Chapter 2.
Attackers and Risks
In order to plan and implement a good security strategy, you should first be aware of some of the
issues which determined, motivated attackers exploit to compromise systems. Before detailing these
issues, we will define the terminology used when identifying an attacker.
2.1. Hackers and Crackers
The modern meaning of the term hacker has origins dating back to the 1960s and the Massachusetts
Institute of Technology (MIT) Tech Model Railroad Club, which designed train sets of large scale
and intricate detail. Hacker was a name used for club members who discovered a clever trick or
workaround for a problem.
The term hacker has since come to describe everything from computer buffs to gifted programmers.
A common trait among most hackers is a willingness to explore in detail how computer systems and
networks function with little or no outside motivation. Open source software developers often consider
themselves and their colleagues hackers and use the word as a term of respect.
Hackers typically follow a form of the hacker ethic which dictates that the quest for information and
expertise is essential and that sharing this knowledge is the hackers duty to the community. During
this quest for knowledge, some hackers enjoy the academic challenges of circumventing security
controls on computer systems. For this reason, the press often uses the term hacker to describe those
who illicitly access systems and networks with unscrupulous, malicious, or criminal intent. The more
accurate term for this type of computer hacker is cracker a term created by hackers in the mid
1980s to differentiate the two communities.
2.1.1. Shades of Grey
There are levels of distinction to describe individuals who find and exploit vulnerabilities in systems
and networks. They are described by the shade of hat that they "wear" when performing their security
investigations and this shade is indicative of their intent.
The white hat hacker is one who tests networks and systems to examine their performance and de
termine how vulnerable they are to intrusion. Usually, white hat hackers crack their own systems or
the systems of a client who has specifically employed them for the purposes of security auditing.
Academic researchers and professional security consultants are two examples of white hat hackers.
A black hat hacker is synonymous with a cracker. In general, crackers are less focused on program
ming and the academic side of breaking into systems. They often rely on available cracking programs
and exploit well known vulnerabilities in systems to uncover sensitive information for personal gain
or to inflict damage on the target system or network.
The grey hat hacker, on the other hand, has the skills and intent of a white hat hacker in most situations
but uses his knowledge for less than noble purposes on occasion. A grey hat hacker can be thought of
as a white hat hacker who wears a black hat at times to accomplish his own agenda.
Grey hat hackers typically subscribe to another form of the hacker ethic, which says it is acceptable to
break into systems as long as the hacker does not commit theft or breach confidentiality. Some would
argue, however that the act of breaking into a system is in itself unethical.
Regardless of the intent of the intruder, it is important to know the weaknesses a cracker will likely
attempt to exploit. The remainder of the chapter will focus on these issues.
footer
Our partners:
PHP: Hypertext Preprocessor Best Web Hosting
Java Web Hosting
Inexpensive Web Hosting
Jsp Web Hosting
Cheapest Web Hosting
Jsp Hosting
Cheap Hosting
Visionwebhosting.net Business web hosting division of Web
Design Plus. All rights reserved