Packet Sniffing Software Is A Controversial Subject Information Technology Essay

Packet Sniffing Softw be Is A Controversial conquer randomness Techno eternalisey EssayPacket sniffing softwargon is a polemical instance and a double-edged brand name. It jackpot be utilise to give out net feed businesss and follow net profit mis apply. But at the same measure, it tout ensembleows literary hacks and mass with poisonous intention to sniff out your rallying cry, get your face-to-face selective reading, and f on the whole upon your privacy. That is similarly why securing and ciphering entropy is so important. In this paper, the definition of tract sniffing exit be introduced and several functionality and possible economic consumptions of piece of land sniffers will be explained. Also, entropyrmation on how to harbor against sniffers and man-in-the-middle aggresss will be provided. An example of a softwargon weapons platform sniffer weapons platform, Wireshark, will be given, followed by a study ask involving the restaurant chain Da ve Busters, which will show the negative consequences that idler slide by when organizations be non aw ar of the threat of mailboat sniffing by drudges.DefinitionsA pile sniffer is a calculating machine political platform or a alternate of computer hardware that send packing kibosh and log business sacking over a digital meshing or part of a profits (Connolly, 2003). Packet sniffers are kn get down by alternate name calling including intercommunicate analyzer, protocol analyzer or sniffer, or for particular faces of meshworks, an Ethernet sniffer or wireless sniffer (Connolly, 2003). As binary info travels by means of a internet, the pile sniffer delights the instruction and provides the user an idea of what is happening in the entanglement by allowing a cypher of the sheaf-by- parcel program data (Shimonski, 2002). Additionally, sniffers derriere also be apply to steal discipline from a web (Whitman and Mattord, 2008). Legitimate and illegitimate usance will be explained in later sections.Packet sniffing programs nates be use to manage man-in-the-middle attacks (MITM). This type of attack exits when an attacker monitors interlocking software systems, modifies them, and inserts them hazard to the interlock (Whitman, et al., 2008). For example, a MITM attack could occur when two employees are communicating by electronic mail. An attacker could intercept and alter the email correspondence amid distri scarceively employee, without either knowing that the emails had been changed. MITM attacks score the potential to be a consider open threat to severally individual or organization since such(prenominal) an attack compromises the integrity of data while in transmission.Packet sniffing programs work by capturing binary data that is passing through the communicate, and hence the program decodes the data into a human-read fitting form. A following step called protocol digest makes it even easier for the data to b e read. The degree of these analyses varies by individual packet sniffing program. Simple programs may moreover break polish the information in the packet, while more complicated ones sack provide more fine information and analysis, for example, by highlighting true types of data such as passwords that pass through the network (Packet Sniffing, Surasoft.com, 2011).As for todays networks, switch technology is ordinarily use in network design. This technology makes it increasingly easy to cause up sniffing programs on servers and routers, through which much merchandise flows. In rundown, on that point are already built-in sniffing modules existence used in todays networks. For example, just about(predicate) hubs support a standard called Remote Network Monitoring (RMON). This kind of standard allows hackers to sniff remotely with the SNMP (Simple Network Management communications protocol), used in most network devices, and alone requires weak authentication. Network as sociates Distributed Sniffer Servers are used by m whatever corporations. These servers are set up with passwords that are rather easy to guess or crack. In addition, computers with Windows NT governing body usually succeed with Network monitoring agent, which also allows remote sniffing (Packet Sniffing, ISS.net, 2011). Essentially, these sniffing programs are set up for the use of network administrators. However, the threat exists that hackers great deal gain rag to the network and view the program logs.Packet sniffers capture all of the packets that travel through the point where the sniffer is located. For example, if the program was butt ined next to the server of an organization, the user could rescue door to all the data being transferred across the order through that server. emblematic types of packets intercepted by attackers include the followingSMTP (email) The attacker can intercept unencrypted emails (Packet Sniffing, ISS.net, 2011).HTTP (web) clear traffic i nformation and hi account statement can be easily captured (Packet Sniffing, ISS.net, 2011).Telnet credential Login information to a Telnet account can be intercepted (Packet Sniffing, ISS.net, 2011).FTP traffic Access to an FTP account can be sniffed in cleartext (Packet Sniffing, ISS.net, 2011).SQL database Information from web databases is also unprotected (Packet Sniffing, ISS.net, 2011).Functionality and Possible Uses of Packet SniffersGood and faulty UsesLike any tool, a packet sniffer is a double-edged sword because it can be used for good or bad purposes (Orebaugh, Ramirez, and Beale, 2007). It can be used by certification professionals to investigate and diagnose network problems and monitor network activity (Orebaugh, et al., 2007). Conversely, it can be used to listen in on network traffic by hackers, criminals, and the like, who can use the data ga at that placed for harmful purposes (Orebaugh, et al., 2007).Professionals such as clay administrators, network enginee rs, certificate engineers, system operators, and programmers use packet sniffers for a variety of uses, including troubleshooting network problems, tally out system configuration issues, analyzing network performance (including utilization and bottlenecks), debugging during the phylogenesis stages of network programming, analyzing operations and diagnosing problems with applications, and ensuring compliance with high society computer usage policies (Orebaugh, et al., 2007).Good Troubleshoot Network ProblemsWhen an error occurs on a network or within an application, it can be genuinely backbreaking for administrators to determine what just went wrong and how to correct the error. Many consider the packet sniffer to be the stovepipe tool for figuring out what is wrong with programs on a network (Neville-Neil, 2010). Examining packets as a starting point for puzzle out problems is useful because a packet is the most basic piece of data and holds information, including the proto col being used and source and destination address (Banerjee, Vashishtha, and Saxena, 2010). Basically, at the packet take aim of analysis, nothing is hidden when all layers are visible (Neville-Neil, 2010).Understanding the quantify of what happened is anformer(a) important factor in debugging network problems (Neville-Neil, 2010). This information can be easily attained by development a packet sniffing program. Essentially, packet sniffers allow you to find out the who, what, and when of a part, all of which are vital to showing how to fix a problem (Neville-Neil, 2010). at once these things are known, the administrator can determine what is ca apply the problem and how to go about fixing it.As soon as a problem occurs, the first gear recommended step is for the network administrator to use a packet sniffing program to enter all network traffic and wait for the bug to occur again (Neville-Neil, 2010). If the administrator already had a packet sniffing program with enter i n place, then he or she could go back and encounter the log records. Assuming the administrator did not arrest a log previously set up, the next step would be to only record as much information as necessary to repair the problem (Neville-Neil, 2010). It would not be a good idea to record either single packet of data because if too much data is collected, determination the error will be like finding a chevvy in a haystack although the administrator has likely never percolaten a haystack that big (Neville-Neil, 2010). For example, recording only one hour of Ethernet traffic on a LAN will capture a fewer hundred million packets, which will be too large to tell apart through (Neville-Neil, 2010). It goes without saying that the administrator should not record the data on a network file system because the packet sniffer will capture itself (Neville-Neil, 2010). Once the data is recorded, the administrator can examine the packets to analyze and understand what occurred to solve th e problem.Good Network OptimizationIn addition to solving network communication problems, packet sniffers can serve well administrators plan network capacity and perform network optimization (Shimonski, 2002). A packet sniffer allows users to view data that travels over a network packet by packet (Shimonski, 2002). However, rather than having to examine each packet, the appropriate sniffer program will perform the analysis for the administrator.The tools are e specificly useful because depending on the packet sniffing program used, the packet data will appear in an easy-to-understand format. Packet sniffers can often generate and display statistics and analyze patterns of network activity (Shimonski, 2002). selective information can appear in graphs and charts that make analysis and comprehension easy. Additionally, the network administrator can filter by selected criteria to capture only the germane(predicate) traffic rather than having to sort through irrelevant data (Shimonski, 2002). penetrating what programs and which users use the most bandwidth can help administrators manage resources efficiently and negate bandwidth bottlenecks.Good Detect Network MisusePacket sniffers can be used to monitor application traffic and user behavior (Dubie, 2008). This can be used to point out vitiate by company employees or by intruders. To use a packet sniffer to monitor employees legally, a network administrator must(prenominal) do three things. First, he must be on a network owned by the organization, second, he must be directly authorized by the networks owners, and finally, he must come across permission of those who created the content (Whitman, et al., 2008). Permission by content creators is deprivationed because packet sniffing is a method of employee monitoring (Whitman, et al., 2008). Typically, an employee will sign a ignition form when first employed that allows the employer to monitor the employees computer usage.By victimization a packet sniffer, employers can find out exactly how each employee has been spending his or her time. Packet sniffers can be used to see all activity and administrators can monitor for behaviors such as viewing inappropriate websites, spending time on the job on personal matters, or abusing company resources. For example, a packet sniffer program could show that a particular employee was downloading music at work, both violating organizational policies and using a large mensuration of network bandwidth (Dubie, 2008).Packet sniffers are also used to detect network intrusion, log traffic for forensics and evidence, dis blanket the source of attacks such as viruses or denial of service attacks, detect spyware, and detect compromised computers (Orebaugh, et al., 2007). A packet sniffer and logger that can detect vindictive entries in a network is a form of an intrusion detection system (IDS) (Banerjee, et al., 2010). The packet sniffer IDS consists of a database of known attack spots. It will then co mpare the signatures in the database to the logged information to see if a close match between the signature and recent behavior has occurred. If it has, then the IDS can send out an sprightly to the network administrator (Banerjee, et al., 2010). Despite this use of packet sniffers to detect intrusion, hackers have methods of making themselves very hard to detect and can use packet sniffers for their own advantages.Bad Gain Information for IntrusionIntruders maliciously and illicitly use sniffers on networks for an innumerable number of things. Some of the most unwashed are to capture cleartext usernames and passwords, discover usage patterns of users, compromise confidential or proprietary information, capture voice over IP (VoIP) telephone conversations, present out a networks layout, and fingerprint an operating system (Orebaugh, et al., 2007). The previously listed uses are illegal unless the user is a penetration tester hired to detect such types of weaknesses (Orebaugh, et al., 2007).An intruder must first gain entry to the communication cable in order to begin sniffing (Orebaugh, et al., 2006). This means that he must be on the same shared network segment or tap into a cable along the path of communication (Orebaugh, et al., 2007). This can be done in more an(prenominal) ways. Firstly, the intruder can be physically on-site at the target system or communications main course point (Orebaugh, et al., 2007). If this is not the case, the intruder can price of admission the system in a variety of ways. These include breaking into a certain computer and pose sniffing software that will be controlled remotely, breaking into an access point such as an Internet Service Provider (ISP) and installing sniffing software there, using sniffing software that is already installed on a system at the ISP, using social engineering to gain physical access to install the software, working with an inside accomplice to gain access, and redirecting or write communic ations to take a path that the intruders computer is on (Orebaugh, et al., 2007).Intruders can use sniffing programs designed to detect certain things such as passwords and then use other programs to have this data automatically sent to themselves (Orebaugh, et al., 2007). Protocols that are especially vulnerable to such intrusion include Telnet, File fare Protocol (FTP), Post Office Protocol version 3 (POP3), Internet Message Access Protocol (IMAP), Simple Mail Transfer architectural plan (SMTP), Hypertext Transfer Protocol (HTTP), Remote Login (rlogin), and Simple Network Management Protocol (SNMP) (Orebaugh, et al., 2007). Once the intruder has access to the network, he can collect data and use it as he likes. Common examples of stolen data include reference point visiting peak numbers and proprietary organizational secrets, but include anything the hacker desires. Although organizations may use a primarily switched network, they are not protected from sniffer attacks becau se many programs exist that allow packet sniffing in a switched network (Whitman, et al., 2008).Because intruders who use packet sniffers do not directly interface or connect to other systems on the network, they are considered to be a passive-type of attack (Orebaugh, et al., 2007). It is this passive nature that makes sniffers so difficult to detect (Orebaugh, et al., 2007). In addition to this, hackers use normally use rootkits to cover their tracks so that their intrusion will not be detected (Orebaugh, et al., 2007). A