|
the actual meaning of the words will always be debated, but here is how I am using them. A Cracker is someone who breaks systems, often without the need for a great deal of knowledge of the systems they are breaking into maybe using a few tools they downloaded. A hacker will not just be interested in the security of a system but also in learning about the system. In this respect a hacker has more in common with a phreaks and radio hams. To learn about cracking read alt.ph.uk and sit on various IRC channels. Learning about hacking involves reading the manual and everything else you can get your hands on, and have a desire to understand (rather than break) the computer you are hacking. You'll certainly gain far more from hacking systems and code than you ever will from cracking systems.
What programming languages should I learn?
It's always good practice to be continually learning new programming languages. Once you feel comfortable with one you should start to take up another. Apart from the obvious benefit of learning new languages and techniques, the ability to learn a new language quickly is a useful skill and after a bit of practice should be able to pick up the fundamentals of a new language in only a few days. Back to the question. C is the language any aspiring hacker has to learn being that it is probably the most flexible, widely used and widely ported language in use today. Familiarity with the syntax of C is helpful when learning many other similar languages and knowledge of will allow you to understand the source code of a large number of similar langauges. Good knowledge of Perl is useful. Perl is a scripting language and is widely used in hacker communities as a tool for system administration. Many utilities, exploits and CGI scripts are written in Perl. Java a modern, simple and machine independent object orientated language and is recommended over C++ at least as an introduction to Object Orientated Programming (OOP). Programming in Java can be easier than in many other languages but still remains very powerful. I should state at this point that there is little connection between Java and Javascript except that the first four letters of each is ``Java''.
General Info about Unix Security
Unix is a fully multi-tasking multi-user operating system written largely in C. It is usual for a Unix or Unix-like system to be the operating system of choice for a hacker and usually takes the form of GNU/Linux. The Unix philosophy involves the used of combinations of small utility programs to perform more complex tasks. The hacker benefits from well documented and understood software written by people with a similar mind set. With some versions of Unix the hacker benefits from the availability of source code for the operating system. Most systems from DEC AXPs to 386 PCs have some version of Unix available. It is a common misconception that a Unix-like system is inherently more secure than other operating systems such as Windows. In fact the Windows is more advanced with security being designed in to the system rather than added on as an afterthought. However Unix has open standard and clear documentation that allows system administrators to better understand the security of the system, whereas a Windows system often has configuration options hidden away in the registry.
Passwords
On some systems /etc/passwd contains and encrypted copy of your password. Cracking programs (Alex Muffits 'crack' for UNIX, and CrackerJack for OS/2 and DOS are just two) try to *guess passwords by encrypting each word in a dictionary and comparing each encrypted word against each entry into /etc/passwd. However on most modern systems passwords are stored in a shadowed password file, readable only by root. You should always be careful on your system to choose strong passwords and preferably set up your system to enforce this. Strong passwords should consist of a random combination of characters (lower case, upper case and numerical etc) of as long a length as you can remember. Change your password often and don't reuse it. Avoid sending your password in plain-text whenever possible.
Privilege Elevation
Most attacker will try to elevate their privileges by exploiting software installed on the system, tricking the software into performing actions that they would not normally allow. These actions are performed with the privileges which the software has on the system. When software is installed SUID root, any such compromise of the software may allow the attacker to run commands as root. There's no need to be logged into the system as the root user. Logging in as root is bad practice and is a step on the path to misery. Don't do it unless you really have to. Use commands such as su and sudo when you need root privileges. With multiple administrators having access to root, the log entries generated by su and sudo will be very useful.
Which is the most secure UNIX?
In my opinion he most secure UNIX is OpenBSD. The code has been audited several times and the operating system comes by default secured and with strong encryption support built in. I've been impressed by the OpenBSD's team's active effort to secure their system. Saying that most UNIX systems can be fairly secure if effort is put into configuring the system correctly.
