Chapter 12. Tools of the Trade

“The happy people are those who are producing something; the bored people are those who are consuming much and producing nothing.”

—William Ralph Inge

By the end of this chapter, you should know and be able to explain the following:

• The fundamental types of attacks that your network might experience

• How to conduct or contract a security assessment of your network’s security

• How to use the results from a security scan and vulnerability assessment to better secure your network

• How to conduct or contract a penetration test of your network’s security

Answering these key questions will enable you to understand the overall characteristics and importance of network security. By the time you finish this book, you should have a solid appreciation for network security, its issues, how it works, and why it is important.

The HaXor that stole Christmas...what a great way to start this tools-of-the-trade chapter.

Every holiday season all over the world, people experience an OOBE, otherwise known as an out-of-box experience. OOBE is an acronym that refers to the excitement and wonderment that many people enjoy when they open the box their new computer comes in. The smell of the new plastic, the tactile sensation of the new keyboard, the sound that a new computer makes when you boot it up for the first time—all the sights and sounds that come with getting your brand new, shiny SuperComp 2000 laptop with 4 gigabytes of super-duper speedy RAM, 500-gigabyte Serial ATA hard drive, otherwise known as a MacBook Pro—or so I have heard.

As you might imagine, this scene plays out in many households throughout the world every time the Christmas season rolls around. The previous year’s PC is relegated to being the de facto “family” computer—the one that never gets its hard drive defragged or patched and consequently takes three days to boot up.

This year’s personal computer is going to little Johnnie (or Joanne, to be politically correct) because he is a freshman in high school now and is required to turn in top-notch reports for biology and chemistry and whatever other classes require report writing on a computing platform 150 times more powerful than the computers on the Space Shuttle and NORAD combined.

Besides, little Johnnie/Joanne needs something pretty powerful for playing all those online games available via the brand spanking new broadband connection you got last month when you were planning ahead for the big box under the tree! And, of course, the computer will be up in his/her room to make doing homework less of a chore and more of an individual accomplishment, achieved in the combination bedroom and office. Perhaps Johnnie/Joanne might even have received a laptop; that broadband modem has wireless, so you can use it when you need to work, too.

Take a moment to get a few things crystal clear. First, teenage children do not need a computer capable of breaking encryption in less than two days; several government agencies are capable of doing just that, and they actually do not like the additional competition. Second, the words “You’ve got mail” will not be heard through the speakers of the super computer in question when it connects to an unsupervised broadband connection that has huge download speeds rivaling a DS3. You can expect to hear the sounds of heavy metal, rap, and whatever other kinds of music they can download via MP3s.

Regardless of whatever story your little high-school sophomore tells you, if they are in any kind of computer science course at school (as more than 80 percent of them are), they are striving for one goal: to be crowned “Uber Haxor” (pronounced oober hacksor) by their little felonious classmates. That’s right; your little baby that used to eat peas and carrots with their toes is but a few mouse-clicks away from being brought up on charges under the U.S.A. Patriot Act, and the shiny new PC you bought for Christmas is the high-tech hotrod that might end up getting them an extended stay at the “gray bar motel.” How many of the attacks, techniques, and tools discussed in this book cost money? Not many; most are free and those that do have cracks are available on the Internet.

The combination of intelligence and a burgeoning contempt for authority in any form (teenager) can make a state-of-the-art computing device a dangerous thing if it ends up in the wrong hands. Now, you might be saying to yourself, “My children would never do anything like that. I’ve brought them up to respect authority and have taught them the difference between right and wrong.” All this might be 100 percent correct, but in educating the little tykes, you might have forgotten that the Internet is still as wild and wooly as the west was in the 1800s. Sometimes, it is not the victim’s fault—malicious software and hacks are easy to miss.

Surfing the Internet is a common occurrence for children who have grown up in the past 15 years, and the amorality of the Internet lends itself to bad decisions. At last count (and some people have actually counted), thousands of websites are dedicated to hacking, cracking, and computer crime. Finding information on how to write viruses is easier and more fun than locating a recipe for double fudge brownies (but not as tasty).

Broadband Internet access has created a culture of anonymity that has never existed before for children seeking ways to rebel and embarrass their parents for grounding them or taking away the car keys. Email, YouTube, MySpace, Facebook, and video chat rooms have empowered children to explore the boundaries of society in an instant and exploit the weakness of that society on a whim when they determine that society has treated them badly.

Even at this point, you might still be convinced of your child’s enduring innocence and good intentions when it comes to behaving responsibly with regard to Internet usage. You might be correct in maintaining your belief; but then again, if you had asked the attacker’s mother who was recently in the news if her son was capable of these kinds of acts, she probably would have denied that her son was capable of executing the attacks, and you know how that story turned out.

This chapter discusses the security tools that attackers use so that readers can understand what they are up against. The chapter then examines the tools available to identify weaknesses in your network and the anatomy of a security audit, which is a crucial piece to ensure that your network is secure.