Welcome to Scribd, the world's digital library. Read, publish, and share books and documents. See more
Download
Standard view
Full view
of .
Look up keyword
Like this
2Activity
0 of .
Results for:
No results containing your search query
P. 1
Security Arsenal for Survival

Security Arsenal for Survival

Ratings: (0)|Views: 44|Likes:
Published by rajunair

More info:

Published by: rajunair on Mar 26, 2009
Copyright:Attribution Non-commercial

Availability:

Read on Scribd mobile: iPhone, iPad and Android.
download as PDF, TXT or read online from Scribd
See more
See less

06/25/2010

pdf

text

original

 
 
 Abstract 
—Today is the Golden Age of Hacking. Any person with malicious intents can acquire tools andtechniques via numerous freely hosted sites to launch attacks on Networks. Identifying and eliminatingsecurity threats has become an arduous task for the administrators and not only big networks but alsohome users are becoming target for the hackers, which use these slaved machines to create larger Botnets.One solution to get rid of these is to acquire proper know-how on how to defend against such attacks.This paper takes a typical scenario of a system, which was installed afresh but after connecting to thenetwork it showed signs of being controlled by somebody else. A live case study has been taken and step-by-step procedure is demonstrated along with relevant screen shots and data analysis. We see howpractically it becomes essential to install anti-virus, firewall, patches etc. for the survival of these out-of-the box infant PCs.
 Index Terms
—Cyber Crime, Security Threats, Antivirus, Firewall, Patches, Botnets.
Introduction
No matter where we work, what is our job profile and how your company competes in the market, noorganization can survive without network connectivity. Internet has widely opened the progressopportunities that were only dreams few years back. As a matter of the fact though Internet delivers lotsof goodies but at the same times it gives nightmares to system administrators throughout the world.Security vulnerabilities linger and consequently create a breeding ground for attacks, which even a novicecan exploit to create a security breach as, indicated in the Fig. 1. Though script kiddies launch theseattacks they can cause lot of damage to the networks.The security research community as well as vendors identify and publish on an average 40 new securityvulnerabilities per week. These vulnerabilities provide a multitude of avenues for attacks. Incorrectlyconfigured systems, unchanged default passwords, product flaws, or missing security patches are amongthe most typical causes of the network intrusions. Only by understanding how attacks work and what anattacker does to compromise a machine can a company position itself so that it can be properly protected.Knowing what an attacker can do to compromise a system and what that compromise looks like on anetwork allows administrator to build a secure system.
Academic Open InternetJournal
 ISSN 1311-4360 
www.acadjournal.com
 
Volume 19, 2006
 
Mandatory Security Arsenal for Survival on the Internet:Techniques and Remedial Actions(June 2006)
Maninder Singh,
C|EH, Member IEEE.
Seema Bawa,
 Member IEEE.
and S.C. Saxena
 
Page 1of 12Mandatory Security Arsenal for Survival on the Internet05-Dec-07http://www.acadjournal.com/2006/v19/part6/p3/ 
 
 
Fig 1. Attack sophistication vs. intruder technical knowledge.
 As is the saying in the Military Doctrine “Know thy enemy first” so we need to know what tools andtactics a cracker uses to compromise a system. Primarily cyber-crime, focuses on Win32 systems andtheir users. In this paper we show how to compromise a default windows 2000 machine using commonexploits, it is not meant to be a tutorial on hacking. It is meant to help closing down the vulnerabilitiesand patching the system so as to get better security across the networks.
Passive and active reconnaissance
This is the first phase of an attack hacker tries to gather as much as information possible for the target.There are two ways of gathering information first one is passive where hacker listens to the network traffic by using a Sniffer and secondly he can get information by probing the machine/network thusleading to an active methodology. Whatever may be the method intent is to know which operating systemin running on the target and which all ports are open so as to tailor made an attack.One of the most popular types of passive attacks is sniffing. This involves sitting on a network segment,watching and recording all traffic that passes on the segment. This will provide lot of information to thehacker. Hacker can sniff NT authentication packets and later on use some password cracking tools to getuser credentials. In active reconnaissance attacker probes the system with some tool.We will use a tool SuperScan that helps not only to scan the target but also enumerate so as to exposemany critical details which helps to mould the attack accordingly. This is typical case of an educationalinstitute where say Mr. Cracker comes with his laptop, hooks on the laptop to the free Info-outlet port andgets an IP (internet protocol) address dynamically assigned by Institute’s DHCP (Dynamic HostConfiguration Protocol). He now uses SuperScan to scan the whole network so as to build an inventory of the systems running on the network and finally targeting the weakest among these to launch the attack.For this paper we have taken 192.168.1.75 (private IP series address) as the IP address of the hacker’smachine and 192.168.1.76 as address for the victim. Hacker launches SuperScan and does scanning (i.e.active reconnaissance) as in Fig.2.
Page 2of 12Mandatory Security Arsenal for Survival on the Internet05-Dec-07http://www.acadjournal.com/2006/v19/part6/p3/ 
 
 
Fig. 2. Scanning the target using SuperScan
 From this hacker comes to know that the victim machine is having ports 135, 137 opened, which arebasically used by windows NetBIOS over TCP/IP for file sharing etc. Next hacker runs enumeration forthis particular machine so as to get more details about the accounts, shares, services etc.The following information retrieved by enumeration Fig.3. is very critical and gives valuable informationto the hacker.Attempting a NULL session connection on 192.168.1.76NULL session successful to \\192.168.1.76\IPC$A null session is only established when there are no credentials for a process to start under (no user nameor password). Typically, only the operating system itself runs as system.Workstation/server type on 192.168.1.76Windows 2000Workstation/Server Name : "192.168.1.76"Platform ID : 500Version : 5.0Comment : ""Type : 00051003It also tell the hacker that the Operating System is Windows 2000 so that he can tailor the attacksaccordingly.
Page 3of 12Mandatory Security Arsenal for Survival on the Internet05-Dec-07http://www.acadjournal.com/2006/v19/part6/p3/ 

You're Reading a Free Preview

Download
scribd
/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->