Hacking For Dummies
Not all hacking is evil. Ethical hacking reveals security weaknesses or flaws in your computing setups. This Cheat Sheet provides you with quick references to tools and tips, alerts you to commonly hacked targets — information you need to make your ethical hacking efforts easier.
Ethical Hacking Tools You Can't Live Without
As an information security professional, your toolkit is the most critical item you can possess — other than hands-on experience and common sense. Your hacking tools should consist of the following (and make sure you're never on the job without them):
Password cracking software, such as ophcrack and Proactive Password Auditor
Network scanning software, such as Nmap and NetScanTools Pro
Network vulnerability scanning software, such as GFI LanGuard and QualysGuard
Network analyzer software, such as Cain & Abel and OmniPeek
Wireless network analyzer and software, such as Aircrack-ng and CommView for WiFi
File search software, such as FileLocator Pro and Identity Finder
Web application vulnerability scanning software, such as Acunetix Web Vulnerability Scanner and WebInspect
Database security scanning software, such as SQLPing3 and AppDetectivePro
Exploit software, such as Metasploit
Common Security Weaknesses that Hackers Target
Information security professionals should know the common security weaknesses that hackers and malicious users first check for when hacking into computer systems. Security flaws, such as the following, should be on your checklist when you perform your security tests:
Gullible and overly trusting users
Unsecured building and computer room entrances
Discarded documents that have not been shredded and computer disks that have not been destroyed
Network perimeters with little to no firewall protection
Poor, inappropriate, or missing file and share access controls
Web applications with weak authentication mechanisms
Wireless networks running without WPA, or WPA2 enabled
Laptop computers with no drive encryption
Mobile devices with no, or easy to crack, passwords
Weak or no application, database, and operating system passwords
Firewalls, routers, and switches with default or easily guessed passwords
Commonly Hacked Ports
Common ports, such as TCP port 80 (HTTP), may be locked down — but other ports may get overlooked and be vulnerable to hackers. In your security tests, be sure to check these commonly hacked TCP and UDP ports:
TCP port 21 - FTP (File Transfer Protocol)
TCP port 22 – SSH (Secure Shell)
TCP port 23 - telnet
TCP port 25 - SMTP (Simple Mail Transfer Protocol)
TCP and UDP port 53 - DNS (Domain Name System)
TCP port 443 - HTTP (Hypertext Transport Protocol) and HTTPS (HTTP over SSL)
TCP port 110 - POP3 (Post Office Protocol version 3)
TCP and UDP port 135 - Windows RPC
TCP and UDP ports 137–139 - Windows NetBIOS over TCP/IP
TCP port 1433 and UDP port 1434 – Microsoft SQL Server
Tips for Successful Ethical Hacking
Whether you're performing ethical hacking against a customer's systems or your own, you must be prudent and pragmatic to succeed. These tips for ethical hacking can help you succeed as an information security professional:
Set goals and develop a plan before you get started.
Get permission to perform your tests.
Have access to the right tools for the tasks at hand.
Test at a time that's best for the business.
Keep the key players in the loop during your testing.
Understand that it's not possible to detect every security vulnerability on every system.
Study malicious hacker and rogue insider behaviors and tactics. The more you know about how the bad guys work, the better you'll be at testing your systems for security vulnerabilities.
Don't overlook nontechnical security issues; they're often exploited first.
Make sure that all your testing is aboveboard.
Treat other people's confidential information at least as well as you would treat your own.
Bring vulnerabilities you find to the attention of management and implement the appropriate countermeasures as soon as possible.
Don't treat every vulnerability discovered in the same manner. Not all weaknesses are bad. Evaluate the context of the issues found before you declare that the sky is falling.
Show management and customers that security testing is good business and you're the right professional for the job. Ethical hacking is an investment to meet business goals, find what really matters, and comply with the various laws and regulations. Ethical hacking is not about silly hacker games.