System attacks — Identifying the stronghold's weaknesses

Add to my library

H5832 V1 Article

System attacks — Identifying the stronghold's weaknesses

Author : Laurent LEVIER

Publication date: October 10, 2005 | Lire en français

Add to my library Add to my library

Logo Techniques de l'Ingenieur You do not have access to this resource.
Request your free trial access! Free trial

Already subscribed?

Overview

Read this article from a comprehensive knowledge base, updated and supplemented with articles reviewed by scientific committees.

Read the article

AUTHOR

  • Laurent LEVIER : Certified Information Systems Security Professional (CISSP) - Certified Information Security Manager (CISM) - Internal Network Security Officer, Equant Télécommunications

 INTRODUCTION

Hacking is, and will remain for a long time to come, a serious threat to business. While in the early days this activity required real skill in various areas of system and network administration and programming, it is now within the reach of a large number of people with varying degrees of experience, thanks to the countless tools available to the public on the Internet. These amateur hackers, lacking the necessary skills, are the main source of serious problems for the company, as they can commit irreparable damage with the sole aim of covering their tracks once they have penetrated the targeted system.

When an intruder wants to attack a company's computer systems, there are generally three main steps:

  • the first is to identify the machines on a network. To do this, it is necessary to overcome the obstacles installed by the company to protect its computers against the dangers inherent in connecting its network to the Internet, for example. We're talking here about firewalls , network antivirus ... The intruder must therefore have a vision of the network he is attacking, and therefore techniques for identifying its inner workings. . In this stage, the intruder must also succeed in remaining as undetected as possible;

  • in the second stage, the intruder, who has succeeded in breaking through these barriers, finds himself "in front" of the computer he wants to access. He must then find a way to get from the outside of this machine to the inside; this is, of course, a logical view of the situation. To do this, the intruder must first list the entry points offered by the targeted system, i.e. network services and the operating system. It is through these doors that the intruder attempts to gain access;

  • finally, in the third and last stage, the intruder must find exploitable security weaknesses at the identified entry points. Depending on the type of weakness, the intruder can gain different levels of privilege. For example, he may simply have the right to list (from the outside) the contents of any file on the system, succeed in obtaining a command interpreter from an unprivileged user, or, ideally, have a command interpreter with administrator privileges.

In this document, we focus on the second stage, describing the various techniques and methods, or even tools, used to identify the network services and operating system offered on a machine. However, we do recall the techniques and methods for locating systems on the network required for the first stage. Readers wishing to delve deeper into this first stage will find more detailed information in the dossier dedicated to...

You do not have access to this resource.
Logo Techniques de l'Ingenieur

Exclusive to subscribers. 97% yet to be discovered!

You do not have access to this resource. Click here to request your free trial access!

Already subscribed?


Ongoing reading
System attacks — Identifying the stronghold's weaknesses

Article included in this offer

"Security of information systems"

( 88 articles )

Complete knowledge base

Updated and enriched with articles validated by our scientific committees

Services

A set of exclusive tools to complement the resources

View offer details

Contenus associés

Sur le même sujet

Veille personnalisée : Inscrivez-vous !

Dans les ressources documentaires

Mise en œuvre d’un pare-feu gratuit à base d’IP Filter

Dans les débuts de l’informatique, les méthodes d’accès se faisaient par des liens directs entre des term...

Systèmes d'exploitation : principes et fonctions

Le système d'exploitation d'un ordinateur est un logiciel qui vise à faciliter l'emploi de cet ordinateur...

Sécurité des applications Web et mobiles

En 22 ans le Web, son langage HTML et son protocole de transport http se sont transformés, ils étaient de...

Sécurité des systèmes embarqués

Les systèmes embarqués sont omniprésents dans nos sociétés modernes. Ils sont complexes car ils regroupen...

Tous les livres blancs
Article Créer de la confiance avec les blockchains
24 July 2018
Créer de la confiance avec les blockchains

En 2008 Satoshi Nakamoto définissait un nouveau modèle de monnaies, dont l'émission et la gestion s'opèrent sur un réseau pair-à-pair sans contrôle centralisé. ...

Toutes les actualités
Contact us