Upload
phungthu
View
234
Download
0
Embed Size (px)
Citation preview
Thomas Kemmerich
Hacking - Network Security Introduction0. introduction
BaSoTi 2016 - Tallinn 1
Hacking
Information Security
A practical course in Ethical Hacking
1
Thomas Kemmerich
Hacking - Network Security Introduction0. introduction
BaSoTi 2016 - Tallinn 2
Thomas Kemmerich, PHD Associated Professor NTNU i Gjøvik Norway E-mail: [email protected] Tel. +47 611 35229
Teaching:Computer Networks, Network Security, Computer Forensicsand Ethical Hacking
Research:Networks, Cloud Security and Digital Forensic Readiness
201-Hacking-Network-Security - 25 July 2016
Thomas Kemmerich
Hacking - Network Security Introduction0. introduction
BaSoTi 2016 - Tallinn 3
CCIS: Center for Cyber and Information Security Opening Conference 15. August 2014 in Gjøvik
20 Professor only for Information Security up to 35 PhD Students biggest centre for Cyber and Information Security in Europe
3
Thomas Kemmerich
Hacking - Network Security Introduction0. introduction
BaSoTi 2016 - Tallinn 4
401-Hacking-Network-Security - 25 July 2016
Thomas Kemmerich
Hacking - Network Security Introduction0. introduction
BaSoTi 2016 - Tallinn 5
COINS:School of Computer and Information Security PhD-Program is part of CCIS
CCIS: Center for Cyber and Information Security Opening Conference 15. August 2014 in Gjøvik
20 Professor only for Information Security up to 50 PhD Students biggest centre for cyber crime and Information Security in Europe
5
Thomas Kemmerich
Hacking - Network Security Introduction0. introduction
BaSoTi 2016 - Tallinn 6
601-Hacking-Network-Security - 25 July 2016
Thomas Kemmerich
Hacking - Network Security Introduction0. introduction
BaSoTi 2016 - Tallinn 7
Informatio
n Security
7
Thomas Kemmerich
Hacking - Network Security Introduction0. introduction
BaSoTi 2016 - Tallinn 8
Ethical Hacking
801-Hacking-Network-Security - 25 July 2016
Thomas Kemmerich
Hacking - Network Security Introduction0. introduction
BaSoTi 2016 - Tallinn 9
Who has experience in Hacking?
What was the intention do do it?
Which tools did you use?
What where the results?
‘This slides are produced according to the lecture ‘Ethical Hacking!’ from Lasse Øverlier, Høgskolen i Gjøvik
9
Thomas Kemmerich
Hacking - Network Security Introduction0. introduction
BaSoTi 2016 - Tallinn 10
General Behaviour (Ethics)• usage of knowledge and tools only for GOOD
• usage of knowledge and tools only: with your own systems and networks or with systems and networks you are allowed to investigate, proofed by a written agreement
Don’t use your knowledge or tools just for fun!!Do only things you understand!!
‘This slides are produced according to the lecture ‘Ethical Hacking!’ from Lasse Øverlier, Høgskolen i Gjøvik
1001-Hacking-Network-Security - 25 July 2016
Thomas Kemmerich
Hacking - Network Security Introduction0. introduction
BaSoTi 2016 - Tallinn 11
By default:• “Ethical Hacking” is Hacking (Pentesting)
• “Unethical Hacking” is Cracking
This is very often mixed
11
Thomas Kemmerich
Hacking - Network Security Introduction0. introduction
BaSoTi 2016 - Tallinn 12
Literature:
• The Basics of Hacking and Penetration TestingEthical Hacking and Penetration Testing Made Easy Patrick Engebretson, Elsevier, 2011
• Web Penetration Testing with Kali Linux Joseph Muniz, Aamir Lakhanihttp://it-ebooks.info/book/3000/
• Gray Hat Hacking- The Ethical Hacker's Handbook, 4th Edition, 2015, Regaldo et al.
