Back to Subject
Practice MCQ

Unit 1 - Notes

INT244

Unit 1: Introduction to Ethical Hacking, System Fundamentals, Cryptography

Part 1: Ethical Hacking Foundations

1.1 Hacking Evolution

The concept of hacking has evolved significantly over the last few decades, shifting from intellectual curiosity to malicious financial and political gain.

  • The Early Era (1960s-1970s): Originated at MIT (Model Railroading Club). "Hacking" meant finding a clever shortcut or modification to a system to make it run more efficiently.
  • Phone Phreaking (1970s): Exploiting telecommunication systems to make free calls (e.g., John Draper/Captain Crunch using a 2600Hz whistle).
  • The PC Era (1980s-1990s): Rise of personal computers led to the creation of viruses and worms (e.g., Morris Worm). The perception of hackers shifted from explorers to criminals.
  • The Modern Era (2000s-Present):
    • Cybercrime: Hacking for profit (Ransomware, Credit Card theft).
    • Hacktivism: Hacking for political or social causes (e.g., Anonymous).
    • State-Sponsored: Cyber warfare between nations (APTs - Advanced Persistent Threats).

1.2 What Is an Ethical Hacker?

An Ethical Hacker employs the same tools and techniques as malicious hackers but does so with permission and for the purpose of improving security.

  • Key Characteristic: They operate with the consent of the system owner.
  • The "Hat" Categories:
    • White Hat: Ethical hackers. They secure systems and report vulnerabilities.
    • Black Hat: Malicious hackers. They violate laws and exploit systems for personal gain.
    • Grey Hat: Operating in a moral grey area. They may hack without permission but generally do not possess malicious intent (often asking for a bounty after finding a bug).

1.3 Ethical Hacking and Penetration Testing

While often used interchangeably, there is a nuance between the two terms.

  • Ethical Hacking: An overarching term that covers a wide variety of hacking methods to safeguard a system. It includes penetration testing, vulnerability assessments, code review, and social engineering.
  • Penetration Testing (Pen Testing): A specific, scheduled event where a tester attempts to breach a specific system or network to find vulnerabilities that an attacker could exploit.
    • Black Box: Tester has no prior knowledge of the target.
    • White Box: Tester has full knowledge (source code, IP maps).
    • Grey Box: Tester has partial knowledge (e.g., user credentials).

1.4 Hacking Methodologies

A systematic approach used by hackers to compromise a system. The standard 5-phase model includes:

  1. Reconnaissance (Footprinting): Gathering information about the target.
    • Passive: Collecting info without interacting directly (Whois, OSINT).
    • Active: Interacting with the system (Social engineering).
  2. Scanning: Using technical tools to identify live hosts, open ports, and services (e.g., Nmap, Nessus).
  3. Gaining Access: Exploiting the vulnerabilities identified during scanning to enter the system (e.g., Buffer overflows, SQL Injection, Password cracking).
  4. Maintaining Access: Installing backdoors, rootkits, or trojans to ensure the hacker can return later, even if the system is rebooted.
  5. Clearing Tracks: Deleting logs, modifying registry values, and hiding files to avoid detection by security administrators.

Part 2: System and Network Fundamentals

2.1 Fundamentals of Computer Networks

Understanding how data moves is critical for securing it.

  • OSI Model (7 Layers): Physical, Data Link, Network, Transport, Session, Presentation, Application.
  • TCP/IP Model (4 Layers): Network Access, Internet, Transport, Application.
  • IP Addressing:
    • IPv4: 32-bit address (e.g., 192.168.1.1).
    • IPv6: 128-bit hexadecimal address (created due to IPv4 exhaustion).
  • Packets: Data is broken into packets containing headers (metadata) and payloads (actual data).

2.2 Exploring TCP/IP Ports

Ports act as virtual doors allowing computers to distinguish between different types of traffic. There are 65,535 available ports.

Common Ports and Protocols: Port Protocol Service / Function
20/21 FTP File Transfer Protocol (sending files)
22 SSH Secure Shell (encrypted remote login)
23 Telnet Unencrypted remote login (obsolete/insecure)
25 SMTP Simple Mail Transfer Protocol (sending email)
53 DNS Domain Name System (resolves URLs to IPs)
80 HTTP Web traffic (unencrypted)
443 HTTPS Web traffic (encrypted via SSL/TLS)
3389 RDP Remote Desktop Protocol (Windows)

2.3 Understanding Network Devices

  • Hub: A "dumb" device that broadcasts data to all connected ports. Highly insecure (allows sniffing).
  • Switch: Intelligent device. Uses MAC addresses to send data only to the intended recipient. Breaks up collision domains.
  • Router: Connects different networks (e.g., LAN to WAN). Uses IP addresses to route packets.
  • NIC (Network Interface Card): The hardware component allowing a computer to connect to a network. Contains the MAC address.

2.4 Proxies

A proxy server acts as an intermediary between a client and a server.

  • Forward Proxy: Sits between the user and the internet. Used for content filtering, anonymity, or caching.
  • Reverse Proxy: Sits between the internet and the web server. Used for load balancing and security (hiding the actual server IP).
  • Anonymizers (TOR): Proxies chained together to hide the user's identity and location.

