Analysis Assignment

profileyasernoory
NetworkSecurityAPracticalApproach.pdf

N e t w o r k S e c u r i t y : A P r a c t i c a l A p p r o a c h

front matter Page i Tuesday, March 8, 2005 1:58 PM

front matter Page ii Tuesday, March 8, 2005 1:58 PM

N e t w o r k S e c u r i t y :

A P r a c t i c a l A p p r o a c h

Jan L. Harrington

AMSTERDAM • BOSTON • HEIDELBERG • LONDON NEW YORK • OXFORD • PARIS • SAN DIEGO

SAN FRANCISCO • SINGAPORE • SYDNEY • TOKYO Morgan Kaufmann is an imprint of Elsevier

front matter Page iii Tuesday, March 8, 2005 1:58 PM

Publishing Director Diane Cerra Acquisitions Editor Rick Adams Publishing Services Manager Simon Crump Project Manager Sarah Hajduk Assistant Editor Mona Buehler Design, Composition, and Illustration Black Gryphon Ltd. Copyeditor Adrienne Rebello Proofreader Broccoli Information Management Cover Design Yvo Riezbos Design Cover Image Internet Security. Courtesy of Photodisc Green

and Getty Images Interior printer The Maple-Vail Book Manufacturing Group Cover printer Phoenix Color

Morgan Kaufmann Publishers is an imprint of Elsevier. 500 Sansome Street, Suite 400, San Francisco, CA 94111

This book is printed on acid-free paper.

© 2005 by Elsevier Inc. All rights reserved.

Designations used by companies to distinguish their products are often claimed as trademarks or registered trademarks. In all instances in which Morgan Kaufmann Publishers is aware of a claim, the product names appear in initial capital or all capital letters. Readers, however, should con- tact the appropriate companies for more complete information regarding trademarks and regis- tration.

No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by any means—electronic, mechanical, photocopying, scanning, or otherwise—without prior written permission of the publisher.

Permissions may be sought directly from Elsevier’s Science & Technology Rights Department in Oxford, UK: phone: (+44) 1865 843830, fax: (+44) 1865 853333, e-mail: permis- [email protected] You may also complete your request on-line via the Elsevier homepage (http://elsevier.com) by selecting “Customer Support” and then “Obtaining Permissions.”

Library of Congress Cataloging-in-Publication Data APPLICATION SUBMITTED

ISBN: 0-12-311633-3 For information on all Morgan Kaufmann publications, visit our Web site at www.mkp.com or www.books.elsevier.com

Printed in the United States of America 05 04 03 02 01 5 4 3 2 1

front matter Page iv Tuesday, March 8, 2005 1:58 PM

v

Preface xi

Chapter 1: In the Beginning … 1

1.0 Introduction 2 1.1 Defining Security 2 1.2 The Two Views of Network Security 3

1.2.1 Sources of External Threats 3 1.2.2 Sources of Internal Threats 7

1.3 The Organizational Security Process 10 1.3.1 Top Management Support 10 1.3.2 How Secure Can You Be? 12 1.3.3 The Importance of a Security Policy 12 1.3.4 Legal Issues 14 1.3.5 Security Personnel 18 1.3.6 Outsourcing Security 24

1.4 Preparing a Security Policy 25 1.5 Security Audits 31 1.6 Summary 33

Chapter 2: Basic Security Architecture 35

2.0 Introduction 36 2.1 Secure Network Layouts 36 2.2 Firewalls 39

2.2.1 Packet Filtering Firewalls 41

C o n t e n t s

SecurityTOC.fm Page v Tuesday, March 8, 2005 2:01 PM

vi Contents

2.2.2 Stateful Firewalls 42 2.2.3 Application Proxy Firewalls 43 2.2.4 Comparing Types of Firewalls 43

2.3 Hands On: Setting File and Directory Permissions 45 2.3.1 Windows 46 2.3.2 UNIX 47 2.3.3 Mac OS X 51

2.4 Summary 51

Chapter 3: Physical Security 55

3.0 Introduction 56 3.1 Dealing with Theft and Vandalism 56 3.2 Protecting the System Console 59 3.3 Managing System Failure 60

3.3.1 Backup Solutions 60 3.3.2 Power Protection 69

3.4 Hands On: Providing Physical Security 72 3.4.1 Physical Solutions 73 3.4.2 Disaster Recovery Drills 76

3.5 Summary 78

Chapter 4: Information Gathering 79

4.0 Introduction 80 4.1 Social Engineering 80

4.1.1 Electronic Social Engineering: Phishing 82 4.2 Using Published Information 84 4.3 Port Scanning 91 4.4 Network Mapping 94 4.5 Hands On 97

4.5.1 Limiting Published Information 98 4.5.2 Disabling Unnecessary Services and Closing Ports 98 4.5.3 Opening Ports on the Perimeter and Proxy Serving 103

4.6 Summary 106

Chapter 5: Gaining and Keeping Root Access 109

5.0 Introduction 110 5.1 Root Kits 110

5.1.1 Root Kit Threat Level 111 5.1.2 How Root Kits Work 113

5.2 Brute Force Entry Attacks and Intrusion Detection 114 5.2.1 Examining System Logs 115

SecurityTOC.fm Page vi Tuesday, March 8, 2005 2:01 PM

Contents vii

5.2.2 Intrusion Detection Software 120 5.2.3 Intrusion Prevention Software 122 5.2.4 Honeypots 123

5.3 Buffer Overflow Attacks 123 5.4 Hands On 125

5.4.1 Viewing and Configuring Windows Event Logs 126 5.4.2 Patches and Patch Management 127

5.5 Summary 130

Chapter 6: Spoofing 133

6.0 Introduction 134 6.1 TCP Spoofing 134 6.2 DNS Spoofing 138 6.3 IP (and E-Mail) Spoofing 142 6.4 Web Spoofing 145 6.5 Hands On 148

6.5.1 Detecting Spoofed E-mail 149 6.5.2 Detecting Spoofed Web Sites 153

6.6 Summary 156

Chapter 7: Denial of Service Attacks 161

7.0 Introduction 162 7.1 Single Source DoS Attacks 162

7.1.1 SYN Flood Attacks 162 7.1.2 Ping of Death 164 7.1.3 Smurf 164 7.1.4 UDP Flood Attacks 165

7.2 Distributed DoS Attacks 165 7.2.1 Tribe Flood Network 166 7.2.2 Trinoo 166 7.2.3 Stacheldraht 168

7.3 Hands On 168 7.3.1 Using an IDS to Detect a DoS Attack 169 7.3.2 Using System Logs to Detect a DoS Attack 170 7.3.3 Handling a DoS Attack in Progress 171 7.3.4 DoS Defense Strategies 176 7.3.5 Finding Files 177

7.4 Summary 178

Chapter 8: Malware 181

8.0 Introduction 182

SecurityTOC.fm Page vii Tuesday, March 8, 2005 2:01 PM

viii Contents

8.1 A Bit of Malware History 183 8.2 Types of Malware Based on Propagation Methods 183 8.3 Hands On 192

8.3.1 “Virus” Scanners 192 8.3.2 Dealing with Removable Media 199 8.3.3 Lockdown Schemes 201

8.4 Summary 202

Chapter 9: User and Password Security 205

9.0 Introduction 206 9.1 Password Policy 206 9.2 Strong Passwords 207 9.3 Password File Security 209

9.3.1 Windows 210 9.3.2 UNIX 213

9.4 Password Audits 214 9.4.1 UNIX: John the Ripper 214 9.4.2 Windows: L0phtCrack 215

9.5 Enhancing Password Security with Tokens 217 9.6 Hands On: Password Management Software 218

9.6.1 Centralized Password Management 218 9.6.2 Individual Password Management 219

9.7 Summary 223

Chapter 10: Remote Access 225

10.0 Introduction 226 10.1 Remote Access Vulnerabilities 226

10.1.1 Dial-In Access 226 10.1.2 Remote Control Software 228 10.1.3 Remote Access Commands 230

10.2 VPNs 234 10.3 Remote User Authentication 240

10.3.1 RADIUS 240 10.3.2 Kerberos 241 10.3.3 CHAP and MS-CHAP 242

10.4 Hands On: OS VPN Support 243 10.4.1 Windows VPN Support 243 10.4.2 Macintosh OS X VPN Support 252

10.5 Summary 258

SecurityTOC.fm Page viii Tuesday, March 8, 2005 2:01 PM

Contents ix

Chapter 11: Wireless Security 259

11.0 Introduction 260 11.1 Wireless Standards 261

11.1.1 802.11 Wireless Standards 261 11.1.2 Bluetooth 263 11.1.3 The Forthcoming 802.16 264

11.2 Wireless Network Vulnerabilities 265 11.2.1 Signal Bleed and Insertion Attacks 265 11.2.2 Signal Bleed and Interception Attacks 266 11.2.3 SSID Vulnerabilities 266 11.2.4 Denial of Service Attacks 267 11.2.5 Battery Exhaustion Attacks 267

11.3 Wireless Security Provisions 268 11.3.1 802.11x Security 268 11.3.2 Bluetooth Security 272

11.4 Hands On: Securing Your 802.11x Wireless Network 273 11.5 Summary 275

Chapter 12: Encryption 279

12.0 Introduction 280 12.1 To Encrypt or Not to Encrypt 280 12.2 Single Key Encryption Schemes 281

12.2.1 Substitution Cyphers 281 12.2.2 Single-Key Encryption Algorithms 284 12.2.3 Key Management Problems 288

12.3 Two-Key Encryption Schemes 288 12.3.1 The Mathematics of Public Key Encryption 289

12.4 Combining Single- and Two-Key Encryption 292 12.5 Ensuring Message Integrity 292

12.5.1 Message Digest Algorithms 294 12.5.2 Checksums 294

12.6 Message Authentication and Digital Certificates 297 12.6.1 Authenticating with PKE Alone 297 12.6.2 Authenticating with Digital Certificates 297

12.7 Composition and Purpose of PKI 299 12.8 Hands On 300

12.8.1 Third-Party Certificate Authorities 300 12.8.2 Encryption Software 301

12.9 Summary 316

SecurityTOC.fm Page ix Tuesday, March 8, 2005 2:01 PM

x Contents

Appendix A: The TCP/IP Protocol Stack 319

A.0 Introduction 320 A.1 The Operation of a Protocol Stack 320 A.2 The Application Layer 322 A.3 The Transport Layer 323

A.3.1 TCP 324 A.3.2 UDP 326

A.4 The Internet Layer 327 A.5 The Logical Link Control Layer 330 A.6 The MAC Layer 330 A.7 The Physical Layer 332

Appendix B: TCP and UDP Ports 335

B.0 Well-Known Ports 336 B.1 Registered Ports 340 B.2 Port List References 341

Appendix C: Security Update Sites 343

C.0 Professional Security Update Sites 344 C.1 Other Sites of Interest 344

Glossary 347

Index 359

Photo Credits 366

SecurityTOC.fm Page x Tuesday, March 8, 2005 2:01 PM

xi

Preface

There is a funny saying that surfaces every once in a while: “Just be- cause you’re paranoid doesn’t mean that they aren’t out to get you!” If this describes the way you think about the security of the computers in your care and you’re relatively new to computer security, then you’re holding the right book.

Let’s be honest: It seems like there are a million and two computer se- curity books on bookstore shelves and listed at places like ama- zon.com. Why should you spend your hard-earned dollars (or your employer’s hard-earned dollars, whichever the case may be) on this one? Well, maybe you should and maybe you shouldn’t. Seem like a strange thing for an author to say? Not really, because not all security books are alike and not every book contains what you might need.

If you’re looking for something that can double as a hacker’s manual, then you’ve come to the wrong place. However, if you have a back- ground in computer networking but are new to computer security and want a practical approach to how you can secure your network, then this book is for you. You will need a basic understanding of local area networks (LANs)(especially Ethernet), how LANs are connected to wide area networks, and how the Internet fits into an overall network architecture. You should be familiar with network interconnection hardware, such as routers and switches, and the types of transmission media that are used to create networks.

P r e f a c e

preface Page xi Tuesday, March 8, 2005 3:04 PM

xii Preface

This book is written in a casual style that’s easy to read and understand—there are even cartoons on the first page of every chapter—but it isn’t full of the fluff you might find in a magazine column. Instead of smart-aleck comments, you’ll find a wealth of information about planning for security, managing security, the ways in which sys- tem crackers gain access to your network, and strategies for securing your network resources against attack.

Most people want concrete security information they can use. There are two features of this book that bring that right to you. First, all the chap- ters (except Chapter 1) end with a Hands On section that gives you spe- cific techniques for implementing the concepts covered in the first part of the chapter. Second, you’ll find little gray boxes scattered throughout the book, most of which start with “Reality Check.” A reality check is a way of bringing the real world into focus, cutting through the platitudes and generalities that often appear in introductory security books.

H o w T h i s B o o k I s O r g a n i z e d

So much of what we do in computing requires trade-offs, where a choice of one option limits what we can do somewhere else. For example, if you want to design a computer, the choices you make about the CPU deter- mine the size of the system bus you can use and the amount of memory you can address. All those things are interconnected, and to do a good hardware design, you need to understand the impact of one decision on the other parts of the machine. Designing a secure network is the same: You need to understand the interaction of security measures and net- work usability. Choices you make for one can constrain the choices you have for the other.

So, where do you start? You can start at the bottom, working on securing each workstation on your network and then moving up to the servers and finally to your connection to the Internet. However, in most cases this results in a hodgepodge of security measures that aren’t effective, either in terms of providing an adequate security net for your network or in terms of cost. A top-down approach, where you plan security well, is almost always more effective.

Therefore, this book begins with a look at security policies and at audit- ing compliance to such policies. Chapter 1 also presents an overview of

preface Page xii Tuesday, March 8, 2005 3:04 PM

xiii

the major laws that may affect how you need to secure the data stored on organizational servers.

Chapter 2 covers basic network layout options for handling security. You’ll be introduced to firewalls and DMZs as well as methods of provid- ing basic security through operating system file and directory permis- sions.

Chapter 3 then turns to physical security, the process of protecting your hardware from unwanted access. You’ll read about securing networks against theft and vandalism, protecting server consoles, and handling backup.

Chapters 4 through 7 cover techniques external system crackers use to gain unauthorized access to network resources, including information gathering (including social engineering attacks where system crackers pretend to be someone they aren’t), network attacks that can give them root access to servers or workstations, spoofing (where system crack- ers forge messages to make them appear to come from a trusted source), and denial of service attacks (through which system crackers prevent legitimate users from accessing network resources). Each chap- ter describes typical attacks and includes methods for safeguarding your network against such attacks.

Chapter 8 looks at malware, those nasty viruses, worms, and other junk that seem to appear out of nowhere. The constantly escalating war be- tween virus detection software developers and the malware writers gives none of us any rest.

In Chapter 9, you’ll find information about password security. As much as we would like to think that we have better user identification tech- niques, the combination of a user name and password is still the major way of identifying a user to a network. And once someone supplies a matching user name and password, the network gives the person access to all network resources associated with that user name.

Chapter 10 deals with remote users and covers additional ways of au- thenticating users beyond a simple user name and password. You’ll also find discussions of VPNs (Virtual Private Networks) in Chapter 10.

Wireless networks are becoming more and more popular, especially as the speed of wireless transmissions increases. Unfortunately, wireless

preface Page xiii Tuesday, March 8, 2005 3:04 PM

xiv Preface

networks are also notoriously insecure. Chapter 11 therefore looks at the current state of wireless security and also discusses some forthcom- ing wireless security technologies.

Chapter 12 covers one of my favorite topics: encryption. Encryption makes it extremely difficult for anyone without the proper decryption key to understand the content of a message. And as computing power increases, so does the sophistication of the types of encryption we use. Along with encryption techniques, Chapter 12 also provides an over- view of digital signatures and digital certificates that can certify mes- sage integrity and message authenticity.

T h e S o f t w a r e

There is a

lot

of security hardware and software out there, and it’s al- ways hard to decide what to cover in a book of this type. Wherever pos- sible, I’ve tried to cover open source software solutions. Much of the open source software is very robust and very widely used. However, there are also some widely used commercial products about which you should be aware. A mention in this book isn’t necessarily an endorse- ment of a particular commercial product, but it is an acknowledgement that the product is widely used.

T h e P l a t f o r m s

I admit it—I’m a Macintosh fanatic, and have been since March of 1984. But that doesn’t mean that I’m blind to what’s really out there. This book therefore looks at the two major operating system environments: Win- dows and UNIX. (And, yes, Mac OS X is in there, too. It’s UNIX, for heav- ens sake!) Let’s be honest. If you don’t want Windows, you can have UNIX, and if you don’t want UNIX, you can have Windows…. There are other operating systems (for example, BeOS), but none except Windows and UNIX have wide enough distribution to be the target of system crackers.

preface Page xiv Tuesday, March 8, 2005 3:04 PM

xv

A c k n o w l e d g m e n t s

I’d like to thank the following people who made this book possible:

Rick Adams and Mona Buehler, the editorial team at Morgan Kaufmann

Sarah Hajduk, the production manager

Adrienne Rebello, my favorite copy editor in the whole wide world

James Jepson, who provided the Mac OS X Server screen shots

The knowledgeable reviewers:

• Brian D. Jaffe

• Richard Newman

• Rodney Pieper

• John Rittinghouse

Thanks, everyone!

