It's no secret that any computer connected to the Internet faces a wide array of security threats. These days, however, a business needs to be connected to the Internet just to do business. What can you do? Keep reading to learn more about risks you take, and what you can do to protect yourself and your company.
In order to defend against any security threat, you should know the process that attackers go through to exploit a system. In this section I briefly cover the issue, and you can search the Internet for more information on the subject.
An attack is a three step process:
Decide on the target.
The first thing an attacker will do is decide on their target. Some attacks are set against specific targets and others are set arbitrarily, depending upon the reason for the attack in the first place. Once the target is identified, the attacker moves to the next step, which is information gathering.
Before placing an attack, the attacker must gather information about the systems under attack, such as the operating system used, the architecture of the system, IP addresses, the types of servers and services used. The scanning can be performed using appropriate network scanners that are widely available on the Internet.
Place the attack.
Finally, the attack is set based on the evidence found on the previous steps. After the attacker understands the environment he is going after, he can use the information gathered to identify well known vulnerabilities and exploit them to gain access to a system. Once the mission is carried out, the attacker may try to cover his tracks such as changing the logs. Just have in mind that the more skilled an attacker, the more focused the attack will be.