ATM (Automatic Teller Machine) which is considered to be very practical and secured, now no longer play a role as we had hoped. ATM is very stout benefits for life
our everyday from start shopping, pay bills, transfer money tool, even as a tool in trade transactions. Not only that, another advantage of ATM is that we do not need to bring money in cash when we travel because it is very risky to crime. When we shopped contonya when we will pay some goods we buy in the supermarket we just handed in an instant ATM and payment process was completed, do not need hard to count the money in advance.
Indeed, everything is not going as what we expect, because nothing is perfect. ATMs are now beginning to be attacked by the "hacker HACKER or Cracker" that basically people - educated people. However, not all the "hacker" is evil, as in In the martial world, we know black magic and white magic. Black magic synonymous with deviant actions, while white science tend to lead to an appreciable act, as well as the "hacker or cracker".
The above analogy seems to fit when given to "intruders" cyberspace. Hacker or Cracker, initially identified with those who love to steal the data "secretly" or even change the source code of the program / specific applications with the purpose of obtaining personal benefit and harm others. But that was then. Now a lot of really, hackers who actually uses his skills in order to crush cyber criminals.
Steps normally taken by the "hacker or cracker"
The simplest way to see the weakness of the system is to seek information from a variety of vendors such as in
http://www.sans.org/newlook/publications/roadmap.htm#3b about the weakness of the system that they made themselves. In addition, monitoring the various mailing lists on the Internet relating to network security as listed
http://www.sans.org/newlook/publications/roadmap.htm#3e.
Described by Front-line Information Security Team, "Techniques Adopted By 'System Crackers' When Attempting To Break Into Corporate or Sensitive Private Networks," fist@ns2.co.uk http://www.ns2.co.uk. A Cracker generally men aged 16-25 years. Based on the statistics of Internet users in Indonesia, then in fact the majority of Internet users in Indonesia are young children at this age also. Indeed, this age is the age which is ideal to gain new knowledge including science Internet, very unfortunate if we do not succeed menginternetkan to 25000 Indonesian schools s / d in 2002 - since the foundation of the future of Indonesia is in the hands of young people we are.
Well, the young are generally cracker cracking do to improve / use of resources in the network for its own sake. Generally, the cracker is opportunistic. See weaknesses in the system to carry out the program the scanner. After gaining root access, a cracker will install the back door (backdoor) and close all existing general weakness.
As we know, most companies / dotcommers will use the Internet to (1) web hosting of their servers, (2) communication of e-mail and (3) providing access to web / internet to its employees. Separation of Internet and Intranet networks generally done using techniques / software firewall and proxy server. Seeing the conditions of use of the above, the weaknesses in the system generally can penetrate through the mail server for example with external / outside that is used to facilitate access to the mail out of the company. In addition, by using agressive-SNMP scanners and programs that force the SNMP community string can change a router into a bridge (bridge) which can then be used for a stepping stone for entry into the company's internal network (Intranet).
So that crackers are protected during the attack, the technique cloacking (impersonation) is done by jumping from the previous machine has been compromised (overrun) via telnet or rsh program. At intermediate engine that uses Windows attack can be carried out with the jump from Wingate program. In addition, the jump can be performed via a proxy device configuration is less good.
After a successful jump and into other systems, cracker usually perform probing the network and gather the required information. This is done in several ways, for example, (1) using the nslookup to run the command 'ls', (2) view HTML files on your web server to identify the other machine, (3) to see various documents on the FTP server, (4) connect to mail server and use the command 'expn', and (5) to a user finger on machines other external.
The next step, the cracker will identify the components of the network that is trusted by the system anything. The network component is usually the engine and server administrators who are usually considered the safest in the network. Start by checking the access and NFS exports to a variety of critical directories such as / usr / bin, / etc and / home. Exploitation of the weakness machine through the Common Gateway Interface (CGI), with access to the /etc/hosts.allow file.
Next cracker network components need to identify weak and can be conquered. Cracker can use the program in Linux like ADMhack, mscan, nmap and many other small scanner. Programs such as 'ps' and 'netstat' made trojan (remember the story of the Trojan horse? The classic story of ancient Greece) to hide the scanning process. For cracker advanced enough to use aggressive-SNMP scanning to scan equipment with SNMP.
After the successful cracker identify network components that are weak and can be conquered, then the cracker will be running the program to conquer the weak daemon program on the server. The program on the server daemon is a program that usually runs in the background (as a daemon / demon). The success of the conquest of this daemon program will allow a cracker to gain access as 'root' (the highest administrator in the server).
To eliminate the traces, a cracker usually perform the cleaning operation 'clean-up' operation by clearing various log files. And add the program to enter from the back door 'backdooring'. Changing the .rhosts files in / usr / bin for easy access to the machine that conquered through rsh and csh.
Furthermore, a cracker can use a machine that has been conquered for his own benefit, for example, took the sensitive information that should not be read; mengcracking another machine with a jump from machine conquered; install a sniffer to see / record the various traffic / communication through; can even turn off the system / network by running the command 'rm-rf / &'. The latter will be very fatal consequences because the system will be destroyed at all, especially if all the software on the put on the hard drive. Process re-install the entire system had to be done, would be a headache if it is done on machines that run mission critical.
SAFETY TIPS that deserves to be tested.
1. Prior to the transaction suggested VIA ATM transactions do not directly do but try to look around, do not do the transaction at the ATM penariakan felt odd in terms of place or whatever it is.
2. After making transactions via ATM you do not immediately leave the ATM machine, but try to do one more transaction but enter different PIN number with your pin, it is intended that the scanner is in use by hackers or crackers ATM fooled.
It would be nice if we are vigilant, and there is no harm in us doing the above tips for the sake of prevention of things - things that are not desirable.
No comments:
Post a Comment