What Are Your Achievements?

Hi All,

I was just wondering if any/all would be willing to share their achievements in your areas of expertise that you have gained over a period of time?

The skillsets, experiments that you did to break into your OWN networks.

As for me, I am someone with an open and
curious mind < potentially DEADLY > that just got started in computers.

Express Yourself. A Fearful Mind Achieves NOTHING.

A very interesting post and one which I will be surely following

Fallenzero .. judging from the avatar and question .. you must either be a Jedi knight or one of Sahir's secret students, in which case I'd ask if you also happen to have a red bulb in your room

Personally, I must admit that I have made attempts to break into various parts of my current job's network and unfortunately I have been successful.

Even today and after 8 years of experience, I still find it hard to teach people safe practices and simple security measures they can take to make 'the network' a better and safer place!

Attempting to break into your own network is as essential as trying to recover data from one of your backups to ensure your backups are indeed reliable! If you never try it - you'll never know OR will discover it one day - the hard way, but by then it will be too late.

Cheers,

A very interesting post and one which I will be surely following

Fallenzero .. judging from the avatar and question .. you must either be a Jedi knight or one of Sahir's secret students, in which case I'd ask if you also happen to have a red bulb in your room

Neither a Jedi Knight Nor Sahir's secret student.

Personally, I must admit that I have made attempts to break into various parts of my current job's network and unfortunately I have been successful.

From the above I ASS-ume you are a network/system admin, and please correct me if I am wrong as I don't want to run my mouth off. If possible, would you give us the cracks you found in your networks that lead you to break into and what measures you took, so they don't happen again?

Even today and after 8 years of experience, I still find it hard to teach people safe practices and simple security measures they can take to make 'the network' a better and safer place!

As they say, you can always find patches, but there is no substitute for human stupidy.

Attempting to break into your own network is as essential as trying to recover data from one of your backups to ensure your backups are indeed reliable! If you never try it - you'll never know OR will discover it one day - the hard way, but by then it will be too late.

why would you say, that recovery is difficult? I don't know that's why? Also, after you take the backups, is there some kind of process that one takes to make sure the original and backups are the same, so data restore wouldn't be an issue?
Cheers,

A wise answer indeed ....... 'he must be a Jedi....'

The actual parallel between todays freelance hackers and any warrior class is actually linked much stronger to the Japanese Samurai than the Jedi Knight. This is actually documented [1]. The actual sociological makeup of the hacker underground is surprisingly structured. Even relatively unskilled groups maintain almost feudal hierarchies. Anyway I digress.

As far as the popular notion of breaking into your own networks -- penetration testing, (or ethical hacking as the marketting guys call it). it is something that I do professionally and I have a slightly different insight into it.

Firstly, there is no such thing as ethical hacking -- hacking in its present definition is illegal computer activity (my respect to the old coders from MIT, but the fairer use of the term has long since died).

Anyway, the skills required for penetration test are a very strong practical knowledge of systems and networks. This is not stuff that you can go to a class for (as much as the millions of people running ethical hacking courses will tell you). I will step so far as to say that the only way you can learn is by actually exploiting systems. Having a large network to play with is definitely a plus point.

Broadly we can look at the skillsets:

1. Networking knowledge -- Down to the bit level, you should be able to read bytes off the wire, understand the common protocols inside out, and understand traffic flows at the higher levels as well.

2. Operating System internals -- It is essential to know the innards of one operating system at least. I am not talking about knowing how to administer the system, but understand what happens behind the scenes. Many gifted pen-testers I know are very bad admins. From experience, a leaning towards UNIX style systems is preferred because of the flexibility they offer.

3. Programming skills -- Once again, at the micro level. We are talking about learning Assembler and C, rather than Dot Net and Java, though every programming language is a plus. I personally recommend the following:

C - Core Language
ASM - Necessary understanding at least
PERL - Scripting
Bash scripting - See above

4. Weapons and tactics -- Obviously the tools. Hackers will steer away from commercial vulnerability scanners and lean more to smaller tools that do a specialised task. Of course you have to love nmap its a golden rule.

5. Passion and willingness to learn -- This is not a skillset, but a requirement. If you do not enjoy this, you will never succeed at it. Furthermore you need to have the psychological bent of mind. It extends much further than running a few tools and interpreting their results. As it is said 'Root is a state of mind'. Exploitation is a mind-numbingly tedious and psychological task. The ultimate time spent with a tool / at the keyboard may be minimal.


As far as a methodology is concerned, read our article on 'An Introduction To Network Security' [2].

As far as achievements are concerned, I do not understand what you mean.

With regard to experiments, we are all always experimenting. I don't think a day goes by when Chris and I don't discuss some new technology or the other that we are (trying to) implement.

If all you were looking for were some quick tips and not a philosophical reply, here are some real world tips:

1. Choose strong passwords
2. Firewalls and IDS' do not replace a smart admin
3. Patch patch patch
4. Simple is better
5. Users will always open dancing bear attachments


I hope that covered it, open to further discussion.

Cheers,

[1] encyclopedia.thefreedictionary.com/Samurai%20(hacking)
[2] www.firewall.cx/articles-network-security-intro-1.php

As far as the backup point goes (I missed that).
The reason its so hard is that compromises usually cascade, when one system falls, others fall with it -- due to password reuse, trust relationships, keyloggers, sniffers etc etc.

Once an attacker has privilege on the network, it is very.. yes *VERY VERY VERY VERY VERY* difficult to get him out. There are so many creative and undectable ways to backdoor systems, that an admin can never expect to find them..

Here's a simple case in point, I one modified the code to icmpquery to include a hidden -z command line argument, then I recompiled and replaced the binary. If you invoked icmpquery -z, you were dropped to a root shell. This is an example, do some research on kernel level rootkits for some serious scare factor. When the kernel lies to you, your userland tools are useless.. netstat, ps, ls... they are all worthless.

So you rebuild one server from scratch... but how do you know that the attacker didnt compromise 50 other systems on the network ? Which ones do you rebuild ? Its a very difficult question to answer.

We have these little war-games at work where one guy defends a box and the other guys break in.. its crazy the way some people backdoor a system. One guy used iptables to deny us any access, unfortunately another guy had installed a kernel level hook to netfilter that bypassed iptables.. its an endless cold war hehehe

Cheers,