify any vulnerabilities that they might find in your system and fixing them before they do.
Understanding how to perform effective ethical hacking can improve the safety of your network. Defend your system and all of the data it holds against the latest Windows 10 and Linux hacks Develop an effective ethical hacking plan that keeps your system safe Protect your web applications, databases, laptops, and smartphones by going beyond simple hacking strategies Leverage the latest testing tools and techniques when using ethical hacking to keep your system secure Hacking For Dummies, 5th Edition is a fully updated resource that guides you in hacking your own system to protect it and it will become your goto reference when ethical hacking is on your todo list.
Before you test, perform some manual searching. You can research websites and vulner- ability databases, such as these:. These sites list known vulnerabilities — at least the formally classified ones.
You can also find a list of commonly exploited vulnerabilities at www. You should manually assess certain systems such as web applications. The vulnerability reports in the preceding databases often disclose how to do this — at least generally. If you have a lot of free time, performing these tests manually might work for you. Many great vulnerability assessment scanners test for flaws on specific platforms such as Windows and Linux and types of networks either wired or wireless.
They test for specific system vulnerabilities and some focus. Some scanners can map out the business logic within a web application; others can map out a view of the network; others can help software developers test for code flaws.
One of my favorite security tools is a vulnerability scanner called Nexpose by Rapid7 www. As with most good security tools, you pay for Nexpose. Additional vulnerability scanners that work well include QualysGuard www. You must validate the vulnerabili- ties it reports.
Study the reports to base your recommendations on the con- text and criticality of the tested systems. Penetrating the System You can use identified security vulnerabilities to do the following:. Metasploit www. You might want to leave well enough alone by just demonstrating the existence of the vulnerabilities and not actually exploiting them. If you want to further delve into the ethical hacking methodology, I recom- mend you check out the Open Source Security Testing Methodology Manual www.
Find out how to look for the most common security flaws in a free article at www. Let the games begin! But where do you start? How about with your three Ps — your people, your physical systems, and your passwords? These are, after all, three of the most easily and commonly attacked targets in your organization. This part starts with a discussion of hacking people otherwise known as social engineering. It then goes on to look at physical security vulnerabilities.
This is a great way to get the ball rolling to warm you up for the more specific security tests later in the book. O ne of the most important aspects in determining how your organization is at risk is to find out what information is publically available about your business and your systems. Gathering this information is such an impor- tant part of your overall methodology that I thought the subject deserves a dedicated chapter.
In this chapter, I outline some free and easy ways to see what the world sees about you and your organization. Gathering this type of information is critical and often where most security breaches begin.
To see for yourself, the techniques outlined in the following sections can be used to gather information about your own organization. Social media Social media sites are the new means for businesses interacting online.
Perusing the following sites can provide untold details on any given business and its people:. Bing www. Google is my favorite. Entire books have been written about using Google, so expect any criminal hacker to be quite experienced in using this tool, including against you.
See Chapter 15 for more about Google hacking. This kind of search often reveals hundreds and some- times millions of pages of information — such as files, phone numbers, and addresses — that you never guessed were available. For example, if you want to find a certain word or file on your website, simply enter a line like one of the following into Google: site:www.
You can even do a generic filetype search across the entire Internet to see what turns up, such as this:. Use the preceding search to find Flash. Use the following search to hunt for PDF documents that might contain sensi- tive information that can be used against your business:. You can then inspect that copy of the website offline, digging into the following:. You can even enable web tarpitting in certain firewalls and intrusion preven- tion systems IPSs. However, crawlers and attackers that are smart enough can find ways around these controls.
I cover social engineering in Chapter 6. Websites The following websites may provide specific information about an organiza- tion and its employees:.
Mapping the Network As part of mapping out your network, you can search public databases and resources to see what other people know about your systems. Another commercial product called NetScanTools Pro www.
I cover this tool and others in more detail in Chapter 9. Government: www. I went to his website to check out his privacy policy. He had posted the brand and model of firewall he was using, along with other technical information about his network and system archi- tecture.
This type of information could certainly be used against him by the bad guys. Not a good idea. Social engineering is one of the toughest hacks to perpetrate because it takes bravado and skill to come across as trustworthy to a stranger.
They then take the information they obtain from their victims and wreak havoc on network resources, steal or delete files, and even commit corporate espionage or some other form of fraud against the organization they attack. Social engi- neering is different from physical security exploits, such as shoulder surfing and dumpster diving, but the two types of hacking are related and often are used in tandem.
Sometimes, social engineers act as confident and knowledgeable managers or executives. They also might pose as outsiders, such as IT consul- tants or maintenance workers.
