9781435486096_PPT_ch04
advertisement
Hands-On Ethical Hacking and Network Defense Second Edition Chapter 4 Footprinting and Social Engineering Objectives • After reading this chapter and completing the exercises, you will be able to: – – – – Use Web tools for footprinting Conduct competitive intelligence Describe DNS zone transfers Identify the types of social engineering Hands-On Ethical Hacking and Network Defense, Second Edition 2 Using Web Tools for Footprinting • “Case the joint” – Look over the location – Find weakness in security systems – Types of locks and alarms used • Footprinting – Finding information on company’s network – Passive and nonintrusive – Several available Web tools Hands-On Ethical Hacking and Network Defense, Second Edition 3 Table 4-1 Summary of Web tools Hands-On Ethical Hacking and Network Defense, Second Edition 4 Table 4-1 Summary of Web tools (cont’d.) Hands-On Ethical Hacking and Network Defense, Second Edition 5 Conducting Competitive Intelligence • Numerous resources to find information legally – Competitive intelligence • Gathering information using technology • Security professionals must: – Explain methods used to gather information • Have a good understanding of methods Hands-On Ethical Hacking and Network Defense, Second Edition 6 Analyzing a Company’s Web Site • Easy source of critical information – Many available tools • Paros – Powerful tool for UNIX and Windows OSs – Requires Java J2SE Hands-On Ethical Hacking and Network Defense, Second Edition 7 Figure 4-1 The main window of Paros Hands-On Ethical Hacking and Network Defense, Second Edition 8 Analyzing a Company’s Web Site (cont’d.) • Paros: searching for a Web site – Click Tools, Spider – Enter Web site’s URL – Check results Hands-On Ethical Hacking and Network Defense, Second Edition 9 Figure 4-2 Entering a URL in the Input dialog box Hands-On Ethical Hacking and Network Defense, Second Edition 10 Figure 4-3 Displaying filenames of all Web pages on a site Hands-On Ethical Hacking and Network Defense, Second Edition 11 Analyzing a Company’s Web Site (cont’d.) • Paros: getting Web site structure – Click Tree, Scan All – Report includes: • Vulnerabilities • Risk levels • Gathering information this way: – Time consuming Hands-On Ethical Hacking and Network Defense, Second Edition 12 Figure 4-4 The Paros scanning report Hands-On Ethical Hacking and Network Defense, Second Edition 13 Using Other Footprinting Tools • Whois – Commonly used – Gathers IP address and domain information – Attackers can also use it Figure 4-5 Viewing information with the SamSpade Whois utility Hands-On Ethical Hacking and Network Defense, Second Edition 14 Using E-mail Addresses • E-mail addresses – Help retrieve even more information • Find e-mail address format – Guess other employees’ e-mail accounts • Tool to find corporate employee information – Groups.google.com Hands-On Ethical Hacking and Network Defense, Second Edition 15 Using HTTP Basics • HTTP operates on port 80 • HTTP commands – Pull information from a Web server • Basic understanding of HTTP – Beneficial for security testers • Return codes – Reveal information about OS used • HTTP methods – GET/ HTTP/1.1. Hands-On Ethical Hacking and Network Defense, Second Edition 16 Table 4-2 HTTP client errors Hands-On Ethical Hacking and Network Defense, Second Edition 17 Table 4-3 HTTP server errors Hands-On Ethical Hacking and Network Defense, Second Edition 18 Table 4-4 HTTP methods Hands-On Ethical Hacking and Network Defense, Second Edition 19 Figure 4-6 Using the OPTIONS HTTP method Hands-On Ethical Hacking and Network Defense, Second Edition 20 Figure 4-7 Using the HEAD HTTP method Hands-On Ethical Hacking and Network Defense, Second Edition 21 Other Methods of Gathering Information • With just a URL, you can determine: – Web server – OS – Names of IT personnel • Other methods: – Cookies – Web bugs Hands-On Ethical Hacking and Network Defense, Second Edition 22 Detecting Cookies and Web Bugs • Cookie – Text file generated by a Web server – Stored on a user’s browser – Information sent back to Web server when user returns – Used to customize Web pages – Some cookies store personal information • Security issue Hands-On Ethical Hacking and Network Defense, Second Edition 23 Detecting Cookies and Web Bugs (cont’d.) • Web bug – One-pixel by one-pixel image file – Referenced in an <IMG> tag – Usually works with a cookie – Purpose similar to spyware and adware – Comes from third-party companies • Specializing in data collection Hands-On Ethical Hacking and Network Defense, Second Edition 24 Using Domain Name Service Zone Transfers • Domain Name System (DNS) – Resolves host names to IP addresses – People prefer URLs to IP addresses • Extremely vulnerable • Zone transfer tools – Dig and Host • Determining primary DNS server – Start of Authority (SOA) record • Shows zones or IP addresses – Zone transfer gives network diagram Hands-On Ethical Hacking and Network Defense, Second Edition 25 Figure 4-9 Using the Dig command Hands-On Ethical Hacking and Network Defense, Second Edition 26 Introduction to Social Engineering • Older than computers – Targets human component of a network • Goals – Obtain confidential information (passwords) – Obtain other personal information • Tactics – – – – Persuasion Intimidation Coercion Extortion/blackmailing Hands-On Ethical Hacking and Network Defense, Second Edition 27 Introduction to Social Engineering (cont’d.) • Biggest security threat – Most difficult to protect against • Main idea: – “Why try to crack a password when you can simply ask for it?” • Users divulge passwords to IT personnel • Human behavior studied – Personality traits – Body language Hands-On Ethical Hacking and Network Defense, Second Edition 28 Introduction to Social Engineering (cont’d.) • Techniques – – – – – Urgency Quid pro quo Status quo Kindness Position • Train users – Not to reveal information – To verify caller identity • Ask questions and call back to confirm Hands-On Ethical Hacking and Network Defense, Second Edition 29 Figure 4-10 The OSSTMM socialengineering template Hands-On Ethical Hacking and Network Defense, Second Edition 30 The Art of Shoulder Surfing • Shoulder surfer – Reads what users enter on keyboards • Logon names • Passwords • PINs • Tools – Binoculars or high-powered telescopes – Key positions and typing techniques – Popular letter substitutions • $ equals s, @ equals a Hands-On Ethical Hacking and Network Defense, Second Edition 31 The Art of Shoulder Surfing (cont’d.) • Prevention – Avoid typing when: • Someone is nearby • Someone nearby is talking on cell phone – Computer monitors: • Face away from door or cubicle entryway – Immediately change password if you suspect someone is observing you Hands-On Ethical Hacking and Network Defense, Second Edition 32 The Art of Dumpster Diving • Attacker finds information in victim’s trash – – – – – – – – – Discarded computer manuals Passwords jotted down Company phone directories Calendars with schedules Financial reports Interoffice memos Company policy Utility bills Resumes Hands-On Ethical Hacking and Network Defense, Second Edition 33 The Art of Dumpster Diving (cont’d.) • Prevention – Educate users • Dumpster diving • Proper trash disposal – Format disks before disposing them • Software writes binary zeros • Done at least seven times – Discard computer manuals offsite – Shred documents before disposal Hands-On Ethical Hacking and Network Defense, Second Edition 34 The Art of Piggybacking • Trailing closely behind an employee cleared to enter restricted areas • How it works: – – – – Watch authorized personnel enter an area Quickly join them at security entrance Exploit desire to be polite and helpful Attacker wears a fake badge or security card Hands-On Ethical Hacking and Network Defense, Second Edition 35 The Art of Piggybacking (cont’d.) • Prevention – Use turnstiles – Train personnel to notify security about strangers – Do not hold secured doors for anyone • Even people they know – All employees must use access cards Hands-On Ethical Hacking and Network Defense, Second Edition 36 Phishing • Phishing e-mails – “Update your account details” – Usually framed as urgent request to visit a Web site • Web site is a fake • Spear phishing – Combines social engineering and exploiting vulnerabilities – E-mail attacks directed at specific people • Comes from someone the recipient knows • Mentions topics of mutual interest Hands-On Ethical Hacking and Network Defense, Second Edition 37 Figure 4-12 A phishing e-mail Hands-On Ethical Hacking and Network Defense, Second Edition 38 Summary • Footprinting – Gathering network information with Web tools • Competitive intelligence – Gathered through observation and Web tools • IP addresses and domain names – Found by using tools (e.g., SamSpade) • Cookies and Web bugs – Collect and retrieve user’s information • Zone transfers – Used to obtain network topologies Hands-On Ethical Hacking and Network Defense, Second Edition 39 Summary (cont’d.) • Social engineering – Attacks using human nature • Many methods – Educate personnel • Attacker techniques – – – – Shoulder surfing Dumpster diving Piggybacking Phishing Hands-On Ethical Hacking and Network Defense, Second Edition 40
