You may reprint or publish this article free of charge as long as bylines are included.Original URL (The Web version of article) --------------------------------------------- http://www.defendingthenet.com/NewsLetters/HowWillYourNetworkBeCompromised.ht
m
Title ----- How Will Your Network Be Compromised? Complex Hacking - Computer Compromise ------------------------------------------------------ Every time I attend a "Security Guru's" meeting, I'm amazed by how much time and effort is spent on discussing complex hacking and computer compromise of computer networks and systems.
One person is going on about latest "heap corruption" vulnerability and another is discussing man-in-the-middle techniques for compromising remote access systems. Most of these vulnerabilities are very difficult to successfully exploit. Some of them require specific host platforms, special tools, in-depth knowledge of many programming languages, and a lot of luck.
I'm not saying there are not tons of vulnerabilities and exploits like these, it's just that they are not always easy to take advantage of, and therefore, may not present themselves as high risk events for most organizations.
It's The Little Things The Will Get You Every Time -------------------------- During security assessments, there are times when I am able to successfully exploit a "technical" vulnerability to gain system or internal network access. For instance; during a recent assessment, I identified a web application server that appeared to be vulnerable to an IIS / ASP vulnerability that would allow an attacker to dump all .ASP code on server. After some effort and a little C/C++ code, I was able to take advantage of this exploit. After perusing through .ASP code on server, I was able to gain important information that resulted in comprise of an internal system.
However, reality is it is simple things that are biggest problem. Most times, internal network compromise is result of one or more of following:
The installation of a web support application that has little to no security features to begin with;
The installation of support software that has a well-known default password for admin account. And, person installing software never bothers to change password;
Improperly configured communications devices such as routers and switches;