Computer Systems

Computer systems give out an amazing amount of unnecessary information about the services they provide and the versions of the software they are running. Systems which participate in cooperative networks are especially likely to release information. These systems which openly share resources have to supply a large amount of information to identify the resources being shared and the systems which use the resources.

System Information

Numerous commands freely announce information about themselves as well as about the system on which they are running. They often announce their revision and the versions of the operating system. This is very valuable information to the hacker. There is no reason that users' login names need to be public information. Making them public gives away half your system's primary protection ” login and password security.

With many versions of UNIX systems and other emerging multi-tasking desktop operating systems, a skilled hacker will want to know what type of hardware and software are on the target system so he can design an attack plan and focus on those systems that he will most easily be able to conquer. The hacker-wanna-be, whose only skill in attacking a system is using tools written by someone else, will need to know what type of system his target is so he will know which tools to use.

Many programs on the system will give information to users who are not yet authenticated. Most login connections will announce the system's name and operating system revision unless configured not to.

User Information

A user's login name and password are items that the user is expected to keep confidential. In fact, it is these two pieces of information which are your primary defense against intruders.

A company has its own need to associate real people to user names on a system. However, there is no reason for this information to be available to anyone other than system administrators. Knowing a person's name, telephone number, title, and so on, gives a hacker a wealth of information that can be used for programmatic attacks, such as password guessing, or for social engineering. The more a social engineer knows about his victim, the more likely he is to successfully get his victim to believe his story and give him the information that he wants.

Application Information

Announcing what the system does helps the hacker locate the system that is most likely to have the information he is looking for. Even valid users should not need to know what system runs what application. The valid user should access the application from a menu structure that references only the application and not the system. This also gives the company the freedom to move an application from one machine to another or to use different machines in different departments for the same application without having to have different user instructions in different departments or having to notify all the users when a change occurs.

Over the Network

Even with these simple network connections, a hacker can use them to gather information and gain access to systems, even if all he has is a telnet connection. He may be able to make more than telnet connections to other systems. There are a number of network services that use simple character-based commands.

• Banner scanning is the process of sending connection requests to service ports on the system to evaluate the response for information about the type and version of the system and software.

• Network profiling is the process of identifying a system by how it responds to specifically formed TCP/IP packets. Since there are variations in the interpretation and implementation of the standards, there are differences in how systems respond. As a result, fine details exist in any particular implementation of a standard that may uniquely identify the vendor. By sending probes and looking at the results, hackers can determine which operating system is responding.