Is your production or corporate network an open invitation to hackers everywhere? How do you know that a hacker hasn't responded to the challenge and taken control of your company's entire network(s)? We continue our series from the article, "
As Mr. O'Reilly at the Factor would say, "Caution: You're about to enter a no spin zone." What you're about to read may cause you to think more seriously about sophisticated hackers and their quest for control of your systems and data.
Ever wonder what hackers are up to next? One response is, "I'm too busy doing my job and applying hotfixes...". Yet hackers want dominion over your network -- and ultimately, ascertain your company's data -- not your job! Security hotfixes can be a red herring if you're trying to determine what new technology a hacker will utilize next. While you're busy applying hotfixes for recently exploited programs, hackers are "manufacturing" the next "Killer App" or hacking tool, to decide the fate of your job or your company's presence on the Internet. Solomon wrote:
"What has been will be again, what has been done will be done again; there is nothing new under the sun."
The Internet is the new messenger of our civilization; it is the electronic carrier of our communications and global marketplace for the 21st century. The concept of a messenger and human communications is nothing new; both have been around since the beginning of civilization. For good or evil, the Internet has the infrastructure to deliver both causes -- yet this age-old battle is nothing new, but an ongoing struggle for many who have succumbed to the temptations of unethical practices on the Internet and in business.
You don't have to look very far today to see the financial burden hackers impose on some businesses, and the corporate "book cooking" going on by some CFO's, to understand that the consequences of management corruption have lasting repercussions in the organization's culture, its employees, and inevitably the company's reputation. How does this relate to network security? A company in turmoil makes for an easy target, and employees with technical expertise -- threatened by unemployment -- may seek revenge through hacking methods and/or disseminating confidential information in a public forum.
For young novice and experienced hackers, the obsession begins as a challenge and is reinforced by the adrenaline rush (what I call the 4-P cycle of continuous hacking) experienced during each intrusion. Sophisticated hackers appear to be invincible and flawless in their attacks, and unlike some addicts in need of a quick fix, hackers are patient and determined to stake out your network, one host at a time.
Unlike monochronic cultures and polychronic cultures, hackers are of the individualistic culture and think primarily in terms of "I" and "me".
Tracking down and prosecuting hackers will not solve all of our security problems. Applying Deming's 85-15 rule will show that about 85% of security failures are due to system breakdowns in layered security management beyond the network administrator's immediate control while administrators are responsible for security failures 15% of the time.
Sophisticated hackers understand that knowledge of their target's (1) business culture, (2) network configurations, (3) partner connections, and (4) hours of operations, is essential to build a basic framework to workaround. Initial port scans begins the process of collecting network information that is then organized to identify potential security holes. Hackers are methodical in approaching their targets and planning their attacks.
Hacking technologies incorporate one or more of the following characteristics:
- Propagation through automations
- Faster discovery/roaming programs
- Firewall and wireless pseudo (friendly) packets
- Distributed server and client agents
- Anti-virus & patch/hotfix programs
- IE, Outlook, and OWA
- IIS and SSL
- Cisco routers and firewalls
- VPN clients
In our next article of the Weakest Link series, we'll focus on protecting your firewall -- your networks' second level of defense.
Luis Medina is the author of "The Weakest Link Series," which offers network managers an opportunity to identify ongoing network security issues. Luis also answers security questions in SearchNetworkings Ask the Expert section. Submit a security question to Luis here or view his previously answered Ask the Expert questions.
This was first published in July 2002