Hackers attacks on the operating system

Posted: September 14, 2012 in Articles
Tags: , , ,

Hackers attackProtect the operating system, as opposed to DBMS, it is much more difficult. The fact that the internal structure of modern operating systems are extremely complex, and therefore compliance with the adequate security policy is a much more difficult task. Among the people are of the opinion that the most effective attacks on operating Systems can be arranged only with the help of sophisticated tools based on the latest achievements of science and technology, and the attacker must be highly skilled programmer. This is not entirely true.

No one disputes the fact that the user should be aware of all the innovations in the field of computer technology. And the high qualification – not too much. However, art is not a hacker to break into any very “cool” computer security. You just need to be able to find a weak spot in a particular system of protection. In this case, the simplest methods of hacking are not worse than the most sophisticated, because the simpler algorithm of attack, the more likely it is completed without errors and crashes, especially where prior testing of this algorithm in conditions similar to “combat” are very limited.

Successful implementation of a hacker attack algorithm in practice to a large extent depends on the architecture and configuration of your operating system, which is the object of the attack. However, there are attacks that may be subjected to virtually any operating system:

 – theft of the password;

– spying on a user when he enters the password, giving the right to work with the operating system (even if you type your password is displayed on a display screen, a hacker can easily spike, password, simply follow the movements of the user’s fingers on the keyboard);

– get the password from the file in which the password was saved by the user, not wishing to take the trouble of entering the password when connecting to a network (usually a password stored in a file in clear text)

– Search password for users to remember, record na calendars in your notebook or on the back of computer keyboards (most often this situation occurs if the administrators force users to use hard-to-remember passwords);

– theft of password information, external media (floppy disk or an electronic key, which is stored on the user’s password, designed for entering the operating system);

– exhaustive search of all possible passwords;

– password guessing in the frequency of characters and bigrams, using dictionaries most frequently used passwords, involving knowledge of a single user – his name, last name, phone number, date of birth, etc., using knowledge of the existence of equivalent passwords, with from each class being tested only one password, which can significantly reduce the time of enumeration;

– Scan your hard drives (hacker consistently trying to access each file stored on the hard drives of computer systems, if disk space is large enough, you can be quite sure that in the description of access to files and directories administrator made at least one error, resulting in all of these directories and files will be read by a hacker, to hide the hacker can arrange the attack under a different name, for example, a user name, password, which is known hacker);

– assembly “garbage” (if funds allow the operating system to recover previously deleted objects, an attacker can take advantage of this opportunity to get access to the objects deleted by another user, for example, by examining the content of their “garbage” baskets);

– abuse of power (using the error in the software or in the administration of the operating system, the hacker is authorized in excess of the powers granted to it under the current security policy);

– run the program on behalf of the user who has the necessary authority, or system software (drivers, services, daemons, and so on);

– substitution of the dynamic link library used by system programs, or changing environment variables that describe the path to these libraries;

– modification of code or data protection subsystem of the operating system;

– denial of service (the purpose of this attack is a partial or complete disablement of the operating system);

– resource grabs (hacking program capture ‘of all available resources in the operating system, and then enters an infinite loop);

– bombardment of requests (hacking program to guide the operating system requests, the response to which require large computer resources);

– the bugs in the software or administration.

If the software is not a computer system errors and strictly observes the administrator security policy, as recommended by the developers of the operating system, then attack all of the peaks, are ineffective. Additional measures should be taken to improve safety, to a large extent depend on the operating system, running on a given computer system. However, we must recognize that, regardless of the measures taken to completely eliminate the threat of hacking the computer system at the operating system is not possible.

Therefore, the security policy should be conducted so that, even breaking the protection created by the operating system, the attacker could not cause serious damage.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s