As long as it is a program, there will be bugs! Anti-blocking hacker attack methods

There are also many crises in the online world, including convenience and permeability. hacker attacks are currently the most worrying situation. Therefore, understanding the types and features of hackers is even more important. Generally, hackers can be divided into four categories:

I. amateur players: most of them are people interested in network technology. These people are actually not malicious. They only think that "intrusion" is a way to prove their technical capabilities, even if it causes any damage, it is still unintentional. System Administrators can prevent such damages.

Ii. Professional intruders: Take "intrusion" as a business, carefully and systematically organize all possible system vulnerabilities, and be familiar with various information security detection and defense tools. This may require an experienced full-time system administrator to be able to cope with such intrusions.

3. computer experts playing with tickets: they may be talented students or skilled computer engineers who are familiar with the operations of networks and operating systems, they may not be interested in information security or network intrusion, but the entire system will become vulnerable if the system administrator is slightly negligent.

4. Hacker-level cracker: persons with the ability to design and develop operating systems or system security tools. In the face of people with technical skills, the system administrator may have to say, "Fortunately, there are not many such people !」.

After knowing who will try to access the company's information assets, we need to know more about how intrusion is implemented? Select a target and try to obtain permissions. It is difficult to directly obtain the permissions of the system administrator, but it is usually easier for general users. If you have the permissions of a general user, you may have the opportunity to log on to the machine to check the internal environment of the system, and you may find the system's weaknesses.

After you have the opportunity to log on to the system, the next goal is to obtain higher permissions. As long as it is a program, there must be a vulnerability. If the program for changing the password has an error, the general user can change others' passwords! After intruders log on to the system, the next step is to find out if there are system vulnerabilities in the system? Use system vulnerabilities to gain higher permissions. Of course, the ultimate goal is to gain the Administrator's permissions.

The administrator privilege is obtained, indicating that the hacker has successfully intruded into the system and the whole system is in the hands of the hacker. However, the system administrator may be sitting in front of the terminal and may detect the whereabouts of the hacker at any time. Therefore, the primary task of intruders is to hide their whereabouts. Modify system record files, such as wtmp, utmp, and syslog in UNIX systems. After clearing related records, the system administrator uses commands such as last and who, it should be invisible to intruders. Unless netstat and other programs that monitor the network status are used, alert managers can discover unusual online connections.

All goes well. Intruders have become "invisible" administrators in the system. They can easily seek out whether there are more worthy targets. Where are NIS, NFS, and DNS servers? You can see the network setting file. In the eyes of the savvy intruders, we can even see the flaws in these configuration files, as they break into other hosts of the same domain.

Next, it will take so much effort for every intrusion. Isn't it hard? Of course, it is hard to install some trojan programs so that you can shake the door with the key to open the door during your next visit.

Finally, I have finished all the work, read all the materials, and leave another network listening program, which is often used in the field like sniffer and tcpdump. In this way, I will come back to see it regularly, you can find logon passwords for the same domain. Check out the traces that may be found on the system, so as not to alert the system administrator.

◎ How to prevent blocking?
Blocking intrusion events is especially difficult to prevent computer viruses. computer viruses are programs and dead things, while intruders are active and there is no fixed behavior pattern. In other words, theoretically, there is no automated system security tool to protect against all intrusion attacks. However, selecting appropriate intrusion detection, firewall, and other security systems and setting and using them correctly can improve the difficulty of intrusion and avoid most intrusion events.

On the other hand, formulating appropriate information security policies, such as regular backup, deletion of unnecessary network services, offline processing of important data, and other information security management rules, in addition to increasing the difficulty of intrusion, this reduces damage to intrusion events and reduces the time required for responses.

「 As long as it is a program, there is no bug !」, Building a secure system never stops choosing a secure operating system or network environment. Otherwise, a secure system will be discovered by intruders one day. In this war between system managers and intruders, the advantage of intruders is their understanding of networks and systems, while successful intruders have more extraordinary patience and can endure constant attempts and failures. Managers have a legitimate and complete system use right, so in fact they have absolute advantages. To face up to system security problems, being careful and perseverance is the best tool for system managers.