1201-Hacking-Network-Security - 25 July 2016
Thomas Kemmerich
Hacking - Network Security Introduction0. introduction
BaSoTi 2016 - Tallinn 13
Literature:• Kali Linux
www.kali.org
• aircrackhttp://www.aircrack-ng.org/
• kismethttp://www.kismetwireless.net/documentation.shtml
• nmap http://nmap.org/book/man.html
13
Thomas Kemmerich
Hacking - Network Security Introduction0. introduction
BaSoTi 2016 - Tallinn 14
Course Structure:
• Lectures of the theoretical aspects • Practical Hacking
- planning - hacking exercise- documentation
• Discussion about the process
1401-Hacking-Network-Security - 25 July 2016
Thomas Kemmerich
Hacking - Network Security Introduction0. introduction
BaSoTi 2016 - Tallinn 15
Course Exams:
• Part 1: Planing Report • Part 2: Hacking Report • Part 3: Written Exam
15
Thomas Kemmerich
Hacking - Network Security Introduction0. introduction
BaSoTi 2016 - Tallinn 16
Pactical Pentesting:
• working in groups of five students
• writing your plan and report group wise
• cooperation between groups: YESsame plan and report (wording) in different groups: No == F
• sending the plan or report after deadline will not be accepted
1601-Hacking-Network-Security - 25 July 2016
Thomas Kemmerich
Hacking - Network Security Introduction0. introduction
BaSoTi 2016 - Tallinn 17
Exam:1. Part: Plan and Report of your Hacking experiment here in this course:- Plan What is the goal of your pen testing How will you reach the goal Step by step plan including a rough timeline (here are not only technical aspects relevant)
33,3% of the grade
Delivery date: 04.08.2016, 0:00 by email [email protected]
1-2 pages
17
Thomas Kemmerich
Hacking - Network Security Introduction0. introduction
BaSoTi 2016 - Tallinn 18
Exam:2. Part: Plan and Report of your Hacking experiment here in this course:- Report What did you do? What kind of difficulties did appear? Results of each step Overall description of the Pentest What would you improve next time?
33,3% of the grade
Delivery date: 06.8.2016, 0:00 by email [email protected]
max. 2-3 pages
1801-Hacking-Network-Security - 25 July 2016
Thomas Kemmerich
Hacking - Network Security Introduction0. introduction
BaSoTi 2016 - Tallinn 19
Exam:3. Part: - Written exam:
3-4 questions about the concepts of ‘Ethical Hacking’
Sunday, 8. of August
33,3% of the grade
19
Thomas Kemmerich
Hacking - Network Security Introduction0. introduction
BaSoTi 2016 - Tallinn 20
Information Security Basics
from Basel Katt, NTNU, Norway
• (Data) Confidentiality: The property that information is not made available or disclosed to unauthorized individuals, entities, or processes [i.e., to any unauthorized system entity].
• (Data) Integrity:The property that data has not been changed, destroyed, or lost in an unauthorized or accidental manner.
• Availability:The property of a system or a system resource being accessible and usable upon demand by an authorized system entity, according to performance specifications for the system; i.e., a system is available if it provides services according to the system design whenever users request them.
2001-Hacking-Network-Security - 25 July 2016
Thomas Kemmerich
Hacking - Network Security Introduction0. introduction
BaSoTi 2016 - Tallinn 21
Information Security BasicsTerminology based on RFC 2828• Vulnerability:
A flaw or weakness in a system's design, implementation, or operation and management that could be exploited to violate the system's security policy.
• Threat:A potential for violation of security, which exists when there is a circumstance, capability, action, or event that could breach security and cause harm. I.e., a threat is a possible danger that might exploit a vulnerability.
21
Thomas Kemmerich
Hacking - Network Security Introduction0. introduction
BaSoTi 2016 - Tallinn 22
Information Security BasicsTerminology based on RFC 2828
• Attack: An assault on the system that derives form an intelligent threat i.e., an intelligent act that is deliberate attempt to evade security services and violate the security policy of a system.
• Risk: An expectation of loss expressed as the probability that a particular threat will exploit a particular vulnerability with a particular harmful result.
2201-Hacking-Network-Security - 25 July 2016
Thomas Kemmerich
Hacking - Network Security Introduction0. introduction
BaSoTi 2016 - Tallinn 23
Information Security BasicsTerminology based on RFC 2828
• Adversary: An entity that attacks, or is a threat to a system
• Countermeasure: An action, device, procedure, technique that reduces a threat, a vulnerability, or an attack by eliminating or preventing it, by minimizing the harm it can cause, or by discovering and reporting it so that corrective action can be taken.
• System resource (asset): Data contained in an information system, or a service provided by the system, or a system capability, such as processing power or communication bandwidth, or an item of system equipment, or a facility that houses system operations and equipment.
23
Thomas Kemmerich
Hacking - Network Security Introduction0. introduction
BaSoTi 2016 - Tallinn 24
Why do we learn Hacking?• Understand the:
- methodology - goals - tactics - skills - tools of the enemies
2401-Hacking-Network-Security - 25 July 2016
Thomas Kemmerich
Hacking - Network Security Introduction0. introduction
BaSoTi 2016 - Tallinn 25
Why do we learn Hacking?We must know how an attack looks/feels like to detect it and to defend!
We need to know the vulnerabilities of our systems and networks
• locate bugs and configuration flaws • find access points for social engineering • critical behaviour of users and administrators
25
Thomas Kemmerich
Hacking - Network Security Introduction0. introduction
BaSoTi 2016 - Tallinn 26
Pentesting
• Pentesting is a subset of ethical hacking • Clear strategic measures to check systems and
networks • Tools • Exploiting Systems • Development of own tools • Vulnerabilities in new code (Software Security) • Standard user accounts
2601-Hacking-Network-Security - 25 July 2016
Thomas Kemmerich
Hacking - Network Security Introduction0. introduction
BaSoTi 2016 - Tallinn 27
Pentesting"Penetration testing can be defined as a legal and authorized attempt to locate and successfully exploit computer systems for the purpose of making those systems more secure."
"A vulnerability assessment is the process of reviewing services and systems for potential security issues, whereas a penetrations test actually performs exploitation and POC (proof of concept) attacks to prove that a security issue exists."
27
Thomas Kemmerich
Hacking - Network Security Introduction0. introduction
BaSoTi 2016 - Tallinn 28
Types of Pentester/Hacker/ChrackerWhite Hat: good, a hero, focussing on securing and protecting IT-Systems and Networks
Black Hat: bad guy, breaking into networks and IT-Systems to steel, manipulate data and/or implant malware
Gray Hat: sometimes good but sometimes bad. Unclear skills lead to a criminal behaviour. Be always a White Hat!
2801-Hacking-Network-Security - 25 July 2016
Thomas Kemmerich
Hacking - Network Security Introduction0. introduction
BaSoTi 2016 - Tallinn 29
Types of TestingWhite box testing: access to all information incl. network diagrams, IT-Systems, versions of SW etc.
Black box testing: no knowledge about anything
Gray box testing: simulate an attack that could be carried out by an disgruntled, disaffected staff member
29
Thomas Kemmerich
Hacking - Network Security Introduction0. introduction
BaSoTi 2016 - Tallinn 30
Access to the Systems:Remote via Network Access (Internet): • Login services (VPNs, SSH, telecommuter, …) • Web-Applications • Wireless access • Remote Dial-InLocal: • Internal users / visitors (contract workers) • Physical access to the infrastructure • Wireless access • social Engineering
3001-Hacking-Network-Security - 25 July 2016
Thomas Kemmerich
Hacking - Network Security Introduction0. introduction
BaSoTi 2016 - Tallinn 31
Software Security:
How much sheets of paper do I need to print out the code of Android OS, 8pt?
