Читать книгу Hacking For Dummies - Kevin Beaver - Страница 39

Malicious attackers often think and work like thieves, kidnappers, and other organized criminals you hear about in the news every day. The smart ones devise ways to fly under the radar and exploit even the smallest weaknesses that lead them to their targets. Following are examples of how hackers and malicious users think and work. This list isn’t intended to highlight specific exploits that I cover in this book or tests that I recommend that you carry out, but it demonstrates the context and approach of a malicious mindset:

 Evading an intrusion prevention system by changing the MAC or IP address every few minutes (or packets) to get farther into a network without being blocked.

 Exploiting a physical security weakness by being aware of offices that have already been cleaned by the cleaning crew and are unoccupied (and, thus, easy to access with little chance of getting caught). For example, such a weakness might be made obvious by the fact that the office blinds are opened, and the curtains are pulled shut in the early morning.

 Bypassing web access controls by elevating their privileges via a vulnerable web page, the application’s login mechanism, or a vulnerable password reset process.

 Using unauthorized software that would otherwise be blocked at the firewall by changing the default TCP port on which it runs.

 Setting up a wireless “evil twin” near a local Wi-Fi hotspot to entice unsuspecting Internet surfers onto a rogue network, where their information can be captured and easily manipulated.

 Using an overly trusting colleague’s user ID and password to gain access to sensitive information that they’d otherwise be highly unlikely to obtain and that could then be used for ill-gotten gains.

 Unplugging the power cord or Ethernet connection to a networked security camera that monitors access to the computer room or other sensitive areas and subsequently gaining unmonitored system access.

 Performing SQL injection or password cracking against a website via a neighbor’s unprotected wireless network to hide the malicious user’s own identity.

Malicious hackers operate in countless ways, and this list presents only a small number of the techniques hackers may use. IT and security professionals need to think and work this way to find security vulnerabilities that may not otherwise be uncovered.