Signal AnalysisSignal Intelligence

Previous page
Table of content
Next page

Signal Analysis/Signal Intelligence

The terms signal analysis and signal intelligence refer to capturing and analyzing electronic signals. Military and governmental agencies have been doing this since the beginning of the electronic age. The purpose of analysis and intelligence is to identify and evaluate the enemy, identify and track communications patterns, and to identify what types of technologies are being used to send them.

This is a game of patience and persistence. People who want to attack your system are also performing analysis and intelligence. They are trying to discover what your communications topology and infrastructure look like, what your critical or sensitive circuits are, and what you use them to do.

Attackers have many tools at their disposal; most of them are relatively easy to use. Your job is to act as a counterintelligence agent and, where possible, prevent them from gaining access to this information.

Your enemy has several common methods to gain intelligence about your network and your potential vulnerabilities. The following sections describe some of these methods.

Footprinting

Footprinting is the process of systematically identifying the network and its security posture. An attacker may be able to gain knowledge of the systems you use, protocols you run, servers you operate, and what additional software is being used by systems such as web servers, mail servers, and the like.

A simple method of footprinting may be to examine the source code of your website. Websites often have plug-ins or options installed that allow entrance into a network using buffer overflows or command processing. Attackers may also be able to gain insights into your business by doing online searches of business records and filings. EDGAR, an online business research website, maintains a database of publicly available information about businesses. Your company's annual report may brag about the new infrastructure that was installed last year. Strategic relationships with business partners may provide intelligence about your business. Similar information can help an attacker infiltrate your system. He can go to Verisign/InterNic and determine the root IP address for your network, as well as obtain contact information to attempt social engineering attacks. In short, anything online or in print is a potential source of information.

An attacker can query DNS servers to determine what types of records are stored about your network. This information might provide insights into the type of e-mail system you are using. Most DNS servers readily provide this information when a proper query is formed.

Individually, none of this information is damaging or discloses much about your business. Taken collectively though, this information may provide key pieces to the jigsaw puzzle that is your organization.

Scanning

Scanning is the process that attackers use to gather information about how your network is configured. They will scan your network and look for paths to systems in your network using programs such as Traceroute. Traceroute can provide a very detailed picture of your network right to the DMZ.

Once an attacker has a general lay of the land in your network, they can then switch to a scan. Scans can start with a simple ping of the systems with addresses near your web server or mail server. If any of these machines respond, the attacker knows that you have ICMP running and, by default, TCP/IP.

Once they know what systems are "alive" in your network, they can systematically attempt to find out what ports are running on these systems. Knowing this, the attacker may try a few simple probes of your system to determine what vulnerabilities might provide an opportunity for attack.

Once the scanning process is complete, the attacker may next choose enumeration.

Enumeration

Enumeration is an attempt to gain information about your network by specifically targeting network resources, users and groups, and applications running on your system. Many programs and hacking kits are available that will automatically attempt to enumerate your network for attackers.

By now, you can see that the signal analysis process, while labor intensive, is relatively easy to accomplish with a little determination on the part of an attacker. This is the main reason why, as a security professional, you must never let your guard down or assume your network is secure.


Previous page
Table of content
Next page
CompTIA Security+ Study Guide. Exam SY0-101
Security+ Study Guide
ISBN: 078214098X
EAN: 2147483647
Year: 2006
Pages: 167
Authors: Michael A. Pastore
BUY ON AMAZON
Beginners Guide to DarkBASIC Game Programming (Premier Press Game Development)
CompTIA Project+ Study Guide: Exam PK0-003
SQL Tips & Techniques (Miscellaneous)
A+ Fast Pass
Professional Java Native Interfaces with SWT/JFace (Programmer to Programmer)
After Effects and Photoshop: Animation and Production Effects for DV and Film, Second Edition
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy