Manualshelf

User's Manual

ManualsBrandsSolaris ManualsSoftwareCX-310-301
11121314151617181920
Solaris 9 Security CX-310-301 18
¾ Employees – Probably the worst form of attacker is one from within. Normally an employee with
a grudge against the company – no pay rise, no prospects, recently missed out on a promotion for
example. The internal employee knows the business and can potentially cause untold damage. The
majority of attacks still come from within.
¾ Criminals – Individuals are not normally very experienced and are looking for ways to make
“easy money”. Organized gangs are completely different and will use extortion methods as well as
industrial espionage. A good example is the blackmailing of online bookmakers where they are
threatened with Denial of Service attacks during premium sporting events unless money is paid.
¾ Terrorists – Often highly organized, but not concerned with covering their tracks (like a hacker).
Attacks are carried out to further their cause and can be ruthless. Terrorists normally attack a
specific target unlike others who will be looking for any decent opportunity. Frequently terrorists
will undertake attacks on websites to gain publicity – defacing home pages is a popular method
used to spread propaganda messages.
¾ Natural Causes – A frequently overlooked type of attack because it is not deliberate in its nature.
The accidental deletion of important files is a good example where good security would prevent a
user from being able to carry out the operation. Also in this aspect, consider such things as
earthquake, flood and fire.
Information Gathering
An important point about information gathering is that you have to view your systems from the perspective
of the attacker in order to understand how best to protect the assets you are responsible for. This section
looks at the type of information an attacker is looking for and how specific information can be elicited from
systems and people. Also this section discusses ways in which to combat these techniques.
Footprinting and fingerprinting are two major techniques used by an attacker in the information gathering
phase of planning an attack. By utilizing these techniques on your own system, you can pre-empt the
majority of ways in which an attacker might gain useful information and close them, if possible.
¾ Footprinting – Researching the target, probing websites, looking for information on the company
using online search engines, newsgroups etc. A lot of information is often available about
companies through these avenues. Also finding out domain name information, details about IP
addresses (or blocks of IP addresses), telephone numbers – perhaps the company has reserved a
block of telephone numbers, email addresses which could prove useful for virus proliferation, and
where the offices are located. The location information could prove extremely useful because this
opens up the opportunity to pose as an employee from another site in order to gain restricted or
confidential information.
¾ Fingerprinting – This is the next phase of information gathering where you would run port
scanners and network probes against the company network, looking for potential vulnerabilities
that could be exploited in order to gain access. Details about the operating systems, services,
whether there is a firewall installed, whether the systems are reachable across the Internet are all
examples of valuable information that can be gathered. Having gained operating system