Chapter 2. How Hackers Attack
It is crucial that Windows security defenders understand how malicious hackers can attack and exploit their systems. Only when attacks are thoroughly understood can sufficient defenses be designed and implemented. Thus, this chapter focuses on the major methods of malicious exploitation.
Malicious Exploitation
Microsoft Windows is the most attacked PC desktop OS in the world, coming under attack from both dedicated hackers and automated malicious software. Regardless of whether the attack is occurring as a results of skilled human hands or pre-programmed malware, both methods use one of eight techniques to exploit a computer.
Eight Exploitation Techniques
The eight exploitation techniques are:
Logon credential guessing/cracking
Buffer overflow
OS or application vulnerability
OS or application misconfiguration
Eavesdropping/man-in-the-middle attack
Denial of service attack
Client-side attack
Social engineering
There are many different types of attacks, but these are the major ones. The next section of the chapter covers each of the techniques in more detail.
Logon Credential Guessing/Cracking
Logon credential password guessing and cracking are among a hacker's (or worm's) favorite attacks. Many sources call this technique "password cracking," but that name is an oversimplification of the subject. First, users don't always use passwords in their logon sequence. They can use passphrases, biometrics, smart cards, fingerprint scanning, digital certificate, or some other ...
Get WINDOWS VISTA™ SECURITY: Securing Vista Against Malicious Attacks now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
