Summary of Exam Objectives

The sheer number of ways that a hacker can intrude or attack a network can be overwhelming. As soon as one security hole is plugged, dozens more are discovered or created. Some of these methods are so subtle that no one might ever realize the network's security has been compromised. Others are so blatant that everyone will know instantly. Remember, for every exploit that is known, there is probably one that is being used by a black hat hacker for profit.

Attackers range from charmers with lots of people skills who can persuade legitimate users to provide the credentials they need to break into the system, to technical "whiz kids" who can exploit the characteristics of network protocols, applications, and OSs, to technically unsophisticated hacker "wannabes" who use scripts, graphical user interface (GUI) tools, and Web sites created by others to carry out their attacks. The attacks themselves can range from denials of service that disrupt communications on the entire network to benign viruses that do no more than pop up an annoying message window. In many cases, the goal of an attack is to plant a back door into the system that will allow the hacker to reenter later at will.

The good news is that you can take many steps to prevent technical exploits on your systems. In fact, applying all the current patches, fixes, service packs, and other upgrades and running good antivirus software with updated virus file definitions will go a long way toward keeping intruders out and attackers at bay. The bad news is that administrators must be constantly vigilant to guard against new threats that appear on a daily basis. The state of hacking has reached the point at which anyone and everyone who wants to launch an attack can do so, and the incidence of "drive-by hacking" has increased with the advent of easy-to-use hacking tools.



SSCP Systems Security Certified Practitioner Study Guide
SSCP Study Guide and DVD Training System
ISBN: 1931836809
EAN: 2147483647
Year: 2003
Pages: 135

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net