StudentShare
Contact Us
Sign In / Sign Up for FREE
Search
Go to advanced search...
Free

Penetration Testing and Advanced Hacking Techniques - Case Study Example

Cite this document
Summary
The paper “Penetration Testing and Advanced Hacking Techniques” provides a description of the most popular Hacking Techniques (Distributed Denial of Service Attacks, Session Hijacking, SQL Injection, Hacking a Web Server and etc.) and gives the possible countermeasures to resist them…
Download full paper File format: .doc, available for editing
GRAB THE BEST PAPER98.8% of users find it useful
Penetration Testing and Advanced Hacking Techniques
Read Text Preview

Extract of sample "Penetration Testing and Advanced Hacking Techniques"

PENETRATION TESTING AND ADVANCED HACKING TECHNIQUES Penetration Testing and Advanced Hacking Techniques Affiliation Table of Contents Table of Contents 2 Countermeasures 3 Countermeasures 4 Countermeasures 5 Countermeasures 7 Countermeasures 7 Countermeasures 9 References 10 Distributed Denial of Service Attacks Basically, a DOS (denial of service) attack is one of the most critical security threats in which an organization or individual is unable to access services that should be accessible in normal conditions. Additionally, a distributed denial of service (DDOS) attack is a kind of DOS attack in which a large number of hacked computers (also known as a botnet) are used to attack a single target (an individual or an organization) (Rouse, 2007). In DDOS attack, a large number of computers take part to launch a strong attack against a victim. However, the systems that take part in this attack are also the victims of this attack since they have already been infected through a virus or a Trojan. In this scenario, in a DDoS attack, a target is attacked through a heavy data traffic flooding the target coming from a large number of different locations and systems. In fact, sometimes these attacks are launched using thousands of compromised computer systems. As a result, it becomes almost impossible for the system administrator to avoid the attack by not allowing a single system. In addition, as a result of this attack a system administrator cannot differentiate between attack traffic and authentic user traffic because of a large number of points of origin. Countermeasures There are many countermeasures that can be adopted by a system administrator to deal with this attack. A system administrator can apply a variety of restrictions on the amount of traffic that can be processed by their server. However, it also makes difficult for system administrator to differentiate between legal and illegal traffic. Additionally, the system administrator can also filter the traffic if they can identify the source of the attacks. In addition, a variety of other techniques can also be applied such as the use of intrusion detection systems, firewalls, and so on (Webopedia, 2014; Strickland, 2014). Session Hijacking Session hijacking is also a very common security threats in which an attacker takes control over the session of a Web user by secretly attaining the session ID and using their ID to demonstrate themselves as an owner of that ID. The basic purpose of this attack is to access a legal account illegally and making use of this account to carry out illegal activities. For instance, once an attacker is able to access an account illegal, he can use this account to conduct different acts such as using the network services, copying or destroying data and a wide variety of other tasks. Basically, an attacker gets this session ID from URL (universal resource locator) in which a cookie stores this session ID. Whenever a communication procedure is launched between a client and a server, an authentication process is established and an attacker takes advantage of this process by interfering online. In addition, this kind of attack can be detected or undetected depending on the nature and strength of the attack and the knowledge of the user. However, when a user feels that a web site is not responding in a normal way in response of a user’s input or not working, it can be due to session hijacking (Rouse, session hijacking (TCP session hijacking), 2006). Countermeasures Basically, in this attack, an attacker makes use of cookies so first of all there is need for protecting system cookies and setting their values as unpredictable. In addition, various other steps can also be taken such as distributing session cookies through SSL, setting the HTTP characteristic of the session cookie to accurate, making it uncomplicated to finish sessions, and restricting the path and domain as much as conceivable. Additionally, system administrators should put considerable effort to secure cookies (Gooch, 2013). SQL Injection SQL Injection is one of the most critical web based security attacks in which an attacker exposes a database connected with a web application by sending a SQL command to a web application. Additionally, in a SQL Injection attack a web application makes use of the user input without applying appropriate encoding or validation mechanism on a database query or command. In fact, this input is transferred to the SQL interpreter as an SQL query without any validation. By launching this attack, an attacker attempts to get access to the database that is connected to a web application. In this scenario, the basic objective of an attacker is to get access to a database in which significant data is stored regarding the customer or an organization. This attack allows an attacker to build, update, copy, read, modify, or remove data stored in the database. The majority of SQL Injection attacks are launched to access private data like that credit card number, social security numbers or other monetary data. Moreover, an attacker uses high level mechanism to transfer user input to the SQL interpreter and force it to complete illegal actions (DuPaul, 2014). Countermeasures There are many ways to deal with a SQL Injection attack. This attack can be avoided by implementing appropriate input validation procedures. For instance, user’s input should be validated in contrast to predefined type, rules for length and syntax as well as against business scenarios. Additionally, access to a database should be privileged and it should be strictly monitored. In addition, a database user should be assigned to a particular web application as well as they should not be able to access other applications. Moreover, all the stored procedures that are not occupied should be removed (DuPaul, 2014). Hacking a Web Server When a web server is hacked it does not remain under the control of an owner and hacker has a complete or partial control over the server. As a result, a hacker can have partial or complete control over server in order to make use of it for carrying out illegal activities. Normally, a hacker hacks a web server for carrying out a wide variety of illegal activities such as (Media Temple, Inc., 2014): A hacker can use hacked server to launch attacks against other systems. In this scenario, a hacker uses server’s CPU, bandwidth, memory and other resources. A hacker can hack a server to send a large number of spam emails to others using the details of hacked server. A hacker can use this server to install a phishing website in an attempt to get access to private data. Normally, there are two ways that can be used by a hacker for hacking a server (Media Temple, Inc., 2014): One of the basic causes of a server being hacked can be misplacement of the password. In this scenario, a hacker may access the server by guessing or stealing a password of a user who uses the server. In other case a hacker gains access to a server by detecting and exploiting a security hole in various applications like that Joomla, WordPress or Drupal. Countermeasures In order to avoid such attacks, the users must set strong password that are difficult to guess. They should use a mixture of alphabets and special characters such as @, # or %. In addition, whenever a user needs to use a service they must make sure that their connection is secure through a proper security mechanism. Moreover, system administrators must backup their data on a regular basis (Media Temple, Inc., 2014). Hacking a wireless network Basically, a wireless network uses wireless channel for the communication instead of wired channel and it operates through a number of access points. As a result, these communications can face a wide variety of security attacks. A wireless network can be hacked through a wide variety of security attacks. For instance, a hacker can launch a DOS attack against a wireless network by forcing APs (access points) to disclose their services set identifiers (SSIDs) during the network connection and communication. In this scenario, a hacker factually blocks the radio frequency (RF) signal of an access point and force the users to connect to a fake access point. In fact, a wireless network can be hacked through a number of ways. The basic objective of hacking is to get access to a network and make illegal use of its resources. In addition, this hacking also allows a hacker to access some of the critical information associated with a business and customers (Beaver, 2014). Countermeasures In view of the fact that a hacker can launch a variety of hacking attacks against a wireless network, hence there is not a specific way to deal with these multidimensional security attacks. However, users can adopt a mixture of security countermeasures in order to deal with these attacks (Beaver, 2014): First of all, the network users must make sure that their passwords are secure and no one can have access to their passwords. They should regularly switch off their service set identifiers A virtual private network can be established to secure a wireless network The firm should implement an effective encryption technique to secure traffic flowing through the network (Beaver, 2014). Hacking a Mobile Platform Since the beginning of mobile application platforms they have been a source of attraction for the hackers. In fact, the security is believed to be a critical aspect of mobile platforms. Unluckily, at the present there are a large number of hackers who want to hack and break mobile platform security in an attempt to get hold of valuable secret data. In fact, it is even impossible to make mobile platforms un-hackable for the hackers. In view of the fact that the mobile platforms are based on the wireless networks so they use the similar communication mechanisms. In this scenario, a large number of hacking attacks appear in the similar fashion. For instance, these networks also go through under DOS and Man-In-Middle attacks. The purpose of these attacks similar to wireless security attacks. A hacker wants to get access to a mobile platform in order to make illegal use of this network or steal personal data and information stored on the network. In addition, the majority of mobile platforms experience more than 50% attacks due to third party apps (DuPaul, Android Hacking, 2014). Countermeasures Some of the countermeasures for mobile platforms are similar to wireless networks. For instance, the mobile communications can also be encrypted to secure them from the hackers. Without a doubt, users send their usernames and passwords through the wireless medium, so the use of encryption can secure their personal information. In addition, effective testing should be performed on third party apps before they are being used. Moreover, the communications should be limited to only known users and the users should not communicate with unknown source (DuPaul, Android Hacking, 2014). References Beaver, K. (2014). Countermeasures for Wireless Network Hack Attacks. Retrieved from http://www.dummies.com/how-to/content/countermeasures-for-wireless-network-hack-attacks.html DuPaul, N. (2014). Android Hacking. Retrieved from http://www.veracode.com/products/mobile-application-security/android-hacking DuPaul, N. (2014). SQL Injection Tutorial: Learn About Injection Attacks, Vulnerabilities and How to Prevent SQL Injections. Retrieved from http://www.veracode.com/security/sql-injection Gooch, A. (2013, March 01). Help Prevent Session Hijacking. Retrieved from http://blog.8thlight.com/adam-gooch/2013/03/01/help-prevent-session-hijacking.html Media Temple, Inc. (2014). Working with a hacked or compromised server. Retrieved from http://kb.mediatemple.net/questions/1577/Working+with+a+hacked+or+compromised+server#gs Rouse, M. (2006, September). session hijacking (TCP session hijacking). Retrieved from TechTarget.com: http://searchsoftwarequality.techtarget.com/definition/session-hijacking Rouse, M. (2007, October). denial of service (DoS). Retrieved from TechTarget.com: http://searchsoftwarequality.techtarget.com/definition/denial-of-service Strickland, J. (2014). How Zombie Computers Work. Retrieved from HowStuffWorks.com: http://computer.howstuffworks.com/zombie-computer3.htm Webopedia. (2014). DDoS attack - Distributed Denial of Service. Retrieved from http://www.webopedia.com/TERM/D/DDoS_attack.html Read More
Cite this document
  • APA
  • MLA
  • CHICAGO
(Penetration Testing and Advanced Hacking Techniques Case Study Example | Topics and Well Written Essays - 1750 words, n.d.)
Penetration Testing and Advanced Hacking Techniques Case Study Example | Topics and Well Written Essays - 1750 words. https://studentshare.org/information-technology/1831306-penetration-testing-and-advanced-hacking-techniques
(Penetration Testing and Advanced Hacking Techniques Case Study Example | Topics and Well Written Essays - 1750 Words)
Penetration Testing and Advanced Hacking Techniques Case Study Example | Topics and Well Written Essays - 1750 Words. https://studentshare.org/information-technology/1831306-penetration-testing-and-advanced-hacking-techniques.
“Penetration Testing and Advanced Hacking Techniques Case Study Example | Topics and Well Written Essays - 1750 Words”. https://studentshare.org/information-technology/1831306-penetration-testing-and-advanced-hacking-techniques.
  • Cited: 0 times

