Chapter 19 Intrusion Process

1. reconnoitering
2. gain access
3. gain authorization
4. achieve goal

same tools used by admin & hackers to learn about systems

Reconnaisance: type of system, its function, relationship to others
public info: eg. DNS
disclosed info: scanning each system to determine HW, OS, services
SW fingerprinting: application & version
gathered info: shoulder surfing
dumpster diving: printouts, ribbons, media, manuals, notes. Need appropriate displosal policy.
eavesdropping: wireless

Gaining access:
1. communicate with system: know when it's up, exploit vulnerabilities
2. enter system as user
security perimeter defines where info can flow and still be considered secure. Access points (where info can cross this boundary) need defenses to keep info from going out unprotected and people & processes from coming in unless authenticated & authorized. monitoring also. Between intranet & Internet and many internal levels.
Alternate entry points: from interconnected partners' networks. Dial-up modems to outside and to inside: "rogue modems". Remote control SW (pcAnywhere, BO2K). War dialers: automated search for modems.

Gaining authorizations: impersonate a user or subverting privileges SW.
session theft: already identified & authenticated: unattended
automated (script)
Exploiting known vulnerabilities in SW.
Covert SW: virus & trojan horse run with user's privileges

Achieve goals: fame & fortune
hackers for fame/recogniton/bragging/
Internet is now "where the money is"