Hacking by Solis Tech: How to Hack Computers, Basic Security and Penetration Testing (2014)
Chapter 4: Understanding Basic Security Systems
All hardware, networking, and operating system manufacturers understand that all computer users need protection in order to set up a defense against unauthorized access. Most of the time, this protection comes in a form of a password and encryption in order to give hackers a hard time decoding important files in any case they get past initial security.
However, skilled criminal hackers have different methods in decoding passphrases and encrypted files. Some can even devise methods in order to manipulate a computer user into simply giving out his password.
Because of this, you have to understand how protected your computer really is by understanding the different kinds of attacks that device users normally experience.
Network Infrastructure Attacks
These attacks are those that are launched by hackers by reaching a computer’s network via Internet. These attacks are done through the following:
1. Attaching to a network via an unsecured wireless router
2. Targeting vulnerabilities in network protocols, such as TCP/IP and NetBIOS
3. Covert installation of any network analyzer to capture every packet sent from the targeted computer, and then decrypting the information into a clear text.
Operating System Attacks
These attacks are probably most preferred by criminal hackers, simply because different operating systems are susceptible to different types of attacks. Most hackers prefer to attack operating systems like Windows and Linux because they are widely used and they already had plenty of time learning how to exploit their vulnerabilities.
Here are some of the most popular OS attacks:
1. Attacking the OS authentication system
2. Destroying the file system security
3. Cracking passwords and taking advantage of weak encryption policies
4. Attacking the computer’s built-in authentication policies
These attacks normally take advantage of email software, web applications, and file downloads. These systems are typically attacked:
1. HTTP and SMTP applications, since firewalls are often configured to allow full access of these services
2. Unsecured files that typically contain personal or sensitive information that are scattered through servers and database systems containing vulnerabilities
3. VoIP policies, since they are normally used by businesses
Mapping Out your Security System
Now that you know these attacks, you have an idea regarding which part of your system you should protect the most, and what malicious hackers would want to test in order to know whether they can penetrate your computer system or not. When attackers want to infiltrate a system, they would want to know the following:
1. Your privacy policies
Your privacy policies include the firewall that you are using, the type of authentication you require for your Wi-Fi connection, and other technical information about your network. These are the things that you definitely do not want other people, apart from the users of your computer system, to know. Once other people learn how you let people connect into your network, there is a big chance that they will know what hacking method they should use in order to get into your network and exploit other vulnerabilities.
2. Your computer’s hosts
A simple Whois search will provide IP addresses and hostnames, and will possibly reveal all the open ports, running services, and applications. A hacker may also want to use the basic ping utility that they have in their OS, or third-party tools that will allow them to ping multiple addresses, such as the SuperScan or fping for UNIX.
3. Open ports
It is possible to list network traffic through a network analyzer like Wireshark and OmniPeek. You can also scan all network ports available in a computer using SuperScan or Nmap. By doing so, you can uncover the following information about your network:
1. All protocols that you are using, such as the NetBIOS, IPX, and IP
2. All services running in each host, such as database applications, email services, and Web servers
3. Remote access services such as Remote Desktop, Secure Shell, VNC, or Windows Terminal Services
4. Your computers VPN services, such as SSL, IPSec, and PPTP
5. Information about required authentication for sharing across the network.
Specific ports unveil specific tasks that are running in a computer, and once you probe them, you will see which path is the easiest way for any malicious hacker to take in order to hack the information that is most important to him. As a rule of thumb, you would want to start protecting the hosts that would give any hacker the easiest way to your most vital information or taking control over your entire system.
Secure System Checklist
If you want to make sure that you have a secure computer system that is impenetrable or difficult to penetrate, you need to make sure that your system is protected from the following elements:
1. Physical access or theft
A computer that has no physical security is an unsecured machine. Make sure that you have protocols when it comes to who should be allowed to access your computer physically. Also, make sure to store your computer securely in order to prevent theft.
2. Remote vulnerabilities
While most computers have antivirus programs that detect suspicious programs and then quarantine them, a computer needs to be protected from other computers that attack your system outside your local network. With this said, you need to make sure that your ports are secure. You can protect your ports by having a secure firewall that will prevent unauthorized access from one computer to another. It would also be good measure to check for software installed in the computer and see which ones are capable of communicating with other users beyond the firewall.
3. Peripheral attacks
While these are uncommon nowadays, there are already reports wherein computers are being attacked by devices that are connected to open ports. These attacks happen because most of the peripheral devices that people own now have their own processing abilities and memory.
It is important to check all peripheral devices that are being inserted into USB hubs or are connected wirelessly to your computer for bugs or skimming devices. That way, you can prevent any keylogging software or firmware that can root your computer. Smartphones should also be checked for vulnerabilities and possible malware to prevent unwanted file transfers.
4. Phishing attacks
Phishing attacks are often designed to look like you are communicating with an authority from a website that you frequently visit or a brand that you normally buy. These attacks often attempt to make you reveal your personal information, such as your passwords or security codes.
These attacks can be easily prevented by having a smart protocol when it comes to replying to mails or phone calls. It is a necessary rule for people to always inspect elements of an email or a phone call and become mindful of suspicious activities. At the same time, it should always be a practice for everyone to only reveal sensitive information through secured and verifiable means.
At this point, it would be a good idea to start mapping out the most vulnerable areas of computer system. It is also the best time to create testing standards to avoid mishaps and develop an accurate documentation and action points whenever you do a hack test. Your standards should include the following:
1. Documentation of which tests are performed
2. Source IP addresses if performing test across the web, and how these tests are performed
3. Action plan when a vulnerability is discovered
4. Date and time when the tests are performed
5. How much information and what skills you need to acquire in advance before performing a test, including the ideal hacking tool to use
By having a standard on how to test for vulnerabilities and actually knowing what you need to do when you encounter a major security flaw in your system, you will be able to get rid of all the baseless assumptions about hacking. When you have a standard to follow, you will realize that hacking involves real risks, and that you should stop hacking when you become unsure of the outcome. You will also realize that you do not have all the right tools for the method of hacking or forensics that you need.
At the same time, you will also be able to acknowledge that systematic hacking, whether ethical or not, requires great timing. That means that attacks on your computer, most especially the successful ones, happen when a hacker lands on the best vulnerability to hack, and a computer user who does not know how to identify an attack.
Now that you have all the information that you need about how your network and your computer stores and sends information, you will want to start assessing for vulnerabilities.