You're devoted to making your network secure. You've applied all the latest patches, updated your virus software, installed an intrusion-detection system, and double-checked the rules on the firewall(s). Nevertheless, you're still dogged by nagging questions. Have you done enough? Do you know all the weaknesses in your network? Are you truly safe from attackers? How can you know?
One way to know the enemy is to think like the enemy. To protect your network from hackers, you must think like one. In other words, you must learn to hack. Of course, hacking is illegal, so you must become part of a new breed called the ethical hacker.
What is ethical hacking?
The term ethical hacking, according to the EC-Council (International Council of Electronic Commerce Consultants), refers to security professionals who apply their hacking skills for defensive purposes. An ethical hacker is someone who attempts to hack a system or network in order to expose vulnerabilities. Ethical hackers work for the particular company they're attempting to hack, providing the company with details of their work.
The EC-Council is an organization specializing in training and certification for e-business consultants. It offers certification in a number of areas related to e-business. The Certified Ethical Hacker is one of the latest additions to its offerings.
How does one become an ethical hacker?
The EC-Council has put together a training course and associated certification for becoming an ethical hacker. The course is titled "Ethical Hacking and Countermeasures" and runs five days. The training consists of instructor-led comprehensive course material combined with hands-on laboratory exercises utilizing a wide assortment of hacking tools. Below is an outline of the topics covered:
- Foot-printing—Foot-printing is the process of gathering information about a machine or company you want to attack.
- Scanning—Scanning is the technique administrators are probably most familiar with. A port scanner is used against a target to determine what TCP and UDP ports are open on a system.
- Enumeration—The process of enumeration takes advantage of weaknesses in protocols, such as NetBIOS, to provide information about a network (e.g., users, groups, shares, and computer names).
- System-hacking—This module examines the techniques used to penetrate a system, such as password cracking, keystroke logging, and privilege escalation.
- Trojans and back doors—This module examines various Trojan and back-door programs, such as Back Orifice, and the methods used to trick users into installing the programs.
- Sniffers—Sniffing involves capturing network traffic using a tool such as Ethereal or NetMonitor. Once the traffic is captured, it can be analyzed for sensitive information such as passwords.
- Denial of Service (DoS)—DoS is one of the most popular types of Web site attacks. This module explains how the attack works and explains countermeasures.
- Social engineering—Social engineering is the process of gathering information from computer users by deceiving them and causing them to give out passwords or other information. There are no software tools to prevent this type of attack. This can be combatted only with user training and education.
- Session-hijacking—Session-hijacking is the process of “stealing” another user's TCP session. Once a legitimate user has established a session, the hacker can take over and "become" that user.
- Hacking Web servers—This module explores the techniques for attacking Web servers. It primarily delves into the vulnerabilities in Internet Information Services (IIS), since it is the most popular target.
- Web application vulnerabilities—This module examines the vulnerabilities in Web-based applications.
- Web-based password-cracking—This module explains the various Web-based authentication schemes and the weaknesses of each.
- SQL injection—This explores the weaknesses of SQL Server and explains the techniques and countermeasures for hacking SQL Server.
- Hacking wireless networks—Wireless network hacking has received much attention over the last several years as wireless networks grow in popularity. This module explains the various techniques and countermeasures involved in securing a wireless network.
- Viruses—This module discusses some of the more popular viruses that have infected systems over the last few years, gives insight into how the viruses operate, and discusses antivirus software.
- Novell and Linux hacking—Although most of the course focuses on weaknesses in the Microsoft OS, this module specifically examines hacking non-Microsoft systems such as Novell and Linux.
- Evading IDS and firewalls—This module examines IDS systems, firewalls, and honeypots, and explains the techniques used in each for protecting a network. It also examines the techniques for evading such systems and the countermeasures.
- Buffer overflows—Probably the most exploited weaknesses in software are buffer overflows. This module explains buffer overflow attacks and countermeasures.
- Cryptography—This module looks at the various methods of data encryption used over the Internet and examines the efforts required to crack them.
As you can see, the course covers a wide range of topics. Each module includes lab exercises utilizing the techniques described. A study guide is also provided with the course material. To become a Certified Ethical Hacker (CEH), you must pass Exam #312-50, "Ethical Hacking and Countermeasures." This is a Web-based, 50-question, multiple-choice exam and can be taken online through Prometric.
The study guide for the ethical hacking course is titled "Hackers Beware: The Ultimate Guide to Network Security" and is published by New Riders. It's not your typical certification study guide; it focuses on learning the techniques and countermeasures, not on what to study to pass the exam.
I took the ethical hacking course in December 2003 and found it to be quite an eye-opening experience. I stay abreast of security bulletins and constantly evaluate the risks to my network. However, I think it's easy to get a little complacent and feel that certain vulnerabilities “won't be exploited on my network.” This course brought home the fact of how easy it is to execute many exploits, especially from inside a network. It gave me a new outlook on security, particularly internal security.
The cost of the course was around $2,500, and it was well worth the price. If you're serious about network security and often wonder if you've really done everything you can, this course may open your eyes. If you can’t attend the training, then pick up the study guide—it's worth the small investment. Alternatively, you can use the principles I've listed in this article as an outline for self-study on security risks that you need to better understand.