You may reprint or publish this article free of charge as long
as the bylines are included.
Original URL (The Web version of the article)
---------------------------------------------
http://www.defendingthenet.com/NewsLetters/HowWillYourNetworkBeCo
mpromised.ht
m
Title ----- How Will Your Network Be Compromised? Complex
Hacking - Computer Compromise
------------------------------------------------------ Every
time I attend a "Security Guru's" meeting, I'm amazed by how
much time and effort is spent on discussing complex hacking and
computer compromise of computer networks and systems.
One person is going on about the latest "heap corruption"
vulnerability and another is discussing man-in-the-middle
techniques for compromising remote access systems. Most of these
vulnerabilities are very difficult to successfully exploit. Some
of them require specific host platforms, special tools, in-depth
knowledge of many programming languages, and a lot of luck.
I'm not saying there are not tons of vulnerabilities and
exploits like these, it's just that they are not always easy to
take advantage of, and therefore, may not present themselves as
high risk events for most organizations.
It's The Little Things The Will Get You Every Time
-------------------------- During security assessments, there
are times when I am able to successfully exploit a "technical"
vulnerability to gain system or internal network access. For
instance; during a recent assessment, I identified a web
application server that appeared to be vulnerable to an IIS /
ASP vulnerability that would allow an attacker to dump all .ASP
code on the server. After some effort and a little C/C++ code, I
was able to take advantage of this exploit. After perusing
through the .ASP code on the server, I was able to gain
important information that resulted in the comprise of an
internal system.
However, the reality is it is the simple things that are the
biggest problem. Most times, internal network compromise is the
result of one or more of the following:
The installation of a web support application that has little to
no security features to begin with;
The installation of support software that has a well-known
default password for the admin account. And, the person
installing the software never bothers to change the password;
Improperly configured communications devices such as routers and
switches;
Important, and sometimes critical documents left on web servers.
Information that only internal or technical people should have
access to;
Poor password and authentication policy. Users using weak
passwords to access accounts, especially remote access devices
that are present on the Internet;
Test servers that the have been forgotten about and are still
present on the Internet;
Poor network border architecture For instance; installing a
firewall and forgetting that there are other network that need
to be protected or should be placed behind the firewall.
The above is just a handful of "Little Things" that get
overlooked and can result in the undoing of your networks
security measures.
As an example; Many organizations provide their internal and
external customers with a public FTP service. Most times, this
is done to allow people to easily post "non-critical" or public
information and share it with other associates.
Recently, I identified just such an FTP server. The server
allowed anonymous logons, however it contained sub-directories
that were secured. These secure directories were only accessible
by the people who owned the account. It was obvious to me that I
was not going to easily compromise these accounts. On the other
hand, sitting right in the anonymous "root" directory was a .zip
file that was rather large. I downloaded the file, which took
quite a while, unzipped it on my desktop, and guess what it
contained? It was a compressed file of the entire FTP server,
including the secure directories.
I would bore you with what I found within these directories. The
bottom line is, I should have never had access to the
information they contained.
Conclusion ---------- The bottom line is this; it really is the
little things that will come back to haunt you when it comes to
computer security. No system should ever be rushed into
production. This is one of the most common causes for poorly
secured systems. The team in charge of implementing new
technology needs to be educated on how to securely deploy new
systems. And if you are installing support software from outside
vendors, make sure you thoroughly review their products security
features. Also, make sure they fully disclose any known bugs or
improperly functioning features.
About the author:
Darren Miller is an Information Security Consultant with over
sixteen years experience. He has written many technology &
security articles, some of which have been published in
nationally circulated magazines & periodicals.
|
