Security matters as you want to stop people doing things you do not want them to do with your resources whilst trying not to make the system less usable to the real users.

If users think the security is in the way, they will take steps to bypass it. The ideal security is invisible to real users, but unavoidable to hackers.

Black Hats

Break systems maliciously

White Hats

Break systems without damaging things, and help admins become more secure

Grey Hats

Tend to break "some" systems maliciously, like pornography sites, or break things accidentally, like students doing coursework

All proactive measures, and all active hacking attempts incur an administrative cost.

• Proactive measures are hard to cost-justify
• Reactive measures are hard to tolerate

Very common and relies on human nature.

Examples are:

• Emails from your bank asking for username and password details
• Phone calls from an "administrator"
• Visits from offsite technicians

Examples are:

• A password cracker testing passwords from a dictionary to gain user access to a site
• A Denial of Service attack, with the sheer number of something causing performance degradation.

Distributed DoS

If a hacker has taken over a few thousand computers using a trogon or virus, they can build a bot farm, launching a hard-to-trace DoS attack which is much harder to block.

Exploiting deficiencies in system design, configuration or management.

Most involves 5 areas:

1. Inherent security defects
2. Misuse of legitimate tools
3. Improper maintenance
4. Ineffective security
5. Inadequate detection systems

Software is now so complex, it often ships with bugs and weaknesses which need to be patched.

Many useful tools in standard installs can be used to break

security if misused..

• ping - find victims
• traceroute - find network topologoes.
• dig - DNS information
• whois - background information on target.
• finger - who is logged in.
• rpcinfo - what rpc services are running
• showmount - what NFS mounts are exported
• telnet - play with any TCP protocol service.

An example of this could be firmware in a router not be updated, or critical updates to a system being missed.

Lack of priority may also be an issue.

Having no or a poor security policy.

Many sites rely on audit trails to detect problems. This does nothing to detect Trojans, backdoors, and viruses.

New tools being developed can be used to detect more subtle problems such as checksums of system files checked against remote records.

A dedicated hacker will have many targets on the go at once which will likely be in one of the following stages of being hacked:

1. Casing
2. Scanning
3. Enumeration

Gather information on a target (also called fingerprinting).

Useful information gathered include IP addresses, services running, routing tables, domain information, authentication scheme, user details, admin names, contact information, telephone numbers, connection type, etc.

Individual machines are identified by direct communication. Tools are used to tell you about the OS type, open ports, firewall configurations, and even version numbers.

Scanning also involves the routers and firewall devices, as these may be remotely configurable.

Getting some sort of "access" into a machine or network.

DNS cache poisoning is the act of entering false information into a DNS cache, so that DNS queries return an incorrect response and users are directed to the wrong websites. DNS cache poisoning is also known as 'DNS spoofing.'

Because there is typically no way for DNS resolvers to verify the data in their caches, incorrect DNS information remains in the cache until the time to live (TTL) expires, or until it is removed manually.

The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet. SSL/TLS provides communication security and privacy over the Internet for applications such as web, email, instant messaging (IM) and some virtual private networks (VPNs).

The Heartbleed bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. This compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users and the actual content. This allows attackers to eavesdrop on communications, steal data directly from the services and users and to impersonate services and users.