Thinking Like a Hacker to Protect Your Network - Literature review Example

? Thinking like a hacker to protect your network al Affiliation) Introduction The advancement of information technology has brought forth the evolution of the types of threats and methods of attack used to penetrate an organization’s private network. Despite the tight security measures put in place to ensure information security, hackers develop more advance means and methods to compromise the security of a network and manage to access unauthorized information and resources. The sure way to to best ensure network security is by using the view point of a hacker. That is, in order to better identify the system’s weakness and be able to create effective defense mechanisms against hacking is by viewing the system from a hacker’s perspective. A true computer security professional has the mindset of a hacker and is always mentally breaking into the system or thinking of possible ways and methods through which the system can be penetrated. With such a mind set, a computer security professional or a user is best placed to protect his or her network given that he will be able to develop countermeasures to the possible vulnerability exploitation existing in the network (Kanclirz & Baskin, 2008). A reactive defense such as applying the latest patches the servers and workstations is not adequate or effective in protecting the network from attack and vulnerability exploitation. In addition to understanding how a hacker’s mind operates, there is need to know the tools the hacker uses to compromise the security of a network. Learning and thinking like a hacker will ensure that one is in a better position of identifying and eliminating the vulnerabilities before the damage is done thus a secure network. Several steps need to be taken in order to fully secure an organization’s private network infrastructure. Analyzing how a hacker may break into the network is not feasible and a demonstration is needed to show how and what can be done to compromise the network security. The possibility and the likelihood that the network security can be compromised needs to be determined regardless of the means used. Furthermore, the potential impact the security compromise poses to the organization needs to be understood before any step is taken towards securing the network. Any steps taken towards protecting the network will not be as effective as they would have been in case possible vulnerabilities and security compromise methods are understood (Kanclirz & Baskin, 2008). In order to achieve a watertight network security understanding how hackers operate and the methods used to attack and exploit vulnerabilities in the system is imperative. In addition to understanding how hackers work to compromise the security of a network and exploit the vulnerabilities, a thorough understanding of the network is also vital. Knowing the valuable assets and the methods through which they can be attacked is fundamental in the process of ensuring the network security of an organization or personal network. The attack methods that are commonly used by the hackers need to be thoroughly understood in order to develop an effective defense strategy against such attacks should they occur (Spivey, 2007). In ensuring the security of a network, having the knowledge of how the network can be compromised contributes enormously in formulating effective security measures. Thinking like a hacker will enable one to conduct a vulnerability assessment on the network and act upon it in order to evaluate the security of the network, data and applications. Vulnerability assessment involves network penetration tests using tools and methods to exploit the vulnerabilities existing within the network just like a hacker would have. It not only shows how the network can be compromised but also the assets that can be stolen or damaged (Dhanjani & Clarke, 2008). Hackers work in a systematic and a well organized manner to compromise the security of a network using sophisticated tools and software. In order to counteract these methods, understanding and testing them on the network is imperative. The following are tools and methods used by hackers to compromise the network security which can be turned into the advantage of a network security professional through a thorough understanding (Laet & Schauwers, 2009). Diagram the network The first step in protecting the network infrastructure is understanding how the network operates including all the network components and their location. With the aid of such tools as Visio or simple tools as Ms word, the topology of the network can be drawn. The network topology diagram will help in the identification of all the network component within the infrastructure such as routers, servers, switches and workstations. Just like a hacker would have done, the security precautions in place for the identified network components should be evaluated. Close attention and focus should be directed to those network components with public IP address given that they stand a higher chance of being scanned by the hackers (Dhanjani & Clarke, 2008). Given that most vulnerabilities are created through an always on internet connection, vulnerability exploitation through static IP addresses availed through internet access are likely to occur. With that known, one should ensure that the network security of such network components with public IP address are set up in a way that frustrates any possible hacker making them ignore and move on to the next target. One should therefore ensure that basic security policy including strong and effective firewall is in place on the network (Laet & Schauwers, 2009). A number of hackers tend to exploit protocol ports on which the internet is built, that is , the TCP/IP protocol. The TCP ports are the most targeted ports give that they utilized by most servers such as web servers, mail servers and other servers which are constantly connected to the internet. Hackers scan and attack TCP ports using the public IP addresses of these servers which are publicly available. A network with such kind of servers should have strong and high encryption firewall and anti-port scanners installed in order to protect port scanning and attack. Identifying the ports that present known vulnerabilities such as the following will ensure that the servers are set not to use such ports or security measures tightened for that specific port in order to avoid scanning and exploitation of the network through such ports. Such ports as SNMP (161), FTP (21), SMTP (25), Telnet (23), , DNS (53), HTTP (80), POP3 (110), NNTP (119), MAP, (143) are known to have vulnerabilities which can easily be exploited by hackers through scanning of the public address of the servers connected to the network (Scambray, McClure, & Kurtz, 2012). The Methodologies and Technologies used by hackers There a number of methodologies used by hackers to test for vulnerabilities and gain access to a network. The hacking process is done in a systematic manner. The following include the tools and methods used by hackers. Foot-printing Foot-printing involves gathering the necessary information needed about the target