A Practical Guide to Computer Security

Date July 19, 2005

Part I: Understanding Hackers

It is important to understand your adversary. With understanding comes the ability to anticipate behavior and motivation, which is required to be able effectively detour attacks. People who compromise information systems cover a broad range of people with diverse motives and varied skill levels. To understand the hacker who is likely to attack your systems, you need to understand what it is that makes you a target. The systems might be targeted because of the information that they contain or some specific resources to which they have access, or their ability to be compromised. The reason for an attack can be financial, political, personal, or merely convenience due to location or ease of access. The attacks can be simple scripted attacks or they can be well-thought-out and orchestrated. They can be hit-and-run or ongoing. This extreme diversity in attacks and attackers increases the need for system administrators to have a general understanding of the hacking environment.
The Hacking Environment
A serious hacker must have a computer, network connectivity, and time to hack. The hacker will generally use a Linux computer, high-speed networking, and be a student or someone with plenty of discretionary time at work. This describes the environment at universities, which have been a popular location of hackers. Students have access to powerful computers which are attached to high-speed networks and they have plenty of time on their hands. However, each of these attributes is becoming more available at home every day, home computers are now very fast and very cheap, and always-on high-speed networking has reached the home via DSL and cable networks.

Linux is the operating system of choice among hackers. It has the ability to run the greatest variety of tools and the flexibility to control all aspects of the system. Having his own computer allows the hacker to be a peer to the system that he is attacking, not just a client. With a system of his own, he is in control of the permissions and privileges, so he can appear as anyone he wants to on an outside system. This also gives him experience at managing and securing a system, and therefore insight into his opponent, the system manager. He will need to manage his system and secure it from outside attack so he will know if someone is probing his system. If he is found out, it is likely that a system manager will be trying to identify his system’s attacker.
The more network bandwidth the hacker has, the more scans, probes, and attacks he can perform. Bandwidth is generally the limiting factor to accessing remote systems.

Category Posted in WhitePapers

Leave a Reply

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>