Hacker Threat Analyzed
The hacker threat is the most dangerous, and most difficult to protect against, of all threats facing home users and company networks. Unlike with just some code, where you can use its own logic to defeat it, a hacker is a "real" thinking person who will react to your actions and try to circumvent logic based defenses by often behaving illogically.
Whole books have been written on this subject so it's a difficult area to cover in just a few lines. Despite the existence of your firewall you do have to allow some traffic through a firewall and you run applications behind a firewall. Even if this is just browsers running Internet Explorer and browsing web sites then you are still vulnerable to a whole raft of attacks. Also not all risks come from the outside. Inside hacking is also a potential problem.
OK, it is certainly no understatement to suggest that for every line of code ever written there's a potential vulnerability waiting for exploitation. While hackers and crackers are constantly looking for new vulnerabilities, the tools and techniques they employ are almost always variations of previous attacks. Bear in mind that no list of vulnerabilities and exploits is ever complete!
So what are some of the methods used to used to hack and crack your networks?
• IP Spoofing
• FTP attacks
• Flooding and Broadcasting
• Fragmented Packet Attacks
• E-Mail Exploits
• DNS Server exploits
• Password attacks
• Proxy Server attacks
• Remote File System attacks
• Selective Program Insertion
• Port Scanning
• TCP/IP sequence manipulation
• Web Server attacks
• Behind the firewall attacks
• Active X controls
There are any number of methods, as shown above, that can be used to try and gain access to your network and the problem with many networks is that they are integrated on the inside of the firewall. This means that once an attacker can get inside your firewall and see the network the way you see it, well - the rest becomes almost trivial.
What are the hackers' objectives?
Whilst there are as many motives as there are hackers, it is possible to broadly categories them into 5 main typical stereotypes, though this is by no means intended to be an exhaustive list:
1. "White-Hat Hackers" looking for vulnerabilities in systems so that they can gain respect by making the computer community aware of security vulnerabilities. Rarely cause damage but it can be very damaging and embarrassing if they show these vulnerabilities using your set-up.
2. "Thrill-seekers" who gain pleasure from hacking into systems. These can vary widely and may or may not cause damage to systems depending on their specific "thrill".
3. Criminals who seek to extract information for monetary or other gain. These are usually after something quite specific i.e. customer lists, credit card information, etc.
4. Politically motivated hackers. These can include all those who hack for a political motive and can include anarchists, communists and terrorists. They can be very destructive since their ultimate aim may be to destabilize the whole infrastructure of a company, country or region.
5. Industrial spies. Never underestimate the potential that the Internet has brought for competitors to "check-up on" or "check-out" their competition. Most of the time this is legal i.e. reading the information you yourself make public, but the Rubicon into spying can sometimes be crossed - remember, not everyone necessarily shares your business ethics, particularly when hard times strike! Some companies now even advertise industrial espionage services. It is safer to be suspicious and alert to all potential threats.
What can I do to protect myself?
1. Know thy enemy - learn the techniques and think about how you can counter them
2. Regularly scan your network for vulnerabilities - both inside and out
3. Separate your private network from your public servers such as email, proxy servers, web servers, DNS servers, etc. Double firewalling can do this.
4. Use strong passwords including special characters such as £$%@. Your password is often your first and last line of defense. Certainly do not have ANY blank passwords. Password security also applies to network hardware.
5. Do not use the same administrator/root password throughout your organization. It may be convenient for you but it is also convenient for an intruder.
6. Harden the operating system on your critical servers and perhaps even on user workstations.
7. Turn off unnecessary services - minimalism is a good thing!
8. Apply the latest security patches to ALL the applications that run.
9. Deploy good intrusion detection (better still prevention), baseline your configurations so you can detect any changes.
10. Deploy additional perimeter protection against virus in emails, web pages, ftp downloads, etc
11. Do not allow your staff to download Active X controls into their browsers. The Active X technology can give almost total control over a PC and its resources from a remote location and should only be used on Intranets.
12. Do not allow external access to your proxy servers and DNS servers. On DNS servers turn-off recursive lookup.
13. Turn off unnecessary Microsoft and other File and Print sharing services. Allocate specific servers as file sharers and turn-off workstation shares. Consider using Print sharing devices rather than PC's for sharing printers.
14. Have a security standards policy and ensure that compliance against is regularly checked.
15. Be VERY alert at all times and make yourself familiar with all your configurations.
16. Make backups of new server installations immediately after installation. This way you can return to a "clean" installation quite easily.
