Introducing To Ethical Hacking Part-2

pentesting free

As Hackers expand their knowledge, so should you. You must think them to protect your systems from them. You, as the Ethical Hacker, must know activities Hackers carry out and how to stop their efforts. You should know what to look for and how to use that information to thwart Hackers' effort.
   You don't have to protect your systems from everything. You can't. The only protection against everything is to unplug your computer systems and lock them away so no one can touch them - not even you. That's not the best approach to information security. What's important is to protect your systems from known vulnerabilities and common hacker attacks.
   It's impossible to buttress all possible vulnerabilities on all your systems. you can't plan for all possible attacks - especially the ones that are currently unknown. However, the more combination you try - the more you test whole systems instead of individual units - the better your chances of discovering vulnerabilities that affect everything as a whole.
   Don't take Ethical Hacking too far, through. it makes little sense to harden your systems from unlikely attacks. For instance, if you don't have a lot of foot traffic in your office and no internal web server running, you may not have as much to worry about as an internet hosting provider would have. However, don't forget about insider threats from malicious employees !

Your overall goals as an Ethical Hacker should be as follows:

• Hack your systems in a nondestructive fashion.
•  Enumerate vulnerabilities and, if necessary, prove to upper management that vulnerabilities exist.
• Apply results to remove vulnerabilities and better secure your systems.

Understanding The Dangers Your Systems Face

   It's one thing to know that your systems generally are under fire from hackers around the world. It's another to understand specific attacks against your systems that are possible. This section offers some well-known attacks but is by no means a comprehensive listing.
   Many information - security vulnerabilities aren't critical by themselves. However, exploiting several vulnerabilities at the same time can take its toll. For example, a default Windows OS configuration, a weak SQL Server administrator password, and a server hosted on a wireless network may not be major security concerns separately. But exploiting all three of these vulnerabilities at the same time can be a serious issue.
Nontechnical Attacks

   Exploits that involve manipulating people - end users and even yourself - are the greatest vulnerability within any computer or network infrastructure. Humans are trusting by nature, which can lead to social-engineering exploits. Social engineering is defined as the exploitation of the trusting nature of human being to gain information for malicious purposes. I cover social engineering in depth in very soon.
   Other common and effective attacks against information systems are physical. Hackers break into building, computer rooms, or other areas containing critical information or property. Physical attacks can include dumpster diving (rummaging through trash cans and dumpsters for intellectual property, passwords, network diagrams, and other information).
Network-infrastructure attacks

   Hacker attack against network infrastructures can be easy, because many networks can be reached from anywhere in the world via the internet. Here are some examples of network-infrastructure attacks:

• Connecting into a network through a rogue modem attached to a computer behind a firewall.
• Exploiting weaknesses in network transport mechanisms, such as TCP/IP and NetBIOS
• Flooding a network with too many requests, creating a denial of service (DoS) for legitimate requests.
•  Installing a network analyzer on a network and capturing every packet that travels across it, revealing confidential information in clear text.
• Piggybacking onto a network through an insecure 802.11b wireless configuration

Operating-system attacks

   Hacking operating systems (OSs) is a preferred method of the bad guys. OSs comprise a large portion of hacker attacks simply because every computer has one and so many well-known exploits can be used against them.
   Occasionally, some operating systems that are more secure out of the box such as Novell NetWare and the flavors of BSD UNIX - are attacked, and vulnerabilities turn up. But hackers prefer attacking operating systems like Windows and Linux because they are widely used and better known for their vulnerabilities.
   Here are some examples of attacks on operating systems:

• Exploiting specific protocol implementations
• Attacking built-in authentication systems

• Breaking file-system security
• Cracking passwords and encryption mechanisms

Application and other specialized attacks

   Applications take a lot of hits by hackers. Programs suck as e-mail server software and Web applications often are beaten down:

• Hypertext Transfer Protocol (HTTP) and simple Mail Transfer Protocol (SMTP) applications are frequently attacked because most firewalls and other security mechanisms are configured to allow full access to these programs from the internet.
• Malicious software (malware) includes viruses, worms, Trojan horses, and Spyware. Malware clogs networks and takes down systems.
•  Spam (junk e-mail) is wreaking havoc on system availability and storage space. And it can carry malware.

Ethical hacking helps reveal suck attacks against your computer systems.