In view of the fact that Mr. dbejar is embarrassing us, it’s about time that the rest of us said something. On this occasion I am going to pull towards systems and I am going to write the first of a series of articles related to security that I will be publishing in successive installments.
As this is the first one, let’s start slowly to warm up. I read it in a pretty good book (let’s see if I can find it, I only have some notes) and the point is titled, as your clear minds will have deduced, “Top 14 main security vulnerabilities”. In it we review the main points through which a hacker could attack our system. It covers both Windows and Linux systems, it is a “fly-by”. Let’s get down to the nitty-gritty:
1) Improper router access control: a router ACL that has been misconfigured can allow leakage through ICMP (Internet Control Message Protocol), IP NetBIOS and allow unauthorized access to certain services in its DMZ (De-Militarized Zone) servers.
2) Unsecured and unattended remote access points provide one of the easiest ways to access our network. It is wise not to expose our sensitive files.
3) Information leakage can provide the attacker with information about our operating system version, applications, users, groups, shared services, DNS information through zone transfers and running services such as SNMP, finger, SMTP, telnet, rusers, rcpinfo, NetBios….
4) Hosts running unnecessary services such as RCP, FTP, DNS, SMTP, etc. are an unnecessary source of vulnerable ports.
5) Reused, simple or easily guessable passwords at the workstation level. Falling for a dictionary attack is one of the most frequent errors in a system if users are not properly educated.
6) User accounts with excessive privileges. In combination with 5 is to drop your pants in front of the rest of the world.
7) Misconfigured Internet servers, especially CGI script files on anonymous web and FTP servers with write permissions.
8) If a DMZ server is compromised, a misconfigured ACL in the router can give the intruder access to the internal zone of our network.
9) Applications that are not properly updated with their corresponding security patches.
10) Excessive access controls on NT shares and exports via NFS on Unix.
11) Having excessive trust relationships such as NT Trusted Domains and UNIX .rhost and hosts.equiv files can direct the attacker to gain access to sensitive systems.
12) Unauthenticated services such as X-Windows that allow users to capture keystrokes performed remotely.
13) Inadequate recording, detection and surveillance capabilities, without crossing the boundary that may involve invading workers’ privacy.
14) Lack of accepted and adequately developed safety directives, procedures, standards and guidelines.
And if you hurry I would add 15, The hacker’s most effective weapon: social engineering.
Well, what’s the point of all this? Well, in principle just to make you ask yourself questions about your system. In future articles we will go to the point with practical solutions for each section with the idea of making the life of the most persevering hackers more difficult.