Transcript Document

CS682- Network Management
and Security
Prof. Katz
The Hacker Mentality


The term was originally used to mean
someone who made software do that
which the programmer did not intend.
Over time it was adapted to classify
those who do the above for illegal
purposes
Different types of hackers




Network Hackers – Continuously pound
on networks looking for holes
Phreaks – Hardware hackers
Crackers – Code breakers
Most hackers believe they are “elite”
and will not get caught. Some are right,
most are wrong.
Evolution of a hacker


Hackers recently have been High School
or undergraduate students.
After learning all they can about the
target they begin trying to find a
solution to let them in
After a hacker gets in



The hacker will contact the system
administrator
The hacker will retrieve the desired data
The hacker will deface the machine
Common forms of entry




Easy passwords
Unpatched servers (known attacks)
Security recommendations unfollowed
Buffer overflows
Progression of a hack







The hacker will initially determine all available information
about the target network
The hacker will select a target which has the least amount
of protection, which will allow him to get the data he
wants.
The target will be compared against well known attacks
If source code is available for the target’s systems, the
hacker will examine the code for new ways in.
The hacker may attempt to gain access to the password
database.
The hacker will attempt brute force access to the system
The hacker may attempt to gain physical access to the
system.
What tools are available?


If the hacker has programming experience,
he can create his own tools
Commercially available tools are often free




nmap (www.insecure.org/nmap)
L0phtcrack
Tcpdump (network monitors)
Various assorted tools designed to scan for well
known attacks.
RFC-1918 / NAT
RFC-1918


Hosts not connected to the Internet do
not need unique addresses
Hosts connected through a proxy server
or Address Translation device do not
need unique addresses

NB: The proxy server or NAT device will
need at least 1 unique address!
Network Address Translation


IP Address theory provides
4,294,967,296 unique IP addresses.
Because of Subnetting we’ve used
almost the entire domain.
NAT allows us to use RFC1918 (fake,
illegal) addresses for our LAN and have
only a few addresses seen on the
Internet
Types of NAT



One-to-One: Does not eliminate the
number of used IP addresses, but
provides for greater security
One-to-Many: Wastes IP addresses,
only done when necessary for security
Many-to-One: One real address is used
by many fake addresses
Concepts of NAT




Only important if
Every machine needs an IP address
unique to its network
Networks need at least one unique
address
When data traverses a NAT device the
TCP and IP headers will be changed
and in some cases the data will be
changed too
How NAT works
Why is NAT secure



In Many-to-One NAT, connections are
never allowed from the outside to the
LAN unless they are expected (ie FTP)
Generally in One-To-One NAT open
ports must be indicated and
connections specifically allowed
Outside individuals have no concept of
the layout of the LAN
Problems with NAT




Non-OSI compliant protocols will not
work without special consideration
Protocols which make a connection
back to the original host will not work
Sometimes difficult to install/maintain
Sometimes costly
NAT Devices





All Cable Modem/DSL Routers
Checkpoint Firewall-1
Linux
CISCO IOS
Windows 2000
Linux NAT