A guided tour to someone else's network
Breaking In
You need to think like an attacker to keep your network safe. We asked security columnist Kurt Seifried for an inside look at the art of intrusion.
In June 2009, a virtualization product aimed at web servers was found to have a few security vulnerabilities. The end result was that about 100,000 web sites got hacked and deleted at a number of different providers. (It's not clear how many were recovered.) Also in June, the security-related website astalavista.com was hacked, and a variety of files and databases, as well as the remote backups, were deleted. These were only the "big" hacks that were newsworthy, the actual number of websites and servers compromised is much higher.
The techniques for network attacks keep evolving. In this article, I take a look at some favorite strategies for the latest generation of intruders.
A Quick Legal Disclaimer
Please note that engaging in the kinds of activities described in this article can potentially get you into trouble, ranging from a stern talking to by your network administrator to a less-than-enjoyable, all-expenses-paid vacation courtesy of whichever law enforcement agency you manage to annoy the most. So why am I writing this? If you want to build and maintain secure systems, you need to understand how to make them fail. If you want to buy a good lock, you either have to buy a bunch of locks and learn how they work or find someone who has [1]. My advice is to get a cheap quad-core machine with lots of RAM, put VirtualBox or VMware on it, and build systems and networks you can attack without disturbing anyone else.
A Brief History
Life used to be pretty simple. You had a server, and on it you ran a couple of services (mail, file, DNS, etc.). If users wanted an application, you installed it on their machines. If users wanted to edit or upload content remotely to the web, you gave them FTP access. Email was just text, PDF files didn't include JavaScript, and image files were just image files – they weren't executable content. To secure your network, you simply kept things up to date, firewalled access, and ran as many services as possible without root access.
On Brute Force Attacks
Some automated tools simply hammer away, attempting a variety of common exploits against any server they can connect to, giving up speed and sophistication for brute force. This often works because of the sheer number of web servers and applications and, more importantly, because of the number of out-of-date applications with well-known security flaws (witness Adobe taking several weeks to months to fix various vulnerabilities in their Reader product). Some studies put the percentage of abandoned web logs at 95%, and, if no one is updating them with content, the chances are that no one is updating them for security fixes [2].
Buy this article as PDF
(incl. VAT)
Buy Linux Magazine
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters
Support Our Work
Linux Magazine content is made possible with support from readers like you. Please consider contributing when you’ve found an article to be beneficial.
News
-
NVIDIA Released Driver for Upcoming NVIDIA 560 GPU for Linux
Not only has NVIDIA released the driver for its upcoming CPU series, it's the first release that defaults to using open-source GPU kernel modules.
-
OpenMandriva Lx 24.07 Released
If you’re into rolling release Linux distributions, OpenMandriva ROME has a new snapshot with a new kernel.
-
Kernel 6.10 Available for General Usage
Linus Torvalds has released the 6.10 kernel and it includes significant performance increases for Intel Core hybrid systems and more.
-
TUXEDO Computers Releases InfinityBook Pro 14 Gen9 Laptop
Sporting either AMD or Intel CPUs, the TUXEDO InfinityBook Pro 14 is an extremely compact, lightweight, sturdy powerhouse.
-
Google Extends Support for Linux Kernels Used for Android
Because the LTS Linux kernel releases are so important to Android, Google has decided to extend the support period beyond that offered by the kernel development team.
-
Linux Mint 22 Stable Delayed
If you're anxious about getting your hands on the stable release of Linux Mint 22, it looks as if you're going to have to wait a bit longer.
-
Nitrux 3.5.1 Available for Install
The latest version of the immutable, systemd-free distribution includes an updated kernel and NVIDIA driver.
-
Debian 12.6 Released with Plenty of Bug Fixes and Updates
The sixth update to Debian "Bookworm" is all about security mitigations and making adjustments for some "serious problems."
-
Canonical Offers 12-Year LTS for Open Source Docker Images
Canonical is expanding its LTS offering to reach beyond the DEB packages with a new distro-less Docker image.
-
Plasma Desktop 6.1 Released with Several Enhancements
If you're a fan of Plasma Desktop, you should be excited about this new point release.