ETHICAL HACKING (PART-2)

THE GOALS OF ATTACKERS TRY TO ACHIEVE :

 ●  Security consists of. Confidentiality Authenticity Integrity Availability

 ● Perform DOS: hacker attacks the Availability elements of systems and network. main purpose is to use up system resources or bandwidth.

 ● A flood of incoming messages to the target system essentially forces it to shut down, thereby denying service to legitimate users of the system

 ● Information Theft: stealing passwords or other data as it travels in clear text across trusted networks, is a Confidentiality attack, because it allows someone other than the intended recipient to gain access to the data. This theft isn’t limited to data on network servers. Laptops, disks, and backup tapes are all at risk. Company owned devices r loaded with confidential information and can give a hacker information about the security measures in place at an organization.

ETHICAL HACKERS SKILL SET :                                                                                                                                    

knowledgeable about computer programming, networking, and operating systems.  In-depth knowledge about highly targeted platforms (such as Windows, Unix, and Linux) is also a requirement. Patience, persistence, and immense perseverance are important qualities for ethical hackers because of the length of time and level of concentration required for most attacks to pay off.  Networking, web programming, and database skills are all useful in performing ethical hacking and vulnerability testing.  an ethical hacker will act as part of a “tiger team” who has been hired to test network and computer systems and find vulnerabilities.  In this case, each member of the team will have distinct specialties, and the ethical hacker may need more specialized skills in one area of computer systems and networking. Most ethical hackers are knowledgeable about security areas and related issues but don’t necessarily have a strong command of the countermeasures that can prevent attacks. 

ECTHICAL TERMINOLOGY :                                                                                                              

            Target of Evaluation:

                              Target of Evaluation (TOE) A system, program, or network that is the subject of a security analysis or attack. Ethical hackers are usually concerned with high-value TOEs,systems that contain sensitive information such as account numbers, passwords, Social Security numbers, or other confidential data. It is the goal of the ethical hacker to test hacking tools against the high-value TOEs to determine the vulnerabilities and patch them to protect against exploits and exposure of sensitive data.

 Attack:  

               An attack occurs when a system is compromised based on a vulnerability. Many attacks are perpetuated via an exploit. Ethical hackers use tools to find systems that may be vulnerable to an exploit because of the operating system, network configuration, or applications installed on the systems, and to prevent an attack.