1. Trang chủ
  2. » Công Nghệ Thông Tin

Bảo mật hệ thống mạng part 37 doc

7 258 1

Đang tải... (xem toàn văn)

THÔNG TIN TÀI LIỆU

Thông tin cơ bản

Định dạng
Số trang 7
Dung lượng 398,52 KB

Nội dung

CHAPTER 13 Hacker Techniques 235 Copyright 2001 The McGraw-Hill Companies, Inc. Click Here for Terms of Use. 236 Network Security: A Beginner’s Guide N o discussion of security would be complete without a chapter on hackers and how they work. I use the term hacker here for its current meaning—an individual who breaks into computers. It should be noted that in the past, “hacker” was not a derogatory term but rather a term for an individual who could make computers work. Perhaps a more appropriate term might be “cracker” or “criminal,” however, to conform to current usage, “hacker” will be used to identify those individuals who seek to intrude into computer systems or to make such systems unusable. Studies have found hackers most often to be ▼ Male ■ Between 16 and 35 years old ■ Loners ■ Intelligent ▲ Technically proficient This is not to say that all hackers are male or between the ages of 16 and 35, but most are. Hackers have an understanding of computers and networks and how they actually work. Some have a great understanding of how protocols are supposed to work and how proto- cols can be used to make systems act in certain ways. This chapter is intended to introduce you to hackers, their motivation, and their tech- niques. I won’t teach you how to hack but I’ll hopefully give you some insights as to how your systems may be attacked and used. A HACKER’S MOTIVATION Motivation is the key component to understanding hackers. The motivation of the hacker identifies the purpose of the attempted intrusion. Understanding the motivation also helps us to understand what makes a computer interesting to such an individual. Is the system somehow valuable or enticing? To which type of intruder is the system of inter - est? Answering these questions allows security professionals to better assess the danger to their systems. Challenge The original motivation for breaking into computer systems was the challenge of doing so. This is still the most common motivation for hacking. Once into a system, hackers brag about their conquests over Internet Relay Chat (IRC) channels that they specifically set up for such discussions. Listening in on the IRC chan - nels shows how the hackers gain status by compromising difficult systems or large num - bers of systems. Another aspect of the challenge motivation is not the difficulty of hacking a given sys - tem but the challenge of being the first to hack that particular system or the challenge of hacking the largest number of systems. In some cases, hackers have been seen removing the vulnerability that allowed them to successfully hack the system so that no one else can hack the system. The challenge motivation is often associated with the untargeted hacker, in other words, someone who hacks for the fun of it without really caring which systems he com - promises. It is not often associated with the targeted hacker who is usually looking for specific information or access. What this means for security is simply that any system at - tached to the Internet is a potential target. Another form of the challenge motivation that is being seen more and more often is hactivism, or hacking for the common good. This reason is often provided after the fact as justification for the crime. Hacktivism is potentially a more dangerous motivation as it entices honest and naive individuals. Greed Greed is one of the oldest motivations for criminal activity known. In the case of hacking, I will extend this motivation to include any desire for gain whether it be money, goods, services, or information. Is greed a reasonable motivation for a hacker? To determine this, let’s examine the difficulty of identifying, arresting, and convicting a hacker. If an intrusion is identified, most organizations will correct the vulnerability that al- lowed the intrusion, clean up the systems, and go on with their work. Some may call law enforcement, in which case, the ability to track the intruder may be compromised by a lack of evidence or by the hacker using computers in a country without computer security laws. Assuming that the hacker is tracked and arrested, the case must now be presented to a jury, and the district attorney (or U.S. Attorney if the case is federal) must prove beyond a rea- sonable doubt that the person sitting in the defendant’s chair was actually the person who broke into the victim’s system and stole something. This is difficult to do. Even in the case of a successful conviction, the hacker may not receive much of a pen - alty. Consider the case of Datastream Cowboy. In 1994, Datastream Cowboy broke into the Rome Air Development Center at Griffis Air Force Base in Rome, NY and stole soft - ware valued at over $200,000. Datastream Cowboy, who was identified as a 16-year-old living in the United Kingdom, was arrested and convicted of the crime in 1997. His pun - ishment was a fine of $1,915. This example illustrates an important point about the greed motivation: there has to be a way to control the downside for the criminal. In the case of hacking a system, the risk of being caught and convicted