Chapter 12. A Hacker s Walk Through the Network

Chapter 12. A Hacker's Walk Through the Network

Asking a network administrator to secure a network when they can't monitor its activity is like asking a mechanic to work on the engine of a car without opening the hood.

Marcus Ranum, Founder Network Flight Recorder

Just imagine that you are on the board of directors of an immense Fortune 500 company. (Nice daydream so far, isn't it?) It's Monday morning and you're at your favorite coffee shop, starting to scan the morning paper and enjoying your flavored coffee of the week. But wait. Halfway through a pleasant notion about taking a vacation in the French Riviera, today's headline lashes out. "Fortune 500 Firm Devastated by Hacker!" Alas, it's not just any Fortune 500 firm, it's yours!

The article explains that your company was forced to cut off the intranet from all outside access in an effort to stop a hacker from sabotaging the company's new product line. Five minutes ago, you were leisurely considering cashing in a few stock options for a frivolous vacation. Now you're wondering how much (not whether!) that stock will plummet today as the market leaders finish scanning the headlines. Even worse, you're wondering whether the code for the new product line has already been stolen or destroyed. Could the company survive that? Or will you spend that vacation time updating your resume?

Sound a little unrealistic? It's not. Information systems are under attack all the time. The perpetrators include internal users, external users, competitors, and terrorists name your poison. There's even variety in the mechanisms. A 2002 CSI survey found that attacks included denial of service, spoofing, data sabotage, and information theft. Affected companies were also targeted from all angles: outsiders, insiders, and a few in-betweens (former consultants, downsized employees, and so on).

The funny thing about statistics, of course, is that they always relate things that are happening to other people's networks. Your network, however, could be every bit as vulnerable. If you don't have the right mechanisms in place to prevent, detect, and audit systems on your network, you could be under attack right now and not even know it.

I've added this chapter to demonstrate the risk to data once a hacker enters just one system on a corporate intranet. This chapter does not tell you how to go about breaking into computer systems. Sad to say, there are already more than enough sources that will give you that information. What this chapter shows you is how the hacker goes about looking for information once he's in. It shows you how he finds access to other systems. It also demonstrates how he goes about gathering passwords.