IV. Hardening Steps for Hacking Protection
by JUCC ISTF
/* The following article is extracted from the "Information Security Newsletter" published by the JUCC IS Task Force. */
Hardening steps specific to each hacking category should be considered when planning the protection of the universities' systems against hacking.
Hardening Steps against Scanning and Enumeration
- Firewall - universities should examine the data of the packet, not just the TCP header, to carry out stateful inspections to detect the connection initiation traffic sent by port-scanning tools.
- Open Required Ports Only - universities should only open the ports required by service on their systems. The rest ports should be filtered or blocked. The TCP ports 135, 137,139, or 445 which are required for NetBIOS null session access should be closed to prevent null session attacks.
Hardening Steps against System Hacking
- Two-Factor Authentication - it is a good practice to require two (or more) forms of identification (such as the actual smart card and a password) when validating a user. An example of such authentication method is RSA Secure ID, which utilises a user defined password combined with the temporary password generated by a security token. However, universities should keep regular communication with the vendor of two-factor authentication mechanisms to timely patch the authentication systems with latest updates in response to any known vulnerabilities (e.g. attack on RSA using zero-day flash exploit in Excel)
- Reinstall Operating System - when you detect a trojan or backdoor program. Critical data should be backed up and the operating system and applications from a trusted source can be reinstalled afterwards. A well-documented automated installation procedure and trusted restoration media should be implemented in the University.
- MD5 Checksum Utility - is a 128-bit value, like the file's fingerprint, ensuring their integrity. Tools, such as Tripwire, implement MD5 checksums to identify files infected with malicious programs.
Hardening Steps against Web Application Attacks
- Default Accounts - rename the administrator account, and use a strong password.
- Boundary Check - perform bounds checking on input to web forms and query strings to prevent buffer overflow or malicious input attacks.
- Remote Access - disable remote administration functionalities.
- Error Handling - use a script to map unused file extensions to a 404 ("File not found") error message.
- Legal Notice - add a legal notice to the site to make potential attackers aware of the implications of hacking the site.
Summary
Recently, hacker communities from all over the world have been actively attacking different organisations including governmental or commercial entities. E.g. attacks on PlayStation Network (PSN), FBI, CIA and US Senate's high security networks by "Lulz" Universities as a role model to society could easily become a target of the hackers. Therefore, technical knowledge of the hacking methodology, application of adequate protection techniques, and awareness of security trends are increasingly important to provide confidence to the users and the owners of the systems and data maintained by universities.
Techniques used for protection against hacking activities can be powerful once they are properly implemented and used by personnel with sufficient knowledge of hacking. Universities should pay close attention to the appropriateness of the security measures and resources in place for protecting against hacking activities to avoid any adverse impact on achieving information security objectives.
Reference:
http://www.eccouncil.org/CEH.htm
http://osvdb.org