The logic of restrictive access.

Encryption is a lot like a game. Since there are so many combinations of
a what a password could be, it becomes a probablity game.

But more of a deduction game because most crackers of security infrastructers
have a basic outline of rules of what a password is most likely to be.

Used to be, most people used very obvious things from their lives for their
passwords. Birthdays, family numbers, house numbers, phone numbers
things like that. Easy to remember passwords to login in to whatever
needed autenticating.

So password cracking back in those days, from that standpoint was
not very difficult if you knew the person.
Also they tended to back up their passwords on sticky notes on their
monitors or the sides of their computers.

So the chances of a repairman getting authentication into your
network of information was pretty good.

Nowadays, authenticators tend to persuade people to make their passwords
harder to crack. Use lots of numbers and other strange charactors
so that it’s not obvious what it would be. Do not use birthdays, anniversaries,
etc.

You see these commonly on popular social network websites such as
myspace, facebook, etc.

If you follow these simple rules it really makes it more difficult for lower level
crackers like repairmen and average computer savy people to guess and
crack your passwords.

The big boys will always be able to get in no matter what.
Not because security sucks, but because that’s how the playng field is.
As good as they get, security software tries to keep up.
Sort of a batman and joker thing. One exists due to the other.

But, more relevant, what is security?

I mean, what does security mean when we strip down the fancy talk
and examine what’s behind all the hype.

These passwords and firewalls and rules and policies and everything
are just hoops to jump through to make it more difficult or time consuming
for the person attempting illegal behavior before they can get access.

Restriction of access is protection of access. And that’s the goal, isn’t it?
Access. Access to information.

Not unlike breaking into someone’s car or house for jewlry or money.
The values would be information.

So access is limited to authorized persons. People who are ‘suppose’ to
be able to see the information. Limited to just a narrow number, or only one,
person.

So that’s the goal. To be effective, there must be a ‘real’ door there with a lock.

So how do we go about putting a door with a lock around information?

Think about a bank. Ideally no one can just walk in and enter the vault, can they?
That would defeat the purpose of the vault. Why build a room with a huge metal door
and spend all that money and management if people were to just casually walk
in and take what they want.

So there must be a room around the information. A shell, a door if you will.
And obviously, if you’ve been keeping up, a lock. The key being the password.
So to gain access easily, one must grab the key.

Of course, like any other locks, there are other ways of gaining entry or access.
You break the door or lock. In the real world this is done physically.
You’ve seen it done in the movies, people shoot the door knob and gain
easy entry into the room. Or people attach a chain to the door and
drive a car the opposite direction and pull the door off by natural force.

Since information is logical, then there must be logical arguments
to protect the information. So firewalls are basically body guards with
policies. They check all incoming and sometimes outgoing, depending on
the firewall, protocols before they enter your computer and check their
list to see if they are allowed access.

If no, they are rejected and your firewall pops a window up alerting you
of suspicous activity so you can feel good about your protection.

But how about gaining entry to a secured network?

Wireless security, or any other security for that matter is basically set up
to deter by creating an effort on the attacker. If they are truely
determined, they will spend the time going up against the wall until
they have found flaws or until they have successfully tricked the wall
in order to gain access.

Some firewalls today are very smart in that they know they will be cracked
and attacked eventually. Basically it’s the value of what they are proctecting
that determines their chance of survival and effort.

So in those cases those firewalls are setup for fail safe. A plan B effect.

The effect is, if the firewall feels like it’s about to be penetrated and it cannot
stop the attack, it will auto shut down and all connection to it will
cease. Then the network goes down physically and the attack fails to gain
access.

Then the network administrator is alerted that the network is down,
and knows why because he was the one who programmed it
and deals with the situation from there. Hopefully checking the
integrity of the information as that would be the point.

So, what did the hacker do? How would he have gotten in?

They use chance against an argument.

The argument is, no one gains entry without authentication (password).
If you don’t have the correct password, the firewall knows the password
because it’s stored on the firewall.  Quite literally it’s checking against it’s
own database. If the name you provide isn’t on the guest list, you are simply turned away.

However, if one could see the guest list, one could assume or even guess
a name correctly and the argument would be correct. Therefore gaining
entry without more of a problem, and simply walking inside.

So cracking is just the art of decoding what is known to the hardware.
It’s decoding and giving a code of authentication in order for the
argument to be true.

See why they call it spyware. It a spy for information.

In other words, crackers must play the game first, if they want entry.

As I’ve said, there are ways around this. Depending on how the firewalls
are setup, crackers don’t always try to crack passwords. There are many
other ways to gain entry. And they don’t even have to guess passwords
these days. Bots and spyware are used to lessen the guessing game.
Which is why you should definitely do regular scans with up to date
anti spyware anti virus programs. Because even if it’s not guarenteed,
it’s still something.

But.

With wireless systems password cracking became even easier.
If you think about it, crackers don’t even have to be on your computer
or connected to your network anymore. They just need to
‘see’ your computer show up in their list of active networks
on their PCs and they can run programs off that alone.

Wireless cafes were pretty good for that. If you ever watch
Hak5 or other PC nerd web shows they show instances of
internet cafe crackers.

It’s simple enough to do these days, what with the popularity of
wi fi and laptops and open internet accessed connections.
Even with a personal firewall on your computer, the odds
are pretty good that it’s vulnerable to attack fairly easily.

But I digress.

This was more about the logic of restricting access to a limited
persons. Not the dangers of wireless or other types of computer
networks. Just look around on the internet, you can find those
everywhere.

In short, security can always only ever be at the same level as
the competition (crackers). As with any security, if someone wants
in bad enough, and they are determined enough, nothing is going
to stop them…except maybe a fail safe like disengaging all network
activity. Which is a really good idea actually.

Some tips for lowering your security risk:

1. Don’t purchase the most popular hardware avaliable.
Don’t purchase the most popular software available on the market.
If everyone has it, it’s more likely an easy target for crackers. Like Windows
and Microsoft Office and eventually Norton.

2. Choose your authentication methods carefully.
this is really important, because even though it can be decoded by the
right software these days, it still takes time. strong passwords
are simply to deter those less interested, so make it good.

3. Be aware of your surroundings and dealings with people.
Of any security be wary of who you give information to.
Social hacking is easy and very popular with cracking.
protect your information by not giving it out to others.

4. Change those passwords.
It sounds frustrating, but changing passwords makes it harder
for someone to break into your structures. It’s like changing
the security code on your car alarm.

5. Keep your software up to date with the latest security downloads.
No matter what software you have, remember to keep it up
to date with the latest security downloads. They are there
for a reason, use them. Scan that harddrive at least once a month.

Advertisements
Explore posts in the same categories: 1

Tags:

You can comment below, or link to this permanent URL from your own site.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


%d bloggers like this: