Hands-On Ethical hacking and Network Defense -2 nd Edition Chapter 4 Summary - Footprinting and Social Engineering Objectives • After reading this chapter and completing the exercises, you will be able to: – Use Web tools for footprinting – Conduct competitive intelligence – Describe DNS zone transfers – Identify the types of social engineering Using Web Tools for Footprinting • “ Case the joint ” – Look over the location • What information in freely available – Find weakness in security systems • Determine what types of security measures and OS’s are in place – Types of locks and alarms used • Determine physical security controls, manufactures, and types are in place • Footprinting – Finding information on company’s network • Publically available and obtainable data – Passive and nonintrusive – Several available Web tools Whois – Commonly used – Gathers IP address and domain information – Attackers can also use it • Web-based Whois – Just as reliable – Many sources – Keyword • Whois by IP • Whois by domain • IP Address to Physical Location correlation – Several sites provide direct correlations Conducting Competitive Intelligence • Numerous resources to find information legally – Competitive intelligence • Gathering information using technology • Security professionals must: – Explain methods used to gather information • Have a good understanding of methods
Hands-On Ethical hacking and Network Defense -2 nd Edition Chapter 4 Summary - Footprinting and Social Engineering • Easy source of critical information – Many available tools (most passive and difficult to detect) Analyzing a Company’s Web Site • Paros – Powerful tool for UNIX and Windows OSs – Requires Java J2SE • Searching a Web site using Paros – Click Tools, Spider – Enter Web site’s URL – Check results • Paros: getting Web site structure – Click Tree, Scan All – Report includes: • Vulnerabilities • Risk levels • Gathering information this way: – Time consuming – Requires altering client local configuration • Requires latest JRE file installed • Requires resetting proxy to 127.0.0.1 / 8080 Using E-mail Addresses • E-mail addresses – Help retrieve even more information for social engineering users • E-mail address formatting – Provides the framework to guess unknown possible high value targets addresses • Tool to find corporate employee information – Groups.google.com – Google hacking – extracts results for search engine archives Using HTTP Basics • HTTP (Web Server Operations) – Operates on port 80 or Port 443 (SSL) but others possible – Commands: Retrieve information from the server – Basic understanding of HTTP is beneficial for security testers – Data returned from probes can tell you about the OS and Web services used to host a site • With just a URL, you can determine:
Hands-On Ethical hacking and Network Defense -2 nd Edition Chapter 4 Summary - Footprinting and Social Engineering – Web server – OS – Names of IT personnel • Other methods: – Cookies – Web bugs – HTTP Methods Overview Detecting Cookies and Web Bugs • Cookie – Text file generated by a Web server – Stored on a user’s browser – Information sent back to Web server when user returns – Used to customize Web pages – Some cookies store personal information • Security & Privacy issues: – Can be used to track a users activities – Data traded between 3 rd party site to form a more complete picture of surfing interests (even from disassociated sites and logons). • Web bug – One-pixel by one-pixel image file – Referenced in an <IMG> tag – Usually works with a cookie – Purpose similar to spyware and adware – Comes from third-party companies • Specializing in data collection – Calls to host web server log viewers data in server logs – Security and Privacy issues related to tracking Domain Name Service Reconnaissance • Domain Name System (DNS) – Converts a URL into an IP address – Seamless (usually) to the end user – Extremely vulnerable to poisoning • Zone transfer tools – Dig and Host • Determining Primary DNS server – Only the Primary Server holds the Start of Authority (SOA) record • Shows zones or IP addresses
Hands-On Ethical hacking and Network Defense -2 nd Edition Chapter 4 Summary - Footprinting and Social Engineering – Request Zone Transfer Records from DNS servers provides valuable network topology information • DNS Transfer Record Request Introduction to Social Engineering • Older than computers – Targets human component of a network • Goals – Obtain confidential information (passwords) – Obtain other personal information • Tactics – Persuasion – Intimidation – Coercion – Extortion/blackmailing • Biggest security threat – Most difficult to protect against • Main idea: – “Why try to crack a password when you can simply ask for it?” • Users divulge passwords to IT personnel • Human behavior studied – Personality traits – Body language • Techniques – Urgency – Quid pro quo – Status quo – Kindness – Position • Train users – Not to reveal information – Follow published procedures – Refer to a supervisor is suspicious – To verify caller identity • Ask questions and call back to confirm The Art of Shoulder Surfing • Shoulder Surfer – Reads what users enter on keyboards • Logon names • Passwords
Hands-On Ethical hacking and Network Defense -2 nd Edition Chapter 4 Summary - Footprinting and Social Engineering • PINs • Tools – Binoculars or high-powered telescopes – Key positions and typing techniques – Popular letter substitutions • $ equals s, @ equals a • Prevention – Avoid typing when: • Someone is nearby • Someone nearby is talking on cell phone – Computer monitors: • Face away from door , cubicle entryway, or windows – Countermeasures • Immediately change password if you suspect someone is observing you • Report suspected attempts to IT security and your Manager The Art of Dumpster Diving • Attacker finds information in victim’s trash: – Discarded computer manuals - Passwords jotted down – Company phone directories - Calendars with schedules – Financial reports - Interoffice memos – Company policy - Utility bills – Resumes • Never throw away information containing IP’s, user names, purchase data on software, etc… • Shred using a cross-cut shredder is best method to destroy paper products. • Perform physical destruction of disks and hardware (dispose off-site if possible) The Art of Piggybacking • Trailing closely behind an employee cleared to enter restricted areas • How it works: – Watch authorized personnel enter an area – Quickly join them at security entrance – Exploit desire to be polite and helpful – Attacker wears a fake badge or security card • Prevention – Use turnstiles – Train personnel to notify security about strangers – Do not hold secured doors for anyone • Even people they know
Hands-On Ethical hacking and Network Defense -2 nd Edition Chapter 4 Summary - Footprinting and Social Engineering – All employees must use access cards – Phishing • Phishing e-mails – “Update your account details” – Usually framed as urgent request to visit a Web site • Web site is a fake • Spear phishing – Combines social engineering and exploiting vulnerabilities – E-mail attacks directed at specific people • Appears to comes from someone the recipient knows • Mentions topics of mutual interest
Recommend
More recommend
