Hacking
The word hacking or hacker has significantly changed its meaning from past to now. For years, "hacker" was a positive term that described computer enthusiasts who had a zeal for computer programming. Those who hacked took pride in their ability to write computer programs that stretched the capabilities of computer systems and find clever solutions to seemingly impossible problems. Although many computer enthusiasts still ascribe to this definition, the everyday usage of the word has changed significantly. Today, "hacking" generally refers to individuals who break into computer systems or use their programming skills or expert knowledge to act maliciously. Traditional hackers—the good kind—prefer to use the term "cracker" to refer to these individuals.
Hacking can be of any types or any ways of act. Some of the most common types of hacking include:
- Breaking into computer networks;
- Bypassing passwords or copy protection in computer software;
- Defacing and/or damaging Internet web sites;
- Causing a denial of service attack on a web site or network (preventing legitimate users from accessing a web site);
- Stealing valuable information such as passwords and credit card data.
Experts have identified six steps that are generally followed in the hacking process. These include
(1) footprinting (reconnaissance);
(2) scanning;
(3) enumeration;
(4) penetration;
(5) advance; and
(6) covering tracks.
Footprinting.
The first technique often used by hackers is called footprinting or homework on the target. The objective is to gather information essential to an attack and enable an attacker to obtain a complete profile of an organization's security posture. During this phase, the hacker might gain information about the location of the company, phone numbers, employee names, security policies, and the overall layout of the target network. Often, hackers can perform this work with a simple web browser, a telephone, and a search engine. Unfortunately, humans are often the weakest security link in a corporation. A clever phone call to the technical support department can often compromise critical information: "Hi—this is Prakysh and I forgot my password. Can you remind me what it is?"
Scanning.
Next, hackers perform scanning to gain a more detailed view of a company's network and to understand what specific computer systems and services are in use. During this phase, the hacker determines which systems on the target network are live and reachable from the Internet. Commonly used scanning techniques include network ping sweeps and port scans . A ping sweep lets the attacker determine which individual computers on the network are alive and potential targets for attack. Port scanning can be used to determine what ports (a port is like a door or window on a house) are open on a given computer, and whether or not the software managing those ports has any obvious vulnerabilities.
Enumeration.
The third phase is the process of identifying user accounts and poorly protected computing resources. During the enumeration stage, the hacker connects to computers in the target network and pokes around these systems to gain more information. While the scanning phase might be compared to a knock on the door or a turn of the doorknob to see if it is locked, enumeration could be compared to entering an office and rifling through a file cabinet or desk drawer for information. It is definitely more intrusive.
Penetration.
During the fourth phase, penetration, the attacker attempts to gain control of one or more systems in the target network. For example, once an attacker has acquired a list of usernames during enumeration, he can usually guess one of the users' passwords and gain more extensive access to that user's account. Alternatively, once the attacker has determined that a target computer is running an old or buggy piece of software or one that is configured improperly, the hacker may attempt to exploit known vulnerabilities with this software to gain control of the system.
Advance.
In the advance phase of hacking, the attacker leverages computers or accounts that have been compromised during penetration to launch additional attacks on the target network. For instance, the attacker can break into more sensitive administrator root accounts, install backdoors or Trojan horse programs, and install network sniffers to gather additional information (for example, passwords) from data flowing over the network.
Covering Tracks.
In the final phase of hacking, the hacker eliminates any records or logs showing his malicious behavior. By deleting log files, disabling system auditing (which would otherwise alert the administrator to malicious activities), and hiding hacking files that the hacker has introduced, he can cover his tracks and avoid detection. Finally, the hacker can install a root kit—a series of programs that replace the existing system software to both cover his tracks and gather new information.
Hope you enjoy the ways of hacking and be able to trace the hackers so go on buddies enjoy the technology.
No comments:
Post a Comment