CS682- Network Management and Security Prof. Katz

The Hacker Mentality The term was originally used to mean someone who made software do that which the programmer did not intend. Over time it was adapted to classify those who do the above for illegal purposes

Different types of hackers Network Hackers – Continuously pound on networks looking for holes Phreaks – Hardware hackers Crackers – Code breakers Most hackers believe they are “elite” and will not get caught. Some are right, most are wrong.

Evolution of a hacker Hackers recently have been High School or undergraduate students. After learning all they can about the target they begin trying to find a solution to let them in

After a hacker gets in The hacker will contact the system administrator The hacker will retrieve the desired data The hacker will deface the machine

Common forms of entry Easy passwords Unpatched servers (known attacks) Security recommendations unfollowed Buffer overflows

Progression of a hack The hacker will initially determine all available information about the target network The hacker will select a target which has the least amount of protection, which will allow him to get the data he wants. The target will be compared against well known attacks If source code is available for the target’s systems, the hacker will examine the code for new ways in. The hacker may attempt to gain access to the password database. The hacker will attempt brute force access to the system The hacker may attempt to gain physical access to the system.

What tools are available? If the hacker has programming experience, he can create his own tools Commercially available tools are often free nmap ( L0phtcrack Tcpdump (network monitors) Various assorted tools designed to scan for well known attacks.

RFC-1918 / NAT

RFC-1918 Hosts not connected to the Internet do not need unique addresses Hosts connected through a proxy server or Address Translation device do not need unique addresses NB: The proxy server or NAT device will need at least 1 unique address!

Network Address Translation IP Address theory provides 4,294,967,296 unique IP addresses. Because of Subnetting we’ve used almost the entire domain. NAT allows us to use RFC1918 (fake, illegal) addresses for our LAN and have only a few addresses seen on the InternetRFC1918

Types of NAT One-to-One: Does not eliminate the number of used IP addresses, but provides for greater security One-to-Many: Wastes IP addresses, only done when necessary for security Many-to-One: One real address is used by many fake addresses

Concepts of NAT Only important if Every machine needs an IP address unique to its network Networks need at least one unique address When data traverses a NAT device the TCP and IP headers will be changed and in some cases the data will be changed too

How NAT works

Why is NAT secure In Many-to-One NAT, connections are never allowed from the outside to the LAN unless they are expected (ie FTP) Generally in One-To-One NAT open ports must be indicated and connections specifically allowed Outside individuals have no concept of the layout of the LAN

Problems with NAT Non-OSI compliant protocols will not work without special consideration Protocols which make a connection back to the original host will not work Sometimes difficult to install/maintain Sometimes costly

NAT Devices All Cable Modem/DSL Routers Checkpoint Firewall-1 Linux CISCO IOS Windows 2000

Linux NAT