An intrusion can be defined as an attempt to break into or misuse a computer system. The word "misuse" is broad, and can mean something as severe as stealing confidential data, or something as minor as misusing your email system for spam. In any event, no intrusion is innocent and no intrusion is benign. There is no silver bullet available out there that will totally secure our networks and systems. The only thing we can do as IT professionals is to make sure that all of the doors are locked, that the alarm is turned on, and to educate ourselves on what to look for.
Attacker Profiles :
There are two words to describe people who are trying to get into systems and networks: hacker and attacker. A hacker is a generic term for a person who likes getting into things. The benign hacker is the person who likes to get into his/her own computer and understand how it works. The malicious hacker is the person who likes getting into other people's systems. The benign hackers wish that the media would stop bad-mouthing all hackers and use the term 'attacker' instead. Unfortunately, this is not likely to happen. In any event, the word used to denote anybody trying to get into your system in this paper is 'attacker'. “Script Kiddie” is a term used to describe a class of attacker who does not have sophisticated technical knowledge, but rather simply has a collection of tools created by advanced hackers, and the basic knowledge to use these tools to perform an attack.
There are two words to describe people who are trying to get into systems and networks: hacker and attacker. A hacker is a generic term for a person who likes getting into things. The benign hacker is the person who likes to get into his/her own computer and understand how it works. The malicious hacker is the person who likes getting into other people's systems. The benign hackers wish that the media would stop bad-mouthing all hackers and use the term 'attacker' instead. Unfortunately, this is not likely to happen. In any event, the word used to denote anybody trying to get into your system in this paper is 'attacker'. “Script Kiddie” is a term used to describe a class of attacker who does not have sophisticated technical knowledge, but rather simply has a collection of tools created by advanced hackers, and the basic knowledge to use these tools to perform an attack.
Attackers can be classified into two categories :
Insiders –
These are attackers who have legitimate reasons to use/access your internal network. These include users who misuse privileges or who impersonate higher privileged users. According to a frequently quoted statistic, insiders commit 80% of security breaches. An insider is usually motivated by greed (cases of embezzlement or fraud) or revenge (disgruntled employees or former employees).
Outsiders –
These attackers from outside your network attempt to attack your external presence by defacing web servers, forwarding spam through e-mail servers, etc. They may also attempt to go around the firewall to attack machines on the internal network. Outside attackers may come from the Internet, wireless networks, dial-up lines, physical break-ins, or from a partner (vendor, customer, reseller, etc.) network that is linked to your corporate network. They may be advanced attackers specifically targeting your corporate network for various reasons such as greed (e.g. credit card theft, corporate espionage) or “hacktivism” (defacement of public websites due to perceived social / political issues); or (and far more commonly) they may be Script Kiddies randomly attacking your systems based on the latest vulnerabilities.
Prevention :
So if these guys are this much good whats the way to stop them from attacking our system and stealing our data? why learning hacking of course. So in this post we are going to start with the basics now and then keep learning.
1. IP : IP stands for Internet Protocol and this is a very important thing when it comes to hacking because your IP is like your name and address combined into one. So the wise thing to do would be to hide it. You can't hide your IP literally instead you can try to change it just for time being the process is called as "Proxy". So alright we'll start from the beginning. How to find this IP of mine? Simple. Press Windows key + R. Run program would show up. In that type CMD and press enter. You'll be taken to the command prompt and in the command prompt type ipcofig and press enter. In the lines shown you would have a line saying IP Address : 192.168.5.78 (This isnt my IP so dont even think about it) and Voila thats your IP.
How to hide your IP : Simple really if you have Internet Explorer or Firefox just go to options and in the network panel you would have proxy basically it would be in No Proxy. All you have to do is type in a false IP in the manual proxy and your done. If you think this is way too tough to be done then those using Firefox you have a addon called "Proxy Tool" you can use it to change your proxy in the click of a button so surfing is the internet is safe and anonymous.
2. Robots.txt : No this isnt some giant cyborg robot its just a text file that is used for indexing purposes of search engines and other sites. The basic definition is Robots.txt is a file that is used to exclude content
from the crawling process of search engine spiders / bots. Robots.txt is
also called the Robots Exclusion Protocol.
Robots.txt file has some simple directives which manages the bots. These are:- User-agent: this parameter defines, for which bots the next parameters will be valid. * is a wildcard which means all bots or Googlebot for Google.
- Disallow: defines which folders or files will be excluded. None means nothing will be excluded, / means everything will be excluded or /folder name/ or /file name can be used to specify the values to excluded. Folder name between slashes like /folder name/ means that only folder name/default.html will be excluded. Using 1 slash like /folder name means all content inside the folder name folder will be excluded.
User-agent: * Disallow: /
The "User-agent: *" means this section applies to all robots. The "Disallow: /" tells the robot that it should not visit any pages on the site.
There are two important considerations when using /robots.txt:
- robots can ignore your /robots.txt. Especially malware robots that scan the web for security vulnerabilities, and email address harvesters used by spammers will pay no attention.
- the /robots.txt file is a publicly available file. Anyone can see what sections of your server you don't want robots to use.
3. Form modification :
For every webpage there is a source code and this code must be viewed to see what is being done in the page. Most of the pages are written in HTML and JavaScript. Form modification is the process where this webpage source code could be modified to suit the users need. In Firefox the shortcut is Ctrl + U. And not only for modification the source code might contain something necessary for the page like login information or username something or the other that would help you to get into the page.
4. User Agent :
There are some websites that take note of your Operating System and your browser details for safety precautions. Now this User Agent is used just for this purpose it goes on creating another internet browser in the same system using your trusty web browser. The Add On "Proxy Tool" would also serve for this purpose, this Add On enables the users browser to show up as someone else browser on the internet. So use the user agent for being anonymous.
5. Reconnaissance :
Yes, as in the spy movies you get to recon on the enemy before the attack. If you can get their IP you can use that to get their complete details right from location to what Operating system they use. Most of the sites use PHP pages so if you need to find what kind of version the website has try the following :
The procedure is called PHP Easter Eggs :
PHPE9568F36-D428-11d2-A769-00AA001ACF42 - Type this behind the website and you'll get a image.
PHP CODER GUY WITH BREADSTICKS (Thies C. Arntzen):
PHP Version 4.0.0 - 4.2.3
BROWN DOG IN GRASS (Stig's dog, Nadia):
PHP Version 4.3.0 - 4.3.10
BLACK SCOTTISH TERRIER (Zeev's dog, Scotch):
PHP Versions 4.3.11 - 4.4.6; and 5.0.4 - 5.1.2
BUNNY (Sterling's rabbit, Carmella):
PHP Version 5.0.0 - 5.0.3
COLORED PHP LOGO:
PHP Version 5.1.3 - 5.2.13
ELEPHANT PHP LOGO:
PHP Version 5.3.0 - current
6. Full Path Disclosure :
"http://site.com/index.php?page=about" if we have a site like this and we need to login the page but we don't know the username and password. So we need to know the full path of the site because that full path might contain important passwords or usernames. So for the above website try the following : http://site.com/index.php?page[]=about. This would make the website to throw up errors regarding the absolute path. On the errors that pops out is the absolute path.
So there you go people, whatever i know till now i told you guys, still more to come. Will be updating this topic once a week at least. So keep checking in and have fun.
Note : Whatever i said here is on my own experience from Enigma Group and nothing else. The Rights go to the Enigma people for making such a great site.
No comments:
Post a Comment