List Phases of a Computer Attack

In: Computers and Technology

Submitted By papalvarado
Words 484
Pages 2
List Phases of a Computer Attack
Unit 9 Assignment 1

Phase 1 - Reconnaissance
Reconnaissance is probably the longest phase, sometimes lasting weeks or months. The black hat uses a variety of sources to learn as much as possible about the target business and how it operates, including
* Internet searches
* Social engineering
* Dumpster diving
* Domain name management/search services
* Non-intrusive network scanning
Phase 2 - Scanning
Once the attacker has enough information to understand how the business works and what information of value might be available, he or she begins the process of scanning perimeter and internal network devices looking for weaknesses, including
* Open ports
* Open services

* Vulnerable applications, including operating systems
* Weak protection of data in transit
* Make and model of each piece of LAN/WAN equipment
Phase 3 - Gaining Access
Gaining access to resources is the whole point of a modern-day attack. The usual goal is to either extract information of value to the attacker or use the network as a launch site for attacks against other targets. In either situation, the attacker must gain some level of access to one or more network devices.
In addition to the defensive steps described above, security managers should make every effort to ensure end-user devices and servers are not easily accessible by unauthenticated users. This includes denying local administrator access to business users and closely monitoring domain and local admin access to servers. Further, physical security controls should detect attempts at a hands-on attack, and delay an intruder long enough to allow effective internal or external human response (i.e., security guards or law enforcement).
Finally, encrypt highly sensitive information and protect keys. Even if network security is weak, scrambling information and denying attacker access to…...

Similar Documents

Phases of Attack from a Hacker

...There are five phases that a hacker will go thru when trying to attack your system. Each one is different and requires different ways to limit the hacker’s ability to gain information about your system. The first phase is reconnaissance, this can be passive or active. One of the things that a hacker might try is social engineering to gain information on the system. The best way to combat this, is by training and more training of the employees on the various ways that a hacker will attempt to get information. There is also dumpster diving, the only way to combat this is to make sure that the information that is being of disposed is of such a nature that it is useless to them. Information that they could use to gain access to the system, should be destroyed in such a way that it cannot be reconstructed in any way. Also a hacker could try sniffing the network, this is where system hardening will assist in preventing the hacker from gaining information. The second phase is scanning, in this phase the hacker will try to scan the network to see what information he can obtain to assist him in determining what weakness exist. This scanning he can find out such information as to what type of OS is being used, the version of the OS, and many other things about the network. To help prevent him from getting this information, system hardening is the best defense. This will include but not limited to disabling all ports but those that are needed, turning off certain ICMP features which...

Words: 399 - Pages: 2

Phases of a Computer Attack

...List Phases of Computer Attack The reconnaissance and probing phase is when an attacker collects information to figure out how to attack. This is like a blue print to find out what vulnerabilities exist within a network. They may search the internet to use DNS and ICMP tools within the TCP/IP protocol suite, Standard and customized SNMP tools, Port scanners and mappers, and security probes. The ICMP (Internet Control Management Protocol) ping commands are available on most computer operating systems. It enables attackers to verify that target systems are reachable. They can use the ping command with a number of extension flags to test direct reachability between hosts. The SMTP tools and port scanners are other methods of finding holes within a network. Once an attacker reaches a target network, they may want to explore and see which systems and services are accessible. The attacker may want to use several port-scanning applications. NMap is one of the popular applications to use in this case. They allow an attacker to discover and identify hosts by performing ping sweeps, probe for open TCP and UDP service ports, and identify operating systems and applications running. Once an attacker probes a network for possible vulnerabilities, they must access the target systems. The goal is to establish the initial connection to a target host, and then gain administrative rights to the system. A method of gaining access is to capture or crack passwords. The attacker......

Words: 279 - Pages: 2

Virus Attacks

...systems, including networks used by the application. The contingency plans should ensure that interfacing systems are identified and contingency/disaster planning coordinated.” Components of Contingency Planning Incident Response Plan The incident response plan (IRP) is a detailed set of processes and procedures that anticipate, detect, and mitigate the impact of an unexpected event that might compromise information resources and assets. In CP an unexpected event is called an incident. An incident occurs when an attack (natural or man-made) impacts information resources and/or assets, whether through actual damage or the act of successfully attacking. Incident response (IR), then, is a set of procedures that commence when an incident is detected. The IRP is usually activated when an incident causes minimal damage—according to criteria set in advance by the organization—with little or no disruption to business operations. When a threat becomes a valid attack, it is classified as an information security incident if: • It is directed against information assets • It has a realistic chance of success • It threatens the confidentiality, integrity, or availability of information resources and assets It is important to understand that IR is a reactive measure, not a preventative one. During the incident First, planners develop and document the procedures that must be performed during the incident. These procedures are grouped and assigned to......

Words: 3573 - Pages: 15

Threats and Attacks to Computer Network

...Chapter 4 Threats and Attacks to a Computer Network Research shows that “threats to the computers and networks have been an issue since computers began to be used widely by the general public. Nowadays, any computer or network that is connected to the Internet is at risk” (http://infopeople.org/resources/security/basics/threats_vulnerabilities.html, 2008) There are unlimited different types of threats exists in computer networking field but in this report mainly six different common but important threats were discussed. 4. 1 Spoofing Spoofing is a technique used to hide identity of traffic originator or assume identity of trusted entity or fooling a computer into believing which actually you are not. The most common spoof is email where a hacker pretend to be a different internet address from the one you have just to gain his/her credit card no, passwords, personal information or to theft any identity. Spoofing normally involves sending many packets/messages pretending to be a real legitimate person and spoofed IPs are very hard to back track. There are many different types of spoofing, such as ▪ IP addresses, MAC addresses changing attacks ▪ Link alteration ▪ DNS server spoofing attack ▪ Content theft ▪ E-mail address changing attack 4.2 How Penetration Attack Works? Penetration attack is basically to an attempt to break the security features of a system in order to understand the system or system design and implementation. The main purpose of......

Words: 934 - Pages: 4

Lists, Lists and More Lists

...the POP is the local telephone exchanged that the modem dials into to log in. 4. Long Distance service is made by an interexchange (IXC). This component is used to connect LEC’s together in different LATA’s. 5. The fixed line refers to devices connected by cable. A fixed line phone is wired to a telephone jack on the wall. Cellular Telephones are a lot like a two way radio that carries a full-duplex conversation. These components that make this up are; 1. Voice, transmitted information in a format similar to a fixed line, when it first came out. There were a lot of lost calls when it was implemented. Now that is very rare. 2. Data, started out at 2g, and now we are using 4g, making our cell phones more and more like computers. Telephone Network Topology consists of the following components 1. The demarcation point is the location within a home or office where the line from a telephone company enters the building. This point is also known as the minimum point of entry (MPOE) 2. The access network connects directly to the end user, and also connects to the backbone. The switching points in the backbone could be buildings on a campus or cities in a country. 3. Equipment includes all the wires, fiber-optic or copper, that connect a few different components together. This also includes Switches. 4. Regional/Metro Networks are a communication network that covers a geographical area such as a town, city, or suburb. Cable TV 1.......

Words: 685 - Pages: 3

Phases of Attack from a Hacker

...Phases of Attack from a Hacker There are five phases that a hacker will go thru when trying to attack your system. Each one is different and requires different ways to limit the hacker’s ability to gain information about your system. The first phase is reconnaissance, this can be passive or active. One of the things that a hacker might try is social engineering to gain information on the system. The best way to combat this, is by training and more training of the employees on the various ways that a hacker will attempt to get information. There is also dumpster diving, the only way to combat this is to make sure that the information that is being of disposed is of such a nature that it is useless to them. Information that they could use to gain access to the system, should be destroyed in such a way that it cannot be reconstructed in any way. Also a hacker could try sniffing the network, this is where system hardening will assist in preventing the hacker from gaining information. The second phase is scanning, in this phase the hacker will try to scan the network to see what information he can obtain to assist him in determining what weakness exist. This scanning he can find out such information as to what type of OS is being used, the version of the OS, and many other things about the network. To help prevent him from getting this information, system hardening is the best defense. This will include but not limited to disabling all ports but those that are needed,......

Words: 366 - Pages: 2

Sec 571 Phase 1

...strategy is to offer low-cost design and computer-aided modeling packages to customers to reduce their development expenses. AS will help the customer through all phases of new product deployment, from initial prototypes through final large-volume production and assembly. By involving itself in all phases of customer product development, AS hopes to establish long-term relationships and secure repeated follow-on business with its customers. In addition, AS continues to invest heavily in workforce education and training, so as to improve capability to serve its customers. Security Vulnerabilities Although AS has a strong security system in place, there are a few weaknesses, and vulnerabilities that could be exploited. The main vulnerability I have seen is the hardware architecture set up for the company. There is no firewall for the Commercial Division and the Defense Division goes through a router to the main switch. Not having a firewall to protect CO as well as the DD router are major weaknesses that can and might be exploited. This configuration weakness could compromise the network. Orbit-Computer Solutions states that this security hole could be used by an experienced attacker to cause problems and public humiliation.(orbit 2014) According to an article printed on Cisco Press on feb 8 2012 lists four reasons to have firewall protection. The first being Downstream liability which means the hacker can take AS info and use to attack another company. (cisco......

Words: 2168 - Pages: 9

Attack Prevention

...Attack Prevention Delontey Mango CMGT441 May 31, 2011 Robert Markovic Attack Prevention The following paper will try to answer and explain the importance of protection and address antivirus software’s that prevents viruses from attacking personal and corporation computers. Protecting personal and corporate computer at home or office is very important. It comes to the IT community that no matter how hard a client tries or do viruses will intrude his or her network one day. The importance of virus prevention is to save data and hardware. The software companies give clients tools and directions on how to prevent virus from attacking computers. Antivirus software can prevent some but not all viruses from attacking. The article states “It is a sort of “sleuth and burglar” game being played by antivirus and virus producers. The most and ever updated antivirus, shields you against all defined threats till that time. You can subscribe to auto update feature which works for you behind the screens giving the best possible protection when you go online” (Secureurpc, 2010). This protection software advises the client about suspicious files. When a client cannot catch or kill a worm know as a virus, this software will allow the client to quarantine and run a full scan of the network. Spyware prevention and pop up blockers helps in preventing viruses on a network. As soon as a client connects to the Internet spyware is the automated software that launches and display a......

Words: 680 - Pages: 3

Attack Methodology and Countermeasures

...Attack Methodology and Countermeasures Strayer University SEC420 Professor Gillen July 24, 2015 Attack Methodology and Countermeasures When most people hear the term “hacker” they think of an evil person committing crimes by hacking into their computers to steal, destroy and/or steal identities. This is so in some cases, but not all hackers are bad. Hackers are merely curious technically skilled individuals who gain unauthorized access to computers, networks of various companies, organizations and individuals. Good hackers are considered white hat hackers. They are the ones, who are hired to break into systems as a way of testing the vulnerabilities and security issues that may be present in the computer system. Consider this: company XYZ, a mid-sized corporation, is in the middle of satisfying their regulatory compliance needs.  The manager of security at the company has been tasked by the CIO (Chief Information Officer) to report on the company’s current security posture. If the manager decided to outsource an ethical or white hat hacker in attempt to test their security measures. Over the course of this document various things the third party hacker would need from the company, things he or she would provide to the company and some predictions for the tests. In order to exploit the targeted systems the initial steps to gain as much information as possible about the targets. In this case, the manager is the contact in which questions may be posed. The hacker......

Words: 1432 - Pages: 6

Cyber Attacks

...Cyber Attacks on the Government’s Transportation Grid Breaches and Security Implications by Penetration of the Western Interconnection’s  Traffic Control System and its Effects on Modern Day Life  Year after year, a number of films are released involving computer hacking of some sort along with cyber-villainy. As entertaining as they are, the validity of these possibilities is not explored. Many of these films center revolve around a chaotic vehicle-related scene where a form of the government’s transportation grid is compromised. The breach typically involves traffic control. As the stoplights and streetlights are in a state known as gridlock, external hackers usually make the situation as unruly as humanely plausible. However, the very nature of this unfortunate scenario can only be determined once the backgrounds of the systems that control it are thoroughly studied.  The contiguous United States is divided into three main alternating current power grids.  The Western Interconnected System, or Western Interconnection, is the one applicable to those  of us living in California. The electric utilities functioning in this region are tied together,  operating at 60Hz. While the grid is currently electrically powered, research by the National  Renewable Energy Laboratory (NREL) in Colorado indicates the Western Interconnection can  handle higher levels of renewable energy, in a quest to implement alternative energy sources. If  integrated correctly, the NREL......

Words: 3038 - Pages: 13

Attacks

...threat When infected restricts you to access to a computer system. This will become more refined in its targets and methods. Experts predict that the variants of ransomware that hurt the security software that are installed within a computer may particularly target the endpoints which sign up with cloud-based storage solutions like Google Drive, Dropbox, OneDrive and many more. On detecting the endpoint, ransomware will exploit the stored personal credentials of the logged-in user and will even infect the cloud storage that is backed up. McAfee has warned that ransomware attackers will try out as many ways possible to shell out ransom payments from their victims. Degree of damage The most advanced and most damaging ransomware in the wild at the moment, specifically targeting U.S. businesses and individuals. It's a $70 million per year criminal enterprise. Its magnitude is now confirmed by law enforcement. Some quick math shows $18,145 in costs per victim, caused by network mitigation, network countermeasures, loss of productivity, legal fees, IT services, and/or the purchase of credit monitoring services for employees or customers. As you can see, the total costs of a ransomware infection goes well above just the ransom fee itself, which is usually around $500 but can go up to $10,000. What it attacked Ransomware is a type of malware that infects a computer and restricts a user’s access to the infected computer. This type of malware, which has now been......

