Step 2: Sniffing the network for juicy info

File servers hold much of an enterprise's sensitive data and are certainly a prime target of malicious hackers. Security testing expert Kevin Beaver says you'd be surprised how easy it is to attack these servers, from inside or outside the network. Kevin outlines some of these techniques in this step-by-step guide.

This Content Component encountered an error

Speaking of unsecured wireless networks, all it takes for a malicious outsider to hop onto your network or glean sensitive information from it is to load up a wireless network analyzer such as CommView for WiFi or RFprotect Mobile. Furthermore, if he's able to obtain a physical connection to your network (or he's a trusted user), he can load a tool such as Cain and perform ARP poisoning allowing him to bypass your Ethernet switch 'security'...

and grab anything and everything off your network.

What does this have to do with hacking file servers? Easy -- the attacker simply gleans password information from SMB, POP3, Web, FTP, and even Windows authentication attempts right off the wire as shown below and uses that information as a direct link for unauthorized access into your file servers.


Passwords are easily gleaned of an Ethernet network.


Hacking file servers

 Home: Introduction
 Step 1: Exploiting a missing patch
 Step 2: Sniffing the network for juicy info
 Step 3: Stumbling across sensitive files
 Step 4: Executing related hacks that indirectly affect file servers
ABOUT THE AUTHOR:
Kevin Beaver is an independent information security consultant and expert witness with Atlanta-based Principle Logic, LLC. He has more than 18 years of experience in IT and specializes in performing information security assessments revolving around compliance and IT governance. Kevin has authored/co-authored six books including Hacking For Dummies, Hacking Wireless Networks For Dummies, Securing the Mobile Enterprise For Dummies (all by Wiley), as well as The Practical Guide to HIPAA Privacy and Security Compliance (Auerbach). He can be reached at kbeaver ~at~ principlelogic.com. Copyright 2006 TechTarget
This was first published in September 2006

Dig deeper on Windows Server and Network Security

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchServerVirtualization

SearchCloudComputing

SearchExchange

SearchSQLServer

SearchWinIT

SearchEnterpriseDesktop

SearchVirtualDesktop

Close