|
|
|
Unattended Terminals It is quite common to find user terminals left signed on and unattended for extended periods of time, such as during lunch time. Assuming that the hacker can gain physical access to users’ work areas (or assuming that the hacker is an insider), this situation is a perfect opportunity for a hacker to compromise the system’s security. A hacker may use an unattended terminal to process unauthorized transactions, insert a Trojan horse, download a destructive virus, modify the user’s.rhost file, or change the user’s password so that the hacker can sign on later. The network administrator can minimize the threat from access through unattended terminals by ensuring that:
Writeable Set User ID Files UNIX allows executable files to be granted root privileges by making file permissions set user ID (SUID) root. Hackers often search through the file system to identify all SUID files and to determine whether they are writeable. Should they be writeable, the hacker can insert a simple line of code within the SUID program so that the next time it is executed it will write to the /etc/passwd file and this will enable the hacker to gain root privileges. The following UNIX command will search for SUID root files throughout the entire file system: find /-user root -perm -4000 -print. The network administrator can reduce the possibility of illegal access through SUID files by ensuring that:
Computer Emergency Response Team Advisories The Computer Emergency Response Team (CERT) issues advisories whenever a new security exposure has been identified. These exposures often allow unauthorized users to gain root access to systems. Hackers always keep abreast of the latest CERT advisories to identify newly found bugs in system software. CERT can be accessed via an anonymous FTP at info.cert.org. The network administrator should ensure that:
Hacker Bulletin Boards The Internet has a large number of hacker bulletin boards and forums that act as an invaluable source of system security information. The most popular hacker bulletin board is the “2600” discussion group. Hackers from around the world exchange security information relating to various systems and often publish security-sensitive information relating to specific organizations or hacker techniques relating to specific programs. The network administrator should ensure that the organization’s data security officer regularly reviews hacker bulletin boards to identify new techniques and information that may be relevant to the organization’s system environment. Internet Software The Internet offers a large number of useful tools, such as SATAN, COPS, and ISS, which can assist data security officers and administrators in securing computer resources. These tools scan corporate systems to identify security exposures. However, these tools are also available to hackers and can assist them in penetrating systems. To identify and resolve potential security problems, the network administrator should ensure that:
SUMMARY Hacker activity is a real and ongoing threat that will continue to increase as businesses connect their internal corporate networks to the Internet. This chapter has described the most common hacker techniques that have allowed unauthorized persons to gain access to computer resources. The self-hack audit is becoming an increasingly critical technique for identifying security weaknesses that, if not detected and resolved in a timely manner, could allow hackers to penetrate the corporate system. System administrators and data security officers should keep abreast of the latest hacker techniques by regularly reading all CERT publications and hacker bulletin boards.
|