WIXLIB

Hands-On Ethical hacking and Network Defense -2nd EditionChapter 4 Summary - Footprinting and Social EngineeringObjectives After reading this chapter and completing the exercises, you will be able to:– Use Web tools for footprinting– Conduct competitive intelligence– Describe DNS zone transfers– Identify the types of social engineeringUsing Web Tools for Footprinting “Case the joint”– Look over the location What information in freely available– Find weakness in security systems Determine what types of security measures and OS’s are in place– Types of locks and alarms used Determine physical security controls, manufactures, and types are in place Footprinting– Finding information on company’s network Publically available and obtainable data– Passive and nonintrusive– Several available Web toolsWhois – Commonly used– Gathers IP address and domain information– Attackers can also use itWeb-based Whois– Just as reliable– Many sources– Keyword Whois by IP Whois by domainIP Address to Physical Location correlation– Several sites provide direct correlationsConducting Competitive Intelligence Numerous resources to find information legally– Competitive intelligence Gathering information using technology Security professionals must:– Explain methods used to gather information Have a good understanding of methods

Hands-On Ethical hacking and Network Defense -2nd EditionChapter 4 Summary - Footprinting and Social Engineering Easy source of critical information– Many available tools (most passive and difficult to detect)Analyzing a Company’s Web Site Paros– Powerful tool for UNIX and Windows OSs– Requires Java J2SE Searching a Web site using Paros– Click Tools, Spider– Enter Web site’s URL– Check results Paros: getting Web site structure– Click Tree, Scan All– Report includes: Vulnerabilities Risk levels Gathering information this way:– Time consuming– Requires altering client localconfiguration Requires latest JRE file installed Requires resetting proxy to127.0.0.1 / 8080Using E-mail Addresses E-mail addresses– Help retrieve even more information for social engineering users E-mail address formatting– Provides the framework to guess unknown possible high value targets addresses Tool to find corporate employee information– Groups.google.com– Google hacking – extracts results for search engine archivesUsing HTTP Basics HTTP (Web Server Operations)– Operates on port 80 or Port 443 (SSL) but others possible– Commands: Retrieve information from the server– Basic understanding of HTTP is beneficial for security testers– Data returned from probes can tell you about the OS and Web services used to host asite With just a URL, you can determine:

Hands-On Ethical hacking and Network Defense -2nd EditionChapter 4 Summary - Footprinting and Social Engineering – Web server– OS– Names of IT personnelOther methods:– Cookies– Web bugs– HTTP Methods OverviewDetecting Cookies and Web Bugs Cookie– Text file generated by a Web server– Stored on a user’s browser– Information sent back to Web serverwhen user returns– Used to customize Web pages– Some cookies store personalinformation Security & Privacy issues:– Can be used to track a users activities– Data traded between 3rd party site to form a more complete picture ofsurfing interests (even from disassociated sites and logons). Web bug– One-pixel by one-pixel image file– Referenced in an IMG tag– Usually works with a cookie– Purpose similar to spyware and adware– Comes from third-party companies Specializing in data collection– Calls to host web server log viewers data in server logs– Security and Privacy issues related to trackingDomain Name Service Reconnaissance Domain Name System (DNS)– Converts a URL into an IP address– Seamless (usually) to the end user– Extremely vulnerable to poisoning Zone transfer tools– Dig and Host Determining Primary DNS server– Only the Primary Server holds the Start of Authority (SOA) record Shows zones or IP addresses

Hands-On Ethical hacking and Network Defense -2nd EditionChapter 4 Summary - Footprinting and Social Engineering– Request Zone Transfer Records from DNS servers provides valuable network topologyinformationDNS Transfer Record RequestIntroduction to Social Engineering Older than computers– Targets human component of a network Goals– Obtain confidential information (passwords)– Obtain other personal information Tactics– Persuasion– Intimidation– Coercion– Extortion/blackmailing Biggest security threat– Most difficult to protect against Main idea:– “Why try to crack a password when you can simply ask for it?” Users divulge passwords to IT personnel Human behavior studied– Personality traits– Body language Techniques– Urgency– Quid pro quo– Status quo– Kindness– Position Train users– Not to reveal information– Follow published procedures– Refer to a supervisor is suspicious– To verify caller identity Ask questions and call back to confirmThe Art of Shoulder Surfing Shoulder Surfer– Reads what users enter on keyboards Logon names Passwords

Hands-On Ethical hacking and Network Defense -2nd EditionChapter 4 Summary - Footprinting and Social Engineering PINsTools–––Binoculars or high-powered telescopesKey positions and typing techniquesPopular letter substitutions equals s, @ equals aPrevention– Avoid typing when: Someone is nearby Someone nearby is talking on cell phone– Computer monitors: Face away from door , cubicle entryway, orwindows– Countermeasures Immediately change password if you suspectsomeone is observing you Report suspected attempts to IT security and your ManagerThe Art of Dumpster Diving Attacker finds information in victim’s trash:– Discarded computer manuals - Passwords jotted down– Company phone directories - Calendars with schedules– Financial reports- Interoffice memos– Company policy- Utility bills– Resumes Never throw away information containing IP’s, user names, purchase data on software, etc Shred using a cross-cut shredder is best method to destroy paper products. Perform physical destruction of disks and hardware (dispose off-site if possible)The Art of Piggybacking Trailing closely behind an employee cleared to enter restricted areas How it works:– Watch authorized personnel enter an area– Quickly join them at security entrance– Exploit desire to be polite and helpful– Attacker wears a fake badge or security card Prevention– Use turnstiles– Train personnel to notify security about strangers– Do not hold secured doors for anyone Even people they know

Hands-On Ethical hacking and Network Defense -2nd EditionChapter 4 Summary - Footprinting and Social Engineering – All employees must use access cards– PhishingPhishing e-mails– “Update your account details”– Usually framed as urgentrequest to visit a Web site Web site is a fakeSpear phishing– Combines social engineeringand exploiting vulnerabilities– E-mail attacksdirected at specific people Appears to comes from someone the recipient knows Mentions topics of mutual interest

Hands-On Ethical hacking and Network Defense -2nd Edition Chapter 4 Summary - Footprinting and Social Engineering Objectives After reading this chapter and completing the exercises, you will be able to: - Use Web tools for footprinting - Conduct competitive intelligence - Describe DNS zone transfers