Interface Technical Training

How Hackers Hack Your Assets – A Security Training Video for Everyone

In this training video, IT Security Instructor Mike Danseglio presents the philosophy and processes hackers engage in when trying to hack your information and assets.

Interface Technical Training offers IT Security Certification Training classes. Our courses are available in class or online with our virtual instructor-led training product RemoteLive™.

While this presentation is intended for System Administrators and those who defend assets, it’s really valuable for anyone who needs to understand how to protect and defend information.

Mike discusses the hacker’s attack methodology. From Setting Objectives, Recon, Exploitation and their need to hide what they’ve done.

Hacker Philosophy:

It’s important for those who need to protect their assets to understand the Hacker’s philosophy. There are three primary tenants to a hacker’s philosophy.

  1. Attackers do not typically attack strong points, they usually go after the weakest parts in an information system.
  2. Most attackers see defenses as obstacles or challenges.
  3. Once inside, attackers usually leave the door open to get back into your systems.

In this video, Mike presents an actual example of a successful malware attack and how the hackers where able to infiltrate a large consumer company.

Hacker Methodology:

Hackers usually have a well-established approach for attacking systems.

Their methodology begins by Setting Objectives. They evaluate what they want and why they want it.

Before a hacker begins to exploit information and assets, they will engage in a recon process to determine what systems (hardware and software) they will be working with. Only after they’ve gathered enough data to determine how they will attack then they will start the exploitation process of hacking information.

Throughout this entire process, hackers will hide what they are doing to avoid detection.

By learning how and why hackers attack, you’ll learn what steps you can take to help protect your information and simple solutions to further secure your environment.

IT Professionals who are involved with defending their information and environments can benefit by using security models such as the Defense In-Depth Model which addresses security processes of behavioral, physical and external and internal network security vulnerabilities in your environment.

Mike informs you that it’s not always about having the best firewalls to help defend your data. Simple vulnerabilities such as non-patched applications and data exchanges can be the weakest link in your environment which can be an easy entry point for a hacker. Mike also presents the simple mistakes we do in our physical environment that can open the door for hackers such as keeping our login and passwords visible in our workspace. IT Professionals can also utilize the Triad or Security – Usability – Cost Effectiveness when determining how to build and maintain their security implementation efforts.

Finally, you will learn about the Three Solution Pillars model of Security. This includes People, Process and Technology. When defenders are engaged in protecting information and assets, they begin with teaching people how to behave in a more secure way. Then the defender can evaluate the process of day-to-day security such as how they onboard new systems and patch existing ones.

For more information on IT Security, see our Tech Blogs and Training Schedule.

Mike Danseglio – CISSP, MCSE, and CEH

Mike Danseglio teaches IT Security Training, Windows, System Center and Windows Server 2012 classes at Interface Technical Training. His classes are available in Phoenix, AZ and online with RemoteLive™.