2.3 Hacker and Attackers

Attackers

Hackers

  • An assault on system security that derives from an intelligent threat
  • Generally used to imply someone who gains access to a system,software, or hardware without permission.Also can be referred as cracker

types of hackers

  • Black hat - also called as cracker or dark side hacker and negotiates the security of the system without authorized access
  • white hat - focuses on securing IT system ,Alert owners of the system against security flaws and break in attempts
  • grey hat - Combination of black hat and white hat hackers and intrudes into a system and does no damage
  • ethical hackers -Holds extensive knowledge and skill concerning the web and Evaluates sensitive information gathered and applies robust measures to ensure security.

type of threats

unstructured threat

structured threat

external threat

internal threat

reconnaissance

access

denial of service (Dos)

Malicious code(worm,viruses,trojen horse)

  • means consist of mostly inexperienced individual using easily available hacking tools such as shell script and password crackers.

for example- if an internal company website is hacked ,the integrity of the the company is damages

  • means come from hackers who are more highly motivated and tecnically competent,for example these people know system vulnerabilities and can understand and develop exploit code and scripts

can arisefrom individuals or organizations working outside of a - - company,they do not have authorized access to the computer systems or network and they work their way into a network mainly from the internet or dialup access servers

  • occur when someone has authorized access to the network with either an account on a server or physical access to the network and According to the FBI ,internal access and misuse account for 60 percent to 80 percent of reported incidents
  • the unauthorized discovery and mapping of system,services,or vulnerabilities
  • it is also knows as information gathering and in most cases it precedes an actual access or denial of service (Dos) attack.
  • is somewhat analogous toa thief casing a neighborhood for vulnerable homes to break into,such as an unoccupied residence,easy to open doors or open window

attacker disables or corrupt networks,systems or services with the intent to deny services to intended users

Attack consist of the following.

ping sweeps - packet sniffers-port scan-internet information queries

system access is the ability for an unauthorized intruder to gain access to a a devices for which the inruder does not have an account or a password

Access attacks can consist of the following

password attacks

trust exploitation

port redirection

man in the middle attacks

socialengenering

phishing

the easiest hack involves no computer skill at all.if an intruder can trick a member of an organization into giving over valuable information,such as location of files and servers and passwords the process of hacking is made immeasurably easier.

phinsing is a types of social engineering attack that involves using email or other types of messages in anttem to trick others into providing sensitives information,schas credit card numbers or passwords

ping of death

SYN Flood attack

Ddos

attacks are designed to saturate network links with spurious data.this data can overwhelm an internet link,causing legitimate traffic to be dropped

Smurf

tribe flood network

inserted onto a host damages system corrupta system replicate itseftor deny services or access tonetwork systems or services

trojen horse

worm

virus

an application writen to look like something else that in fact is an attack tools

an application that execute arbitrary code and install copies of itself in the memory of the memory of the infected computer which then infects other hosts

malicious software thatis attached to another program to excuted a particular unwanted function on the user workstation