CompTIA Security_ Deluxe Study Guide_ SY0-201 - Emmett Dulaney [44]
Not all attacks are only brute-force or dictionary based. A number of hybrids also exist that will try combinations of these two methods. One of the more common techniques involves using rainbow tables—values of hashes—to identify the salt (random bits added to the password) used in creating the stored value.
Some systems will identify whether an account ID is valid and whether the password is wrong. Giving the attacker a clue as to a valid account name isn’t a good practice. If you can enable your authentication to either accept a valid ID/password group or require the entire logon process again, you should.
Privilege Escalation
Privilege escalation can be the result of an error on an administrator’s part in assigning too high a permission set to a user, but it’s more often associated with bugs left in software. When creating a software program, developers will occasionally leave a back door in the program that allows them to become a root user should they need to fix something during the debugging phase.
After debugging is done and before the software goes live, these abilities are removed. If a developer forgets to remove the back door in the live version and the method of accessing them gets out, it leaves the ability for a miscreant to take advantage of the system.
To understand privilege escalation, think of cheat codes in video games. Once you know the game’s code, you can enter it and become invincible. Similarly, someone might take advantage of a hidden cheat in a software application you are using to become root.
Identifying TCP/IP Security Concerns
As a security professional, one of your biggest problems is working with TCP/IP. You could say that the ease of connectivity TCP/IP offers is one of the most significant difficulties we face. Virtually all large networks, including the Internet, are built on the TCP/IP protocol suite. It has become an international standard.
TCP/IP was designed to connect disparate computer systems into a robust and reliable network. It offers a richness of capabilities and support for many different protocols. After TCP/IP has been installed, it will generally operate reliably for years.
Real World Scenario
Responding to an Attack
As a security administrator, you know all about the different types of attacks that can occur, and you’re familiar with the value assigned to the data on your system. Now imagine that the log files indicate that an intruder entered your system for a lengthy period last week while you were away on vacation.
The first thing you should do is make a list of questions you should begin asking to deal with the situation, using your network as a frame of reference. The following list includes some of the questions you should be thinking of:
1. How can you show that a break-in really occurred?
2. How can you determine the extent of what was done during the entry?
3. How can you prevent further entry?
4. Whom should you inform in your organization?
5. What should you do next?
Answers to these questions will be addressed throughout this book. The most important question on the list, though, is whom you should inform in your organization. It’s important to know the escalation procedures without hesitation and be able to act quickly.
TCP/IP has been a salvation for organizations that need to connect different systems together to function as a unified whole. Unfortunately, a downside that comes with being an easy-to-use, well-documented network that has been around for many years is numerous holes. You can easily close most of these holes in your network, but you must first know about them.
You need to have a good understanding of the processes TCP/IP uses in order to know how attacks to TCP/IP work. The emphasis in this section is on the types of connections and services. If you’re weak in those areas,