Đang chuẩn bị liên kết để tải về tài liệu:
network security secrets and solutions scambray mcclure phần 4

Không đóng trình duyệt đến khi xuất hiện nút TẢI XUỐNG Tải xuống

người dùng cuối không biết an ninh. Không chỉ là Win 9x dễ dàng cấu hình, nhưng những người có thể được cấu hình nó không có biện pháp phòng ngừa thích hợp (giống như lựa chọn mật khẩu tốt). Thậm chí tồi tệ hơn, không thận trọng Win 9x-ers có thể được cung cấp một | 190 Hacking Exposed Network Security Secrets and Solutions iks.dat by default likely to be renamed as specified in the Registry and view it using the datview utility that comes with IKS. The configuration screen for datview is shown next HifiJiy Lùfl 1 lùl IKS PtBù BMP Fieip p U.Í iK-rev r Ffc D J DI Vrl 41 K.trl r Flàrtdelt Ữ r FfaiDJEl I- Ffea Cl J Al ŨỈMI Fine bon Kaya Owdxn I- Odd td-di 1 Ujxj- E.-J 7 rkdlrtbi. ki.F- Irawii D 159 Lrj Fnra 1 rỉ -iaiFTiWca dbri Sw-iw Tc-d Llsj Tu HlWrit 1 Hirwi 1 Ip EHR. Cd I Perusing the output of IKS after a few weeks almost always turns up domain credentials typically right after an Alt Ctrl Del entry in the IKS log. Q Countermeasures for Keystroke Loggers Detecting keystroke loggers can be difficult because of their low-level infiltration into the system. For IKS we recommend looking for the Registry value called LogName no quotes under HKLM SYSTEM CurrentControlSet Services and associated subkeys. The path or filename specified here is the keystroke log. The service subkey under which this value sits can safely be deleted of course the usual caveats about editing the Registry apply . Locating the IKS driver requires a bit of detective work to ferret it out from among the legitimate .sys files in systemroot system32 drivers. Checking the Properties of each file will eventually turn up the culprit the Version tab of the Properties screen describes it as the IKS NT 4 Device Driver with an Internal Name of iksnt.sys. Once access to the domain is achieved intruders will start to use their Administrator status on one server as a staging area for further conquest. The next section will discuss some of these methodologies and countermeasures. Sniffers Eavesdropping on the local wire is one of the most effective ways to gain further penetration into a network once a single system is compromised. Dozens of network eavesdropping tools are available today including the one that popularized the colloquialism sniffer Network Associates .