Outside Looking In
By John N. Stewart
The largest security team at the largest organization is still many orders of magnitude smaller than the population attempting to break in to the organization's network. Why? The Internet community is enormous and any one member interested in causing harm to your system can easily access the tools he or she needs to break in.
In most cases, would-be intruders use a number of small programs to probe your host computer for weaknesses. When malicious hackers find a hole, they use other tools to exploit the vulnerability and gain access to your network. To protect yourself from these black hats it's important to see your own system from the perspective of a person with the necessary tools. Only then can you effectively fortify your network from probing and potential attacks.
Host Probing
For this article, I put together a demonstration site configured with an out-of-box Solaris installation. I then used a port scanner to probe the system for available services that could potentially be exploited.
When probing a host machine like this, the goal is to find out as much information as possible about the machine. Using that information, black hats can further probe and even attack the remote machine. The most critical pieces of information found during a probe include the host's operating system and the available applications on the computer. With that information, the crackers can discern which vulnerabilities to exploit.
Whenever I came across a potentially dangerous hole on my demonstration system, I patched it and essentially created a countermeasure.