Social engineers are great at adapting to their audience. It takes a special type of personality to pull this off, often resem- bling that of a sociopath. Effective information security — especially the security required for fighting social engineering — often begins and ends with your users. Other chapters in this book provide advice on technical controls that can help fight social engineering, but never forget that basic human communications and inter- action have a profound effect on the level of security in your organization at any given time.
The soft, chewy inside is the people and the processes inside the organization. If the bad guys can get past the thick outer layer, they can compromise the mostly defenseless inner layer. Starting Your Social Engineering Tests I approach the ethical hacking methodologies in this chapter differently than in subsequent chapters. Social engineering is an art and a science. Social engineering takes great skill to perform as a security professional. This is especially true when phishing tests are performed.
Plan things out and proceed with caution. You can perform social engineering attacks in millions of ways. Instead, I describe specific social engineering scenarios that have worked well for me and others. You can tailor these same tricks and tech- niques to your specific situation. An outsider to the organization might perform certain social engineering techniques such as physical intrusion tests best.
If you perform these tests against your own organization, acting as an outsider might be difficult if everyone knows you. You can outsource social engineering testing to an outside firm or even have a trusted colleague perform the tests for you. I cover the topic of outsourcing security and ethical hacking in Chapter Many social engineers perform their attacks slowly to avoid suspicion. Therein lies one of their greatest assets: time.
Social engineers often know a little about a lot of things — both inside and outside their target organizations — because this knowledge helps them in their efforts.
Thanks to social media such as LinkedIn, Facebook, and other online resources I discuss in in Chapter 5, every tidbit of information they need is often at their disposal. The more information social engineers gain about organizations, the easier it is for them to pose as employees or other trusted insiders. Understanding the Implications Many organizations have enemies who want to cause trouble through social engineering.
These people might be current or former employees seeking revenge, competitors wanting a leg up, or hackers trying to prove their worth. Regardless of who causes the trouble, every organization is at risk — espe- cially given the sprawling Internet presence of the average company. Larger companies spread across several locations are often more vulnerable given their complexity, but smaller companies can also be attacked.
Everyone, from receptionists to security guards to executives to IT personnel, is a potential victim of social engineering. Help desk and call center employees are especially vulnerable because they are trained to be helpful and forth- coming with information.
Social engineering has serious consequences. Effective social engineers can obtain the following information:. If any of the preceding information is leaked, financial losses, lowered employee morale, decreased customer loyalty, and even legal and regulatory compliance issues could result.
The possibilities are endless. Social engineering attacks are difficult to protect against for various reasons. For another, social engineers are limited only by their imaginations.
Also, because so many possible methods exist, recovery and protection are difficult after the attack. With social engineering, you never know the next method of attack.
I discuss how you can do this in the rest of this chapter. Building trust Trust — so hard to gain, yet so easy to lose. Trust is the essence of social engineering. Most people trust others until a situation forces them not to. People want to help one another, especially if trust can be built and the request for help seems reasonable. This trust allows social engineers to accomplish their goals. Of course, building deep trust often takes time. Crafty social engineers can gain it within minutes or hours.
How do they do it? Everyone loves courtesy. The friendlier social engineers are — without going overboard — the better their chances of getting what they want. Social engineers often begin to build a relationship by establishing common interests. They often use the information they gain in the research phase to determine.
They can phone victims or meet them in person and, based on informa- tion the social engineers have discovered about the person, start talking about local sports teams or how wonderful it is to be single again. They may even pose as vendors who do business with the organization. They often modestly claim authority to influence people. The most common social engineering trick is to do something nice so that the victim feels obligated to be nice in return or to be a team player for the organization.
Exploiting the relationship After social engineers obtain the trust of their unsuspecting victims, they coax the victims into divulging more information than they should. Whammo — the social engineer can go in for the kill. Deceit through words and actions Wily social engineers can get inside information from their victims in many ways. Of course, if the person is a sociopath or psychopath, your experience may vary. Psychology For Dummies by Adam Cash is a good resource for such complexities of the human mind.
Social engineers often do a favor for someone and then turn around and ask that person if he or she would mind helping them. This common social engi- neering trick works pretty well. This is where they offer help if a specific problem arises; some time passes, the problem occurs often by their doing , and then they help fix the problem — not unlike politicians in Washington, DC!
They may come across as heroes, which can further their cause. Social engineers might ask an unsuspecting employee for a favor. Yes — they just outright ask for a favor. Many people fall for this trap. Impersonating an employee is easy. This trick is an especially popular way of exploiting help desk and call center personnel. Deceit through technology Technology can make things easier — and more fun — for the social engi- neer.
