Pane BE Eta ony Ethical Hacker - Required Skills and Respon: ies Hacking is the term given to processes and methods put into practice mal to gain access over a system, Hacking is performed to access confidential information and data that {s important to individuals, business or organisations. It serves the purpose of breaching vulnerabilities of system for gains and profits, Ethical hackers are technical professionals and have immense knowledge of system and security, They attack their own organisational system with permission and try to find ways through which their system can be attacked, Ethical hackers are very important for organisations from security and safety purpose. Benefits of an ethical hacker Ethical hackers are well recognised in their profession for thelr job of protecting the system, Below are the advantages of being an ethical hacker: Prevent harmful cyber-attacks. Prevent penetration attacks of intruders. Find loopholes in the system and repeir them with their expertise, Establish security and safety measures within the system. ‘* Prevent cyber terrorism and hacks from taking place. Skill Required to be an Ethical Hacker Ethical hackers are professionals having immense tech-knowledge about security and safety of computer systems, operating systems, networking. They are required to have excellent hacking skills and. prevent threats from harming the computer systems. Knowledge about Networking Expert in Scripting. Good hands-on programming Exposure to multiple operating systems: Windows, Linux Knowledge of the backend database Experience with servers and search engines Well-versed with available tools in market Ethical Hackers Responsibilities Role In-depth Knowledge of Security: Ethical hackers should be well versed with potential threats and vulnerabilities that can hack organisational systems. Ethical hackers are hired by organisations for their expertise skills and quick resolution to security vulnerabilities. They should be cyber security professionals having knowledge of the computer systems, network and security. Think like Hackers: The primary role of Ethical hackers is to attack the system like hackers, without adopting authorised methods. They are supposed to think like hackers ‘who want to steal confidential data /information. Ethical hackers look for areas that are most likely to be attacked and the different ways in which attack can take place. 2 Mr.Rinkesh Parmar 1Unit-5 Ethical Hackers In-depth Knowledge of the Organisation they intend to provide Service: Ethical hackers should be well versed with the services of the functional working of the organisation they are associated with It should have the knowledge about the {formation that is extremely safe and needs to be protected. Ethical hackers should be capable of finding the attack methods for accessing the sensitive content of the organisation Ethical Hackers Responsibilities: Hacking their own Systems: Ethical hackers hack their own systems to find potential threats and vulnerabilities. They are hired to find vulnerabilities of the system before they are discovered by hackers. Diffuse the intent of Hackers: Ethical hackers are hired as a Precautional Step towards Hackers, who aim at breaching the security of computers. Vulnerabilities when detected early can be fixed znd safe confidential information from being ‘exposed to hackers who have malicious intentions. Document their Findings: Ethical hackers must properly document all their findings and potential threats. The main part of the work they are hired by the organisations is proper reporting of bugs and vulnerabilities which are threat to the security. Keeping the Confidential Information Safe: Ethical hackers must oblige to keep all their findings secure and never share them with others. Under any kind of situation they should never agree to share their findings and observations, Sign Non-Disclosure Agreements: They must sign confidential agreements to keep the information they have about the organisations safe with them. This will prevent them to give -out confidential information and legal action will be taken against them ifthey indulge in any such acts. Handle the loopholes in Security: Based on their observations, Ethical hackers should restore/ repair the security loopholes. This will prevent hackers from breaching the security of the organisation from attacks Penetration Testing Concepts What is penetration testing? A penetration test, also known as a pen test, is a simulated cyber-attack against your computer system to check for exploitable vulnerabilities. In the context of web application security, penetration testing Is commonly used to augment a web application firewall (WA). Mr.Rinkesh ParmarPane BE Eta ony Penetration testing stages Analysis and WAF configuration ————- © e sang belreesteg enon apn, PENETRATION Maintaining access TESTING STAGES, Scanning serena et nrg Samrg wos wort ners cnerwtomenan ace roratnetropener ovens Gaining access Planning and reconnaissance Defining the scope and goals of a test, including the systems to be addressed and the testing methods to be used. Gathering intelligence (eg, network and domain names, mail server) to better understand how a target works and its potential vulnerabilities. 2.Scanning The next step 1s to understand how the target application will respond to various intrusion attempts. This is typically done using: ‘+ Staticanalysis - Inspecting an application’s code to estimate the way it behaves while running, These tools can scan the entirety of the code in a single pass. Dynamic analysis — Inspecting an application's code in a running state. This isa more practical way of scanning, as it provides a real-time view into an application's performance. 3. Gaining Access This stage uses web application attacks, such as cross-site scripting, SQL injection and backdoors, to uncover a target's vulnerabilities. Testers then try and exploit these vulnerabilities, typically by escalating privileges, stealing data, intercepting traffic, etc,, to understand the damage they can cause. 