I. Background of Protection against Hacking

by JUCC ISTF
/* The following article is extracted from the "Information Security Newsletter" published by the JUCC IS Task Force. */  
 
 
Introduction to Hacking
 
In order to protect the universities' information systems against malicious attacks, IT professionals should obtain a basic understanding of the common hacking methodology and learn to think from the perspective of a black-hat hacker.
 
Hacking Methodology
 
The hacking process can be summarised into the following five phases.
  1. Information Gathering 

    This phase includes reconnaissance and footprinting. It is the preparatory phase to gather as much information as possible prior to an attack. In this phase, the attacker tries to find and exploit a loophole by identifying patterns of behavior of people or systems. Non-intrusive methods are used here to create a map of an organisation's network and systems

    • Target system
    • Network architecture
    • Usage patterns
    • Application type
    • Operating system and version
    • Server type
    • Physical location
  2. Scanning and Enumeration

    In the second phase of hacking, attackers identify target systems' IP addresses and determine whether a system is on the network and available. This phase helps identify known security loopholes according to system and service version, and determines a user account or system account for potential use in hacking the target system. Most account privileges can then be escalated to allow the account with more access than it was previously granted.

  3. Gaining Access

    In this phase, hackers exploit vulnerabilities exposed during the reconnaissance and scanning phase. They might gain access through different paths such as direct access to a personal computer, the local area network (LAN), or the Internet. Common examples of vulnerabilities include stack-based buffer overflows, denial of service and session hijacking, of which the main objective is to gain the ownership of the system. Once a system has been hacked, the hacker possesses the control and can use that system as they wish.

  4. Maintaining Access

    Hackers keep the access for future exploitation and attacks after gaining access. They may even harden the system and secure their exclusive access with backdoors, rootkits, and trojans to prevent other hackers. Once the hacker owns the system, they can use it as a base to launch additional attacks, in which the compromised system is also known as zombies.

  5. Covering Tracks

    After all attacks, hackers would remove all traces of the attack, such as log files or intrusion detection system (IDS) alarms to protect themselves. Examples of activities during this phase of the attack include steganography, using a tunneling protocol and altering log files. The purpose is to avoid detection by security personnel to continue using the compromised system and remove evidence of hacking to avoid legal action.

Hacking Protection Techniques

In response to various hacking activities, the following are some recommended protection techniques that a university should use to lower the risk of exploitation by the black-hat hackers.

  • Introduction to Hacking

    One of the most common infrastructures for enforcing information security is the firewall, which aims at restricting the access of inbound and outbound traffic through configuration of rule sets.

    Stringent controls on physical access to the servers of a University system are not enough to protect the system itself. A lot of hacker's attacks come remotely from an external or internal network. Therefore a secure infrastructure is essential to lower the risk of remote attacks and better protect the University system.

  • Intrusion Detection System

    Intrusion Detection System (IDS) protects a network by collecting information from a variety of systems and network sources, and then analysing the information for possible security problems. It provides real-time monitoring and analysis of user and system activity.

    In general, there are two types of IDS, namely Network Intrusion Detection System (NIDS) and Host Intrusion Detection System (HIDS). Network Intrusion Detection System (NIDS) monitors multiple hosts by examining network traffic at the network boundaries. Host Intrusion Detection System (HIDS) can monitor one host by analysing application logs, file system modifications such as password file and access control lists. Here are some common examples of the functionalities of IDS:

    • Auditing of system configurations and vulnerabilities
    • Assessing the integrity of critical system and data files
    • Statistical analysis of activity patterns based on the matching of known attacks
    • Abnormal activity analysis
    • Operating system audit
  • Code Review

    For any self-developed applications such as web applications, an independent code review on the programs should be conducted separately from the application development in order to ensure no security flaw is revealed from the codes which are visible to the public, and correct error handling and input validation have been implemented in the code.

  • Security Patches

    Many service providers, including software vendors and operating system providers, offer security patches when vulnerabilities of the software or the operating system were found. The installation of up-to-date security patches is very crucial since these vulnerabilities are usually well-known to the public, including the black-hat attackers.

Do Universities Need Hacking Protection?

Universities definitely need advanced protection against attacks, because they have a large pool of valuable data in their internal network. For instances, the research material and references of each faculty which contribute to the intellectual properties of the universities; the personal data being used in research and education; and sensitive information related to third party contractors.

Benefits that universities can obtain from appropriate hacking protection techniques include the following:

  • Prevent leakage of sensitive data via hacking attacks
  • Reduce cost of investigation and reputation damage / monetary loss
  • Facilitate early risk detection and mitigation
  • Increase trust from the senior management, staff , students, third party contractors and the public

Reference:
http://en.wikipedia.org/wiki/Hacker_(computer_security) 
http://www.eccouncil.org/CEH.htm

 

[Next section]