Network Hacking
Most 802.11 wireless networks come with all forms of standard security disabled by default. As you can probably guess, this is a bad idea. As a result of this decision by the major vendors, many private networks are accessible to the public through 802.11 access points. This has resulted in a number of people attempting to spot as many insecure access points as possible, either for it's own sake, to look around otherwise closed networks, or in order to use a high bandwidth Internet connection. See Wardriving, and Warchalking for more detailed technical information. Another weakness is that the standard method of protecting an 802.11 network is to use a protocol called WEP (Wired Equivalent Privacy). Predictability in the pseudo-random key stream, and knowledge of the structure of TCP/IP packets opens up the protocol to known plain text attacks and the key for a WEP encrypted link can typically be detected in a few hours or less. As a result you should assume that 802.11 networks are insecure even if they are using WEP. Traffic over a wireless network should be sent through an encrypted in some form, such as a through VPN, using IPSEC or tunneled through SSH. Wireless sections of a network should be partitioned from the rest of a network using a firewall that only allows authenticated users through. |
Firewalls
A firewall controls access between two or more systems by permitting or denying access according to some set of rules. Firewalls can range from simple home user solutions such as to the more complex ipchains in Linux. Firewall appliances are also available, usually taking the form of a customized operating system running on dedicated hardware. No firewall is perfect however, and ``Hacking Exposed'' (see references at end of FAQ) has a section which details some of the weaknesses in some of them. At the end of the day the firewall is only a firewall and not a complete security solution. Many let the presence of a firewall lull them into a false sense of security. Simple analysis termed firewalking can derive information about rule-sets. An Internet firewall FAQ is also available.
Intrusion Detection Systems
An intrusion system (IDS) monitors another system to detect intrusion attempts. For more information, read the IDS FAQ. Early generations of IDS were simple devises but far more sophisticated IDS are becoming available from major vendors OS
Fingerprinting
Almost every OS implements TCP/IP in a unique way, the standard being very much open to interpretation. From the unique behavior it can sometimes be deduced which OS the system is running either by actively requesting packets from the system, or by monitoring sniffed packets coming from a system. nMap includes a TCP/IP fingerprinting system, and Fyodor has written an interesting paper on OS detection.
Spoofing/packet sequence prediction
Learn low level TCP/IP. With IP you can pretend to be any computer you want to be, i.e. you don't *have* to put your own IP address as the 'source address' in the datagrams (or packets) which you send out. Any reply to your faked packets will normally go to the real machine, which makes it difficult to use TCP since TCP involves a two way flow of IP datagrams both to and from your machine. However you can to some extent get round this by guessing some of the contents (ie. the sequence numbers) of the lost datagrams which were sent to the real machine.
Sockets
``The Berkeley Unix mechanism for creating a virtual connection between processes. Sockets interface Unix's standard I/O with its network communication facilities. They can be of two types, stream (bi-directional) or datagram (fixed length destination-addressed messages). The socket library function socket() creates a communications end-point or socket and returns a file descriptor with which to access that socket. The socket has associated with it a socket address, consisting of a port number and the local host's network address.'' - from FOLDOC.
Viruses
A program which searches out other programs and "infects" them by embedding a copy of itself in them, so that they become Trojan horses. When these programs are executed, the embedded virus is executed too, thus propagating the "infection". This normally happens invisibly to the user. Unlike a worm, a virus cannot infect other computers without assistance. It is propagated by vectors such as humans trading programs with their friends or more likely these days by e-mail and the Internet. The virus may do nothing but propagate itself and then allow the program to run normally. Usually, however, after propagating silently for a while, it starts doing things like writing "cute" messages on the terminal or playing strange tricks with the display (some viruses include display hacks). Many nasty viruses, written by particularly antisocial programmers, do irreversible damage, like deleting all the user's files. A worm is a program which propagates itself over a network, reproducing itself as it goes. A Trojan horse is malicious, security-breaking program which is disguised as something benign, such as a directory lister, archiver, game, or (in one notorious 1990 case on the Mac) a program to find and destroy viruses, or the AIDS information virus.
Forensics
Typically forensic investigation is concerned with the recovery of data from a system. With most file systems when a file is deleted from a disk, the actual data is not removed but the sectors on the disk in which the data was stored as marked as no longer being used. This saves on the time your computer spends writing to disk, and it really would be wasteful for the operating system to remove each file more securely. These deleted files can then be easily recovered by inspecting the file system closely, as long as those sectors you are interested in, have not been overwritten. Note that even when the data is overwritten it still may be possible, due to the nature of the magnetic fields stored on the disk, to recover long deleted data. You can download many utilities to wipe unused sectors on your disk and also to securely delete files in the first place. One such utility comes with PGP. However it is never possible to completely wipe the data on a disk but it is possible to wipe the data in a way which it is inviable to recover the data. You could of course physically damage the disk into a state from which it can no longer be read for example by melting it or breaking into small pieces, but that would not be hacking would it! If you wish you know more I suggest one of the privacy or encryption newsgroups, or perhaps reading the paper "Secure Deletion of Data from Magnetic and Solid-state Memory" by Peter Gutmann. Note that if you have PGP installed, PGP has an option for secure deletion by overwriting the data several times.
Encryption
From the sci.crypt FAQ "A cryptosystem or cipher system is a method of disguising messages so that only certain people can see through the disguise. Cryptography is the art of creating and using cryptosystems. Cryptoanalysis is the art of breaking cryptosystems--seeing through the disguise even when you're not supposed to be able to. Cryptology is the study of both cryptography and Cryptoanalysis." A cryptosystem can be used with messages, protocols and services to provide secure communications. One of the most commonly used systems is PGP. PGP in itself is too large a subject to summarise here, you should look at the PGP FAQ instead. GnuPG is a complete and free replacement for PGP. Because it does not use the patented IDEA algorithm, it can be used without any restrictions. GnuPG is a RFC2440 (Open PGP) compliant application. Steganography is the art and science of communicating in a way which hides the existence of the communication. In contrast to cryptography, where the "enemy" is allowed to detect, intercept and modify messages without being able to violate certain security premises guaranteed by a cryptosystem, the goal of steganography is to hide messages inside other "harmless" messages in a way which does not allow any "enemy" to even detect that there is a second secret message present.
Will I be anonymous if I used a free ISP account?
Most free ISPs log the caller-ID information so they will know where you are calling from. Note that 99.999% of ISPs will still know your number even if you dial 141 before the ISP's number. Nowadays, with the advent of 0800 dial-ups and free connectivity, a sizable proportion of the free industry are blocking any authentication for users who withhold their caller ID. You will also find that many service providers also log accounting details from their authentication servers - data includes not just the CLID, but also bytes transferred, login times, etc.
Anonymous Web Browsing
When you visit most web sites, the originating IP address (among other things) are logged. Many web sites are available through which you may browse other pages, since the web site only sees this site connecting to it, you are given a greater degree of anonymity. Of course it's not perfect and some information about yourself may leak though. This is one example of a proxy server.
Anonymous proxy servers
here are a number of anonymous proxy servers that you can connect to the web through rather than via. a web site. Instead of listing them here you may wish to do a search of Google which will reveal many sites on the subject including free and commercial proxies.
How can I telnet anonymously?
You can't, that is the truth. However you may hide your trail by telneting through multiple accounts and systems and thus building up a ``chain'' to the system which you intend to connect. The more systems you go through the harder it is for you to be traced, but never impossible. Don't forget you should be using SSH instead of telnet.
RESOURCES:
Mailing Lists http://www.greatcircle.com/lists/firewalls/ - GCA Firewalls List
http://www.securityfocus.com/ - Bugtraq . WWW Linux Exposed (Your looking at it J )
Google Google's Security Section.
Microsoft Security
Packetstorm Packet Storm is the largest and most up to date library of information security information in the world" apparently, and they're modest too.
Phrack Security Focus SecurityFocus.com is the leading provider of security information services for business. Home of Bugtraq.
Security Portal Security Watch
 Add as favourites (50)
|
- Please keep the topic of messages relevant to the subject of the article.
- Personal verbal attacks will be deleted.
- Please don't use comments to plug your web site. Such material will be removed.
- Just ensure to *Refresh* your browser for a new security code to be displayed prior to clicking on the 'Send' button.
- Keep in mind that the above process only applies if you simply entered the wrong security code.
|
|
Be first to comment this article