4. Maintaining access ‘The goal of this stage Is to see if the vulnerability can be used to achieve a persistent presence in the exploited system— long enough for a bad actor to gain in-depth access. The idea is to imitate advanced persistent threats, which often remain in a system for ‘months in order to steal an organization’s most sensitive data. 2 Mr.Rinkesh ParmarPane BE Eta ony 5. Analysis ‘The results of the penetration test are then compiled into a report detailing: ‘* Specific vulnerabilities that were exploited ‘* Sensitive data that was accessed ‘+ The amount of time the pen tester was able to remain in the system undetected Penetration testing methods 1. External testing External penetration tests target the assets of a company that are visible on the internet, eg, the web application itself, the company website, and email and domain name servers. (DNS). The goal is to gain access and extract valuable data. 2, Internal testing In an internal test, a tester with access to an application behind its firewall simulates an attack by a malicious insider. This isn’t necessarily simulating a rogue employee. A common starting scenario can be an employee whose credentials were stolen due to a phishing attack. 3. Blind testing Ina blind test, a tester is only given the name of the enterprise that's being targeted. This gives security personnel a real-time look into how an actual application assault would take place. 4. Double-blind testing In a double-blind test, security personnel have no prior knowledge of the simulated attack. As in the real world, they won't have any time to shore up their defenses before an attempted breach. 5. Targeted testing In this scenario, both the tester and security personnel work together and keep each other appraised of their movements. This is a valuable training exercise that provides a security team with real-time feedback from a hacker's point of view. SQL injection An SQL injection, sometimes abbreviated to SQLi, is a type of vulnerability in which an attacker uses a piece of SQL (structured query language) code to manipulate a database and gain access to potentially valuable Information, It's one of the most prevalent and threatening types of attack because it can potentially be used against any web application or website that uses an SQL-based databzse (which is most of them), How do SQL injection attacks work? To understand SQL injection, it’s important to know what structured query language (SQL) is. SQL is a query language used in programming to access, modify, and delete data = Mr.Rinkesh Parmar 4Unit-5 Ethical Hackers stored in relational databases. Since the vast majority of websites and web applications rely on SQL databases, an SQL injection attack can have serious consequences for organizations. An SQL query is a request sent to a database for some type of activity or function such as query of data or execution of SQL code to be performed. An example is when login information is submitted via a web form to allow a user access to a site, ‘Symptoms of SQLi ‘+ Receiving an excessive number of requests within a short timeframe. For example, you may see numerous emails from your webpage contact form. ‘* Ads redirecting to suspicious websites. ‘+ Strange popups and message errors. Types of SQL injection 4. In-band SQLi This type of SQLi attack is straightforward for attackers since they use the same ‘communication channel to launch attacks and gather results. This type of SQLi attack has ‘two sub-variations: ‘© Error-based SQLi: The database procuces an error message because of the attacker's actions. The attacker gathers information about the database infrastructure based on the data generated by these error messages. Union-based SQLi: The attacker uses the UNION SQL operator to obtain the desired data by fusing multiple select statements in a single HTTP response. 2. Inferential SQLi (also known as Blind SQL injection): This type of SQLi involves attackers using the response and behavioural patterns of the server after sending data payloads to learn more aboutits structure. Data doesn’t transfer from the website database to the attacker, so the attacker doesn’t see information about the attack in-band (hence the term ‘blind SQL). Inferential SQLi can be classified into two sub-types: ‘Time-based SQLi: Attackers send a SQL query to the database, making the database wait for a few seconds before it responds to the query as true or false. Boolean SQLi: Attackers send a SQL query to the database, letting the application respond by generating either a true or false result. 3. Out-of-band SQLi: This type of SQL attack takes place under two scenarios: ‘+ When attackers are unable to use the same channel to launch the attack as well as gather information; or, ‘+ When a server is either too slow or unstable to carry out these actions. 2 Mr.Rinkesh ParmarUnit-5 Ethical Hackers Impact of SQL injection attacks A successful SQL injection attack can have serious consequences for a business. TI because an SQL injection attack can: Expose sensitive data, Attackers can retrieve data, which risks exposing sensitive data stored on the SQL server. Compromise data integrity. Attackers can alter or delete information from your system. Compromise users’ privacy. Depending on the data stored on the SQL server, an attack can expose sensitive user information, such as addresses, telephone numbers, and credit card details. Give an attacker admin access to your system. If a database user has administrative privileges, an attacker can gain access to the system using malicious code. Give an attacker general access to your system. If you use weak SQL commands to check usernames and passwords, an attacker could gain access to your system without knowing a user's credentials. From there, an attacker can wreak havoc by accessing and manipulating sensitive information. Case Study SQL injection attacks An SQL injection attack uses malicious SQL code for backend database manipulation to access private Information. This information may include sensitive company data, user lists or customer details. SQL stands for ‘structured query language’ and SQL. injection is sometimes abbreviated to SQLL 2, What does SQL injection do? SQL injection attacks allow attackers to spoof identity, alter existing data, disclose data on the system, destroy data or make it otherwise unavailable, and become administrators of the database server, SQL injection attacks can cause serious damage to businesses, including loss of customer trust if confidential user data is breached. 