Often, a malicious request for information comes from a computer or other electronic entity that the victims think they can identify. Fortunately, you can take a few countermeasures against this type of attack, as described in the next section. They might also do this on social networking sites, such as Facebook and Myspace.
Many spam and phishing messages also use this trick. They often dupe people into disclosing information they should never give in exchange for a gift.
The same tricks have occurred through instant messaging and cellphone messaging. Even viruses and worms can use social engineer- ing. For instance, the LoveBug worm told users they had a secret admirer. Victims then have their bank accounts emptied. Many computerized social engineering tactics can be performed anony- mously through Internet proxy servers, anonymizers, remailers, and basic SMTP servers that have an open relay.
Generally, social engineers discover the details on people, organizational processes, and infor- mation systems to perform their attacks. With this information, they know what to pursue. Social engineering attacks are typically carried out in four simple steps:. Perform research. Build trust. Exploit relationships for information through words, actions, or technology. Use the information gathered for malicious purposes. These steps can include numerous substeps and techniques, depending on the attack being performed.
Before social engineers perform their attacks, they need a goal. What do they want to accom- plish? What are the social engineers trying to hack? Do they want intel- lectual property, server passwords, or is it access they desire? In your efforts as a security professional performing social engineering, deter- mine this overall goal before you begin. Seeking information After social engineers have a goal in mind, they typically start the attack by gathering public information about their victim s.
I mention other warning signs to be aware of throughout the rest of this chapter. Regardless of the initial research method, all a criminal might need to pen- etrate an organization is an employee list, a few key internal phone num- bers, the latest news from a social media website, or a company calendar.
Chapter 5 covers more details on information gathering, but the following are worth calling out. You can find even more information in SEC filings at www. Criminals can pay just a few dollars for a comprehensive online background check on individuals, executives included. These searches turn up practically all public — and sometimes private — information about a person in minutes. This method involves liter- ally rummaging through trash cans for information about a company.
Dumpster diving can turn up even the most confidential of information because some people assume that their information is safe after it goes into the trash. These docu- ments often contain a wealth of information that can tip off the social engi- neer with information needed to penetrate the organization. Inexpensive shredders that shred documents only in long strips are basically worthless against a determined social engineer. With a. Hackers often gather confidential personal and business information from others by listening in on conversations held in restaurants, coffee shops, and airports.
People who speak loudly when talking on their cellphones are also a great source of sensitive information for social engineers. Airplanes are a great place for shoulder surfing and gathering sensitive information. You can hardly avoid it! See Chapter 7 for more on trash and other physical security issues, including countermeasures for protecting against dumpster divers. This trick works best after hours to ensure no one answers.
Social engineers can find interesting bits of information, at times, such as when their victims are out of town, just by listening to voicemail messages. Attackers can protect their identities if they can hide where they call from. Here are some ways they can hide their locations:. Disposable cell phones and VoIP services work quite well, however. However, all the attacker usually needs is the user guide and administrator password for the phone switch software.
You can perform your own phishing exercises. A more formal means for executing your phishing tests is to use a tool made specifically for the job. Social engineering will put your layered defenses to the true test. Never underestimate the power of social engineers — and that of your users and helping them get their way. These policies must be enforceable and enforced for everyone within the organization.
User awareness and training One of the best lines of defense against social engineering is training employ- ees to identify and respond to social engineering attacks. Align training and awareness with specific security policies — you may also want to have a dedicated security training and awareness policy. Consider outsourcing security training to a seasoned security trainer. Employees often take training more seriously if it comes from an outsider.
Similar to how a family member or spouse will ignore what you have to say but take the same words to heart if someone else says it. Outsourcing secu- rity training is worth the investment for that reason alone. While you approach ongoing user training and awareness in your organi- zation, the following tips can help you combat social engineering in the long term:.
Share the following tips with your users to help prevent social engineering attacks:. Various websites such as www. Also, be on the lookout for people claiming to know you or wanting to be your friend. Their intentions might be malicious. Train all employees how to handle each asset type. A good resource for information on destruction policies is www.
The Appendix lists my favorite security awareness trinkets and tool vendors to improve security awareness and education in your organization. I strongly believe that information security is more dependent on nontechnical policies and business processes than on the technical hardware and software solutions that many people and vendors swear by. Physical security, which is the protection of physical property, encom- passes both technical and nontechnical components, both of which must be addressed.
Your ability to secure your information depends on your ability to physical secure your office, building, or campus. In this chapter, I cover some common physical security weaknesses as they relate to comput- ers and information security that you must seek out and resolve. Instead, approach those areas to see how far you can get. You might discover holes in your physical security infrastructure that you had previously overlooked. In small companies, some physical security issues might not be a problem.
