5 Steps Hackers Penetrate Your System

This paper I raise in this website for just knowledge alone, knowing the way they (red. "Hacker") then we can be more vigilant about the Internet. Hearing the word "hacker", usually directly reflected in the mind of someone with bold eyes and said to be "nerd" (lack of association) the long hours at the computer to try to get into network defense system within the territory of another institution. Imagine if the same thing now, which is in the mind is the picture of long-haired young man who was staring at the computer while eating a snack, using all their creativity to be able to "break" a computer network defense system of the organization that became the target. Apart from differences in past and present, there is an impression that is often seen in imagining their activities. Glimpse of what they are doing seems to be sporadic, haphazard, haphazardly, not tersruktur, "trial and error", and so forth.
Basically, they perform the process steps are well-structured activities to be taken care effectiveness and efficiency. EC-Council, a leading institution in the world engaged in the field of information security and Internet sharing measures undertaken hacker in the "operation" into 5 (five) consecutive sections from each other, namely:

(i) Reconnaissance;
(ii) Scanning;
(iii) Gaining Access;
(iv) Maintaining Access, and
(v) Clearing Tracks.


Reconnaissance

The meaning of "reconnaissance" is a preparatory stage in which hackers or those who would do the "attack" trying to find as much information about the target or the target system to be attacked before a series of processes carried out the attack. There are two known types of reconnaissance models, eg, passive and active. Related businesses is said active when there is no direct interaction between the attacker to the target or targets to be attacked. Let's say a hacker who wants to attack a bank, then the question will conduct library research or study through browsing the internet about the ins and outs of the system to be attacked. By getting references from various sources such as articles, magazines, newspapers, vendor releases, and so forth - are not uncommon in question can know the types of computer systems used by the bank concerned, complete with the type of operating system and network topology. While related processes active say, if performed activities directly interaction with the system or relevant stakeholders on the bank. For example, the hacker pretends to open a bank account so that they can learn the computer system operated by the customer service, help desk or call the bank concerned to look at the mechanisms and procedures used in responding to the needs of the customer, or by visiting the bank's Internet site linked to saw and wondered technology behind the application, and so forth.

Scanning

After learning the ins and outs of the overview of the environment and the characteristics of the target system to be attacked, then the next step is to do a "scanning". In accordance with the definition and context, "scan" is a process whereby hackers by using a variety of tools and instruments seeking entrance slit or the location where the attack will be launched. Just as a thief who can enter the house through doors, windows, roofs, or underground culvert, a hacker through this activity seeks insecurity pits where incoming attacks. Normally, that would be scanned first is a port in a computer system (port scanning), or by mapping a network (network mapping), or through a search of vulnerability / fragility (vulnerability scanning), and others. It needs to be well aware of is that the act of "scanning" the system of another person's computer network is basically an activity that violates the law, unless the parties consent berkepentingan1. And if you're not careful, then the parties will easily find out this activity, particularly if he or she have the IDS (Intrusion Detection System) to detect the event of an intrusion or intrusion of outsiders into the protected system. The results of the scanning stage is the discovery of a way for hackers to get into the system.

Gaining Access

If the previous two stages of reconnaissance and scanning still "passive", within the meaning of the activities carried out are just groping reliability of the system to be attacked, the stage is Gaining access commenced active business penetration. Basically by hackers are exploiting the weakness, vulnerability, and / or fragility (read: vulberability) that exist in the system. How to get access is extremely diverse, depending on the characteristics and outcomes of the previous scanning process. For example, is by trying to guess the password cracking alias to "force" the secret key that allows hackers gained access rights to log into the system. The other type is mekakukan activity causing buffer overflows phenomenon that confidential data can be stored safely accessed and retrieved by unauthorized. Gaining access other approach is to do what is called as session hijacking alias hijacked by someone permissions so that the concerned hackers can get into a system that is not the territory. The process of obtaining these permissions can take place in a fairly short time to take a relatively long time, depending on a number of factors, such as: architecture and network configuration, the type of operating system used, hacker skills is concerned, this type of tool or tools are used, and so forth. If the hackers have managed to get to this stage, the risk exposure faced by the organization or institution that has a related system is so high. Failed to detect this would be disastrous experiment that was big enough for the question.

Maintaining Access

This stage is a period where after a hacker managed to get into the system, which concerned trying to stay afloat obtain these permissions. At the moment this is often termed the existing system has been successfully taken over by unauthorized parties (read: compromised). When this period lasts, the control completely in the hands of hackers. Concerned can do whatever he wants, like doing things that are not dangerous - like write a warning message to the owner of the system - to commit destructive acts, such as stealing data, changing the content, to plant a spy application, configuration confuse, manipulate information , damaging the contents of the hard disk, and so forth. Not much can be done by the owner of the system if the hacker has entered this stage, but try to do counter measures that impact or negative consequences caused by hackers can be minimized.
Image: Type Attack Athletics to System

Covering Tracks

Finally, the final stage which is difficult and often overlooked by hackers - for reasons hastily, carelessly, or lack of expertise - is the elimination of activity traces. Said to be difficult because in addition to a lot of things to be done by the hackers and is quite time consuming, law enforcement always has a way of finding out such criminal negligence trace hackers. To be able to trace the elimination of almost "perfect", in addition to requiring no small amount of resources, it is also necessary knowledge and skills relevant prime of hackers. The track record shows that of the various types of hacking crimes in the world, rarely are rarely revealed actors and modus operandi. Different types pengapusan trail known among hackers, for example steganography techniques, tunneling, altering log files, and so forth.
By knowing the stages hacker is then expected to operate the computer and network security practitioners understand well the complexity of the Internet and exposes the risks faced everyday. The deeper a hacker entered into a series of related processes, the higher the risk of threat faced by potential victims concerned.