Notes From Security School
Do you want to look inside the world of hackers and learn some lessons about how to thwart their attacks on your network? The SANS Institute's professional training courses may be the best place to start.
Computerworld - The underground world of the computer hacker may seem like a place where chaos rules, but the reality is there's a method to the hacker's perceived madness. And understanding that method is critical to knowing how best to respond to a skilled attacker.
Last fall, the SANS Institute offered three training courses that presented a step-by-step look at how criminal hackers operate and how organizations should respond.
While the bad news is that the hacker underground remains as cunning and capable as ever, the good news is that the security community continues to gain an understanding of how hackers operate.
I attended the SANS training and will pass along some of the crucial information provided. My notes from the sessions offer a look at how criminal hackers work. These lessons can give you the knowledge necessary to begin hardening your network against attacks.
Although no two hacker exploits are the same, most follow a series of predictable steps that are designed to increase the hacker's chances of success, says Ed Skoudis, founder and senior security consultant at Intelguardians LLC, a Washington-based information security consulting firm and the primary SANS instructor in hacker techniques, exploits and incident handling.
There are basic steps that "represent the flow of an attack," says Skoudis. They include conducting reconnaissance, scanning, exploiting systems and keeping access. And knowing what hackers do during each of these steps is critical to understanding how to defend your enterprise.
When a hacker conducts reconnaissance on a target, he is basically "casing the joint," says Skoudis. But it doesn't take much work because most organizations give away a lot more information than they realize. And that's why a hacker's recon operation almost always begins with publicly available information.
Ed Skoudis, founder and senior security consultant at Intelguardians LLC
A Web-based recon of public information may also reveal disgruntled users or employees, as well as data about help desk requests. Likewise, it's possible to download a site's HTML code using a crawler, such as the one found on SamSpade.org. That would enable a hacker to search HTML and hidden fields and possibly uncover vulnerable scripts, Skoudis says.
The most common online method of reconnaissance, however, is conducting a "whois" search to gain domain registration data. Detailed searches can provide an attacker with the IP address of the organization's Domain Name System server. The attacker can then begin mapping the enterprise network in order to harvest additional IP addresses.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- Mobile Policy Checklist Here's what to consider when putting together a mobile policy designed to support a highly productive workforce.
- Securing BYOD Mobile computing is becoming so ubiquitous that people no longer bat an eye seeing someone working two devices simultaneously. Individuals and organizations are...
- Gartner Report: A Guide to Gartner's Enterprise Mobile Security Self-Assessment Gartner introduces a model and a Toolkit intended to help mobility and security IT leaders assess their enterprise mobility programs from a security...
- Gartner Report: Containing Mobile Security Risks With the 80/20 Rule IT planners can deliver better mobile protection with higher user satisfaction by segmenting users into risk groups before committing to specific management or...
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts