Education, retraining and job opportunities for EVERYBODY in the Armed Forces

   Home

   Resettlement

   Civilian Jobs

   ERB

   Fact File

   Boss
   Recruitment

   Courses 4
   Forces

   Contact Us

   Links


Click here now.... Click here now.... Click here now.... Click here now.... Get a job now!

Hacking in progress ...

(October 2004)

The set-up
Ryan has been a hacker since his undergraduate days when a cryptography course started his interest in network security. Now 28, he enjoys the analysis of computer systems, decomposing them and figuring out how they work.

This evening’s work is agreed and paid for by the targeted company. Ryan is an ethical hacker, a security consultant for Gateway IT Services Ltd, and tonight he is conducting a penetration test on an international business-consulting firm with 10 servers and more than 150 desktops.

The scene is the third-floor conference room of a building in a suburban office park on a hot and humid July night. Seated around the conference table with the hacker are one of the company’s directors and the IT manager. A projector displays the notebook screen on the wall.

The hack
Ryan’s notebook holds the tools of his trade, such as a network-protocol analyser named Ethereal and a tool called NetStumbler, which is used to find wireless networks. ‘It’s standard issue,’ he says.

He starts with Google. ‘Great for researching a company. You can often catch information about the corporate domains and find interesting things that reference other sites that the company may be connected to.’ Another favourite place for pre-attack recce, is a company’s ads for IT jobs. ‘You find out what kind of software and systems they run from the skills and experience they’re seeking.’ Another tactic is scanning Internet message boards on financial sites for sites set up by ex-employees. ‘There’s lots of information, easily found if you just go and look for it.’

This time, Google turns up nothing. Next, a look at the company’s domain name to see what is at Whois.net. ‘I’m looking for targets,’ he says. The Whois search reveals a contact name and a pair of domain servers.

The director is surprised that domain-server information is so easily accessible. Ryan launches Nmap (Network Mapper), and begins sweeping using IP packets to see what operating systems the network is running, what servers are connected to it, what services and ports are available, even whether packet filters and firewalls are in place.

Ryan avoids alerting intrusion-detection systems. He finds a local server with an open port. Netcat – a network-analysis tool – works out that the server is a Lotus Domino Server. Ryan finds two web servers, as well.

Next, he runs Nikto, a free tool for scanning web servers for vulnerabilities. ‘We found a new host name; another potential target,’ he says.

Files in the Domino database lead to Lotus MTA routing tables that ‘show how the system routes mail’. Ryan pauses after accessing a file called names.nsf. Suddenly, the company’s directory splashes on the screen. He scrolls up and down, reading addresses and contact information for everyone in the company.

‘That’s my home address!’ says the director. Ryan downloads user IDs; this includes those of the entire management team. ‘I could have total e-mail access in a matter of hours or days,’ Ryan says. ‘Since they can be copied, you can attack them offline all day until you crack one.’

Now Ryan fires up Nessus – another free security tool. The IT manager tells the hacker that systems are patched regularly – a good step toward secure systems.

Ryan returns to a server that prompts him with an invalid digital certificate. ‘A hacker could craft a digital certificate that resembled the certificate users are used to signing.’ Now he focuses on another server. A few commands lead to a logon screen for a remote terminal, used to make system changes without sitting at the terminal. The IT manager challenges Ryan: ‘You’ll never guess that password.’

After several failed attempts Ryan agrees, but explains that these systems often do not record failed logon attempts. ‘I can grind against this for ever, and you wouldn’t know. Again, it’s just a matter of time,’ he says. ‘And once inside, it’s like walking into the data centre and physically sitting at the server.’

By the end of the evening, the director is surprised at how far Ryan was able to intrude into the network, and what could have happened, given more time. The IT manager knows that work lies ahead. ‘I thought I was going to be off this weekend,’ he says.

Afterword
A few days after the assessment, the director has changed her password. ‘It was the initials of my kids,’ she says. ‘I now take password security seriously, and I’ll use stronger passwords and change them more frequently from now on.’

Password security is not the only thing that will change. ‘We’re a growing company, and it’s clear we have to get better security policies in place,’ she says. Regular security assessments will be part of the company’s routine in future.

Gateway IT Services Ltd provides training in advanced security and counter-hacking – www.gatewayit.co.uk

 

 
Related Topics
Computing & IT
  • Computing and Information Technology Jun 08
  • Computing and Information Technology - Case Studies Jun 08
  • Computing and information technology Mar 08
  • Telecommunications Dec 07
  • Computing and information technology Oct 07
  • Telecommunications Aug 07
  • Computing and Information Technology Jun 07
    •  
    More articles on Computing & IT



    Search Questonline: