...SUBDOMAIN 426.4 - HACKING Competencies: 426.4.2: Preattack Planning - The graduate evaluates techniques used in footprinting and implements industry best practices to protect against this type of information asset vulnerability. 426.4.3: System Hacking - The graduate evaluates various network system hacking counter-techniques. 426.4.5: Hacking Web Servers - The graduate identifies known web server vulnerabilities and demonstrates industry best practices to protect against this type of threat. 426.4.6: Web Application Vulnerabilities - The graduate identifies common web application vulnerabilities and uses industry best practices to protect against this type of threat. Introduction: Maintaining a proactive approach on security requires that an organization perform its own hacking footprinting to see how much information is available to potential hackers. Some organizations do this using internal staff; however, it is much more common to see organizations hire external security consultants to perform these types of security reviews. This allows a truly unbiased outsider to attempt to gather as much information as possible to formulate an attack. Assume that you have been selected as the security consultant to perform a comprehensive security review for an organization of your choosing. Ensure that the organization that you select has a public website that you can access and at least one web application that you can use for this task. You will review the security...
Words: 1868 - Pages: 8
...Worksheet Data Gathering and Footprinting on a Targeted Web Site Student Name: ___Westley Mixon________________________________________________ Lab Due Date: __________January 28, 2015________________________________________ Overview The first phase of hacking is the footprinting phase, which is designed to passively gain information about a target. In this lab, you performed technical research against three Web domains using Internet search tools. You collected public domain information about an organization using the Google search engine to uncover information available on the Internet. Finally, you recorded the information you uncovered in a research paper, describing how this information can make an organization vulnerable to hackers. Lab Assessment Questions & Answers 1 What information can you obtain by using the WHOIS tool contained within Sam Spade? Domain owner, including contact names, numbers, addresses, and the names of associated servers. 2 Besides the WHOIS utility covered in this lab, what other functions did you discover are possible with the Sam Spade utility? That you can Ping, nslookup, Whois, IP Block, Dig, Traceroute, Finger SMTP Verify, Time, Blacklist, and Abuse Lookup. 3 What is the purpose of the tracert command? What useful information does the trace route tool provide? How can this information be used to attack the targeted website? It identify the network path that must be followed to reach one system from another. It provides...
Words: 521 - Pages: 3
...university’s computers. So, interested students are encouraged to do this section on their own computers (if available). You will not be assessed for utilities/commands that cannot be practised on university computers. 1. (Review Question 1 – Chapter 2) Why is information security a management problem? What can management do that technology cannot? 2. (Review Question 2 – Chapter 2) Why is data the most important asset an organization possesses? What other assets in the organization require protection? 3. (Review Question 3 – Chapter 2) Which management groups are responsible for implementing information security to protect the organizations ability to function? 4. (Review Question 5 – Chapter 2) What is information extortion? Describe how such an attack can cause losses, using an example not found in the text. 5. (Review Question 6 – Chapter 2) Why do employees constitute one of the greatest threats to information security? 6. (Review Question 7 – Chapter 2) What measures can individuals take to protect against shoulder surfing? 1 7. (Review Question 9 – Chaptewr...
Words: 3431 - Pages: 14
...38 LAB #3 | Perform Data Gathering and Footprinting on a Targeted Website LAB #3 – ASSESSMENT WORKSHEET Perform Data Gathering and Footprinting on a Targeted Website Course Name and Number: Student Name: Instructor Name: Lab Due Date: Overview In this lab, you targeted an organization with an e-commerce website and performed data gathering and footprinting for that site. You collected public domain information about an organization’s website by making use of Google hacking techniques, downloading the Sam Spade reconnaissance-gathering tool, and using nslookup and tracert, similar DOS command tools packaged with Microsoft® Windows. You also researched public domain sites such as IANA’s WHOIS tool to obtain public domain information about the targeted website. Finally, you performed Google hacking research on the targeted organization’s e-commerce website to identify other shared information. Lab Assessment Questions & Answers 1. Which reconnaissance tool comes with Microsoft® Windows that can provide reconnaissance-gathering data and can be initiated from the DOS command prompt? What useful information does this query provide? name and the IP address associated with the source you are targeting. 2. What is the difference between ARIN, RIPE, and IANA? What regions of the world do these domain name registry organizations cover? The internet assigned numbers authority (IANA) delegates internet resources to the regional internet registries which are...
