[Learning Hacking Part I] What does a malicious hacker do ?

What does a malicious hacker do ? this question will come into our head if we want to do a countermeasure. First you need to understand the anatomy of an attack . It is neccessary to comprehend the steps to counterattack, once detected. In general, there are five steps/phases in which intruder advances an attack:

Phases of malicious hacking

1. Reconnaissance
This is a phase that attacker will gather all the information they need about a target. There are two types of reconnaisance. They are passive and active.
Example: Gather information about domain name

2. Scanning
In this step, the attacker begins to find the target's vulnerability that can be exploited
Example: Ip scanning, using nmap, etc

3. Gaining Access
In this phase, the attacker will exploit the target's vulnerability
Example: coding an exploit

4. Maintaining Access
Once access is gained, the attacker usually maintains access to fulfill the purpose of his/her entry
Example: by planting a trojan

5. Covering Tracks
In this phase, the attacker will destroy all the evidence of attack
Example: clearing the event viewer

Nmap Screen

Types of Hacker:
1. Black Hats
Black hats is an offensive Hacker

2. White Hats
White hats is defensive Hacker

3. Grey Hats
Grey hats is a both offensive and defensive Hacker

4. Suicide Hats
Suicide hats is doing hacking without thinking the rules

Those all basic that malicious hacker do before doing oenetration . Wait for my next article
PS: Click HERE to see this post in Indonesian

[RedHat Enterprise Linux] How to secure your Redhat Enterprise Linux 5 by User or Host

Despite of using firewall, SELinux, there are many ways to secure your RHEL from crackers into your services, one of them is using tcp_wrappers. This feature is automatically enabled in the system. There are two key files in tcp_wrappers, they are hosts.allow and hosts.deny. The sequence of those two files are like follow:

1. System will search /etc/hosts.allow. If tcp_wrappers finds a match then it grants access after that no additional searches are required.
2. Then it searches /etc/hosts.deny. If tcp_wrappers finds a match then it denies access.
3. If there are no hosts found in either those files. Then access is automatically granted to the client


Sample commands

You can set up multiple services using a comma for separating them. In order to make an execption, you can do it by simply typing EXCEPT operator.

Below is the example code for hosts.allow:

#hosts.allow
ALL : .example.com
telnetd : 192.168.0.0/255.255.255.0 EXCEPT 192.168.0.79
sshd, in.tftpd : 192.168.1.10

First line is just a comment. The next line is to define that host from example.com can access all the services. The following line, service telnet can only be accessed from all hosts that has IP address from network 192.168.0.0/24 except IP address 192.168.0.79.

Below is the example code for hosts.deny:

#hosts.deny
ALL EXCEPT in.tftpd : .example.org

telnetd : ALL EXCEPT 192.168.1.10
ALL:ALL

First line is to deny all except tftp service for host example.com. The next line is to deny all host from accessing telnetd except from ip address 192.168.1.10.