In this chapter, you learn how to develop a comprehensive network security policy to counter threats against information security. Security Laboratory: Methods of Attack Series. These papers introduce you to the most common attack methods against computer systems and networks and the basic.
- CERTIFICATION. Do you need to see our Exam and Training Schedule? The OPST is a certification of applied knowledge designed to improve the work done as a.
- Ethical Hacking Training, Online Ethical Hacking & Security Courses, Certified Ethical Hacker (CEH) India, Ethical Hacking And Counter Measures Expert, etc. offered.
![Enumeration And Fingerprinting In Ethical Hacking Certification Enumeration And Fingerprinting In Ethical Hacking Certification](http://codecondo.com/wp-content/uploads/2014/09/Ethical-Hacking-and-Penetration-Testing.png?9ddf44)
Process: Scanning and Enumeration. In an environment of global connection and cyber terrorism, the protection of information assets is vital to every private business, public organization, and individuals. In this paper, we will discuss different methods through which we can identify vulnerabilities and how attackers are using those methods against us. Furthermore, techniques to prevent the information loss are also being discussed. Enumeration in Information Security: Enumeration in information security is the process of extracting user names, machine names, network resources, and other services from a system. All the gathered information is used to identify the vulnerabilities or weak points in system security and then tries to exploit it.
Techniques for Enumeration: There are many ways to collect data, such as network users, routing tables and Simple Network Management Protocol (SNMP) information. Let’s discuss the possible ways an attacker might enumerate a target network and what countermeasure can be taken to prevent these. Extract User Names Using Email IDs: Usually, email ID contains two parts; the one is Username, and the other is Domain name. The structure of the email address is “username@domainname.” For instance, xyz@live. ID, then xyz (Character preceding the ‘@’ symbol) is the user name and live. Character proceeding the ‘@’ symbol) is the domain name. Extracting Information Using the Default Passwords: There are many online resources that publish many default passwords assigned by the manufacturer for their products.
Often users forget to change the default passwords that help an attacker to enumerate their data easily. Brute Force Active Directory: Microsoft Active Directory is susceptible to a username enumeration weakness at the time of user- supplied input validation. This is the consequence of a design error in the application. Attacker takes benefits from it and exploits the weakness to enumerate valid usernames. Extract Username Using SNMP: By using SNMP APIs, attackers can guess the strings through which they can extract required username. Extract Information Using DNS Zone Transfer: An Attacker can get valuable topological information about the target’s internal network using DNS zone transfer. Services and Ports to Enumerate: TCP 5.
DNS Zone Transfer: DNS zone transfer relies on TCP 5. UDP 5. 3. The TCP protocol helps to maintain a consistent DNS database between DNS servers.
DNS server always uses TCP protocol for the zone transfer. TCP 1. 37: Net. BIOS Name Service (NBNS): NBNS, also known as Windows Internet Name Service (WINS), maintain a database of the Net.
BIOS names for hosts and the corresponding IP address the host is using. UDP 1. 61: Simple Network Management Protocol (SNMP): You can use the SNMP protocol for various devices and applications including firewall and routers to communicate logging and management information with remote monitoring application. TCP/UDP 3. 89: Lightweight Directory Access Protocol (LDAP): You can use the LDAP Internet protocol, Microsoft Active Directory and as well as some email programs to look up contact information from a server.
TCP 2. 5: Simple Mail Transfer Protocol (SMTP): SMTP allows email to move across the internet and across the local internet. It runs on the connection- oriented service provided by Transmission Control Protocol (TCP) and uses port 2.
Port Scanning: Port Scanning is one of the most popular techniques that attacker uses to discover services, which can exploit the systems. All the systems connected to the LAN or accessing network via a modem which runs services that listen to well- known ports. By using port scanning, we can explore information such as: What services are running, what users own those services, is anonymous login are supported, whether certain network services require authentication and other related details. Port Scanning Techniques: There are various port scanning techniques available.
The well- known tools like Nmap and Nessus have made port scanning process automated. The scanning technique includes: Address Resolution Protocol (ARP) scan: In this technique, a series of ARP broadcast is sent, and the value for the target IP address field is incremented in each broadcast packet to discover active devices on the local network segment. This scan helps us to map out the entire network. Vanilla TCP connect scan: It is the basic scanning technique that uses connect system call of an operating system to open a connection to every port that is available. TCP SYN (Half Open) scan: SYN scanning is a technique that a malicious hacker uses to determine the state of a communications port without establishing a full connection. These scans are called half open because the attacking system doesn’t close the open connections. TCP FIN Scan: This scan can remain undetected through most firewalls, packet filters, and other scan detection programs.
It sends FIN packets to the targeted system and prepares a report for the response it received. TCP Reverse Ident Scan: This scan discovers the username of the owner of any TCP connected process on the targeted system. It helps an attacker to use the ident protocol to discover who owns the process by allowing connection to open ports.
TCP XMAS Scan: It is used to identify listening ports on the targeted system. The scan manipulates the URG, PSH and FIN flags of the TCP header. TCP ACK Scan: It is used to identify active websites that may not respond to standard ICMP pings. The attacker uses this method to determine the port status by acknowledgment received. UDP ICMP Port Scan: This scan is used to find high number ports, especially in Solaris systems. The scan is slow and unreliable. Prevention: Every publicly accessible server is vulnerable to port scans.
There is no certain way to defeat port scan, while we can prevent this. Port scan is a general technique that ethical hackers also uses to determine the security flaws in the system. It depends on the purpose for which this technique is being used. But, the question is, how to prevent attackers to stealing our information? One way to limit the information gained from port scans is to close unnecessary services on the targeted systems. Another way to limit the information given to port scanners is to employ TCP Wrappers, where applicable. Whereas, TCP Wrapper gives flexibility to the administrator to permit or deny access to the services based on IP addresses or domain names.
Additionally, another way to limit the loss of information through port scanning is to utilize Port. Sentry offered by Psionic. Port. Sentry detects connection requests on a number of selected ports. It is customizable and can be configured to ignore a certain number of attempts. The administrator can select what ports Port. Sentry will listen to for connection requests and a number of invalid requests. The administrator will list ports that their system is not supporting.
Port Scanning Tools: There are many port scanners that black hat hackers and ethical hacker use for their purposes. The most popular port scanners are following: Nmap: It is the best- known port scanner that is free and open source utility for network and security auditing. Nmap uses raw IP packets to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) the target machine is running, what type of packet filters/firewalls are in use, and other characteristics. Angry IP Scanner: It is an open- source and cross- platform network scanner also known as IPscan designed to be fast and simple to use. It scans ports, IP addresses and provides many other features as well. It is supported on Linux, Windows, and Mac OS X, and other platforms as well.
Unicorn. Scan: Unicornscan is a new information gathering and correlation engine built for and by members of the security research and testing communities. It was designed to provide an engine that is Scalable, Accurate, Flexible, and Efficient. Unicornscan provides many features that include: Asynchronous stateless TCP scanning with all variations of TCP Flags. Asynchronous stateless TCP banner grabbing.
Asynchronous protocol- specific UDP Scanning (sending enough of a signature to elicit a response). Active and Passive remote OS, application, and component identification by analyzing responses. Relational database output.
Custom module support. Customized data- set views.