It’s one thing to know that your systems generally are under fire from hackers around the world. It’s another to understand specific attacks against your systems that are possible.
Many information-security vulnerabilities aren’t critical by themselves.
However, exploiting several vulnerabilities at the same time can take its toll.
For example, a default Windows OS configuration, a weak SQL Server administrator password, and a server hosted on a wireless network may not be major security concerns separately. But exploiting all three of these vulnerabilities at the same time can be a serious issue.
Nontechnical attacks
Exploits that involve manipulating people — end users and even yourself —are the greatest vulnerability within any computer or network infrastructure.
Humans are trusting by nature, which can lead to social-engineering exploits.
Network-infrastructure attacks
Hacker attacks against network infrastructures can be easy, because many networks can be reached from anywhere in the world via the Internet. Here are some examples of network-infrastructure attacks:
Connecting into a network through a rogue modem attached to a
computer behind a firewall
Exploiting weaknesses in network transport mechanisms, such as TCP/IP and NetBIOS
Flooding a network with too many requests, creating a denial of service (DoS) for legitimate requests
Installing a network analyzer on a network and capturing every packet that travels across it, revealing confidential information in clear text configuration
Piggybacking onto a network through an insecure 802.11b wireless
Occasionally, some operating systems that are more secure out of the box — such as flavours of BSD UNIX but hackers prefer attacking operating systems like Windows because they are widely used and better known for theirvulnerabilities.
Exploiting specific protocol implementation
Attacking built-in authentication systems
Breaking file-system security
Cracking passwords and encryption mechanisms
Application and other specialized attacks
Applications take a lot of hits by hackers. Programs such as e-mail server
software and Web applications often are beaten down:
Hypertext Transfer Protocol (HTTP) and Simple Mail Transfer Protocol (SMTP) applications are frequently attacked because most firewalls and other security mechanisms are configured to allow full access to these programs from the Internet.
Spam (junk e-mail) is wreaking havoc on system availability and storagespace. And it can carry malware.
Ethical hacking helps reveal such attacks against your computer systems.
Many information-security vulnerabilities aren’t critical by themselves.
However, exploiting several vulnerabilities at the same time can take its toll.
For example, a default Windows OS configuration, a weak SQL Server administrator password, and a server hosted on a wireless network may not be major security concerns separately. But exploiting all three of these vulnerabilities at the same time can be a serious issue.
Nontechnical attacks
Exploits that involve manipulating people — end users and even yourself —are the greatest vulnerability within any computer or network infrastructure.
Humans are trusting by nature, which can lead to social-engineering exploits.
Network-infrastructure attacks
Hacker attacks against network infrastructures can be easy, because many networks can be reached from anywhere in the world via the Internet. Here are some examples of network-infrastructure attacks:
Connecting into a network through a rogue modem attached to a
computer behind a firewall
Exploiting weaknesses in network transport mechanisms, such as TCP/IP and NetBIOS
Flooding a network with too many requests, creating a denial of service (DoS) for legitimate requests
Installing a network analyzer on a network and capturing every packet that travels across it, revealing confidential information in clear text configuration
Piggybacking onto a network through an insecure 802.11b wireless
Occasionally, some operating systems that are more secure out of the box — such as flavours of BSD UNIX but hackers prefer attacking operating systems like Windows because they are widely used and better known for theirvulnerabilities.
Exploiting specific protocol implementation
Attacking built-in authentication systems
Breaking file-system security
Cracking passwords and encryption mechanisms
Application and other specialized attacks
Applications take a lot of hits by hackers. Programs such as e-mail server
software and Web applications often are beaten down:
Hypertext Transfer Protocol (HTTP) and Simple Mail Transfer Protocol (SMTP) applications are frequently attacked because most firewalls and other security mechanisms are configured to allow full access to these programs from the Internet.
Spam (junk e-mail) is wreaking havoc on system availability and storagespace. And it can carry malware.
Ethical hacking helps reveal such attacks against your computer systems.