Introduction

Previous page
Table of content
Next page

As you begin this chapter, ask yourself… "Hacker tools; can any good come from these?" The answer is yes. Even though these seemingly malicious programs were designed with bad intentions or as a simple proof of concept, many can be used to verify that a network can withstand common attacks. Although you will not want to launch attacks on your own network with any of the tools listed within this chapter, having knowledge of them will help you to learn what may be exploitable on your network. This chapter examines the malicious hacker programs, why they are problematic, and what you can do to protect yourself-all of this while preparing for the SSCP exam.

So, does this mean that anyone who writes code is an evil hacker waking each day to stir your network up? No, it cannot all be blamed on hackers. Many times, the problem lies in the design of the application. From poor coding and back doors to buffer overflows, application exploits offer an easy path to damage and destruction. No matter what method is used, the attacker is sure to perform some type of reconnaissance. Be it probing, sniffing, or scanning, the attacker will need to determine what they are up against. This is serious business. They are a determined bunch. They will even resort to digging through your trash, which is called dumpster diving. Perhaps you have heard of it?

So what else is covered in this chapter? Other exploits such as this one… "This is the Vice President of Engineering. Would you mind giving me my password? I seemed to have forgotten it." Surprise! You have just seen social engineering at work. It is nothing more than manipulating individuals to extract valuable information such as usernames and passwords.

It is important for SSCP's to understand the basics of how intrusion techniques, malicious code (also know as malware), and system attacks work, even though intruders and attackers do not necessarily understand the technicalities of what they are doing. This chapter provides overviews of the technical aspects of various types of intrusions and attacks. It also covers malware, tools, and the aspects of an attack, which include:

  • Scanning for open ports on a targeted network

  • Disguising the attacker's Internet Protocol (IP) address and other identifying information

  • Placing software constructs or hardware devices (such as Trojan horse programs or keystroke monitors) to gather preliminary data that will help the attacker carry out the attack

Test Day Tip 

It is very important that you fully understand the concepts outlined in this chapter for the SSCP exam. Make sure that you are comfortable with malware concepts inside and out.


Previous page
Table of content
Next page
SSCP Systems Security Certified Practitioner Study Guide
SSCP Study Guide and DVD Training System
ISBN: 1931836809
EAN: 2147483647
Year: 2003
Pages: 135
Authors: Jeffrey Posulns, Robert J. Shimonski, Jeremy Faircloth
BUY ON AMAZON
Beginning Cryptography with Java
The .NET Developers Guide to Directory Services Programming
MySQL Clustering
MySQL Cookbook
Comparing, Designing, and Deploying VPNs
Python Standard Library (Nutshell Handbooks) with
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy