Look at your network through a hacker's eyes
Most administrators know a great deal of information about the networks they secure—that's part of the job. But to really ensure security, you need to look at your network through the eyes of a determined attacker. In this edition of Security Solutions, Mike Mullins tells you how.
Hackers want to learn everything they can about your organization's Internet presence, intranet design, and security posture. The first step any serious hacker will take when targeting your network is to perform a footprint analysis.
That's why it's a good idea to beat hackers at their own game. Beat these intruders to the punch, and conduct a footprint analysis of your own network from an external network connection. Not only does this practice offer a different view of your network, it allows you to direct your security efforts through the eyes of the enemy.
Let's review the process for performing a footprint analysis. The place to begin this project is with open source intelligence.
Gather information using open source tools
First, go to the Whois.com Web site, and perform a lookup on your organization's domain name. This information should reveal the DNS servers that service your network. Then, use utility programs such as Nslookup and dig to see what information these DNS servers reveal.
Next, target your organization's public Web sites and any anonymous FTP servers you can find. Specifically, you're looking for domain names, network IP blocks assigned to those domains, any information on intrusion detection systems (IDSs), names, phone numbers, e-mail addresses, physical locations, published security policies, any business partners, and new acquisitions.
In your research, make sure to pay attention to what these Web sites are displaying-and what they're not. Save the Web pages to your machine, and open them with Notepad.
Reading the source code of Web pages can provide a great deal of information. You may be able to decipher how developers built them, which software and versions they used, and sometimes even information on the Webmasters themselves.
Keep in mind that business partners and new acquisitions often are a successful vector for attack. If you're not careful, a newly joined network and a rushed integration of a partner network into your own can often lead to a lack of security. In such situations, operations often override security concerns.
Explore your network from the outside
Armed with this information, you can begin your network exploration. Use the traceroute command to discover your network topology and access control devices.
This command features a lot of different switches, which you can use to help bypass access control devices. Read the man pages or help file for more information on using this tool.
However, keep in mind that the results of this command can differ depending on the OS you're using to explore the network. UNIX uses User Datagram Protocol (UDP) with the option to use Internet Control Messaging Protocol (ICMP). Windows always defaults to ICMP echo requests (Ping).
You can also use open source tools to conduct broad ping sweeps, TCP/UDP scans, and OS fingerprinting. The goal is to determine what your network looks like from an external connection. So, you want to verify which ports and services are available from the outside and which operating systems and programs (and which versions) are available for exploitation.
But before you begin, a word of warning: Unless you have specific authorization to break into your network, stop at finding the security holes, and bring that information to someone's attention.
Final thoughts
Most administrators know a great deal of information about the networks they secure-that's part of the job. However, to really ensure security, you need to look at your network through the eyes of determined attackers, and take appropriate action to stop them in their tracks. Remember: Security is a process, not a technology.
Reproduced from an article published by TechRepublic
© TechRepublic
The original article can be viewed here:
http://techrepublic.com.com/5100-1009_11-6047577.html?part=rss&tag=feed&sub...
Permalink Bookmark Digg this story
