How Adversaries and Methodologies of Network Security works
So, who are the people that are known as hackers? What is their motivation? How do they conduct attack? How are they able to breach measure which we have confined to confidentiality, integrity, and availability? What can we do as practice to defeat them? These are all the questions which lead us to this section of the article and we will focus on answering them.
We are social beings and many of the systems can simply be compromised through social engineering. People can be harmed, in just an effort of being helpful; an example of this includes giving out passwords over the phone. Attackers are skilled to be convincing, but you should remember, and reminded that the security of a system ultimately depends on your own behavior.
Major security incidents take place within organizations by insiders who intentionally cause harm. Organizations should develop strong security controls, and should implement special practices for protecting the internal environment from such incidents. One such practices which reduce the risk of an insider threat is by separating duties, people are less likely to misbehave when they are required to cooperate with others.
The fact is that security is often taken too difficult for understanding by users and they prefer “whatever” functioning’s to no functionality. Remember that if security is made too stringent, the users will either have no access to resources or would face hindrance in performing their work.
Adversaries in Network Security: Organization should identify the prospective adversaries for defining threats so they can defend against attacks taking place on information systems and information’s. The adversaries are; hackers, terrorist, Nations, criminals, disgruntled employees, corporate criminals, and Government agencies such as FBI and NSA.
Hackers are known for being the famous outside threat. They are known genius people but are definitely persistent and have spent ample of time in learning their craft. Various titles are assigned to hackers, they are:
- Hackers: These people are computer enthusiastic and break into the systems and computers for learning about them. They sometimes don’t mean harm and don’t want have any financial gain, but the information they carry is unintentionally passed on to others who intend to harm. The sub categories of hackers are as follows;
- White Hat (Ethical Hackers)
- Blue Hat (Bug testers)
- Gray Hat (Ethically questionable hackers)
- Black Hat (Unethical Hackers)
- Crackers (Criminal Hackers): These hackers have a criminal intention for harming by achieving financial gain and sometimes are also referred to as Black Hat hackers.
- Phreakers (Phone Breakers): These people pride on compromising telephone systems. They disconnect, reroute line, steal long distance services, and sell wiretaps.
- Script Kiddies: These smarties are not hackers but believe themselves as hackers, they don’t write the script code but run a skillfully written script codes of others.
- Hacktivists: These hackers have government as their major concern and exploit government websites with political agendas.
Methodologies In Network Security: Hackers aim at the target and intent to compromise it completely. They start off with no or little information about the target, and by the end; their analysis completes by compromising the entire network. The approach they use is always methodical, never rushed and reckless. Following are the steps which represent the track they carry;
- They perform complete footprint analysis of the aim.
- They enumerate systems and applications.
- They manipulate various users for gaining complete access.
- They escalate the privileges.
- They gather as many passwords and secrets as they can.
- They do installation of backdoors.
- They leverage compromised system.
The above mentioned steps are a track for structured attack and not every hacker will follow these steps. They follow method of thinking outside the box. For a successful attack, the hackers might begin with getting to know as much as they can about the system, they build a complete profile of company’s security posture. By use of various techniques and tools hackers are able to discover company’s IP address of systems, domain names, services and ports, network blocks, and things which pertain to the security posture related to intranet, internet, remote access, as well as extranet.
Once the footprint is completed, hackers tend to use tools for gather more information about the network and systems. The tools which hackers use are readily available on the internet (Netcat, GetMac, SDK etc.). The other way hackers gather additional information is by manipulating employees of the organization. The appeals which seem innocent tend to take away important information which results in getting hackers one step closer to the target. Using the method of foot printing hackers take the phone numbers and addresses from the website and then contact these people directly for revealing passwords; without any suspiciousness.
This technique is a part of social engineering approach. Hackers can also pose as visitor, a company person or anything and walk into the premises for gathering further details. The next step for hacking involves reviewing the gathered information, and then searching for username of host, password, hot keys which can grant password of application and user. The information enables to escalate privileges on network or host. If all this information does not provide passwords, the hacker may run a Trojan horse attack which copies malicious code to users system and gives it the same name used frequently as a piece of software.
The next step for hacking involves getting more information and high privileges which also includes sensitive data and other passwords. The aim now directs to AD of domain controllers and local security control account manager’s database access. The hacker would use tools such as lsadump or pwdump for gathering passwords from the machines which run Windows. They are then cracking these passwords with the use of Cain & Abel Software tool. Through cross referencing of password and username the hacker can easily gain administrative access to networks and computers.
If any case the hacker gets detected entering the “front door”, he can easily enter through the “back door” without any detection. This step of using the back door is a way of bypassing authentication which is a way of securing the system and entering in undetected. The most common approach used as back door point is listening port which lets the hackers in without using privileges. The same steps are repeated for all the systems once the hackers obtain administrative rights for one. Hackers exploit a single system or a set of networks and generally the whole process is automated.