Get your network hacked in 10 easy steps

Worms are considered a major security problem today, but one expert says you may be overlooking a bigger problem -- the damage a single hacker can do inside your network.

Jesper Johansson, a Microsoft security program manager, demonstrated how a hacker can easily invade and compromise a network. His standing-room-only session at the recent Microsoft Worldwide Partner Conference in Toronto focused on methods administrators can use to better secure Windows, but it drew attention to Microsoft vulnerability concerns as a whole.

"We're not perfect. We're not where we need to be," Microsoft CEO Steve Ballmer said at the conference about his company's security efforts. But he said the company is making progress based on feedback from partners and customers.

One partner attending the conference explained that his biggest Windows security concerns stem from backdoor vulnerabilities that don't appear until after a patch has been made.

"I'll often patch one vulnerability, and then a new one shows up," said Guy-Marie Joseph, president of ConnecTalk Inc., a Montreal-based IT services company. "Patches don't take into account the back door. Unless you've been hit by a hacker, you don't know what's vulnerable. If you haven't been hit, you eventually will and then you'll know."

Johansson's session addressed common administrator mistakes that open the door to hackers, including failure to harden Windows applications, allowing outbound FTP, weak passwords and login misuse -- logging onto something other than a domain server with a domain server login.

"What really worries me is somebody adding himself to my payroll. Do you know everyone on your payroll?" he asked, adding that many IT shops are unaware of a hacker's presence.

Johansson also described a scenario in which he injected a Trojan horse in a domain server during a vulnerability test at Microsoft. No one logged onto the domain servers, which he called a sign of a well-run network. However, no one noticed the file named "EvilTrojan.exe," so he finally had to inform IT managers of the Trojan's presence, something that obviously wouldn't happen in the real world.

"The moral of the story is initial entry is everything," Johansson said. "Most networks are designed like eggs shells. They're hard and crunchy on the outside, soft and chewy on the inside."

Once a hacker is in your network, you have three options, according to Johansson. You can update your resume, hope the hacker does a good job running the network or drain the network. The latter is really your only option, he said.

To establish and maintain network security, Johansson outlines what not to do. Here are his "10 easy steps to getting your network hacked."

1. Don't patch anything
2. Run unhardened applications
3. Log on everywhere as "domain administrator"
4. Open lots of holes in the firewall
5. Allow unrestricted internal traffic
6. Allow all outbound traffic
7. Don't harden servers at all
8. Use lame passwords
9. Use high-level service accounts in multiple places
10. Assume everything is OK

For more information

Learn the difference between hackers and crackers

Browse a list of Windows security tips

Check out the Best Web Links on intrusion detection and prevention

Rate this Tip To rate tips, you must be a member of SearchSecurity.com. Register now to start rating these tips. Log in if you are already a member. Submit a Tip BROWSE BY TAG Network Security Tactics,   Network Intrusion Prevention (IPS),   Network Intrusion Detection and Analysis,   Enterprise Network Security,   Application and Platform Security,   Enterprise Vulnerability Management,   Security Patch Management,   VIEW ALL TAGS Digg This!     StumbleUpon     Del.icio.us    RELATED CONTENT Network Security Tactics Scapy tutorial: How to use Scapy to test Snort rules How to prevent iPhone spying: mobile phone management tips How to use hping to craft packets Securing naming and directory services for application defense-in-depth Five endpoint DLP deployment data security tips How to properly implement firewall egress filtering What to do with network penetration test results How to use TrueCrypt for disk encryption Protecting enterprise networks from new mobile application downloads Maintaining security after a cloud computing implementation Network Intrusion Prevention (IPS) Experts laud IPS virtual patching, but warn against misuse White House declassifies CNCI summary, lifts veil on security initiatives Aligning network security with business priorities Best Intrusion Prevention and Detection Products Port scan attack prevention best practices Lesson 4: How to use wireless IPS Lesson 1 quiz: Risky business Hacker attack techniques and tactics: Understanding hacking strategies SIMs tools and tactics for business intelligence IPS and IDS deployment strategies Network Intrusion Prevention (IPS) Research Security Patch Management Microsoft to address eight security vulnerabilities in Windows, Office Customer gets say during responsible vulnerability disclosure panel Microsoft gives Internet Explorer a major security overhaul Information security book excerpts and reviews What patch management metrics does Project Quant use? Squad: Tokenization, Phishing and the Feds Should management processes change based on a patch release schedule? Should Windows Mobile updates come from Microsoft? Adobe updates ColdFusion, JRun, Flex Trusteer CEO criticizes Adobe, touts better patch deployments RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary Diffie-Hellman key exchange  (SearchSecurity.com) intrusion prevention  (SearchSecurity.com) network behavior analysis  (SearchSecurity.com) RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.