ESecurityGuy
USER: Visitor
PRINT PAGE
Home > Free Security Articles > Resource Articles > How Hackers Hack August 1, 2010


Free Newsletter
Free Security Articles
Free Security Software
Free Security Tools

Security News

Feedback Form

Site Map


Username

Password

Click here to register.

How Hackers Hack

Today the term "hacker" refers to someone who attempts to break into one or more computer systems using computerized methods. Although the old fashioned frontal attacks, including dumpster diving and misleading phone calls, are still widely used, we are restricting this document to the more common hacker techniques. See Top Enterprise Security Threats for more information.

All Computers Are Vulnerable

Any computer system is vulnerable to attack, however not all computers are subject to attack. If a computer is not connected to a network (even via modem), and contains no interesting or useful information, it is likely to be safe.

Merely connecting a computer to the Internet makes it the potential subject of attack from any of the hundreds of thousands of other computers connected to the Internet. This includes computers connected by dial-up modem, cable modem, DSL and data lines.

Full Time Connections are the Most Vulnerable

Users who have full-time Internet connections are the most vulnerable. This includes most businesses and more and more home users.

Full-time Internet connections are typically provided via cable modems, DSL, ISDN and data lines. These connections are "always connected", and provide an instant connection to --and from-- the Internet.

Direct Attacks

Direct Attacks are generally reserved for specific businesses or individuals who have upset the attackers. These are often political targets, who are not doing business the way the hackers want them to.

Most direct attacks are variations of Denial of Service attacks. These are the most easy to launch, and if done correctly are the hardest to track down to an individual attacker.

Indirect Attacks

Indirect attacks are often used to find vulnerable machines that can be used for other nefarious objectives. Indirect attacks are launched against random machines throughout the Internet in an attempt to find any machine which may have a vulnerability. If these machines have no interesting data on them, they are often used to launch Denial of Service attacks on other machines.

Most Common Methods of Attack

The two most common forms of attack are:
  • Trojans. These are programs which are run by an unwitting computer user. They are often included in email or are downloaded from a web page. Once run, these programs give the attacker control over a computer.
  • Port Scans. Every computer attached to the Internet uses and/or provides services. Scanning for available services on a machine provides possible avenues of attack to take over the machine.

What To Do

  • Turn off all unnecessary services on your computer
  • Install, properly configure, and use a firewall and anti-virus software on every computer and network
  • Read all security warnings concerning software you are installing
  • Immediately upgrade or patch any installed software
  • Perform regular automated and manual security audits of all computers
  • Perform a security audit of any machine which has recently had software installed
  • Change all passwords for all accounts created by installed software
  • Restrict all software's access to the local network, or the Internet, to an as-absolutely-needed basis

The bottom-line? Be careful out there. Pay close attention to all emails, web sites you visit and software you install. Often a false sense of security is much more dangerous than knowing that you are exposed.

View Responses (0) Post Response


Free Computer Security Newsletter
Your email address:

Your name:

Listen to Craig on ClearChannel radio every Saturday from 6 to 9am on WGIR, WGIP and WGIN. Visit WGIR

© Copyright 2003- 2007 DGKL, Inc. PRINT PAGE