Identifying Your Attacker

Previous page
Table of content
Next page

Identifying Your Attacker

Knowing your enemy is as complicated as knowing yourself maybe even more so. Too often, network administrators know their enemies only through stereotypes of attackers, and like most stereotypes, these are generally not accurate and rely on fear. For example, when you see movies that portray computer crime, more often then not, the penetration of the computer systems involves breaking an encryption key. The movie attacker fiercely pounds at his keyboard to break the encryption key by guessing it, which usually happens within a matter of seconds. Or he quickly writes a program with a well-designed user interface featuring big numbers that crack each character in the encryption key one by one. Although both attacks add drama to these movies, they are not only mathematically absurd and impossible, they also are not an accurate depiction of how networks are attacked. If this is all you know about the people who will attack your network, your network will be compromised.

In reality, breaking an industry-standard encryption key such as the 25-year-old Data Encryption Standard (DES) algorithm takes special hardware, significant computer programming skills, and plenty of time. To prove the insecurity of the DES algorithm, the Electronic Frontier Foundation (EFF) spent more than a year building a computer, using custom-built hardware and software, that could crack a 56-bit DES key. It took three days to crack the key.

You could design and build a network more secure then a government currency vault, but it would take only one computer that does not have the latest service pack installed for an attacker to compromise the network. A computer network looks very different from the attacker s point of view than from your viewpoint, as the defender. For example, you might think applying a security update for a known vulnerability to all but one computer on your network will be successful. To the attacker, this lone computer without the security update is the key to compromising the network.

By understanding (or knowing ) the attacker, you can think like an attacker when designing security for your network. For example, many organizations complete vulnerability assessments on their networks. But you might want to consider training members of your organization s IT staff or hiring external experts to attempt to break into the network from the outside. We describe this process in detail in Chapter 25, Assessing the Security of a Network. In fact, there are those in the field of computer security who boldly assert that you cannot secure a computer network without being able to attack one.

When most people think about attackers, or hackers, they generally think of a know-it-all, 14-year-old boy who wears a black T-shirt every day and is pale as a vampire as a result of all the hours he spends in front of his computer or video game console. Although this stereotypical attacker certainly exists, he represents only a small portion of the attacker population. For convenience, we ll group attackers into two general categories: external attackers (those outside your organization) and internal attackers (those within it).

Understanding External Attackers

The majority of attackers that you hear about in the media work outside the organizations they attack. These attackers include everyone from teenagers to professional hackers employed by governments and rogue nations. In addition to the attackers who are outright malicious, there exist groups of self-styled white hat, or nonmalicious, attackers. Although these attackers might not have malicious intentions, they present significant dangers to networks too. For example, a harmless attacker might break into a network for the challenge, but while attempting to compromise a server, might render it inoperable, resulting in a denial-of-service condition. When examining attackers, it can be helpful to think about the dangers they present in terms of their skill level be it novice, intermediate, or advanced.

Novice Attackers

Novice attackers generally possess only rudimentary programming skills and basic knowledge of the inner workings of operating systems and applications. These attackers represent the majority of attackers. Although this group of attackers might not possess significant skills, they are a threat to networks primarily because of the number of them out there and the knowledge they lack. For example, a novice attacker is much more apt to destroy information (either intentionally or accidentally) even though it will reveal her compromise of the network and quite possibly result in her apprehension. Although secure networks will rarely be compromised by novice attackers, networks that are not vigilantly secured are extremely vulnerable to this type of attacker because of the sheer number of them. Novice attackers exploit known vulnerabilities with tools created by more experienced attackers, and thus are often called script kiddies. They also present a serious threat to obvious security vulnerabilities, such as weak passwords. Novice attackers who are also employees (making them internal attackers) often present the same level of danger as external attackers because they already posses valid network credentials from which they can launch attacks and they have access to network documentation.

Intermediate Attackers

Attackers with intermediate skills are less numerous than novice attackers but generally possess programming skills that enable them to automate attacks and better exploit known vulnerabilities in operating systems and applications. This group of attackers is capable of penetrating most networks if given enough time, but they might not be able to do so without being detected. These attackers frequently port attacks from other operating systems and conduct more sophisticated attacks than novice attackers. Attackers with an intermediate skill level often launch such attacks as an attempt to increase their notoriety or boost their skill level by creating tools to attack networks and publishing information that helps other attackers break into networks.

Advanced Attackers

Attackers with advanced skills usually are not only accomplished programmers but also have experience breaking into networks and applications. These attackers discover vulnerabilities in operating systems and applications and create tools to exploit previously unknown vulnerabilities. Advanced attackers are generally capable of compromising most networks without being detected, unless those networks are extremely secure and have well-established incident response procedures.

Understanding Internal Attackers

Contrary to what you might hear in the media, the majority of attacks on networks are conducted by attackers who have company badges in other words, your fellow employees. Attackers who are employees of the organization they re attacking present a unique danger to networks for several reasons. Such attackers have the following in their favor:

  • Higher levels of trust

  • Physical access to network resources

  • Human resources protections

Higher Levels of Trust

Almost all networks place a much higher level of trust in users and computers accessing resources on the local area network (LAN) than on publicly available network resources, such as servers connected to the Internet. Many networks allow authentication methods and unencrypted data transmissions on LANs that they would never consider using on the Internet. It is also much easier for attackers to enumerate information about the configuration of computers and applications when they have valid credentials on the network. Employees have valid credentials to the network, which also gives them greater initial access to network resources than external attackers might initially have. It can be very difficult to discern whether an employee is using her credentials legitimately or illegitimately especially when she is a network administrator.

Physical Access to Network Resources

Employees have much greater physical access to network resources namely, the computers of their coworkers. In general, when an attacker has physical control of a computer, that computer can no longer be protected from the attacker; rather, it is only a matter of time and computing power before the attacker can recover all data on the computer. Similarly, employees have much greater access to documentation on the network, which can be a critical resource for attacking it.

Human Resources Protections

Employees, even those who attack network resources, are often protected by employment laws and HR policies that can greatly hinder their employer from detecting them or preventing them from doing further damage once detected. For example, local laws might prohibit an organization from inspecting the Internet usage of its employees without a court order. An employee could take advantage of this by attacking internal Web resources.


Previous page
Table of content
Next page
Microsoft Windows Security Resource Kit
Microsoft Windows Security Resource Kit
ISBN: 0735621748
EAN: 2147483647
Year: 2003
Pages: 189
Authors: Ben Smith, Brian Komar
BUY ON AMAZON
VBScript Programmers Reference
Cisco IP Communications Express: CallManager Express with Cisco Unity Express
Data Structures and Algorithms in Java
Special Edition Using Crystal Reports 10
Junos Cookbook (Cookbooks (OReilly))
.NET-A Complete Development Cycle
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy