Successful Attacks: Introduction
Network attacks are a common threat in the modern world. Businesses, affiliations, community organizations, and even individuals are at risk to these kinds of dangers. While the attacker may have any number of motivations, the attacks are often carried out in similar ways. Successful attackers must be dedicated and committed to the attack they are attempting to carry out. Moreover, they must be diligent in successfully completing each of the five phases of a network attack. These phases are considered common knowledge in the security fields:
Phase 1: Reconnaissance Gathering as much useful information about the target as possible. Phase 2: Scanning Gathering useful information about the target's networks and any possible exploits. Phase 3: Gaining Access Getting into the network to be able to accomplish the attack's goal. Phase 4: Maintaining Access Ensuring access to the network persists long enough to accomplish the attack's goal. Phase 5: Covering Tracks Obfuscating the attacker's presence on the network such that they cannot be traced. Each of these phases is critical to the success of an attack. They form a kind of pyramid where each step builds upon the success of the previous one.
Reconnaissance Scanning Gaining Access Maintaining Access Covering Tracks
With poor reconnaissance a network scan is unlikely to have the proper information necessary to ensure that accurate loopholes and useful exploits can be found. With a bad network scan, it is unlikely that access will ever be gained. With no gained access there is no access to maintain, and if there is never any access there are no tracks to be covered. Additionally, each phase has various processes and skills necessary to achieving the end result. A successful attacker will have to understand all of these processes and skills; conversely, a successful defender will have to understand them just as well. Understanding the methodology of an attack will allow a defender to stay one step ahead of an attacker, but just like an attack will fail with a single misstep so will a defense. Security professionals must be vigilant to watch for signs of oncoming attacks, learn to recognize each phase, mount a defense against each phase, and contingently prepare for failing to prevent each phase. For each phase there will be an overview of what occurs during the phase, are view on how to recognize the phase, defend against it, and prepare for failing to defend. Further, scenarios will be given that will allow a defender to know exactly what to expect is going on with the attacker's end. Once a security professional understands how to recognize each phase they will be able to apply that information in aggregate to recognize when an attack is likely to be coming; however truly predicting that is a combination of luck and experience.