professional certification courses – Infosavvy Cyber Security & IT Management Trainings

Vulnerable to sniffing

The following protocols are vulnerable to sniffing. The most reason for vulnerable to Sniffing these protocols is to accumulate passwords:

Telnet and Rlogin

Telnet may be a protocol used for communicating with a remote host (via port no. 23) on a network by using a instruction terminal. Rlogin enables an attacker to log into a network machine remotely via TCP connection. The protocols fail to supply encryption; therefore the data traversing between the clients connected through any of those protocols is in plain text and vulnerable to Sniffing, Attackers can sniff keystrokes including usernames and passwords.

HTTP

Due to vulnerabilities within the default version of HTTP, websites implementing HTTP transfer user data across the network in plain text, which the attackers can read to steal user credentials,

SNMP

SNMP may be a TCP/IP based protocol used for exchanging management information between devices connected on a network. The primary version of SNMP (SNMPv1) doesn’t offer strong security, which results in transfer of knowledge in clear text format. Attackers exploit the vulnerabilities during this version so as to accumulate passwords in plain text.

Network News Transfer Protocol (NNTP) distributes, inquires, retrieves, and posts news articles employing a reliable stream-based transmission of news among the ARPA-Internet
NNTP community, the protocol fails to encrypt the data which provides an attacker the chance to sniff sensitive information.

POP

The Post Office Protocol (POP) allows a user’s workstation to access mail from a mailbox server. A user can send mail from the workstation to the mailbox server via the simple Mail Transfer Protocol (SMTP). Attackers can easily sniff the data flowing across a POP network in clear text due to the protocol’s weak security implementations.

FTP

File Transfer Protocol (FTP) enables clients to share files between computers during a network. This protocol fails to supply encryption; so attackers sniff data also as user credentials by running tools like Cain & Abel.

IMAP

Internet Message Access Protocol (IMAP) allows a client to access and manipulate electronic message messages on a server. This protocol offers inadequate security, which allows attackers to get data and user credentials in clear text.

Sniffing within the data link Layer of the OSI Model

The Open Systems Interconnection (OSI) model describes network functions as a series of severs layers. Each layer provides services to the layer above it and receives services from the layer below.

The Data Link layer is that the second layer of the OSI model. During this layer, data packets are encoded and decoded into bits. Sniffers operate at the data Link layer and may capture the packets from the data Link layer. Networking layers within the 051 model are designed to work independently of every other; if a sniffer sniffs data within the data link layer, the upper OSI layer won’t be aware of the vulnerable to Sniffing.

This Blog Article is posted byInfosavvy, 2nd Floor, Sai Niketan, Chandavalkar Road Opp. Gora Gandhi Hotel, Above Jumbo King, beside Speakwell Institute, Borivali West, Mumbai, Maharashtra 400092

visit:- https://www.info-savvy.com/

Information security

Everything You Need To Know About Sniffing – Part 1

January 16, 2020January 21, 2020 info savvy

What is a sniffer in hacking?This section describes network sniffing and threats, how a sniffer works, active and passive sniffing, how an attacker hacks a network using sniffers, protocols susceptible to sniffing, sniffing within the data link layer of the OSI model, hardware protocol analyzers, SPAN ports, wiretapping, and lawful interception.

Network SniffingPacket sniffing may be a process of monitoring and capturing all data packets passing through a given network sniffer by using a software application or a hardware device, Sniffing is simple in hub-based networks, because the traffic on a segment passes through all the hosts related to that segment. However, most networks today work on switches. A switch is a complicated computer networking device.

the main difference between a hub and a switch is that a hub transmits line data to every port on the machine and has no line mapping, whereas a switch looks at the Media Access Control (MAC) address related to each frame passing through it and sends the data to the specified port.

A MAC address may be a hardware address that uniquely identifies each node of a network,An attacker must manipulate the functionality of the switch so as to see all the traffic passing through it.

A packet sniffing program (also known as a Ip sniffer) can capture data packets only from within a given subnet, which suggests that it cannot sniff packets from another network. Often, any laptop can plug into a network and gain access to it. Many enterprises’ switch ports are open.

A packet sniffer placed on a network in promiscuous mode can capture and analyze all of the network traffic. Sniffing programs close up the filter employed by Ethernet network interface cards (NICs) to stop the host machine from seeing other stations’ traffic. Thus, sniffing programs can see everyone’s traffic.Though most networks today employ switch technology, packet sniffing remains useful.

