Chapter 1 - Essential Knowledge (Introduction to Ethical Hacking) Flashcards
Match OSI Layers with PDU’s
Application
Presentation
Session
Transport
Network
Data Link
Physical
Application - Data PDU
Presentation - Data PDU
Session - Data PDU
Transport - Segment PDU
Network - Packet PDU
Data Link - Frame PDU
Physical - Bit PDU
Acronym for top-down list of PDU’s
Do Sergeants Pay For Beer
Data Segment Packet Frame Bit
Match OSI Layers with Protocols Application
Presentation
Session
Transport
Network
Data Link
Physical
Application - FTP, SMTP, HTTP
Presentation - AFP, MIME, NCP
Session - X.225, SCP, ZIP
Transport - TCP, UDP
Network - IP
Data Link - ARP, CDP, PPP
Physical - USB Standards, Bluetooth, Etc
TCP/IP Model and Protocols
Application
Transport
Internet
Network Access
Application - HTTP, FTP, SNMP, DNS, POP, Telnet
Transport - TCP, UDP
Internet - IP, ICMP
Network Access - ARP, L2TP, STP, HDLC, FDDI
Match OSI Model to TCP/IP Model
Application
Presentation
Session
Transport
Network
Data Link
Physical
OSI Model — TCP/IP Model
Application - Application
Presentation - Application
Session - Application
Transport - Transport
Network - Internet
Data Link - Network Access
Physical - Network Access
Ethernet Frame Diagram
Three-Way Handshake
6 steps
- Host A send TCP SYN nchronize packet to B
- Host B receives the SYN
- Host B sends a SYNnchronize-ACKnowledge
- Host A receives the SYN-ACK from B
- Host A sends ACKnowledgement
- Host B receives the ACK from A
connection established
Ethernet Frames in Transit Diagram
ECC’s Five Network Zones
Internet
Internet DMZ
Production Network
Intranet
Management Network
- Internet
- Outside the boundary. Uncontrolled. No security policies applied
- Internet DMZ
- Controlled buffer network betwen you and the internet
- Production Network
- Very restricted zone that strictly controls access from uncontrolled zones. Does not hold users
- Intranet
- Controlled zone with little to no heavy restrictions. Not wide open but fewer strict controls
- Management Network
- Highly secured zone with very strict policies
Security, Functionality, Usability Triangle
Shows that as you move towards one corner, you get further from the other two
5 Sections of Threat Modeling
Identify Security Objectives
Application Overview
Decompose Application
Identify Threats
Identify Vulnerabilities
EISA
Enterprise Information Security Architecture
Collection of requirements and processes that help determine how organization’s information systems are built and how they work
Security Controls
- Physical
- guards, lights, cameras
- Technical
- encryption, smartcards, ACL’s
- Administrative
- training, awareness, policy efforts
Preventive, Detective, Corrective Measures
- Preventive
- authentication
- Detective
- alarm bells, alerts, for unauthorized access, audits
- Corrective
- backup and restore options
BIA
Business Impact Analysis
Identify systems and processes that are critical for operations.
includes measurements of the Maximum Tolerable Downtime (MTD) which lets you prioritize recovery of assets
Business Continuity Plan (BCP)
Plans and procedures to follow in event of failure or disaster, to get business back up and running
Includes a Disaster Recovery Plan (DRP) addressing exactly what to do for recovering lost data or services
Annualized Loss Expectancy (ALE)
Annual Rate of Occurrence (ARO)
Single Loss Expectency (SLE)
Exposure Factor (EF)
Asset Value
ALE = ARO * SLE
ARO can come from statistics from similar businesses
EF is educated guess on percentage loss for an asset
SLE = EF * Asset Value
CIA Triad
- Confidentiality
- secrecy and privacy of info. measures taken to prevent unauthorized access to it
- Integrity
- Methods, actions taken to protect info from unauthorized alteration or revision, both at rest and in transit.
- Availability
- Ensuring that when the system or data is needed, it can be accessed
Common Criteria Information
Originated in 1999, took precedence in 2005.
Grew out of the TCSEC, a DoD standard
Designed to provide assurance that the system is designed, implemented and tested according to a specific security level
Common Criteria (CC) Terms
Evaluation Assurance Level (EAL)
Target of Evaluation (TOE)
Security Target (ST)
Protection Profile (PP)
- EAL
- Has 7 levels
- Allows vendors to make cliams about their in-place security by following these standards
- TOE
- What is being tested
- ST
- Documentation describing the TOE and security requirements
- PP
- Set of security requirements specifically for the type of product being test
Mandatory and Discretionary Access Control
MAC
DAC
- MAC
- security policy controlled by security administrator, users can’t set access controls themselves.
- OS restricts ability to access a resource or perform a task
- DAC
- Lets users set access controls on the resources they control.
