Information Security Best Practices: 205 Basic Rules

Section 2: Anatomy of an Attack

This section provides an example of how a hacker might discover information and gain access to a network [1]. An attack on your system can come from either inside or outside your organization. Protecting your systems only from external attack may be a fatal flaw in your security policy. Most attacks, however, do come from the outside by either experienced hackers or inexperienced, newly budding hackers and take place during the night when risk of detection is low. The tools that a hacker needs to try to break into your network and systems are available on the Internet. Describing this process should enlighten the reader to the clever methods that may be employed by a hacker to gain access to your systems and network. More detail can be found in [Meinel98] and [Abene97], listed in the bibliography at the end of the book.

  1. The hacker picks a target organization.

  2. The hacker attempts to discover the organization's internet connections by issuing whois queries to InterNIC (Internet Network Information Center) to find the organization's DNS (Domain Name Service) servers.

  3. A DNS zone transfer is requested from the organization's DNS servers. This is a probe into the organization that may not be blocked by the organization's firewall (if they have one at all).

  4. The hacker tries to discover the IP addresses of the filtering router, which is the organization's internet gateway, by probing the site with a program that will trace the route packets will travel. The organization's internal router...