talking art Internet network security.
I hope the science of network security in this paper is used for good things - be a Hacker
not a Cracker. Do not until you get karma for using science to destroy property others. Moreover, at present the need for hackers is increasing in Indonesia with dotcommers more who want to IPO in the stock market. Good name and the value of a dotcom could fall even become worthless if the dotcom collapse. In this case, the hackers expected to be a security consultant for the dotcommers it - because the HR party police and security forces in Indonesia is very very weak and pathetic in the field of technology Information & Internet. What may make cybersquad, private cyberpatrol probably need at budayakan for survival dotcommers Indonesia on the Internet.
Various Internet network security techniques can be easily obtained on the Internet, among others, in http://www.sans.org, http://www.rootshell.com, http://www.linuxfirewall.org/, http://www.linuxdoc.org, http://www.cerias.purdue.edu/coast/firewalls/, http://www.redhat.com/mirrors/LDP/HOWTO/. Most of this technique in the form of books that the number of its several hundred pages that can be taken in free of charge (free). Some Frequently Asked Questions (FAQ) about network security can obtained in http://www.iss.net/vd/mail.html, http://www.v-one.com/documents/fw-faq.htm. And for
the experimenter some script / program that is so can be found among others in http://bastille-linux.sourceforge.net/, http://www.redhat.com/support/docs/tips/firewall/firewallservice.html.
For those readers who wish to gain knowledge about the network can be downloaded free of charge from http://pandu.dhs.org, http://www.bogor.net/idkf/, http://louis.idaman.com/idkf. Some book-shaped softcopy can be taken free of charge to the capture of http://pandu.dhs.org/Buku-Online/. We must especially grateful to the team led by Pandu I Made Wiryana for this. At this time, I do not know of any place of active discussion Indonesia discuss these hacking techniques - but may be partly discussed in the mailing list information such as kursus-linux@yahoogroups.com & Linux-admin@linux.or.id which are operated by the Indonesian Linux Users Group (Ltsp)
http://www.kpli.or.id.
The simplest way to see the weakness of the system is by way of seeking information from various vendors for example in http://www.sans.org/newlook/publications/roadmap.htm # 3b on weakness of the system they have created yourself. In addition, monitoring the various mailing lists at Internet security-related networks such as the list http://www.sans.org/newlook/publications/roadmap.htm # 3e.
Described by Front-line Information Security Team, "Techniques Adopted By 'System Crackers' When Attempting To Break Into Corporate or Sensitive Private Networks, "fist@ns2.co.uk http://www.ns2.co.uk. A Cracker generally men aged 16-25 years. Based on user statistics Internet in Indonesia, then in fact the majority of Internet users in Indonesia are children younger at this age as well. Indeed, this age is the age that is ideal in studying new including Internet knowledge, very unfortunate if we do not succeed menginternetkan to 25,000 Indonesian school s / d in 2002 - as the foundation for the future of Indonesia is in the hands of our young kids this.
Well, the young cracker cracking is generally done to improve the ability / use the resources on the network for its own sake. Generally, the cracker is opportunistic. Seeing the weakness of the system to carry out the scanner program. After gaining access root, the cracker will install a back door (backdoor) and close all general weakness there.
As we know, generally the various companies / dotcommers will use the Internet to (1)
Web hosting their servers, (2) e-mail communication and (3) provide access to web / internet to its employees. Internet and Intranet network separation is generally performed using engineering / software firewall and proxy server. Seeing the conditions of use of the above, the weakness of the system generally can penetrate through the mail server for example with external / outside that is used for easy access to the mail out of the company. In addition, by using aggressive-SNMP scanner and a program that forced the SNMP community string to convert a router into bridge (bridge) which can then be used for a stepping stone to get into the network company's internal (Intranet).
In order for crackers protected during the attack, the technique cloacking (incognito) is done by jumping from the previous machine has been compromised (conquered) through program telnet or rsh. At an intermediary machine that uses Windows attack can be performed with Wingate jumped out of the program. In addition, the jumps can be done through a proxy device configuration is less good.
After a successful jump and into other systems, usually a cracker to probe against network and gather the information needed. This is done in several ways, eg (1) use nslookup to run the command 'ls <domain or network>', (2) see HTML file on your web server to identify other machines, (3) to see various documents on FTP servers, (4) connecting to the mail server and use the command 'expn <user>', and (5) her finger users on other external machines.
Next cracker should identify network components that are weak and can be conquered. Crackers can use the program in Linux like ADMhack, mscan, nmap and many small scanner other. Programs such as 'ps' and 'netstat' in for a trojan (remember the Trojan horse story? in classical greek story old) to hide the scanning process. For a fairly advanced cracker can use aggressive-SNMP scanning to scan equipment with SNMP.
Once the cracker managed to identify the network components are weak and can be conquered, then cracker will run a program to conquer the weak daemon program on the server. Program daemon is a program on a server that normally runs in the background (as daemon / demon).
Furthermore, a cracker can use a machine that has been conquered for their interests own, such as taking sensitive information that should not be read; mengcracking machine other by jumping from the machine be conquered; install a sniffer to see / record the various traffic / communication is passed; can even turn off the system / network by running command 'rm-rf / &'. The latter will be very fatal consequences because the system will be destroyed at all, especially if all the software in put in the hard disk. Process re-install the entire system must be done, would be a headache if it is done on machines that run mission critical.
Therefore all machines & routers that run mission critical should always check security & on patch by newer software. Backup is very important especially in machines that perform critical missions in order to be saved from the act of disabling cracker system with 'rm-rf / &'.
For those of us who wrestle daily on the Internet usually it will greatly appreciate the presence of hacker (not cracker). Because thanks to the hackers, the Internet is there and can we enjoy such today, even kept in repair to be a better system. Various weaknesses
system be improved because of cleverness fellow hackers who often times they will be working on improvements. voluntarily because of his hobby. Moreover, often the result of his hacking distributed free of charge on the Internet for the purposes of the Internet community. A culture of mutual help values & Noble it grows in cyberspace Internet that usually seem futuristic and far from the social sense.
Development of the hobbiest hackers has become critical to the sustainability / survival Internet vehicle dotcommers in Indonesia. As one of fact, in the near future Inshallah God around mid April 2001 will be held hacking competition on the Internet to break into a server that has been determined beforehand. The hacking competition at hatched by children young people in the Indonesian Linux Users Group (Ltsp) Semarang driven by young people like Kresno Aji (masaji@telkom.net), Agus Hartanto (hartx@writeme.com) & Lekso Budi Handoko (Handoko@riset.dinus.ac.id). Like many other young children, they generally have capital tight budget - help & sponsorship would be very useful and expected by this young fellow.
Hopefully all this will add to the spirit of readers, especially young readers, for move in a world of exciting and challenging hackers. If Captain Jean Luc Picard said in the film Startrek Next Generation, "To boldly go Nowhere no one has gone before".
Kamis, 30 Desember 2010
Motivation for Hacking
15.04
Technology
Hackers with the expertise to see and fix vulnerabilities in computer software; normally then published openly on the Internet for the system to be better. Unfortunately, few people take the evil use that information to crime - they are usually called a cracker. Basically the world of hackers and crackers are no different from the art world, here we
The next step, the cracker will identify network components that are trusted by the system what only. These network components are usually the administrator machine and the server that is usually considered most secure in the network. Start by checking access & NFS exports are critical to various directories such as / usr / bin, / etc and / home. Exploitation of the machine through the weakness of the Common Gateway Interface (CGI), with access to the file / etc / hosts.allow.
The success of conquering this daemon program will allow a cracker to obtain access as 'root' (the highest administrator in the server).
To eliminate the trace, a cracker usually perform the cleaning operation 'clean-up' operation by way of cleaning the various log files. And add the program to enter from the back door 'backdooring'. Changing. Rhosts file in / usr / bin for easy access to the machine that be conquered through rsh & csh.
0 komentar:
Posting Komentar