Security Information and Review

Collection of security information and review

Hacking Technique and defenses Strategy part 1

Author : Admin

Footprinting

Footprinting is the process of accumulating preliminary data about a target using publicly available methodes. This information can be used to gain a better understanding of the target’s network architecture. There are many ways and techniques to get information about a target such the use of search engines, domain and network block registrars.

Enforcement of the following defensive tactics are strongly recommended in order to minimize the risks associated with exposure of sensitive information by search engines and web server misconfigurations. Administrators perform routine audits web server configuration and the data it is allowed to server. Administrators also must be instructed not to post job vacancies on technical news groups, message boards and mailing list using their real names and e-mail address.

Other ways and techniques to prevent exposure, ensure that e-mail addresses listed on whois records end with a domain different from organization’s name. This will make personal contact information from being exposed to potential intruders. One of the important action that must be done is prevent incoming traceroute requests. Ensure firewall configuration to drop incoming UDP and ICMP packet, if we must allow incoming UDP packet for DNS, configure firewall to allow only incoming UDP packets with source port 53 from specific DNS server IP address.

Scanning and Identification target

The next step of the hacking and defense techniques is scanning and identification. Scanning is the process to get the target host in the network and probe the ports they serve. the process of scanning is the usual pinging, ping sweeping, tcp pinging and port scanning. After getting sufficient data on the target host and port that is open, then the next step is fingerprinting. Fingerprinting is the process to get detail of operating system was used such type, version and vulnerability.

How to prevent scanning with ping, ping sweeping, TCP pinging and port scanning ? Configure firewall to drop incoming ICMP echo requests and outgoing ICMP echo replies. This will prevent host in your networks form responding to ICMP echo request. Always use a stateful firewall to protect and make sure to configure firewall to drop all ACK packet that do no belong to an already established TCP connection. We can use firewall and IDSs have the ability to detect port scans and routinely watch logs to know what happens with your networks and servers.

Enumeration

Next step of hacking techniques and defenses is enumeration. This step covered ways to identify services running non standard ports and on standard ports. The logical step is to enumerate information such as usernames, file shares, operating system and application version number from services listening on the specific ports. Favorite tools that is used to enumerate information : Amap, Nmap and Netcat. Many remote service daemons display a banner message when a connection is made to the port they listening on. Banner messages can give up information about application and version. The process of obtaining banners from remote services is known as banner grabbing. One methode to prevent this techniques is change banner message of the service daemon / application.

See next article … part 2.

Share and Enjoy: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • del.icio.us
  • Netvouz
  • DZone
  • ThisNext
  • MisterWong
  • Wists
  • Technorati
  • YahooMyWeb
  • Slashdot
  • StumbleUpon
Categories: Linux Security - Windows Security
this particular webpage fails to look right on Opera, but yet your other pages do. unusual...
5 November 10 at 10:43
If you like this posts, please leave messages / comments.