During the act of penetration testing or vulnerability assessment or hacking, staying anonymous is one of the most important activities to do. Without it, the internet connection will reveal your identity to your target. Kali Linux is the best for penetration testing because it will come with pre-installed hacking tools some of which are tools to provide for anonymity to pentesters.
What is to be Anonymous ?
Is a state when a person or computer cannot be identified on their online activities. For example, anonymous users may connect to an FTP server that allows it to send and receive files from that computer. Although many services do allow anonymity on the Internet, it’s crucial to realize that there is no such thing as being 100% anonymous on the Internet.
Why stay anonymous online?
Every online activity on the Internet can be traced and tracked. Due to this know, at the back of your mind, you assume someone could be watching at every activities and intrusions you do online. Actually, systems with good installed IDS and IPSs do capture and store all external activities/behaviours towards the secure. In case there are any attempts of breakage into the system, the responsible personnel can look at the logs and check the details.
The thing is, Ethical hackers do simulate attacks just like hackers to the internal systems. They d system tests, check for weak system security flaws, check for external network security of the organization, check for availability of critical/sensitive data whatsoever that can be accessed easily with proof among others. If you are doing all this during a Blackbox penetration testing, you need not be noticed in the first place by the organization be noticed by you targets under the radar. This is the main reason for hackers to stay anonymous online.
How to keep anonymous during penetration testing
There are a variety of ways to stay anonymous online but we will use Anonsurf, a parrot security tool that is ported to work in kali Linux
Installation and usage of Anonsurf on Kali Linux
After cloning the package from github.com, the utility is installed by running the bash file using the command: #~bash installer.sh
After installation of the utility, use the help command at the home directory to know how to operate the utility: ~/kali-anonsurf# cd <enter>
~# anonsurf –help
We use ~# anonsurf start <enter> to start the utility
We now check the IP addresses as seen externally by anyone by using this command: ~# anonsurf myip <enter>
When we restart the utility, we will get another ip address different from the one displayed first; ie~#anonsurf restart ~#anonsurf myip
However, staying anonymous online is not only for Pentesters. A lot of people decide to hide their identity, for several reasons. Even normal people without any security know how want to stay unnoticed online.
How to stay anonymous to the lay man
- Use a VPN to Hide Your IP Address; An Internet Protocol (IP) address is what identifies as a user on the web, the IP can be determined, your location and what you’re up to online. A good VPN like PureVPN will help you to hide your identity while on the internet and also provide total encryption towards what your communicating online.
- pay attention to safe browsing by using HTTPS Everywhere; When browsing the Internet, pay attention which protocol your using, its either HTTP or HTTPS. Third-parties can easily snoop on your traffic to see everything you do online through man in the middle attacks when using HTTP protocol while browsing. Sensitive data like passwords, usernames, security card numbers, bank account numbers, can be stolen when using HTTP in your browsers?
- Disable Third-Party Cookies; Cookies are so rich in user browser behavior across multiple websites visited. They are placed on your device not by the website you’re visiting, but rather by cyber-criminals.These cookies enable cyber criminals to create profiles of online users without their knowledge and display ads based on their interests.
- Use a Private Search Engine; Most of the users rely on search engines such as Google or Yahoo for answers to all our questions. But given that these companies collect personal information about millions of their users, they aren’t exactly the best option if you want to browse with a mind of anonymity.
As a Pentester, it is unethical to reveal your identity to your target at any cost. It is even worse when you reveal your identity within the first stages of penetration testing, because this would hinder the progress of your vulnerability assessment and gathering of satisfactory information about your target.
Summit Consulting Ltd brings you a Cyber Security Awareness Training course at your premises to bring forth awareness on the various forms of cyber-crime and attack schemes that could be executed on your network, alongside the defensive measures and ways on how to stay anonymous while executing your online activities and leave the zone of living as a prey on the internet.