|
-
April 12th, 2004, 01:21 PM
#1
Junior Member
 project
doing a project for school, need as much info about hackers as possible just what they do, how to prevent them, and other helpful hints.
-
April 12th, 2004, 01:49 PM
#2
Have you used the Search feature? There's tonnes of this around. You also might want to check out The Cuckoo's Egg and @Large as both are excellent descriptions of what hackers "were". Today's hacker might be a new beastie.
Prevention depends on the OS. Certain OSes will have certain activities.
General "Prevention"
- 1. Be aware of security risks. Sign up on various lists and/or visit newsgroups. Sites like AO, Securityfocus.com and incidents.org are all good reference sites
2. Secure your box (physically and logically).
3. Be a bit paranoid. If it sounds too good to be true, likely it is too good to be true.
4. Ensure you have logging and/or auditing on and in place. And CHECK IT. Don't just log for the sake of filling hard drive space. Actually look at the things.
5. Add layers of security. A firewall and IDS can help but don't use them as a crutch. Ensure the system is locked down first.
6. Backup data regularly. (burning to CD isn't that costly and can work for even home environments). Good to have in worst case scenario (and this will happen when you least want it to)
7. Invest in an UPS. Even home users can benefit. The ability to have a method of safe shutdown even in a power failure can go a long way to saving hardware and data. Hard crashes that result in power outages (blackouts specifically) can result in corruption of data or worse.
8. Repeat regularly
General Windows Specific Precautions
- 1. Anti-Virus: goes without saying the MS is one of the most vulnerable to this. And a lot of that has to do with user willingness to double click. Ensure you have an active and up-to-date antivirus in place. Make sure there is a recovery disk. There are still some old fashioned boot sector viruses out there. Helps to have view extension enabled in windows.
2. Check permissions. Microsoft still maintains a view of "Everyone have access to everything" in default installs. Not everyone needs access to directories like the Repair directory. Search through AO. There are a few listings of methods of how to secure Windows boxes. The NSA has created a variety of security configuration guides. Also, visit [url="http://www.sans.org/rr/"SANS Reading Room[/url].
3. Have spyware detection mechanisms as well as trojan detection mechanisms. AV helps but doesn't cover everything.
4. Limit what the browser can do. Investigate ways the browser can be locked down.
5. Stop any services that won't be used. On an home front this should be all servers that serve out. Some services like the Messenger service may result in unwanted ads. This should be disabled as it's generally not needed.
6. Use an account other than Administrator as your default account. Use the Run As feature to do any administrative tasks
General *nix Precautions
- 1. *nix doesn't generally worry about viruses but keeping oneself aware is worthwhile. There may be a time when viruses are released for distro specific installations. There are a few out there. In the meantime, worms tend to be the bane of *nix. Generally, most worms are related to specific applications. Limit the installation of applications and what is needed versus "neato!"
2. Default installs of *nix can be just as bad or worse than windows. Many distrobutions are trying to make it easier for users to use and play with. It's preferable to do custom installations as this limits what is installed. Even still, double check to ensure that unnecessary services aren't started and/or are stopped/removed.
3. Create a regular account to log into the box and use either the su - or sudo options for managing other administrative tasks.
4. Boot into the text mode (runlevel 3) rather than GUI (runlevel 5) to ensure that you can troubleshoot problems without interference from the GUI or if the GUI is what you have to troubleshoot.
5. Lock down permissions (users do not need access to everything). The same references in the Windows section have similar *nix lockdown configuration guides.
6. Critical to stay abreast of all potential security issues as there is no central repository for updates like in the Windows environment.
These aren't definative but should give you an idea there is a lot to what you need to do. And this is just the technical side. There is also the human element.
Precautions for dealing with humans
- 1. Remind users that security is part of everyone's job and daily activity.
2. Discourage the use of sticky gardens to remember passwords. Show users how to create strong passwords and tricks on how to remember them (e.g., 2BR!=Tub? -> old example but "to be or not to be, that is the question").
3. Have training sessions for users how to maintain good local security. Remind them that if they see someone wandering around they don't know to report it to a manager and/or politely approach the person, asking what they are looking for.
4. Not all sales people really want to know your network environment. Be guarded as to how much information you give out. Information Leak is the #1, IMHO, hacker tool out there
5. Keep users up to date by notifying them of suspect viruses (especially those that mimic "helpful" major companies like Microsoft). Also, remind them that banks don't send out emails asking them to verify their PayPal, Visa or other accounts. And even if they did, they'd do a better job of spell checking.
6. Have a security policy, security procedures and other written mechanisms that explains in plain english the do's and don'ts of the company. Remember that it's the company's data that you're protecting.
Hopefully this will help and start you off. Perhaps you might want to consider narrowing your topic down a bit. 
-
April 12th, 2004, 09:36 PM
#3
Junior Member
wow, ive never even heard of .nix lol thanks
-
April 12th, 2004, 11:24 PM
#4
*nix is an abbreviation to represent Unix/Linux family of Operating systems.
-
April 12th, 2004, 11:34 PM
#5
I never really considered it an abbreviation because abbreviations are suppose to shorten the word into less letters but instead you have to reach all the way to the numbers and hold shift press the number eight meanwhile if you type Unix you only press the letter U 
WARNING: THIS SIGNATURE IS SHAREWARE PLEASE REGISTER THIS SIGNATURE BY SENDING ME MONEY TO SEE THE COMPLETE SIGNATURE!
-
April 13th, 2004, 12:19 AM
#6
Junior Member
I just wrote a term paper bout the same thing. Called it "The Hats of Hacking" (get it hats like white black gray lol) here are two reliable sources. TLC Show Stuff & PBS Frontline
The PBS one has some great interviews. The one with reid and count zero has great info.
The TLC one has your basic types of hackers in the Psyc101 section.
Let me know if you want my Works Cited page it has all the articles I used.
My preception IS reality.
Just because the majority think it\'s right doesn\'t make it right.
If you don\'t like it, Don\'t Settle For It.
-
April 13th, 2004, 03:33 AM
#7
Junior Member
im wondering if you could put some of it in terms my teacher could understand lol she would have no idea what .nix or anything i explained was. shes a drauma teacher keep that in mind 
-
April 13th, 2004, 03:37 AM
#8
Junior Member
and to answer your first question, i have XP, limits the issues a bit hehe i hate all of these windows update patches do you think i should get all of them..
-
April 18th, 2004, 03:00 AM
#9
Hmmm...well I would say to get the critical updates....lol pretty off topic though...
I would say to explain your terms just add a glossary...of course im sure your not writing a book though so lol
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote
