Free Essay

Phases of Attack from a Hacker

In: Computers and Technology

Submitted By hbidawi
Words 366
Pages 2
Phases of Attack from a Hacker

There are five phases that a hacker will go thru when trying to attack your system. Each one is different and requires different ways to limit the hacker’s ability to gain information about your system.
The first phase is reconnaissance, this can be passive or active. One of the things that a hacker might try is social engineering to gain information on the system. The best way to combat this, is by training and more training of the employees on the various ways that a hacker will attempt to get information. There is also dumpster diving, the only way to combat this is to make sure that the information that is being of disposed is of such a nature that it is useless to them. Information that they could use to gain access to the system, should be destroyed in such a way that it cannot be reconstructed in any way. Also a hacker could try sniffing the network, this is where system hardening will assist in preventing the hacker from gaining information.
The second phase is scanning, in this phase the hacker will try to scan the network to see what information he can obtain to assist him in determining what weakness exist. This scanning he can find out such information as to what type of OS is being used, the version of the OS, and many other things about the network. To help prevent him from getting this information, system hardening is the best defense. This will include but not limited to disabling all ports but those that are needed, turning off certain ICMP features which give out information. The use of firewalls and access list are also helpful.
Gaining Access, is just what it name implies. This is where the hacker attempts to use the information that he has gather in the first two phases to access the network. He may only have information on someone other than the network admin, but this does not stop him, since he know of ways to use as a stepping stone to getting root access. This is where the current patches, hot fixes and updates have in place. Also...…...

Similar Documents

Premium Essay

Hacker

...University of Phoenix Alejandro Granados Keeping the Hacker Out CMGT / 440 Oct/3/2011 Keeping the Hacker Out Knowledge is the best way to keep systems secure. According to an article on Security News Week Magazine, knowing what methods the hackers use to attack is the best weapon a CEO can use to protect its company data. And whether or not he can prevent an attack knowing a Hacker “know how” Is the best way to identify future potential treats to a company’s network. According to Terry Cutler in an article posted on Security Week magazine . People responsible of company network are familiar with web defacing and executive spear phishing They have become aware that hackers are waiting and gathering information and concealing themselves Also known as footprinting. When hackers attack it doesn’t just cost millions to a company but also earned reputations can be compromised or destroyed. SIEM or Security Information and Event Management software are necessary automation tools for a company network security, That determine the severity of treats . SIEM is capable of detecting suspicious employee activity which is extremely important. Let’s say a swipe card system identifies an employee entering the company office after business hours in Montreal, then it identifies the same employee entering another company facility 20 miles away. If each entrance occurs within a space of 20 minutes, something is off because it is impossible for one person to travel 20 miles...

Words: 629 - Pages: 3

Free Essay

Hackers

...Hackers have been around for too long, usually associated with dark themes and “the evil side” they represent the minority of IT Gurus that just have too much time on their hands, and a touch of evilness. Usually represented with a skull or “horrifically” they are iconic in a never ending battle against internet crime. Your hosting provider should have set up your server with a certain amount of security built-in. However, there’s much you can do yourself to ensure your site stays unmolested. Hackers play an “unwanted” yet a significant role on the net, it creates thousands if not millions of jobs, in the IT field but they are a menace to webmasters, such as you and me alike. Not to worry, because the following list of “Ten Tips” aims to tell you a little about the way malicious hackers work, and some ways of protecting your site-and inevitably preserving the privacy of your visitors. Ten Tips to Prevent Hackers 10) Comment Attacks Comments are one of most prized features for blogs, and helps create a great relationship between the author and the reader, and also between readers in the wider community. It would also be easy for someone to insert HTML code that causes trouble. You need to “validate” the form input before it’s accepted, to strip out all but the most basic HTML tags, for example and also if you’re using WordPress – you can utilize the “Keyword Filter” to block out any harsh words that might raise an issue or two. 9) Unsolicited Installation of Scripts It can be......

