Host Security  «Prev  Next»

Steps Crackers use to attack Your System

Common break-in Procedures

Steps crackers use to attack your system.
  1. The cracker will try to break the root account.
  2. The cracker deletes the log files.
  3. The cracker installs a backdoor.
  4. The cracker copies the local password file.
  5. The cracker tries to spread directly to other machines on the network.

This material is organized around the key tasks you need to perform to carry out a comprehensive attack. These include mapping the application's functionality, scrutinizing and attacking its core defense mechanisms, and probing for specific categories of security flaws.

How are systems compromised?

A lot of attacks are based on just knowing a small secret or a little-known fact about a system. For example, you might not know that many computer systems come with well-known account names that you can look up. For example, here is a site that points to default usernames and passwords for WiFi routers. If you are still using one of these older routers, and if you did not change your password, any person who happens to be nearby could easily access your WiFi router. As you can see, this kind of attack does not require much skill at all and this is also why modern WiFi boxes come with usernames and passwords on a sticker on the side of the box, so people cannot just use the default usernames and passwords.
On Windows systems, the keyboard shortcut to close an app is Alt-F4. I once saw a computer kiosk running a demo one time, one that did not have a mouse (presumably to keep people from closing the main window) but it did have a keyboard. So I tried it out, and it actually worked. I could see all the other programs loaded on the computer. I ended up switching the kiosk to a game of solitaire in a small act of mischief. Now, the two attacks above require practically no skill, just a little bit of knowledge about how computer systems work. There are lots of vulnerabilities like this, but any person with decent technical skills should be able to protect you against these kinds of basic attacks without too much effort.
However, even sophisticated attacks have essentially the same flavor as the attacks above, in terms of making use of some special knowledge about how a system works. The main difference is the level of skill and amount of effort required. Usually, at this level, there are different kinds of motivations involved, typically money rather than just mischief.