Network encryption ensures that data sent across a network from one host to another is unreadable to a third party. If a sniffer intercepts the data, it finds the data unusable because the data is encrypted.Therefore, a hacker cannot view any usernames or passwords, and any information sent across the network is safe.The requirement is that all communicating systems must support the same network encryption technique, such as Secure Shell (SSH).
Network encryption is used for any data transfer that requires confidentiality. Since the Internet is a public network, network encryption is essential. E-commerce transactions must ensure confidentiality to protect credit card and personal information. Personal banking Web sites and investment companies often require extremely sensitive information to be sent, such as bank account numbers and tax identification numbers. If these usernames, passwords, and personal information fell into the wrong hands, the information could be used for a front-door attack, since the hacker could pose as a legitimate user. Rlogin, remote shell (rsh), and Telnet are three notoriously unsafe protocols. They do not use encryption for remote logins or any type of data transmission. For example, if you are an administrator and you want to log in to a system via Telnet, your username and login are sent in clear text. Rsh and rlogin send all data between two hosts in clear text as well (but a password is not required).If a packet sniffer captured the packets destined for the administrators system,it would eventually capture the packets containing the username and password, and the attacker could then enter the system as a legitimate user.
Capturing and Analyzing Unencrypted Network Traffic
To view an unencrypted login session, you must capture packets during a login session. In the following steps, you will Telnet into a host and capture the unsecured session with the open source packet sniffer Ethereal. Note that in order for the following example to work properly, you must have two systems: the Telnet client and the Telnet remote host. All Linux installations include Telnet, so no additional program is required for this example.
1. Verify that Ethereal is installed on your system by entering: rpm qa | grep ethereal 2. If you do not receive a reply, you need to download and install Ethereal. Ethereal (ethereal-0.8.9-4.i386.rpm). 3. Once you have verified that Ethereal is installed, you are ready to capture packets. 4. To add filters to Ethereal without using host names, open a command interface and enter: ethereal -n 5. Select the Edit menu and choose Filters.The Ethereal: Filters screen appears. Since no filters have been configured, the configuration screen is blank. 6. To create a filter that allows only traffic between your host and another host, you must add a filter name and a filter string. For example, to create a filter between your host and a host at 24.130.10.35, enter the filter name and filter string. Please note that your IP addresses will not be the same.You need to select your systems IP address and the IP address of the system you wish to log in to via Telnet. 7. After the two fields are complete, you must click Save, and then click New. Click OK to exit the Filter screen. 8. To start a packet capture, simply select the Capture menu and choose Start.The Capture Preference screen appears. Click Filter and choose the Telnet Login filter that you created. Click OK twice and the capture starts. 9. To generate the Telnet login packets,Telnet into the Telnet host. For example, if you wanted to Telnet to a host at 24.130.10.35, you would enter: telnet 24.130.10.35 10. Enter a username and password to log in to the system. If you do not have a username and password on the Telnet host, create a user telnet with the password telnet on the Telnet host by entering: useradd telnet Create a password for user telnet by entering: passwd telnet Changing password for user telnet New UNIX password: Retype new UNIX password: passwd: all authentication tokens updated successfully 11. After you log in as user telnet on the Telnet host, exit the Telnet session. 12. Stop the Ethereal packet capture by clicking Stop. 13. The packet capture appears in Ethereal. Locate the Telnet data packet that includes the data: password field.Your screen will resemble,which highlights the first password packet. 14. Scroll to the second password packet.The password field contains the first character of the telnet password. In this case, the character is the letter t, 15. Telnet sends each password character as a separate packet. If you continue to scroll down the packet capture and view each Telnet data packet, you will discover the password. 16. An easier way to discover the Telnet password is to follow the TCP stream.To do this, simply select any packet involved in this Telnet connection. It can be a TCP or Telnet packet, as long as it is part of the Telnet session. 17. Once a corresponding packet is selected, select the Tools menu and select Follow TCP Stream. The contents of the TCP stream appear. 18. The username and password are displayed in clear text. Please note the echo in the login name. By default, the system distinguishes client keystrokes with brown, and system text as blue.You can see the brown and blue text if you are reading the electronic file on this books accompanying CD; even if you cant see the brown client text on this printed page, you can see that the packet sniffer has discovered the username and password. 19. Save the packet capture as unsectel, and quit Ethereal. As you can see, it is possible to intercept a login session and discover a username and password. In this case, a hacker could now log in to the Telnet host with the same privileges as user telnet. Telnet is a legitimate user, even though the impersonator is not.The Telnet host is now the victim of a front-door attack.If network encryption is implemented on the network, the login session will be encrypted. All of the information passed between the two hosts is rendered useless because no application data (such as a Telnet packet) is displayed because it is encrypted, If the hacker attempts to view the TCP stream to discover the username and password, it will also render useless information,
Note
Hackers do not capture all Internet traffic in hopes that they will find sensitive information. There is simply too much traffic on the Internet, so this technique would be similar to finding the proverbial needle in a haystack. Instead, they either focus their packet sniffing on one server or client interface, or try to hack into a server that contains the sensitive information they seek. For example, they may attempt to hack into a banks database server that contains client credit card numbers and personal information. In the steps described in this section, a packet filter was created on the sniffer to focus on the Telnet host.
If hackers were alerted to an unsecure server, they could capture packets going in and out of the server to gain the data they sought. For example, if an e-commerce server does not use any type of network encryption for transactions, there is a great deal of data to be gained by a hacker. Unfortunately, many small companies or entrepreneurs set up their own Web servers, unaware of potential security problems, and set up simple scripts to process payment forms. Although the transaction takes place, it takes place in an unsecured manner. Every packet may contain valuable information that is very easy to observe over the wire. Secure Sockets Layer (SSL) is ideal for implementing secure e-commerce transactions. If a hacker intercepts a credit card number, the number may be used or sold. When the Web site customer backtracks to determine where his or her number was stolen, he or she may realize that it occurred shortly after an Internet transaction. This will tarnish the Web sites reputation, since you have lost at least one customer, and eventually put the site out of business. This is particularly troublesome if the Web server is under surveillance by a hacker. Add as favourites (51)
Be first to comment this article
Write Comment
Please keep the topic of messages relevant to the subject of the article.
Personal verbal attacks will be deleted.
Please don't use comments to plug your web site. Such material will be removed.
Just ensure to *Refresh* your browser for a new security code to be displayed prior to clicking on the 'Send' button.
Keep in mind that the above process only applies if you simply entered the wrong security code.
Be first to comment this article
