How can a networked system be attacked?
Why might a system be attacked?
A hacker may attack a network for a number of reason, the main reasons being;
- Confidentiality
- Authenticity
- Integrity
- Availability
The five steps all hackers should adhear to are;
- Reconnaissance (Passive and Active)
- Scanning (IP scan, Port scan, OS scan)
- Gaining access
- Maintaining access
- Covering tracks
Networked Systems can be attacked in various different ways. These are;
- Social Engineering
- Viruses
- Worms
- Rootkits
- Trojans
- Backdoors
- Shrink-wrap code (dropper)
- OS vulnerabilities
- Misconfiguration
- Phishing
- Spyware and Adware
- Keylogger
- DoS & DDoS
- Dictionary attack
- Brute Force attack
- Cross-site scripting
- SQL injection
- Google hacking
Social Engineering
Social engineering is a method of gaining important information. Social engineering is probably the most effective way of gaining sensitive information and also probably the easiest. There are two types of social engineering, person to person or computer based. Person to person, for example, you would ask a victim many questions whilst in conversation in order to try and discover the answers to their answers their security questions. You could call them pretending to be someone else (IT support) to find their user ID and password. Alternatively you can use computer based social engineering, known as phishing.
Phishing
Phishing is a term used to describe the act of attempting to acquire sensitive information by pretending to be a
trusted source via electronic communication. This is often done with
emails pretending to be a bank or similar. The link they give will often
be a cloned site so that they can access the users details when
entered.
Viruses
A virus infects another executable program and uses this carrier program in order to spread itself. The malicious code is infected into a previously safe program and once this program is run the virus will spread and start to cause damage in which ever way it has been designed to do so. Viruses can be injected into many types of program, the most common being macros, games, email attachments, visual basic scripts and animations. a virus will perform task without authentication or knowledge from the end user.
Worms
Worms and viruses are very similar although worms do not need a carrier program in order to infect the computer. A worm is very clever and will self-replicate and move from host to host. The Worm will spread from system to system automatically, unlike a virus which needs a carrier program. Like a virus, a worm will perform task without authentication or knowledge from the end user.
Rootkits
A rootkit is a very dangerous tool that hackers can use. The reason that it is so dangerous is that it is a set of software tools that enable an unauthorised user to gain control of a computer system without being detected. The reason it is largely undetectable by standard anti-virus is that it is injected into the kernel of the computer, the base and core of the operating system. Anti-virus software is designed to scan the operating system and all applications and files on it, the kernel, in a chronological order is before the operating system, therefore malicious code in the kernel goes undetected. There are specific rootkit-removal kits that can be downloaded but are not as popular and standard anti-virus and few people are aware of the importance of them.
Trojans & Backdoors
A trojan is a malicious piece of code discussed as a benign application or program, often seen to be as desirable by the end-user. Once a trojan has been downloaded the hacked has access to this computer. Trojans can be the gateway to theft, data loss and system crashes. A backdoor is a method of bypassing normal authentication and securing illegal remote access to a computer, while attempting to remain undetected. The backdoor may take the form of an installed program and can also be created in the system through a rootkit.
Shrink-wrap code (Dropper)
Shrink-wrap code is malicious code that i concealed within a perfectly acceptable application that may be trusted by thousands. For example, the macros in Microsoft word can be used for a hackers to execute different programs from within the system.
OS Vulnerabilities & Misconfiguration
Many network administrators install the network operating system with the default settings. This can cause problems, for example, when installing Windows Server the default setting if for there to be a guest user, many hackers use this to gain access. Misconfiguration can cause problems as the system may be configured for the lowest security settings which can result in vulnerabilities and attacks.
Adware and Spyware
Spyware is a program installed on a computer that sends information from the user's computer without their knowledge whenever the computer connects to the Internet to whomever controls the Spyware. Adware is a software that is installed together with another software or via activex controls on the internet. This is often done without the user's knowledge, or without any disclosure that it will be used for obtaining personal information. Adware usually obtain information about it user's passwords, email addresses, web browsing history, their online buying habits.
Keylogger
A keylogger can be both hardware and software. A hardware keylogger is a small attachment to the port of the keyboard. A software keylogger is a piece of software that will listen and log the keystrokes of the keyboard. Many anti-viruses could pick a keylogger up but keyloggers can run in 'stealth mode' to try and prevent this. Some paid keyloggers can be installed into the kernel of the operating system and therefore avoiding the anti-virus altogether. Keyloggers do contain extra functions, like the ability to take screenshots and recognise mouse clicks.
