Info Sharing Blog

Saturday, May 12, 2018

CEHv10 Exam Blueprint : Effective 1st October 2018

May 12, 2018 Posted by jaacostan
 An exam blueprint is a break down the sections of the Exam Syllabus and makes it easier for the test taker to  prepare for the exam. It helps the test taker to understand how many questions in various areas of practice should go on an exam.

Effective 1st October 2018, EC-Council will be introducing a new version of the CEH exam blueprint and it is mentioned below.
CEHv10 blueprint

The current CEH blueprint is valid till September 30th 2018. You can find the current blueprint here :https://cert.eccouncil.org/images/doc/CEH-Exam-Blueprint-v2.0.pdf

Wednesday, April 25, 2018

DoS Attacks : Smurf,Fraggle,Land

April 25, 2018 Posted by jaacostan ,

Smurf attack.

Smurf is a DoS attacking method. In this flood attack, it floods the victim with the ICMP echo packets instead of TCP SYN packets. Also, it is a spoofed broadcast ping request using the victim IP address as the Source IP.
Most of the modern devices can deter these kind of attacks and SMURF is rarely a threat today.
#hping3 -1 --flood --spoof <target> <broadcast_address>

Fraggle attack.

Similar to Smurf attack, but instead of using ICMP, Fraggle uses UDP packets over UDP ports 7 and 19. Also will broadcast a UDP packet using spoofed IP address of the victim. All the devices on the network will then respond to the victim similar to the Smurf attack.

Land attack

In this, the attacker sends spoofed SYN packets to the victim using the Victim's IP address and both source and destination IP. This results in the system constantly replying to itself can  crash the system.
#hping3 -c <packet_count> -s <src_port> -d <dst_port> --flood -a <victim_IP source spoof> <victim_IP>


Tuesday, April 24, 2018

Nmap : Basic overview on Scanning Techniques

April 24, 2018 Posted by jaacostan , , , ,
Nmap. One of the top scanning tool used in Cyber/Networking. There are plenty of scanning techniques that can be used in Nmap. This post is intended to provide a the basic overview on NMap scanning techniques.
nmap scan

1) Ping Scan [-sP]

This types of scan is used to detect which computers or devices are online, rather than which ports are open.In this, NMap sends an ICMP ECHO REQUEST packet to the destination system. If an ICMP ECHO REPLY is received, the system is considered as up, and ICMP packets are not blocked.If there is no response to the ICMP ping request, Nmap will try a "TCP Ping", to determine whether ICMP is blocked, or if the host is really not online.
A TCP Ping sends either a SYN or an ACK packet to any port (80 is the default) on the remote system. If RST, or a SYN/ACK, is returned, then the remote system is online. If the remote system does not respond, either it is offline, or the chosen port is filtered, and hence it won't be responding to anything. When you run an Nmap ping scan as root, the default is to use the ICMP and ACK methods.Non-root users will use the connect() method, which attempts to connect to a machine, waiting for a response, and tearing down the connection as soon as it has been established and thus it will result in a full TCP scan.
eg: #nmap -sP 192.168.1.1

2) Full Connect/TCP connect() Scan [-sT]

This type of scan will try to establish a full TCP connection and a 3-way handshake will happen. Hence the Full connect scan is noisy and the connection info will be logged by the IDS/Firewalls. If the scan result is open, then we can definitely able to connect to that particular port.
eg: #nmap -sT 192.168.1.1

3) Stealth Scan/ SYN scan [-sS]

This type of scan wont establish a TCP connection. It will scan by sending a SYN flag packet and if the port is open, then a SYN/ACK will be send back as a response by the target machine, thus result in a half embryo connection. Since a full connection wont establish, the connection info will not be logged by the Firewalls/IDSs and hence it is widely known as Stealth scan. If a RST pack is received as a response, then probably the post is closed.
eg: #nmap -sS 192.168.1.1

4)UDP scan [-sU]

Useful in very particular cases since most of the services uses TCP widely. UDP scan works by sending a UDP packet to the targeted port. If no response is received, then the port will be considered as Open | filtered. Filtered because some firewalls wont respond to the blocked UDP ports.If the port is closed, then an ICMP response(ICMP port unreachable error type 3, code 3) will be send by the target device.
eg: #nmap -sU 192.168.1.1

5) TCP NULL [-sN], FIN [-sF], and Xmas scans [-sX]

Null scan (-sN) - Does not set any bits (TCP flag header is 0)
FIN scan (-sF) - Sets just the TCP FIN bit.
Xmas scan (-sX) - Sets the FIN, PSH, and URG flags, lighting the packet up like a Christmas tree.   
If a RST packet is received, the port is considered closed, while no response means it is open|filtered.
The port is marked filtered if an ICMP unreachable error is received.
eg: #nmap -sN 192.168.1.1
      #nmap -sF 192.168.1.1
      #nmap -sX 192.168.1.1

6)TCP ACK scan [-sA]

This type of scan uses the ACK flags. Unlike other scans, ACK scan is not used to determine whether the port is Open or Closed.It is used to map out firewall rule-sets, determining whether they are stateful or not and which ports are filtered.Stateful Firewalls, will respond with a RST packet as the sequence is not in order.
eg: #nmap -sA 192.168.1.1

7)Version Detection [-sV]

Version Detection collects information about the specific service running on an open port, including the product name and version number. This information can be used in determining an entry point for an attack. The -sV option enables version detection, and the -A option enables both OS fingerprinting and version detection
eg: #nmap -sV 192.168.1.1

[Learn more and download the tool @ https://nmap.org/ ]

Monday, April 16, 2018

Why you should not believe in Online Reviews and Social networking sites?

April 16, 2018 Posted by jaacostan
Most of us, before buying a product from Amazon/Flipkart, or before booking a movie ticket, we might go through the review section to see what others think about it, how good it is?, what are the pros and cons? etc.
Let me tell you a fact. Though there are genuine reviews written by genuine customers/users, majority of the reviews are paid reviews. Similarly paid opinions can be seen in forums like Quora, Yahoo Answers.When it comes to social networking websites, there are big companies working for corporate, political parties, ideological institutions.
Many of us are addicted to these social networking sites and we like and share things which we are not sure about. All want to monetize their profit and for that they will do even the worst methods to make things viral.These institutions pay millions of money to distribute and publicize their propaganda. In short, to brainwash the audience.

When thousands write a good review of a bad product, that product automatically becomes good in the public.

Most of the companies are running affiliate programs. Which means, you promote us and if someone buys a product through you, we will give a commission to you. One of the Site defines it's affiliate program as,
"You can use various promotional methods to earn easy commissions including placing banners, links, and writing product reviews on your website or blog. You will receive customized links for all the promotions, through which we will track sales. When any customer, referred by you, makes a purchase, you get paid."

There are plenty of online job sites serves over the internet. If you signup, you can see many online job offerings such as harvesting likes,up-votes, review writings, data entry etc.
It's funny that, you don't even need to find words to write a review. The review content is also provided by the marketing company and all you need to do is copy and paste it on relevant blogs, forums websites under your account (even from multiple accounts).
I have taken few screenshots from one of those site. Lets go through that and understand how companies can brainwash you with reviews and posts. When thousands write a good review of a bad product, that product automatically becomes good in the public.

The following screenshots are job advertisements , the employer is paying money to publicize their hashtag and their product.
jaacostan online review 

jaacostan online review

jaacostan online review
 Another job, the worker need to signup, comment and give a link to the product website.


jaacostan online review
See the instructions. Just follow this and get paid. Spread the propaganda, or publicize a product no matter how good or bad it is.

jaacostan online review
This job is to do the up-votes..lol.

jaacostan online review


Due to the large influence of Social Networking sites on common people, any one can throw money to circulate and publicize their propaganda. Even the Visual medias are also working like that.
So with this article, i remind each and everyone that Use your Brain, Think and Act. Don't blindly believe everything on the Internet. Don't blindly believe in what others says.

Everything around us are trying to brainwash our thoughts. So again, Use your Brain ! Always!

Wednesday, April 11, 2018

Microsoft Windows Server 2016 Virtualization Based Security and Credential Guard

April 11, 2018 Posted by jaacostan , ,

https://www.linkedin.com/in/arjun-sunil-86631b1b/Virtualization Based Security is a major Microsoft windows feature released with Windows Server 2016 and Windows 10 Operating System.Credential Guard Feature is available with Windows Server 2016 and Windows 10 Operating Systems to prevent the memory read attempt or in other words protect the Domain Credentials (Kerberos and NTLM) thus Preventing Pass the Hash Attacks (Credential Theft Attack)
Credential Guard leverages Virtual Secure Mode (VSM) feature of Virtualization Based Security (VBS) to create Isolate User Modes to process the Codes preventing it from being stolen.The device guard feature also rely on the Virtualization based Security (VBS)

Pass the Hash is a fundamental function of Windows for remote administration which will be taken care by the LSASS process (User Mode Process responsible for Authentication and Isolation of users).LSASS is a User Mode Process manages the hash that needs to be passed for remote administration. Upon Enabling Credential Guard, the Local Security Authority Subsystem Service (LSASS.exe) runs sensitive codes in Isolated mode as an Isolated LSA Process (LSAISO.exe) to protect the NTLM and Kerberos Codes.

How the Virtual Secure Mode (VSM) Works

VSM leverages the Hyper-V Hypervisor and Second Level Address Translation (SLAT) Features to create isolated Virtual Trust Levels (VTL) or Modes.
- SLAT is a hardware CPU feature leveraged by Hyper-V that helps to reduce the overhead of virtual to physical memory mapping.
- VTLs are numbered and higher the number, more secured is its memory space.
- Hyper-V is a Type-1 Microkernel and VMware is a Type-1 Monolithic Kernel

Microsoft VSM architecture

VSM Operation Flow,
1.    Boot Process:
  • When the Machine Boots, “bootmgr.efi”  is validated by Secure Boot and loaded.
  • Bootmgr then execute the “winload.efi”(Windows Loader)
  • Winload loads and checks the VBS Configuration (Hyper-V and VTL0/1 Components)
  • Winload starts Hyper-V.
2.    The SLAT assigns separate isolated memory blocks to each Virtual Trust Levels. (Resulting in VTL Isolation)
3.    The Virtual Trust Levels are assigned with appropriate access permissions and a secure separate run time environment is created
4.    The code running in Normal kernel & user mode cannot access the code running in Secure Kernel/ Isolated User mode as shown in the above figure
5.    Another LSASS.exe then runs as a Trustlet (Trusted Process) in the Isolated User Mode as LSAISO.exe. (LSASS.exe still runs in the VTL0)
6.    LSAISO.exe communicates with LSASS.exe over a secure encrypted Remote Procedure Call (RPC) Connection.
7.    All the secure/trusted processed (Trustlets) which includes NTLM Hashes and Kerberos Tokens   runs only in the Isolated User Mode thus preventing is from being stolen.
-Even if the Normal Kernel mode of VTL0 is compromised, it cannot access the secure pages in IUM.
-The Secure kernel cannot be extended or in other words we cannot create a secure driver to run in Secure kernel and run malicious codes in the isolated user Mode (Microsoft Can perform it).
-Also, it’s not possible for Normal Kernel drivers to load DLL into IUM (Isolated User Mode) Process for threat injection.

Enable Credential Guard in Windows Server 2016

1.    Install the Hyper-V Role.
2.    Turn on the Device Guard as below.
Computer Configuration > Administrative Templates > System > Device Guard >> Edit the policy “Turn on Virtualization Based Security”.
##Below Settings are only to Turn on Device Guard ##
virtualisation based security
 After Enable, we can verify the new LSAISO.exe status from Task Manager.
virtualisation based security

What is a Gratuitous ARP? How is it used in Network attacks?

April 11, 2018 Posted by jaacostan , ,
Many of us encountered the word "Gratuitous" while exploring the network topic on ARP, The Address Resolution Protocol. Before explaining Gratuitous ARP, here is a quick review on how ARP works.

ARP provides IP communication within a Layer 2 broadcast domain by mapping an IP address to a MAC address.For example, Host B wants to send information to Host A but does not have the MAC address of Host A in its ARP cache. Host B shoots a broadcast message for all hosts within the broadcast domain to obtain the MAC address associated with the IP address of Host A. All hosts within the same broadcast domain receive the ARP request, and Host A responds with its MAC address.
We can see the ARP entries on our computers by entering the command arp -a.
So, back to the topic on what is a Gratuitous reply, here is a better explanation.
Gratuitous arp is when a device will send an ARP packet that is not a response to a request. Ideally a gratuitous ARP request is an ARP request packet where the source and destination IP are both set to the IP of the machine issuing the ARP packet and the destination MAC is set to the broadcast address ff:ff:ff:ff:ff:ff.
Some devices will send gratuitous arp when they boot up, which announces their presence to the rest of the network. Also Many devices will send a gratuitous arp if there is a change on its IP address.

Summarize,A gratuitous ARP reply is a reply to which no request has been made.

And how this Gratuitous ARP is used in network attacks?
ARP spoofing attacks and ARP cache poisoning can occur because ARP allows a gratuitous reply from a host even if an ARP request was not received. Hence poisoning the ARP table of the devices int he network. After this, all traffic from the device under attack flows through the attacker's computer and then to the router, switch, or host, Which we call as a "man-in-the-middle attack".An ARP spoofing attack can target hosts, switches, and routers connected to your Layer 2 network by poisoning the ARP caches of systems connected to the subnet and by intercepting traffic intended for other hosts on the subnet.

Eg: Assume there are three devices connected to a switch. One router and two PCs. PC2 is an attacker.
PC2 will send Gratuitous ARP  to the router with the IP address of PC1(Spoofed) and its own MAC address as source. Once this is learned by the router, router will think that PC2 is actually PC1 and all the packets destined to PC1 will be forwarded to PC2.
Similarly the PC2 will send another Gratuitous ARP to PC1 with its own MAC address and the IP address of Router as source. So the PC1 will learn that the router is PC2 and will send all packets to PC2. PC2 may forward those packets to the router and there by executing a Man-in -the-Middle attack.

Network administrators can use Dynamic ARP inspection (DAI) to prevent the ARP poisoning/spoofing attacks. DAI is a security feature that validates Address Resolution Protocol (ARP) packets in a network by determining the validity of an ARP packet based on valid IP-to-MAC address bindings stored in the trusted DHCP snooping binding database.

How to configure DAI on switches depends on the vendor. A google search can provide the configuration guide on that.

This is for answering Nikhil's query :

Question: If the machine already learned the real MAC and have the ARP entry, then a G-ARP packet will be accepted or not.
Answer : When the Spoofing attack is On, the ARP table will be updated with the spoofed MAC entry.
Gratuitous ARP

I have captured couple of Wireshark captures for demonstrating the ARP poisoning attack. Note the target machine is 192.168.209.131. The machines learned the actual MAC address. After that, I performed the ARP spoofing using a gratitious ARP and let it run in the background on my Kali Linux. We can see the ARP entry for 192.168.209.131 has been changed due to the spoofing attack. Then I tried to ping the target 192.168.209.131 and it used the spoofed MAC as the destination.

However, it did throw a message on the IP conflict but it won't matter when the spoofing attack is on. When i stop the attack, the spoofed MAC entry gets cleared as well.

Tuesday, April 3, 2018

Is the Employee Data as Important as Customer data?

April 03, 2018 Posted by jaacostan ,
Hi guys, There is this Organization, that boasts about standards and policies. Yes, though these things are inevitable for the reputation of the company and data security, it actually matters only if it really implemented in practice.
I have seen many organizations, that creates policies only for the Audit/Compliance sake. 

