CHAPTER 2 Hacking Environmen
The very first thing that you need is a virtual machine. As I said before, I have Ubuntu as
my default operating system and inside my virtual machine I have installed two operating
systems—one is Windows XP and the other is Kali Linux.
Technically, from now on I would mention Windows XP and Kali Linux as my virtual
machines. Kali Linux is a Linux distribution that comes up with many useful hacking
tools. So I strongly suggest using it as your virtual machine. You may also read the
documentation page of Kali Linux, which will also be an immense help.
At the same time, I’d not suggest using Windows of any kind for the ethical hacking
purpose. Some may argue that few hacking tools can be used in Windows, so why you
are suggesting otherwise? The point is: in the ethical hacking world, you need to be
anonymous all the time. You won’t want to keep your trail, anyway, so that you can be
traced back. Remaining anonymous is a big challenge. In Linux it is fairly easy and you
can stay anonymous for the time being.
Keeping that in mind, I explain that technique of being anonymous in great detail
so that before jumping up into the big task, you make your defense much stronger. Being
anonymous is the most important thing in the world of ethical hacking. Keeping yourself
anonymous in Windows is not possible. So it is better to adapt to the Linux environment
first. Another important thing is, most of the great hacking tools are not available in the
Windows environment.
If you have never heard of any Linux distribution, don’t worry. You can either install
user-friendly Ubuntu inside your Windows system or you can easily partition your disk
into two parts and install Ubuntu and Windows separately as your two default operating
systems. It is preferable to do the latter. Installing and uninstalling parallel operating
systems always teaches you something new. If you are familiar with Windows, I won’t tell
you to simply dump it for the sake of learning ethical hacking. You can keep it and use it
for your daily work. There is no problem in doing this.
In the Internet world, Linux is used more. So you need to learn a few Linux commands.
Software installation in Linux is slightly different from Windows environments. There
are Linux distributions like Fedora or Debian, and many more. I named Ubuntu just
because it is extremely popular and Windows users find themselves comfortable inside
it. The operations are more or less the same, including the software installations. For
beginners, it is not a good idea to install Kali Linux as your default OS. You must read Kali
documentation, where it is clearly stated that Kali is more for developers. You are going to
install it inside your Virtual Box. Kali Linux is a kind of Linux distribution that comes with
lot of hacking tools. You need to know them and use them in the course of ethical hacking.
Installing Virtual Machine is a very important step as the first step of building
your environment. In the next chapter I will show you how you can do that for different
operating systems. Another important thing is learning a programming language that will
really help you learn ethical hacking better.
The obvious choice is Python. At the time of writing this book, Python 3.x has already
arrived and is considered the future of this language. It is very quickly catching up with
the old Python 2.x version, which has been around the market for a while. The official
Python download page provides the repository of Python installers for Windows, Mac
OS X and Linux operating systems. If you download an installer, it is of immense help
because it comes with the Python interpreter, standard library, and standard modules.
The standard library and built-in modules are specifically very important because they
offer you several useful capabilities that will help you achieve your goal as an ethical
hacker. Among the useful modules, you will get cryptographic services, Internet data
handling, interaction with IP protocols, interoperability with the operating system,
and many more. So go ahead, pick up any good beginner’s book on Python, read the
official documentation and know that it is a part of your learning schedule. Python is an
extremely easy language to learn.
To create an ideal ethical hacker’s environment, a few steps are extremely important.
The steps include: installing Virtual Machine or Virtual Box (VB), having a basic
knowledge about networking, and learning a useful programming language like Python.
Let us first have a look at the basic networking knowledge
Ethical Hacking and Networking
A basic knowledge about internetworking is extremely important if you want to learn
ethical hacking. As you progress and want to go deeper, it is advisable to learn more about
networking. Ethical hacking and internetworking are very closely associated. As you
progress through this book you will find words like “packet,” “switch,” “router,” “modem,”
“TCP/IP,” “OSI,” and many more.
The very first thing you need to know is: data travels through many layers. Ethical
hackers try to understand these layers. Once they have understood the movement, they
either want to track and block the data or they want to retrieve data.
In this chapter, we will very briefly see how internetworking models work. We will
look into the different types of networking models. We will also learn about the devices
that comprise a network.
What Does Network Mean?
A network is a collection of devices that are connected through media. One of the main
characteristics of a network is: devices contain services and resources. Devices contain
personal computers, switches, routers, and servers, among others. What do they do
basically? They send data and get data either by switching or by routing. Actually, they
connect users so that users ultimately get full data instead of getting it by pieces. So the
basic services these devices provide include switching, routing, addressing, and data
access.
We can conclude that a network primarily connects users to avail these services. That
is its first job. The second job is also very important. A network always maintains a system
so that the devices allow the users to share the resources more efficiently.
Now a problem arises—not a trivial problem. Hardware and software manufacturers
don’t know each other. They belong to different countries and share diverse cultures.
