Table of Contents
All rights reserved. No part of this book may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopies, recordings or any support without the written permission of the author or editor.
All the techniques shown here are for educational purposes ONLY. They must always be performed in a laboratory and with the explicit consent of the owner of the network or infrastructure. The author of this book assumes no responsibility for improper use of the techniques shown.
Introduction to Ethical Hacking
In this chapter, I will try to explain to you how an ethical hacker works, what are his goals and the working method you should follow to become one.
Although the information appearing in this chapter may seem too theoretical, just keep reading on. What you will learn here will be helpful to you for better understanding some concepts which will be then discussed again later.
The role of ethical hackers has grown considerably in recent years as a result of the growing media coverage of cybersecurity issues.
Besides, the various recent attacks on several companys IT infrastructures has raised the awareness and the fear for such issues.
All these causes led to the formation of a new professional figure with substantial experience in cybersecurity responsible for testing, verifying, and strengthening the security of a specific entity.
With " entity " I am referring to all contexts, and it is not limited to only specific ones. There is no difference whether we talk about a farm company, a pharmaceutical corporation, or a manufacturing company. We all need to protect our IT infrastructure adequately.
Contrary to common belief, you do not need special skills, decades of study, or many years of work experience to become an ethical hacker: with an essential preparation, you can already grasp the main concepts of how to organize your work as an ethical hacker.
PENETRATION TESTING METHOD
I will mention more than once in this chapter, the methodology of penetration testing. You are probably wondering what it means.
We will see this in detail in the next chapters, but for now, you can keep in mind that with penetration testing we are referring to all the procedures necessary to execute a security testing within an entity.
As I mentioned before, it is not important for us to specify if we are working with wines or medicines. The methodology we should follow is always the same. However, the resemblance of this process does not imply a though rigidity. You can still decide to move away from the standard steps of this process.
All is good if what motivates this change is the experience you collected, and the time spent digging into this topic.
Let's spend a few words on what makes ethical hackers "ethical". This word helps us to define better the context and the method used by these professionals.
An ethical hacker acts ethically against those who used the same tools and techniques to behave maliciously . This is the most important difference between ethical and unethical hackers. The former only works when commissioned by a client, who will be the only one informed of all the results achieved and the problems spotted by the ethical hacker.
We should make a further distinction between the role of an ethical hacker and of a security engineer.
The latter focuses more on the protection of network infrastructure and specializes in perimeter security systems (firewalls, IDS, IPS, etc.). The ethical hacker has a vertical specialization in executing penetration tests within a specific context.
In some circumstances, both roles can come in contact and exchange skills.
An ethical hacker never acts on his own, but instead, according to the agreement reached with the client who commissioned his work.
Besides, it is imperative to define the scope of the penetration test, in other words, what are the parts of an IT infrastructure we are allowed to work on and what are the limits we should never cross.
NECESSARY KNOWLEDGE FOR AN ETHICAL HACKER
You might be asking yourself how to become an ethical hacker. You are probably thinking you will have to study from a whole bunch of books. Actually, this is not necessary. Some basic skills are unavoidable, but, once you acquire them, everything will be easier.
First of all, you should be familiar with computer networks. You cannot expect to be able to protect or attack a network if you do not first understand how it works, at least on a fundamental level.
Secondly, you will need to study at least one programming language. I would suggest you start with Python: it is easy to learn and extremely powerful.
You can still opt for other programming languages, like C or Java. Their primary structures are very similar to each other.
These two aspects are indispensable. Without them, you cannot start positioning and fixing all the bricks necessary to build the final work.
Learn at least one programming language and try to understand the basic concepts of computer networks. But don't worry, I'll show them to you in the next few chapters!
POSSIBLE ATTACK SOURCES OF A NETWORK
In how many ways is it possible to attack a system? Many. For now, I will show you some of them, while others will be elaborated in the next chapters.
- ENDPOINTS. I am talking about the PCs of users within a local network. They are often unprotected and seldom correctly updated.
- SMARTPHONEs and TABLETs. If connected to the Wi-Fi of a 'company's network, these devices represent a possible source of attack that should not be underestimated.
- OUTDATED SOFTWARES. It is almost impossible to find updated software on the latest release or patch for each network system or device. The presence of obsolete software in our network often creates serious vulnerability.
- WRONG CONFIGURATION OF NETWORK DEVICES. If not correctly configured, routers, switches, and firewalls which I will explain later expose parts of our network to the outside world. The consequences are easy to imagine.
- INTERNAL THREATS. Think of what can imagine if we connect a USB flash drive with a virus to a PC connected to the Internet.
PHASES OF A NETWORK ATTACK
We are finally getting closer to the most crucial part. First, let me introduce to you the concept of "penetration testing".
A cyber-attack almost always follows a precise process and does not originate from a single action: it is the result of a step-by-step process, the more time we spend on each one of these phases, the more efficient the final work will be.
First of all, you should collect all the information available on the subject you want to attack.
Then you can perform a detailed scanning for possible vulnerabilities.
Once you find a valid one, you can attempt to access that network. That is where the word " penetration " in penetration test comes from.
This is not enough to penetrate it. It is also essential to always keep access valid to access the network whenever we want. In technical jargon, we can say that our session should be persistent.
Finally, but not less important, we should remember to cancel the traces we have left. For example, you can remove the log files that have traced our activity. In this regard, in the next chapters, we will talk more about IPS/IDS .
Here is a short summary of the concepts I have just mentioned:
- Information collection;