|
One of the major tools used by hackers to penetrate computers and computer networks is through the use of vulnerability scanners, the very same tools IT security staff use to help keep the hackers away. It is incumbent on those charged with computer and network security to pay close attention to this threat. Untold damage to the enterprise may result from a lapse of diligence and the intrusion of but a single hacker. The trick is to stay at least one step ahead.
Vulnerability scanners are designed to test network servers for scripts and exploits that could be vulnerable to attack. They look at the operating system itself, the firewall, service and remote administration areas, checking against a database of known methods of exploitation. They will seek out port connections, packet construction, or vulnerable scripts and executable files. The vulnerability scanner will then attempt to connect to and exploit each service, acting like a hacker trying to penetrate the network.There are many open source vulnerability scanners available, with full source code included. Any hacker with minimal programming ability can quickly modify the vulnerability scanner to report back and exploit the vulnerabilities it discovers. Since computer security officers frequently post newly discovered vulnerabilities to public news groups, including detailed information about how to exploit those vulnerabilities, it is easy for the hacker to test for these vulnerabilities and penetrate the network if they are found. The first measure a system administrator should take to ward off this kind of attack is through the use of a strong, up-to-date firewall program. The latest firewall programs “stealth” unused ports, rendering them invisible to an outside attacker. If the attacker cannot receive a response from the stealthed port, it cannot be exploited. The second method is through the use of patches. Software vendors are constantly on the lookout for vulnerabilities, and construct patches to cover these security holes in their programs. Often, the vendor will send emails to customers describing the vulnerability, directing them to downloadable patches posted on its website. Finally, removing the service name and version number from broadcast headers will prevent hackers from easily looking up known vulnerabilities for that service and attempting to exploit them. These steps, along with diligent education and updates, will keep the network safe. |