network such as the IP addresses and the network domain. Hackers gather achieve foot-printing through the use of various techniques such as social engineering whereby they gather the information needed through socializing with the staff who release vital information without knowing. Information required can also be acquired through the use of online information resources such as Whois (Mann, 2008). In order to minimize the chances of social engineering occurring at the organization which will otherwise compromise the security of the organization’s network, professional computer security personnel will opt to train the staff not to give out any sensitive information to unknown persons without identification. The staff should be advised to shred papers instead of dumping them given that hackers can collect sensitive information through trash diving. The location of the routers can also be kept hidden since finding the location of network components is one of the primary roles a hacker does on the reconnaissance stage (Mann, 2008). Scanning and enumeration After a successful foot-printing, a hacker then uses the information gathered during scanning such as the operating systems used by the servers, the services offered by the network , the location and type of the networking components. After which he will formulate a strategy of attacking the network. Various tools are available that most hackers utilize to scan the ports of a network in search of vulnerabilities. Hackers achieve port scanning through initializing a connection to the networks TCP and UDP ports in order to find the available and vulnerable services and applications (McNab, 2012). Once port scanning is successful, applications and services are open for further information gathering which will aid in exploiting the vulnerabilities and weaknesses of the network. Hackers use such tools as network ping sweep to determine of the network is alive and running, Nmap; a network mapping tool for packet fragmentation and various ports scanning types. Nmap and Xprobe2 are also used for active operating system fingerprinting while siphon is used for passive fingerprinting. Other tools used for port scanning include Nslook up for interactive scanning of the DNS servers, Telnet, Ping, Wireshark and Nessus vulnerability scanner (McNab, 2012). Nmap: is considered the best network scanner among the network scanning technologies and tools used to determine and exploit vulnerabilities in a network infrastructure. Nmap is a free open source software and tool for network scanning and auditing. It’s the best choice hackers prefer in terms of network scanning (Philipp, Cowen, & Davis, 2010). The software utilizes raw IP packets in new ways to establish the host that are available on a network, the services, the operating system including their versions and the type of packet filters or firewalls used. Even though Nmap was designed for rapid scan for large networks, it can be used to effectively scan single hosts. Nmap includes an advanced general user interface in addition to classic command line executable. It also has a debugging tool called Ncat, Ndiff and Nping for packet generation and response analysis (McNab, 2012). MiTeC Network scanner: this is a network scanning tools considered second best after Nmap. It has features that enable a network administrator or a hacker to perform ping sweeps and scan for open TCP and UDP ports. Network scanner: this software and vulnerability analysis tools enable the user to see all the available network computers within a few seconds. It has the ability to scan an unlimited number of IP address and computer for both NetBIOS resources and running FTP and web services (Long et all, 2008). In order to compensate for the possible vulnerabilities that a hacker can detect through port scanning, installation of effective firewall filtering software in the network is mandatory. Installation of firewall with dynamic packet filtering is one sure way to guard against port scanning hence eliminates hackers from finding the vulnerabilities within the network. The firewall maintains the security of the network by operating on as-needed basis rather than leaving the ports open throughout (Long et all, 2008). Installation of an intrusion detection software that examines log files for network in order to track hacker’s activities within the network and prevent possible attack before it is done. For enumeration, such tools as Dumpsec, Winfo, Sid2user are used to attack null session Hacking and exploitation After scanning the network ports and determining the vulnerable ports and places within the network, a hacker would strategies on how to attack the network by using different tools and software to compromise the security of the network and access. After gaining access to the network a hacker can a chose to steal confidential and sensitive information or damage the resources, data and assets within the system (Lockhart, 2007). There are various methods used to gain access to the network after a successful scan is done. The brute force method is used by hackers to constant try all the possible password to a system using data dictionary. MD5CRK is a password cracking tool used to decode harsh passwords into plain text thus allowing a hacker to know the real passwords used within a network (Lockhart, 2007). Network Hacking Cycle Conclusion Network security is a fundamental part in ensuring the security of information within an organization or a private network. Several steps and methods can be employed in order to ensure that a network is secure and safe from attacks. Any network is vulnerable to attacks and measures should be put in place to mitigate these vulnerabilities present in a network. One of the ways to protect and minimize the chances of network attacks and hacking is understanding how hackers operate to gain access to a network system. Understanding the ways of the hacker will enable one to see the potential vulnerabilities that exist within the network and develop counteractive measures to protect the network before such vulnerabilities are exploited. References Dhanjani, N., & Clarke, J. (2008). Network security tools. Sebastopol, Calif.: O'Reilly Media. Kanclirz, J., & Baskin, B. (2008). Netcat power tools. Burlington, MA: Syngress Pub.. Lath, G. D., & Schauwers, G. (2009). Network security fundamentals. Indianapolis, IND.: Cisco. Lockhart, A. (2007). Network security hacks. Sebastopol, CA: O'Reilly. Long, J., Cantrell, C., Killion, D., Russell, K., & Tam, K. (2008). Google Hacking for Penetration Testers. Rockland, MA: Syngress Pub.. Mann, I. (2008). Hacking the human social engineering techniques and security countermeasures. Aldershot, England: Gower. McNab, C. (2012). Network security assessment. Sebastopol, CA: O'Reilly Media, Inc.. Philipp, A., Cowen, D., & Davis, C. (2010). Hacking exposed computer forensics (2nd Ed.). New York: McGraw-Hill/Osborne. Scambray, J., McClure, S., & Kurtz, G. (2012). Hacking exposed: network security secrets & Solutions (2nd Ed.). Berkeley, Calif.: Osborne/McGraw-Hill. Spivey, M. D. (2007). Practical hacking techniques and countermeasures. Boca Raton, FL: Auerbach Publications. Read More