Words: 1120 - Pages: 5

Premium Essay

List Phases of a Computer Attack

...List Phases of a Computer Attack Unit 9 Assignment 1 Phase 1 - Reconnaissance Reconnaissance is probably the longest phase, sometimes lasting weeks or months. The black hat uses a variety of sources to learn as much as possible about the target business and how it operates, including * Internet searches * Social engineering * Dumpster diving * Domain name management/search services * Non-intrusive network scanning Phase 2 - Scanning Once the attacker has enough information to understand how the business works and what information of value might be available, he or she begins the process of scanning perimeter and internal network devices looking for weaknesses, including * Open ports * Open services * Vulnerable applications, including operating systems * Weak protection of data in transit * Make and model of each piece of LAN/WAN equipment Phase 3 - Gaining Access Gaining access to resources is the whole point of a modern-day attack. The usual goal is to either extract information of value to the attacker or use the network as a launch site for attacks against other targets. In either situation, the attacker must gain some level of access to one or more network devices. In addition to the defensive steps described above, security managers should make every effort to ensure end-user devices and servers are not easily accessible by unauthenticated users. This includes denying local administrator access to business users and closely monitoring domain and......

Words: 484 - Pages: 2

Free Essay

Phases of Attack from a Hacker

...There are five phases that a hacker will go thru when trying to attack your system. Each one is different and requires different ways to limit the hacker’s ability to gain information about your system. The first phase is reconnaissance, this can be passive or active. One of the things that a hacker might try is social engineering to gain information on the system. The best way to combat this, is by training and more training of the employees on the various ways that a hacker will attempt to get information. There is also dumpster diving, the only way to combat this is to make sure that the information that is being of disposed is of such a nature that it is useless to them. Information that they could use to gain access to the system, should be destroyed in such a way that it cannot be reconstructed in any way. Also a hacker could try sniffing the network, this is where system hardening will assist in preventing the hacker from gaining information. The second phase is scanning, in this phase the hacker will try to scan the network to see what information he can obtain to assist him in determining what weakness exist. This scanning he can find out such information as to what type of OS is being used, the version of the OS, and many other things about the network. To help prevent him from getting this information, system hardening is the best defense. This will include but not limited to disabling all ports but those that are needed, turning off certain ICMP features which...

Words: 399 - Pages: 2

Free Essay

Phases of a Computer Attack

...List Phases of Computer Attack The reconnaissance and probing phase is when an attacker collects information to figure out how to attack. This is like a blue print to find out what vulnerabilities exist within a network. They may search the internet to use DNS and ICMP tools within the TCP/IP protocol suite, Standard and customized SNMP tools, Port scanners and mappers, and security probes. The ICMP (Internet Control Management Protocol) ping commands are available on most computer operating systems. It enables attackers to verify that target systems are reachable. They can use the ping command with a number of extension flags to test direct reachability between hosts. The SMTP tools and port scanners are other methods of finding holes within a network. Once an attacker reaches a target network, they may want to explore and see which systems and services are accessible. The attacker may want to use several port-scanning applications. NMap is one of the popular applications to use in this case. They allow an attacker to discover and identify hosts by performing ping sweeps, probe for open TCP and UDP service ports, and identify operating systems and applications running. Once an attacker probes a network for possible vulnerabilities, they must access the target systems. The goal is to establish the initial connection to a target host, and then gain administrative rights to the system. A method of gaining access is to capture or crack passwords. The attacker......