Do you have a policy on data security? YES
Do you have a data security policy implemented in practice? hmmmm!!!.

Companies might be certified and meeting the regulatory standards but nothing has actually in practice. 
Let me share with you an incident.I accidentally discovered this thing in a normal google search. I searched something and i found an interesting result. Out of curiosity, i clicked on that particular Google search result and it took me to that Company's Employee directory. The Whole directory. I can search any Employee , i can see their Employee code, department and location. If you want to know how big the list is? Yes, a few thousands.

I first encounter this result more than a year back. I knew some of the Guys from that organization and i informed them. Some of them understood its importance and as per them, they escalated it. And hoped that they resolved it.

Last week, i saw that same result again in the Google search. Same database. 
They are supposed to show this information only once an employee is properly authenticated. Somehow, they are not bothered to show it directly without any authentication required. I searched about this organization and they holds certifications like ISO 27001 ,ISO 9001. Also they handles projects for various Governments and private firms. Such a big company should have some level of responsibility on keeping employee's information securely. These information can be used for social engineering and other privacy misuse. In many Countries, these info is considered as Personally Identifiable Information (PII) and breach of this can lead to million dollar fine. And its reputation will be a Question. 

So ever after 1 year of informing, they are not bothered of securing the employee info. This can be called as a Big Negligence. Despite of being an ISO 27001 certified organization, and have data security policies, they are not bothered of this data leak. So many questions will arise. 
  • What audit has actually happened and how they are certified? 
  • Do they periodically audit their information/data infra? 
  • Who is responsible if this data is misused?
  • Is their enough data security mechanisms for other information such as Customer info,Project details?

I discussed this with one person and he raised this concern with me.
Recent breaches reveals that the personal/official , financial data is not as secure as we are told... But your point put forward an open ended question: “can a company secure their client’s data when they can’t secure their employee data?” ...

So what actually matters is, Are you really practicing a Security policy? Is everyone aware of it?
Does your employee/management have that due care and due diligence?
Have the certifications, but not for an accreditation sake. Have everything in practice rather that boasting. 

Note: The data is available on web and can be searched using the google search. No manipulation or no tools needed. They reveal their employee info just like that. A technically sound person can manipulate the URL and may spill more info. This was also informed to them, sadly it seems nobody is bothered. Company Name is not mentioned due to privacy.

Friday, March 30, 2018

Microsoft Windows NLB Feature for Stateful Applications

March 30, 2018 Posted by jaacostan , ,
NLB is a software-based load balancer (Windows Feature) that resides on each member in the cluster. Load Balancing is based on number of client connection requests and the NLB algorithm does not dynamically respond to changes in the load on each cluster host (such as the CPU load or memory usage or Network Usage).
Thus, If client population is less and/or the connections produce varying loads on the server, the load balancing algorithm of Microsoft NLB is less effective.

To understand how NLB preserve the session state, first let me take you through the difference between a stateful and stateless connections:

Stateless
The application connection is said to be stateless if the server does not store any state about the client session instead the session data is saved at th client side. The server does not rely on information from earlier request.
** HTTP is a stateless connection as no session data is preserved.
** Cookies and other software’s/Addons are capable of storing session information about client and can be used with HTTP to make the connection stateful.
Note: Stateless Interactions- There is no impact/connection loss if the request is processed by different servers.

Stateful
The application connection is said to be stateful if the server store session state and data about the client session. Server rely on previous connection information (session) while processing the new connections requests.
Note: Stateful Interactions- There will be impact/connection loss if the request is processed by a different server after a session break and if the client session data is not shared between the servers.

Managing Application/Session State

Session state refers to client data that is visible to a particular client during the session duration. The server application containing the client state information must share the same with other hosts in the same cluster to prevent errors.
When an application maintains the state information of the client connection, it’s important to direct all TCP/UDP connections to the same cluster host processing the request.
In terms of application data, the data changes to the data store must be synchronized across multiple hosts in the cluster. One example is to use a backend database that is shared by all the instance of application residing across multiple cluster hosts.
To Maintain the Session State Microsoft NLB uses the Affinity Rule Options to direct all connections from a given client address or class of client addresses to the same cluster host.
Note: Client/server applications that embed session state within “cookies” or push it to a back-end database do not need client affinity to be maintained.

