Ten Ways HackersBreach Security1-800-COURSESwww.globalknowledge.comExpert Reference Series of White PapersIntroductionHacking, cracking, and cyber crimes are hot topics these days and will continue to be for the foreseeable future.However, there are steps you can take to reduce your organization's threat level. The first step is to understandwhat risks, threats, and vulnerabilities currently exist in your environment. The second step is to learn as muchas possible about the problems so you can formulate a solid response. The third step is to intelligently deployyour selected countermeasures and safeguards to erect protections around your most mission-critical assets. Thiswhite paper discusses ten common methods hackers use to breach your existing security.1. Stealing PasswordsSecurity experts have been discussing the problems with password security for years. But it seems that fewhave listened and taken action to resolve those problems. If your IT environment controls authentication usingpasswords only, it is at greater risk for intrusion and hacking attacks than those that use some form of multi-factor authentication.The problem lies with the ever-increasing abilities of computers to process larger amounts of data in a smalleramount of time. A password is just a string of characters, typically only keyboard characters, which a personmust remember and type into a computer terminal when required. Unfortunately, passwords that are too com-plex for a person to remember easily can be discovered by a cracking tool in a frighteningly short period oftime. Dictionary attacks, brute force attacks, and hybrid attacks are all various methods used to guess or crackpasswords. The only real protection against such threats is to make very long passwords or use multiple factorsfor authentication. Unfortunately, requiring ever longer passwords causes a reversing of security due to thehuman factor. People simply are not equipped to remember numerous long strings of chaotic characters.But even with reasonably long passwords that people can remember, such as 12 to 16 characters, there arestill other problems facing password-only authentication systems.These include:• People who use the same password on multiple accounts, especially when some of those accounts areon public Internet sites with little to no security.•People who write their passwords down and store them in obvious places. Writing down passwords isoften encouraged by the need to frequently change passwords.• The continued use of insecure protocols that transfer passwords in clear text, such as those used forWeb surfing, e-mail, chat, file transfer, etc.• The threat of software and hardware keystroke loggers.• The problem of shoulder surfing or video surveillance.James Michael Steward, Global Knowledge InstructorTen Ways Hackers Breach SecurityCopyright ©2007 Global Knowledge Training LLC. All rights reserved.Page 2Password theft, password cracking, and even password guessing are still serious threats to IT environments.The best protection against these threats is to deploy multifactor authentication systems and to train person-nel regarding safe password habits.2.Trojan HorsesA Trojan horse is a continuing threat to all forms of IT communication. Basically, a Trojan horse is a maliciouspayload surreptitiously delivered inside a benign host. You are sure to have heard of some of the famousTrojan horse malicious payloads such as Back Orifice, NetBus, and SubSeven. But the real threat of Trojan hors-es is not the malicious payloads you know about, its ones you don't. A Trojan horse can be built or crafted byanyone with basic computer skills. Any malicious payload can be combined with any benign software to createa Trojan horse. There are countless ways of crafting and authoring tools designed to do just that. Thus, the realthreat of Trojan horse attack is the unknown.The malicious payload of a Trojan horse can be anything. This includes programs that destroy hard drives, cor-rupt files, record keystrokes, monitor network traffic, track Web usage, duplicate e-mails, allow remote controland remote access, transmit data files to others, launch attacks against other targets, plant proxy servers, hostfile sharing services, and more. Payloads can be grabbed off the Internet or can be just written code authoredby the hacker. Then, this payload can be embedded into any benign software to create the Trojan horse.Common hosts include games, screensavers, greeting card systems, admin utilities, archive formats, and evendocuments.All a Trojan horse attack needs to be successful is a single user to execute the host program. Once that isaccomplished, the malicious payload is automatically launched as well, usually without any symptoms ofunwanted activity. A Trojan horse could be delivered via e-mail as an attachment, it could be presented on aWeb site as a download, or it could be placed on a removable media (memory card, CD/DVD, USB stick, floppy,etc.). In any case, your protections are automated malicious code detection tools, such as modern anti-virusprotections and other specific forms of malware scanners, and user education.3. Exploiting DefaultsNothing makes attacking a target network easier than when that target is using the defaults set by the vendoror manufacturer. Many attack tools and exploit scripts assume that the target is configured using the defaultsettings.Thus,one of the most effective and often overlooked security precautions is simply to change thedefaults.To see the scope of this problem, all you need to do is search the Internet for sites using the keywords "defaultpasswords". There are numerous sites that catalog all of the default user names, passwords, access codes, set-tings,and naming conventions of every software and hardware IT product ever sold.It is your responsibility toknow about the defaults of the products you deploy and make every effort to change those defaults to non-obvious alternatives.But it is not just account and password defaults you need to be concerned with, there are also the installationdefaults such as path names, folder names, components, services, configurations, and settings. Each and everypossible customizable option should be considered for customization.Try to avoid installing operating systemsinto the default drives and folders set by the vendor.Don't install applications and other software into their"standard" locations. Don't accept the folder names offered by the installation