Page 136 - DCAP516_COMPUTER_SECURITY
P. 136
Computer Security
Notes data. When a person say ‘A’ sends a file to ‘B’ the data in the file gets converted into hex and
gets broken into a lot of packets. Finally, the headers are attached to all packets and the
data is ready for transmission. During transmission, the packets travel through a number
of layers [Open Systems Interconnection (OSI) Model]. Amongst these layers, the network
layer is responsible for preparing the packet for transmission. This is the level where most
hackers attack knowing that the packets are usually not secured and are prone to spoofing
and sniffing attacks. Now, when a hacker wants to intercept the transmission between ‘A’
and ‘B’, he will intercept the data packets and then translate them back from hex to the
actual data. For this, he uses packet sniffing technology and intercepts all or some of the
packets leaving the victim (sender) computer unaffected. The same technology can also be
used at the point of intended recipient of the message. To use the sniffing technology the
adversary only needs to know the IP address, e.g. (202.13.174.171) of either of the parties
involved in the communication. With this, a hacker does not steal data packets; it only
screens them, copies the hex and then reformulates the hex into the original data. That is
the reason the detection of this is next to impossible. Most firewalls that solely provide
application level security are unable to discover the presence of any sniffers on the external
wall of the network. The sniffer attaches itself to the network devices like the modem or
the Network Interface Card (NIC) that is used by the victim computer to send and receive
data.
4. Tempest Attack: The word ‘Tempest’ is usually understood to stand for “Transient
Electromagnetic Pulse Emanation Standard”. Tempest is the ability to monitor electro-
magnetic emissions from computers in order to reconstruct the data. This allows remote
monitoring of network cables or remotely viewing monitors.
An appropriately equipped car parked near the target premises and can remotely pick up
all the keystrokes and messages displayed on the computer video screen. This comprises
all the passwords, messages, and so on. This attack can be neutralized by properly shielding
computer equipment and network cabling so that they do not emit these signals.
There are some fonts that remove the high-frequency information, and thus severely
reduce the ability to remotely view text on the screen. PGP also provides this option of
using tempest resistant fonts.
5. Password Cracking: Password cracking means decrypting a password or bypassing a
protection scheme breaking a password. A password is a type of authentication key. It is
a secret word or phrase that a user must know in order to gain access to a system. To crack
a password means to decrypt a password, or to bypass a protection scheme.
All systems cache passwords in memory during a login session. Therefore, if a hacker can
gain access to all memory on the system, he/she can likely search the memory for
passwords. When the UNIX operating system was first developed, passwords were stored
in the file “/etc./passwd”. This file was readable by everyone, but the passwords were
encrypted so that a user could not figure out the password. The passwords were encrypted
in such a manner that a person could test a password to see if it was valid, but could not
decrypt the entry. However, a program called “crack” was developed that would simply
test all the words in the dictionary against the passwords in “/etc./passwd”. This used to
search all user accounts whose passwords where chosen from the dictionary. Typical
dictionaries also included people’s names since a common practice is to choose a spouse or
child’s name. The ‘crack’ program is also a useful tool for system administrators. By
running the program on their own systems, they can quickly find users who have chosen
weak passwords. In other words, it is a policy enforcement tool.
Password crackers are utilities that try to ‘guess’ passwords. One way, also known as a
dictionary attack involves trying out all the words contained in a predefined dictionary of
130 LOVELY PROFESSIONAL UNIVERSITY
