Problem solve Get help with specific problems with your technologies, process and projects.

Step 2: Sniffing the network for juicy info

File servers hold much of an enterprise's sensitive data and are certainly a prime target of malicious hackers. Security testing expert Kevin Beaver says you'd be surprised how easy it is to attack these servers, from inside or outside the network. Kevin outlines some of these techniques in this step-by-step guide.

Speaking of unsecured wireless networks, all it takes for a malicious outsider to hop onto your network or glean sensitive information from it is to load up a wireless network analyzer such as CommView for WiFi or RFprotect Mobile. Furthermore, if he's able to obtain a physical connection to your network (or he's a trusted user), he can load a tool such as Cain and perform ARP poisoning allowing him to bypass your Ethernet switch 'security' and grab anything and everything off your network.

What does this have to do with hacking file servers? Easy -- the attacker simply gleans password information from SMB, POP3, Web, FTP, and even Windows authentication attempts right off the wire as shown below and uses that information as a direct link for unauthorized access into your file servers.

Passwords are easily gleaned of an Ethernet network.

Hacking file servers

 Home: Introduction
 Step 1: Exploiting a missing patch
 Step 2: Sniffing the network for juicy info
 Step 3: Stumbling across sensitive files
 Step 4: Executing related hacks that indirectly affect file servers
Kevin Beaver is an independent information security consultant and expert witness with Atlanta-based Principle Logic, LLC. He has more than 18 years of experience in IT and specializes in performing information security assessments revolving around compliance and IT governance. Kevin has authored/co-authored six books including Hacking For Dummies, Hacking Wireless Networks For Dummies, Securing the Mobile Enterprise For Dummies (all by Wiley), as well as The Practical Guide to HIPAA Privacy and Security Compliance (Auerbach). He can be reached at kbeaver ~at~ Copyright 2006 TechTarget

Dig Deeper on Windows Server troubleshooting

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.