If they successfully penetrate your de-fenses, they can use you and abuse you at will.

And because they “own” you, they have “own” you, they have “own”your most private information, which

can allow them to steal your money and even your good name to take advantage of others.

Hackers are no different than any other criminals. As with all criminals, some are better than others. And like anyone com-mitting illegal acts, they each have their own modus operandi.

This issue will explore new types of op-portunities, which also means having to protect yourself against different kinds of crooks. Hackers. And knowledge is one of the strongest weapons against any threat:

By Doug Dziuba Senior Network EngineerCISSP

ANATOMY OF A

HACK HACK ATTACK

1

“Hackers are no different than any OTHER CRIMINALS.”

First, we’ll examine why it’s important you understand who hackers are; how they might probe you for weaknesses and attack; and what havoc they might cause your business or organization if they pen-etrate your computer network.

In July, we’ll offer tips on how to detect hackers and suggested tools for protec-tion.

In August, we’ll widen our focus and ex-amine how the concept of IT security fi ts into overall risk management.

(Cont. on page 2)

hack A

ttack

Anti-hacking resourcesTools used for each phase of a hack can be found on the Internet and your local bookstore.

Two books that outline methods and tools are “Anti-Hacker Toolkit” and “Hacking Exposed.” These books both come with a CD full of tools that can be used to assess security and crack system security.

A quick search on the Internet will reveal thousands of potential tools and tech-niques, Some common tools:

NetcatPing SweepNessus Security ScannerNMAPWinfi ngerprintL0phtcrack

Some interesting hacker sites:http://www.2600.comhttp://www.hackcanada.comhttp://www.nmrc.orghttp://www.hackers.com

Welcome to the June issue of Know IT:

Page 1-2: Anatomy of Hackers

Page 3:Novell’s freenetworking

A network’s unmet potentialJu

ne,

200

3 is

sue

Kn

ow IT

Volume 1, No. 2: June, 2003: Baltimore/Washington,DC Region

301-805-0700

Jun

e, 2

003

issu

e K

now

IT

Generally, there are two types of hackers, each with different mo-tivations . Knowing the potential motives of these criminals in

advance can help guide your thinking in preparing an overall IT security plan. If you know why someone may hurt you, you’re better able to protect yourself.

Opportunistic hackers don’t care what computer network they hack.

They browse the Internet seeking to connect with vulnerable victims. The tar-get profi le: unprotected networks open to compromise with scripts and easily downloaded utilities—hence the term “script kiddies.”

Deterministic hackers (AKA crackers) tar-get a particular organization.

They may be disgruntled employees, harbor an ideology at odds with the orga-nization or are industrial saboteurs.

No matter how or why hackers choose a target, they typically follow similar steps once a target is acquired. A caveat: As with any misadventure, those steps can change. Exploring a particular vulnerabil-ity may lead hackers down an unexpect-ed path.

Before footprinting, hackers scour the Web’s public record databases with Do-main Name Server transfers and Whois and ARIN searches. They seek informa-tion about the specifi c devices an organi-zation uses to connect to the Internet.

These basic tools tell hackers the own-er of an Internet domain, the IP addresses it owns, and what addresses are used for e-mail, web sites, and other systems listed in a domain’s name server.

Now specifi c system footprinting be-gins. The search results lets hackers know where a to send an electronic ping to fur-ther identify a network. This ping sweep simply asks for different network hosts that access the network to respond.

When hackers map out a network’s In-ternet accessibility, they typically use au-tomated tools to ID which network devic-es are vulnerable to attack. They are prob-ing to see what door they can enter.

If they fi nd one they can enter, they may be able to “banner grab,” a tech-nique that can tell them what software is on the host machine.

So far, nothing illegal has occurred.

If these methods are successful, they may able to determine what version of Windows or other operating system you have. They’ll know your vulnerabilities, and how to attack. That attack can give them access to your information or allow them to crash, or even control, your net-work.

The methods of penetrating an appli-cation, and eventually a network, are too varied and complex to list in this space.

Suffi ce to say, maintain a robust sched-ule of installing manufacturer’s security patches. (For more information, see the article “To Patch Or Not To Patch,” Know IT, Vol. 1, No. 1, page 2).

Once attackers have system access, they will try to hide their tracks by editing or deleting log fi les. Their presence is unknown. They can enter, use your network’s resources and leave at their convenience. They may also create backdoors. These other less detectable points of entry are there in case their primary entry point is discovered. In hacker terms, all this is called “owning the system.”

If an attacker’s goal is information stealing, they may access all your data for an extended time. Careful system auditing and log reviews by a network administrator can thwart them.

If hackers have a vendetta against an orga-nization, they can delete critical data or confi g-uration fi les. Even worse, they may modify crit-ical data fi les in an attempt to embarrass or discredit an organization.

Hackers can also use a system they “own” as a launching pad for attacks against other net-works.

The goal here is to lead a potential investi-gation of the second hacked system back to your network. A question for you to ponder: Without adequate protections in place, can you prove to law enforcement that your orga-nization did not originate the attack?

The potential for liability to third parties for damages based on negligent security has cre-ated another form of insurance: hacker insur-ance (and yes, it is available from Lloyds of London!)

Dealing with hackers is of course just one portion of an overall IT security plan that in-cludes anti-virus needs, a fi rewall, physical se-curity and more.

Whether those requirements are met with your own expertise, in-house IT staff or with the help of a network consultant, it is vital that they are addressed.

Next month: Your tools for protection.

ANATOMY OF A

HACK HACK ATTACK ATTACK ATTACK HACK ATTACK HACK HACK ATTACK HACK ATTACK ATTACK ATTACK

The ATTACK

The ABUSE

“If HACKERS have a vendetta against an organization, they can delete critical data or confi guration fi les. “

Part 1 (this month) – Anatomy of a hack attack

Part 2 (July) -- What to look for, and tools for protection

Part 3 (August) -- The IT security fi t into risk management

By Doug Dziuba Senior Network EngineerCISSP

1

2

3

4

2

hack A

ttack

As an example, hackers can crash your network through denial of service. During a “Smurf Attack’’ a variety of devices on your network may receive thousands of messages from other Internet hosts. This activity could overwhelm your network.

The goal may simply be to conduct an attack that will allow information to be stolen. A new client had an unprotected e-mail server with the address published on the Internet. Hackers penetrated the server and loaded their own software onto the host system.

The Footprint

The Perpretrator

Independent Network Consultants 301- 805-0700

Publisher: David Russo, david@inei.com

Editors: Michael Blankenheim, newinquiry@aol.com;

Devette Brabson, devette@aol.com

Production: Michole Moore, mmooore@inei.com

Writers: Doug Dziuba, ddziuba@inei.com;

Bill Stine, bstine_inc@yahooo.com;Neil Hardy, nhardy@inei.com

Design: Masai Design, info@masaidesign.com

10401 Lanham Severn Rd.Suite 106, Lanham, MD 20706

(301) 805-0700; Fax-(301) 805-1643www.incons.com

Info@inei.comReprinting information: Contact Michael Blankenheim

or Devette Brabson Copyright 2003, Independent Network Consultants

Since the early days of computing, small businesses have been on a quest to attain the promise of an anytime, any-where computing solution without

breaking the bank.

And with the Internet fi rmly ingrained into our culture, balancing need vs. cost has gotten more complicated. Businesses are told to stay competitive they need a web presence allow-ing customers to easily interact with them. To establish a truly strong web presence, howev-er, one has to bring business processes online. That can be intricate at best, not to mention the slew of potential security issues that arise.

Novell is offering a web presence/network in a box, so to speak. And the cost, of the soft-ware, is nothing for a small operation. Novell Small Business Suite 6 is now free for fi ve users or less using one or two servers, after being sold for $1,295 during the fi rst year of its release.

It is a group of products that can help a small business obtain the goal of high-pow-ered computer networking integrated with the Internet. It is geared toward those seeking their fi rst computer network or for those seek-ing to upgrade from more complex, less stable products.

Suite 6 is suitable for PC or MAC environ-ment. It contains networking, e-mail, col-laboration, security and desktop management products.

It allows users to easily access/exchange a huge variety of information between their workstations and offsite employee comput-ing devices. And if the product is used to its maximum potential, it enables a business to establish a robust, and secure, web presence.

Basic use of the system is designed for easy setup and administration. And Novell’s reputa-tion for products that don’t crash is near leg-endary in many high-tech circle.

To stay competitive in today’s markets, companies need to maximize IT invest-ments by using every tool available to help manage day-to-day user require-

ments, increasing data strains on their net-works plus future growth.

Not knowing the capabilities of your net-work and software can be costly. The cost could be minimal, or quite substantial, particularly if you were to purchase several applications that do the job of one you already have.

Novell Offers Small Businesses Novell Offers Small Businesses NovellNetworking at a Great Price Free!

Ensure your network meets its Ensure your network meets its Ensure your network meets

Potential

A NETWORK’S UNMET POTENTIAL

We know of a fi rm with heavy-duty docu-ment management needs. What’s required is the ability for multiple users to work on the same document, for all users to see everyone’s changes and for a record to be kept of each document version.

Essentially, this client needs software that provides a document library. The fi rm is already using Novell’s GroupWise Email system, which could easily provide those needed document library features and more.

But because of the fi rm’s corporate cul-ture—in this case, preferences of some users for older, less effi cient software—GroupWise’s document library features aren’t confi gured/implemented. The network isn’t reaching its potential.

A BASIC SOLUTION

We see networks not reaching their poten-tial, because of internfal inertia and lack of training, all the time. Our advice is simple.

Computer networks can accomplish amazing tasks. In fact, your network may be equipped with tools that you were not aware of right at your fi ngertips.

E-mail, scheduling, calendaring, document management, and online day-timer tasks.

Internet access control: Block inappropriate Web content while ensuring Web access is “strictly business”.

Mobilize with a cell phone, PDA, or any standard Web browser, for access and collaboration between all users.

Establish a Web presence and offer online customer services.

Protect data and systems from potential breaches and virus attacks.

Share fi les, applications, printers, devices, and even Internet connections.

Novell Suite 6 Key Features (Cont. on page 4)

By Bill Stine Network Engineer

By Neil Hardy Senior Network Engineer

netw

orkin

gJu

ne,

200

3 is

sue

Kn

ow IT

3

(Cont. on page 4)

Independent Network Consultants 301- 805-0700

Additional licenses are available at the follow-ing prices:

• $70 for a total of six users;

• $300 for 10;

• 25 for $1,250, etc.

Suite 6 is for up to 50 workstations. Happily, Novell’s license policy is such that only real us-ers require a license. (Some providers consider network devices such as printers as an addi-tional license!)

KnowIT

Find out what your network can do, and then take the steps to ensure your network does what it can to meet your requirements—all within the context of your human resource and budget constraints.

This applies whether your organization or business has 200 PCs or 10.

Potential (From page 3)

By Bill Stine Network Engineer

Novell (From page 3)By Neil Hardy Senior Network Engineer

Independent Network Consultants 301- 805-0700

Jun

e, 2

003

issu

e K

now

IT

4

netw

orkin

g

While the network software is free for fi ve users or less, a small business still needs the PC or MAC workstations and server to run it. PC servers running Suite 6 must be Pentium II or higher with hard drive space of 4 GB or more and memory of 256-512 MB. To implement Suite 6 fully may require two servers.

And for Suite 6 to reach its maximum po-tential of connecting a small business’ network online, confi guring it can be a complex process best left to either professional in-house IT staff or a sharp outside network consultant.

Overall though, Suite 6 gives small business owners the tools of big business on a small business budget. Free is hard to beat.

There is, of course, a caveat: There may be incremental costs to implement or confi gure unused features on your network. But typical-ly, that cost is LESS to make use of something you already have than it would be to go out and purchase more capabilities.

Sit down and ask yourself what an ideal net-work would look like.

Make a list of your requirements. With your requirements list in hand, explore whether your current network meets them, and if not, determine if there is anything you can do to change that.

Of course, some clients have consultants perform these tasks for them, while others prefer to perform the work themselves after obtaining advice from a consultant. The best network consultants are ones who work closely with clients to determine their comfort level about how much work the client wants to perform themselves.

But whether you’re using a network consul-tant, in-house IT staff or your own expertise, take the time to know the capabilities of your network and the software on it. This may entail a committed investment of your time, but it will pay off in the long run.

Exploring your network’s capabilitiesQuestions to ask yourself:

1) What do I use my network for? What do I want it to do for me?

2) What are the current capabilities of my software? Hardware? Some suggestions:

A) Use, learn internal documentation.

B) Go to the vender’s website. Look at FAQs, the Help Section, What’s New, etc.

C) Call the vender. Ask sharply focused questions. Ask about discounts to help with training, etc.

3) What are the costs to make chagnes? Implementing unused portions of your software may bring more charges from the software vender, or it may require hardware to be tweaked or added. Addi-tional licenses may be needed.

4) Are there upgrades that may improve my current software (possibly at a dis-count?)

5) If I do need new software, what hard-ware may need to be upgraded or added to run it?

Welcome to the June issue of Know IT:

Page 1-2: Anatomy of Hackers

Page 3:Novell’s freenetworking

A network’s unmet potential

10401 Lanham Severn Rd.Suite 106, Lanham, MD 20706