|
Re: كيـف يتـم التهكيـر خطـوات عمليـة (Re: عبداللطيف حسن علي)
|
Internal attacks Internal attackers are the most common sources of cracking attacks because attackers have direct access to an organization's systems. The first scenario looks at a situation in which a disgruntled employee is the attacker. The attacker, a veteran systems administrator, has a problem with her job and takes it out on the systems she is trusted to administer, manage, and protect. Example: The disgruntled employee Jane Smith, a veteran system administrator with impeccable technical credentials, has been hired by your company to run the backup tapes during the late evenings. Your company, an ISP, has a very large data center with roughly 4000+ systems all monitored by a Network Operations Center. Jane works with two other technicians to monitor the overnight backups and rotate the tapes before the morning shift comes in. They all work independently of each other: one technician works on the UNIX Servers, one technician covers the Novell Servers, and Jane has been hired to work on the Windows 2000 Servers. Jane has been working on the job for six months now and is a rising star. She comes in early, stays late and has asked to transfer to another department within the company. One problem: there are no open positions at the time. During the last month you (security analyst) have noticed a dramatic increase in the number of attempts at Cisco router and UNIX Server logins. You have CiscoSecure ACS implemented so you can audit the attempts and you see that most of them occur at 3 a.m. Your suspicions are aroused, but as a security analyst, you can't go around pointing fingers without proof. A good security analyst starts by looking deeper into the situation. You note that the attacks are from someone of high caliber and occur during Jane's shift, right after she is done with her tape rotation assignment and usually has an extra hour to study or read before the day operations team comes in. So you decide to have Jane supervised at night by the night operations manager. After three weeks of heavy supervision, you notice that the attacks have stopped. You were right. Jane was attempting to log into the Cisco routers and UNIX servers. A good security analyst also needs to employ a good auditing tool, such as Tacacs+, to log attacks. Tacacs+ is a protocol used by applications such as CiscoSecure ACS that will force Authorization, Accountability, and Authentication (AAA for short). If you have Authorization, then the person requesting access needs to be authorized to access the system. If you have Authentication, then the user accessing a resource needs to be authenticated with rights and permissions to have access. What happens when you are authorized and also authenticated? You must be held Accountable. Accounting logs alone solve many password cracking problems by forcing an attacker to be held accountable, authenticated and authorized
|
|
|
|
|
|
|
العنوان |
الكاتب |
Date |
كيـف يتـم التهكيـر خطـوات عمليـة | عبدالوهاب علي الحاج | 10-17-08, 11:23 AM |
Re: كيـف يتـم التهكيـر خطـوات عمليـة | عبدالوهاب علي الحاج | 10-17-08, 11:26 AM |
Re: كيـف يتـم التهكيـر خطـوات عمليـة | عبداللطيف حسن علي | 10-17-08, 11:51 AM |
Re: كيـف يتـم التهكيـر خطـوات عمليـة | Sobajo | 10-17-08, 12:20 PM |
Re: كيـف يتـم التهكيـر خطـوات عمليـة | عبدالوهاب علي الحاج | 10-17-08, 03:08 PM |
Re: كيـف يتـم التهكيـر خطـوات عمليـة | عبدالوهاب علي الحاج | 10-17-08, 12:22 PM |
Re: كيـف يتـم التهكيـر خطـوات عمليـة | عبداللطيف حسن علي | 10-17-08, 02:52 PM |
Re: كيـف يتـم التهكيـر خطـوات عمليـة | عبداللطيف حسن علي | 10-17-08, 02:57 PM |
Re: كيـف يتـم التهكيـر خطـوات عمليـة | عبداللطيف حسن علي | 10-17-08, 03:00 PM |
Re: كيـف يتـم التهكيـر خطـوات عمليـة | عبداللطيف حسن علي | 10-17-08, 03:05 PM |
Re: كيـف يتـم التهكيـر خطـوات عمليـة | عبداللطيف حسن علي | 10-17-08, 03:08 PM |
Re: كيـف يتـم التهكيـر خطـوات عمليـة | عبداللطيف حسن علي | 10-17-08, 03:11 PM |
Re: كيـف يتـم التهكيـر خطـوات عمليـة | عبداللطيف حسن علي | 10-17-08, 03:20 PM |
Re: كيـف يتـم التهكيـر خطـوات عمليـة | عبداللطيف حسن علي | 10-17-08, 03:27 PM |
Re: كيـف يتـم التهكيـر خطـوات عمليـة | عبداللطيف حسن علي | 10-17-08, 03:34 PM |
Re: كيـف يتـم التهكيـر خطـوات عمليـة | عبداللطيف حسن علي | 10-17-08, 03:38 PM |
Re: كيـف يتـم التهكيـر خطـوات عمليـة | عبداللطيف حسن علي | 10-17-08, 03:41 PM |
Re: كيـف يتـم التهكيـر خطـوات عمليـة | عبداللطيف حسن علي | 10-17-08, 03:44 PM |
Re: كيـف يتـم التهكيـر خطـوات عمليـة | عبداللطيف حسن علي | 10-17-08, 03:47 PM |
Re: كيـف يتـم التهكيـر خطـوات عمليـة | عبداللطيف حسن علي | 10-17-08, 03:50 PM |
Re: كيـف يتـم التهكيـر خطـوات عمليـة | عبداللطيف حسن علي | 10-17-08, 03:58 PM |
Re: كيـف يتـم التهكيـر خطـوات عمليـة | عبداللطيف حسن علي | 10-17-08, 04:02 PM |
|
|
|