2007 A Hacking Odyssey – Reconnaissance
The aim of this series of papers that will take an in-depth look at how someone maytarget and electronically break into an organisation, is to educate people who may betasked with looking after and securing a corporate network to do so in an effectivemanner.My personal outlook on this issue is that if you have no idea about the steps a would-beattacker will take to try and gain access to your systems, then you as an administrator cannot effectively secure your system to an acceptable standard. Some people may disagreeabout the concept of demonstrating to people how to gain access to networks they are notmeant to, whilst others agree with the ‘full disclosure’ approach.Take a firewall for example – if you don’t understand the steps an attacker will gothrough to try and get traffic through your firewall, then how can you stop them for doingit? All you can do is configure it the best way you know how and hope it is good enough.
Hacking, Cracking, Hackers and Crackers
Before I start:If some innocent looking young teenager came up to you and starting talking abouthackers and hacking, then chances are you, being the IT professional that you are wouldmentally dismiss him as not understanding what he was talking about, just because heused the work ‘hack’. Yet, if a university professor type person in his fifties wearing atweed coat, glasses and smoking a pipe came up to you and starting talking about hackersand hacking then you would more than likely listen to every word he says…… why isthis?Well, the term ‘Hack’ or ‘Hacker’ is a word coined by the media to mean anyone trying to break in to something IT related, whether it’s a Network, Computer or any other type of electronic system.The more realistic term to use when talking about a hacker in the way the media’s term ismeant, is to use the word ‘Cracker’ or ‘Attacker’. A cracker/attacker is someone who triesto gain access to things they have absolutely no right to be accessing. A hacker issomeone who tries to make something function in a way it was not originally designed todo; they ‘hack it apart’.Take an email program for example; a hacker may try to make this email program sendsomething other than an email, thereby making it do something it is not meant to do.Whereas an attacker/cracker will try to gain a level of access to it and read the usersemails contained within the application.People who are new to the IT community will often innocently use the word hacker until