is low; therefore, the potential gain from the theft of credit card numbers, goods, or information is very high. A hacker motivated by greed will be looking for specific types of information that can be sold or used to realize some monetary gain. A hacker motivated by greed is more likely to have specific targets in mind. In this way, sites that have something of value (software, money, information) are primary targets. Chapter 13: Hacker Techniques 237 Malicious Intent The final motivation for hacking is malicious intent or vandalism. In this case, the hacker does not care about controlling a system (except in the furtherance of the vandalism). In - stead, the hacker is trying to cause harm either by denying the use of the system to legiti - mate users or by changing the message of the site to one that hurts the legitimate owners. Malicious attacks tend to be focused on particular targets. The hacker is actively looking for ways to hurt a particular site or organization. The hacker’s underlying reason for the vandalism may be a feeling that he or she had been somehow wronged by the victim or it may be a desire to make a political statement by the defacement. Whatever the base reason, the purpose of the attack is to do damage not to gain access. Figure 13-1 shows an example of a Web site that has been vandalized. 238 Network Security: A Beginner’s Guide Figure 13-1. An example of a vandalized Web site Chapter 13: Hacker Techniques 239 HISTORICAL HACKING TECHNIQUES This section is going to take a different perspective than most when we talk about the his - tory of hacking. The cases of the past have been well publicized and there are many re - sources that describe such cases and the individuals involved. Instead, this section will approach the history of hacking by discussing the evolution of techniques used by hack - ers. As you will be able to see, many cases of successful hacking could be avoided by proper system configuration and programming techniques. Open Sharing When the Internet was originally created, the intent was the open sharing of information and collaboration between research institutions. Therefore, most systems were config - ured to share information. In the case of Unix systems, the Network File System (NFS) was used. NFS allows one computer to mount the drives of another computer across a network. This can be done across the Internet just as it can be done across a Local Area Network (LAN). File sharing via NFS was used by some of the first hackers to gain access to informa- tion. They simply mounted the remote drive and read the information. NFS uses user ID numbers (UID) to mediate the access to the information on the drive. So if a file were lim- ited to user JOE, UID 104, on its home machine, user ALICE, UID 104, on a remote ma- chine would be able to read the file. This became more interesting when some systems were found to allow the sharing of the root file system (including all the configuration and password files). In this case, if a hacker could become root on a system and mount a remote root file system, he could change the configuration files of that remote system (see Figure 13-2). Open file sharing might be considered a serious configuration mistake instead of a vulnerability. This is especially true when you find out that many operating systems (in - cluding Sun OS) shipped with the root file system exportable to the world read/write (this means that anyone on any computer system that could reach the Sun system could mount the root file system and make any changes they wished to make). If the default configuration on these systems were not changed, anyone could mount the system’s root file system and change whatever they wanted to change. Unix systems are not the only systems to have file-sharing vulnerabilities. Windows NT, 95, and 98 also have these issues. Any of these operating systems can be configured to allow the remote mounting of their file systems. If a user determines the need to share files, it is very easy to mistakenly open the entire file system up to the world. In the same category as open sharing and bad configurations, we also have trusted re - mote access (in effect, we are sharing access among systems). The use of rlogin (remote login without a password) used to be common among system administrators and users. Rlogin allows users to access multiple systems without re-entering their password. The .rhost and host.equiv files control who can access a system without entering a password. If the files are used properly (one could argue that the use of the rlogin is not proper at all), the .rhost and host.equiv files specify the systems from which a user may rlogin with- out a password. Unfortunately, Unix allows for a plus sign (+) to be placed at the end of the file. This plus sign signifies that any system will be trusted to vouch for the user and thus, the user is not required to re-enter a password no matter which system the user is coming from. Obviously, hackers love to find this configuration error. All they need to do is to identify one user or administrator account on the system and they are in. Bad Passwords Perhaps the most common method used by hackers to get into systems is through weak passwords. Passwords are still the most common