Client Affinity 

client affinity, NLB

NLB Offers three types of affinity configurations to preserve the session state namely; None, Single and Network (Class C). 
1.    None (No Affinity)
With this cluster option, no affinity rules are defined and client connections from any source can access any member host in the cluster. Useful for applications which does not need to store session information.
2.    Single
With this option NLB maps the clients to a specific host in the cluster based on the client’s Full IP Address. Once connection is established, the requests coming from the same client IP address always reach the same member server in the cluster.
Useful for Intranet Applications, as the clients in intranet have IP address within a narrow range. If used for Internet Applications, NLB becomes not efficient as it can span a broad IP range and also more computing overhead to the distributing algorithm. 
3.    Network (Class C)
With this option NLB associates clients to a specific host in the cluster based on the Class C {(192.0.0.1 to 223.255.255.254) /24} portion of the client IP Address. The connection from the same Class C address range always access the same member server in the cluster. This is best suited for cluster serving Internet applications.
Extended Affinity Option:
This is only available for Single and Class C Affinity options and is achieved by setting a timeout value in the filtering options. This timeout indicates that when a connection is lost/Interrupted, the cluster host keeps the client data for the specified duration of time so that if the client reconnects within the timeout duration, the client preferences/selections are still preserved.
Ex: Customer using an online shopping with products selected in the shopping cart, if the customer loss the connection and reconnects (Either due to client side issue or due to application side issue), the client can still see the selected products in the cart if the timeout value is defined.
---------------------------------------------------------------------------------------------------------------------------------
Article Author :-
Mr.Arjun Sunil
6+ year of experience in Windows Servers, Cloud & Virtualization.
Follow Arjun Sunil at his LinkedIn Here.
---------------------------------------------------------------------------------------------------------------------------------

Thursday, March 29, 2018

TLS version 1.3 is Here : A brief Overview

March 29, 2018 Posted by jaacostan ,
On 23rd March 2018, the latest version of TLS ,which is TLS 1.3 has been approved by the IETF. There are a considerable number of improvements and differences in TLS version 1.3 over 1.2. Now the developers need to implement this version in to their products and the actual roll out can be expected soon.
Right now, I'm having a Mozilla Firefox version 59.0.1 and by default the TLS1.3 is not yet enabled.
tls1.2,tls1.3,firefox tls1.3

But as per some tech forums, the browser does support TLSv1.3 though its not enabled by default. There are some tips available over internet on enabling TLSv1.3 manually but i'm not going to discuss that here.
On TLS version 1.3,one of the major improvement is the speed.

Those who need a revision on SSL handshake process, can refer to my older post.

So the handshake process in TLS1.2 have more packet exchanges.
tls1.3,tls1.2, tls1.3 wireshark
The whole handshake process in TLS 1.3 will be now concluded in just 3 exchanges. 
But basically the concept is same. Client starts with HELLO, Server responds with its HELLO. then session key exchange.The same process will remain the same for TLSv1.3 version as well but the number of round trip exchanges will be reduced to 3 by eliminating the negotiation on the kind of encryption to use. Instead, the initial connection is a statement from the client mentions what methods and modes i am going to use and server accepts it and respond, that speed up the handshake process. This also helps to eliminate the downgrade attack vector.

A few other major differences between TLS 1.2 and TLS 1.3 are mentioned below.
 1)The list of supported symmetric algorithms has been pruned of all algorithms that are considered legacy. Those that remain all use Authenticated Encryption with Associated Data (AEAD) algorithms.The ciphersuite concept has been changed to separate the authentication and key exchange mechanisms from the record protection algorithm (including secret key length) and a hash to be used with the key derivation function and HMAC.
AEAD is the only encryption approach without any known weaknesses.AEAD suites provide strong authentication, key exchange, forward secrecy, and encryption of at least 128 bits. TLS 1.3 supports only AEAD suites. SSL labs started applying scoring penalty consideration for websites that does not having AEAD support.

