In this training video, IT Security Instructor Mike Danseglio presents the philosophy and processes hackers engage in when trying to hack your information and assets.
- CompTIA Security + SEC155: CompTIA Security+ Skills with Certification Exam SY0-401
- CISSP SEC275: CISSP (Certified Information Systems Security Professional)
- CEH CEHv9: Certified Ethical Hacker (CEH) v9
- Forensic Investigation SEC875: Computer Hacking Forensic Investigator – CHFI v8
- PKI PKI300: Mastering Windows Server 2012 & PKI & Certificate Services ADCS
While this presentation is intended for System Administrators and those who defend assets, it’s really valuable for anyone who needs to understand how to protect and defend information.
Mike discusses the hacker’s attack methodology. From Setting Objectives, Recon, Exploitation and their need to hide what they’ve done.
It’s important for those who need to protect their assets to understand the Hacker’s philosophy. There are three primary tenants to a hacker’s philosophy.
- Attackers do not typically attack strong points, they usually go after the weakest parts in an information system.
- Most attackers see defenses as obstacles or challenges.
- Once inside, attackers usually leave the door open to get back into your systems.
In this video, Mike presents an actual example of a successful malware attack and how the hackers where able to infiltrate a large consumer company.
Hackers usually have a well-established approach for attacking systems.
Their methodology begins by Setting Objectives. They evaluate what they want and why they want it.
Before a hacker begins to exploit information and assets, they will engage in a recon process to determine what systems (hardware and software) they will be working with. Only after they’ve gathered enough data to determine how they will attack then they will start the exploitation process of hacking information.
Throughout this entire process, hackers will hide what they are doing to avoid detection.
By learning how and why hackers attack, you’ll learn what steps you can take to help protect your information and simple solutions to further secure your environment.
IT Professionals who are involved with defending their information and environments can benefit by using security models such as the Defense In-Depth Model which addresses security processes of behavioral, physical and external and internal network security vulnerabilities in your environment.
Mike informs you that it’s not always about having the best firewalls to help defend your data. Simple vulnerabilities such as non-patched applications and data exchanges can be the weakest link in your environment which can be an easy entry point for a hacker. Mike also presents the simple mistakes we do in our physical environment that can open the door for hackers such as keeping our login and passwords visible in our workspace. IT Professionals can also utilize the Triad or Security – Usability – Cost Effectiveness when determining how to build and maintain their security implementation efforts.
Finally, you will learn about the Three Solution Pillars model of Security. This includes People, Process and Technology. When defenders are engaged in protecting information and assets, they begin with teaching people how to behave in a more secure way. Then the defender can evaluate the process of day-to-day security such as how they onboard new systems and patch existing ones.
Mike Danseglio – CISSP, MCSE, and CEH
Mike Danseglio teaches IT Security Training, Windows, System Center and Windows Server 2012 classes at Interface Technical Training. His classes are available in Phoenix, AZ and online with RemoteLive™.