Many physical security vulnerabilities depend on such factors as:. Literally thousands of possible physical security weaknesses exist. The bad guys are always on the lookout for them — so you should look for these issues first. When these physical security vulnerabilities are uncovered, bad things can happen. All it takes to exploit these weaknesses is an unauthorized individual entering your building.
Above all, be practical and use common sense. Building infrastructure Doors, windows, and walls are critical components of a building — especially for a data center or an area where confidential information is stored. Attack points Criminals can exploit a handful of building infrastructure vulnerabilities. Consider the following commonly overlooked attack points:. If so, why? A simple kick near the doorknob is usually enough for standard doors. How resilient is the material to earthquakes, tornadoes, strong winds, heavy rains, and vehicles driving into the building?
Would these disasters leave the building exposed so that looters and others with malicious intent could gain access to the computer room or other critical areas? Is this glass clear? Is the glass shatterproof or bulletproof? If not, someone could easily scale walls, bypassing any door or window access controls. Countermeasures Many physical security countermeasures for building vulnerabilities might require other maintenance, construction, or operations experts.
If build- ing infrastructure is not your forte, you can hire outside experts during the design, assessment, and retrofitting stages to ensure that you have adequate controls. Here are some of the best ways to solidify building security:. Utilities You must consider building and data center utilities, such as power, water, generators, and fire suppression, when assessing physical security.
These utilities can help fight off incidents and keep other access controls running during a power loss. You have to be careful, though, as they can also be used against you if an intruder enters the building. Consider the following attack points, which are commonly overlooked:.
Can an intruder walk in and flip a switch? Can an intruder simply scale a wood fence or cut off a simple lock and access critical equipment? Do they fail open, allowing anyone through, or fail closed, keeping every- one in or out until the power is restored? Determine how a malicious intruder can abuse them. Are they accessible via a wireless or local network with default login credentials?
Are these devices placed where they can harm electronic equipment during a false alarm? Can digging in the area cut them easily? Countermeasures You might need to involve outside experts during the design, assessment, or retrofitting stages. The key is placement:. I once assessed the physical security of an Internet colocation facility for a very large computer company.
I made it past the front guard and tailgated through all the controlled doors to reach the data center. After I was inside, I walked by equipment that was owned by very large companies, such as servers, routers, firewalls, UPSs, and power cords. All this equipment was completely exposed to anyone walking in that area. A quick flip of a switch or. Office layout and usage Office design and usage can either help or hinder physical security.
Attack points Intruders can exploit various weaknesses around the office. Consider these attack points:. Are recycling bins or shredders used? Open recycling bins and other careless handling of trash are invitations for dumpster diving. If intruders can access these rooms, they can steal mail or company letterhead to use against you. They can also use and abuse your fax machine s , assuming you still have those!
Are regular keys, card keys, combi- nation locks, or biometrics used? Who can access these keys, and where are they stored? Find out how many people share these combinations and keys. I once came across a situation for a client where the front lobby entrance was unmonitored. This type of situation is easily prevented by disabling network connections in unmonitored areas if separate data and voice ports are used or if the voice and data traffic had been separated at the switch or physical network levels.
This is the simplest countermeasure. This person can ensure that every visitor signs in and that all new or untrusted visitors are always escorted. Make it policy and procedure for all employees to question strangers and report strange behavior in the building.
Employees Only or Authorized Personnel Only signs show the bad guys where they should go instead of deterring them from entering. Use electronic badges that can be better controlled and monitored instead. I cover this tool and more password hacks in Chapter 8. These devices allow a malicious intruder to connect back into the system via cellular connection to perform their dirty deeds. Practically every bit of unencrypted information that traverses the network can be recorded for future analysis through one of the following methods:.
A network analyzer is very hard to spot. I cover network analyzers capturing packets on switched Ethernet networks in more detail in Chapter 9. Hackers or malicious insiders with enough network knowledge and time can configure new firewall rules to do this.
During lunchtime? After hours? Are their hard drives encrypted in the event one is lost or stolen? Are they specifically rated for media to keep backups from melting during a fire? Who can access the safe? Safes are often at great risk because of their size and value. Are specific policies and technologies in place to help protect them? Are locking laptop bags required? Rogue access points are also some- thing to consider.
I cover wireless networks in more detail in Chapter This is not only a great way to allow intruders onto your network but it can also be used as a means for spreading malware. Countermeasures Network and computer security countermeasures are some of the simplest to implement yet the most difficult to enforce because they involve people and their everyday actions.