Words: 918 - Pages: 4
... firewalls, and switches. An attacker may exploit poorly configured network devices. Common vulnerabilities include weak default installation settings, wide open access controls, and devices lacking the latest security patches. Top network level threats include: •Information gathering •Sniffing •Spoofing •Session hijacking •Denial of service Information Gathering Network devices can be discovered and profiled in much the same way as other types of systems. Attackers usually start with port scanning. After they identify open ports, they use banner grabbing and enumeration to detect device types and to determine operating system and application versions. Armed with this information, an attacker can attack known vulnerabilities that may not be updated with security patches. Countermeasures to prevent information gathering include: •Configure routers to restrict their responses to footprinting requests. •Configure operating systems that host network software (for example, software firewalls) to prevent footprinting by disabling unused protocols and unnecessary ports. Sniffing or eavesdropping is the act of monitoring traffic on the network for data such as plaintext passwords or configuration information. With a simple packet sniffer, an attacker can easily read all plaintext traffic. Also, attackers can crack packets encrypted by lightweight hashing algorithms and can decipher the payload that you considered to be safe. The sniffing of packets requires a packet sniffer...
Words: 650 - Pages: 3
...Mid-term Exam Unit 1 Questions: 1. Explain the Morris Worm and its significance. It is considered to be the first Internet Worm. It was designed to count the number of systems connected to the Internet, however due to a flaw the worm replicated quickly and caused widespread slowdown across the globe. 2. Explain what____ hackers are. White-Hat- Those that know how hacking works but use skills for good Black-Hat – Those that through actions or stated intent, indicated that their hacking is designed to break the law, disrupt systems or businesses, or generate an illegal return Grey-Hat – Rehabilitated hackers or those that once were on the (black-hat) dark side but are now reformed, not all people will trust a grey-hat hacker 3. What is ECPA and what does it regulate? The Electronic Communications Privacy Act it prohibits eavesdropping or the interception of message contents without distinguishing between private or public systems 4. What is SOX and what does it regulate? It is the Sarbanes-Oxley Act and it generates laws that affect public corporations financial reporting. Under SOX corps must certify the accuracy and integrity of financial reporting and accounting 5. What is the main motivation for hackers today and what was the previous motivation for earlier generations of hackers? Today’s hackers are motivated by greed or money some for status/terrorism/revenge and some for fun. Early hackers were in it for the curiosity. However also today...
Words: 3888 - Pages: 16
...failures in the systems. 3. A network-based IDPS monitors traffic, and host-based IDPS stays on a particular computer or server and monitors that system. 4. Signature-based IDPS examine data traffic for patterns that match signatures, and behavior-based IDPS collect data from normal traffic and establish a baseline. 5. A switched-port analysis port is a data port on a switched device that copies all designated traffic from the switch device so the traffic can be stored and analyzed for IDPS. 6. In the Centralized control strategy all IDPS control functions are implemented and managed in a central location. Fully-Distributed is the opposite of Centralized, and in this strategy each monitoring site uses its own paired sensors to perform its own control functions to complete necessary detection, reaction, and response functions. 7. Honeypots are decoy systems designed to lure potential attackers away from critical systems. When more than one honeypot is connected to a number of honey pot systems on a subnet it’s called a honeynet. 8. A padded-cell is a tougher honeypot, when its detected attackers it smoothly sends them to a special stimulated environment where they can no longer cause harm. 9. Network footprinting is the organized research of the internet addresses owned or controlled by a target organization. 10. Network fingerprinting is a survey of all the target organization’s internet addresses that are collected during footprinting. 11. Fingerprinting...
Words: 541 - Pages: 3
...In 2006, a small business was created to provide customers with a close to real-time analysis of their stock portfolios. After months of doing business, several IT Administrators began to notice subtle changes in the corporate network. Shortly after that, the CEO began calling high-level meetings, especially with marketing and finance, to determine why the company’s profits for the last five months (July to December) began to take a downward spiral. Though it seemed that all operations and processes remained unchanged it seemed that the number of new customers registering through their customer portal had dropped drastically over the past last five months. The company has noticed anomalous traffic on port 80 of the Web Server on the DMZ. The edge router’s logs showed that the traffic started six months ago and ended five months later. They noticed five months ago that traffic from the Web servers to the internal application servers decreased each day, although the inbound requests on port 80 remained about the same. Over the last four months, Web server logs contained many http “Post” statements followed by the Website address of one the company’s main competitors. All of the post statements seemed to appear in the logs after new users would click “submit” to register. Based on the information that has been provided it seems that a competitor has been able to compromise the company’s network. This has allowed them to reroute network traffic from users that are attempting to register...
