same tools used by admin & hackers to learn about systems
Reconnaisance: type of system, its function, relationship to
others
public info: eg. DNS
disclosed info: scanning each system to determine HW, OS, services
SW fingerprinting: application & version
gathered info: shoulder surfing
dumpster diving: printouts, ribbons, media, manuals, notes. Need
appropriate displosal policy.
eavesdropping: wireless
Gaining access:
1. communicate with system: know when it's up, exploit
vulnerabilities
2. enter system as user
security perimeter defines where info can flow and still be considered
secure. Access points (where info can cross this boundary) need
defenses to keep info from going out unprotected and people &
processes from coming in unless authenticated & authorized.
monitoring also. Between intranet & Internet and many internal
levels.
Alternate entry points: from interconnected partners' networks.
Dial-up modems to outside and to inside: "rogue modems". Remote
control SW (pcAnywhere, BO2K). War dialers: automated search for
modems.
Gaining authorizations: impersonate a user or subverting privileges
SW.
session theft: already identified & authenticated:
unattended
automated (script)
hijacking
Exploiting known vulnerabilities in SW.
Covert SW: virus & trojan horse run with user's privileges
Achieve goals: fame & fortune
hackers for fame/recogniton/bragging/
Internet is now "where the money is"