You can often find these serious technical vulnerabilities after exploiting organizational password vulnerabilities: Weak password encryption schemes. Hackers can break weak password storage mechanisms by using cracking methods that I outline in this chapter. Many vendors and developers believe that passwords are safe as long as they don’t publish the source code for their encryption … Read more
It’s human nature to want convenience, especially when it comes to remembering five, ten, and often dozens of passwords for work and daily life. This desire for convenience makes passwords one of the easiest barriers for an attacker to overcome. Almost 3 trillion (yes, trillion with a t and 12 zeros) eight-character password combinations are … Read more
Whatever your computer- and network-security technology, practically any hack is possible if an attacker is in your building or data center. That’s why looking for physical security vulnerabilities and fixing them before they’re exploited is so important. In small companies, some physical security issues might not be a problem. Many physical security vulnerabilities depend on … Read more
Social engineering will put your layered defenses to the true test. Even with strong security controls, a naïve or untrained user can let the social engineer into the network. Never underestimate the power of social engineers — and that of your users and helping them get their way. Policies Specific policies help ward off social … Read more
People use social engineering to break into systems and attain information because it’s often the simplest way for them to get what they’re looking for. They’d much rather have someone open the door to the organization than physically break in and risk being caught. Security technologies such as firewalls and access controls won’t stop a … Read more
As part of mapping out your network, you can search public databases and resources to see what other people know about your systems. WHOIS The best starting point is to perform a WHOIS lookup by using any one of the tools available on the Internet. In case you’re not familiar, WHOIS is a protocol you … Read more
The amount of information you can gather about an organization’s business and information systems that is widely available on the Internet is staggering. To see for yourself, the techniques outlined in the following sections can be used to gather information about your own organization. Social media Social media sites are the new means for businesses … Read more
You can use identified security vulnerabilities to do the following: Gain further information about the host and its data. Obtain a remote command prompt. Start or stop certain services or applications. Access other systems. Disable logging or other security controls. Capture screenshots. Access sensitive files. Send an e-mail as the administrator. Perform SQL injection. Launch … Read more
After finding potential security holes, the next step is to confirm whether they’re indeed vulnerabilities in the context of your environment. Before you test, perform some manual searching. You can research websites and vulnerability databases, such as these: Common Vulnerabilities and Exposures ( http://cve.mitre.org/cve ) US-CERT Vulnerability Notes Database ( www.kb.cert.org/vuls ) NIST National Vulnerability … Read more
As a security professional, you need to gather the things that count when scanning your systems. You can often identify the following information: Protocols in use, such as IP, domain name system (DNS), and NetBIOS (Network Basic Input/Output System) Services running on the hosts, such as e-mail, web servers, and database applications Available remote access … Read more