The hacker threat is the most dangerous, and most difficult to protect against, of all threats facing home users and company networks. Unlike with just some code, where you can use its own logic to defeat it, a hacker is a "real" thinking person who will react to your actions and try to circumvent logic based defenses by often behaving illogically.
Whole books have been written on this subject so it's a difficult area to cover in just a few lines. Despite the existence of your firewall you do have to allow some traffic through a firewall and you run applications behind a firewall. Even if this is just browsers running Internet Explorer and browsing web sites then you are still vulnerable to a whole raft of attacks. Also not all risks come from the outside. Inside hacking is also a potential problem.
OK, it is certainly no understatement to suggest that for every line of code ever written there's a potential vulnerability waiting for exploitation. While hackers and crackers are constantly looking for new vulnerabilities, the tools and techniques they employ are almost always variations of previous attacks. Bear in mind that no list of vulnerabilities and exploits is ever complete!
So what are some of the methods used to used to hack and crack your networks?
• IP Spoofing
• FTP attacks
• Flooding and Broadcasting
• Fragmented Packet Attacks
• E-Mail Exploits
• DNS Server exploits
• Password attacks
• Proxy Server attacks
• Remote File System attacks
• Selective Program Insertion
• Port Scanning
• TCP/IP sequence manipulation
• Web Server attacks
• Behind the firewall attacks
• Active X controls
There are any number of methods, as shown above, that can be used to try and gain access to your network and the problem with many networks is that they are integrated on the inside of the firewall. This means that once an attacker can get inside your firewall and see the network the way you see it, well - the rest becomes almost trivial.
What are the hackers' objectives?
Whilst there are as many motives as there are hackers, it is possible to broadly categories them into 5 main typical stereotypes, though this is by no means intended to be an exhaustive list:
1. "White-Hat Hackers" looking for vulnerabilities in systems so that they can gain respect by making the computer community aware of security vulnerabilities. Rarely cause damage but it can be very damaging and embarrassing if they show these vulnerabilities using your set-up.
2. "Thrill-seekers" who gain pleasure from hacking into systems. These can vary widely and may or may not cause damage to systems depending on their specific "thrill".
3. Criminals who seek to extract information for monetary or other gain. These are usually after something quite specific i.e. customer lists, credit card information, etc.
4. Politically motivated hackers. These can include all those who hack for a political motive and can include anarchists, communists and terrorists. They can be very destructive since their ultimate aim may be to destabilize the whole infrastructure of a company, country or region.
5. Industrial spies. Never underestimate the potential that the Internet has brought for competitors to "check-up on" or "check-out" their competition. Most of the time this is legal i.e. reading the information you yourself make public, but the Rubicon into spying can sometimes be crossed - remember, not everyone necessarily shares your business ethics, particularly when hard times strike! Some companies now even advertise industrial espionage services. It is safer to be suspicious and alert to all potential threats.
What can I do to protect myself?
1. Know thy enemy - learn the techniques and think about how you can counter them
2. Regularly scan your network for vulnerabilities - both inside and out
3. Separate your private network from your public servers such as email, proxy servers, web servers, DNS servers, etc. Double firewalling can do this.
4. Use strong passwords including special characters such as £$%@. Your password is often your first and last line of defense. Certainly do not have ANY blank passwords. Password security also applies to network hardware.
5. Do not use the same administrator/root password throughout your organization. It may be convenient for you but it is also convenient for an intruder.
6. Harden the operating system on your critical servers and perhaps even on user workstations.
7. Turn off unnecessary services - minimalism is a good thing!
8. Apply the latest security patches to ALL the applications that run.
9. Deploy good intrusion detection (better still prevention), baseline your configurations so you can detect any changes.
10. Deploy additional perimeter protection against virus in emails, web pages, ftp downloads, etc
11. Do not allow your staff to download Active X controls into their browsers. The Active X technology can give almost total control over a PC and its resources from a remote location and should only be used on Intranets.
12. Do not allow external access to your proxy servers and DNS servers. On DNS servers turn-off recursive lookup.
13. Turn off unnecessary Microsoft and other File and Print sharing services. Allocate specific servers as file sharers and turn-off workstation shares. Consider using Print sharing devices rather than PC's for sharing printers.
14. Have a security standards policy and ensure that compliance against is regularly checked.
15. Be VERY alert at all times and make yourself familiar with all your configurations.
16. Make backups of new server installations immediately after installation. This way you can return to a "clean" installation quite easily.
