Interview with John Chirillo, author of "Hack Attacks Testing: How to Conduct Your Own Security Audit"
by Mirko Zorz - Friday, 4 April 2003.
My latest new edition of Hack Attacks Revealed (Second Edition) contains a compilation of the top 75 attacks and countermeasures affecting general computing, internetworking, and Windows, UNIX, OS/2, MAC, and Linux operating systems. They are based primarily on research by System Administration Networking and Security (SANS), the Computer Emergency Response Team (CERT), the Computer Incident Advisory (CIAC), X-Force Alert, Microsoft Security Bulletin, the National Infrastructure Protection Center (NIPC) Watch and Warning Unit, and Red Hat Network Alert system. With that said the top five vulnerabilities everyone should mitigate, in no particular order, are as follows:
  • Weak Passwords - Some systems and applications by default include accounts that either contain no passwords or require password input without strict regulation or guidelines.
  • Too Many Open Ports - There are 65,535 ports on a computer. An attacker can use discovery or initial "footprinting" or information gathering to detect which of these ports are active and listening for requests; this can facilitate a plan that leads to a successful hack attack.
  • Unprotected NetBIOS Shares - NetBIOS messages are based on the Server Message Block (SMB) format, which is used by DOS and Windows to share files and directories. In UNIX systems, this format is utilized by a product called Samba to collaborate with DOS and Windows. While network protocols typically resolve a node or service name to a network address for connection establishment, NetBIOS service names must be resolved to an address before establishing a connection with TCP/IP. This is accomplished with the previously mentioned messages or with a local LMHOSTS file, whereby each PC contains a list of network nodes and their corresponding IP addresses. Running NetBIOS over TCP/IP uses ports 137-139, where Port 137 is NetBIOS name (UDP), Port 138 is NetBIOS datagram (UDP), and Port 139 is NetBIOS session (TCP). This vulnerability can allow the modification or deletion of files from any exported, mounted file system. Server Messaging Block (SMB) can be compared to Sun's Network File System (NFS), and it allows for the sharing of file systems over a network using the NetBIOS protocol. This vulnerability gives a remote intruder privileged access to files on mounted file systems. Consequently, an attacker could potentially delete or change files.
  • Buffer Overflows - Buffers are types of data storage units in computer systems. They were designed to hold a specific amount of data, and when overwhelmed, can leak some into adjacent buffers causing an overflow and/or corrupting legitimate data. This type of attack not only distresses the integrity of data, but can also trigger malicious events such as file damage or exhausting system resources resulting in a denial of service (DoS).
  • Malicious Code Threats - These include publicized virus and Trojan variations such as Myparty, Goner, Sircam, BadTrans, Nimda, Code Red I/II and many more.
What is, in your opinion, the biggest challenge in protecting sensitive information at the enterprise level? What are the most important things an administrator has to do in order to keep a network secure?

Upwards to $59 billion is lost each year in proprietary information and intellectual property, according to the 10th Trends in Proprietary Information Loss Survey by ASIS International, PricewaterhouseCoopers, and the U.S. Chamber of Commerce. The collective basis for these losses is a lower level of priority for information security-especially at the internetwork, desktop, and public sector user-and lack of management support. With the rapid release of new software and hardware and the progression of technology and processing power, the threat of further loss is imminent. We simply must equally integrate security throughout the infrastructure and should not depend so much on robust perimeter security such as firewalls.

High-speed networks of interconnected data storage and processing devices are centralized for better control over information assets. With stored data processing at the core, network capacity is emancipated outward to the users. The same methodology should be incorporated into corporate and public network security policies with a ripple effect-imagine a drop of water hitting a calm pool and causing ripples. With regard to a network each ripple correlates to a network point that has the potential to contain vulnerabilities from any direction and needs be taken into account from a security perspective. This is the essence of ripple security logic.


What's the real cost of a security breach?

The majority of business decision makers admit that their organisation will suffer an information security breach and that the cost of recovery could start from around $1 million.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Thu, Feb 11th