The majority of the session was about patterns in hacking recently and things to watch out for. They're telling us that due to the current economic climate, security is becoming more important because:
- Desperate times breed desperate people, and if people need money they may see an economic incentive.
- Higher rates of staff turnover/reduction at companies may lead to higher numbers of disgruntled people whom have inside knowledge of systems
- Staff changeover in companies without proper change control in place may lead to an administrator leaving and their replacement thinking patches, etc. have been done when they haven't.
So, what are the hackers up to? Leaving the script kiddies aside, there's a general, iterative procedure that a professional hacker tends to follow, being:
- Recon - investigate the system and find out as much as they can, determining internet points of presence.
- Probe & Attack - check for open ports, WiFi sidejacks, open file shares, anonymous access
- Gain toehold - get low level access as an anonymous or standard user in unobtrusive manner, social engineering attacks, etc.
- Advance - use the towhold position to attempt buffer overflows, injection attacks, weak passwords
- Stealth listening - consolidate their position, cover the tracks, look for further opportunities for privelige escalation, packet captures, etc.
- Takeover - own the system via a rootkit, download data or use system as a launching place for attacks on other systems on the network or internet.
One of the particular things they mentioned to crack down on is open file shares. Having access to the file system would allow the attacker to download nsf files, or the address book. Having access to the ID files is a particular risk, because they can be downloaded and subjected to an offline attack. Certificate ID file too, because that could be attacked and used to certify a new admin.
Posts
No comments:
Post a Comment