CHECK THESE SAMPLES OF Penetration Testing and Advanced Hacking Techniques

Intrusion Prevention

Individuals can learn the basic concepts and technicalities of hacking from various resources but they cannot develop their own techniques nor can they have experience of all the techniques available.... Only a genuine hacker has these capabilities and he/she uses various techniques together or in isolation for hacking purposes.... When the term hacker came into existence and the way media portrayed a hacker's image, many individuals who thought that the media's definition of hacking is cool and trendy, started using their abilities in illegal ways....
3 Pages (750 words) Essay

Methods of Identifying and Preventing SQL Attacks

Therefore, this makes the system have the ability to detect attacks effectively, though there are basic demerits of learning based techniques since they do not offer a guarantee concerning the detection abilities.... The paper “Methods of Identifying and Preventing SQL Attacks?...
5 Pages (1250 words) Research Paper

The Ethical Hacking Issues

Therefore, there is a need for computer science students to advance their ethical hacking techniques in order to fight against the increasing problems of criminal hacking.... The author reveals the technical aspects of penetration testing in order to address the engagement rules necessary for successful technical tests.... Jahankhani (2010) also reveals the way cybercrimes has become one of the biggest problems in many industries across the globe; thus, reveals varied aspects including implementation, investigative techniques and criminal intelligence in fighting cybercrimes....
5 Pages (1250 words) Research Proposal

Goals of auditing and Risk Management

Passive attacks utilize a script with techniques such as obfuscation, polymorphism and encryption (Gharibi & Mirza, 2011).... All these techniques are used for making the detection mechanism fail, resulting in a successful security... Organizations are now adding an extra layer of defense against intelligent threats that are now called as advanced persistent threats.... However, risks can be mitigated… Security consultants conduct testing reviews and code audits for exploiting vulnerabilities and current and potential threats for an application....
3 Pages (750 words) Research Paper

Security Architecture, Quality of Hertford Fashions Service Applications and System Infrastructure

It recaps the findings, analysis and recommendations from the assessment, which was undertaken across the Internet.... It documents the findings for the security… The purpose of the test was to use exploitation capacity in identifying and validating potential vulnerabilities across the network infrastructure within scope. ...
16 Pages (4000 words) Essay

Methods of Identifying and Preventing SQL Attacks

Therefore, this makes the system behave the ability to detect attacks effectively, though there are basic demerits of learning-based techniques since does not offer a guarantee concerning the detection abilities.... This report "Methods of Identifying and Preventing SQL Attacks" discusses issues related to the detection and prevention of SQL injection attacks, whereby there are several methods are identified and discussed that are aimed at detecting or preventing the attacks....
5 Pages (1250 words) Report

Securing Exploits and Vulnerabilities: Ethical Hacking

The subject of this analysis is the Metasploit security tool's penetration testing which includes password attacks, authentication bypass, and operating system security among others.... penetration testing conducted using this tool is not only efficient but also fast and is proven to increase productivity by 45%.... hellip; advanced Research recognizes the significance of testing its security architecture for exploits and vulnerabilities before attackers take advantage of them and cause serious losses....
5 Pages (1250 words) Essay

Timeliness, Bandwidth and Other Factors Essential When Performing Scans or Enumeration

In most cases, the white hat hacker will employ the use of similar hacking techniques as the malicious hacker to test the security strength of a system.... The document should correspondingly outline all the IP addresses that will need testing and those that will not require any testing.... All these techniques form part of the penetration testing means of accessing an organizations information system and identify any existing and potential vulnerabilities (Allsopp, 2017)....
12 Pages (3000 words) Term Paper
sponsored ads
We use cookies to create the best experience for you. Keep on browsing if you are OK with that, or find out how to manage cookies.
Contact Us