Computers and Network Tech

Binary

- File permissions for users: r (read), w (write), and x (execute). A 1 represents having the permission, and a 0 removes the permission. Therefore, 111 (rwx) means all permissions apply and 202 (r-x) means the user can read and execute the file but not write to it (the - symbol means the permission isn't granted). 0 0 (off, off) 0 1 (off, on) 10 (on, off) 11 (on, on) - The two switches have four possible occurrences, r 2^x power; x represents the number of switches (bits) available. For the light switches, x = 2. - Half a byte (4 bits) helps with reading # by separating the byte. - Components + High-order nibble: left side + Low-order nibble: right side

CIDR Notation

- IPv4 allows for roughly 4.3 billion unique IP addresses. - Short term fix was CIDR (Classless Inter-Domain Routing), which was developed in 1993 and helped prolog the life of IPv4 by allowing for more efficient IP-assignment space. - CIDR conserves over 65,000 addresses that would have been required under a classful assignment. - To access entities and services on other networks, each computer must also have the IP address of its gateway. Before sending a packet to another computer, the TCP/ IP Internet layer uses the sending computers subnet mask to determine the destination computer's network address.

IPv6

- IPv4 wasn't designed with security in mind, and many current network vulnerabilities are caused by this oversight. - IPv6 was developed to increase the IP address space and provide additional security. Instead of the 4 bytes used in IPv4, IPv6 uses 16 bytes, or a 128-bit address, so 2^128 addresses are available - about 2000 IP addresses for every square foot on the planet. - All newer OS are configured to enable IPv6, but some router-filtering devices, firewalls, and intrusion detection systems (IDS) are not

Skills needed to be a security tester

- Knowledge of network and computer technology - Ability to communicate with management and IT personnel - An understanding of the laws in your location - Ability to apply necessary tools to perform your tasks

What can you do legally?

- Laws involving technology change as rapidly as technology itself - Keep abreast of what's happening in your area - Find out what is legal for you locally - Be aware of what is allowed and what you should not or cannot do - Laws vary from state to state and country to country

Is port scanning legal?

- Some states consider it legal. Not always the case - Be prudent before using penetration-testing tools - Federal government does not see it as a violation. Allows each state to address it separately - Research state laws - Read your ISP's "Acceptable Use Policy" - IRC "bot" - Program that sends automatic responses to users - Gives the appearance of a person being present - Some ISP's may prohibit the use of IRC bots

Octal Number System

- Uses 8 as its base (0-7). - Octal digits can be represented with 3 bits. - Unix permissions - Owner/ group/ other permissions (rwx).

TCP flags

-- Each TCP flag occupies one bit of the TCP segment and can be set of 0 (off) or 1 (on). These are the 6 flags of a TCP segment: 1. SYN flag - the synchronize flag signifies the beginning of a connection and is sent by a host after receiving a SYN-ACK packet. 2. ACK flags - the acknowledgement flag acknowledges a connection and is sent by a host after receiving a SYN-ACK packet. 3. PSH flag - the push flag is used to deliver data directly to an application. Data isn't buffering; it's sent immediately. 4. URG flag - this flag is used to signify urgent data. 5. RST flag - the reset flag resets or drops a connection. 6. FIN flag - signifies that the connection is finished.

Port

A TCP packet has two 16-bit fields containing the source and destination port numbers. Port - is the logical, not physical, component of a TCP connection and can be assigned to a process that requires network connectivity. -- Understanding ports is important so that you know how to stop or disable services not being used by the network. More services you have running on a server, the more ports are open for a potential attack. -- A possible 65,535 TCP and UDP port numbers are available, but the good news is only 1032 are considered well known ports. -- Internet Assigned Numbers Authority (IANA).

Penetration testers usually have...

A laptop computer with multiple OSs and hacking tools.

Hacktivist

A person who hacks computer systems for political or social reasons.

Declaring variable

A variable represents a numeric or string value. In programming you can declare variables at the beginning of a program so that calculations can be carried out without user intervention. A variable might be defined as a character or characters, such as letters of the alphabet, or it can be assigned a numeric value. If the printf( ) function contains values other than a quoted sentence, you need to use conversion specifiers. Conversion specifier - tells the compiler how to convert the value into a function. Programmers use operators to compare values, perform mathematical calculations... Using a compound assignment operator as a sort of shorthand method, you can perform more complex operations with fewer lines of code.

Hackers

Access computer system or network without authorization. -Breaks the law; can go to prison.