When the conception of networking first came to the fore, it was found that hardware and
software weren’t matching. As I said before, a network is a collection of devices. These
devices are mainly built of hardware and software that are talking in different languages.
To solve this problem, a common network model with communication functions is
needed so that dissimilar devices can interoperate.
The importance of internetworking models consists of a few main concepts. First,
they encourage interoperability. Second, they provide a reference through which data will
be communicated. Third, they facilitate modular engineering.
There are two types of internetworking models.
They are Open Systems Interconnection (OSI) reference model and Transmission
Control Protocol/Internet Protocol (TCP/IP) model. Both models are widely used today.
The Open Systems Interconnection (OSI) reference model was developed by the
Internet Standards Organization (ISO) and it has seven layers in all. The layers are as
follows: application (layer 7), presentation (layer 6), session (layer 5), transport (layer 4),
network (layer 3), data link (layer 2) and physical (layer 1).
Let us very briefly try to understand how this model works. Suppose a user tries to
open a web page. The very first thing he does is send a request to the server that is located
several thousand miles away. Here, the server’s hard disk or hardware is the last layer
(layer 1) which is termed as “physical.” So, the user’s request first knocks the “application”
layer (7) which is the nearest and then it proceeds. Every process in each layer involves a
complicated “bits and bytes” functioning. A computer only understands 0 and 1. But the
user does not like to see a video in 0 and 1.
Let us break the process into more detail.
In the application layer (7), the user interacts with the device that could be a
personal computer or smart phone or anything you might guess. So the application
layer basically handles the user’s interaction. The name of the datagram is “data.” The
user requests the data and ultimately retrieves the data. What happens when the user
sends requests from layer 7? It enters into the next layer: (6) presentation. The process
of encapsulation starts. Data is formatted and encrypted. Next, the layer 5 or session
enters into the scene. This layer manages end-to-end communication. Suppose you type
a password and log into your social media account. This layer maintains the end-to-end
(user-to-server) communication so that you can remain logged into your page. Tell this
layer the name of the datagram is “data.”
To assist you in maintaining your session, the next three layers work very hard. They
are: transport (layer 4), network (layer 3), data link (layer 2), respectively. The name of
the datagram of transport layer is “segment.” Why is this called “segment”? It is called
“segment” because it breaks your request into several fractions. First, it adds source and
destination port numbers. Next, it tries to make it reliable, adding sequence numbers. So,
in a nutshell, it provides flow control, sequencing, and reliability.
What happens next?
Your request enters into the layer 3 that is called network. The name of the datagram
is “packet.” It adds source and destination IP addresses. It also makes sure that your
request finds the best path to reach the destination.
Now your data request almost reaches the final stage. It enters into the layer 2 that is
data link. It is nearing the end point that is the server’s hardware. So this layer adds source
and destination Media Access Control (MAC) addresses. Next, it goes through Frame
Check System (FCS) processes. It checks frame by frame whether the source requests
reach the right destination. That is why the datagram is known as “frame.”
Now it has entered into the final destination that is layer 1 or physical. There are only
bits over the physical medium. The name of the datagram is “bits and bytes.”
Now we can imagine a small office with one router, two switches and a few desktops,
laptops, printers, and servers. The router is connected to the switches and the switches
are connected to the devices like desktops, laptops, printers, and servers. Here desktops,
laptops, printers, and servers belong to the layer 1 that is physical. The switches belong to
the layer 2 that is data link, and the router fits in the layer 3 that is network.
Routers are layer 3 devices and perform a few definite tasks. They are: packet
switching, packet filtering, path selecting, and finally communicating. The task of packet
switching involves the process of getting a packet to the next device. Here, the next device
is the switches. Packet filtering suggests in its name what it actually does. It either permits
or blocks packets depending on certain criteria. Path selecting is determining the best
path through the network to the destination. Communication is another important part
of this layer. Routers communicate with other networks like the Internet.
Between routers, layer 3 devices, and the end application, physical, layer 1 devices,
there are switches which are layer 2 devices. In some cases, switches perform the task
of layer 3 devices. Switches basically deal with frame filtering and forwarding. It also
maintains the connection between layer 3 and layer 1.
Summary
Let us quickly recap what we have just learned about the relations between ethical
hacking and internetworking.
1. Internetworking models encourage interoperability between
different devices, providing a reference to describe the data
communication. At the same time, it facilitates modular
engineering.
2. There are two types of internetworking models. They are OSI
Reference Model and TCP/IP Model.
3. The OSI Model has seven layers. They are: application (layer 7),
presentation (layer 6), session (layer 5), transport (layer 4),
network (layer 3), data link (layer 2), and physical (layer 1).
4. The TCP/IP Model has four layers. They are: application (layer 4),
transport (layer 3), network (layer 2), and network (layer 1).
5. An ethical hacker tries to understand this process of data
communication and penetrates according to the vulnerability.
What's Your Reaction?
