Slashdot Mirror
Anatomy of a Hack
Tiberius_Fel writes "Informit.com is running an extensive article about the anatomy of a hack against a sample network. It's an excerpt from a book titled Protect Your Windows Network: From Perimeter to Data. Even though it makes references to Windows, the techniques can be applied to other operating systems fairly easily." From the article: "Although attacking networks can be fun and informative--not to mention illegal if you do not have all the proper permissions--the fact remains that the vast majority of us do not need to know how to do so. Frankly, becoming a good penetration tester (pen tester) takes more than a week-long class. It takes commitment, dedication, intuition, and technical savvy, not to mention a blatant disregard for the rules and the right way to do things."
For all too many business owners and managers out there it just isn't worth it for them to learn to secure computers. They have enough trouble learning and keeping up with the business they have. Normally it isn't until they are breached that they realize that security is a need.
But that's what America is for. They need something, but don't have the time to do it. So you learn how to provide for their need, and sell it to them.
I like to check out the security of my network using the nessus vulnerability scanner. It's free, it works, and it makes me think happy thoughts. :)
( and it keeps me from doing a lot of work )
If con is the opposite of pro. Then isn't congress the opposite of progress?
Isn't hacking more about the creation of something than the destruction of something? This sounds more like cracking. Anyone can open up a locked car with a coat hanger and hot wire it, but that doesn't make them equal with the skill of the engineers that created the car.
Powered by caffeine and sugar; BSD
Risk Management would be the first step. Deciding what you value is part of that. But you also have to consider threat probability and whether or not the perceived value of assets is worth protecting. And if they are worth protecting, you have to make the cost of obtaining those assets greater than the intruder's perceived value.
Also remember that social engineering can be used to penetrate networks.
I don't think this isn't really what the author meant about the backups being compromised.
If you were a hacker, and had just broken into someone's computer/network, would you start playing around and messing things up as soon as you got in?
Hell no. Only a moron would do that. You would (very quietly) install another backdoor or two, to make sure you can still get in, and then you'd wait five or six months, maybe a year or so, and ~then~ start causing trouble.
If you start making a mess right away, there's a good chance you'll get detected, and they'll do something about it to lock you out, maybe even going back to those backups and restoring them. That's no good.
On the other hand, if you wait, then by the time you start causing noticeable damage, they've already made new backups several times. With your exploits already in them. So they can restore the backups, and you can log right back in. The only way to get uncompromized backups will to use very old ones, from before you got in in the first place.
Patience is a virtue, in hacking just as in everything else.
Slashdot surrendering to the mainstream, negative meaning of "hack".
:~
I though it was supposed to be a hacker forum
1. Call helpdesk, impersonate corporate boss, tell them you forgot your password and connection information, get it reset.
2. Connect with VPN/dialup access.
3. Exploit local root hole
Simple!
The article relies on somebody setting up a web server that allows SQL injection and runs using the admin user... who in their right mind would set up a system like this??
They may aswell have written an article on how to crack a system if somebody sends you the SA password... pathetic!
Time is an illusion. Lunchtime doubly so. - Douglas Adams
The article is not realistic, the scenarios described are way too simplified, and it's not something a true security guru would waste 5 minutes even contemplating as a "real life" example of how stuff works.
Remember, though, that by even knowing that the topic of security exists, you're ahead of 80% of the crowd. Firewall? 90%. What are ports and sockets? 95%. SQL Injection? Cross-site scripting? Packet rebuilding with Scapy? Memory manipulation? Bus mastering? Whoa.
If anything, I have noticed my overall technical clue level go down pretty drastically over the last few years, simply by virtue of having to choose how to talk to my audience (I'm a security consultant, although sometimes I wonder whether I'm worthy of the term. I start tending to describe myself as more of a well-paid kindergarden teacher.)
The article does a fine step-by-step description of the basics of intrusion, in sufficient-but-not-quite-overpowering-detail. It is not geared at you, but is rather meant to present some basics of the topic in a non-intimidating manner (no, "go memorize RFC 793" is NOT an acceptable answer for most of the world) to technically somewhat-but-not-overly-clued managers, developers, whatnot.
The mistake the slashdot crowd (and most '1337 security types) make is taking a very overbearingly arrogant stance to the wide-eyed and scared masses who just want someone to tell them "ok, we have a big problem here, but let me try to explain what it is and how it works." Remember that and you'll go far professionally.
Cole's Law: Thinly sliced cabbage