IF YOU HAVE the time, plus a bit of detective in you, taking a hands-on approach to security by learning how to hack will give you a jump on your hands-off colleagues. You can learn about new vulnerabilities and exploits days before vendors turn them into anti-virus definitions, OS patches, and IDS (intrusion detection system) signatures. If your curiosity takes you far enough, you'll become expert at finding network holes by applying hackers' tools and knowledge.
Mainstream hackers share their knowledge willingly, even with the IT people who make a living preventing hackers' attacks. Respondents to the 2002 InfoWorld IT Security Survey already use Internet security resources; 54 per cent read security-oriented Web sites, even though some useful information may be classified as out of bounds. Choose your level of engagement according to your interests, skills, and the degree of risk you're willing to accept. The resources cover the spectrum from filtered, high-level vulnerability alerts to snarky, detailed exploit travelogues and tools.
You can pick up free security documentation, tips, vulnerability alerts, and tools from several utterly safe avenues. Security vendors' and consultancies' sites are easy to find, but because they sell products and services, most don't give much away. Start by tapping into http://www.cert.organd other security alert sites for high-level summaries of new vulnerabilities -- that's how 86 per cent of respondents stay on top of widely publicised threats. Then move on to safe sites that offer more detailed information and free, useful tools for testing and tuning your network's defences.
The Bugtraq mailing list and the SecurityFocus Web site (http://www.securityfocus.compoints to both) are safe places to learn about new exploits. Hackers compete to uncover fresh vulnerabilities and submit them to Bugtraq; it's a hacking rite of passage and keeps Bugtraq busy and relevant. Symantec (the most trusted security software vendor according to surveyed readers) recently acquired SecurityFocus, so the direction of the site and the list could take a less open, more commercial direction, perhaps keeping the best bits of Bugtraq for itself.
The http://www.freshmeat.netWeb site is a searchable repository for open-source software and documentation. Most of the software is written for Linux, but a project's home page link may point to Solaris, BSD, Windows, and other ports of popular tools. The freshmeat.net database is huge, so search with narrow keywords, such as "exploit," "vulnerability," "scanner," and "cracker." Remember that back doors can be buried even in published source code; always run new noncommercial tools in isolation first. Be sure you understand them thoroughly before you let them near your network.
You can find a free, widely used network scanner called Nmap at http://www.insecure.org. This cross-platform tool scans your network the way hackers do, looking for vulnerable services. This site is an excellent resource for security information. Under the Security Tools link sits a comprehensive if slightly dated list of the top 50 open-source and commercial security tools identified by Nmap users. It also maintains Web archives of the best security mailing lists, including Bugtraq, and helps you subscribe to them.
We wouldn't think of running a Windows network without the tools at http://www.sysinternals.com. This freeware collection provides basic yet indispensable tools for monitoring system and network facilities. If you suspect you're under attack, the Sysinternals tools help you drill into processes and network connections. You can monitor changes to your registry and file systems in real time. It's helpful to watch malware open back doors and interfere with your programs. Like the most worthwhile tools, Sysinternals' software helps you act on what you find. You can kill processes and close network connections with a button click. Sysinternals sells beefed-up commercial versions of its tools, but its freeware isn't crippled or time-bombed.
If you can't get what you need from these sources, you can tap some of the fence-straddling sites that openly serve both hackers and security professionals. You'll find lots of documentation, including step-by-step instructions for preventing as well as causing all sorts of mayhem. Some of the hacking tools listed at these sites are the real deal, and they might set off your anti-virus, firewall, and IDS alarms. Infected tools are commonplace, and consorting with hackers is a great way to get hacked. Don't say we didn't warn you.
The site http://www.ntsecurity.nu hosts one prolific programmer's hacking toolset for Windows. The tools' succinct descriptions and the papers posted on the site may be edifying enough for you. The author, Arne Vidstrom, vouches that his tools are safe, and he claims a connection to commercial security vendor GFI Software. But there's no source code, so play smart.
New Order (http://neworder.box.sk ) is a low-rent watering hole for casual hackers and those who want to learn how hacking works. The pop-up ads are annoying and some of the content is subversive, offensive, or useless. But a few gems are scattered among the articles there, including some step-by-step descriptions of complex attacks. If you decide to dig underground by clicking through New Order's links, the minimum acceptable armour is a fortified isolated workstation with a dynamic IP Internet connection. Even then, you're wearing a neon sign that says "Hack me!"
Our favourite split-personality site is Razor, found at http://razor.bindview.com. Bindview is a respected software vendor that lends strong credibility to the Razor site, but it is not the kind of diluted, dumbed down marketing front that dominates Google security searches. Razor is smart, edgy, current, and unabashed. The original content is superb, and the links point to the most informative hacker tech sites on the Internet. Best of all, Razor's Unix, Linux and Windows tools are clean, powerful and well-documented. The toolbox includes several utilities for scanning, investigating and blocking, but the best of the lot is VLAD the Scanner, a tool that checks your network (or another's) for vulnerability to the 10 most common attacks.
No harm can come from subscribing to a mailing list or reading safe Web sites. The risk of using hacking tools, exploit knowledge, or powerful cross-purpose tools is harming your network -- or your career. Large companies have stringent security policies; 86 per cent of survey respondents actively enforce those policies. Just accessing some of these sites and tools could get you fired. Before you take an active approach to security management, make sure your bosses approve of what you're doing.
No one outside your IT security organisation should engage in internal hacking, no matter how well-meant those efforts might be. If your company wants a jump on published security information, the best way may be to drop a few of its own people into the trenches. An IT security detail equipped with an isolated lab, powerful tools, and the knowledge to use them safely can be an invaluable asset. No hat on earth is whiter than the one on your head.
EXECUTIVE SUMMARY Digging deep into hackers' Web sites and using their tools means taking on some risk, but the quality and timeliness of the information is worth it.
TEST CENTER PERSPECTIVE Only criminal and consulting hackers keep secrets; most share knowledge freely. To keep up, you'll need a solid grasp of TCP/IP fundamentals and an understanding of C and Perl source code.