Manualshelf

Datasheet

ManualsBrandsFor Dummies Manualsbooks978-0-470-55093-9
12345678910
15
Chapter 1: Introduction to Ethical Hacking
Social engineering is the exploitation of the trusting nature of human beings to
gain information for malicious purposes. Check out Chapter 5 for more infor-
mation about social engineering and how to guard your systems against it.
Other common and effective attacks against information systems are physical.
Hackers break into buildings, computer rooms, or other areas containing criti-
cal information or property to steal computers, servers, and other valuable
equipment. Physical attacks can also include dumpster diving — rummaging
through trash cans and dumpsters for intellectual property, passwords, net-
work diagrams, and other information.
Network infrastructure attacks
Hacker attacks against network infrastructures can be easy because many
networks can be reached from anywhere in the world via the Internet. Some
examples of network infrastructure attacks include the following:
Connecting to a network through an unsecured wireless router attached
behind a firewall
Exploiting weaknesses in network protocols, such as TCP/IP and NetBIOS
Flooding a network with too many requests, creating a denial of service
(DoS) for legitimate requests
Installing a network analyzer on a network and capturing every packet
that travels across it, revealing confidential information in clear text
Operating system attacks
Hacking an operating system (OS) is a preferred method of the bad guys. OS
attacks make up a large portion of hacker attacks simply because every com-
puter has an operating system and OSes are susceptible to many well-known
exploits.
Occasionally, some operating systems that tend to be more secure out of the
box — such as Novell NetWare and OpenBSD— are attacked, and vulnerabili-
ties turn up. But hackers often prefer attacking Windows and Linux because
they are widely used and better known for their weaknesses.
Here are some examples of attacks on operating systems:
Exploiting specific network protocol implementations
Attacking built-in authentication systems
Breaking file system security
Cracking passwords and weak encryption implementations