Abtrusion Security Click here to send someone a link to this page Click here to Bookmark this page
home   products   buy   download   support   about   news   links   contact

Abtrusion Security home

Security products

Purchase Abtrusion Protector

Download of security software for Windows

Abtrusion Protector support

About Abtrusion Security

Security related news

Security links

 

Download Abtrusion Protector

 

Information for

> Corporate Management

> System Administrators

> Security Professionals

> Software Developers

> Home Users

Anatomy of a Hacker Attack

Phase 1 - Collecting Information

The experienced hacker will probably spend the most of his effort collecting information, often called profiling. Once he has sufficient information, the remainder of the attack may be relatively quick and easy. The novice, however, will often skip phase one altogether and go straight for step two.

There is a lot of information that could be potentially valuable to a hacker trying to gain access to a private computer network. The design and layout of the network is always valuable. Where are the important computers on the network? What kind of applications do they run? How is the network wired? Where are the firewalls? How does it communicate with the rest of the world? Information such as IP addresses, dial-up access numbers and so forth are also valuable.

A second type of information that is often even more valuable is related to social factors. What are the names of some of the employees of the target? In a big company where all employees don't necessarily know each other, the name of an employee and some social skill is often sufficient to gain access to a login account. Using information about who knows who is potentially very valuable. Organizational charts are also a gold mine for the would-be hacker.

In the first phase, the hacker typically does not have direct contact with the company, or at least does not do anything unusual or suspicious. Instead it is a matter of trying to gather bits and pieces of what is already publicly known about the target.

 

Single-page view

<< Previous            Next >>

Copyright 2002 Abtrusion Security AB. All rights reserved. This document may be reproduced provided that it is reproduced in its entirety and that this copyright message is retained.