Security Tips: Intrusion Protection
Intrusions are unauthorized attempts to enter a network. These attempts may take several different forms, but the goal is the same: to gain an entryway into a network so the attacker can either destroy or steal data, gain control of network equipment or gather information about the network for later use.
The old adage "A chain is only as strong as its weakest link" is certainly true of network security. Users may consider their machine to be a very unlikely target of attack, because they think they don't have any important information on it or they think their data is not worth stealing. The attacker, on the other hand, sees the user's machine as the portal through which the really important machines can be attacked. The user's machine may be of no interest at all, but your account grants the attacker access that allows further attacks against the rest of the network.
In the early days of networking, intrusion attempts usually took the form of a direct attack against a single machine. The intruder attempted to break into a machine by either guessing or cracking passwords or using a known weakness in the operating system to introduce tools that could be used to compromise the system. Attackers often used "social engineering" to gain information that could help them break in to a network. (A definition of social engineering is provided below.)
Modern intrusion attempts are much more varied. While the old-fashioned methods are still used, attackers now will frequently use trojans attached to innocuous looking files to introduce tools for later exploitation. Trojans can be introduced in a number of ways. They can be posted to newsgroups or IRC channels where users will download them, sent through email as attachments or simply placed on a website for the unwary to acquire. They can also piggyback on viruses or worms, fooling the victim into thinking that once the original infection is cleaned up they are safe again. They can even be installed on the victim's machine without their knowledge when they visit a web site. Using weaknesses in the security of the victim's web browser, the JAVA virtual machine, the powerful scripting languages so prevalent today, the OS itself or a combination of methods, the attacker can bypass the existing security controls and drop a trojan into a directory on the victim's hard drive.
To protect yourself against intrusions:
- NEVER run email attachments unless you know exactly what they are and you are certain they are safe.
- ALWAYS protect your passwords and your account information. (See the Password Security page for proper procedures.)
- NEVER give anyone account information for ANY reason. UT Dallas professionals should NEVER ask you for account information. If they do, you should report them to their supervisors immediately.
- Be careful what you throw away. It may be the one piece of information an attacker needs to get in to the network. Use a shredder for anything that might reveal account information.
Social Engineering: The use of techniques that will fool a user into divulging important information or the theft of useful information by going through the trash. Some examples are: calling a user posing as a network engineer and asking for their password so they can "check the account"; digging through the trash and finding a password written on a piece of paper; using email to pose as a service provider and asking for username and password before you can view a web site or get logged on (this is a VERY common method of stealing AOL accounts); calling a user posing as an authority figure and convincing them that their account has been compromised. Then stating that they "just need to verify your account information" and asking for the username and password.