HACKING meant to possess extraordinary computer skills able to extend the limits of computer systems and besides that understanding, the victim is an essential component of a successful defense. However, today there are automated tools and codes available on the Internet that make it possible for anyone with a will and desire to hack and succeed. The ease with which system vulnerabilities can be exploited increased while the knowledge curve required to perform such exploits shortened. The concept of the elite/super hacker is an illusion. So HACKAGON listed down the Phases Of Hacking for the ease of HACKERS.
However, hackers are generally intelligent individuals with good computer skills and the ability to create and explore into the computer’s software and hardware. Their intention can be either to gain knowledge or dig around to do illegal things. Attackers are motivated by the zeal to know more while malicious attackers intend to steal data.
About Phases Of Hacking:
The process could be divided into five distinct phases. There are different models but this one is common. White, black or grey hat hackers use the equivalent process. So, it is also important to understand the sequence of phases. Indeed, the result or the output of a phase is used in the following. It is not enough to run just security tools. It is vital to understand the order in which they are used to perform a penetration test complete and realistic.
Reconnaissance is probably the longest phase, sometimes lasting weeks or months. The black hat uses a variety of sources to learn as much as possible about the target victim and how it operates, including:
- Internet searches
- Social engineering
- Dumpster diving
- Domain names management/search services
- Non-intrusive network scanning
The activities in this phase are not easy to defend against. Information about an organization finds its way to the Internet via various routes. Employees are often easily tricked into providing tidbits of information which, over time, act to complete a complete picture of processes, organizational structure, and potential soft spots. However, there are some things you can do which make it much harder for an attacker, including
- Make sure your systems don’t leak information to the Web, including:
- Software versions and patch levels
- Email addresses
- Names and positions of key personnel
- Ensure proper disposal of printed information
- Provide generic contact information for domain name registration lookups
- Prevent perimeter LAN/WAN devices from responding to scanning attempts
Phase#2 Scanning And Enumeration
Once the attacker has enough information to understand how the business works and what information of value might be available, he or she begins the process of scanning perimeter and internal network devices looking for weaknesses, including:
- Port scanners
- Internet Control Message Protocol (ICMP) scanners
- Ping sweeps
- Network mappers
- Simple Network Management Protocol (SNMP) sweepers
- Vulnerability scanners
Scans of perimeter and internal devices can often be detected with intrusion detection (IDS) or prevention (IPS) solutions, but not always. Veteran black hats know ways around these controls. In any case, some steps you can take to thwart scans include
- Shutting down all unneeded ports and services
- Allow critical devices, or devices housing or processing sensitive information, to respond only to approved devices
- Closely manage system design, resisting attempts to allow direct external access to servers except under special circumstances and constrained by end-to-end rules defined in access control lists
- Maintain proper patch levels on endpoint and LAN/WAN systems
Phase#3 Gaining Access
Gaining access to resources is the whole point of a modern-day attack. The usual goal is to either extract information of value to the attacker or use the network as a launch site for attacks against other targets. In either situation, the attacker must gain some level of access to one or more network devices.
In addition to the defensive steps described above, security managers should make every effort to ensure end-user devices and servers are not easily accessible by unauthenticated users. This includes denying local administrator access to business users and closely monitoring domain and local admin access to servers. Further, physical security controls should detect attempts at a hands-on attack, and delay an intruder long enough to allow effective internal or external human response (i.e., security guards or law enforcement).
Finally, encrypt highly sensitive information and protect keys. Even if network security is weak, scrambling information and denying attacker access to encryption keys is a good final defense when all other controls fail. But don’t rely on encryption alone. There are other risks due to weak security, such as system unavailability or use of your network in the commission of a crime.
Phase#4 Maintaining Access
Having gained access, an attacker must maintain access long enough to accomplish his or her objectives. Although an attacker reaching this phase has successfully circumvented your security controls, this phase can increase the attacker’s vulnerability to detection.
In addition to using IDS and IPS devices to detect intrusions, you can also use them to detect extrusions. A short list of intrusion/extrusion detection methods, described in Chapter 3 – Extrusion Detection Illustrated (Extrusion Detection: Security Monitoring for Internal Intrusions, Richard Bejtlich, 2006), includes
- Detect and filter file transfer content to external sites or internal devices
- Prevent/detect direct session initiation between servers in your data center and networks/systems not under your control
- Look for connections to odd ports or nonstandard protocols
- Detect sessions of unusual duration, frequency, or amount of content
- Detect anomalous network or server behavior, including traffic mix per time interval
Phase#5 Covering Tracks
After achieving his or her objectives, the attacker typically takes steps to hide the intrusion and possible controls left behind for future visits. Again, in addition to anti-malware, personal firewalls, and host-based IPS solutions, deny business users local administrator access to desktops. Alert on any unusual activity, any activity not expected based on your knowledge of how the business works. To make this work, the security and network teams must have at least as much knowledge of the network as the attacker has obtained during the attack process. Examples of activities during this phase of the attack include
- Using a tunneling protocol
- Altering log files
This article about Phases Of Hacking is not intended to make you an expert in network defense. Instead, it should serve as an introduction to methods employed by black hat hackers when compromising an information resource. Armed with this information, security professionals are better prepared to prepare for battle, locating and engaging the enemy wherever or whenever necessary.
Note: – This guide is only for knowledge purpose and shouldn’t be used for any illegal activities as we are not responsible for anything happens with this.
Hope you like this article. So, doesn’t forget to share it with your friends and also feel free to drop a comment below if you still face any kind of problem.