Manualshelf

Datasheet

ManualsBrandsFor Dummies ManualsSoftware978-0-470-48738-9
12345678910
1040
Identifying Types of Attacks
data into the site to manipulate your database server into executing the
code that the hacker wants to execute — and this happens because the
hacker understands the technologies being used.
The two types of hackers are
White-hat hackers, who try to “hack” or break software or hardware so
as to understand how to protect the environment from black-hat hack-
ers. These are the good guys.
Black-hat hackers break into a system or network for malicious reasons
or for personal gain. The reasons could be for financial gain, bragging
rights, or revenge.
Hackers use a number of different types of attacks to hack into a network or
an OS. Sometimes an attack lays the groundwork for a future or different
type of attack: that is, the initial attack does not seem all that dangerous,
but it is used in the future to gain unauthorized access.
This section outlines some of the most popular types of attacks that can
happen in networking environments today.
Social engineering attacks
A social engineering attack occurs when a hacker tries to obtain information
or gain access to a system through social contact with a user. Typically, the
hacker poses as someone else and tries to trick a user into divulging per-
sonal or corporate information that allows the hacker access to a system or
network.
For example, a hacker calls your company’s phone number, listed in the
phone book, and poses as a technical support person for your company.
He tells the user who answers the phone that a new application has been
deployed on the network, and for the application to work, the user’s pass-
word must be reset. After the password is reset to what the hacker wants,
he might “verify” with the user the credential that the user uses. A user who
is not educated on social engineering might divulge important information
without thinking.
A social engineering attack is an attack where a hacker tries to trick a user
or administrator into divulging sensitive information through social contact.
After the sensitive information is obtained, the hacker can then use that
information to compromise the system or network.
This example might sound unrealistic, but it happens all the time. If you
work for a small company, you might not experience a social engineering
attack. In a large corporate environment, though, it is extremely possible
49_487389-bk09ch01.indd 104049_487389-bk09ch01.indd 1040 9/10/09 11:03 PM9/10/09 11:03 PM