ECSA/ LPT EC Council M d l XXXIII EC - Council M o d u l e XXXIII War Dialing Penetration Testing Roadmap Start Here Information Vulnerability External Gathering Analysis Penetration Testing Fi ll Router and Internal Fi rewa ll Penetration Testing Router and Switches Penetration Testing Internal Network Penetration Testing IDS Penetration Testing Wireless Network Penetration Testing Denial of Service Penetration Testing Password Cracking Stolen Laptop, PDAs and Cell Phones Social Engineering Application Cont’d EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Penetration Testing Penetration Testin g Penetration Testing Penetration Testin g Penetration Testing Roadmap (cont ’ d) (cont d) Cont’d Physical Si Database Pii VoIP PiTi S ecur i t y Penetration Testing P enetrat i on test i ng P enetrat i on T est i n g Vi d Vi rus an d Trojan Detection War Dialing VPN Penetration Testing Log Management Penetration Testing File Integrity Checking Blue Tooth and Hand held Device Penetration Testing Telecommunication And Broadband Communication Email Security Penetration Testin g Security Patches Data Leakage Penetration Testing End Here EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Communication Penetration Testing g Penetration Testing Penetration Testing War Dialing War dialing involves the use of a program in conjunction with a modem to penetrate the modem - based systems of an organization by to penetrate the modem - based systems of an organization by continually dialing in. It is the ex p loitation of an or g anization's tele p hone, dial, and p rivate pgpp branch exchange (PBX) system to infiltrate the internal network in order to abuse computing resources. Software programs used for war dialing are known as War dialers. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited War Dialing (cont’d) EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited War Dialing Techniques Basic Wardialing Sweep (BWS): • The program calls a range of phone numbers without human intervention and identifies a set of known carrier signals. • In this technique, a Basic Wardialing Sweep (BWS) is conducted q ti ll b i d diti f fi ti Multiple Wardialing Sweep (MWS): se q uen ti a ll y b y us i ng range an d con diti on o f con fi gura ti on parameter. • It conducts separate sweep for each devices such as fax machine. • The dialed range of phone numbers that are attended with a f i l li i id d d i l b h i d Attended Wardialing Sweep (AWS): EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited pro f ess i ona l li stener i s prov id e d to d etect i rregu l ar b e h av i or an d unknown devices. Why Conduct a War Dialing Pentest? Pentest? War dialing penetration testing is conducted to: • Check whether anyone from your organization has attached modem to your network. Ch k h h h i d d l bl b k i to: • Ch ec k w h et h er your aut h or i ze d mo d ems are vu l nera bl e to b rea k - i n by a wardialer. • Check whether your modems reveal banners with their identity. • Check whether inventory devices like Fax machine on your PBX is Check whether inventory devices like Fax machine on your PBX is accessible by PSTN. • Check whether your modem provided by manufacturer holds a default password. hkhh h k l •C h ec k w h et h er t h ere is any un k nown open access to a l egacy system. • Check whether security audits across your organization is regularly conducted or not. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited conducted or not. • Check whether your network has security holes. Pre-Requisites for War Dialing Penetration Testing Penetration Testing Confirmation about the number to be dialed lf h i i A pprova l f rom t h e organ i zat i on Authorization from the telephone com p an y py Notify to all parties which may be affected Agreement for date and timing Exclude business critical systems EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Software Selection for War Dialing Dialing There are three general categories of software programs to perform war dialing: dialing: df ifi d l l i Commercial: •Use d f or spec ifi c mo d em poo l s or remote access so l ut i ons Homegrown: • These programs are compiled by network administrators and used to find out if they can get a phone number to pick up an incoming call Hackerware : • These programs are generally used by hackers • Attackers may conceal call-back schemes into these program which can monitor and record the data flows Hackerware : EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited • It may record unexpected outgoing email containing private information Guidelines for Configuring Different War Dialing Software Different War Dialing Software Check the country option, because different countries have different ringtones hich ma conf se the modem w hich ma y conf u se the modem . If possible, turn on the Error control. If possible, turn on the Error control. Select the proper detection level to detect voice, fax, carriers, tones, and voicemail. Check the fax recognition keep the fax modems to fax mode or data mode Check the fax recognition , keep the fax modems to fax - mode or data - mode . T t hd fl tl EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited T ry t o use h ar d ware fl ow con t ro l . [...]... conjunction with a modem to penetrate the modem-based systems of an organization by continually dialing in The th Th three different types of wardialing t h i diff tt f di li techniques are B i W di li S Basic Wardialing Sweep (BWS), Multiple Wardialing Sweep (MWS), and Attended Wardialing Sweep (AWS) The three software categories to perform war dialing are commercial, homegrown, and hackerware THC Scan is a... Scavenger-Dialer Scavenger Dialer WildDialer Super Dial X-DialeR SecureLogix Zhacker EC-Council Copyright © by EC-Council All Rights Reserved Reproduction is Strictly Prohibited PhoneSweep PhoneSweeper is a wardialing tool EC-Council Copyright © by EC-Council All Rights Reserved Reproduction is Strictly Prohibited THC Scan It is a type of war dialer that scans a defined range of phone numbers EC-Council Copyright... EC-Council All Rights Reserved Reproduction is Strictly Prohibited Recommendations for Establishing an Effective War Dialing Process Prepare a schedule for regular a d routine epa e sc edu e o egu a and out e wardialing Establish the process to access and secure critical contacts Prepare a remote access policy for employees Provide training to employees for recognizing social engineering techniques EC-Council . Techniques Basic Wardialing Sweep (BWS): • The program calls a range of phone numbers without human intervention and identifies a set of known carrier signals. • In this technique, a Basic Wardialing. this technique, a Basic Wardialing Sweep (BWS) is conducted q ti ll b i d diti f fi ti Multiple Wardialing Sweep (MWS): se q uen ti a ll y b y us i ng range an d con diti on o f con fi gura ti on . dialed range of phone numbers that are attended with a f i l li i id d d i l b h i d Attended Wardialing Sweep (AWS): EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is