CEH_ Official Certified Ethical Hacker Review Guide_ Exam 312-50 - Kimberly Graves [7]
Shrink-wrap code Many off-the-shelf programs come with extra features the common user isn't aware of, which can be used to exploit the system. One example is macros in Microsoft Word, which can allow a hacker to execute programs from within the application.
Misconfigurations Systems can also be misconfigured or left at the lowest common security settings to increase ease of use for the user, which may result in vulnerability and an attack.
In addition to the various types of technologies a hacker can use, there are different types of attacks. Attacks can be categorized as either passive or active. Passive and active attacks are used on both network security infrastructures and on hosts. Active attacks actually alter the system or network they're attacking, whereas passive attacks attempt to gain information from the system. Active attacks affect the availability, integrity, and authenticity of data; passive attacks are breaches of confidentiality.
In addition to the active and passive categories, attacks are categorized as either inside or outside attacks. Figure 1.1 shows the relationship between passive and active attacks, and inside and outside attacks. An attack originating from within the security perimeter of an organization is an inside attack and usually is caused by an "insider" who gains access to more resources than expected. An outside attack originates from a source outside the security perimeter, such as the Internet or a remote access connection.
This book will cover all these technologies and hacking tools in depth in later chapters. It's necessary to understand the types of attacks and basics of security before you learn all the technologies associated with an attack.
FIGURE 1 . 1 Types of attacks
Understanding the Different Phases
Involved in Ethical Hacking and Listing
the Five Stages of Ethical Hacking
An ethical hacker follows processes similar to those of a malicious hacker. The steps to gain and maintain entry into a computer system are similar no matter what the hacker's intentions are. Figure 1.2 illustrates the five phases that hackers generally follow in hacking a system. The following sections cover these five phases.
FIGURE 1.2 Phases of hacking
Most network security breaches originate from within an organizationusually from the company's own employees or contractors.
Phase 1: Passive and Active Reconnaissance
Passive reconnaissance involves gathering information regarding a potential target without the targeted individual's or company's knowledge. Passive reconnaissance can be as simple as watching a building to identify what time employees enter the building and when they leave. However, it's usually done using Internet searches or by Googling an individual or company to gain information. This process is generally called information gathering. Social engineering and dumpster diving are also considered passive information-gathering methods.
Sniffing the network is another means of passive reconnaissance and can yield useful information such as IP address ranges, naming conventions, hidden servers or networks, and other available services on the system or network. Sniffing network traffic is similar to building monitoring: A hacker watches the flow of data to see what time certain transactions take place and where the traffic is going.
Active reconnaissance involves probing the network to discover individual hosts, IP addresses, and services on the network. This usually involves more risk of detection than passive reconnaissance and is sometimes called rattling the doorknobs. Active reconnaissance can give a hacker an indication of security measures in place (is the front door locked?), but the process also increases the chance of being caught or at least raising suspicion.
Both passive and active reconnaissance can lead to the discovery of useful information to use in an attack. For example, it's usually