Host Security  «Prev  Next»

Lesson 4Hackers
ObjectiveHow hackers get into a System

How Hackers get into System

Explain how hackers get into a system.
Hackers are a threat to any machine on the Internet. The explicit purpose of hackers may not be to cause harm to your machine; they might simply be playing around or looking for software to steal. However, hackers will cost you system resources, administration time, and possibly material damage, because once your system has been compromised, you can no longer trust its operability. The following describes some of the various ways hackers gain access to systems.

User oversights

The most common way that hackers gain access to a machine is by obtaining a system user's password. One way to obtain passwords is through social engineering[1], such as masquerading as a systems engineer to illicitly obtain passwords of users . In other instances, hackers simply find user passwords lying around on a piece of paper. Finally, users sometimes reuse passwords, making it easier for a cracker to enter the system.

Sniffing passwords

By far the most common way to retrieve a password is to sniff it from an insecure public network using a password
The sniffer[2] logs all pairs it finds, for the later use of the cracker. If a user ever connects from across the Internet, then his/her password may be compromised in this manner.
The following diagram reviews sniffers in more depth.

  1. User 1: has connected to the internet using telnet, an insecure remote service, and is sending packets to User2 via the internet
  2. Sniffer is copying everything sent between User1 and User2. This is possible because User1 used an insecure remote service

Hackers use Sniffers
The next lesson explains what hackers do once they have broken in.
[1] Social engineering: The use of social techniques, such as masquerading as a system administrator, in order to gain access to confidential user information like a password.
[2] sniffer: A software password sniffer is a program that looks at all traffic on the network (usually a LAN) for username/password pairs.