Hacking: Become The Ultimate Hacker - Computer Virus, Cracking, Malware, IT Security (2015)
Chapter 4: IT Security
Cyber security or IT security are other names for computer security. This includes security for all computing devices such as smartphones, computers, and public computer networks, private networks etc. Cyber security can be defined as a process with which integrity and confidentiality of data can be achieved. It assures the safety and protection of the assets. These assets include data, personal and private computers, servers etc. The goal of cyber security is to provide protection to data, be it at rest or transit.
These attacks are not just for gaining unauthorized access to a system, but they are specifically done to make the system unusable. For example, the attacker may try to lock an account of a person by constantly typing wrong passwords with which the account of the victim will be locked.
Create Denial-of-Service attacks
DoS attacks are pretty straightforward. You can make one by sending a lot of traffic to a selected port so that it will be overloaded. You should make sure that the port is an open port.
· Find a Service to Target: For a DoS attack you'll need a target. As mentioned earlier, just make sure that it is an open port with vulnerabilities.
· Overwhelm the Service: You'll need to know what kind of information will overload the service. For search engines simply refreshing the page will do no help. For such services you should search for something complex and which takes time.
· Mount the Dos attack: Proceed and launch your favorite tool for attacking systems like the Low Orbit Ion Cannon or LOIC.
Ethical Hacking Methods - Direct-access attacks
We all know that the common consumer devices are widely used for transferring large amounts of data easily. This is the key reason why all the attackers at basic level target these devices to attack, modify and install different types of drives that compromise security, create worms, and modify the entire operating systems. The most dangerous kind is where the attackers download all the personal information from the computer that can be used for various purposes like fraud, data manipulation etc.
Eavesdropping, in general, is an act where a 3rd person listens to a conversation which isn't meant to be for them to hear. The same can be applied when it comes to attacking. In this case, the attacker gains access to the network via which two people are transferring data and gain the data that is being transferred. Depending on how personal or confidential the data is the risk increases for the transferring parties.
Spoof, in simpler terms, is a practice where something that is original is taken and then changed to something that falsifies the whole thing. Now similarly we can see that data can be similarly modified where the original data can be taken and modified without the consent of the person who is sending or the person who is receiving the data. This type of attackers mostly concentrates on financial documents.
Tampering is mostly done in product based transactions where a product is deliberately modified or tampered with so that it is harmful to the consumer but beneficial to the product company.
For getting a clear picture about repudiation let's consider an example, in cheques signatures play a vital role. Changing or modifying the same can cause a lot of issues, similarly while transferring data, it can be encrypted and then a signature can be created that will authenticate the data. Now when this authenticity of this signature is challenged it is called repudiation.
Whenever people save data on devices they do it thinking that their devices are safe from all kinds of threats. This might be true to some extent, but there are chances where the data falls into unfamiliar hands. This situation is called information disclosure.
The data that are stored in personal devices and also common devices can be saved at different levels of securities. So initially when the attackers attack they will be able to attack and break through the basic security level as they may have access to that data. Privilege escalation is a situation where the attackers get escalated to access data that is on a higher level of security and hence was restricted to them.
Exploits refer to software that is developed to target the loopholes in the devices. In this, the software gains the control of the system and then it can create a denial of service where a service provided that caused trouble to the device can be denied. It can also allow privilege escalation. This is the same code which is reused in the viruses and Trojans.
Social engineering is an act where the trusted set of people working on the device deceive the owners a maliciously penetrate into a properly secured system and take advantage by sending information that only administrators know and also sharing the passwords. This can also be done by external sources as well by taking advantage of the carelessness of the administrators.
Indirect attacks are those where the attackers use another 3rd party computers to send in viruses and attacks to the targeted computers. Mostly these third party computers are public systems that are present in the public net cafes where figuring out who the attacker will be difficult as the router system is connected.
Hackers depending on their work are divided into ethical and non-ethical hackers. Their work also is completely different in terms of the methods that they use. Here are few of the methods that are popularly used by ethical hackers:
When non-ethical hackers simulate and attack the devices the ethical hackers come into the picture to save the devices. The ethical hacker tries to figure out where the loopholes in the network are through which the non-ethical hacker are able to get into the system. Then the next level check is at device proxy level, firewall level. The router level check plays the vital role as it is the place where the non-ethical hacker could get through first. If the ethical hacker is able to protect from that vulnerability then they can keep attackers at bay.
LAN stands for local area network where there will be multiple computers connected to this network. The ethical hackers should gain direct access to this network to launch or protect this kind of attack. There are also LANs that are wireless and because of this the scope of attacks increase since there is no necessity for physical connection with the computers.
Remote Dial-up Network:
The dial-up network hacking technique simulates an attack on the target's electronic devices. This is a method in which the attackers keep dialing continuously in the attempt of finding an open system that can be attacked. Previously these attacks were very popular but in recent times since most of the dial-up connections are swapped with internet connections the scope and frequency of these attacks have decreased.
Stolen Equipment hack:
There are a lot of devices in the recent times that are portable. These portable devices give a wide scope for its users to use them anywhere and save whatever data that is required. This also gives scope for the attackers to steal the equipment and then hack into it and ultimately use the data that is present. The attacker needn't be an outsider; it could be an employee of the same organization as well.
By now, you must be having a good idea about what hacking is and the consequences that occur if your system is attacked by an external or internal party. But fear not, simply follows the instructions and guidelines provided in this book and you can rest assured that your system is well protected. And please note that the world of computers is an ever changing and advancing one.
The more advanced the system, the more you need to improve your knowledge. It is also important to remember that misusing your hacking skills to perform illegal activities is punishable by law. Most of the countries have very strict laws against cyber crimes committed by black hat hackers.
So, it is important to limit one's hacking skills to ethical hacking and use those skills to test the security one’s own devices or to aid an organization in testing the robustness of its security system.
Thank you again for choosing this book.