III. Exploitations on Data Centre Management

by JUCC ISTF
SHARE THIS
/* The following article is extracted from the "Information Security Newsletter" published by the JUCC IS Task Force. */  
 
 
Vulnerabilities of data centres are found in their physical security, systems / devices hosted and management procedures implemented. Several common exploitation techniques are illustrated below:
 

1.   Back Door

Data centre procedures developed by the IT staff that may have flaws that can create back door vulnerabilities. Exploitation on such weakness can inadvertently introduce security breaches and result in financial loss or repartition damage to universities.

A backup operation provides a good example of how data centre management can be exploited by insecure backup process. IT staff usually overlook the security of tape backup infrastructures, which may contain vulnerabilities and can be exploited to create disastrous consequences. Since the execution of the backup task that usually requires escalated system privileges at the operating systems, network, data repository and application system levels. Malicious parties can take advantage of this security weakness through penetrating flawed backup infrastructure to gain access to universities' sensitive data.

2.  Attacks on Remote Access to Data Centre Management

Exploitations on remote access technologies used for data centre management are in many forms. Known attacking techniques include:

  • Use of Virtual Private Network (VPN) access of terminated staff to gain access to data centre systems or management tools
  • Offline password cracking through decrypting the hash data received from VPN servers with Internet Key Exchange (IKE) Aggressive Mode Shared Secret Hash Leakage Weakness
  • Denial of Service (DoS) attack on Secure Sockets Layer (SSL) -based VPN can be achieved by using hidden attack packets, which was undetectable by Intruder Detection Systems (IDS). For example, disguise malformed Internet Security Association and Key Management Protocol (ISAKMP) headers as standard IKE headers
  • Login guess attack on Windows Remote Desktop by hackers

 3.  Social Engineering Social Engineering

As of today, social engineering still remains as the biggest cyber threats to information security. As opposed to DoS and other remote hacking techniques, social engineering involves obtaining physical or logical access to data centre assets via manipulating IT staff relevant to data centre management, rather than by breaking in or using technical cracking approaches. Some social engineering techniques frequently used by hackers include piggybacking, penetrating data centre by getting a job within the data centre management team, and disguising as vendor support personnel for performing maintenance services inside data centres.

 

References:

http://www.computereconomics.com/article.cfm?id=1112

http://www.ncp-e.com/fileadmin/pdf/techpapers/NCP-Attack-Vectors-WP.pdf

http://www.ee.co.za/wp-content/uploads/legacy/Securing%20remote%20data.pdf

http://www.nta-monitor.com/posts/2005/01/VPN-Flaws-Whitepaper.pdf

http://www.pcworld.com/article/182180/top_5_social_engineering_exploit_techniques.html

[Previous section][<Next section]