Introducing Hacker Bob
Network architecture is discussed in detail in Appendix A. It is important for you to understand network architecture, since hackers understand it! Hacking into computers can include TCP port scanning, fake emails, trojans, and IP address spoofing. The essence of TCP port surfing is to pick out a target computer and explore it to see what ports are open and what a hacker can do with them. If you understand ports then you can understand what hackers can do to you and your systems. With this knowledge you can understand how to effectively keep your computers and networks secure.
Next is our introduction to Hacker Bob.
The above figure shows how Hacker Bob uses his evil hacker tools (and experience) to monitor your network.
Remember those packets and TCP ports? Hacker Bob can monitor the Internet and copy packets into his evil network. Once he has the copied packets, then he can analyze them and extract your sensitive data as explained below:
Trapping Your Data
Once Hacker Bob has your data then he can use a simple tool to review and analyze it. The following example shows how Hacker Bob could analyze your IP packet:
1. The user launched a browser and entered the following site:
http://www.HR_Data_the_company.xyz.2. Hacker Bob was monitoring the Internet with a network packet capture utility.
3. Bob was able to use a filter to view just port
80packets (HTTPonly).4. Bob then viewed the IP packet payload.
In this example below, the data section is 1460 bytes. This payload is transferred in ASCII text using HTML. As a result, it is easy for Hacker Bob to read the data:
</font><b><font color="#424282">@This data is a Secret</font>
Now in the hacker's words "That data is mine."
Basic HTTP Authentication
To make things worse, at some point, during your normal Internet browsing activities, you have likely received one of these types of pop-up windows from your browser:
Typically the username is some name that an administrator (or software utility) has assigned to you or you have assigned yourself. The Web is full of places that require a username. The username is a mechanism that identifies who you are in relation to the program or data you are trying to access. The password is the key that proves that you have the authority to use that username. This is a simple and effective mechanism to access controlled data. In Basic HTTP Authentication, the password passed over the network is neither encrypted nor plain text, but is 'uuencoded'. Anyone watching packet traffic on the network will see the password encoded in a simple format that is easily decoded by anyone who happens to catch the right network packet. Therefore, our friend Hacker Bob could just extract the right packet and he has your username and password. All Hacker Bob had to do was to read RFC2617 (http://www.ietf.org/rfc/rfc2617.txt) for all the information he needed.
Keeping Hacker Bob Out of Your Data
Here is the scenario: you are the network manager of a large worldwide enterprise company. You know that you must provide secure access from about 50 sites from around the world to your corporate networking at your headquarters in Dallas. In addition, each site will have a local network with about 10-12 computers each. Making your task a bit harder, the CIO of your company has mandated that you must save money and, at the same time, quickly get the network service up and running. How can you do this? One answer to this problem would be to set up direct connect circuits to each site, also known as a private network. However, this can be a really expensive solution. So, the solution to this quagmire is obvious—you can create a Virtual Private Network (VPN) .