Words: 279 - Pages: 2

Free Essay

Sony Reels from Multiple Hacker Attacks

...Introduction The case that is discussed in this paper is Sony Reels from Multiple Hacker Attacks. The paper will touch different points regarding this case. One of the interest points refers to the Sony PSN debacle and the costs of the incident. Another interest point refers to gaming and virtual services over the Internet, such as WOW, SL, and Sony PSN. The paper also focuses on catching hackers and sentencing them (whether or not they should be). Another point of the paper is to discuss whether or not it is good for companies not to admit when there is a data breach within their system. The last point of discussion refers to a personal example of identity theft. Sony Reels from Multiple Hacker Attacks According to International Business (2011), the last time that Sony's Playstation Network has been attacked was in May 2011 because multiple users have reported complaints to the company. There has been more than $1,200 stole from the accounts of the users. This may not be a large sum of money, but it is something. Anyway, security experts consider that this company is sill vulnerable to cyber attacks from all over the world. Sony PSN has been hacked several times during its history. There are gaming and virtual services over the Internet like the World of Warcraft, Second Life, and Sony's PSN. Each of these services are paid and the companies store credit information online. In order to be protected and to protect the information of their consumers, these companies......

Words: 738 - Pages: 3

Free Essay

Hacker Techniques

...system is to collect as much information as you can. You may start with domain name, from there try to obtain an IP address to open ports, then try to see what operating system is running, and finally see what applications are running and what versions of software are being used to run that system. Scanning is when you use information gathered in the reconnaissance step to detect vulnerabilities of the targeted system in order to deploy hacking tools. It is common practice that attacker will use automated or semi-automated tools to conduct security surveys and to generate reports of security-related vulnerabilities. Gaining Access phase is where the actual hacking takes place. Vulnerabilities that were discovered during the reconnaissance and scanning phase are now exploited to gain access. The method of how the hacker was able to exploit a connection can be a local area network (LAN, either wired or wireless), local access to a PC, the Internet, or offline. In Maintaining Access Phase a hacker has already gained access, and wants to maintain that access for future exploitation and attacks. Hackers sometimes harden a system in order to keep other hackers or security personnel out by securing their exclusive access with backdoors, rootkits, and Trojans. Once the hacker owns the system, they can use it as a base to launch additional attacks. Covering Tracks Phase is where the hackers have been able to gain and maintain access; they cover their tracks in order to......

Words: 463 - Pages: 2

Free Essay

Hackers

...bandwidth (under 20 kHz using common microphones, and a few hundred kHz using ultrasound microphones), many orders of magnitude below the GHz-scale clock rates of the attacked computers. In this paper we describe a new acoustic cryptanalysis key extraction attack, applicable to GnuPG’s current implementation of RSA. The attack can extract full 4096-bit RSA decryption keys from laptop computers (of various models), within an hour, using the sound generated by the computer during the decryption of some chosen ciphertexts. We experimentally demonstrate that such attacks can be carried out, using either a plain mobile phone placed next to the computer, or a more sensitive microphone placed 4 meters away. Beyond acoustics, we demonstrate that a similar low-bandwidth attack can be performed by measuring the electric potential of a computer chassis. A suitably-equipped attacker need merely touch the target computer with his bare hand, or get the required leakage information from the ground wires at the remote end of VGA, USB or Ethernet cables. ∗ The authors thank Lev Pachmanov for programming and experiment support during the course of this research. 1 Contents 1 Introduction 1.1 Overview . . . . . . . . . 1.2 Acoustic attack scenarios . 1.3 Related work . . . . . . . 1.4 Paper outline . . . . . . . 2 Experimental setup 2.1 Lab-grade setup . . 2.2 Portable setup . . 2.3 Mobile-phone setup 2.4 Distant acquisition . . . . . . . . . . . . . . . . . . . . . . . . . . . .......

Words: 23246 - Pages: 93

Premium Essay

Hacker

...Hacking Describe a negative aspect of ICT’s impact on the information society. Describe how ICT has brought this about and what society is has done in response to it. Abstract Hacking has been and still disease different societies suffer from. The essay aims to provide the reader with knowledge regarding the effects hacking caused to our society, and how the society responded and tried to solve or minimize those effects. Different issues regarding hacking are discussed, such as the motivations that were behind guiding hackers who were at first computer professional to perform unauthorized activities, at the same time a discussion about the types of attacks can be found. The society response to hacking attacks lacks till this moment the ability to stop or completely prevent attacks from happening because as long as security tools are developed, more sophisticated hacking attacks are invented. That’s why we should start to think about hacker’s psychology as the main way to prevent and stop attacks by understanding their needs or desires. Introduction The Oxford English Dictionary defines hacking as “cut or chop roughly; mangle: cut (one’s way)”… to its present definition as “gain unauthorized access (to data in a computer)”. Banks (1997:11) defines hacking as “something that boring mainframe computer operators did to improve performance and battle boredom.” Here banks focuses on boredom as the reason of hacking. A more technical definition of hacking......

Words: 4368 - Pages: 18

Free Essay

Strategies for Protecting Our Systems from Internal or External Attacks

...configuration management 6 Application Whitelisting 6 Disk and filesystem-level Encryption 7 Tiered level authentication and Biometric level access 7 Risk Mitigation Strategies 7 Conclusion 10 Bibliography 11 Introduction The purpose of this white paper is to demonstrate the strength and potential weaknesses of the firms’ computer systems, and also to address the upper managements concerns over a possible threat of an internal or external attack to our systems. In this paper we will also be discussing the steps that have been taken to secure our systems against both forms of attacks; we will also be exploring risk mitigation strategies that serve as a means to help prevent such attacks from ever occurring. As with ever system, there is always the possibility of a sophisticated attack being invented that is capable of breaching our systems, so we will be addressing the strategies and steps that will be taken in the event that our systems are ever breached by an internal or external attack. System Description The system in question that is being used by the organization is the Dell Precision R5500 Rack Workstation. We currently have a total of 20 such workstations and our systems are equipped with the latest technological components and software to offer protection, flexibility and peak performance at all times. The table below highlights the different configurations for the system, ours being of the highest available......

Words: 1763 - Pages: 8

Free Essay

Russian Hackers Attack the White House

...| Russian hackers attack the white house | | | Michae haven | 4/27/2015 | | On April 8, 2015 CNN did a report on a security breach involving the white house and the state department. This attack was done allegedly by Russian hackers in an attempt to gain states secrets. The hackers had gained access to the state departments computers via a phishing email attack. The attack was found out by suspicious activity that was happening on the white house computers. This attack allowed them full access to the state department’s computers and eventually they were able to convince someone to give them access to the white house’s non classified systems where sensitive information like the presidents non-published schedule and other information. The state department had been battling the hackers for months on trying to keep the hackers out but with no success at doing so. The systems were taken off line in an attempt to purge the mal-ware that was installed that gave the access to the systems and for new security measures to be put into place to help prevent future attacks on the systems. (Prokupecz, 2015) The attack was done by using a phishing scam. The way this works is first someone sends a message to a user, in this case it was by an email, trying to convince the user that they are someone from inside their work place, representing an event from the work place, or represents themselves as a trusted source. They then get the user to click on a web link that......

Words: 891 - Pages: 4

Free Essay

Attack Methodology and Countermeasures

...Attack Methodology and Countermeasures Strayer University SEC420 Professor Gillen July 24, 2015 Attack Methodology and Countermeasures When most people hear the term “hacker” they think of an evil person committing crimes by hacking into their computers to steal, destroy and/or steal identities. This is so in some cases, but not all hackers are bad. Hackers are merely curious technically skilled individuals who gain unauthorized access to computers, networks of various companies, organizations and individuals. Good hackers are considered white hat hackers. They are the ones, who are hired to break into systems as a way of testing the vulnerabilities and security issues that may be present in the computer system. Consider this: company XYZ, a mid-sized corporation, is in the middle of satisfying their regulatory compliance needs.  The manager of security at the company has been tasked by the CIO (Chief Information Officer) to report on the company’s current security posture. If the manager decided to outsource an ethical or white hat hacker in attempt to test their security measures. Over the course of this document various things the third party hacker would need from the company, things he or she would provide to the company and some predictions for the tests. In order to exploit the targeted systems the initial steps to gain as much information as possible about the targets. In this case, the manager is the contact in which questions may be posed. The hacker......