2) A 0-RTT mode was added, saving a round-trip at connection setup for some application data, at the cost of certain security properties.
It means that if the client has connected to the server before, TLS 1.3 permits a zero-round trip handshake.This is done by storing secret information such as session ID of the previous sessions and using them when both parties connect with each other in future. 

3)Static RSA and Diffie-Hellman cipher suites have been removed; all public-key based key exchange mechanisms now provide forward secrecy.
The SSL labs has already implemented a Penalty for not using forward secrecy in its scoring system ,if the website doesn't implement PFS.

4)All handshake messages after the ServerHello are now encrypted.The newly introduced EncryptedExtension message allows various extensions previously sent in clear in the ServerHello to also enjoy confidentiality protection from active attackers.

Also TLSv1.3 discontinued the support for obsolete ciphers and algorithms. That list includes the following major cryptographic standards/algorithms.
  •     RC4 Steam Cipher
  •     RSA Key Transport
  •     SHA-1 Hash Function
  •     CBC Mode Ciphers
  •     MD5 Algorithm
  •     Various Diffie-Hellman groups
  •     EXPORT-strength ciphers
  •     DES
  •     3DES
You can read the complete IETF document @ https://tools.ietf.org/html/draft-ietf-tls-tls13-28

Tuesday, March 27, 2018

Facts: Facebook Deactivation vs Deletion

March 27, 2018 Posted by jaacostan , ,
So the #deletefacebook campaign has been circulating over the internet, lets analyze the impact of deactivation and deletion of Facebook account and how to perform it.

Tip : If you don't want to read this article fully, here is the direct link for account deletion : 

Ok lets start, Firstly Deactivation.

So as per FB, "Deactivating your account will disable your Profile and remove your name and photo from most things that you've shared on Facebook. Some information may still be visible to others, such as your name in their Friends list and messages that you've sent.".
Also "Your Messenger account will remain active unless you deactivate it from the Messenger app. Using Messenger will not reactivate your Facebook account. Your profile picture will still be visible in your conversations and people will still be able to search for you by name to send you a message. You will continue to appear to friends on Facebook in places where they can message you."

Pretty good idea to regain the deactivated user accounts. Like sugar craving. For most of the guys, deactivation wont work as they intended and they will re-activate the account asap. 

You can deactivate the account from the setting page -> manage account and click on Edit.
delete facebook

That will take you to the Deactivation page.
delete facebook
You can click on Deactivate you account to deactivate. 
delete facebook

Now lets see about How to delete the Facebook account,

Like having a option to Deactivate the account directly from the Settings page, FB have not provided an option to delete the account.
But there is a account deletion option, but that's only for the died ones :P.
delete facebook
 
So if we go through the learn more link form the Settings -> General , it will take you through a basic help page on deactivation and deletion related topics. From there we can browse to another help page on "How do I permanently delete my account?" and can get the link to delete_account page.

The deletion process is so hectic for this Giant technological company as it takes up to 90 days to delete the account. So sad Right?.
Also they made it clear that, when you delete your account, the posts you shared with others will remain in the FB. So your friends will still have those posts and photos that you have shared with with.
delete facebook
 delete facebook
As per FB, " It may take up to 90 days from the beginning of the deletion process to delete all of the things you've posted, like your photos, status updates or other data stored in backup systems. While we are deleting this information, it is inaccessible to other people using Facebook.
Some of the things you do on Facebook aren’t stored in your account. For example, a friend may still have messages from you even after you delete your account. That information remains after you delete your account."
Which means, once you are in FB, it is not so easy to close your account and data immediately. 
Once you entered in to the fun world of social media, there is no easy way to get out of it.
So the direct link for the account deletion is https://www.facebook.com/help/delete_account

 So think twice before putting and exposing yourself, personal data, pictures , dates, history on Sites like FB. You cant put everything on internet and claim right for privacy.

Reference Links :