Get your network hacked in 10 easy steps

Article

Get your network hacked in 10 easy steps

Worms are considered a major security problem today, but one expert says you may be overlooking a bigger problem -- the damage a single hacker can do inside your network.

    Requires Free Membership to View

    Login

    When you register, you’ll also receive targeted alerts from my team of editorial writers and independent industry experts with the latest news, tips, and advice to help you do your job more efficiently and effectively. Our goal is to keep you informed on the hottest topics and biggest challenges faced by IT professionals today working with desktop management and security technologies.

    Cathleen A. Gagne, Senior Editorial Director

    By submitting your registration information to SearchEnterpriseDesktop.com you agree to receive email communications from TechTarget and TechTarget partners. We encourage you to read our Privacy Policy which contains important disclosures about how we collect and use your registration and other information. If you reside outside of the United States, by submitting this registration information you consent to having your personal data transferred to and processed in the United States. Your use of SearchEnterpriseDesktop.com is governed by our Terms of Use. You may contact us at webmaster@TechTarget.com.

How to get your network hacked in 10 easy steps

1. Don't patch anything.
2. Run unhardened applications.
3. Log on everywhere as "domain administrator."
4. Open lots of holes in the firewall.
5. Allow unrestricted internal traffic.
6. Allow all outbound traffic.
7. Don't harden servers at all.
8. Use lame passwords.
9. Use high-level service. accounts in multiple places.
10. Assume everything is OK.

Source: Microsoft's Jesper Johansson

Jesper Johansson, a Microsoft security program manager, demonstrated how a hacker can easily invade and compromise a network. His standing-room-only session at the recent Microsoft Worldwide Partner Conference in Toronto focused on methods administrators can use to better secure Windows, but it drew attention to Microsoft vulnerability concerns as a whole.

"We're not perfect. We're not where we need to be," Microsoft CEO Steve Ballmer said at the conference about his company's security efforts. But he said the company is making progress based on feedback from partners and customers.

One partner attending the conference explained that his biggest Windows security concerns stem from backdoor vulnerabilities that don't appear until after a patch has been made.

"I'll often patch one vulnerability, and then a new one shows up," said Guy-Marie Joseph, president of ConnecTalk Inc., a Montreal-based IT services company. "Patches don't take into account the back door. Unless you've been hit by a hacker, you don't know what's vulnerable. If you haven't been hit, you eventually will and then you'll know."

Johansson's session addressed common administrator mistakes that open the door to hackers, including failure to harden Windows applications, allowing outbound FTP, weak passwords and login misuse -- logging onto something other than a domain server with a domain server login.

"What really worries me is somebody adding himself to my payroll. Do you know everyone on your payroll?" he asked, adding that many IT shops are unaware of a hacker's presence.

Johansson also described a scenario in which he injected a Trojan horse in a domain server during a vulnerability test at Microsoft. No one logged onto the domain servers, which he called a sign of a well-run network. However, no one noticed the file named "EvilTrojan.exe," so he finally had to inform IT managers of the Trojan's presence, something that obviously wouldn't happen in the real world.

"The moral of the story is initial entry is everything," Johansson said. "Most networks are designed like eggs shells. They're hard and crunchy on the outside, soft and chewy on the inside."

Once a hacker is in your network, you have three options, according to Johansson. You can update your resume, hope the hacker does a good job running the network or drain the network. The latter is really your only option, he said.