- Means of restricting access to objects based on identity of subjects or groups they belong to.
- ex NTFS and Unix permissions for users, groups
Types of EC Council Policies
- Promiscuous
- Permissive
- Prudent
- Paranoid
- Promiscuous
- wide open
- Permissive
- blocks only known bad things
- Prudent
- maximum security but allows some potentially dangerous services because of business needs
- Paranoid
- locks everything down, not even a web browser is allowed
Definitions
- Standards
- Baselines
- Guidelines
- Procedures
- Standards
- mandatory rules used to achieve consistancy
- Baselines
- provide minimum security level necessary
- Guidelines
- flexible recommended actions to take if no standard to follow
- Procedures
- detailed step-by-step instructions to accomplish a task or goal
Definitions
- Script Kiddie
- Phreaker
- White Hats
- Black Hats
- Gray Hats
- Hacktivists
- Suicide Hackers
- Script Kiddie
- uneducated but uses tools
- Phreaker
- manipulates telecom systems
- White Hats
- ethical hackers hired to test & improve security. Always get permission first
- Black Hats
- Crackers, illegally using skills for malicious or illegal gain
- Gray Hats
- neither good nor bad. 2 subsets, those who are curious and those feel like it’s their duty to demonstrate security flaws
- Hacktivists
- Have a political agenda
- Suicide Hackers
- don’t care about their safety or freedom, or anyone else’s.
Attack Types
- OS Attacks
- Application-level attacks
- Shrink-wrap code attacks
- Misconfiguration Attacks
- OS Attacks
- Target common mistaks when installing OS’s
- Application-level attacks
- Target actual programming code and software logic of app. Many apps on network aren’t tested for vulnerabilities
- Shrink-wrap code attacks
- Take advantage of built-in code that most COTS applications come with
- Misconfiguration Attacks
- Take advantage of systems that aren’t configured well for security. ie the administrator who “makes things easy” for users.
5 Hacking Phases
- Reconnaisance
- Scanning and Enumeration
- Gaining Access
- Maintaining Access
- Covering Tracks
- Reconnaisance
- Passive - gain info without the target knowing. Observing building.
- CEH Passive Recon: Dumpster diving, Social Engineering, Network Sniffing
- Active - puts hacker at higher risk of discovery. Entering buildling
- Passive - gain info without the target knowing. Observing building.
- Scanning and Enumeration
- Use recon info and apply tools and techniques to get more in depth info
- Gaining Access
- True attacks used agains targets enumerated in phase 2
- Maintaining Access
- Ensure they have way back into the system
- Covering Tracks
- Attempt to conceal success and avoid detection
3 Pen Test Phases
- Preparation
- Assessment
- Conclusion
- Preparation
- Defines scope, types of attacks allowed, individuals to perform acitvity
- Assessment (aka Security Eval Phase)
- Actual attacks are performed
- Conclusion
- Final reports prepared for customer, detailing findings, possibly recommendations
3 Types of Testing
- Black Box
- White Box
- Gray Box
- Black Box
- hacker has no knowledge of the TOE. Longest test. Simulates outside hacker
- White Box
- Pen tester has full knowledge of the TOE. Quickets test. Simulates internal threat from trusted user (sysadmin)
- Gray Box
- Assumes partial knowledge, like a regular user inside the network
HIPAA
Developed by US Health & Human Services
Sets privacy standards to protect patient medical records and health information
5 Sub-Sections
Electronic Transaction and Code Sets
Privacy Rule
Security Rule
National Identifier Requirements
Enforcement
Sarbanes-Oxley (SOX)
Created to make corporate disclosures more accurate and reliable to protect investors from shady behaviour
11 Titles in SOX
OSSTM
Open Source Security Testing Methodology Manual
Peer reviewed methodology of security testing and analysis.
Defines 3 types of compliance for testing
- Legislative - government regs
- Contractual - industry requirements
- Standards-based - practices required to remain a member of a group or organization
PCI-DSS
Payment Card Industry Data Security Standard
Applies to everyone in the payment card process (card issuers, merchants, those storing & transmitting card information)
12 Requirements
- Install, maintain firewall
- remove default passwords
- protect stored data
- encrypt transmitted data
- use antivirus
- develop secure systems, applications
- use ‘need-to-know to restrict access
- assign unique ID to each stakeholder with computer access
- restrict physical access to data
- monitor access to data and devices storing, transmitting it
- test security procedures regularly
- create, maintain security policy
COBIT
Control Objects for Information and Related Technology
created by Information Systems Audit and Control Association (ISACA) and the IT Governance Institute (ITGI)
A governance framework and supporting toolset that allows managers to bridge gap between control requirements, technical issues, business risks
Enables clear policy development, good practice and regulatory compliance
Categorizes control objectives into 4 domains
- planning and organization
- acquisition and implementation
- delivery and support
- monitoring and evaluation
