• Choose a category
• All
• Classic-Fiction

Early PC systems used a standard naming convention for files called the 8.3 format. This format allowed eight characters for the filename and three characters for the file type or extension. Certain file extensions told the operating system to immediately start executing a file (for example, .bat, .com, and .exe).

Modern systems have expanded the 8.3 format to allow longer and user-friendlier file-names. They still maintain the file extension type and hide it from the user.

If a file type is indicated—for instance, a filename has a .jpg extension—the system automatically opens the program that has been registered to be associated with the file. Table 4.1 shows some of the common file types used in PC systems today.

TABLE 4.1 Common Executable File Types That PC Systems Use

Many operating systems, including Windows environments, hide the file extension from the user. A user may receive a file named mycatspicture and assume that it’s a JPEG or other picture. Unfortunately, the actual file type isn’t usually shown to the user when they contemplate opening it. If the file is an executable or a script, it will start executing using the appropriate language or command processor. If this file is a Trojan horse, a worm, or some other form of malicious code, the system has potentially been compromised.

Files can even appear to have more than one filename extension. A file may indicate that it’s mycatspicture.jpg when it’s actually mycatspicture.jpg.exe. This file will start executing when it’s opened and may expose the system to malicious code.

From a user’s perspective, the simpler things are, the easier they are to work with. However, from an administrator’s perspective, you want to know as much as you can. Windows XP, like its most recent predecessors, by default hides known file extensions as well as certain files and folders.

Understanding Protocol Analyzers

The terms Protocol analyzing and packet sniffing are interchangeable. They refer to the process of monitoring the data that is transmitted across a network. The software that performs the operation is called either an analyzer or a sniffer. Sniffers are readily available on the Internet. These tools were initially intended for legitimate network-monitoring processes, but they can also be used to gather data for illegal purposes.

IM traffic, for example, uses the Internet and is susceptible to packet-sniffing activities. Any information contained in an IM session is potentially vulnerable to interception. Make sure users understand that sensitive information should not be sent using this method.

One of the most well-known tools for analyzing network traffic in real time is snort (http://www.snort.org). Lab 4.3 walks through the installation of this tool.

Understanding Signal Analysis and Intelligence

The terms signal analysis and signal intelligence refer to capturing and analyzing electronic signals. Military and governmental agencies have been doing this since the beginning of the electronic age. The purpose of analysis and intelligence is to identify and evaluate the enemy, identify and track communications patterns, and identify what types of technologies are being used to send them.

This is a game of patience and persistence. People who want to attack your system are also performing analysis and intelligence. They’re trying to discover what your communications topology and infrastructure look like, what your critical or sensitive circuits are, and what you use them to do.

Attackers have many tools at their disposal; most of them are relatively easy to use. Your job is to act as a counterintelligence agent and, where possible, prevent them from gaining access to this information.

Your enemy has several common methods to gain intelligence about your network and your potential vulnerabilities. The following sections describe two of these methods.

Footprinting

Footprinting is the process of systematically identifying the network and its security posture. An attacker may be able to gain knowledge of the systems you use, the