Hacking techniques are often utilized by our foreign adversaries.
These skills and techniques are the same used by freelance hackers. So, how do we protect our system against these attacks?
How do hackers break in?
Unlike in movies where hackers break into a computer in minutes with only a few key strokes...
hacking deep enough into a computer to take control of it might take days or weeks.
Hackers follow a set of procedures that are designed to pry open a crack wider and wider with each step.
01
Footprint Analysis
Sophisticated hackers perform a footprint analyses of the intended target by using publicly available information...
such as size, subsidiaries, and vendors that might have access to the target’s computers.
Scan Computer Ports
Using readily available hacking software, hackers scan the target’s computer ports for potential break-in points.
Remember ports from an earlier module?
Ports are numbers used to identify different services the computer provides, such as email and web browsers.
02
- Port 25 Email
- Port 80 HTTP
- Port 443 HTTPS
Based on the feedback, hackers create a map of the ports and their relationships to each other.
Hackers use this to try to identify the types of file transfer and email the system uses by sending random data to the ports.
Many port services respond to data with a banner that identifies the software that’s using the port.
Hackers look up the software in online databases that list the software’s vulnerabilities.
Some ports yield real pay dirt in the forms of usernames and dates that passwords changed.
Gain Access
To gain access to the target system, hackers have two approaches.
Low-Tech Target Method System
The Low-tech method
involves contacting employees to trick them into revealing their passwords.
01
Hackers may call pretending to be part of the IT help team.
Brute Force Attack
But in our environment, the method used is Brute Force Attack
02
Hackers use a hacking program to try to log onto the system with the usernames acquired.
When the system
asks for a password...
the program responds with a word from a list of likely passwords (e.g. opensesame, or 12345).
The program repeats the process until the list is exhausted, it chances upon the right password...
or the host locks the user out
for too many failed attempts.
After hackers have entered the system with the
user-level privilege, they look for passwords of high-level users that grant greater access to the system.
Upload Trojans
Finally with access to the most secret ranges of the network,
hackers upload trojan programs to one...
or more of the computers on the network.
These programs appear to the human eye or a virus scanner to be ordinary, harmless files.
In actuality, they
are programs that open a backdoor
through which the hacker may now enter the network at will.
How do we protect our systems against these attackers?
Though security can be complex and overlap in many areas... let’s categorize security in three layers:
- Firewalls for your hardware
- Firewalls
and Antivirus Programs for your O/S - Encryption for your applications
Remember, it’s not enough to simply deploy these protocols; they must be maintained and remain in compliance to ensure that risks are managed.
Firewalls offer protection for both the Hardware and O/S.
In the case of the hardware, this functionality is built into the internet router.
Both types are designed to block a hacker’s attempts to break into a computer or network.
A Firewall Manager sets up rules the firewall uses to filter unwanted intrusions from the internet
The wall shuts any non-essential ports a hacker might probe for openings.
The firewall manager might block all inbound traffic except for email or data that someone inside the firewall has requested.
Packet Filtering
Packet Filtering is one technique, among many, for implementing security firewalls.
Data such as email, web pages, and graphics travel over the internet and into a computer in the form of packets, or small chunks of data, that include addressing information about where the data originated and where it’s bound.
A packet is very much like a letter in an envelope.
The data is the actual letter sealed inside the envelope and only can be accessed by those who are authorized to see it.
Meanwhile, the address on the outside of the envelope is viewable by everyone.
Otherwise, how would the post office know where to send the letter?
The packet filter is the postal worker.
It examines the packet’s addressing...
and if the outbound address of the data is on a list of banned internet locations, the firewall blocks it.
However, the packet filter does not open the packet and read the data held within.
All traffic in or out of the network goes through a file server called a Proxy
located outside the firewall.
01
The server examines all data based on the packet filtering rules and only forwards packets that obey the rules.
If a dangerous transmission manages to sneak past the filters...
the proxy intercepts to protect the network.
02
The firewall inspects the packet.
If suspicious activity is detected,
it sends an alert in the form of a pop-up window or email to notify the computer’s user or network manager that someone might have tried to break in.
Antivirus, or antivirus software
Antivirus, or antivirus software, sometimes known as anti-malware software, is computer software used to prevent, detect, and remove malicious software.
Antivirus software was originally developed to detect and remove computer viruses, hence the name.
However, with the proliferation of other kinds of malware, antivirus software started to provide protection from other computer threats.
In particular, modern antivirus software can also protect from many types of malicious code.
Zero-day threats are attacks that use an unknown exploit/attack for which no patch or antivirus
definition file exists yet.
01
To mitigate the risk of a zero-day, administrators ensure that all patches are up to date to limit the scope of a potential attack.
02
The second option is to use a good antivirus solution.
A zero-day attack does not become public knowledge for a period of time...
and during that period, the antivirus program will not detect any file containing this specific vulnerability by using standard pattern analysis techniques.
Antivirus software runs in the background on your computer, checking every file you open.
When you double-click an EXE file, it may seem like the program launches immediately, but it doesn’t.
Your antivirus software checks the program first,
comparing it to known viruses, worms, and other types of malware.
Antivirus programs also scan other types of files that can contain viruses.
For example:
- a .zip archive file may contain
compressed viruses - a Word document can contain a
malicious macro
Antivirus software scans files whenever they’re used.
If you download an EXE file,
it will be scanned immediately, before you even open it.
Encryption
Encryption provides protection for data susceptible to eavesdropping attacks, password crackers, or manipulation.
Almost every company has transactions...
which, if viewed by an eavesdropper, could have negative consequences.
Encryption ensures that when sensitive data passes over a medium susceptible to eavesdropping, it cannot be altered or observed.
Decryption is necessary when the data reaches the router or other termination device on the far-reaching Local Area Network (LAN) where the destination host resides.
Most encryption algorithms can be broken, and the information can be revealed, if the attacker has enough time, desire, and resources.
A realistic goal of encryption is to make obtaining the information too work-intensive to be worth it to the attacker.
Cybersecurity
101
Knowledge Check Module 3
Directions
Use your knowledge of the protection protocols and their associated layers to select the best answer. Then click the arrow for the next question.