Identifying Types of Hacking Technologies
->Many methods and tools exist for locating vulnerabilities, running exploits, and com-promising systems. Once vulnerabilities are found in a system, a hacker can exploit thatvulnerability and install malicious software. Trojans, backdoors, and rootkits are all forms
of malicious software, or malware. Malware is installed on a hacked system after a vulner-ability has been exploited.
Buffer overflows and SQL injection are two other methods used to gain access into com-puter systems. Buffer overflows and SQL injection are used primarily against application
servers that contain databases of information.
These technologies and attack methods will each be discussed in later chapters. Many
are so complex that an entire chapter (Chapter 9, “Attacking Applications: SQL Injection
and Buffer Overflows”) is devoted to explaining the attack and applicable technologies.
Most hacking tools exploit weaknesses in one of the following four areas:
Operating Systems : Many system administrators install operating systems with the default
settings, resulting in potential vulnerabilities that remain unpatched.
Applications : Applications usually aren’t thoroughly tested for vulnerabilities when
developers are writing the code, which can leave many programming flaws that a hacker
can exploit. Most application development is “feature-driven,” meaning programmers are
under a deadline to turn out the most robust application in the shortest amount of time.
Shrink-Wrap Code : Many off-the-shelf programs come with extra features the common
user isn’t aware of, and these features can be used to exploit the system. The macros in
Microsoft Word, for example, can allow a hacker to execute programs from within the
application.
Misconfigurations : Systems can also be misconfigured or left at the lowest common secu-rity settings to increase ease of use for the user; this may result in vulnerability and an
attack
Identifying Types of Ethical Hacks
Ethical hackers use many different methods to breach an organization’s security during a
simulated attack or penetration test. Most ethical hackers have a specialty in one or a few
of the following attack methods. In the initial discussion with the client, one of the question
that should be asked is whether there are any specific areas of concern, such as wireless
networks or social engineering. This enables the ethical hacker to customize the test to be
performed to the needs of the client. Otherwise, security audits should include attempts to
access data from all of the following methods.
Here are the most common entry points for an attack:
Remote Network : A remote network hack attempts to simulate an intruder launching an
attack over the Internet. The ethical hacker tries to break or find vulnerability in the out-
side defenses of the network, such as firewall, proxy, or router vulnerabilities. The Internet
is thought to be the most common hacking vehicle, while in reality most organizations have
strengthened their security defenses sufficient to prevent hacking from the public network.
Remote Dial-Up Network : A remote dial-up network hack tries to simulate an intruder
launching an attack against the client’s modem pools. War dialing is the process of repeti-
tive dialing to find an open system and is an example of such an attack. Many organiza-
tions have replaced dial-in connections with dedicated Internet connections so this method
is less relevant than it once was in the past.
Local Network : A local area network (LAN) hack simulates someone with physical access
gaining additional unauthorized access using the local network. The ethical hacker must
gain direct access to the local network in order to launch this type of attack. Wireless
LANs (WLANs) fall in this category and have added an entirely new avenue of attack as
radio waves travel through building structures. Because the WLAN signal can be identi-
fied and captured outside the building, hackers no longer have to gain physical access
to the building and network to perform an attack on the LAN. Additionally, the huge
growth of WLANs has made this an increasing source of attack and potential risk to many
organizations.
Stolen Equipment : A stolen-equipment hack simulates theft of a critical information
resource such as a laptop owned by an employee. Information such as usernames, pass-
words, security settings, and encryption types can be gained by stealing a laptop. This is
usually a commonly overlooked area by many organizations. Once a hacker has access to a laptop authorized in the security domain, a lot of information, such as security configura-
tion, can be gathered. Many times laptops disappear and are not reported quickly enough
to allow the security administrator to lock that device out of the network.
Social Engineering : A social-engineering attack checks the security and integrity of the
organization’s employees by using the telephone or face-to-face communication to gather
information for use in an attack. Social-engineering attacks can be used to acquire user-
names, passwords, or other organizational security measures. Social-engineering scenarios usually consist of a hacker calling the help desk and talking the help desk employee into
giving out confidential security information.
Physical Entry : A physical-entry attack attempts to compromise the organization’s physi-
cal premises. An ethical hacker who gains physical access can plant viruses, Trojans, root-
kits, or hardware key loggers (physical device used to record keystrokes) directly on systems in the target network. Additionally, confidential documents that are not stored in a secure location can be gathered by the hacker. Lastly, physical access to the building would allow a hacker to plant a rogue device such as a wireless access point on the network.These devices could then be used by the hacker to access the LAN from a remote location.
No comments:
Post a Comment