Hackers: Detection and Prevention

Transcription

1 Computer Networks & Computer Security SE 4C03 Project Report Hackers: Detection and Prevention Due Date: March 29 th, 2005 Modified: March 28 th, 2005 Student Name: Arnold Sebastian Professor: Dr. Kartik Kirishnan

2 Introduction Internet security is one of the major concerns of organizations, companies, systems, and normal personal-computer users. These stakeholders mainly fear the exposure of their secure documents and information, let alone the soundness of their systems from bugs and worms. The main fear of governmental organizations is hackers that break into their security system to retrieve information via unethical acts. Yet, it is unfair to classify hackers as being the bad people without exploring their background and their purpose. In an original context, hacking is regarded as dedication or passion towards certain interests or habits. Hence, a hacker is referred as an individual who is passionate in what he or she does. Since the information revolution, the word hacking became a buzzword and is generally recognized as illegal or destructive use of computer systems due to misinformation by the media. Therefore, it is interesting to explore what kind of hackers are out there, how they break internet and computer security, and their main reason to doing so. Also, to examine how these hackers could be stopped, we include a discussion on some of the methods employed by hackers. Much alike the unauthorized entry in real life, hacking allows hackers to gain access to others private information. The range of actions that a hacker can take may range from mere learning to complete deletion or alteration of the information. Hacker Types and reasons There are different kinds and names for these individuals that possess an exceptional knowledge for computer and internet security. Few of these terminologies will be discussed, while many can be found in Deborah Radcliff s article [1]. A hacker can be specified as a brilliant programmer, a computer criminal, a gray hat, or a white hat hacker [2]. Black hats, are very skilled crackers who are not easily caught. They possess extensive knowledge in technology and use them to find more vulnerability of systems. White hats, on the other hand, use their skills in attacking computer systems and networks to improve existing defensive measures. A brilliant programmer is someone who can write code very fast, and produce a program that delivers ideas as intended. These individuals are mainly harmless and will not hack programs unless requested to by their company. When these hackers write code to break the security features of programs, systems, and network, they will mainly be identified as crackers. Crackers are those who commit evil acts by breaking the security features of software. These individuals are either driven by personal interests, curiosity, or are paid to crack software or a network system by companies that hire them. Crackers use - 2 -

3 different tools and methods to break the security of a system. Some of these methods are Trojan horse, Snooper, Virus, Worm, Vulnerability and Port Scanner, Exploit, Social engineering, Root Kit, Leet, Packet Sniffing, and many other methods. [2] On the other hand, a cracker can be classified as a Samurai (or a white hat [3]) when he/she is hired for legal cracking jobs. These individuals break into systems and networks to test their security. They see themselves as warriors defending their employer s systems from unethical crackers. All terms and conditions aside the main psychological reason for hackers to peruse their occupation is driven by self satisfaction. This can be in the form of curiosity, the pleasure of committing evil acts, or the enjoyment of showing off what they are able to do, as in kids sending out worms and viruses in mass s for personal war with other individuals, on the account of innocent computer users [4]. To fight such intrusions and invasions of privacy, many methods were developed to companies and individuals. Hacking Tools A worm is an application that looks for weaknesses in a system or a network, and reproduces itself on that system till the system crashes. A virus on the other hand, is attached to software, and is spread once the software is executed. The danger of a virus can be as harmless as a sound, or a picture, or as harmful as a worm, that changes the binary setting of the computer, and crashes the system. Further light will be shed on how each of viruses and worms act when accessing a system. Snooper is an application that enables the cracker to capture secure information, while it is in transit within a computer or a network. For example, information transported between web pages for form applications transitions and stages, and the transportation of information from a form to the server. Trojan Horse is a method that enables the cracker to set up a way to intrude on a computer or a system, by having his/her code installed with useful software on the machine, network, or system. The cracker can enter the system through that back door later on. Examples of this useful software are programs that mimic login screens, viruses that fool the user to download programs, and other applications. Packet Sniffing can be used for network monitoring, and for troubleshooting. It can be a powerful tool to gather information that helps compromise the network. The Hacker Enumeration tools help to enumerate or list out various aspects of target machines, user accounts, protocols, registry keys, and more. [6] Other methods such as changing the code of a system to cover the existence of hacker software (Root Kit), can be found along with more information about the mentioned methods and techniques in the Wikipedia site [2], and on the Net Security source [5]