31
Thomas Kemmerich
Hacking - Network Security Introduction0. introduction
BaSoTi 2016 - Tallinn 32
Typical Attack/Pentest Phases
• Reconnaissance • Scanning • Exploitation
- Privilege escalation • Maintaining access • Covering tracks and hiding
• Documentation
3201-Hacking-Network-Security - 25 July 2016
Thomas Kemmerich
Hacking - Network Security Introduction0. introduction
BaSoTi 2016 - Tallinn 33
Reconnaissance
33
Thomas Kemmerich
Hacking - Network Security Introduction0. introduction
BaSoTi 2016 - Tallinn 34
Reconnaissance
• Locate the target you want to penetrate
• Gather all available information:- IP-Addresses- Users- Servers- Services- E-mails- locations- persons- … Avoid direct contact with the target (scanning etc.)
Social EngineeringWeb research
Hidden investigation
3401-Hacking-Network-Security - 25 July 2016
Thomas Kemmerich
Hacking - Network Security Introduction0. introduction
BaSoTi 2016 - Tallinn 35
Ethical Hacking*
Reconnaissance - What are we interested in?
• Get an overview of the targetWith only normal usage of network resources
• Make internal pentesting infrastructure Preparation – lab – notes – report forms
• Setting the ground rules for testing Rules of engagement, contracts, ...
• Methodologies • Document all steps and write a report (form)
35
Thomas Kemmerich
Hacking - Network Security Introduction0. introduction
BaSoTi 2016 - Tallinn 36
Ethical Hacking*
Reconnaissance - What are we interested in?
• Get an overview of the targetWith only normal usage of network resources
• Make internal pentesting infrastructure Preparation – lab – notes – report forms
• Setting the ground rules for testing Rules of engagement, contracts, ...
• Methodologies
• Document all steps and write a report (form)
3601-Hacking-Network-Security - 25 July 2016
Thomas Kemmerich
Hacking - Network Security Introduction0. introduction
BaSoTi 2016 - Tallinn 37
Ethical Hacking*
I. Exercise:• You shall conduct a penetration test for a dedicated
WLAN setup for this BaSoTi course
• It is a blackbox test
• Describe all tasks and steps you are doing any test!
• Develop a form for the report
• What else do you need for the preparation
—> Make a short presentation of your plan
before
groups of 5 student
37
Thomas Kemmerich
Hacking - Network Security Introduction0. introduction
BaSoTi 2016 - Tallinn 38
Ethical Hacking*
I. Exercise:
• You should use:
The Open Source Security Testing Methodology Manual (http://www.isecom.org/research/osstmm.html)
3801-Hacking-Network-Security - 25 July 2016
Thomas Kemmerich
Hacking - Network Security Introduction0. introduction
BaSoTi 2016 - Tallinn 39
Ethical Hacking*
I. Exercise:• Define the target
• Develop an attack strategy- methodology?- how could you be undetected?- how to cover tracks?
• Define the tools you want to use
• Define the form of documentation
—> send the report by mail latest: 04. August, 0:00 pm (include the names of the group members!!!)
groups of 5 student
39
Thomas Kemmerich
Hacking - Network Security Introduction0. introduction
BaSoTi 2016 - Tallinn 40
Ib. Exercise:
• Install Kali Linux in a virtual machine (virtual box or VM), if not done yet (one installation per group)
• Start aircrack to monitor the airuse e.g. kismet to find out the SSID of the target network
• Find out the WPA pass phrase to connect to the WLAN
confirm with me that you connect to the right network!
4001-Hacking-Network-Security - 25 July 2016
Thomas Kemmerich
Hacking - Network Security Introduction0. introduction
BaSoTi 2016 - Tallinn 41
Next Lecture!
41
Thomas Kemmerich
Hacking - Network Security Introduction0. introduction
BaSoTi 2016 - Tallinn 42
Simple Reconnaissance
• Social Engineering • Caller ID spoofing • Physical break in
• Dumpster Diving
4201-Hacking-Network-Security - 25 July 2016
Thomas Kemmerich
Hacking - Network Security Introduction0. introduction
BaSoTi 2016 - Tallinn 43
Social Engineering
43
Thomas Kemmerich
Hacking - Network Security Introduction0. introduction
BaSoTi 2016 - Tallinn 44
Reconnaissance - Human interactionExploiting the weaknesses of the human element (in information systems) • By telephone:
Call support, “manager” calling lower employee, sysadmin calling —> remote access number / credentials
• Gaining trust
• Need of help (being helpless)
• Being very confident
4401-Hacking-Network-Security - 25 July 2016
Thomas Kemmerich
Hacking - Network Security Introduction0. introduction
BaSoTi 2016 - Tallinn 45
Reconnaissance - Caller ID spoofing• Internal number seems to be trustable • Setting up voice mailboxes
—> leave messages to an internal number
• Spoofing same caller ID as target—> often gains full access to voice mail or caller ID is password to voice mail box
Caller ID spoofing is simple using the most VoIP provider
45
Thomas Kemmerich
Hacking - Network Security Introduction0. introduction
BaSoTi 2016 - Tallinn 46
Reconnaissance - Physical Break In• Join a group of employees
• Visiting but not leaving (no badges required in the company)
• No screensaver with lock
• Information collection (post-it, USB-sticks, CD/DVD, Laptop, external HD, PCs
• leave access HW
• Backdoor opportunities(unprotected network access (ports), computer rooms, …
• fired employees are not hindered to access the company
4601-Hacking-Network-Security - 25 July 2016
Thomas Kemmerich
Hacking - Network Security Introduction0. introduction
BaSoTi 2016 - Tallinn 47
Reconnaissance - countermeasures against SE• User awareness (regular qualifications)
- Hacking demonstrations
• Authentication procedures for IT-Support (not only)
• Force to wear badges for access controlespecially for computer rooms
• screen saver with passwords
• Lock Down servers and computers (mobiles!?!)
• Encryption of all data
47
Thomas Kemmerich
Hacking - Network Security Introduction0. introduction
BaSoTi 2016 - Tallinn 48
Reconnaissance - countermeasures against SE• Avoid BYOD
• Clear procedures for processing old HW- Computers, Laptops, Mobiles, GPS, …- HDs, Memory-Sticks- Copy maschines- Network devices (routers, switches)
• Handling of paper and CDs/DVDs containing sensitive data —> shredding
btw: What are sensitive data?
4801-Hacking-Network-Security - 25 July 2016
Thomas Kemmerich
Hacking - Network Security Introduction0. introduction
BaSoTi 2016 - Tallinn 49
Reconnaissance - Gifts
Scatter 1000 infected USB
sticks on the parking place at
REMA1000 or of any company.
49
Thomas Kemmerich
Hacking - Network Security Introduction0. introduction
BaSoTi 2016 - Tallinn 50
Reconnaissance - Online Information• Searching for information
- Web sites - Search engines - Public databases - DNS informationRequired for a good start:- good internal mapping of the: * People (culture) * Infrastructure
More Details —> Ethical H
acking Cours at NTNU
5001-Hacking-Network-Security - 25 July 2016
Thomas Kemmerich
Hacking - Network Security Introduction0. introduction
BaSoTi 2016 - Tallinn 51
II. Exercise:
• Install Kali Linux in a virtual machine (virtual box or VM), if not done yet (one installation per group)
• Start aircrack to monitor the airuse e.g. kismet to find out the SSID of the target network
• Find out the WEP pass phrase to connect to the WLAN
confirm with me that you connect to the right network!
51
Thomas Kemmerich
Hacking - Network Security Introduction0. introduction
BaSoTi 2016 - Tallinn
Questions?
52
5201-Hacking-Network-Security - 25 July 2016