This is often because installing remote sniffing programs on network components with heavy traffic flows like servers and routers is comparatively easy. It allows an attacker to watch and access the whole network traffic from one point. Packet sniffers can capture data packets containing sensitive information like passwords, account information, syslog traffic, router configuration, DNS traffic, Email traffic, web traffic, chat sessions, FTP password, etc. It allows an attacker to read passwords in clear-text, the particular emails, credit card numbers, financial transactions, etc.

It also allows an attacker to smell SMTP, POP, IMAP traffic, POP, IMAP, HTTP Basic, Telnet authentication, SQL database, SMB, NFS, and FTP traffic. An attacker can gain a lot of data by reading captured data packets then use that information to interrupt into the network.An attacker carries out attacks that are simpler by combining these techniques with the active transmission. You can learn more in practical about network sniffing by becoming an EC-Council Certified Ethical Hacker from Infosavvy, Mumbai.

This Blog Article is posted byInfosavvy, 2nd Floor, Sai Niketan, Chandavalkar Road Opp. Gora Gandhi Hotel, Above Jumbo King, beside Speakwell Institute, Borivali West, Mumbai, Maharashtra 400092

visit:- https://www.info-savvy.com/

Information security

Methodology of CEH Hacking

January 4, 2020 info savvy

In preparation for hacking a system, attackers follow a particular methodology. They first obtain information during the foot printing, scanning, and enumeration phases, which they then use to take advantage of the target system.

There are three steps within the CEH Hacking Methodology (CHM):

Gaining Access:- Involves gaining access to low-privileged user accounts by cracking passwords through techniques like brute-forcing, password guessing, and social engineering, then escalating their privileges to administrative levels, to perform a protected operation.

Maintaining Access:- After successfully gaining access to the target system, attackers work to keep up high levels of access to perform malicious activities like executing malicious applications and stealing, hiding, or tampering with sensitive system files.

Clearing Logs:- To maintain future system access, attackers plan to avoid recognition by legitimate system users. to stay undetected, attackers wipe out the entries like their activities within the system log, thus avoiding detection by users. System Hacking Goals The intent of each criminal is to realize a particular goal.

Gaining Access:- In system hacking, the attacker first tries to realize access to a target system using information obtained and loopholes found within the system’s access control mechanism, Once attackers achieve gaining access to the system, they’re liberal to perform malicious activities like stealing sensitive data, implementing a sniffer to capture network traffic, and infecting.

Escalating Privileges:- After gaining access to a system employing a low-privileged normal user account, attackers may then attempt to increase their administrator privileges to perform protected system operations, in order that they will proceed to following level of the system hacking phase: to execute applications. Attackers exploit known system vulnerabilities to escalate user privileges.

Executing Applications:- Once attackers have administrator privileges, they plan to install malicious programs like Trojans, Backdoor, Rootkits, and Key loggers, which grant them remote system access, thereby enabling them to execute malicious codes remotely. Installing Rootkits allows them to realize access at the OS level to perform malicious activities. To take care of access to be used at a later date, they’ll install Backdoor.

Hiding Files:- Attackers use Rootkits and stenography techniques to aim to cover the malicious files they install on the system, and thus their activities.

Covering Tracks:- To remain undetected, it’s important for attackers to erase all evidence of security compromise from the system. To realize this, they could modify or delete logs within the system using certain log-wiping utilities, thus removing all evidence of their presence.

Cracking Passwords
As discussed earlier, CHM involves various steps attackers follow to hack systems. The following section discusses these steps in greater detail. The first step, password cracking, discusses different tools and techniques attackers use to crack password on the target system.

Password Cracking

Password cracking is that the process of recovering passwords from the info transmitted by a computing system or stored in it the aim of password cracking could be to assist a user recover a forgotten or lost password, as a precautions by system administrators to see for easily breakable passwords, or an attacker can use this process to realize unauthorized system access. Flacking often begins with password cracking attempts.
A password may be a key piece of data necessary to access a system. Consequently, most attackers use password cracking techniques to realize unauthorized access.
An attacker may either crack a password manually by guessing it, or use automated tools and techniques like a dictionary or a brute-force method. Most password cracking techniques are successful due to weak or easily guessable passwords.

