Tuesday, March 5, 2019

Computing - Broad Overview of Potential Insecurities

Well, I got pfSense working, and installed The Security Onion. Kali is up, but not connected to the internet and I'm still working on that. (The guide had this thing called Afpacket bridges for trying to isolate networks, but I'm not sure I fully understand how that's supposed to work and the stuff I'm working with has been updated since the guide came out so the instructions are not quite exact.)

Anyways. I wanted to pull together some of what I've covered, and how it relates to computer security. This is going to be a mile wide and an inch deep. For everything I touch on there are measures, and counter measures (and counter-counter measures), so if something piques your interest definitely look into it on a deeper level.

I used the postal service analogy before, and I'm going to stick with it (and maybe even expand upon it when I get to the server side of things).

Picture the many, many ways a handwritten letter could be insecure.

Someone might be reading over your shoulder while you write it. Or they may enter your office and look at it before you mail it off. Or they may intercept it anywhere along the way and open it.

You can take countermeasures to protect your information of course - like writing the letter in code, for example - but our ability to 'sniff' traffic makes it ridiculously easy to read at least the mailing information on the outside of your envelope.

And certain websites may be so ignorant (or lazy) that they put sensitive information - like your username, password, or credit card information - right there on the outer envelope.

Wireshark is a tool that passively collects information on all the letters passing through an area. You can filter and search through that traffic for all sorts of information...

And btw, there are all sorts of tools that allow you to sniff traffic, whether over a physical wire or off the wifi. Such tools are not necessarily bad in and of themselves, it's just that they can definitely be used for malicious purposes.

Even if sensitive websites (like banks, or online retailers) use https, and have that little green lock on the top indicating all the messages are transmitted in some sort of cipher, if you use the same password on every other site all it takes is one insecure site and a hacker can find out what other sites you've visited and try using your password there.

That's not even including efforts to misdirect your mail to a fake website, or add malicious software to an ad on a legitimate website, or cross-site scripting (which I don't fully understand yet, but hope to get into in more detail later.)

Which means that there are multiple cases where your information can be stolen, well before you've even reached any particular website. Talking about what happens there is going to take way more work, so I'll get into that next time.


No comments:

Post a Comment