Words: 1432 - Pages: 6

Premium Essay

A Transition Phase: from Melting Pot to Salad Bowl

...HICHAM ZAIDI History 202 900041277 Essay I The late nineteenth century was the transition phase of the history of the US. Everything started with second industrial revolution (1850’s). It led to major developments like easier communication and transportation, and vast technological and scientific advancements. Big industries and factories arose, altering life styles… America became the attractive spot for all immigrants for its seeming endless new opportunities. People from all over the world, from all the different cultures came to the US to form what we called the “Salad Bowl”. Often these cultures were antagonistic to one another. Communities were formed and each one strictly reserved on itself to conserve itself, but they were to face new social “phenomena” that contradicted their beliefs and customs. Those new social trends were born from industrialisation, being a necessity to its functioning, but disoriented people from their traditional vision, of life in general. They, thus, sought justification to their altered social behaviours due to new living conditions. The post-industrial period, was as a historian calls it: the era representing a “SEARCH FOR ORDER”. It was distinctively manifested professionally and intellectually. The contributions brought, by industrialisation, to the transportation and communication patterns were......

Words: 1036 - Pages: 5

Premium Essay

Attack

...Attack Prevention Trent Lucas CMGT/441 February 27th, 2012 Jude Bowman Attack Prevention Preventing unauthorized access to an organization’s network and resources requires a comprehensible defensive strategy, which includes effective technological tools, and user awareness (“Attack Prevention”, 2012). Often, information technology staff members purchase software and hardware solutions for preventing attacks against network and resources; however, it results in an increasing budget, additional training, additional solutions, new attack vectors or vulnerabilities, and trade off solutions. To manage risks effectively, a staff must first identify network/resources vulnerabilities by conducting a risk analysis. Second, he or she must research a variety of technologies and tools comparing them against the current network risks for preventing and managing access. Some common technologies and tools include: - Firewalls, Intrusion Prevention Systems (IPS,) content security, software updates, and hardening operating systems and applications. Network and Resources Security Risks determine the types of technologies and tools needed for protecting an organization’s network, resources, and assets. Additionally, firewalls, and anti-virus programs protect a network to a certain extent against traffic control and malware. However, advancement in technology paved new ways for hackers, and hackers almost always find vulnerabilities to exploit assets. Throughout this paper, the topic...

Words: 1082 - Pages: 5

Premium Essay

Phases of a Computer Attack

...THOMAS FORD IT255 MR. CARTER LIST PHASES OF A COMPUTER ATTACK Phase 1 - Reconnaissance Reconnaissance is probably the longest phase, sometimes lasting weeks or months.  The black hat uses a variety of sources to learn as much as possible about the target business and how it operates, including * Internet searches * Social engineering * Dumpster diving * Domain name management/search services * Non-intrusive network scanning Phase 2 - Scanning Once the attacker has enough information to understand how the business works and what information of value might be available, he or she begins the process of scanning perimeter and internal network devices looking for weaknesses, including * Open ports * Open services * Vulnerable applications, including operating systems * Weak protection of data in transit * Make and model of each piece of LAN/WAN equipment Phase 3 - Gaining Access Gaining access to resources is the whole point of a modern-day attack.  The usual goal is to either extract information of value to the attacker or use the network as a launch site for attacks against other targets.  In either situation, the attacker must gain some level of access to one or more network devices. In addition to the defensive steps described above, security managers should make every effort to ensure end-user devices and servers are not easily accessible by unauthenticated users.  This includes denying local administrator access to business users and closely......

Words: 485 - Pages: 2