Ethical hackers use many different methods to breach an organization’s security during a simulated attack or penetration test. Most ethical hackers have a specialty in one or a few of the following attack methods. the security audits should include attempts to access data from all of the following methodsREMOTE NETWORK:A remote network hack attempts tosimulate an intruder launching anattack over the Internet. The ethicalhacker tries to break or find vulnerability in the outside defenses of the network, such as firewall, proxy, or router vulnerabilities. The Internet is thought to be the most common hacking vehicle, while in reality most organizations have strengthened their security defenses sufficient to prevent hacking from the public network.Remote Dial-Up NetworkA remote dial-up network hack tries to simulate an intruder launching an attack against the client’s modem pools. War dialing is the process of repetitive dialing to find an open system and is an example of such an attack. Many organizations have replaced dial-inconnections with dedicated Internet connections so this method is less relevant than it once was in the past.Local Network :A local area network (LAN) hack simulates someone with physical accessgaining additional unauthorized access using the local network. Theethical hacker must gain direct access to the local network in order to launch this type of attack. Wireless LANs (WLANs) fall in this category and have added an entirely new avenue of attack as radio waves travel through building structures. Because the WLAN signal can be identified and captured outside the building, hackers no longer have to gain physical access to the building and network to perform an attack on the LAN. Additionally, the huge growth of WLANs has made this anincreasing source of attack and potential risk to many organizations.Stolen Equipment :A stolen-equipment hack simulatestheft of a critical information resource such as a laptop owned by an employee. Information such as usernames, passwords, securitysettings, and encryption types can be gained by stealing a laptop. Thisisusually a commonly overlooked area by many organizations. Once a hacker has access to a laptop authorized in the security domain, a lot of information, such as security configuration, can be gathered. Many times laptops disappear and are not reported quickly enough to allow the security administrator to lock that device out of the network.Social Engineering :A social-engineering attack checks the security and integrity of the organization’s employees by using the telephone or face-to-face communication to gather information for use in an attack. Social-engineering attacks can be used to acquire usernames, passwords, or other organizationalsecurity measures. Social-engineering scenarios Defining Ethical Hacking 13 usually consist of a hacker calling the help desk and talking the help desk employee intogiving out confidential security information.Physical Entry :A physical-entry attack attempts to compromise the organization’s physical premises. An ethical hacker who gains physical access can plant viruses, Trojans, rootkits,or hardware key loggers (physical device used to record keystrokes) directly on systems in the target network. Additionally, confidential documents that are not stored in a secure location can be gathered bythe hacker. Lastly, physical access to the building would allow a hacker to plant a rogue device suchas a wireless access point on the network. These devices could then be used by the hacker to access theLAN from a remote location.
Posted on: Sun, 22 Sep 2013 13:17:47 +0000
Trending Topics
Recently Viewed Topics
© 2015