Worth reading.. much more on the link.
---------------------------------
What is Hacking?
The term hacking initially referred to the process of finding solutions to rather technical issues or problems. These days, hacking refers to the process whereby intruders maliciously attempt to compromise the security of corporate networks to destroy, interpret, or steal confidential data or to prevent an organization from operating.
Terminologies that refer to criminal hacking:
- Cracking
- Cybercrime
- Cyberespionage
- Phreaking
To access a network system, the intruder (hacker) performs a number of activities:
- Footprinting: This is basically the initial step in hacking a corporate network. Here the intruder attempts to gain as much information on the targeted network by using sources that the public can access. The aim of footprinting is to create a map of the network to determine what operating systems, applications, and address ranges are being utilized and to identify any accessible open ports.
The methods used to footprint a network are:
- Access information publicly available on the company website to gain any useful information.
- Try to find any anonymous File Transfer Protocol (FTP) sites and intranet sites that are not secured.
- Gather information on the company’s domain name and the IP address block being used.
- Test for hosts in the network’s IP address block. Tools such as Ping or Flping are typically used.
- Using tools such as Nslookup, the intruder attempts to perform Domain Name System (DNS) zone transfers.
- A tool such as Nmap is used to find out what the operating systems are that are being used.
- Tools such as Tracert are used to find routers and to collect subnet information.
- Port scanning: Port scanning or scanning is when intruders collect information on the network services on a target network. Here, the intruder attempts to find open ports on the target system.
The different scanning methods that network attackers use are:
- Vanilla scan/SYNC scan: TCP SYN packets are sent to each address port in an attempt to connect to all ports. Port numbers 0 – 65,535 are utilized.
- Strobe scan: Here, the attacker attempts to connect to a specific range of ports that are typically open on Windows based hosts or UNIX/Linux based hosts.
- Sweep: A large set of IP addresses are scanned in an attempt to detect a system that has one open port.
- Passive scan: Here, all network traffic entering or leaving the network is captured and traffic is then analyzed to determine what the open ports are on the hosts within the network.
- User Datagram Protocol (UDP) scan: Empty UDP packets are sent to the different ports of a set of addresses to determine how the operating responds. Closed UDP ports respond with the Port Unreachable message when any empty UDP packets are received. Other operating systems respond with the Internet Control Message Protocol (ICMP) error packet.
- FTP bounce: To hide the attacker’s location, the scan is initiated from an intermediary File Transfer Protocol (FTP) server.
- FIN scan: TCP FIN packets that specify that the sender wants to close a TCP session are sent to each port for a range of IP addresses.
- Enumeration: The unauthorized intruder uses a number of methods to collect information on applications and hosts on the network and on the user accounts utilized on the network. Enumeration is particularly successful in networks that contain unprotected network resources and services:
- Network services that are running but are not being utilized.
- Default user accounts that have no passwords specified.
- Guest accounts that are active.
- Acquiring access: Access attacks are performed when an attacker exploits a security weakness so that he/she can obtain access to a system or the network. Trojan horses and password hacking programs are typically used to obtain system access. When access is obtained, the intruder is able to modify or delete data and add, modify, or remove network resources.
The different types of access attacks are:
- Unauthorized system access entails the practice of exploiting the vulnerabilities of operating systems or executing a script or a hacking program to obtain access to a system.
- Unauthorized privilege escalation is a frequent type of attack. Privilege escalation occurs when an intruder attempts to obtain a high level of access, like administrative privileges, to gain control of the network system.
- Unauthorized data manipulation involves interpreting, altering, and deleting confidential data.
- Privilege escalation: When an attacker initially gains access to the network, low level accounts are typically used. Privilege escalation occurs when an attacker escalates his/her privileges to obtain a higher level of access, like administrative privileges, in order to gain control of the network system.
The privilege escalation methods that attackers use are:
- The attacker searches the registry keys for password information.
- The attacker can search documents for information on administrative privileges.
- The attacker can execute a password cracking tool on targeted user accounts.
- The attacker can use a Trojan in an attempt to obtain the credentials of a user account that has administrative privileges.
- Install backdoors: A hacker can also implement a mechanism such as some form of access granting code with the intent of using it at some future stage. Attackers typically install back doors so that they can easily access the system at some later date. After a system is compromised, users can remove any installed backdoors by reinstalling the system from a backup that is secure.
- Removing evidence of activities: Attackers typically attempt to remove all evidence of their activities.
What are Hackers or Network Attackers?
A hacker or network attacker is someone who maliciously attacks networks, systems, computers, and applications and captures, corrupts, modifies, steals, or deletes confidential company information.
A hacker can refer to a number of different individuals who perform activities aimed at hacking systems and networks and it can also refer to individuals who perform activities that have nothing to do with criminal activity:
- Programmers who hack complex technical problems to come up with solutions.
- Script kiddies who use readily available tools on the Internet to hack into systems.
- Criminal hackers who steal or destroy company data.
- Protesting activists who deny access to specific Web sites as part of their protesting strategy.
Hackers these days are classified according to the hat they wear. This concept is illustrated below:
- Black hat hackers are malicious or criminal hackers who hack at systems and computers to damage data or who attempt to prevent businesses from rendering their services. Some black hat hackers simply hack security protected systems to gain prestige in the hacking community.
- White hat hackers are legitimate security experts who are trying to expose security vulnerabilities in operating system platforms. White hat hackers have the improvement of security as their motive. They do not damage or steal company data nor do they seek any fame. These security experts are usually quite knowledgeable about the hacking methods that black hat hackers use.
- Grey hat hacker: These are individuals who have motives between that of black hat hackers and white hat hackers.
http://www.tech-faq.com/network-attacks.html