Words: 1289 - Pages: 6
...http://www.ipass4sure.com 312-50 ECCouncil Certified Ethical Hacker http://www.ipass4sure.com/exams.asp?examcode=312-50 The 312-50 practice exam is written and formatted by Certified Senior IT Professionals working in today's prospering companies and data centers all over the world! The 312-50 Practice Test covers all the exam topics and objectives and will prepare you for success quickly and efficiently. The 312-50 exam is very challenging, but with our 312-50 questions and answers practice exam, you can feel confident in obtaining your success on the 312-50 exam on your FIRST TRY! ECCouncil 312-50 Exam Features - Detailed questions and answers for 312-50 exam - Try a demo before buying any ECCouncil exam - 312-50 questions and answers, updated regularly - Verified 312-50 answers by Experts and bear almost 100% accuracy - 312-50 tested and verified before publishing - 312-50 exam questions with exhibits - 312-50 same questions as real exam with multiple choice options Acquiring ECCouncil certifications are becoming a huge task in the field of I.T. More over these exams like 312-50 exam are now continuously updating and accepting this challenge is itself a task. This 312-50 test is an important part of ECCouncil certifications. We have the resources to prepare you for this. The 312-50 exam is essential and core part of ECCouncil certifications and once you clear the exam you will be able to solve the real life problems yourself.Want to take advantage of the Real 312-50...
Words: 1963 - Pages: 8
...EC-Council CEH v7 Course Outline Course Description This class will immerse the students into an interactive environment where they will be shown how to scan, test, hack and secure their own systems. The lab intensive environment gives each student in-depth knowledge and practical experience with the current essential security systems. Students will begin by understanding how perimeter defenses work and then be lead into scanning and attacking their own networks, no real network is harmed. Students then learn how intruders escalate privileges and what steps can be taken to secure a system. Students will also learn about Intrusion Detection, Policy Creation, Social Engineering, DDoS Attacks, Buffer Overflows and Virus Creation. When a student leaves this intensive 5 day class they will have hands on understanding and experience in Ethical Hacking. This course prepares you for EC-Council Certified Ethical Hacker exam 312-50 Who Should Attend This course will significantly benefit security officers, auditors, security professionals, site administrators, and anyone who is concerned about the integrity of the network infrastructure. Duration 5 days (9:00 – 5:00) Certification The Certified Ethical Hacker exam 312-50 may be taken on the last day of the training (optional). Students need to pass the online Prometric exam to receive CEH certification. Page 2 EC-Council Legal Agreement Ethical Hacking and Countermeasures course mission is to educate...
Words: 458 - Pages: 2
...Netware Servers using a dictionary attack? A. NPWCrack B. NWPCrack C. NovCrack D. CrackNov E. GetCrack Answer: B Explanation: NWPCrack is the software tool used to crack single accounts on Netware servers. Question: 2 How can you determine if an LM hash you extracted contains a password that is less than 8 characters long? A. There is no way to tell because a hash cannot be reversed B. The right most portion of the hash is always the same C. The hash always starts with AB923D D. The left most portion of the hash is always the same E. A portion of the hash will be all 0's Answer: B Explanation: When loosheets at an extracted LM hash, you will sometimes observe that the right most portion is always the same. This is padding that has been added to a password that is less than 8 characters long. Question: 3 Several of your co-workers are having a discussion over the etc/passwd file. They are at odds over what types of encryption are used to secure Linux passwords.(Choose all that apply). A. Linux passwords can be encrypted with MD5 B. Linux passwords can be encrypted with SHA C. Linux passwords can be encrypted with DES D. Linux passwords can be encrypted with Blowfish E. Linux passwords are encrypted with asymmetric algrothims Answer: A, C D Explanation: Linux passwords can be encrypted with several types of hashing algorithms. These include SHQ, MD5, and Blowfish. Question: 4 What are the two basic types of attacks?(Choose two. A. DoS B. Passive ...
