Cracking and Hacking: Are You Doing Enough for your Network Security?
Cracking and Hacking:
Are you doing enough for your network security?
by Seamus Phan
Recently, one of the most used hardware routers in the world was exposed to a security design flaw which would allow average hackers less than 2 weeks to break through the router firewall. The security threats many networks face today is very real, and sometimes, IS departments without a rock-solid security policy and implementation may fall prey to hacking.
Hacking can be defined two ways: (1) Getting into the internals and esoteric levels of programming, and (2) breaking into secured information. Some hackers are specifically programming wizards who would hand-code programs with the most esoteric commands to create tight, streamlined software. These are benign "hackers". However, the second kind of hackers break into secured information residing on networks, servers and extranets. These hackers can again be separated into benign and malign varieties. "Underground" or "dark" hackers break into networks without authority, and do so often in mischief (less often with malicious intent). "White hat" hackers are hackers who are authorized by companies and governments to hack into networks to test the network security implementation. Many "white hat" hackers are ex-underground hackers grown up and "re-educated".
There is another variety of hacker, or more correctly, "cracker". Crackers are individuals who break security through brute force methods, more often by cracking the software protection of application programs. For example, crackers are adept at deciphering the passwords and keycodes of application programs so that they can use these applications without purchasing them. These are the lowest forms of hackers, and are often despised within the hacker community.
Let's say you are an IS manager within a large corporation with a router-secured network or extranet. You are given the responsibility to ensure the safety of sensitive information within your network. You may have to turn "white hat" hacker in your off-duty hours. But how?
Hacking is often more tedious and mundane, and do not require sophisticated equipment (unless you are into telecommunications hacking, the celebrated form of hacking more common in the United States and Europe).
To find out whether your network is at all secure, you can use the freely available SATAN software (Security Analysis Tool for Auditing Networks) or Internet Security Scanner (ISS), which are network probing software. SATAN has been condemned as a double-edged sword, since its designers Wietse Venema and Dan Farmer intended it as a network analysis tool. But its ease of use gave less-than-average hackers an inroad into probing public networks.
To run SATAN, you need a UNIX or UNIX-compatible machine. LINUX or freeBSD will be good operating systems to start with. Decompress the SATAN archive into your workstation, and make sure Perl 5.000 or better is installed. You need a web browser (any web browser, including LYNX will work). Then run the "reconfig" script which will patch some scripts with the pathnames of your PERL 5 executable, and of your web browser. Now run the "make" command to allow execution. Since your network sits behind a router firewall (or any firewall for that matter), you should reset your proxy environment variables (such as $http_proxy $file_proxy, $socks_ns, etc.) and/or change your browser configuration to disengage your SOCKS host or HTTP Proxy. Now you can run the SATAN script, but remember to run as a superuser in order to collect data about your network. When run without arguments, SATAN will start up your default web browser.
There you have it, your first hacking experience with no trouble at all!
Another very vulnerable area is the use of passwords. Many users today have weak passwords that any less-than-average hacker can easily decipher. Common passwords include birthdates, passport numbers, and cheesy words (like "love", "honey", etc).
If you suspect that a lot of your users use weak passwords, it may be time to turn hacker for a day (or more) again. This time, you can use the Crack program, which has the same system requirements as SATAN.
Crack is a password guessing software that can quickly locate security loopholes in UNIX and other password files by scanning the contents of a password file, and identifying users with weak passwords. Crack comes with 3 versions bundled together, the standard version, the minimalist version (faster), and the brute force version (for a thorough scan).
The path to hacking is not a straight and narrow one. I have simply opened the door to illustrate two common tools. There are hundreds of tools available, some public, some proprietary. Hacking requires many different tools, lateral thinking (which may imply a slightly "criminal" mind), patience, and persistence. If you want to ensure that your network is truly secure, you as an IS manager may have to approach your network implementation with the mentality of a hacker - use their tools, adopt their mindset and behavior, and just maybe, your network security will be sound, for now.
Seamus Phan is a leading author, speaker, trainer and Internet technologist in the areas of quality management, service quality and the Internet's impact on business competitiveness. Based in Singapore, Seamus consults for many international companies, government agencies and smaller companies around the world.
First published on BankersOnline.com 12/18/00.
Copyright, 1999 - 2000 Seamus Phan. Seamus can be reached via email at: seamus@seamusphan.com. All rights reserved.