ETHICAL HACKING (PART-2)
● Security consists of. Confidentiality Authenticity Integrity Availability
● Perform DOS: hacker attacks the Availability elements of systems and network. main purpose is to use up system resources or bandwidth.
● A flood of incoming messages to the target system essentially forces it to shut down, thereby denying service to legitimate users of the system
● Information Theft: stealing passwords or other data as it travels in clear text across trusted networks, is a Confidentiality attack, because it allows someone other than the intended recipient to gain access to the data. This theft isn’t limited to data on network servers. Laptops, disks, and backup tapes are all at risk. Company owned devices r loaded with confidential information and can give a hacker information about the security measures in place at an organization.
Target of Evaluation:
Target of Evaluation (TOE) A system, program, or network that is the subject of a security analysis or attack. Ethical hackers are usually concerned with high-value TOEs,systems that contain sensitive information such as account numbers, passwords, Social Security numbers, or other confidential data. It is the goal of the ethical hacker to test hacking tools against the high-value TOEs to determine the vulnerabilities and patch them to protect against exploits and exposure of sensitive data.
An attack occurs when a system is compromised based on a vulnerability. Many attacks are perpetuated via an exploit. Ethical hackers use tools to find systems that may be vulnerable to an exploit because of the operating system, network configuration, or applications installed on the systems, and to prevent an attack.
Comments
Post a Comment