JLH

Reality Check

: If you’re using something other than Windows or UNIX, then you don’t have a lot to worry about in terms of most software attacks on your network. Howev- er, you should still be concerned about social engineering attacks, physical attacks, denial of service attacks, and spoofing. Having a less widely used operating system doesn’t get you off the hook where security is concerned!

®

preface Page xv Tuesday, March 8, 2005 3:04 PM

preface Page xvi Tuesday, March 8, 2005 3:04 PM

1

C h a p t e r 1 I n t h e B e g i n n i n g …

I n T h i s C h a p t e r

The internal and external views of network security

Sources of external threats

Sources of internal threats

General defensive techniques

Security policies

Security audits and vulnerability testing

Ongoing security activities

C h a p t e r 1 : I n t h e B e g i n n i n g …

C01 Page 1 Tuesday, March 8, 2005 3:04 PM

2 Chapter 1: In the Beginning …

1 . 0 � I n t r o d u c t i o n

If you were to talk with someone whose job it is to implement network security, you would hear a lot about buffer overflows, vendor patches, denial of service attacks, and so on. But network security is much broader than the details of attacks and defenses against them. A good network security scheme begins at the top of an organization, with ex- tensive planning to determine where the organization should be concen- trating its security efforts and money.

In this chapter, you will be introduced to many of the basic concepts be- hind a security strategy, including the general sources of security threats (to give you a framework for formulating a security policy) and the role of organizational security policies. The chapter concludes by looking at the concepts behind a security audit to check compliance with security policies as well as the actual security of the network.

1 . 1 � D e f i n i n g S e c u r i t y

Network security

is a very broad term. In its fullest sense, it means pro- tecting data that are stored on or that travel over a network against both accidental and intentional unauthorized disclosure or modification. The most often overlooked part of this definition is that it includes acciden- tal occurrences, such as an inadequately debugged application program that damages data.

Another way to look at security is to consider the difference between se- curity and privacy.

Privacy

is the need to restrict access to data, whether it be trade secrets or personal information that by law must be kept pri- vate. Security is what you do to ensure privacy.

Many people view network security as having three goals:

Confidentiality: Ensuring that data that must be kept private, stay private.

Integrity: Ensuring that data are accurate. For a security pro- fessional, this means that data must be protected from unau- thorized modification and/or destruction.

C01 Page 2 Tuesday, March 8, 2005 3:04 PM

1.2 The Two Views of Network Security 3

Availability: Ensuring that data are accessible whenever needed by the organization. This implies protecting the net- work from anything that would make it unavailable, including such events as power outages.

1 . 2 � T h e T w o V i e w s o f N e t w o r k S e c u r i t y

The popular media would have you believe that the cause of most net- work security problems is the “hacker.” However, if you ask people actu- ally working in the field, they will tell you that nearly half the security breaches they encounter come from sources internal to an organization, and, in particular, employees. This means that it won’t be sufficient to secure a network against external intrusion attempts; you must pay as much attention to what is occurring within your organization as you do to external threats.

1 . 2 . 1 � S o u r c e s o f E x t e r n a l T h r e a t s

The Internet has been both a blessing and a curse to those who rely on computer networks to keep an organization in business. The global net- work has made it possible for potential customers, customers, and em- ployees to reach an organization through its Web site. But with this new access have come the enormous problems caused by individuals and groups attempting illegal entry into computer networks and the computer systems they support.

H a c k e r s a n d C r a c k e r s

External threats are initiated by people known in the hacking community as

crackers

. Initially, the term

hacker

referred to someone who could write an ingenious bit of software. In fact, the phrase “a good hack” meant a par- ticularly clever piece of programming. Outside of the hacking community, however, anyone who attempts illegal access to a computer network is called a hacker.

Hacking often involves becoming intimate with the details of existing software to give the hacker the knowledge necessary to attempt an un- authorized system break-in. Nonetheless, those who adhere to the

C01 Page 3 Tuesday, March 8, 2005 3:04 PM

4 Chapter 1: In the Beginning …

original definition of the term hacker wanted to differentiate themselves from those who perform illegal activities, thus the term cracker.

There are many ways to classify those who break into computer sys- tems, depending on which source you are reading. However, most lists of the types of hackers include the following (although they may be given different names).

W h i t e H a t H a c k e r s .