2.5 Firewall and Network Security

  • Firewall: A security system that monitors and controls incoming and outgoing network traffic based on predetermined security rules.
    • Packet Filtering: Inspects simple headers (IP/Port).
    • Stateful Inspection: Tracks the state of active connections.
    • Application Layer (WAF): Inspects the actual payload data (e.g., blocking SQL injection attempts).
  • IDS (Intrusion Detection System): Detects attacks and alerts the admin.
  • IPS (Intrusion Prevention System): Detects attacks and actively blocks them.

2.6 Knowing Operating Systems

A hacker must understand the target environment.

  • Windows:
    • Most widely used desktop OS.
    • File System: NTFS (New Technology File System).
    • Key Targets: The Registry (database of settings), Active Directory (user management), SMB (file sharing protocol).
  • Linux:
    • Open-source, UNIX-like. Preferred by hackers (e.g., Kali Linux).
    • File System: ext4, XFS.
    • Structure: "Everything is a file." Root is the superuser. Strong permission system (Read/Write/Execute - chmod).
  • Mac (macOS):
    • Unix-based (BSD) with a proprietary GUI.
    • Gaining popularity in enterprise, making it a growing target.
  • Android:
    • Mobile OS based on the Linux Kernel.
    • Apps run in "Sandboxes" (isolated environments).
    • Rooting an Android device gives the user full administrative control, bypassing manufacturer restrictions.

Part 3: Cryptography

3.1 History of Cryptography

Cryptography is the practice of securing communication in the presence of adversaries.

  • Ancient:
    • Scytale: Spartan transposition cipher using a cylinder and a strip of parchment.
    • Caesar Cipher: Substitution cipher shifting letters by a fixed number (e.g., A -> D).
  • WWII:
    • Enigma Machine: German electro-mechanical rotor cipher machine. Broken by Alan Turing and team.
  • Modern: Mathematical algorithms protecting digital data.

3.2 Symmetric Cryptography

Uses a single shared key for both encryption and decryption.

  • Pros: Very fast; efficient for large amounts of data.
  • Cons: Key distribution (how to get the key to the recipient securely?).
  • Algorithms:
    • DES (Data Encryption Standard): Obsolete, 56-bit key (too short).
    • AES (Advanced Encryption Standard): Current standard. 128, 192, or 256-bit keys.
    • RC4: Stream cipher (found in older WEP Wi-Fi security, now considered weak).

3.3 Asymmetric Cryptography (Public Key Cryptography)

Uses a pair of keys: A Public Key (shared with everyone) and a Private Key (kept secret).

  • Encryption: Encrypt with Public Key -> Decrypt with Private Key.
  • Digital Signature: Sign with Private Key -> Verify with Public Key.
  • Pros: Solves the key distribution problem; provides authentication and non-repudiation.
  • Cons: Slower and more computationally expensive than symmetric.
  • Algorithms:
    • RSA: Based on the difficulty of factoring large prime numbers.
    • ECC (Elliptic Curve Cryptography): Stronger security with smaller key sizes; used in mobile.
    • Diffie-Hellman: Used specifically for secure key exchange over an insecure channel.

3.4 Understanding Hashing

Hashing is not encryption. It is a one-way mathematical function that converts data of any length into a fixed-length string (digest).

  • Purpose: Integrity verification (checking if a file has been altered).
  • Characteristics:
    • One-way (cannot reverse hash to get data).
    • Collision-resistant (two different inputs should not produce the same hash).
  • Algorithms:
    • MD5: 128-bit. Broken (prone to collisions).
    • SHA-1: 160-bit. Deprecated.
    • SHA-256: Standard for modern security (used in Bitcoin, SSL certificates).

3.5 Issues with Cryptography

Cryptography is math, but the implementation is often where vulnerabilities lie.

  • Brute Force: Trying every possible key combination.
  • Rainbow Tables: Pre-computed tables of hashes used to crack passwords.
  • Weak Keys: Using short keys or predictable passwords.
  • Side-Channel Attacks: Monitoring power consumption or electromagnetic radiation to deduce the key.
  • Quantum Computing: Theoretical threat that could break current asymmetric algorithms (RSA) instantaneously.

3.6 Application of Cryptography

IPsec (Internet Protocol Security)

  • A suite of protocols to secure communication at the Network Layer (Layer 3).
  • Used primarily for VPNs (Virtual Private Networks).
  • Two Modes:
    • Transport Mode: Encrypts only the payload.
    • Tunnel Mode: Encrypts the entire packet (header + payload).
  • Key Protocols: AH (Authentication Header) and ESP (Encapsulating Security Payload).

PGP (Pretty Good Privacy)

  • Used for securing Email communication and file storage.
  • Uses a hybrid approach (Symmetric for data, Asymmetric for key exchange).
  • Relies on a "Web of Trust" model rather than centralized Certificate Authorities.

SSL/TLS (Secure Sockets Layer / Transport Layer Security)

  • Secures communication over the web (HTTPS). SSL is the old version; TLS is the modern standard.
  • The Handshake:
    1. Client says "Hello" (sends supported cipher suites).
    2. Server says "Hello" (sends Public Key certificate).
    3. Client verifies certificate with a Certificate Authority (CA).
    4. Client creates a symmetric Session Key, encrypts it with Server's Public Key, and sends it.
    5. Both parties now communicate using the symmetric Session Key.