Finally, it's easy to overlook other vulnerabilities in your network infrastructure that can indirectly lead to
file server manipulation and exploitation. These mostly revolve around physical security. One serious issue I came across was where the Web interface for a data center's physical security management system was accessible to all network users and anyone that was able to hop onto an unsecured wireless network from outside the building. Even worse, it was running with the default username and password. Once you logged in, door sensors could be disabled, security alerts could be rerouted, log files could be tampered with and so on. What a great way for an attacker to cover his tracks breaking into the data center!
I've also come across several situations while visiting busy real estate offices, healthcare facilities, and even during "open house" networking events at local businesses where servers were completely accessible to the public. No doors, no locks, not even the slightest physical security measure. These servers almost always have their screens unlocked which can make an administrator backdoor easy as pie to setup. The bad guys can also gain a leg up on how everything is interconnected and accessible to steal after hours or when no one is around. Think a stolen Windows file server is not easy to crack? As long as the hard disks are not encrypted, all it takes is the right tools (such as Ophcrack Live CD and NTAccess) to crack or reset the administrator password. Certainly an incentive to use whole disk encryption on your servers as a last line of defense!
Don't sit idle
Always remember that if the bad guys can do it you need to be doing it as well. What I'm trying to say is that you've got to ethically hack your file servers -- with a malicious mindset -- to see what can be done by both unruly insiders and outside attackers. Keep in mind that there's a method to all this madness as I outlined here in my domain controller penetration testing tip. This will ensure you're performing your testing in the right way at the right time with the right tools and so on.
Finally, don't forget that file server hacking is not necessarily the exploitation of high-tech vulnerabilities that take days, weeks or months to execute like we see in the movies. It's more so someone with malicious intent with the right tools and a little bit of time exploiting a basic IT oversight. Even with the greatest of intentions, we all get busy and miss or forget about a specific patch, access control or other network hole. It happens to the best of us -- but it's those very weaknesses that the bad guys thrive on the most.
Hacking file servers
Step 1: Exploiting a missing patch
Step 2: Sniffing the network for juicy info
Step 3: Stumbling across sensitive files
Step 4: Executing related hacks that affect file servers
|ABOUT THE AUTHOR:|
|Kevin Beaver is an independent information security consultant and expert witness with Atlanta-based Principle Logic, LLC. He has more than 18 years of experience in IT and specializes in performing information security assessments revolving around compliance and IT governance. Kevin has authored/co-authored six books including Hacking For Dummies, Hacking Wireless Networks For Dummies, Securing the Mobile Enterprise For Dummies (all by Wiley), as well as The Practical Guide to HIPAA Privacy and Security Compliance (Auerbach). He can be reached at kbeaver ~at~ principlelogic.com. Copyright 2006 TechTarget|