This group considers itself to be the “good guys.” Although white hat hackers may crack a system, they do not do it for personal gain. When they find a vulnerability in a network, they re- port it to the network owner, hardware vendor, or software vendor, whichever is appropriate. They do not release information about the system vulnerability to the public until the vendor has had a chance to develop and release a fix for the problem. White hat hackers might also be hired by an organization to test a network’s defenses.

White hat hackers are extremely knowledgeable about networking, pro- gramming, and existing vulnerabilities that have been found and fixed. They typically write their own cracking tools.

S c r i p t K i d d i e s .

The script kiddies are hacker “wannabes.” They have little, if any, programming skill and therefore must rely on tools written by others. Psychological profiles of script kiddies indicate that they are generally male, young (under 30), and not socially well-adjust- ed. They are looked down upon by most other hackers.

Script kiddies do not target specific networks, but, instead, scan for any system that is vulnerable to attack. They might try to deface a Web site, delete files from a target system, flood network bandwidth with unau- thorized packets, or in some other way commit what amounts to cyber vandalism. Script kiddies typically don’t want to keep their exploits se- cret. In fact, many of those that are caught are trapped because they have been bragging about what they have done.

C y b e r t e r r o r i s t s .

The cyberterrorists are hackers who are moti- vated by a political, religious, or philosophical agenda. They may prop- agate their beliefs by defacing Web sites that support opposing positions. Given the current global political climate, there is also some fear that cyberterrorists may attempt to disable networks that handle

C01 Page 4 Tuesday, March 8, 2005 3:04 PM

1.2 The Two Views of Network Security 5

significant elements of a country’s infrastructure, such as nuclear plants and water treatment facilities.

B l a c k H a t H a c k e r s .

Black hat hackers are motivated by greed or a desire to cause harm. They target specific systems, write their own tools, and generally attempt to get in and out of a target system without being detected. Because they are very knowledgeable and their activi- ties often undetectable, black hat hackers are among the most danger- ous.

T y p e s o f A t t a c k s

When a hacker targets your network, what might you expect? There are a number of broad categories of attacks.

D e n i a l o f s e r v i c e .

A denial of service attack (DoS) attempts to prevent legitimate users from gaining access to network resurces. It can take the form of flooding a network or server with traffic so that legiti- mate messages can’t get through or it can bring down a server. If you are monitoring traffic on your network, a DoS attack is fairly easy to detect. Unfortunately, it can be difficult to defend against and stop without dis- connecting your network from the Internet.

B u f f e r o v e r f l o w s .

A buffer overflow attack takes advantage of a programming error in an application or system program. The hacker can insert his or her own code into a program and, from there, take control of a target system. Because they are the result of a programming error, buffer overflow conditions are almost impossible for a network engineer to detect. They are usually detected by hackers or the software vendor. The most common defense is a patch provided by that vendor.

M a l w a r e .

The term

malware

includes all types of malicious soft- ware, such as viruses, worms, and Trojan horses. The goal of a hacker in placing such software on a computer may be simple maliciousness or to provide access to the computer at a later date. Although there is a con- stantly escalating battle between those who write malware and those who write malware detection software, a good virus checker goes a long way to keeping network devices free from infection.

C01 Page 5 Tuesday, March 8, 2005 3:04 PM

6 Chapter 1: In the Beginning …

S o c i a l e n g i n e e r i n g .

A social engineering attack is an attempt to get system access information from employees using role-playing and misdirection. It is usually the prelude to an attempt to gain unauthorized access to the network. This isn’t a technical attack at all, and therefore can’t be stopped by technical means. It requires employee education to teach employees to recognize this type of attack and how to guard against it.

B r u t e f o r c e .

One way to gain access to a system is to run brute force login attempts. Assuming that a hacker knows one or more system login names, he can attempt to guess the passwords. By keeping and monitoring logs of who is attempting to log into a system, a network ad- ministrator can usually detect brute force break-in attacks.

Note: There is no gender discrimination intended with the use of the pronoun “he” when referring to hackers. The fact is that most hackers are male.

You will learn a great deal more about all these types of attacks (and others)—including how they work, how to detect them, and how to de- fend against them—throughout this book.

T h e S t e p s i n C r a c k i n g a N e t w o r k

Script kiddies don’t have much of a plan when it comes to cracking a net- work. They simply find some cracking software on the Internet and let it run against a range of IP addresses. However, other types of hackers are much more methodical in what they do. Cracking a network usually in- volves the following process:

1. Information …