Most system breaches have as their initial stage the gathering of information as well as the testing of the network security system. Of course, not if you removed a "super" program from the Net that "just press a button" to break the provider's system. In this case, you are just another "script-kiddie" from the huge army of lamers who grow up seeing with their eyes ...
NOTE: To some it may seem that everything described below is very similar to "hacking activity", I say that there are only some ways to detect the weaknesses of the security of your own system. Under no circumstances do I assume responsibility for how this information will be used.
The purpose and motivations of auditing a system.
Auditing the security of your system takes into account the practical testing of how a system is vulnerable to the attempts of a burglar.
It's like I hear some people say, "Do we really need it?" Yes, you must. Why? I will try to present some reasons:
- there is at least one hacker per 100 users.
- if you have a business, it doesn't matter, big / small, or even if you are connected to the Net from home, just the fact that you are connected to the Net will increase the chances of being "visited" by a hacker.
- The problems that appear after the infiltration of a hacker can be immediate and with serious consequences so Denial of Service. They can also have long-term effects due to subtle changes in databases or web page content.
you have the opportunity to see in practice what you are capable of, in terms of administering and maintaining a system.
That would be the motivation.
The purposes of the audit would be to detect system vulnerabilities, as well as security holes. It should also be determined whether unnecessary or outdated services are running on the system, which always raises the vulnerability of the system.
How a hacker acts.
In order to have a secure system, we need to know what actions we are defending against, right? The working methods of a hacker are:
Host scanning. The method of discovering computers on the network will scan a number of Internet addresses and, if a response is received, it means that there are systems that have those addresses configured, so they will try to attack them.
Port scanning. The open ports of the applications will be scanned in order to be identified, and they will be exploited to obtain access to the respective system.
DoS - aims to prevent access to the system to authorized persons, change the parameters or configuration of the system, block services, until damaging the system. More details - here.
System security audit modalities.
The main idea of ??the audit would be to simulate the methods used by hackers on the system you are testing and to study the effects that these simulations had.
Pentru aceasta, incercati mai intai metodele de Denial of Service descrise la capitolele:
Metodele de atac intern si Metodele de atac extern. Exista posibilitatea ca sistemul dvs sa reactioneze pe departe normal, insa in acest caz veti sti unde sunt punctele slabe ale sistemului si veti avea posibilitatea de a incerca o eventuala coractare a erorilor.
Check in the /etc/inetd.conf file if you are not running services and applications that are not needed. To close a specific service, comment on it by putting the "#" symbol at the beginning of the line. If you intend to provide access to your computer to other users over the network or the Internet, do not use telnet because the data is transmitted in text format via telnet. A good alternative would be to use SSH (secure shell) which encrypts the data before sending it, thus making the sniffers powerless.
Search for the / etc / passwd and / etc / shadow files if no new users have appeared, especially with the UID and GID equal to 0 (ie with absolute rights.)
Other methods would be to scan ports with different port scanners. But about these in the next chapter.
There are various security audit utilities such as:
SATAN (Security Administration Tool for Analyzing Networks) - a program that tries different methods of attacking the system and communicates about the detected vulnerabilities. It is one of the first programs in this series.
SAINT (I have no idea about despair) - is a commercial program that does the same things as SATAN.
Nessus - the latest achievement in the field. Indicates the vulnerabilities in the system, as well as the ways to solve them.
All these programs, as well as links to other similar programs can be found at:
So port scanning. There is no attack that did not have the initial phase of scanning the ports. As I said before, the purpose of a scan would be to identify the open ports of the applications, which will be exploited to gain access to that system.
One of the best port-scanners at the moment is nmap (Network Exploration Tool and Security Scanner). Nmap does three things:
- determine if a certain host is "alive" by ping;
- scans the host ports to determine if there are services waiting to connect.
Ports will be reflected in three states:
OPEN - if the port is open and accepts connection;
FILTERED - if the port is covered by firewall, filter or other detection utility does not allow nmp to determine the status of the port;
UNFILTERED - the port is closed and not covered by any utility;
tries to determine which operating system is running the scanned system;
For those of you who are interested in this scanner, keep in mind that using it on systems other than your own could be considered "hacker activity" so ... it remains your responsibility.
Another scanner that I'm sure you've heard of is SATAN (Security Administrating Tool for Analyzing Networks).
Until the advent of nmap, it was the most common type of scanner.
- What is your reaction?
- powered by Verysign
- powered by Verysign