At-A-Glance—Hacking
Anyone who accesses a public network should know about hackers and their methods. Failure to understand what they do can leave you and your network exposed.
Although thieves and opportunists always go after an easy target versus a difficult (or well-prepared) one, some hackers specifically choose difficult targets, such as government offices or networking companies, solely for bragging rights.
</division><division> <title>What Are the Problems to Solve?</title>Hacking really boils down to a few activities:
Breaking in—. Breaking into a private network is usually the first part of any hacking scheme. (A denial-of-service [DoS] attack is one notable exception.) Most break-ins require a password (which are guessed or stolen), but hackers find other ways to get in as well.
Breaking stuff—. Once in a network, many hackers (anarchists in particular) try to break or disable the entire network, or specific parts of it, such as web servers. If they destroy data or disrupt business, recovery can be expensive for the attacked company.
Stealing stuff—. Like most thieves, many hackers are motivated by greed. They might sell plans, schematics, or intellectual property to unscrupulous individuals, companies, or government agencies.
An attack in network speak refers to any attempt to break into a computer, network, or packet, as well as any attempt to launch a malicious or self-replicating program. Attacks fit into multiple categories, many of which are described here.
All network attacks are either active or passive.
Active attacks include injecting malicious files, altering data, or clogging the network. In theory, you can detect active attacks but not passive attacks.
Passive attacks such as eavesdropping do not actually cause harm to the network, but hackers can use them to obtain information that enables active attacks. People looking for passwords can tirelessly try every combination until they find a working password (a brute-force attack). Man-in-the-middle attacks occur when a hacker interposes between two valid users and eavesdrops for passwords. Passive attacks are difficult to detect.
Remote attacks are conducted by people outside the network (those without a network ID), whereas local attacks use an existing account to exploit the system.
Hit-and-run attacks quickly crash systems, whereas persistent attacks affect the victims only as long as the attack lasts.
</division>At-A-Glance—Hacking Types
Most security breeches originate inside the network that is under attack. Inside jobs include stealing passwords (which hackers then use or sell), performing industrial espionage, causing harm (as disgruntled employees), or committing simple misuse.
Sound policy enforcement and observant employees who guard their passwords and PCs can thwart many of these security breeches.
</division><division> <title>Rogue Access Points</title>Rogue access points (APs) are unsecured wireless access points that outsiders can easily breech. (Local hackers often advertise rogue APs to each other.) Rogue APs are most often connected by well-meaning but ignorant employees.
</division><division> <title>Back Doors</title>Hackers can gain access to a network by exploiting back doors—administrative shortcuts, configuration errors, easily deciphered passwords, and unsecured dial-ups. With the aid of computerized searchers (bots), hackers can probably find any weakness in your network.
</division><division> <title>Viruses and Worms</title>Viruses and worms are self-replicating programs or code fragments that attach themselves to other programs (viruses) or machines (worms).
Both viruses and worms attempt to shut down networks by flooding them with massive amounts of bogus traffic, usually through e-mail.
</division><division> <title>Trojan Horses</title>Trojan horses, which are attached to other programs, are the leading cause of all break-ins. When a user downloads and activates a Trojan horse, the hacked software (SW) kicks off a virus, password gobbler, or remote-control SW that gives the hacker control of the PC.
</division><division> <title>Denial of Service</title>DoS attacks give hackers a way to bring down a network without gaining internal access.
DoS attacks work by flooding the access routers with bogus traffic (which can be e-mail or Transmission Control Protocol, TCP, packets).
Distributed DoSs (DDoSs) are coordinated DoS attacks from multiple sources. A DDoS is more difficult to block because it uses multiple, changing, source IP addresses.
</division><division> <title>Anarchists, Crackers, and Kiddies</title>Who are these people, and why are they attacking your network?
Anarchists are people who just like to break stuff. They usually exploit any target of opportunity.
Crackers are hobbyists or professionals who break passwords and develop Trojan horses or other SW (called warez). They either use the SW themselves (for bragging rights) or sell it for profit.
Script kiddies are hacker wannabes. They have no real hacker skills, so they buy or download warez, which they launch.
Other attackers include disgruntled employees, terrorists, political operatives, or anyone else who feels slighted, exploited, ripped off, or unloved.
</division><division> <title>Sniffing and Spoofing</title>Sniffing refers to the act of intercepting TCP packets. This interception can happen through simple eavesdropping or something more sinister.
Spoofing is the act of sending an illegitimate packet with an expected acknowledgment (ACK), which a hacker can guess, predict, or obtain by snooping.
</division>