3. How to prevent SQL injection attacks For businesses concerned about SQL injection prevention, key principles to help defend websites and web applications include: © Staff training: Generate awareness about SQLi-based risks within the team responsible for your web application and provide necessary role-based training to all users, ‘+ Keep user input in check: Any user input used in an SQL query introduces risk, Address input from authenticated and/or internal users in the same way as public input until itis verified. Give accounts 2 Mr.Rinkesh Parmar 6Unit-5 Ethical Hackers that connect to the SQL database only the minimum privileges needed. Use whitelists as, standard practice instead of blacklists to verify and filter user input. ‘* Use latest versions: It’s important to use the latest version of the development environment to maximize protection, since older versions may lack current safety features. Be sure to install the latest software and security patches when available. ‘+ Continuously scan web applications: Use comprehensive application performance management tools. Regularly scanning web applications will identify and address potential vulnerabilities before they allow serious damage. © Usea firewall: A web application firewall (WAF) Is often used to filter out SQLI, as Well as other online threats, A WAF relies on a large and frequently updated list of signatures that allow it to filter out malicious SQL queries. Usually, the list holds signatures to address specific attack vectors and is regularly patched in response to newly discovered vulnerabilities. Firewall What is Firewall? A Firewall can be defined as a network security device whose function is to monitor and filter incoming and outgoing network traffic based on the predefined security policies established by an organization to protect it from any unethical practices. A firewall acts as a barrier between a private internal network and the public Internet. The main purpose of using a network security firewall in the network system is to allow non- threatening traffic in and to keep dangerous traffic out of the network. How does a Network Security Firewall Work? The main function ofa network security lrewall is to allow the safest network traffic to the network and to do so, it filters the good and trusted traffic from the whole traffic and doesn’tallow the bad and untrusted traffic to travel through the network. Before knowing how a network security firewall operates to filter the network traffic, it is important to understand the structure of web-based networks first. Firewalls are intended to secure the network hosts like private networks and the endpoint devices within the network. .. Network hosts are mainly devices that are used to "talk" with other hosts on the same network. . Their function is to send and recetve communtcation between internal networks, as well as outbound and inbound between external networks. . The networks provide access to the Internet to the computers and other endpoint devices and also help to establish communication with each other. 2 Mr.Rinkesh Parmar aUnit-5 Ethical Hackers 5. ‘The internet is segmented into sub-networks or ‘subnets’ for security and privacy purposes, ‘Types of Firewall 1. Packet filtering firewall . Circuit-level gateway 3. Application-level gateway (aka proxy firewall) . Stateful inspection firewall Next-generation firewall (NGFW) Packet filtering firewall Packet filtering firewalls operate inline a: junction points where devices such as routers and switches do their work. However, these firewalls don't route packets; rather they compare each packet received to a set of established criteria, such as the allowed IP addresses, packet type, port number and other aspects of the packet protocol headers. Packet filtering firewall advantages A single device can filter traffic for the entire network. Extremely fast and efficient in scanning traffic Inexpensive Minimal effect on other resources, network performance and end-user experience Packet filtering firewall disadvantages ‘* Because traffic filtering is based ertirely on IP address or port information, packet filtering lacks broader context that informs other types of firewalls Doesn't check the payload and can be easily spoofed Not an ideal option for every network Packet filtering may not provide the level of security necessary for every use case, but there are situations in which this low-cost firewall is a solid option. For small or budget constrained organizations, packet filtering provides a basic level of security that can provide protection against known threats. Larger enterprises can also use packet filtering as part of a layered defense to screen potentially harmful traffic between internal departments, > Cireuit-level gateway Using another relatively quick way to identify malicious content, circuit-level gateways monitor TCP handshakes and other network protocol session initiation messages across the network as they are established between the local and remote hosts to determine whether the session being initiated is legitimate -- whether the remote system is considered trusted, They don't inspect the packets themselves. 2 Mr.Rinkesh Parmar 8