I cover this topic in Chapter 8. This is especially important for remote workers and travel- ers as well as in larger companies or locations that receive a lot of foot traffic. This is especially important in com- puter rooms. P assword hacking is one of the easiest and most common ways attack- ers obtain unauthorized network, computer, or application access. You often hear about it in the headlines, and study after study such as the Verizon Data Breach Investigations Report reaffirms that weak passwords are at the root of many security problems.
Although strong passwords — ideally, longer and stronger passphrases that are difficult to crack or guess — are easy to create and maintain, network administrators and users often neglect this. Therefore, passwords are one of the weakest links in the information security chain. Passwords rely on secrecy. External attackers and malicious insiders have many ways to obtain pass- words. They can glean passwords simply by asking for them or by looking over the shoulders of users shoulder surfing while they type their pass- words.
To obtain passwords from across a network, attackers can use remote cracking utilities, keyloggers, or network analyzers. This chapter demonstrates how easily the bad guys can gather password information from your network and computer systems. I outline common password vulnerabilities and describe countermeasures to help prevent these vulnerabilities from being exploited on your systems.
Understanding Password Vulnerabilities When you balance the cost of security and the value of the protected information, the combination of a user ID and a secret password is usually adequate. However, passwords give a false sense of security. The bad guys know this and attempt to crack passwords as a step toward breaking into computer systems. One big problem with relying solely on passwords for security is that more than one person can know them.
I explore each of these classifications in more detail in the following sections. Now that most computers have network connectivity, that protection is gone. This desire for convenience makes passwords one of the easiest barriers for an attacker to overcome.
The keys to strong passwords are: 1 easy to remember and 2 difficult to crack. Users like to use such passwords as password, their login name, abc, or no password at all! Unless users are educated and reminded about using strong passwords, their passwords usually are. When bad guys crack one pass- word, they can often access other systems with that same password and username.
Using the same password across multiple systems and websites is noth- ing but a breach waiting to happen. Do what you can to protect your own credentials and spread the word to your users about how this practice can get you into a real bind.
External attackers and malicious insiders can find these passwords and use them against you and your business. Technical password vulnerabilities You can often find these serious technical vulnerabilities after exploiting organizational password vulnerabilities:.
Hackers can break weak pass- word storage mechanisms by using cracking methods that I outline in this chapter. A persistent, patient attacker can usually crack this. After the code is cracked, it is distributed across the Internet and becomes public knowledge. Password cracking utilities take advantage of weak password encryp- tion. These utilities do the grunt work and can crack any password, given enough time and computing power. Cracking Passwords Password cracking is one of the most enjoyable hacks for the bad guys.
It fuels their sense of exploration and desire to figure out a problem. So where should you start testing the passwords on your systems? Administrator passwords are the pot of gold. With unauthorized adminis- trative access, you or a criminal hacker can do virtually anything on the system. For example, you can deceive users into divulging pass- words over the telephone or simply observe what a user has written down on a piece of paper.
Or you can capture passwords directly from a computer, over a network, and via the Internet with the tools covered in the follow- ing sections. These methods include using social engineering techniques such as phishing, shoulder surfing, and simply guessing passwords from information that he knows about the user. Social engineering takes advan- tage of the trusting nature of human beings to gain information that later can be used maliciously. A common social engineering technique is simply to con people into divulging their passwords.
It sounds ridiculous, but it happens all the time. Techniques To obtain a password through social engineering, you just ask for it. This is often how hackers and rogue insiders try to get the information! I have found that asking users to confirm their understanding and compliance with internal security policies by submitting their login credentials to a phishing website is all it takes.
If users give you their passwords during your testing, make sure that those passwords are changed. An easy way to do this is to force password changes for all users through the Windows domain. Countermeasures User awareness and consistent security training are great defenses against social engineering. Their best response is not to give out any information and to alert the appropriate information security manager in the organization to see whether the inquiry is legitimate and whether a response is necessary.
Techniques To mount this attack, the bad guys must be near their victims and not look obvious. An attacker with a good eye might even watch whether the user is glancing around his desk for either a reminder of the password or the password itself.
Security cameras or a webcam can even be used for such attacks. You can try shoulder surfing yourself. Countermeasures Encourage users to be aware of their surroundings and not to enter their passwords when they suspect that someone is looking over their shoulders. Inference Inference is simply guessing passwords from information you know about users — such as their date of birth, favorite television show, or phone num- bers.
So, you need a sound secu- rity policy and ongoing security awareness and training to remind users of the importance of secure password creation. Bypassing authentication On older operating systems such as Windows 9x that prompt for a pass- word, you can press Esc on the keyboard to get right in.
0コメント