By Yuval Shavit, Features Writer
Network penetration tools are software tools that allow the user to discover information about networks and either spy on or interfere with traffic on that network. Network penetration software can be used with good intentions to look for security or performance holes in your client's network, a process sometimes referred to as ethical hacking. But those same tools can also be used by hackers to exploit those holes. In effect, a systems integrator running a penetration test for a client is trying to hack into a client's network and then fix whatever network security gaps he finds.
Most network penetration tools have been around for a long time, and many are open source. Standard functions include gathering information about a network's topology, scanning for port vulnerabilities and launching denial-of-service (DoS) attacks. Once hackers learn about a network's vulnerabilities, they can use those security gaps to gain access to the network and try to exploit other weaknesses, like buffer overflows or SQL injection.
If you're conducting a network penetration test (also known as a "pen test"), you should work as if you do not have any knowledge of your client's network -- that is, from the same perspective as a malicious hacker. Network penetration tools will give you an overview of that network, and you can then focus on areas that look like they may contain weaknesses.
Be sure to pen test your clients' WLANs as well. Common WLAN exploits include packet sniffing and sending out fake packets, either to cause a denial of service or to steal sensitive information. For instance, Windows XP's default behavior is to automatically try to connect to a wireless network if it has previously connected to another network with the same SSID. A hacker may set up an alternate access point with the same SSID and then issue packets to wireless devices telling them to drop their current connections. If the connections are dropped, there is a chance that the devices will reconnect to the hacker's access point instead of their company's; at that point, the hacker can easily monitor traffic to gain sensitive data, including passwords.
Because ethical hacking is still hacking, it is important to specify exactly what you are doing in a contract before you start the pen test and indemnify yourself from damages. As a follow-up to the test, you should also run training sessions to address the human element of security risks, like bad passwords or phishing scams in which hackers pose as IT staff and request a user's password for maintenance.
This was first published in February 2008