Network security – how to prevent attacks & secure your server

Password cracking
Another common security attack is password cracking. To crack a password, you need to know the encrypted password file and the encryption algorithm used. There are two methods to crack the passwords: dictionary method and brute-force method. Each involves encrypting the password and comparing to see if there is a match. Some ways to avoid password cracking include changing passwords after a specified period (say 90 days), using complex passwords and setting a length for passwords.

URL rewriting
In URL rewriting, the attacker’s first trick is to rewrite URLs so that they point to the attacker’s server rather than to the real server. In this case, the attacker can fool the server and modify the responses coming from the real server before passing them back to the victim. Assuming the attacker’s server is on the machine www.attacker.org, the attacker rewrites a URL by adding http://www.attacker.org to the front of the URL. For example, http://home.netscape.com becomes http://www.attacker.org/http://home.netscape.com. The browser’s location line displays the URL of the page currently being shown. A JavaScript program can hide the real location line and replace it by a fake location line that looks right and is in the expected place. The fake location line can show the URL the victim expects to see.

Denial of service and DNS hijack
DNS (Domain Name Server) translates readable host names (such as www.myfirm.com) to machine-readable IP addresses (such as 200.192.56.32). The common attacks associated with DNS are denial of service (legitimate users are denied of services) and DNS hijack (redirection of services).
In a typical scenario, the user sends a message asking the server to authenticate it. The server returns the authentication approval to the user. The user acknowledges this approval and is allowed onto the server. In a denial of service attack, the user sends several Auth requests to the server. All these requests have false return addresses, so the server can’t find the user when it tries to send the Auth approval. The server waits, sometimes more that a minute, before closing the connection. When it does close the connection, the attacker sends a new batch of forged requests and the process begins again – tying up the service indefinitely.

Denial of service (DoS) attacks are probably the nastiest and the most difficult to address. The premise of a DoS attack is simple: send more requests to the machine than it can handle. Toolkits in the underground community make this simply a matter of running a program and telling it which host to blast with requests. The attacker’s program simply makes a connection on some service port, perhaps forging the packet’s header information that says where the packet came from, before dropping the connection. If the host is able to answer 20 requests per second, and the attacker is sending 50 per second, obviously the host will be unable to service all of the attacker’s requests. A suite of applications has come up in the market, known as ‘DoS Attack and Prevention System’. They provide a controllable platform for detecting the DoS attacks and blocking their malicious effects.

Preventive measure
Maintaining a high level of network security requires continuous efforts, consisting of the following…

• Establishing a security policy that defines the security goals of the enterprise.
• Implementing network security technologies in a comprehensive and layered approach so that the enterprise does not rely upon only one technology to solve all security issues.
• Auditing the network on a recurring basis to ensure that the security policy is being enforced appropriately and that no irregularities have developed as the network has evolved; and using the results of the audits to modify the security policy and the technology implementations as needed.
• Avoiding the systems with single point of failure – any system that can be broken by breaking through just one component is very weak and helps an attacker to get into the system with ease.

This article originally appeared in issue 81 of Linux User & Developer.
Back issues are available here.