Follow GFI:
Find us on Facebook Follow us on Twitter Find us on Linkedin Subscribe to our RSS Feed Find us on YouTube Find us on Google+
 

5 Popular Hacking Techniques – Do you know your enemies?

on November 29, 2010

“Know your enemy and know yourself and you can fight a hundred battles without disaster.” – Sun Tzu

While the famous Chinese general may not have had hacking techniques in mind when he penned The Art of War some 2500 years ago, there is great merit in knowing your enemy, and the techniques s/he may use against you. If you are a network administrator, a critical part of your job is defending your systems. Knowing what these attacks are, and how to defend against them, will help immensely with the task of protecting your information systems from harm. While there are thousands of potential attacks, and many books and countless websites that cover them to the tiniest detail, the following five general categories can help you defend against the lion’s share of threats facing your systems.

1. Attacking Defaults

These days, essentially every piece of hardware and network application on the market comes with a set of default credentials; a username and a password that grant administrative access to the system. One of the most common ways of gaining unauthorised access to a system is by exploiting the fact that often, admins do not know, or do not care to change, these defaults.

Whether we are talking about a database application, a router, or a printer, defending against these attacks is simple. The first thing you should do when connecting a system to your network or installing an application on a server is to change the default credentials.

2. SQL Injection

Arguably one of the most devastating attacks against web based systems is the SQL Injection attack. Today’s dynamic websites often comprise much more than just a web server serving html code and graphics files to users. Ecommerce sites use database servers to host the backend information that is used to build interactive sites, present product information, and take orders. Even some of the most simplistic seeming websites may have a database on the backend. If the site provides a way for users to log on, or to submit information, you can bet there is a database behind the scenes.

SQL Injection attacks are when an attacker inputs SQL commands into the fields meant for other information, like usernames or search strings. A properly designed website will examine any data submitted by a user to make sure that the information is valid. A username typically will contain only letters; an email address might have letters and numbers, but only a few metacharacters like @, ., -, and +. If this input contains something a simple as a single quote ‘ sign at the end of the username, it could be interpreted by the database application as constructed SQL, and interpreted as a query. While it may not be a valid query, the database server may return an error that exposes information like the name of the database, its tables, and key fields. Continuing down this path, an attacker could submit SQL commands into the username field that could be executed to return the contents of the database, or to do things like drop tables.

To defend against this attack, your web applications must evaluate all submitted data for input that does not contain expected and allowed characters. Whether your application sanitizes user input by removing invalid characters, escaping any SQL specific characters before passing input to the database, or rejects it with a message back to the user asking them to try again using only allowed characters, it must act as the first line of defense to ensure that no commands can be passed to the database. Remember, even a command that fails, if executed by the database server, may reveal more information to the attacker that will make the next attack more effective.

3. Exploiting Unpatched Services

I have been in the information security field since 1997, and have been a CISSP since 2003. Of all the hundreds of security incidents I have been involved in, whether on behalf of an employer or for a client, I can still count on my two hands the number of intrusions that have not been the result of an attacker taking advantage of an unpatched system. Patching is time consuming, often difficult, and can sometimes introduce problems even as it is trying to prevent others, but the fact remains that you must patch your systems. Every operating system, whether it is installed on a computer or embedded as firmware on a piece of networking equipment, and every application your users run, has flaws. They were all written by humans, and mistakes were made. As these flaws are uncovered, updated code is released by the manufacturer to correct these issues, hopefully before a bad guy uses these flaws to exploit a system.

As an administrator, you must keep up with these patches, testing them as necessary, and deploying them to all networked systems. As operating systems and applications age, and fall out of support, you need to budget the necessary time and resources to update/upgrade these systems. Just because a vendor no longer issues updates for a system does not mean that there are no more security issues to be discovered.

The bad guys may frequently use any or all of the three hacking techniques we just covered, but there are still more you need to be prepared against. In the second part of this series, we’ll look at two more common hacking methods that you will be up against, and summarize some best practices to help you defend against them all.

About the Author: Ed Fisher is an information systems manager and blogger at several sites including his own site, http://retrohack.com. An InfoTech professional, aficionado of capsaicin, and Coffea canephora (but not together,) he has been getting my geek on full-time since 1993, and has worked with information technology in some capacity since 1986. Stated simply, if you need to get information securely from point A to B, he’s your guy. He is like “The Transporter,” but for data, and without the car; and with a little more hair.

About the Author:

Ed Fisher is an information systems manager and blogger at several sites including his own site, http://retrohack.com. An InfoTech professional, aficionado of capsaicin, and Coffea canephora (but not together,) he has been getting my geek on full-time since 1993, and has worked with information technology in some capacity since 1986. Stated simply, if you need to get information securely from point A to B, he’s your guy. He is like "The Transporter," but for data, and without the car; and with a little more hair.

 
Comments
Patrick November 29, 20103:23 pm

Where are #4 and 5?

 
Giselle Borg Olivier November 29, 20103:34 pm

There’s a second part to the blog post. It will be published in the coming days.

 
Sue Walsh December 1, 20104:49 am

Excellent post! It’s really amazing how many people don’t change the defaults on their routers, FTP logins and the like. I know of several small businesses that just won’t install updates or patches and don’t even see the need to update their anti-virus software. They consider it a hassle and feel it’s too time consuming. They think their firewall alone will protect them. I am sure they will eventually learn the hard way.

Ito Chow December 10, 20104:43 am

The opening quote surely got a chuckle out of me. Not that it’s wrong mind you, but that it’s brutally true. Cyberspace has literally turned into a battlefield of ideas and technology. Not only do you have to know how to defend yourself against cyber attacks, you’ll also have to know what to defend against. It’s a sobering idea actually, using sun tzu’s teachings as a way of learning how to defend against hackers. Though it may sound melodramatic off the bat, this is war after all.

Francesca December 10, 20105:09 am

I think this article’s especially apt right now with the Wikileaks attack. With cyber ruffians hitting big businesses like Paypal and Mastercard, you’d be a fool to think that cybercrime is nothing more than petty vandalism. With anyone with an IT degree being a potential threat, companies now have to worry about every small crack and possible exploit in their area. And it’s up to us folks at the IT dept to find a fix for it.

nordie December 11, 20106:03 am

@Francesca

You completely nail it I think. The internet (despite the fact that we all love it) has become this large area of abstract gray that, I think, the world is only now coming to grips about its implication in world politics. The problem is, with the internet changing right before our eyes every single day, it’s hard to really draw boundaries that won’t change the next day. How can you create a cohesive guideline on its use if you don’t really fully know what it does?

Joross_812 March 14, 201110:37 am

Another way of being proactive is to apply Vulnerability Scanning and / or Vulnerability Assessment to your system.

These two methodologies not only identifies possible threats to your hardware and software, it also give suggestions and assess several issues, such as:

-Are your software patch, virus definitions, drivers, and add-ons updated?
-Is your computer network secure from online and offline threats?

Being proactive is a life-saver.