Think of a computer system or network as a house. The IP address is the location of the house. The windows and doors are ports. The locking mechanisms and security system are passwords and anti-virus.

Footprinting

Meet Joe, your everyday hacker. He has decided that today, your “house” is the target. He may only have your name or number, but after a few minutes of searching on Google and some other tools, he has your address (IP), phone number, even what job you have. This is called open source “footprinting”. A quick query on Google maps, and he is on his way.

Scanning and Enumeration

Joe arrives at your house to “case the joint”. He is looking at the doors and windows (ports), seeing which ones are open and easy to access. He counts the window and the door. He investigates the door to see whether it is wood, metal or cast iron. It is a cast iron door. “Smart man,” he thinks to himself, but  he notices you use a combination code for your door. So, he dresses up as the mailman (Trojan Horse) and waits by your door, waiting for you to leave. As you leave you see him dropping off mail. Nothing out of the ordinary (or so you think). He glances down at your keypad as you type in your code, and he has you.

Initial Access

He could go through one of the windows, but since the door is the easiest he will take that route. He simply walks up to your door and enters the code. Once he is in, he triggers the alarm system (Anti-Virus or Intrusion Detection system). BLAST!

Privilege Escalation

Joe scrambles inside your house, looking for the passcode to your alarm system. He digs through files and folders frantically throwing around your papers. Time is running out! With ten seconds to go before the alarm goes off, his chances are looking gloomy. 5… 4…He finds it! 3… 2… 1… enters the code…Alarm deactivated. Now this stranger in your house might as well be you; he eats your food, watches some T.V. and does practically whatever he wants.

Covering Tracks

Once he is done he has to clean up the place so you are none the wiser to your unwanted guest. He cleans, leaving no trace as you will be home soon. As he is cleaning he finds a huge safe (encrypted file). Now Joe is curious, but he doesn’t have time. Whatever is he going to do?

Backdoor

Joe wants to come back; he enjoyed your house so much and now has something to look forward to for next time. So, he cuts a hole into your wall where your couch is. “Easy access,” he thinks. He now “pwns” your house. He will be back.

This is the methodology that hackers use to get your information and exploit your network. I hope this little story helps you understand their thought process and how you could be leaking vital information for the exploitation/attack.

Some terms and methodology used in this article were taken from Hacking Exposed 6; Stuart McClure, Joel Scambray and George Kurtz; Mc Graw Hill Publishing, 2009.

Spanair 5022 (from Wikipedia)

It has been over 2 years since Spanair Flight 5022 crashed, killing 154 people. MSNBC recently released this article, which mentions that undetected malware could be to blame. As the world becomes more technology dependent, we need to take more steps to ensure safety. It is simply not responsible to allow systems to be interconnected without putting appropriate safeguards in place.

This incident is emerging proof that we live in a world where security sensors and checks on computer systems could mean the difference between life and death. Even in a perfect world (without malware and threats) we would still need to worry about human error and software malfunction.

Can we stop all malware? No. But we can take steps to minimize the impact of malware and reduce risk wherever possible. Monitors and machines that support life or even affect life are obviously those with the highest risk and should operate under the most stringent integrity checks.

In this particular case, the medium with the malevolent payload was a USB thumb-drive. This form of removable media could have been infected with malware, thus infecting the entire system. This leads us to ask: What are the security policies in place at this airline? What are the security policies at any establishment where lives are at risk?

This is a great time to reflect back on the nature of your own organization and think about the systems that you are running. Does your computer network handle systems that could harm others? Does it hold private or confidential data about your company or more importantly, your customers? If so, it might be wise to consider the risks associated with introducing foreign media onto the network.

Secure Certificates Explained

Let’s look at this in a real-world scenario. Say you’re looking to buy a book on web design, and as such, you go to the king of online book retailers, Amazon.com. You select your book, add it to your cart, and click “check out”. You’re about to be taken to the part of the website that asks for your private information such as name, address and credit card number.

Once you arrive at this point, you’ll notice that some interesting things have happened in your browser. First, your address bar will show “https://…” instead of the normal “http://…”. The extra “s” denotes that we’re using the secure HTTP, or SSL protocol. You’ll also notice that somewhere in your browser, an icon of a padlock appears. This also signifies that you’re on a secure website. With most browsers, clicking the padlock will bring up the secure certificate details of that site.

So, what happened here? When you moved to the checkout portion of Amazon’s site, You connected to its secure website. In doing this, your web browser opened an encrypted connection to Amazon’s server, a process that prevents a malicious user from eavesdropping on the information you’re sending to Amazon, such as your credit card details. Once you’re connected, Amazon sends your browser its secure certificate, which is an electronic document proving its identity. Your computer verifies this document with a “trusted third party”, typically the company that Amazon bought their certificate from. Basically, this company is vouching for Amazon. Your browser is happy, and you proceed with buying your book.

Do I Need a Secure Certificate?

The quick answer is, it depends. If your website is purely informational and nobody is submitting data on it, you probably don’t need one. If visitors are submitting personal information to you, or if you’re running an online store, chances are that you need a secure certificate. Think about it this way: instead of typing in data on a website, someone is shouting the information to you on the streets of New York City, where hundreds may be listening. If you’re worried about others hearing that information, you need a secure certificate.

How Do I Purchase a Secure Certificate?

Many companies sell these services. We recommend VeriSign and GoDaddy. Both are extremely popular. Although GoDaddy’s certificates are priced significantly lower than VeriSign, there is barely any quality difference.

If you have any questions, or if you’re still not sure whether or not you need a secure certificate for your website, feel free to contact us. We’d be happy to help.