Hacking Methodologies

Hacking refers to a plethora of activities relating to I.T but we are going to focus on those activities carried out by users who have potential malicious intent.
There are two main types of hacker:

  • Some hackers prepare their project far in advance of a massive attack.
    They gather little bits of important information and methodically
    follow through their hacks. They are harder to track.
  • Other hackers – typically, unseasoned script kiddies – act first and
    think later. For example, these newbies may try to telnet straight off
    into a network’s router without concealing their identities.  They may
    try to set up a DDoS attack against your Microsoft Exchange email
    server without first checking what patches are installed or what
    version of Exchange is running.  These people are usually get caught

Although hackers often form communities, many of them – particularly elite hackers – are reluctant to share valuable information with the crowd. Many hackers do a good deal of their work independently. Hackers who form a network use private BBSs (bulletin board systems), anonymous free e-mail addresses, hacking sites, and IRC (Internet Relay Chat).  You can join one of those hacking sites to find what hackers are doing.
You should remember that whatever approach they take, many hackers prey on our ignorance.
They aware of the following facts of real-world security:

  • Most systems that hackers plan to attack aren’t managed correctly. The computer systems aren’t adequately patched, monitored, and hardened as they should be. As the result, hackers often can attack stealthily by flying below the common radar of the authentication systems, IDSs, and firewalls.
  • Most security administrators and network simply can’t keep up with the recently found vulnerabilities.
  • Information systems steadily grow more complex each year. This is yet one reason why overburdened network administrators find it
    hard to know what is happening on the file storages of their systems
    and across the wire.

Time is a hacker’s best friend – and it continuously on the hacker’s side. By attacking through systems rather than in person, they have better control over how they time their attacks. Their attacks are usually carried out quietly, making them very difficult to detect.  They often carry out attacks late at night. Defenses are often less effective at night – with less intrusion monitoring and less physical security, when most network administrators are sleeping.
Once a target has been acquired, the hacker then has to figure out a way to gain access to your network.

Hackers may not try to directly assess the overall security of your networks as it could be quite an undertaking. Experienced hackers tend to break their hacking steps into smaller manageable chunks. After they have established their overall goals, they decide which networks to test.
This list includes applications and systems that they may consider in performing hacking tests:

  • Firewalls
  • Routers
  • Wireless access points and bridges
  • Network infrastructure as a whole
  • E-mail and file/print servers
  • Web, application, and database servers
  • Mobile devices (such as cell phones and PDAs) that store confidential data
  • Client and server OSs
  • Workstations, laptops, and tablet PCs

What specific systems they want to test depends on a few factors. If your network is small, they can test it from the get-go. Sometimes, they may only test public-facing hosts like web and e-mail servers and other related applications.
They start with the most vulnerable networks, and by considering the following factors:

  • Where the application or computer resides on your network
  • Which application(s) and OS it runs
  • The type or amount of critical information stored on your network.

Advanced hacking goes a couple of steps beyond the high-level vulnerability testing and information risk assessments. Expert hackers first glean data on your systems – including the network as a whole – and then they continue by assessing the systems that seem most vulnerable. Another key factor to help them decide where to begin is to assess any systems that have the best visibility. For instance, focusing on a file server or database that stores critical or confidential information can be more sensible – at least initially – than focusing on a Web server or firewall that hosts widely known information
They may decide which systems to attack based on vulnerability analysis, by answering questions such as:

  • What are the most critical systems and if attacked could cause the greatest losses or the most trouble?
  • Which systems seem to be most vulnerable to hacking attempts?
  • Which systems are rarely administered, maintained, patched and monitored?

Hopefully youll now have a slightly better nderstanding of the nurky world that we hear so much about and yet actually experience rarely.