The phases of an attack
1. ReconnaissanceInformation gathering, physical and social engineering, locate network range
2. Scanning - EnumeratingLive hosts, access points, accounts and policies, vulnerability assessment
3. Gaining AccessBreech systems, plant malicious code, backdoors
4. Maintaining AccessRootkits, unpatched systems
5. Clearing TracksIDS evasion, log manipulation, decoy traffic
1. Unearth initial informationWhat/ Who is the target?
2. Locate the network rangeWhat is the attack surface?
3. Ascertain active machinesWhat hosts are alive?
4. Open ports / access pointsHow can they be accessed?
5. Detect operating systemsWhat platform are they?
6. Uncover services on portsWhat software can be attacked?
7. Map the networkTie it all together, document, and form a strategy.
Know the OSI model
Application| 7| Service protocols|
Presentation| 6| Data formats|
Session| 5| Authentication, Cryptographic agreements|
Transport| 4| Ports, logical service to service connections| Network| 3| Network to network delivery|
Data Link| 2| Host to host links, contention|
Physical| 1| Media|
Computer fraud and abuse actAddresses hacking activities
18 U.S.C. 1029 Possession of Access Devices
18 U.S.C. 1030 Fraud and Related Activity in Conncetion with Computers
CAN-SPAMDefines legal eMail marketing
SPY-ActProtects vendors monitoring for licence enforcement
DMCA - Digital Milenium Copyright ActProtects intellectual property
SOX - Sarbanes OxleyControls for corporate financial processes GLBA - Gramm-Leech Bliley ActControls use of personal financial data HIPPA - Health Imformation Portability and Protection Act Privacy for medical records
FERPA - Family Educational Rights and Privacy ActProtection for education records
FISMA - Federal Information Security Management ActGovernment networks must have security standards
Formula (256^3 * 192) + (256^2 * 168) + (256^1 * 100) + (256^0 * 125) Simplified (16777216 * 192) + (65536 * 168) + (256 * 100) + 125 Simplified again 3221225472 + 11010048 + 25600 + 125 = Answer 3232261245
1st Octet: 3564308997 / (256^3) = 212 remainder 7539205 3564308997/16777216 = 212 (212*16777216 = (3556769792 – 3564308997) = 7539205 2nd Octet: 7539205 / (256^2) = 115 remainder 2565
3rd Octet: 2565 / (256^1) = 10 remainder 5
4th Octet: 5 / (256^0) = 5 remainder 0
Run it the other way to check: (256^3 * 212) + (256^2 * 115) + (256^1 * 10) + (256^0 * 5) = 3564308997
Cryptography is assumed pre-requisite for this class. Its still a good idea to review some core terminology before the exam.
Terms and Definitions
Plaint TextThe data set before encryption
Cipher TextThe result of encryption
CryptanalysisAttempting to "break" and encryption algorithm CryptographyObscuring the meaning of a message SteganographyHiding a message within another
SaltEnsures different keys are created each time
Initialization VectorChange the characteristics of the key each time it is reused
Types of Cryptography
SymmetricSingle key both encrypts and decrypts
AsymmetricA pair of keys, public and private are mathematically associated One encrypts and the other decrypts, private key is always a secret
One-Way HashCannot be reversed, only brute forced
Used to represent data,
sometimes called "Digital Fingerprint" or "Message Digest".
Symmetric Algorithms Cant verify identity of sender| | | DES| Block| 56 bit key used in LM Hash password storage| 3DESRC4BlowfishAES| BlockStreamStream| 128 bit key used in NTLMUsed in WEP 64bit block, 448 bit key Used in WPA2| Asymmetric Algorithms| | |
RSAElliptic Curve| AsymmetricAsymmetric| Used in SSL/TLSUsed in TLS for portable devices| One-Way Hashes| | |
MD5SHA-1| One Way HashOne Way Hash| 128b hash value, used for...