DoS and DDoS
A DoS attack stands for a Denial of Service attack. This type of attack sends many ping commands to a server, the aim of this is to make the server so busy returning the ping commands so that it denies service to legitimate users (access to the website). DoS attacks can be blocked easily, the network administrator can simply block connections from the computer sending the pings. This is where a DDoS is used. DDoS stands for Distributed Dinial of Service attack and like a DoS attack it involves pinging a victims server, only this time, doing it from as many computers as possible so that the victim cant simply block one IP address. Spoofing is a type of DDoS, instead of gaining access to many computers for a DDoS a hacker can ping an entire network pretending to be the victim (using the credentials of the victim) so when all computers in the network return the ping, they return it to the victims computer. This is a very efficient but complex method for a DDoS.
Dictionary and Brute Force
A dictionary attack uses a piece of software to crack a password. The software uses dictionary entries to guess the password for an account. It just runs the software until it finds a match. This is the reason many sites now require a user to add capitals, numbers and alpha-numerics as well as letters in their password, to minimise the success of dictionary attacks. A Brute force attack is very similar to a dictionary attack only a brute force attack formulates every combination of every symbol that can be used in a password for any length. A brute force attack can take a very long time, especially for long passwords, but with powerful software such as John the Ripper (a multi-platform password cracker) brute force attacks are very common.
Cross-Site Scripting (XSS)
Cross-Site Scripting is a vulnerability that is found in web applications and is used to inject malicious code. The vulnerabilities that allow this are widespread and they can be used in any part that takes user input and produces an output without validation or encoding it. The victim will view the web page and can then be infected without even knowing because the page usually will appear as normal. XSS can be used to gain credentials and bypass access controls.
SQL Injection
SQL Injection is a technique used to collect sensitive data from a website database this is done using putting an SQL query via the input data on the website. A successful SQL injection will allow an attacker to gain sesitive information from the database as well as allowing the attacker to modify data and execute desired operations from the database. To prevent this type of attack all entry fields must be correctly filtered to disallow any scripts running.
Google Hacking
The Google Hacking is a term used to describe when an attacker uses a Google search to uncover vulnerabilities of a website. The Google Hacking Database (GHDB) is a database of queries that can identify sensitive data. Google in fact does attempt and prevent hackers from gaining access to this information but it is virtually impossible to stop an attacker from crawling websites and launching the GHDB queries onto the crawled content. Using this information hackers can essentially see a list of websites that may be vulnerable to attack. The database contains information such as log in portal pages, passwords and sensitive directories.
Recent Security Breaches
Evernote
The popular note-taking software service Evernote had to reset the passwords of all of its 50 million users following a network breach. The company did not find any indication that content or payment information was stolen. However, usernames, email addresses, and encrypted passwords of users were accessed.
Twitter
On The 1st of February 2013, Twitter announced it had been subjected to unauthorized access attempts over the course of a week. Attackers were trying to gain user account information such as usernames, email addresses, session tokens, and encrypted versions of passwords. Twitter said approximately 250,000 users accounts were breached including those of corporate employees and reporters. Twitter said the attack was not the work of amateurs, and the methods used were extremely sophisticated.
Social engineering is a method of gaining important information. Social engineering is probably the most effective way of gaining sensitive information and also probably the easiest. There are two types of social engineering, person to person or computer based. Person to person, for example, you would ask a victim many questions whilst in conversation in order to try and discover the answers to their answers their security questions. You could call them pretending to be someone else (IT support) to find their user ID and password. Alternatively you can use computer based social engineering, known as phishing.
Cross-Site Scripting is a vulnerability that is found in web applications and is used to inject malicious code. The vulnerabilities that allow this are widespread and they can be used in any part that takes user input and produces an output without validation or encoding it. The victim will view the web page and can then be infected without even knowing because the page usually will appear as normal. XSS can be used to gain credentials and bypass access controls.
SQL Injection is a technique used to collect sensitive data from a website database this is done using putting an SQL query via the input data on the website. A successful SQL injection will allow an attacker to gain sesitive information from the database as well as allowing the attacker to modify data and execute desired operations from the database. To prevent this type of attack all entry fields must be correctly filtered to disallow any scripts running.
The Google Hacking is a term used to describe when an attacker uses a Google search to uncover vulnerabilities of a website. The Google Hacking Database (GHDB) is a database of queries that can identify sensitive data. Google in fact does attempt and prevent hackers from gaining access to this information but it is virtually impossible to stop an attacker from crawling websites and launching the GHDB queries onto the crawled content. Using this information hackers can essentially see a list of websites that may be vulnerable to attack. The database contains information such as log in portal pages, passwords and sensitive directories.
No comments:
Post a Comment