form of authentication in use. Since passwords are the default authentication method on most systems, using them does not incur additional cost. An additional benefit of using passwords is that users understand how to use them. Unfortunately, many users do not understand how to choose strong passwords. This leaves us with the situation that many passwords are short (less than four characters) or easy to guess. Short passwords allow a hacker to brute-force the password. In other words, the hacker keeps guessing at passwords until a successful guess is made. If the password is only two characters long, there are only 676 combinations (if just letters are used). You can compare that to 208 million combinations (if just letters are used) for an eight-character password. While both can be guessed if all the combinations are tried, it is much easier to guess a two-character password than an eight-character password. 240 Network Security: A Beginner’s Guide Figure 13-2. Use of NFS to access remote system files TEAMFLY Team-Fly ® Chapter 13: Hacker Techniques 241 The other type of weak password is one that is easy to guess. For instance, making the root password “toor” (“root” spelled backwards) allows a hacker to gain access to the system very quickly. Some password issues also fall into the bad configuration category. For instance, on older Digital Equipment Corporation VAX VMS systems the field service account was named “field” and the password was “field.” If the system administrator did not know enough to change this password, anyone could gain access to the system by us - ing this account. Other common password choices that make weak passwords are: wiz - ard, NCC1701, gandalf, and drwho. A good example of how weak passwords can be used to compromise systems is pro - vided by the Morris Worm. In 1988, a Cornell University student by the name of Robert Morris, released a program onto the Internet. This program used several vulnerabilities to gain access to computer systems and replicate itself. One of the vulnerabilities it used was weak passwords. Along with using a short list of common passwords to guess, the program also tried a null password, the account name, that account name concatenated with itself, the user’s first name, the user’s last name, and the account name reversed. This worm compromised enough systems to effectively bring down the Internet. Unwise Programming Hackers have taken advantage of unwise programming many times. Unwise program- ming includes such things as leaving a back door in a program for later access to the sys- tem. Early versions of Sendmail had such back doors. The most common was the WIZ command. If a connection was made to the Sendmail program (by telneting to port 25) and the command WIZ was entered, Sendmail would provide a root shell into the sys- tem. This feature was originally included in Sendmail for use while debugging the pro- gram. For that purpose, it was a great tool. However, such features left in programs released to the public provide hackers with instant access to systems that use the pro- gram. There are many examples of such back doors in programs. Hackers have identified most of the known back doors and, in turn, programmers have fixed them. Unfortu - nately, some of these back doors still exist because the software in question has not been updated on systems where it is running. More recently, the boom in Web site programming has created a new category of un - wise programming. This new category has to do with online shopping. In some Web sites, information on what you are buying is kept in the URL string itself. This information can include the item number, the quantity, and even the price. The information in the URL is used by the Web site when you check out to determine how much your credit card should be charged. It turns out that many of these sites do not verify the information (such as the price of the item) when the item is ordered. The site just takes what is in the URL as the cor - rect price. If a hacker chooses to modify the URL before checking out, he may be able to get the item for nothing. In fact, there are cases in which the hacker set the price to a negative number and was able to get the Web site to provide a credit to the credit card instead of be - ing charged for the item. Clearly it is not wise to leave this type of information in a location (such as the URL string) that can be modified by the customer and then to not check the in - formation on the back end. While this particular vulnerability does not allow a hacker to gain access to the system, it does provide a big a risk to the site. . the legitimate owners. Malicious attacks tend to be focused on particular targets. The hacker is actively looking for ways to hurt a particular site or organization. The hacker’s underlying reason. something of value (software, money, information) are primary targets. Chapter 13: Hacker Techniques 237 Malicious Intent The final motivation for hacking is malicious intent or vandalism. In this case,. not the difficulty of hacking a given sys - tem but the challenge of being the first to hack that particular system or the challenge of hacking the largest number of systems. In some cases, hackers

Ngày đăng: 02/07/2014, 18:20

TỪ KHÓA LIÊN QUAN