When writing previous blogs about hacking, I’ve gotten feedback along the lines of “Am I Secure? What can I do?” And I can sense a common theme. Knowing the attacks people are capable of is only half of the battle but knowing what you can do to stop it is the rest. Let’s face it I’m not your personal IT guy but I can give some tips on what the best things to do are, and I’m going to have to assume a few things. You are running a small business, and you want to make sure you and your files are safe from local attackers, it’s a pretty reasonable goal but surprisingly hard to achieve. To make sure my goals are accurate I tested an actual small businesses network (with permission of course) to gather what is possible for an attacker when attempting to access personal data. Buckle your seat belt because we’re in for a mild ride and you never know what could happen.
There are a few methods of attack for a small network which include Denial of service attacks (Dos), Man in the middle attacks (MITM) and Sniffing attacks; we may also brush over a few others that may be useful to be aware of. If you want to know about how I conducted the experiment, what software and what the network was like or possibly just a more detailed description of threats I’ll link my Report, otherwise let’s get stuck in shall we.
Denial of service
Often when you watch the news after a hacker has carried out an attack on a school or a comparable network, it’s typically one of these attacks because they are relatively easy to conduct and don’t require massive volumes of knowledge to understand. Fundamentally Denial of service is just that, It stops users from accessing the network. There are two ways you can carry out one of these attacks, either remotely or locally and they typically occur by overloading the system in one way or another. Because my experiment was conducted from a local perspective, I’ll have to focus on the latter (I may touch on remotely some other time).
Typically denial of service locally is more common on older routers as more vulnerabilities are known and old routers are easier to overwhelm, so my standard advice to people is to update, but always be aware of the things that can make you vulnerable.
You may have heard of something called Ping, it’s a service on a network that allows network administrators to test if a computer is connected and works by computer A sending some information to computer B, then computer B sending information back to confirm. All very useful for admins when setting up a network as you can imagine, so they know what has been successfully connected to the network. Character generation fills a similar requirement on systems and is often left open like ping.
To protect yourself against these attacks you first need to work out whether the two ports, port 7 (ping) and port 19 (chargen) are open. You can do this with the same free software I used called Nmap on any computer connected to the network by doing a quick scan. Once you’ve worked out if you are vulnerable the best thing to do would be to shut those ports down if you no longer need them. There are a few other ways you can be targetted locally for example with amplification where an attacker may dramatically increase traffic by sending one packet at a service, but assuming the attacker isn’t a high skill you can be relatively secure from these attacks. This can vary from router to router so I’d consult my manufacturer guide if I were you by googling the name of the router.
Mostly you need to keep on top of updates so bugs can be patched as soon as possible.
Man in the middle
MITM is probably what most network security engineers will worry about, even though all parts of securing a network are important to consider when protecting a system.
The best way to visualise an MITM attack would be those tin can and string phones children used to play with before smartphones. You and I are having a conversation, and then out of the blue, an intruder decides he wants to listen in. He attaches his piece of string to the middle of the main line and magically he can hear every word and can even communicate on behalf of either of us. How rude!
There is often minimal amounts you can do against a local MITM attack, but you can always attempt to segregate guests from the central part of your network to reduce the likelihood of them being able to intrude. Part of what MITM often exploits is unencrypted traffic so attempting to stay on HTTPS (secure web protocol), SSH (secure shell) and other secure protocols will help slow down attackers. Mitmproxy, an application designed to get around HTTPS will often need to forge a request to get access to your traffic so don’t click on any security notices you don’t trust.
As funny as this sounds it is an integral part of gaining knowledge about what is possible when attacking a network. Simple Network Management Protocol is a standard method of getting critical information as it’s typically insecure and always left open. SNMP (Simple Network Management Protocol) Databases contain plenty of information that has been kept about devices on the network. For example, changing the default database name will help.
Sniffing can often be very similar to MITM as an attacker can take an approach of listening to all of the traffic on a network rather than just the traffic between two devices, An attacker will listen out for insecure protocols like TFTP (Trivial File Transfer Protocol), FTP (File Transfer Protocol) and TELNET to get access to network data. So if you have any of those ports open, close them and use alternatives SFTP (Secure File Transfer Protocol) and SSH (Secure Shell).
I know most of this can be summarised with “Update, close these ports” but it’s often the little details that hackers are looking for to get access to a network and on their own these little tips will not make your network secure so If you want to get a lot more depth, then my Report will help you, but for now stay safe.