Attacking Hosts


After gaining access to your WLAN by attacking the access point, or worse, by simply connecting to it because you’ve failed to secure it properly, a cracker has free reign and can use your Internet connection, or attack your computers directly.

Many home users fail to secure computers on their home network adequately. They often take steps to protect their networks from attacks that originate from the Internet, by adding a firewall to their Internet connection (see Figure 5-1), but installing a WLAN gives crackers another avenue of access.

click to expand
Figure 5-1: Protecting a network from Internet attacks with a firewall

By attacking your computers via your WLAN, a cracker is essentially coming in the back door and bypassing the security you’ve set up to keep Internet crackers out; at this point, the cracker can use many attacks that also work on Ethernet networks. Only the network medium has changed, not the vulnerabilities of the devices that are connected to it.

The first step a cracker can take is to use a TCP/IP port scanner to identify hosts on your network, and determine which avenues of attack are open. A port scanner is a software application that attempts to contact computers via a range of IP addresses. The cracker knows the IP address range, or subnet range, of your WLAN. The cracker discovered this by identifying default IP settings that you may have failed to change, by connecting to your WLAN via DHCP, or by sniffing your network.

Cross-Reference 

Chapter 11 addresses securing your WLAN, changing default settings, and identifies problems with DHCP. Chapter 4 introduced network sniffing. Chapter 2 discusses IP addresses, and introduces DHCP.

Computers using TCP/IP assign numbers to certain services or ports. Computers use these port numbers when connecting to a service on another machine. For example, when you request a Web page via your Internet browser, your browser connects to the Hypertext Transfer Protocol (HTTP) port on the remote Web server, also known as port 80.

Common port numbers range from 0 to 1023, major services like file transfer protocol (FTP, port 20), and Simple Mail Transfer Protocol (SMTP, port 25) for outgoing mail are common ports. Internet applications can also use ports numbered from 1024 through 49151.

Using the default address range the cracker configures the port scanner to scan these addresses. For example, if your IP address range were 192.168.0.1 thru 192.168.0.254, the cracker would scan all of the addresses in that range to discover computers on your network.

A port scanner sends data packets to each IP address in the range, waits for a response, and records the results. If a computer responds to a port scanner, the cracker knows that there is a host at that address, and depending on the scanning software and technique, can determine the computer’s operating system and identify vulnerabilities.

A cracker can use a port scanner to determine if a specific service is running on the target computer. If the cracker wanted to determine if the target was running a Web server, the port scanner would attempt to connect to port 80 and listen for a reply. If there were Web server software running, it would reply and the cracker would then know the application name and version number.

Port scanners are available online, and many of them are free. The most effective way to defeat this cracker reconnaissance technique is to install a personal firewall on your computer. A personal firewall will prevent a port scanner from communicating with ports on your computer. This is often called stealth mode. In stealth mode, attempts to port scan your computer go unanswered, making it appear to a port scanner that there is no computer at that IP address.

Cross-Reference 

For more information about personal firewalls, please read Chapter 11 in this book.

On The Web 

Once you’ve installed a personal firewall, you can test its effectiveness by visiting www.grc.com and running the ShieldsUP! utility. This will scan the ports on your computer, inform you of the results, and make suggestions for improving your security.

The computer you are testing needs to be connected directly to the Internet. If you are sharing an Internet connection among several computers, the broadband router or connection sharing software you are using will prevent ShieldsUp! from testing your computer.

You can also run ShieldsUp! before you install your personal firewall, just to see how vulnerable you are.

Using OS weaknesses

One avenue that a cracker can use when attacking your computer is to attempt to exploit vulnerabilities in your computer’s operating system. Vulnerabilities arise due to software bugs, or design errors that may allow a cracker to crash or take control of a machine.

Every OS has its share of problems, but Microsoft Windows has more known vulnerabilities than most other operating systems. In part, this is due to the large number of computers running Windows operating systems of some sort. Some estimates put this number at over 94 percent of the home computer market.

A large installed user base makes Windows the prime target for crackers and security researchers who expend plenty of effort finding security holes in it. Crackers want more bang-for-their-buck, and discovering and exploiting security holes in Windows gets them plenty of attention. Security researchers recognize this and attempt to find and close holes before crackers do.

A portion of the problem with Windows vulnerabilities is attributable to Microsoft’s poor track record with security issues. Until recent years, the company did little to secure their products, and placed most of the emphasis on usability and quick delivery. The result was that many Microsoft products shipped with plenty of existing security problems. However, this is changing and Microsoft is placing greater emphasis on security issues and proactively identifying security holes in its products and addressing them quickly.

Microsoft closes security holes in its products by releasing software patches that users can download and install. These patches update the portion of Windows affected by the security problem, correcting the issue and securing the system.

On The Web 

To check if your Windows computer is patched, and up to date visit http://v4.windowsupdate.microsoft.com/en/default.asp.

In order to make sure that your system is up to date and secure, you should enable Windows Update. Windows Update will automatically check for new patches and alert you when they are available. You can even configure Windows Update to download and install patches automatically.

Cross-Reference 

Chapter 11 details securing Windows XP and provides instructions for activating Windows Update.

Note 

If you would like to receive timely information regarding security matters that affect Microsoft’s products, you can sign up for the Microsoft Security Update e-mail alerts at www.microsoft.com/security/bulletins/alerts.mspx. There are two levels of alert that you can choose from. The Microsoft Security Update e-mail alerts are aimed at home users, and the Microsoft Security Notification Service provides more technical information geared toward advanced users and IT professionals.

Another vulnerability related to Windows XP Home Edition is Simple File Sharing. Simple File Sharing allows you to share files and folders with other people on your WLAN. Unfortunately, Simple File Sharing provides no access control whatsoever, so anyone connected to your network can access your shared files and folders. If a cracker can connect to your WLAN and browse, then the cracker can access your shares and you would never even know.

Unlike previous versions of Windows, you can’t even assign a password to protect a share. Only Windows XP Professional Edition provides access controls for shared folders. However, there is one thing you can do to protect your shares: You must assign a password to the guest account.

Windows XP uses the guest account to manage connections to your shares and your computer. Windows gives you the option of turning off the guest account, but this doesn’t solve the problem, because the account remains active. Windows can’t completely disable the guest account; it’s integral to too many networking functions.

However, if Windows uses the guest account for Simple File Sharing, you should be able to assign a password to that account and by default, protect shared files and folders, as well as shared printers, from unauthorized use.

Unfortunately, Windows doesn’t allow users to assign a password to the guest account via the User Accounts control panel (see Figure 5-2). To do this you’ll have to enter the password through the command line interface.

click to expand
Figure 5-2: The User Accounts control panel

STEPS: Assigning a password to the Windows XP Guest account

  1. Click on the Start button. The Start Menu appears.

  2. From the Start Menu, choose Run. A small Run window opens (see Figure 5-3)


    Figure 5-3: The Run dialog box

  3. In the Run window, type CMD and click OK. A command window appears.

  4. In the command window, type net user guest “password” as shown in Figure 5-4. Replace “password” with your chosen password, and do not include the quotation marks.

    click to expand
    Figure 5-4: The command window

  5. Press the enter key. Now, whenever anyone attempts to connect to your shared resources and folders they’ll be prompted for a password.

Using known security issues

Another avenue of attack is for the cracker to exploit known security issues in applications and devices. Like OS vulnerabilities, these security issues exist due to design flaws, software bugs, or through unexpected results arising from the integration of different software products.

By some estimates almost 90 percent of computer security incidents result from an exploit of a known security issue. That is, an issue that was publicized and that a vendor corrected via a patch, and yet many people failed to apply the patch and fix their own systems.

Manufacturers, researchers, and crackers regularly discover new vulnerabilities. Manufacturers and software developers release patches to correct these problems when possible, but unlike Windows OS patches, there isn’t a simple automated way for a home user to collect all of these updates and install them.

Many software developers and hardware manufacturers offer security or patch bulletins delivered via e-mail. Like Microsoft’s security update e-mails, these alerts notify you when a company has identified a security issue and has released a patch or devised a workaround. If a developer offers e-mail updates and bulletins consider subscribing.

Caution 

No company ever sends its customers patches via e-mail. If you receive an e-mail that directs you to install an attached patch, delete it even if it appears to be from your software’s developer.

This is a common ploy that crackers use to get unsuspecting computer users to install malicious software. You can be sure that the patch attached to the e-mail is dangerous software designed to take over, damage, or spy on your computer.

Some software applications have automated update features, and when possible you should use them. This is a common feature in many security products, such as antivirus software. Symantec’s Norton Antivirus, has a live update feature that not only downloads new virus information, it also keeps the application current, and will alert when upgrades and patches are available (see Figure 5-5).

click to expand
Figure 5-5: Configuring the Norton Antivirus live update feature

Cross-Reference 

For more information about viruses and antivirus software, please refer to Chapter 7.

If your software doesn’t have an automated update feature at all, or if it has this feature but it doesn’t support patching the application itself, you’ll have to locate and download your patches manually, which can be a time-consuming task requiring a great deal of vigilance to keep your systems secure.

Unfortunately, there aren’t too many security sites that are aimed at the average home user. However, I can recommend two Web sites that you can use to research patches and vulnerabilities for your applications and devices. These are:

  • www.securityfocus.com

  • www.cert.org

Security Focus is a respected security site that hosts one of the most comprehensive databases of vulnerabilities available. You can search by device, application, operating system, and vendor. Using this database you can research security issues related to your devices and software.

Security Focus also offers quite a few security-related newsletters and mailing lists. While most of these are geared toward IT professionals, there are a couple of lists that you may find useful, including a Windows-specific security newsletter.

On The Web 

Visit www.securityfocus.com/newsletters if you would like to subscribe to Security Focus newsletters.

The Computer Emergency Response Team (CERT) Coordination Center also keeps a database of vulnerabilities and incidents, as well as a host of other useful information. CERT also has some useful security information available for home users.

On The Web 

For more information, visit the CERT Coordination Center at www.cert.org.

As you download and install patches, it’s helpful to keep a record of your patch history, so that if you ever need to reinstall an application, or you suddenly start having problems you’ll have a record of what patches you’ve installed.

On The Web 

CERT offers a helpful patch checklist available as a PDF download at www.cert.org/homeusers/HomeComputerSecurity/checklists/checklist2.pdf.

Check for new patches often, including whenever you purchase or download a new application. It’s a good idea to go to the developer’s Web site and check that you have the most up-to-date version. A lot can happen between the time the software is produced and the day that you purchase it. It may have been sitting on a shelf for months, and in that time, the developer may have released several patches.




Caution. Wireless Networking. Preventing a Data Disaster
Caution! Wireless Networking: Preventing a Data Disaster
ISBN: 076457213X
EAN: 2147483647
Year: 2003
Pages: 145

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net