Article | REF: H5832 V1

System attacks - Identifying the stronghold's weaknesses

Author: Laurent LEVIER

Publication date: October 10, 2005

You do not have access to this resource.
Click here to request your free trial access!

Already subscribed? Log in!


Overview

Français

Read this article from a comprehensive knowledge base, updated and supplemented with articles reviewed by scientific committees.

Read the article

AUTHOR

  • Laurent LEVIER: Certified Information Systems Security Professional (CISSP) - Certified Information Security Manager (CISM) - Internal Network Security Officer, Equant Télécommunications

 INTRODUCTION

Hacking is, and will remain for a long time to come, a serious threat to business. While in the early days this activity required real skill in various areas of system and network administration and programming, it is now within the reach of a large number of people with varying degrees of experience, thanks to the countless tools available to the public on the Internet. These amateur hackers, lacking the necessary skills, are the main source of serious problems for the company, as they can commit irreparable damage with the sole aim of covering their tracks once they have penetrated the targeted system.

When an intruder wants to attack a company's computer systems, there are generally three main steps:

  • the first is to identify the machines on a network. To do this, it is necessary to overcome the obstacles installed by the company to protect its computers against the dangers inherent in connecting its network to the Internet, for example. We're talking here about firewalls , network antivirus ... The intruder must therefore have a vision of the network he is attacking, and therefore techniques for identifying its inner workings. . In this stage, the intruder must also succeed in remaining as undetected as possible;

  • in the second stage, the intruder, who has succeeded in breaking through these barriers, finds himself "in front" of the computer he wants to access. He must then find a way to get from the outside of this machine to the inside; this is, of course, a logical view of the situation. To do this, the intruder must first list the entry points offered by the targeted system, i.e. network services and the operating system. It is through these doors that the intruder attempts to gain access;

  • finally, in the third and last stage, the intruder must find exploitable security weaknesses at the identified entry points. Depending on the type of weakness, the intruder can gain different levels of privilege. For example, he may simply have the right to list (from the outside) the contents of any file on the system, succeed in obtaining a command interpreter from an unprivileged user, or, ideally, have a command interpreter with administrator privileges.

In this document, we focus on the second stage, describing the various techniques and methods, or even tools, used to identify the network services and operating system offered on a machine. However, we do recall the techniques and methods for locating systems on the network required for the first stage. Readers wishing to delve deeper into this first stage will find more detailed information in the dossier dedicated to...

You do not have access to this resource.

Exclusive to subscribers. 97% yet to be discovered!

You do not have access to this resource.
Click here to request your free trial access!

Already subscribed? Log in!


The Ultimate Scientific and Technical Reference

A Comprehensive Knowledge Base, with over 1,200 authors and 100 scientific advisors
+ More than 10,000 articles and 1,000 how-to sheets, over 800 new or updated articles every year
From design to prototyping, right through to industrialization, the reference for securing the development of your industrial projects

This article is included in

Security of information systems

This offer includes:

Knowledge Base

Updated and enriched with articles validated by our scientific committees

Services

A set of exclusive tools to complement the resources

Practical Path

Operational and didactic, to guarantee the acquisition of transversal skills

Doc & Quiz

Interactive articles with quizzes, for constructive reading

Subscribe now!

Ongoing reading
System attacks