If you’re a home user and only have the basics (firewall + anti-virus/spyware), you don’t stand a chance against a more sophisticated hacker. Your anti-virus/spyware software won’t detect their presence and you won’t see any errant computer behavior. The hacker is going to do all kinds of things to your computer that you won’t even be aware of, including but not limited to: making configuration changes; swapping out legitimate programs and utilities; disabling certain security features; and taking anything and everything of possible interest. After he’s obtained what he’s looking for, he’ll erase every trace of his activities and tools from your computer and disappear.
The need to understand who & what is attacking you is extremely necessary. In order to prevent attacks, you must know how the attacker works & there methods. Then you know how they work, and can prevent it.
Who are Black Hat Hackers?
Black hat hackers are malicious attackers. You may think of them as bullies, or criminals. Out to steal many things, including usernames and passwords, account information, and your identity. Black Hat Hackers, are the “bad guys” of hacking.
Brute Forcing
BruteForcing is the process in witch an attacker uses a program to “guess” your password. The program is guessing a lot of passwords, attempting to force itself in. Usually the program has a text file of passwords it should guess. Bruteforcing is usually used for login information once your account name or ID is known.
Brute Forcing
BruteForcing is the process in witch an attacker uses a program to “guess” your password. The program is guessing a lot of passwords, attempting to force itself in. Usually the program has a text file of passwords it should guess. Bruteforcing is usually used for login information once your account name or ID is known.
Solution: Make very strong passwords! 10 Characters or more! Include CAPS and lowercase, Numbers, and a mix of them
Viruses and Trojans
No doubt, I could go on all day about these. Viruses and Trojans are malicious programs or scripts, meant to hurt or steal information. These both have sub-categories. Trojans are a parent definition. Trojans could be a RAT or a Keylogger. A virus could be a Script file. Rogue or fake software could also be put here.
Solution: Installing a good Anti-Spyware, Anti-Virus and Firewall.
Recommended downloads:
Vulnerabilities
Vulnerabilities exist no matter what. This is a non-stop processes. You could think of a vulnerability as a whole in the road. It’s causing drivers danger, one of them could drive into this whole. A vulnerability allows a hacker to run a remote script or program onto your system and gain access or perform malicious activity. Vulnerabilities could include: Misconfiguration, Non-Updated system/applications, and open ports.
Solution: Learn about penetration testing and security management. Running routine tests on your PC help.
Recommended downloads:
Abuse of trust
Pretty self-explanatory. You could think of this as a friend or co-worker. Putting trust into this users to allow them to use your system, without watching them. They could install programs, physically damage your PC, or infect you via USB drive.
Solution: Use a Screen-locker software and strong passwords on your PC. Make sure you know who is on your PC and when! If other users must logon make them a “guest” account, and monitory what they do.
Misconfigurations
These could include: Browser, Programs, and Operating System misconfigurations. A misconfiguration is a setting that could allow someone to take advantage of that application. For example: Firefox default allows JavaScript, this could be a misconfiguration cause many hackers use JavaScript for attacks. Leaving this option on could be called a misconfiguration.
Solution: Learn about penetration testing and security management. Running routine tests on your PC help.
Dos and DDoS
Dos: Denial of service
DDoS: Distributed Denial Of Service
DDoS: Distributed Denial Of Service
Don’t mix the two! You could think of Dos as 1 user attacking, and DDoS as more then one user or distributed. These attacks usually cause a ‘bottleneck’ in a system or server. You could think of this as sending so much information to a system that it doesn’t allow proper packets and requests to flow. A good reference is homework. A kid at school gets 3 papers of homework, that’s okay, he can do it. Then ALL HIS OTHER teachers give him 3 papers of homework, and now all of a sudden its difficult for him to complete all of his tasks. So he does the paper with the most value (math, history).
Solution: Firewall, Intrustion Detection system, Intrustion Prevention System, Close un-needed ports.
Social engineering
Phishing and Shoulder Surfing are good examples of this. Social engineering is basically lying or convincing someone to do something that will allow the hacker to take vital information, or gain from it. Shoulder surfing is just watching a person type from behind them, or ‘stealth browsing’. Phishing is the processes in witch a hacker or programmer copies the page source of say, google.com and makes a site called G00gle. Now he puts the source into his site and tells users to log into his site by exploiting the ‘spoof’ technique or ‘Hyperlink’ system. This allows the hacker to make the site look legitimate.
Solution: Don’t be easy to persuade. Check links before you click them, make sure you are always on top of what’s going on.
CGI and Web based applications
These are applications on which sites host JavaScript games, ChatBoxes, and other server objects. These are particularly exploitable due to poor programming.
Solution: Learn web programming and do it yourself. JavaScript, PHP, HTML & Perl will all help.
Security Packages
Don’t mix with Internet Security Suits. ‘Security Packages’ are sets of security software that are known to be compatible with each other. This is not all limited to one company or maker.
My recommendation is to use the above tips and tools. The only way to protect yourself is to patch up the holes.
My recommendation is to use the above tips and tools. The only way to protect yourself is to patch up the holes.
0 comments:
Post a Comment