Words: 2821 - Pages: 12
...(PBX) system to infiltrate the internal network in order to abuse computing resources. a. War driving b. Line dialing c. PBX driving d. War dialing View Feedback Question 2 1 / 1 point __________ cryptography is the most common method on the Internet for authenticating a message sender or encrypting a message. a. Symmetric b. Hash-based c. Private-key d. Public-key View Feedback Question 3 1 / 1 point __________ is a lightweight Knoppix version cut to 50 MB for a business-card-sized CD. a. Gnoppix b. GeeXboX c. Morphix d. Damn Small Linux View Feedback Question 4 1 / 1 point The __________ utility tests the integrity of an ODBC data source. a. odbcping b. ASPRunner c. FlexTracer d. DbEncrypt View Feedback Question 5 1 / 1 point In the TCP/IP stack, the __________ layer is where applications and protocols, such as HTTP and Telnet, operate. a. Internet b. network c. transport d. application View Feedback Question 6 1 / 1 point Attackers can use a simple test to find out if an application is vulnerable to an OLE DB error. They can fill in the username and password fields with __________. a. a pound sign b. two dashes c. a single quotation mark d. double quotes View Feedback Question 7 1 / 1 point __________ allow attackers to pass malicious code to different systems via a web application. a. SQL injection attacks ...
Words: 4865 - Pages: 20
...University of Phoenix Alejandro Granados Keeping the Hacker Out CMGT / 440 Oct/3/2011 Keeping the Hacker Out Knowledge is the best way to keep systems secure. According to an article on Security News Week Magazine, knowing what methods the hackers use to attack is the best weapon a CEO can use to protect its company data. And whether or not he can prevent an attack knowing a Hacker “know how” Is the best way to identify future potential treats to a company’s network. According to Terry Cutler in an article posted on Security Week magazine . People responsible of company network are familiar with web defacing and executive spear phishing They have become aware that hackers are waiting and gathering information and concealing themselves Also known as footprinting. When hackers attack it doesn’t just cost millions to a company but also earned reputations can be compromised or destroyed. SIEM or Security Information and Event Management software are necessary automation tools for a company network security, That determine the severity of treats . SIEM is capable of detecting suspicious employee activity which is extremely important. Let’s say a swipe card system identifies an employee entering the company office after business hours in Montreal, then it identifies the same employee entering another company facility 20 miles away. If each entrance occurs within a space of 20 minutes, something is off because it is impossible for one person to travel 20 miles...
Words: 629 - Pages: 3
...1. What common security system is an IDPS most like? In what ways are these systems similar? P293 IDPS (Intrusion Detection/Prevention Systems) are most like a burglary alarm or other type of situation where one is alerted of an attack. Burglar alarms and IDPS are similar in that they both use any means possible to alert ‘you’; such as noise and lights, silent (via email or pager alert). 2. How does a false positive alarm differ from a false negative one? From a security perspective, which is least desirable? P294 A false negative alarm fails to react to an attack event where a false positive reacts when there is no threat. In my opinion, I would say a false positive is least desirable because the admins or those in charge of following the IDPS ‘lead’ becomes lackadaisical in performance because they begin to ignore the TRUE attacks. 3....
Words: 1428 - Pages: 6
... Computer Memory Hacking RAM hacking can be described as a form of hacking that makes it hard for a computer system to process encrypted data. In such a scenario of hacking, all the data that is stored in the attacked computer's RAM is left completely vulnerable for manipulation by unauthorized access in its processing stages. In order to prevent RAM hacking, all the data that needs to be processes and already in the computer's RAM must be entirely encrypted (Philipp et al., 2010, p. 35). There are several tools that hackers can use when RAM hacking, which include several programs and utilities. The most common tools of RAM hacking is Nmap and Metasploit. Nmap, also referred to as the swiss army knife of RAM hacking or any other hacking, is one of the best effective port scanner tool numerous functions. In its hacking, Nmap is used in a footprinting phase to scan the ports of the remote computer, where it finds out which ports are open in order to compromise their access. Metasploit, on the other hand, is also an effective tool in RAM hacking as it commands a large database of exploits. In addition, it offers thousands of exploits codes that are useful on attacking web servers and computers (Levy, 2010, p.28). This is a hacking tool that hacks not only the RAM, but the almost entire part of a computer. Hackers always attack and succeed where they see weaknesses. In this case, there are various practices that can be used as precautionary measures...
Words: 628 - Pages: 3
