Security is a multifaceted issue that must be addressed to avoid
abuse to your network from hackers and employees.
When you are connected
to the Internet your network is open to the public unless it is
protected by a firewall. Networks that are permanently connected to
the Internet via T1, Frame Relay, xDSL or cable modem broadband are
particularly vulnerable to malicious attacks from hackers. A well
configured firewall will block uninvited visitors whilst allowing
limited access to authorized users and services.
Within a network
sensitive information such as personnel records and accounts data can
be protected by configuring permissions that only allow access for
those who are authorized. Passwords to logon to the network should be
changed on a regular basis and should be sufficiently complex that
they cannot be guessed easily.
Compupros Unlimited can
advise on all aspects of network security, deploy firewalls and
implement a security policy to protect your data and systems.
Compupros Unlimited can
advise and configure an Intrusion Detection System. Below are some
examples with brief descriptions.
Network Intrusion Detection Systems (NIDS) monitors packets on the
network wire and attempts to discover if a hacker/cracker is
attempting to break into a system (or cause a denial of service
attack). A typical example is a system that watches for large number
of TCP connection requests (SYN) to many different ports on a target
machine, thus discovering if someone is attempting a TCP port scan. A
NIDS may run either on the target machine who watches its own traffic
(usually integrated with the stack and services themselves), or on an
independent machine promiscuously watching all network traffic (hub,
router, probe). Note that a "network" IDS monitors many machines,
whereas the others monitor only a single machine (the one they are
System Integrity Verifiers (SIV) monitors system files to find when a
intruder changes them (thereby leaving behind a backdoor). The most
famous of such systems is "Tripwire". A SIV may watch other components
as well, such as the Windows registry and chron configuration, in
order to find well known signatures. It may also detect when a normal
user somehow acquires root/administrator level privileges. Many
existing products in this area should be considered more "tools" than
complete "systems": i.e. something like "Tripwire" detects changes in
critical system components, but doesn't generate real-time alerts upon
Log File Monitors (LFM) monitor log files generated by network
services. In a similar manner to NIDS, these systems look for patterns
in the log files that suggest an intruder is attacking. A typical
example would be a parser for HTTP server log files that looking for
intruders who try well-known security holes, such as the "phf" attack.
Deception Systems (A.K.A. decoys, lures, fly-traps, honeypots) which
contain pseudo-services whose goal is to emulate well-known holes in
order to trap hackers. Also, simple tricks by
renaming "administrator" account on NT, 2000 or 2003, then setting up
a dummy account with no rights by extensive auditing can be used.
To answer the question
"How do intruders get into systems?"
Physical Intrusion - If intruders have physical access to a machine
(i.e. they can use the keyboard or take apart the system), they will
be able to get in. Techniques range from special privileges the
console has, to the ability to physically take apart the system and
remove the disk drive (and read/write it on another machine). Even
BIOS protection is easy to bypass: virtually all BIOSes have backdoor
passwords or can be cleared..
System Intrusion - This type of hacking assumes the intruder already
has a low-privilege user account on the system. If the system doesn't
have the latest security patches, there is a good chance the intruder
will be able to use a known exploit in order to gain additional
Remote Intrusion - This type of hacking involves a intruder who
attempts to penetrate a system remotely across the network. The
intruder begins with no special privileges. There are several forms of
this hacking. For example, a intruder has a much more difficult time
if there exists a firewall on between him/her and the victim machine
Social Engineering -
Social engineering is a hacker’s clever manipulation of the natural
human tendency to trust, with the goal of obtaining information that
will allow him/her to gain unauthorized access to a valued system and
the information that resides on that system. The basic goals of social
engineering are the same as hacking in general: to gain unauthorized
access to systems or information in order to commit fraud, network
intrusion, industrial espionage, identity theft, or simply to disrupt
the system or network.