Networking Fundamentals, 3rd Edition page 446

Copyright Goodheart-Willcox Co., Inc. 446 Networking Fundamentals Hacking Th e term hacker truly describes any computer enthusiast who simply experiments with systems to learn about them. Th e term hacker does not necessarily imply crim- inal activity or behavior. Th ere are three basic types of hackers: white-hat, black-hat, and gray-hat. White-hat hackers conduct themselves ethically and legally. Some are employed as penetration testers. Black-hat hackers, or crackers, are those who com- mit crimes with their hacking skills. It should be noted that this is actually a small segment of the hacking community. Gray-hat hackers are those who are generally white hat but occasionally drift into the black-hat arena. For the sake of clarity, any- one who gains access to a system he or she is not authorized to access is referred to in this text as an intruder. Common Network Security Breaches Th e topic of network security is very complex and would easily fi ll thousands of pages. In its simplest form, network security comprises two main elements: authen- tication and encryption. Authentication, or local authentication, is the process used to identify a user and ensure the user is who he or she claims to be. Encryption is a method of using an algorithm to encode data. Typically, authentication is accom- plished through a combination of username and password. Th is method is probably the one with which you are most familiar. However, authentication alone is insuffi - cient. Safeguards must be in place to protect a network fully. In this next section, the most commonly encountered security breaches are covered to provide a basic understanding of network vulnerability. It may come as a surprise to learn that people, not equipment, generate most security breaches. Unprotected Network Shares Many times employees will set up a network share to allow other employees to ac- cess or copy their fi les. What they do not realize is that setting up a network share with minimal to no security sets up a possible entry point for an attack from the outside. Many hacker tools can probe and access available shares on a network. Th is is a common way networks are compromised. Employees also create network shares with minimal to no security so that they might be able to access their own fi les from home. Network shares with minimal to no security, such as the one shown in Figure 15-1, and those with remote access enabled combine for a security breach waiting to happen. Social Engineering Social engineering is a term used to describe the manipulation of personnel through deceitful means to gain security information. One of the weakest security areas is the lack of security awareness of typical users and their respect for assumed authority. For example, consider the following scenario. A telephone rings on an ad- ministrator’s desk and the following conversation takes place: ■ Caller: Hello. Th is is Bob down at IMS operations conducting a security check. We believe we may have an intruder in our system. ■ Admin: Yes. What can I do to help? 4.2 NET Tech Tip The term vulnerability most often refers to a weakness in network security. Exploit is used to describe an attack that acted on a vulnerability. 4.4 NET 4.4 NET

Previous Page Next Page

Networking Fundamentals, 3rd Edition Page 446 (468 of 720)

Resources and Downloads

Help