4 Hacking Thwarting Some of the methods and techniques that are used to reduce the effects of hackers and malicious software are developed by different companies. Companies vary in their ideas of what is the weakest point in a network that should be protected from hackers. Each software tool has its negatives and positives, and below, is a discussion of some of the tools that are used to lessen the intrusion of a hacker or virus to a network system. Intrusion Detection System (IDS) monitors network traffic for suspicious activities and alerts the system or network administrator (Passive IDS), or in certain cases, blocks the user or the source IP address from accessing the network (Active IDS). There are many approaches in detecting suspicious traffic into the network; therefore, the tool comes in many varieties and detection methods. Some are network based (NIDS), and some are host based (HIDS). Others are based on the signature of known threats, or comparing traffic patterns against baseline while looking for anomalies. [5] At any case, the main negative of this tool is the bottle neck formed on the monitored point. When an anti-virus company detects the existence of a Virus or an intruder to a system, they would analyze the suspected file. Depending on the type of the file, actions like: disassembly, macro scanning, code analysis, etc. is done to eliminate the Virus or disconnect the intruder. [7] On the other hand, when a Worm arrives via with variety of extensions, it copies several files into the system directory, from which it can change or modify critical registry keys, delete files, or change the contents of files. There are corporations that specialize in catching these files and preventing the change or modifications of any system files or registry keys. A Worm can also establish a TCP server and starts listening, then download and execute arbitrary files [9]. A reasonable method to fight this kind of Worm is to prevent arbitrary programs from being installed on a server or listening on ports. A Worm can also create an outbound connection to a remote website in an attempt to generate a denial of service attack. A reasonable method to prevent this attack is allowing outbound connections via http only where it is appropriate, and preventing arbitrary http connections. The Worm can then scan for files with addresses, and uses its own SMTP engine to itself to those addresses, and spread by that method quadratically making it difficult to be stopped. To reduce this spread, one could prevent any arbitrary program to install an SMTP engine, and from making any outbound SMTP connections.[8] This is but one of the methods that a Worm can harm a system or a network, and spread across rapidly. Conclusion In conclusion, hackers can be classified in different terms according to their personal interests and actions. Hackers utilize many methods to intrude to a system or a network, such as the Trojan Horse, the Vulnerability Scanner, the Packet Sniffing, and many other ways. To a certain degree, hacking can be considered proper and ethical only if the intensions are to learn and to discover security weaknesses. The only method that a computer or a network can be secured from these attacks is to counter attack these - 4 -

5 individuals by using their techniques to find the weaknesses of a system, and fix it, or use IDS. The software designs and implementations will continue to evolve, but so will the methods and tools for hacking. It only remains how fast companies can discover the functionality of a Virus or a Worm, and utilize a method to stop their effects

6 References [1] Radcliff, Deborah, Jan, Internet Security News: [ISN] Hackers for Hire. [Online] Available at: /Jan/0053.html (March 29, 2004) [2] Wikipedia, The Free Encyclopedia, March, [Online] Available at: (March 29, 2004) [3] Riley, James, Industry looks to get hacked to bits. [Online] Available at: 01f-jr-ih36.htm (March 29, 2004) [4] Kapica, Jack, March, Globetechnology: The syntax of Viruses. [Online] Available at: 4/BNStory/Technology/ (March 29, 2004) [5] Internet and Network Security, Introduction to Intrusion Detection Systems (IDS) [Online] Available at: (March 29, 2004) [6] Pekka Himanen, The Hacker Ethic, Random House 2001 [7] Panda Software, Panda Software About. [Online] Available at: (March 11, 2004) [8] Platform Logic, SoBigF: Intrusion Prevention. [Online] Available at: (March 29, 2004) - 6 -