February 24, 2005

Hackers’ Methods – Part Two

by roy

The Trojan Horse

The name of this hacking technique comes from a Greek legend describing a covert operation in which an army of Greeks delivered the gift of a giant wooden horse to the citizens of Troy. The unsuspecting Trojans then hauled the huge monument to a position inside their city walls. When night came, however, a platoon of Greek soldiers exited from the wooden horse and went about their way plundering and slaughtering throughout the city.

Modern-day hackers perform similar ploys to get their insidious code for viruses and other hacking tools into the confines of your firewalls and servers.

One method that works frequently is to have a user download an executable file that has been disguised as an update patch, new game, or animated graphic. When the user installs the program, he is also installing the hacker’s software. The hacker’s code is embedded in the program’s executable code.

Back Door Man

Very often, Trojan horses are used to install “back door” software. This software works on the same principle as popular communication software, like PCAnywhere.

The basic code permits the user to take control of the monitor, keyboard and mouse services. The most popular of these underground programs is Back Orifice, which is free to download if you go to their site, as many hackers do. (If you’re interested in investigating these sites, or even downloading their software to become familiar with hacking methods, set up a separate “lab” network and use a different ISP than you use for your professional network.)

So, how do you stop these intrusions?

For one thing, back door programs can be detected by anti-virus software, so be sure to update your anti-virus on a regular basis. Also, don’t download unknown programs from unknown vendors or from email messages.

Configure your browser not to allow Active-X programs to download. (It’s very easy to add hacking modules to Active-X code.)

If you’re a systems administrator, educate your users about the above methods for back door protection.

Attacking Web Sites and Web Applications

Web sites containing applications shared by several users on an intranet, or web sites with forms to fill out, can be vulnerable to hacking. If a visitor can enter the requested information, he can also learn how your web site collects data. Sometimes the web page information that appears in the URL bar (the information after the “?”) can reveal things about your software or server.

The solution? If your web site has input forms, don稚 trust raw user input. Filter user input data. Numerical user input data should be only numbers, for example. All other characters should be filtered out. One way to do this is with anti-virus programs. Many companies such as Symantec and McAfee offer them.

Some General Defenses:

All of the hacking software mentioned above is extremely “noisy”, sending millions of packets to and from your server. This activity can be detected by IDS (Intrusion Detection System) software; at which point, the systems administrator can be warned by an email, pager or some other means. The IDS has a database of attacks signatures, which it matches with the packets it is receiving.

A good rule of them is never telnet to your firewall, routers, etc. This makes it easy for attackers to intercept your password, because the data is not encrypted.

Use switches instead of hubs to control the flow of packets. Cisco switches, for example, divide your network into subnets which limit the areas which the traffic can enter.

Definitely use the latest patches provided by your OS vendor. (True, Microsoft releases patches every week, and this drives some admins crazy, but think of the consequences of not installing them.)

Discuss this in the Internet Business forums

Story link: Hackers’ Methods – Part Two

 

Leave a Reply




 

Previous: «
Next: »

Visited 2079 times, 1 so far today

Posted in: Security