SYSTEM TESTING

 < Day Day Up > 



It seems you can’t open a newspaper or listen to the news these days without learning that yet another company’s network has been broken in to. The Anna Kournikova worm and the “I Love You” virus are just two of the most notorious recent examples; the truth is that resilient new viral strains are popping up every day. Even worse, thanks to the advent of always-on DSL, ISDN, and cable modem connections, security breaches that were once limited to large corporations or government facilities are now finding their way into your homes as well.

Is your network vulnerable? If you do business on the Web or maintain a connection to an outside network, chances are that the answer is yes. Fortunately, it’s not hard to decrease the odds of attack or intrusion. Statistics show that more than 80% of successful hacks occur because Web technicians fail to install patches for known and publicized bugs. In other words, a little effort can go a long way toward securing your network.

DNS: The Good, the Bad, the Ugly

If you’ve ever used a URL to represent an IP address, you’ve used DNS—a distributed database that provides translation capabilities between domain names and IP addresses. DNS also provides a standard Internet mechanism for storing and accessing other types of data, such as MX (mail exchange) records.

The Internet couldn’t operate without DNS, but the service is also rife with holes, especially on Unix implementations that use the BIND (Berkeley Internet Name Domain) variant of DNS. Designed to be a robust, stable system on which to build a sound organizational naming architecture, BIND (especially in its earliest versions) is unfortunately notorious for its vulnerabilities. In fact, the Computer Emergency Response Team (CERT), a federally funded security research and development center operated by Carnegie Mellon University, has declared that all BIND releases prior to Version 8.2.3 are likely to contain hazardous security holes.

To make matters worse, network intrusion programs that automatically scan networks and query corporate DNS servers looking for holes are becoming increasingly available to hackers, who use these programs to test a system’s locks the way a traditional burglar might jiggle a doorknob. These programs, which can be found on most hacker or “cracker” Web sites, require little technical skill.

Once compromised, the DNS server can be used to launch disturbances such as distributed DoS (denial of service) attacks to disrupt your business. Thankfully, all it takes is a bit of housekeeping to reduce your chances of becoming a victim. First, if yours is one of the many companies that runs outdated DNS software, an upgrade is definitely in order. Install the latest version of your DNS software immediately.

Your next step should be to limit your access to port 53 (the DNS port) on your firewalls. Although User Datagram Protocol (UDP) packets are required for requests to and from the Internet DNS, your network’s TCP transport layer should be locked down except in cases when it’s absolutely required, such as on primary and secondary servers at opposite sides of the firewall.

Services and File Sharing

Although services and file sharing capabilities are available on both Windows and Unix, Windows computers receive the brunt of file sharing attacks from Trojan horses and share compromises. Many network administrators use share services to make data access more convenient. But hackers will often compromise healthy machines by installing backdoor programs that register themselves as share services when users start their systems. These shares can then be run from any client machine with “log-on as service” rights.

To prevent unauthorized access through your network services, identify and remove all services that are not absolutely necessary. Doing so will also improve network performance. The same rule applies to new services, especially those that begin automatically at system startup. Nothing extraneous should ever be put into use.

File shares present another potential vulnerability to your network because, when improperly configured, they can expose critical system files or even give full file system access to any party that is able to connect to your network. Because Windows’ file-sharing service uses NetBIOS, the same mechanism that permits file sharing can also be used to retrieve sensitive system information, such as user names, configuration information, and certain registry keys, via a “null session” connection to the NetBIOS Session Service. Information can then be leveraged to allow password guessing or a brute-force password attack against the Windows NT target.

Again, your best defense is diligence. Don’t share files indiscriminately, and when you have no other choice, be sure to share only the files that absolutely must be shared. Granted, it’s much easier to share an entire directory or forbid an entire drive, but the extra effort necessary to provide more granular access privileges will be well worth it.

No Such Thing as a Sure Thing

Bear in mind that, no matter how carefully you secure your network, dedicated hackers will always find a way to get in. Even security experts readily admit that firewalls and antivirus procedures can offer only casual, “business as usual” protection. Malicious hackers have gone so far as to bribe insiders to steal corporate data. There’s no way to secure your network against those kinds of attacks. On the other hand, casual hacking attempts present the greatest danger, if only because they’re far more common. Any protection is better than no protection.



 < Day Day Up > 



Computer Forensics. Computer Crime Scene Investigation
Computer Forensics: Computer Crime Scene Investigation (With CD-ROM) (Networking Series)
ISBN: 1584500182
EAN: 2147483647
Year: 2002
Pages: 263
Authors: John R. Vacca

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net