Hacking

For years, "hacker" was a positive term that described computer enthusiasts who had a zeal for computer programming. Those who hacked took pride in their ability to write computer programs that stretched the capabilities of computer systems and find clever solutions to seemingly impossible problems. Although many computer enthusiasts still ascribe to this definition, the everyday usage of the word has changed significantly. Today, "hacking" generally refers to individuals who break into computer systems or use their programming skills or expert knowledge to act maliciously. (Traditional hackers--the good kind--prefer to use the term "cracker" to refer to these individuals.)

Some of the most common types of hacking include:

Breaking into computer networks;

Bypassing passwords or copy protection in computer software;

Defacing and/or damaging Internet web sites;

Causing a denial of service attack on a web site or network (preventing legitimate users from accessing a web site);

Stealing valuable information such as passwords and credit card data.

A Systematic Process

Although portrayed otherwise in Hollywood films and in television shows, hacking is a systematic, tiresome process in which the attacker attempts methodically to locate computer systems, identify their vulnerabilities, and then compromise those vulnerabilities to obtain access. Experts have identified six steps that are generally followed in the hacking process. These include (1) footprinting (reconnaissance); (2) scanning; (3) enumeration; (4) penetration; (5) advance; and (6) covering tracks.

Footprinting.

The first technique often used by hackers is called footprinting. The objective is to gather information essential to an attack and enable an attacker to obtain a complete profile of an organization's security posture. During this phase, the hacker might gain information about the location of the company, phone numbers, employee names, security policies, and the overall layout of the target network. Often, hackers can perform this work with a simple web browser, a telephone, and a search engine. Unfortunately, humans are often the weakest security link in a corporation. A clever phone call to the technical support department can often compromise critical information: "Hi--this is Bill and I forgot my password. Can you remind me what it is?"

Scanning.

Next, hackers perform scanning to gain a more detailed view of a company's network and to understand what specific computer systems and services are in use. During this phase, the hacker determines which systems on the target network are live and reachable from the Internet. Commonly used scanning techniques include network ping sweeps and port scans. A ping sweep lets the attacker determine which individual computers on the network are alive and potential targets for attack. Port scanning can be used to determine what ports (a port is like a door or window on a house) are open on a given computer, and whether or not the software managing those ports has any obvious vulnerabilities.

Enumeration.

The third phase is the process of identifying user accounts and poorly protected computing resources. During the enumeration stage, the hacker connects to computers in the target network and pokes around these systems to gain more information. While the scanning phase might be compared to a knock on the door or a turn of the doorknob to see if it is locked, enumeration could be compared to entering an office and rifling through a file cabinet or desk drawer for information. It is definitely more intrusive.

Penetration.

During the fourth phase, penetration, the attacker attempts to gain control of one or more systems in the target network. For example, once an attacker has acquired a list of usernames during enumeration, he can usually guess one of the users' passwords and gain more extensive access to that user's account. Alternatively, once the attacker has determined that a target computer

...