rootkit is a collection of trojan programs hackers use to replace the legitimate programs on a system so that their intrusion will not be detected (Orebaugh, et al., 2007). Rootkits replace commands and utilities that the hacker inputs and clears log entries so that there will be no record of his entry (Orebaugh, et al., 2007). Though it is difficult, there are some ways to detect rootkits. Methods of detection include using an alternate, trusted operating syste m, analyzing normal behaviors, scan signatures, and analyzing memory dumps (Rootkit, Wikipedia, 2011). Removing rootkits can be very complicated and difficult and if the rootkit is in the central operating system, reinstalling the operating system may be the only option (Rootkit, Wikipedia, 2011).The threat of eavesdropping by intruders is large and challenging. However, there are some defenses that can be taken to disallow hackers from using packet sniffers against an organization.Protecting Against Packet-Sniffers and Man-in-the-Middle AttacksPacket sniffing and man-in-the-middle attacks compromise the integrity and confidentiality of data while in transmission. Fortunately, there are several proficiencys that can be used by organizations and individuals to protect against these threats and reduce risk. Specifically, technology, policy, and education are typically used to cover all aspects of security. TechnologyEncryption is the best form of protection against any kind of packet interception (Orebaugh, et al., 2007). The reason behind this is that even if the data is captured by the packet sniffer, the information is completely unreadable by the attacker (Orebaugh, et al., 2007). By using this technique, messages are encrypted once the data leaves the senders computer. Both sender and liquidator hold a key that decrypts the message being transferred. Most commonplace websites apply a level encryption by using the HTTP unattackable (HTTPS) protocol. With this technology, the contact between the web server and the users computer is encrypted making the information intercepted by a third party useless. Currently, most popular websites such as Google, Facebook, Yahoo, and Twitter use the https technology. However, some sites (such as Amazon.com) use https only at the login page and fail to provide a secure connection afterwards. In order to assure complete security, it is important to apply the https protocol throughout the users browsing experience. The m ain disadvantage of this feature is that it slightly slows down the users connection. Email can also be protected from packet sniffers by using encryption. Email extensions such as Pretty Good security system (PGP) can be easily implement using standard email platforms like Microsoft Outlook (Orebaugh, et al., 2007). Once sender and receiver start using the encryption techniques, intercepted email messages cannot be interpreted by an attacker (Orebaugh, et al., 2007). some other way to protect against sniffers is by using One Time Passwords (OTP). With this method, a different password is sent both time the authentication is bespeak to the user (Orebaugh, et al., 2007). Similarly to the case of encryption, if a third party intercepts somebodys password, this information will be useless since these can only be used once (Orebaugh, et al., 2007). This technology can be extremely useful to keep in line security however, remembering new passwords for each login can be very challen ging and frustrating for most users.A new security technique called quantum encryption is also provides good protection against sniffing attacks. This technique consists of making each bit of data as small as a photon (McDougall, 2006). The data is then transferred across fiber-optic lines. If the information is picked up and intercepted by any kind of packet sniffer, the constitutional photon message is disrupted, ending up the entire transmission (McDougall, 2006). A technology like this would make it impossible to intercept information since the communication will be cut in the case of interception. However, it requires fiber-optic Internet connections, which many service providers do not own and its installation can be expensive.PolicyInformation security professionals can help secure employees connections by requiring the use of any of the technologies explained before. For example, if certain employees need to access websites that are outside of the organizations network, the y should be allowed to use only websites that use the https protocol such as Google and Yahoo. Policies requiring Access Control Lists (ACL) can also help baffle sniffer attacks. All secured networks and assets should be supported by an ACL to prevent unauthorized access. Additionally, physical security policies should be implemented to efficiently protect the computer and server rooms in the organization. Unauthorized access to these spots could cause the installation of sniffer programs and equipment.EducationEvery security initiative should have a bringing up program supporting it. Basic but regular training sessions given to employees about the dangers of packet sniffing can prove to be very valuable when protecting a network. Security facts such as not allowing strangers to computer rooms should be explained to all employees.Example and Demonstration of a Packer-Sniffer Program WiresharkOriginally named Ethereal, Wireshark is a free and open-source packet analyzer (sniffer) typically used by network and security professionals for troubleshooting and analysis (Orebaugh, et al., 2007). However, many potential attackers also use it to perform man-in-the middle attacks and gain information for password cracking. Wireshark is useable for most operating systems (including OS X, Windows, and Linux) and allows users to see all the traffic that goes through a specific network (Orebaugh, et al., 2007).Wireshark differs from other packet-sniffer programs principally because of its easy-to-understand format and simple Graphical User Interface (graphical user interface) (Orebaugh, et al., 2007). Wireshark can be easily set up to capture packets from a specific channel. Once the program is running, all the network packets are shown in the screen. The top display panel (summary panel) shows a summary of the entire packet, including source, destination, and protocol information (Orebaugh, et al., 2007). Since one immediate web browse can provide a large amount of pa ckets, Wireshark solves packet browsing issues by categorizing each packet according to its type and showing each category with a specific color in the GUI. Additionally, the user has the option of applying filters to see only one type of packets. For example, only packets dealing with http functions may be shown. The middle panel in the GUI is called the protocol-tree window. It provides decoded information of the packet (Orebaugh, et al., 2007). Finally, the bottom panel (data view window) shows the raw data of the packet selected in the Summary panel (Orebaugh, et al., 2007). Figure 1 shows a screenshot of Wireshark while running and graphically shows the three main panels of the GUI.Figure 1 Screenshot of Wireshark while running and the three main panels.To troubleshoot network problems, Information Systems professionals use Wireshark by installing the sniffer program in various locations in the network and seeing which protocols are being run in each location (Orebaugh, et al. , 2007). Additionally, if the sniffer is placed in a location where it can capture all data flowing to the main server, Wireshark can detect network misuse by providing the source and destination of all packets. For example, if an employee in a company uses his computer to access inappropriate websites, Wireshark will show the employees and the websites IP addresses in the source and destination columns with detailed information about the website in the info column and the protocol tree panel.It is easy to see how useful Wireshark is for network troubleshooting and identifying misuse however, the program can also be used with malicious intent. For example, the program can be used to find out passwords on unencrypted websites. To demonstrate this case, the username john_doe_user and password 123mypasswrd were used to log in to the unencrypted and unsecured www.bit.ly website. At the same time, Wireshark was set up to capture all packets in the computer. after the packets were capture d by the sniffer, the data can easily be filtered by the http category. In the info column, a packet labeled POST means that someone has entered text to a website. After clicking on this specific packet, all the username and password information can be seen in the center section of Wireshark (as shown in figure 2). Unencrypted and unsecured websites are very vulnerable to these types of attacks. On the other hand, websites using the https security feature prove to be safer for users. For example, the same situation as before was applied to the encrypted website www.facebook.com by trying to log in, but Wireshark was unable to capture any packets with login information.Figure 2 Wireshark screenshot showing username and password. new(prenominal) types of malicious attacks can also be performed with Wireshark. For example, some toolkit add-ins to Wireshark such as Dsniff and Ettercap can be used to perform man-in-the-middle attacks and password cracking (Orebaugh, et al., 2007). regu lar(a) if the incoming data is encrypted, these tools can crack some passwords by using dictionary brute force attacks (Orebaugh, et al., 2007).Case Study A dearly-won attack at Dave BustersIn 2007, the popular restaurant chain Dave Busters experience the power of malicious packet-sniffing software attacks. A multinational group of hackers was able to penetrate the companys corporate network and install basic packet-sniffing software at 11 of the chains restaurant locations (Thibodeau, 2008). During a four-month period, the attackers were able to intercept node credit card data going from Dave Busters restaurant locations to the corporate render network in Dallas (McMillan. 2008). highly sensitive information such as credit card numbers and security codes were sold to criminals, who used this data to perform fraudulent transactions to online merchants (McMillan, 2008). The attack proved to be very profitable for the hackers. For example, from information coming from only one restaurant location, the criminals were able to gain over $600,000 in profits (McMillan, 2008). It was estimated that approximately 130,000 credit or debit cards were compromised by this attack (Westermeier, 2010).To access Dave Busters network, the attackers simply host around a restaurant location with a laptop computer and took advantage of vulnerable wireless signals to access the computer networks (Westermeier, 2010). Malicious sniffing software was then installed in the network to intercept credit and debit card information (Westermeier, 2010). The packet-sniffing software was written by one of the groups hackers and consisted of SQL injection attacks (Thibodeau, 2008). However, many organizations have stated that the code was not very impressive. For example, the CERT Coordination Center set forth the programs source code as a college-level piece of technology (Thibodeau, 2008). Additionally, the malicious code had one weakness it would shut down every time the computer th at was monitoring rebooted (McMillan, 2008). Therefore, the criminals had to go back to the restaurant location, gain access, and re-start the packet-sniffer every time this happened. The fact that this costly program was developed by someone with just basic programming skills and how they consistently gained access to the network highlights the escape of protection of Dave Busters security systems. According to the Federal Trade Commission (FTC), Dave Busters information security systems and policies did not provide the necessary security features to protect customers information (Westermeier, 2010). The attackers were able to access the network not just once, but repeatedly over a time frame of four months (Westermeier, 2010). The fact that the company was oblivious to these multiple intrusions during a long time period proves that they were vulnerable to attacks and that Dave Busters did not apply any Intrusion Detection Systems (IDS) to their networks, nor did they monitor outbound traffic (Westermeier, 2010). Additionally, sensitive customer information was not given special protection. Credit card data was transferred across simple unprotected and unencrypted networks (Westermeier, 2010). What could Dave Busters have done?First of all, private networks should have been protected in a better way. It was just too easy for hackers to gain access and install malware. By allowing only a specific group of IP addresses, or granting only temporary access, the firm could have been safe from unauthorized access by strangers. But even in the case of hacker access, tools such as IDS can help monitor the network during an attack. If the company had implemented an IDS in their network, the unauthorized intruders would have been detected in time to prevent losses.Additionally, by treating sensitive data differently than regular communications, the company could have considerably reduced the threat. Dave Busters could have simply used readily available firewall s ystems to the networks that held customer data (Westermeier, 2010). Encryption devices could have also proven to be useful. If link encryptors had been used, the intercepted data would have been completely useless for the hackers. Data closing off could have also been useful. The firm could have disordered the payment card systems from the rest of the corporate network (Westermeier, 2010). Sensitive information did not inescapably require connection to the Internet so the company should have separated these transmissions from the network.Finally, a general company-wide policy requiring access restriction, IDS installation, firewall usage, and sensitive data isolation throughout all restaurant locations could have been extremely useful. A same and thorough information security policy along with a panoptic training program given to specific employees would help enforce the security features. Considering that Dave Busters had not implemented any of the security features explained in this section, it is obvious that their story would have been different if these techniques had been used.ConclusionPacket sniffing is a sophisticated subject that wears two hats. It can be used for either good or evil depending on the intentions of the person using the program. It can help with analyzing network problems and detect misuses in the network for good purposes. Meanwhile, it can also help hackers and other cyber-criminals steal data from insecure networks and commit crimes, as in the case of Dave Busters. The best way to protect data from being sniffed is to encrypt it. Necessary policies and training also help with the protection. As technology evolves, there will be more and more ways to commit cyber crime. Extremely sensitive data like credit card information and wellness care data should be well protected, from the perspectives of both the business and personal. In order to protect this information, organizations and individuals must be aware of the threat of pa cket sniffers.