The 5 Phases of Hacking and The Security Triangle!
Hacking is a process, is a field of study and just like any other task, hacking do have some systematic steps involved. If you are going on a hacking mission, you’ll surely follow these phases. All hackers, somehow, follows these phases:
Table of Contents [Quick Links]
The 5 Phases of Hacking!
Information Gathering [Phase 1]
It is a passive process of collecting information about the target from public sources such as Internet, newspaper, library, phone directory etc.
In this step, hacker never communicates with the target and neither do they have any form of interaction.
Maximum efforts are deployed in this step. This increases the chances of success in following hacking steps. We’ll learn more about Information gathering in later articles.
Scanning [Phase 2]
It is an active technique of gathering information. Unlike footprinting which is a passive activity, here attacker machine communicates with target machine.
Scanning is post reconnaissance (next to footprinting) and pre-attack step (gaining access). Scanning can be broadly divided into following categories:
- Network Scanning (objective: to find live machines on the network).
- Port Scanning & Service Scanning (objective: to find active port on these live machines and services they are running).
- Vulnerability Scanning (objective: to find security flaw that can exploited).
Gaining Access [Phase 3]
When network, port and vulnerability scanning is done, you have live targets who are running vulnerable software applications on known ports. Now you try to exploit the vulnerabilities.
Gaining Access is the real hacking phase. You exploit a particular vulnerability in a system or network and then, you gain access into it.
Once a hacker gets access into the system or network, he/she then moves towards other vulnerable systems/devices.
Maintaining Access [Phase 4]
This is post exploitation phase. When you have successfully exploited any vulnerability and got access to a system. You’d surely like to maintain access to that system so that you can access it anytime later.
To keep maintaining the access into the target system, hackers usually install backdoor and Trojans into the target machine. Later at any time, when they need to access the system they use the backdoor.
We’ll learn about creating web backdoor and maintain access in later tutorials.
Covering Tracks [Phase 5]
When hacker leaves a hacked system, they make sure they aren’t get traced back. So, they make sure- no information or digital footprint about their activity or about them is logged anywhere. They just delete or hash/encrypt all logs on server.
Expert hackers never leaves any trace behind them. Covering tracks is the reason, why most system/network admins never realizes about successful security breaches and hacking.
Most hacking attempts are never reported. Because, for most individual and organizations- it’s not worth the efforts, time and money to chase hackers than spending these resources on tightening their security. And therefore, most hackers aren’t get caught.
The Security Triangle – Functionality | Usability | Security
Security triangle is an imaginary view point about security when functionality and usability (user friendliness) comes into play. We try to maintain a balance between usability, functionality and security.
Look at the image and observe, when we try to achieve more usability (user friendliness) and functionality- we move away from security point.
When security is too much or we are too close to security- we are naturally far away from usability and functionality, which is undesirable.
Let’s take a real word example of an Office, where we’re trying to implement additional security. We can add security guards, manual checks, bio-metric and card system, all together for better security. Now, you can imagine the situation- a simple task of entering into office became too complex and now – you can see, usability and functionality reduced.
This security triangle encourages us to achieve a proper balance between security, functionality and usability (user friendliness). If proper balance is not maintained, sooner or later- the system will prove to be useless, malfunctioning or a big failure.