Uncategorized

Leverage Threat Intelligence for increased Incident Response

November 28, 2019 info savvy

Threat intelligence plays a very important role in incident response method. Intelligence are often integrated into the incident response method, which might facilitate IR groups with needed resources to act against security incidents quickly. It helps in distinctive who/what may well be playacting Associate in Nursing attack, however it operates, what are the campaigns it’s a part of, and wherever else to go looking on the network.

Given below are the phases of step-up concerned within the incident response management:

Phase 1:Pre-planning

IR groups use follow check and situations to check the safety arrange. Strategic· and operational-level threat intelligence are often integrated during this side of incident response in varied ways that. With the utilization of CTI, security analysts will ascertain the answers to the subsequent questions:
• that hacker teams would target the organization and what are the explanations behind it?
• that are the various assets they’re ·targeting?
• What are the assorted capabilities that adversaries possess?
• What are the doable attack scenarios?

Pre-planning phases are often divided into 2 categories:

1. Incident Response

Operational threat intelligence are often employed in IR to develop threat situations. Threat intelligence are often accustomed determine TTPs utilized by Associate in Nursing resister to perform Associate in Nursing attack, which might any be translated into incident answered workflows. Therefore, if the network experiences a same style of attack, then the defenders would have needed tools, workflow, and procedure to safeguard the network.

2. Breach Response

Breach response is comparable to incident response however with only 1 difference; that’s, it manages risks related to the business. an inspiration to deal with business risks is developed by the panel involving CIO, CISO, risk management, PR/crisis management, counsel, and alternative stakeholders. They additionally take choices relating to what the communication would be to regulators, clients, consumers, and also the standard public. Operational and strategic threat intelligence are often integrated in breach response method by respondent the subsequent internal and external justification line of questions:

Internal justification:

• what’s the structure risk that this effort diminishes or provides a company a additional elaborate data on the ·risk?
• What are the assorted manual tasks that this effort helps in automating?
• What t is that the value that this effort reduces?
• What level of resources (labor Associate in Nursingd material) will this want perform an activity successfully?

External justification:

• What are the new tasks the safety team can have once Associate in Nursing implementation of an answer and what are the tasks that are already on the stir list for the team?
• What new data the team will use to figure on the far side what it already possesses?
• what’s the value of this new information?
• what’s the matter that this data is capable of solving?

Phase 2: Event

Operational and plan of action threat intelligence helps in providing context to the alerts
Generated by Associate in Nursing organization’s security mechanisms like SIEM, SOC, or alternative security tools. the kind of data enclosed during this intelligence is loCs like information
addresses,malware,compromised devices, domains, URLs, path, TTPs utilized by adversaries, and phishing messages or email This data are often accustomed verify an occasion that may intensify into a security incident.

Phase 3:Incident

An resister sets a footing within the victim’s network, then an occasion is understood to own escalated into a happening. once a happening has been taken place within the network, Operational threat intelligence are often utilized by the safety analysts to realize additional insight into the techniques, operations, actor’s objectives, and past incidents. Therefore, Operational threat intelligence helps get data regarding the threat mistreatment the threat triangle, which has data relating to threat actor’s capability, intent, and chance.

Phase 4: Breach

I to become essential for a company to report a happening once it escalates into a breach. this sort of situations sometimes takes place once knowledge extraction has occurred that the organization should report it to the stakeholders, clients, customers ,and workers. Therefore, a happening response defines however the organization responds internally, whereas breach response defines however the ·organization responds outwardly.

Strategic and operational threat intelligence plays a very important role within the analysis on a breach. This data helps in providing answers to the subsequent queries :
• What happened?
• however and what was the explanation behind incidence of the breach?
• What are the essential steps that require to be taken to avoid such a breach within the future?

Armed with context on seemingly adversaries we will go to intelligence gathering. This entails learning everything we will regarding doable and sure adversaries, identification probable behaviors, and determination that forms of defenses and controls be to deal with higher-probability attacks. Be realistic regarding what you’ll gather yourself and what intelligence you will got to get. Optimally you’ll devote some resources to gathering Associate in Nursing process intelligence on an current basis supported your organization’s desires, however you may seemingly got to supplement your resources with external knowledge sources.

Tag: professional certification courses

Everything You Need To Know About Sniffing – Part 2