ACK

Acknowledgement (ACK) - is a signal that is passed between communicating processes, computers, or devices to signify acknowledgement, or receipt of message, as part of a communications protocol.

Understanding the BLT of Perl

All programming languages must have a way to branch, loop and test. Perl handles these BLT functions. Perls's syntax is much like C syntax.

IPv4

An IPv4 address consists of 4 bytes divided into two components: a network address and a host addressed.

1. application layer

Application layer - applications/ network services/ client software. Transport layer - (TCP/ UDP services) controls the flow of data, sequence packets for reassembly. Data > port numbers. Internet layers - routes IP addresses to route packets to correct destinations network. Network layer - physical bits/ cables/ etc., Security testing doesn't get down to the networks' layer hardware level. However, there are computer attacks that use physical hardware, such as a keylogger.

Pen testing

Attempt to break into a company's network to find the weakest link.

Certification programs

Available in almost every area of network security.

Security test

Besides a break in attempt; includes analyzing company's security policy and procedures (can't make a network impenetrable> report findings to company/ offer solutions).

BLT in C

Branching in C is as easy as placing a function in your program followed by a semicolon. When the program runs, it branches to the prompt ( ) function and then continues branching to the functions listed subsequently. You can develop each function or module one at a time. While loop - it checks whether a condition is true, and then continues looping until the condition becomes false. Do loop - performs an action first then tests to see whether the action should continue to occur. For loop - one of C's most interesting pieces of code. The first part initializes the counter variable to 1 and then the second part tests a condition. It continues looping as long as the counter variable's value is equal or less than 10. The for ( ; ; ) tell the compiler to keep doing what's in the brackets over and over.

Crackers

Break into systems to steal or destroy data. - U.S. Department of Justice calls both hackers.

Learning the c language

C developed by Dennis Ritchie at Bell Labs in 1972. UNIX, first written in assembly language was soon rewritten in C. Not many programmers want to write programs in binary or machine language, so assembly language was developed. It uses a combination of hexadecimal numbers and expressions, such as mov, add and sub.

Certification programs for network security personnel

Certification programs - Available in almost every area of network security. Minimum certification - CompTIA Security+ or equivalent knowledge. Prerequisite for Security+ certification is CompTIA Network+

IP Addressing

Class A - the first byte of a Class A address is reserved for the network address, making the last 3 bytes available to assign to host computers. Because a Class A address has a three-octet host address, Class A networks can support more than 16 million hosts. (For large corporations and governments). Class B - the addresses are divided evenly between a two-octet network address and a two-octet host address, allowing more than 65,000 hosts per Class B network address (Large organizations and ISP). Class C - these addresses have a three-octet network address and a one-octet host address, resulting in more than 2 million Class C address. Each address supports up to 254 hosts. (Small businesses sand home use). -- Subnetting allows a network administrator to divide these networks into smaller segments. Important for both performance and security. Each network must be assigned a subnet mask, which helps distinguish the network address bits from the host address bits.

Minimum certification

CompTIA Security+ or equivalent knowledge. Prerequisite for Security+ certification is CompTIA Network+

Conectionless

Connectionless communication, often referred to as CL-mode communication, transmission method used in packet switching networks in which each data unit is individually addressed and routed based on information carried in each unit, rather than in the setup information of a prearranged, fixed data channel as in connection-oriented communication.

Port 25 (Simple Mail Transfer Protocol)

Email servers listen on this port. If you attempt to send email to a remote user, your workstation connects to port 25 on a mail server.

Base-64 numbering system

Encodes/ transports of binary files sent through e-mail. Uppercase A to Z (0-25) Lowercase a to z (26-51) Numerals 0 to 9 (52-61) + and / symbols (62,63)

Intro to Ethical hacking

Ethical hackers- Hired by companies to perform penetration tests (getting paid by the people to do it). Penetration test- Attempt to break into a company's network to find the weakest link. Vulnerability assessment- Tester attempts to enumerate all vulnerabilities found in an application or on a system. Security test- Besides a break in attempt; includes analyzing company's security policy and procedures (can't make a network impenetrable> report findings to company/ offer solutions).

Ports 20 and 21 (File Transfer Protocol)

FTP is the standard for moving or copying large files and is still used today, although to a lesser extent because of the popularity of HTTP. a. Uses port 20 for data transfer and port 21 for control. b. FTP requires entering a logon name and password and is more secure than Trivial File Transfer Protocol (TFTP).

Understanding HTML basics

HTML is a markup language used mainly for indicating the formatting and layout of web pages, so HTML files don't contain the kind of programming code you see in a C program. Security professionals often need to examine web pages and recognize when something looks suspicious.

Anatomy of a C program

Many C programs use the /* and */ symbols to comment substantial portions of text instead of the // symbols for one-line comments. The #include statement is used to load libraries that hold commands and functions used in the program. #include <stdio.h> statement loads the stdio.h library. Parenthesis in C mean's you're dealing with a function. Must contain a main ( ) function. Inside the main ( ) function, the program calls another function: printf ( ). When a function calls another function, it uses parameters (arguments). The printf ( ) function then displays (prints) the words "hello world!" onscreen, and the \n\n characters add 2 new lines after that.

Mary Ann Davidson

Mary Ann Davidson, Oracle's chief security officer (CSO) speaks all over the world on computer programmer security. Software developers focus on "cool technology" and the latest programming languages. "They don't think like attackers." Grades should be based in part on the "hackability" of code students submit for assignments, and they should be required to use automated tools to find vulnerabilities.

An overview of Ruby

Metasploit contains hundreds of exploits that can be launched on a victim's computer or network, which makes it a useful tool for hackers. Security testers using Metasploit should understand the basics of Ruby and be able to modify Rube code to suit different environment or targets.

Testing conditions in Perl

Most programs must be able to test the value of a variable or condition.

Job requirements for pen testers...

Perform vulnerability, attack, and penetration assessments in Intranet and wireless environments. Perform discovery and scanning for open ports. Apply appropriate exploits to gain access. Participate in activities involving application penetration. Produce reports documenting discoveries. Debrief with the client at the conclusion.

Ethical hacker

Performs most of the same activities with owner's permission.

Protocol

Protocol - computers communicate over the internet. - Responsible for data connectivity. -- Most widely used - Transmission Control Protocol/ Internet Protocol (TCP/ IP).

Programming languages used by experienced penetration testers

Python, Ruby, Practical Extraction and Report Language (Perl), C language.

Script

Set of instructions (Runs in sequence to perform tasks).

Laws of the land

Some hacking tools on your computer might be illegal -- Contact local law enforcement agencies before installing hacking tools Laws are written to protect society -- Written words are open to interpretation Government is getting more serious about cybercrime punishment

Black box model

Staff does not know about the test. Tester is not given details about technologies used. Burden is on tester to find details. Tests security personnel's ability to detect an attack.

Network session hijacking

TCP session hijacking is a security attack on a user session over a protected network.

Conversion specifiers

Tells the compiler how to convert the value into a function.

Vulnerability assessment

Tester attempts to enumerate all vulnerabilities found in an application or on a system.

White box model

Tester is told about network topology and technology. May be given a floor plan. Tester is permitted to interview IT personnel and company employee. Makes tester's job a little easier.

3. Internet Layer

The Internet Layer of the TCP/ IP stack is responsible for routing a packet to a destination address. Routing is done by using a logical address, called the IP address. IP addressing packet delivery is connectionless. IP addressing is covered in more detail later in "IP Addressing."

Loop in Perl

The Perl for loop is identical to the C for loop for (variable assignment; test condition; increment variable) { a task to do over and over }

Understanding the basics of Perl

The perl -h command gives you a list of parameters used with the perl command. If you want to know what print command does, you can use the perldoc -f print which produces the output. You'll have to use the apt-get install perl -doc command to install this feature.

Components of object-oriented programming

The version of Perl you installed has additional functions that can make program calls to the Windows application programming interface (Win API). Programmers should know what functions are available in different OS so that they can write programs that interact with these functions. In object-oriented programming, classes are structures that hold pieces of data and functions. The structure created in this code can contain employee information as well as a function that programs a lookup. A function contained in a class is called a member function. As mentioned, to access a member function, you use the class name followed by 2 colons and the member functions name: Employee : : GetEmp ( )

2. Transport layer

Transport layer - where data is encapsulated into segments. A segment can use TCP or UDP as its method for connecting to and forwarding data to a destination host (or node). TCP - connection-oriented protocol, the sender doesn't send any data to the destination node until the destination node acknowledges that its listening to the sender. A connection is established before data is sent. SYN packet - a query to the receiver. SYN-ACK packet - replies to the SYN packet. ACK - computer a sends an ACK packet to computer b in response to the SYN-ACK. -- For example, if computer a want to send data to computer b, it sends computer b a SYN packet first. A SYN packet is a query to the receiver, much like asking "Hello, computer b. Are you there?" Computer b sends back an acknowledgement called a SYN-ACK packet, which is like replying "yes, I'm here. Go ahead and send." Finally, computer a sends an ACK packet to computer b in response to the SYN-ACK. This process is called a three-way handshake. Three-way handshake - 1. Host A sends a TCP packet with the SYN flag (I.e., a SYN packet) to Host B. 2. After receiving the packet, Host B sends Host A its own SYN packet with an ACK flag (a SYN-ACK packet) set. 3. In response to the SYN-ACK packet from Host B, Host A sends Host B a TCP packet with the ACK flag set (an ACK packet).

Port 443 (Secure Hypertext Transfer Protocol)

Used when you connect to a web server.

Port 80 (Hypertext Transfer Protocol)

Used when you connect to a web server. If security personnel decided to filter out HTTP traffic, almost every user would notice a problem on the network.

Hexadecimal numbering system

Using 16 as its base (0-15). Hex number consists of 2 characters. - Each represents a nibble. - 0-9, A-F. - Hex in binary/ decimal.

Get it in writing

Using a contract is good business -- May be useful in court Books on working as an independent contractor: -- Getting Started as an Independent Computer Consultant by Mitch Paioff and Melanie Mulhall -- The Consulting Bible: Everything You Need to Know to Create and Expand a Seven-Figure Consulting Practice by Alan Weiss Internet can also be a helpful resource -- Free modifiable templates Have an attorney read your contract before signing

Loops

While loop - it checks whether a condition is true, and then continues looping until the condition becomes false. Do loop - performs an action first then tests to see whether the action should continue to occur. For loop - one of C's most interesting pieces of code. The first part initializes the counter variable to 1 and then the second part tests a condition. It continues looping as long as the counter variable's value is equal or less than 10.

Pen testing methodologies

White box model - Tester is told about network topology and technology. May be given a floor plan. Tester is permitted to interview IT personnel and company employee. Makes tester's job a little easier. Black box model - Staff does not know about the test. Tester is not given details about technologies used. Burden is on tester to find details. Tests security personnel's ability to detect an attack. Grey box model- hybrid of the white/black models. Company gives tester partial info.

Creating a webpage with HTML

You can create an HTML web page in notepad and then view it in a web browser. The < and > symbols denote HTML tags which act on the data they enclose.

Script kiddies/ Packet monkeys

Younger, inexperienced hackers who copy codes from knowledgeable hackers.

SYN

a TCP packet sent to another computer requesting that a connection be established between them.

Connection-oriented protocol

a communication session or a semi-permanent connection is established before any useful data can be transferred, and where a stream of data is delivered in the same order as it was sent.

Algorithm

a recipe to make branching, looping and testing (BLT).

TCP/ IP Protocol Stack

a. Application layer - applications/ network services/ client software. b. Transport layer - (TCP/ UDP services) controls the flow of data, sequence packets for reassembly. Data > port numbers. c. Internet layers - routes IP addresses to route packets to correct destinations network. d. Network layer - physical bits/ cables/ etc., -- Security testing doesn't get down to the networks' layer hardware level. However, there are computer attacks that use physical hardware, such as a keylogger.

Looping

act of performing a task over and over.

Pseudocode

an English like language you can use to help create the structure of your program. After writing your pseudocode, you can then begin writing your program in the language of your choosing.

UDP

an alternative communications protocol to Transmission Control Protocol (TCP) used primarily for establishing low-latency and loss-tolerating connections between applications on the internet.

Bug

an error that causes unpredictable results.

TCP flag

are used within TCP packet transfers to indicate a particular connection state or provide additional information.

Testing

conducted on a variable and returns a value of true or false.

User Datagram Protocol (UTP)

fast but unreliable delivery protocol that also operates on the Transport layer. -- Widely use protocol on the internet because of its speed. -- It doesn't need to verify whether the receiver is listening or ready to accept packets.

Grey box model

hybrid of the white/black models. Company gives tester partial info.

Port 53 (Domain Name System)

if a server on your network uses DNS, it's using port 53. Most networks require a DNS server so that users can connect to websites with URLs instead of IP addresses.

TCP/ IP

is a suite of communication protocols used to interconnect network devices on the internet. TCP/IP can also be used as a communications protocol in a private network (an intranet or an extranet).

Class

is an extensible program-code-template for creating objects, providing initial values for state (member variables) and implementations of behavior (member functions or methods).

Assembly language

is any low-level programming language in which there is a very strong correspondence between the instructions in the language and the architecture's machine code instructions.

Port 69 (Trivial File Transfer Protocol)

many network engineers use the TFTP services to transfer router and backup router configurations.

Function

perform the task there, then return to its starting point. It's a mini program within the main program that carries out a task.

Compiler

program that converts a text-based program (source code) into executable or binary code.

SYN-ACK

synchronized acknowledgement.

Branching

takes you from one area of a function to another area.

Port 139 (NetBIOS)

this port is used by Microsoft's NetBIOS Session Service to share resources.

Port 119 (Network News Transfer Protocol)

this port is used to connect to a news server for use with newsgroup.

Port 110 (Post Office Protocol 3)

to retrieve email from a mail server. An enhanced email retrieving protocol, IMAP4 is available. POP3 is still available and most common.

Port 135 (Remote Procedure Call)

used by Microsoft RPC, is critical for the operation of Microsoft Exchange Server as well as Active Directory (Windows 2000 Server and later).

Internet Control Message Protocol (ICMP)

used to send messages related to network operations. -- ICMP makes it possible for network professionals to troubleshooting network connectivity problems (with the ping commands) and track the route a packet traverse from a source IP address to an IP address (with the traceroute command).

The role of security/ pen testers

Hackers - Access computer system or network without authorization. - Breaks the law; can go to prison. Crackers - Break into systems to steal or destroy data. - U.S. Department of Justice calls both hackers. Ethical hacker - Performs most of the same activities with owner's permission. Script kiddies or packet monkeys - Younger, inexperienced hackers who copy codes from knowledgeable hackers. - Programming languages used by experienced penetration testers - Python, Ruby, Practical Extraction and Report Language (Perl), C language. Script - Set of instructions (Runs in sequence to perform tasks). Hacktivist - A person who hacks computer systems for political or social reasons. Penetration testers usually have: A laptop computer with multiple OSs and hacking tools. - Job requirements for a penetration tester might include: Perform vulnerability, attack, and penetration assessments in Intranet and wireless environments. Perform discovery and scanning for open ports. Apply appropriate exploits to gain access. Participate in activities involving application penetration. Produce reports documenting discoveries. Debrief with the client at the conclusion.

TCP Segment Headers

Hackers leverage knowledge of these TCP header components.

Ethical hackers

Hired by companies to perform penetration tests (getting paid by the people to do it).

Port 143 (Internet Message Access Protocol 4)

IMAP4 uses this port to retrieve email.

What you can't do legally

Illegal actions: Accessing a computer without permission Destroying data without permission Copying information without permission Installing viruses that deny users access to network resources Be careful your actions do not prevent client's employees from doing their jobs

Branching in Perl

In a perl program, to go from one function to another, you simply call the function by entering its name in your source code.

Initial sequence number (ISN)

Initial sequence number (ISN) - a 32-bit number that tracks packets received by a node and allows reassembling large packets that have been broken up into smaller packets. -- In steps 1-2 of the three-way handshake, an ISN is sent. The ISN from the sending node is sent with the SYN packet, and the ISN from the receiving node is sent back to the sending node with the SYN-ACK packet. An ISN can be quite a substantial number because 2^32 allows a range of numbers from 0 - 4 billion.

ISN

Initial sequence number (ISN) - refers to the unique 32-bit sequence number assigned to each new connection on a Transmission Control Protocol (TCP)-based data communication. It helps with the allocation of a sequence number that does not conflict with other data bytes transmitted over a TCP connection.

IANA

Internet Assigned Numbers Authority (IANA) - The main functions of IANA include global IP address and Autonomous System number allocation, Domain Name Service (DNS root zone management and coordinating other Internet protocol assignments.

ICMP

Internet Control Message Protocol (ICMP) - The Internet Control Message Protocol is an internet layer protocol used by network devices to diagnose network communication issues. ICMP is mainly used to determine whether data is reaching its intended destination in a timely manner.

Documentation

It's important to document your work. Add comments to the code that explain what you're doing. This not only makes your program easier for someone else to modify; it also helps you remember what you're thinking when you wrote the program. Software engineering companies don't retain programmers who don't document their work because they know that 80% of the cost of software projects is maintenance. An average of 10 bugs for every 1000 lines of code is the industry standard.