SEC 280 Week1 Case study Principles of Information Systems Security
In today’s world of technological advancement, Information Security is probably the
most concerned subject dear to any serious-minded business or bus
...
SEC 280 Week1 Case study Principles of Information Systems Security
In today’s world of technological advancement, Information Security is probably the
most concerned subject dear to any serious-minded business or businesses that exist
today.
Companies spend fortunes annually to secure their operations from malicious attacks.
Any individual or persons who attempt to infiltrate an organization’s network with no
good intentions can be described as engaging in what we call unethical hacking.
Before a hacker successfully launches their attack, they carry out a series of activities
that prepares the ground for them to launch the main attack. Basic among the series of
activities performed by these bad guys are ping sweeps and port scans.
Ping sweeps are usually performed to find end-points on a network; then a port scan is
performed to find an “open-door” into that particular end-point or end-points. After that a
person can find all kinds of utilities on the internet to exploit these “open-doors” on
systems and gain access to important and confidential files on the network.
Ping sweeps is referenced when an intruder sends an ICMP Echo request to a range of
machines, based on their IP addresses, on the network. By sending out echo requests,
those machines that are alive on the network respond the requests by sending signals
called ICMP echo responds back to the intruder. By knowing which specific machines
can be reached on the network prepares the intruder for the next stage of the probing
exercise.
Port Scans when run actually “look” at the machines that are alive and scan for an
open port. This enables the intruder to ascertain which service or services are running
on these ports and this is the stage where the intruder gathers detailed information and
[Show More]