FIVE RULES OF HACKER(White hat/Black hat)
Originally, to “hack” meant to possess extraordinary computer skills to extend the limits of computer systems. Hacking required great proficiency. However, today there are automated tools and codes available on the Internet that makes it possible for anyone with a will and desire, to hack and succeed.However, hackers are generally intelligent individuals with good computer skills, with the ability to create and explore into the computer’s software and hardware. Their intention can be either to gain knowledge or to dig around to do illegal things. Attackers are motivated by the zeal to know more while malicious attackers would intend to steal data. In general, there are five rules in which an intruder advances an attack:
1. Reconnaissance
2. Scanning
3. Gaining Access
4. Maintaining Access
5. Covering Tracks
1. Reconnaissance (Information gathering):-
Reconnaissance refers to the preparatory phase where an attacker gathers as much information as possible about the target prior to launching the attack. Also in this phase, the attacker draws on competitive intelligence to learn more about the target. This phase may also involve network scanning,either external or internal, without authorization.Another reconnaissance technique is “dumpster diving.” Dumpster diving is the process of looking
through an organization’s trash for discarded sensitive information. Attackers can use the Internet to obtain information such as employee’s contact information, business partners, technologies in use, and other critical business knowledge, but “dumpster diving” may provide them with even more sensitive information such as username, password, credit card statement, bank statement, ATM slip, social security number, telephone number, etc..
2. Scanning :-
Scanning is the method an attacker performs prior to attacking the network. In scanning, the attacker uses the details gathered during reconnaissance to identify specific vulnerabilities. Scanning can be considered a logical extension (and overlap) of the active reconnaissance. Often attackers use automated tools such as network/host scanners, and war dialers to locate systems and attempt to discover vulnerabilities. Port scanners can be used to detect listening ports to find information about the nature of services running on the target machine. The primary defense technique in this regard is to shut down services that are not required. Appropriate filtering may also be adopted as a defense mechanism. However, attackers can still use tools to determine the rules implemented for filtering.3.Gaining Access :-
Gaining access is the most important phase of an attack in terms of potential damage. Attackers need not always gain access to the system to cause damage. For instance, denial-of-service attacks can either exhaust resources or stop services from running on the target system. Stopping of service can be carried out by killing processes, using a logic/time bomb, or even reconfiguring and crashing the system. Resources can be exhausted locally by filling up outgoing communication links.4.Maintaining Access :-
Once an attacker gains access to the target system, the attacker can choose to use both the system and its resources, and further use the system as a launch pad to scan and exploit other systems, or to keep a low profile and continue exploiting the system. Both these actions can damage the organization. For instance, the attacker can implement a sniffer to capture all network traffic, including telnet and FTP sessions with other systems.Attackers, who choose to remain undetected, remove evidence of their entry and use a BACKDOOR or a Trojan to gain repeat access. They can also install rootkits at the kernel level to gain super user access.
5.Covering Tracks (Don't leave clue):-
An attacker would like to destroy evidence of his/her presence and activities for various reasons such as maintaining access and evading punitive action. Erasing evidence of a compromise is a requirement for any attacker who would like to remain obscure. This is one of the best methods to evade trace back. This usually starts with erasing the contaminated logins and any possible error messages that may have been generated from the attack process, e.g., a buffer overflow attack will usually leave a message in the systemlogs. Next, the attention is turned to effecting changes so that future logins are not logged. By manipulating and tweaking the event logs, the system administrator can be convinced that the output of his/her system is correct, and that no intrusion or compromise has actually taken place.
Trojans such as AIDS or NETCAT come in handy for any attacker who wants to destroy the evidence from the log files or replace the system binaries with the same. Once the Trojans are in place, the attacker can be assumed to have gained total control of the system. Rootkits are automated tools that are designed to hide the presence of the attacker. By executing the script, a variety of critical files are replaced with trojanned versions, hiding the attacker with ease.
No comments:
Post a Comment