Hacking Tools Can Strengthen Security

By Cameron Sturdevant  |  Posted 2005-03-21 Print this article Print

Learning the tools and tricks of the hacking trade can keep IT managers a step ahead of troublemakers.

To avoid getting hacked, youve got to think like a hacker—and that means knowing the tools and tricks of the hacking trade.

IT managers must understand the types of hacking tools available—including the vulnerabilities they target and the damage they can cause—to keep business data private, prevent information theft and maintain data availability while enabling a high level of business productivity.

Its tempting to rely on commercial vulnerability assessment tools and patch management systems to keep network infrastructure devices, servers and desktop systems in top defensive form. However, IT organizations should not depend on these products and services as the sole source of expertise in combating attacks on enterprise resources.

Hacking tools most often originate in the realm of advanced coders. And recent news stories have tied these coders to underworld backers.

Many of these hacking tools are a few clicks away on the Internet, but some tools can be difficult to find unless you move in certain circles. In the frequent case that a hacking tool cannot be accessed directly, there are several resources on the Web that will provide the kind of information IT managers need to assess network security tools ability to thwart it.

Before doing any kind of assessment of hacking tools, IT administrators should first perform a risk analysis to see which of their organizations IT resources are most vulnerable to attack and what kinds of attacks theyre most liable to suffer. Administrators should then attempt to download, test and become proficient with at least one of the hacking tools that are most threatening to the organizations vital IT assets.

Root kits

One hack that should be high on IT organizations most-wanted list comes by way of root kits.

In fact, based on detailed information provided to eWEEK Labs and verified in our testing, Windows shops should immediately take steps to understand root kits, a type of hack that is widely known in the Unix community but that now appears to be headed straight for Windows desktop and server systems.

Although root kits may be a new problem—to the Windows world, anyway—the overarching concern should be variations on hacks known to exist in every operating system in use in the network today.

Click here to read about one IT managers experience as a victim of a root-kit attack in which 500GB of e-mail data was rendered inaccessible. Buffer overflows

One of the most commonly exploited vulnerabilities is the buffer overflow. Buffer overflows occur when too much information can be written to a predefined memory buffer, causing a program to fail.

There are many tools that let hackers exploit this vulnerability, and knowing them will help you learn how to prevent their successful use on your systems.

One such tool is Digital Monkeys Buffer Syringe, a relatively simple, minimally documented tool that lets hackers exploit buffer overflows. In fact, Buffer Syringe includes several usage examples that make implementation of the tool a snap.

Understanding how Buffer Syringe and tools like it work should give IT managers much more confidence when evaluating, for example, a Windows vulnerability assessment tool or patch management system because it will reveal the ins and outs of how the buffer overflow is constructed.

With this information, IT managers can then exact much more specific and telling information from vendors of commercial vulnerability assessment tools as to how their tools detect such weaknesses. Thus armed, it will be much easier to evaluate, select, implement and use such tools over time.

Next page: Format-string attack.

Cameron Sturdevant Cameron Sturdevant is the executive editor of Enterprise Networking Planet. Prior to ENP, Cameron was technical analyst at PCWeek Labs, starting in 1997. Cameron finished up as the eWEEK Labs Technical Director in 2012. Before his extensive labs tenure Cameron paid his IT dues working in technical support and sales engineering at a software publishing firm . Cameron also spent two years with a database development firm, integrating applications with mainframe legacy programs. Cameron's areas of expertise include virtual and physical IT infrastructure, cloud computing, enterprise networking and mobility. In addition to reviews, Cameron has covered monolithic enterprise management systems throughout their lifecycles, providing the eWEEK reader with all-important history and context. Cameron takes special care in cultivating his IT manager contacts, to ensure that his analysis is grounded in real-world concern. Follow Cameron on Twitter at csturdevant, or reach him by email at cameron.sturdevant@quinstreet.com.

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel