same tools used by admin & hackers to learn about systems
Reconnaisance: type of system, its function, relationship to
public info: eg. DNS
disclosed info: scanning each system to determine HW, OS, services
SW fingerprinting: application & version
gathered info: shoulder surfing
dumpster diving: printouts, ribbons, media, manuals, notes. Need appropriate displosal policy.
1. communicate with system: know when it's up, exploit vulnerabilities
2. enter system as user
security perimeter defines where info can flow and still be considered secure. Access points (where info can cross this boundary) need defenses to keep info from going out unprotected and people & processes from coming in unless authenticated & authorized. monitoring also. Between intranet & Internet and many internal levels.
Alternate entry points: from interconnected partners' networks. Dial-up modems to outside and to inside: "rogue modems". Remote control SW (pcAnywhere, BO2K). War dialers: automated search for modems.
Gaining authorizations: impersonate a user or subverting privileges
session theft: already identified & authenticated: unattended
Exploiting known vulnerabilities in SW.
Covert SW: virus & trojan horse run with user's privileges
Achieve goals: fame & fortune
hackers for fame/recogniton/bragging/
Internet is now "where the money is"