Attack Methodology and Countermeasures

Strayer University
SEC420
Professor Gillen
July 24, 2015

Attack Methodology and Countermeasures
When most people hear the term “hacker” they think of an evil person committing crimes by hacking into their computers to steal, destroy and/or steal identities. This is so in some cases, but not all hackers are bad. Hackers are merely curious technically skilled individuals who gain unauthorized access to computers, networks of various companies, organizations and individuals. Good hackers are considered white hat hackers. They are the ones, who are hired to break into systems as a way of testing the vulnerabilities and security issues that may be present in the computer system. Consider this: company XYZ, a mid-sized corporation, is in the middle of satisfying their regulatory compliance needs. The manager of security at the company has been tasked by the CIO (Chief Information Officer) to report on the company’s current security posture. If the manager decided to outsource an ethical or white hat hacker in attempt to test their security measures. Over the course of this document various things the third party hacker would need from the company, things he or she would provide to the company and some predictions for the tests.
In order to exploit the targeted systems the initial steps to gain as much information as possible about the targets. In this case, the manager is the contact in which questions may be posed. The hacker would have several questions, such as: how intrusive does the manager want the hacker to be? What is the physical makeup of the network? Does the manager want the hacker to stay in the Demilitarized Zone (DMZ) or go into the intranet? The hacker should ask the manager to identify the networks which need to be tested, specify the testing interval, and for approval for their plan (Beaver, 2014). There will be several documents needed during the first meeting as well. The documents needed at the first meeting would include a plan, approval letter, a Nondisclosure Agreement (NDA) for both parties, and a discovery and findings form. Prior to the initial meeting the hacker would draw up a plan and present this plan to the manager for signing, if the manager has any inputs then the plan may be altered and signed at a later date. Authorization is granted to ABC Security Systems to conduct penetration testing as outlined in this document. ABC Systems will adhere to all provisions in this document to the absolute best of its ability. ABC Systems is not responsible for any damages incurred by penetration testing or by any compromises to the target system due to testing conducted as long as it adherer’s to the standards set forth in this document. Any deviations to this document will require written approval and will be attached to this document for reference by company XYZ and agreed to by ABC Security Systems. The NDA is mandatory, this is the document that keeps both parties from disclosing their findings of one another, and the hacker is protected by this document, as it may also be used as a written permission form. The company is protected by the NDA because by signing it the hacker is legally bound to not pass along his or her findings while conducting tests or hacking operations. A from showing the format of the test findings would also be useful at the first meeting, this document would be used for consideration rather than a final draft. Obviously, the tests have not begun and for the manger and the hacker to agree on the deliverable format. The plan for the tests is another important document to have at the initial meeting. During the course of the penetration testing there are several different tasks that will have to be performed. These tasks are listed out in the previously mentioned documents, but may involve more than what is on this document depending on the initial investigation into the system. Along with the documents listed above, a timeline would be needed and agreed upon.
There are multiple phases of ethical hacking. The chronological order goes straight back to the basics, meetings and agreements, reconnaissance, scanning, gaining access, maintaining access, covering tracks, and delivering reports. Penetration testing will be conducted between 2:00 a.m.–6:00 a.m. EST weekend only (Saturday and Sunday) starting 1 week from the date that this document is signed or an agreed upon date by both parties.
• Information Gathering and Analysis – During this phase we will be using different tools to analyze the target network and plan for the actual penetration phase. Network surveys are conducted to analyze open ports, map the network and research is done to find the registry information and obtain IP addresses.
• Vulnerabilities will then be identified on the system. Vulnerabilities are put together via a combination of known exploits and the experience of our testers as well as tools that can identify known exploits against certain systems. Tools used for this step are Nessus Vulnerability Scanner.
• Once vulnerabilities are identified, penetration attempts are planned out and executed. These are done on target systems on the network. One of the first steps is being able to gain access to the system via password cracking. If and when access is gained, further system vulnerabilities can then be identified.
• After penetration tested is completed the team will clean up any changes or modifications that were made during the exploitation.
A hacker’s toolbox is never full, there is always room for more. Google is a major tool in most hackers’ initial first step; but Nmap, AMAP, ScanRand and Paratrace may also be used in the beginning stages. Nmap is a security scanner that was originally designed by Gordon Lyon (No Author, 2015). It was built to find hosts and services on a network. Once it finds these hosts and services, it will then send packets to the target host and evaluate the responses. Nmap checks the network conditions during the packet run including latency fluctuations and congestion. It also figures out if a host is up or down and which ports are open or closed. Also, it can tell which operating system the target is using, the type of device and even the presence of a firewall. Another popular hacking tool is called Nessus. Nessus is a vulnerability scanning program. It is a free program designed to detect potential vulnerabilities on systems. It checks for vulnerabilities such as misconfiguration, allowing a hacker to control or access data remotely, default passwords, dictionary attacks, denial of service attacks, and also provides preparation for PCI DSS audits. The way in which Nessus works is it does a port scan first to figure out which ports are open, and then tries to exploit them (Tenable, 2015). All of the tests are written in Nessus Attack Scripting Language. It then produces dozens of new plugins every week and is tested/scanned on a regular basis. John the Ripper is another hacking tool out there. This one is a password cracker. John runs on fifteen different platforms. It is so popular because it combines multiple password crackers into one package. It automatically detects the password hash type and includes a customizable cracker. There are a couple different attack types that John can use. It can perform a dictionary attack (a technique for defeating a cipher). Also it can perform a brute force attack (where it will check all possibilities, hashing each one and comparing it), which is good for figuring out passwords not on the dictionary list. This method usually takes a long time so it is usually a last resort.
Reporting will be done after the penetration tests have been completed and will contain a summary and detailed results of all of the tests conducted. Individual reports will be submitted be each tester and will pertain information that is applicable to their tests. All of the penetration tests will then be combined and listed out with the results of all tests. Vulnerabilities will be specifically pointed out as well as information and recommendations on how best to secure those weaknesses.

References:
Beaver, K. and Davis, P. (2014) Obeying the Ten Commandments of Ethical Hacking. Retrieved from http://www.dummies.com/store/product/Hacking-Wireless-Networks-For- Dummies.productCd-0764597302.html
Basse, S. (2008). A Gift of Fire: Social Legal and Ethical Issues for Computing and the Internet. (3rd ed.). Upper Saddle River, NJ: Pearson.
No Author. (2015) NMAP Retrieved from https://nmap.org/
Tenalbe.com. (2015) Nessus: Vulnerability Scanner. Retrieved from http://www.tenable.com/products/nessus-vulnerability-scanner