Ethical hacking is the methodology that the organization uses to find weakness in their network or system. An organization usually employs or contracts the hacker to perform the ethical hacking activity. Foot printing, scanning and enumeration are the very first steps that the hacker goes through.
This is the first step that the hacker goes through. The hacker simply pulls out the information of the organization using various techniques and tools. So foot printing is also called information gathering. The hacker can possibly find organization domain names, IP addresses, network blocks, its ports, remote access information and so on. Hackers use various techniques in gathering organization’s information. For example, going through the company’s web site is the very first step. In the career tab of the site there can be information about the employee and their skills they are looking for. The skills section can have vital information of the company like which devices they are using which OS they are using etc. The hacker also uses whois lookup to find information about the network and domain name as well. Similarly hacker searches company’s article, news or any other information published that can be helpful. Security personnel can use this information to secure the organization network infrastructure.
After getting some surface knowledge of the network now it’s time to scan the network. Scanning, also called port scanning is a technique used to scan the network devices or system to find the vulnerabilities or open doors than can be used to enter the network or system. However, there are three types of scanning: –
Network Scanning: – This scan is done to actually find the systems that are online. You don’t want to waste your time playing with the system that doesn’t even exist. Ping sweep is a popular method done to find the systems that are running or online.
Port Scanning: – In this scanning different tools are used to identify the services or applications are running on those system. Here, TCP/IP ports are scanned. Nmap is a popular tool just to do this.
Vulnerability Scanning: – Now, to make the attack more specific, automated tools are used to find vulnerabilities. In this scan the operating system and its version number is identified. The hacker use weakness of the OS to penetrate the system.
After information gathering and scanning, now enumeration is done to gather more specific information of devices name, services, and network resources. This is done actively by sending quires to the destination. By using different methods hacker finds the user name so that it can be used in further penetration of the system. Here, any level of user is valuable because even low level user’s privilege can be increased by using DumpSec tool. When you enter into the system with no username or password and session is maintained, then this session is called null session. Hacker is able to enter to the system this way by using NetBIOS null session to obtain the usernames, policies, services and more. Once the usernames are obtained then its privilege is increased by using GetAcct tool which makes the attack more confident.
After knowing these vulnerabilities, you can take several measures to prevent the attack. SNMP service must be disabled or remove SNMP agent. TCP ports 137, 135, 139 and 445 must be blocked to prevent null session attack. Company’s IT information must not be revealed in articles or websites or in recruitment processes. These are some of the countermeasures that need to be taken to prevent these three first steps of hacking. If the first steps are stopped then the system is more likely to be secure than it used to be before.