Attackers And Vulnerabilities; A Quick History Of Hackers - Red Hat ENTERPRISE LINUX 5 - DEPLOYMENT Deployment Manual

Attackers and Vulnerabilities

part of performing assessments may include reviewing physical security, personnel screening, or
voice/PBX network assessment. New concepts, such as war walking scanning the perimeter of your
enterprise's physical structures for wireless network vulnerabilities are some emerging concepts that
you can investigate and, if needed, incorporate into your assessments. Imagination and exposure are
the only limits of planning and conducting vulnerability assessments.
42.3. Attackers and Vulnerabilities
To plan and implement a good security strategy, first be aware of some of the issues which
determined, motivated attackers exploit to compromise systems. But before detailing these issues, the
terminology used when identifying an attacker must be defined.

42.3.1. A Quick History of Hackers

The modern meaning of the term hacker has origins dating back to the 1960s and the Massachusetts
Institute of Technology (MIT) Tech Model Railroad Club, which designed train sets of large scale
and intricate detail. Hacker was a name used for club members who discovered a clever trick or
workaround for a problem.
The term hacker has since come to describe everything from computer buffs to gifted programmers.
A common trait among most hackers is a willingness to explore in detail how computer systems and
networks function with little or no outside motivation. Open source software developers often consider
themselves and their colleagues to be hackers, and use the word as a term of respect.
Typically, hackers follow a form of the hacker ethic which dictates that the quest for information and
expertise is essential, and that sharing this knowledge is the hackers duty to the community. During
this quest for knowledge, some hackers enjoy the academic challenges of circumventing security
controls on computer systems. For this reason, the press often uses the term hacker to describe
those who illicitly access systems and networks with unscrupulous, malicious, or criminal intent. The
more accurate term for this type of computer hacker is cracker — a term created by hackers in the
mid-1980s to differentiate the two communities.
42.3.1.1. Shades of Gray
Within the community of individuals who find and exploit vulnerabilities in systems and networks are
several distinct groups. These groups are often described by the shade of hat that they "wear" when
performing their security investigations and this shade is indicative of their intent.
The white hat hacker is one who tests networks and systems to examine their performance and
determine how vulnerable they are to intrusion. Usually, white hat hackers crack their own systems
or the systems of a client who has specifically employed them for the purposes of security auditing.
Academic researchers and professional security consultants are two examples of white hat hackers.
A black hat hacker is synonymous with a cracker. In general, crackers are less focused on
programming and the academic side of breaking into systems. They often rely on available cracking
programs and exploit well known vulnerabilities in systems to uncover sensitive information for
personal gain or to inflict damage on the target system or network.
The gray hat hacker, on the other hand, has the skills and intent of a white hat hacker in most
situations but uses his knowledge for less than noble purposes on occasion. A gray hat hacker can be
thought of as a white hat hacker who wears a black hat at times to accomplish his own agenda.
591