Here’s a situation that underscores the importance of network security these days: a novice hacker working for the research and development department of a Japanese automaker was able to exploit a cross-site scripting vulnerability to infiltrate a server and compromise 40 websites in seven minutes.
Method of Attack Used in the Hack
The attack started with pinging the server and using a port scanning tool; it took two minutes for the hacker to determine that he was dealing with a business network that allowed file sharing by means of SMB and FTP. The hacker found an open port that could be accessed without standard username/password login credentials. Although this open port by itself does not allow privileged access, the hacker was able to deploy another tool to look for files that may be of interest; such files may include unencrypted login credentials.
Once inside the database, the hacker located a configuration file that would have allowed him to take down all the websites with just one line of code; thankfully, he did not do this since his interest in network security is not malicious. The hacker explored further into the SMB (Samba) ports that allow file sharing; diving into these ports allowed him to open the folder with very sensitive information that included the SSID of Wi-Fi networks.
As you can see, even novice hackers can do significant damage to business networks, and they do not need too much time to do so. When was the last time you had a security audit done on your network? To learn more about server security in the High Desert, contact Sonic Systems in Victorville today.