Cougar Mountain Software Support Productivity Tools
For Cougar Mountain Software Support's
Professional Version (V2012, V2011, V2010, V2009, V12-V6)

 

free site statistics

 

How Hackers get in

Here is the typical sequence of steps used to gain illegal entry into a computer system.

 

  1. Learn about the system. Trying to connect to a system using networking utilities like telnet and ftp will be unsuccessful without a password, but even unsuccessful logins will often still display the machine manufacturer, and version of the operating system.

     

  2. Look for openings. Try known security flaws on that particular machine and operating system. Unless the system administrator is very diligent about installing security patches, many machines have openings in the security just waiting to be found.

     

  3. Try sniffing to get a password. Sniffing is when a machine has software to watch all of the network traffic and saves the messages corresponding to a valid user entering their password from a remote location.

     

  4. Try spoofing. Many machines share disks with other machines that are classified as "trusted hosts". In order to share the data on these disks the two machines must communicate without a password. Spoofing is when someone configures a third machine to use the network address of one of the trusted hosts to impersonate that machine. If the spoofing machine responds faster than the true trusted host, communications will be carried out with it unnoticed. Spoofing requires that the infiltrator have physical access to the network in a location that falls close to the target machine in the network topology, which usually means being physically close to the target machine.

     

  5. Get into the system and cover tracks. Once one of the above techniques is successful in gaining access to the system, the first order of business is to alter any records that would reveal the presence of an illegal entry to the system administrators.

     

  6. Try to get superuser access. Just as there are many ways to get into a user account, there are many ways to get into the root level account or get equivalent access to the machine.

     

  7. Make back doors. Once entry has been gained, that access can be used to intentionally install security breaches so that the hacker can still get back into the system if the original method of entry is cut off.

     

  8. Use the system. At this point, the hacker can steal data, destroy information, alter files, use CPU time, lock everyone else out of the system, etc.

 












 

 

free site statistics