Words: 2057 - Pages: 9

Defense Attacks

...The Department of Defense (DoD) manages one of the largest and most targeted networks, up to 250,000 attacks per day. (Daniel Gouré, 2015) As a member of this organization, I see the low level applications set forth by the strategic minds of the DoD Chief Information Officer and Secretary of Defense. As the organization that laid the foundation for the internet, the DoD has evolved over the years reacting to the vulnerabilities and threats to their vast information systems. Past breaches have illustrated how vulnerable the networks are, and we can look at history to see the development of the defense networks and security. The DoD made a large impact across the computer security field with their security handbook called the “Orange Book”. The official name for the Orange Book is “DoD 5200.28-STD, Department of Defense Trusted Computer System Evaluation Criteria”, which was first written in 1983 and further updated in 1985. (Department of Defense, 1985) It is the computer system criteria book within a series of security related guides and directives called the “Rainbow Series,” which are the numerous standards and guidelines published by the Department of Defense. The document laid the foundation for the communication between the developers and the customers. The model was based on systems meeting six security requirements: security policy, marking of objects, identification of subjects, accountability, assurance, and continuous protection. After evaluation, the system is......

Words: 2282 - Pages: 10

Computer Xml Attacks

... The world we live in is a very computer generated and program used place. Not only do we use computers in almost every facet or way of life, with our main computers… (IE: Cellphone, Home PC, or Laptop) many of us couldn’t function on a daily basis. The codes that keep us safe or that allow us to communicate with the rest of civilization can also be the same codes or schemes used against us by hackers to gain information that could have the potential to cause Identity Theft. One of the most famous website used by men & women (ages 35-50) is Facebook. Beginning in 2011, Mark Zuckerberg had Facebook run a "Bug Bounty" program which offers cash rewards to find and report security bugs in its servers. To date, one of the biggest payouts was a modest $33,500. This payment went to a Brazilian researcher for identifying and reporting a critical vulnerability within a Facebook XML interface using an XML External Entity. An XML External Entity or XXE attack targets the primary weakness in server XML processors. These attacks are used on servers and network machines to parse XML messages. The effects of a successful XXE attack are severe. Attackers may gain arbitrary access to all local, shared, and even secure files. Plus gain info and access to TCP/IP connections on the vulnerable machine to launch a data breach or DOS attacks. The informative markup language or XML, is designed to help structure, store, and transfer data. Because of its platform independence, flexibility, and......

Words: 425 - Pages: 2

List All Four (4) Phases of Top-Down Network

...1. List all FOUR (4) phases of Top-Down Network Approach as outlined by CISCO. • Analyze Requirements • Logical Network Design • Physical Network Design • Testing, Optimizing, and Documenting the Network Design 2. Briefly explain each of the following terms. a. Reliability : Reliability is an attribute of any computer-related component (software, or hardware, or a network) that consistently performs according to its specifications. b. Availability : A measure of how much time a network or a connection is running. c. Efficiency : Accomplishment of or ability to accomplish a job with a minimum expenditure of time and effort d. Delay : The interval of time between sending and receiving of data. e. Accuracy : Data received are exactly match with data sent. 3. Differentiate between Bandwidth, Throughput and Goodput. BW: The amount of data that can be transmitted in a fixed amount of time TP: The quantity of error free data transmitted in amount of time GP: Goodput can be described as measuring the throughput at the application level (without the over head) 4. What do you understand of “Making a tradeoff” in analyzing technical goals during analyzing requirements of new network design? Giving up one advantage in order to gain another and in networking it is measured in percentage. 5. Name ANY THREE (3) types of traffic......

Words: 259 - Pages: 2

Phases of a Computer Attack

...THOMAS FORD IT255 MR. CARTER LIST PHASES OF A COMPUTER ATTACK Phase 1 - Reconnaissance Reconnaissance is probably the longest phase, sometimes lasting weeks or months.  The black hat uses a variety of sources to learn as much as possible about the target business and how it operates, including * Internet searches * Social engineering * Dumpster diving * Domain name management/search services * Non-intrusive network scanning Phase 2 - Scanning Once the attacker has enough information to understand how the business works and what information of value might be available, he or she begins the process of scanning perimeter and internal network devices looking for weaknesses, including * Open ports * Open services * Vulnerable applications, including operating systems * Weak protection of data in transit * Make and model of each piece of LAN/WAN equipment Phase 3 - Gaining Access Gaining access to resources is the whole point of a modern-day attack.  The usual goal is to either extract information of value to the attacker or use the network as a launch site for attacks against other targets.  In either situation, the attacker must gain some level of access to one or more network devices. In addition to the defensive steps described above, security managers should make every effort to ensure end-user devices and servers are not easily accessible by unauthenticated users.  This includes denying local administrator access to business users and closely......

Words: 485 - Pages: 2