Potential Attackers

Another element of defending your data is identifying potential attackers who might want to steal or manipulate that data. For example, a company might need to protect its data from corporate competitors, terrorists, employees, and hackers, to name just a few.

The term “hacker” is often used very generically to describe attackers. However, not all hackers have malicious intent.

Table : lists various types of “hackers.”

Type of “Hacker”	Description
White hat hacker	A white hat hacker has the skills to break into computer systems and do damage. However, he uses his skills to help organizations. For example, a white hat hacker might work for a company to test the security of its network.
Black hat hacker	A black hat hacker, also known as a “cracker,” uses his skills for unethical reasons (for example, to steal funds).
Gray hat hacker	A gray hat hacker can be thought of as a white hat hacker who occasionally strays and acts unethically. For example, a gray hat hacker might be employed as a legitimate network security tester. However, in the course of his ethical duties, he finds an opportunity for personal gain and acts unethically to obtain that personal gain.
Phreaker	A phreaker is a hacker of a telecommunications system. For example, a phreaker known as “Captain Crunch” used a toy whistle he found in a box of Captain Crunch cereal (which generated a 2600-Hz tone) to trick phone systems into letting him place free long distance calls. Convincing a telecommunications carrier to permit free long distance calls in this manner is an example of “phreaking.”
Script kiddy	A script kiddy is a user who lacks the skills of a typical hacker. Rather, he downloads hacking utilities and uses those utilities to launch attacks, rather than writing his own programs.
Hacktivist	A hacktivist is a hacker with political motivations, such as someone who defaces the website of a political candidate.
Computer security hacker	A computer security hacker is knowledgeable about the technical aspects of computer and network security systems. For example, this person might attempt to attack a system protected by an IPS by fragmenting malicious traffic in a way that would go undetected by the
Academic hacker	An academic hacker typically is an employee or student at an institution of higher education. The academic hacker uses the institution’s computing resources to write “clever” programs. Typically, these hackers use their real names (unlike the pseudonyms often used by computer security hackers), and they tend to focus on open-standards-based software and operating systems (for example, Linux).
Hobby hacker	A hobby hacker tends to focus on home computing. He might modify existing hardware or software to, for example, use software without a legitimate license. For example, code that “unlocks” an Apple iPhone might be the work of a hobby hacker.

As shown in Table , “hackers” come in many flavors, which leads to the question, “What motivates a hacker?” Some hackers might work for governments to try to gather intelligence from other governments. Some attackers seek financial gain through their attacks. Other hackers simply enjoy the challenge of compromising a protected information system.

However, at this point, you should be familiar with five broad categories of attacks:

¦ Passive: A passive attack is difficult to detect, because the attacker isn’t actively sending traffic (malicious or otherwise). An example of a passive attack is an attacker capturing packets from the network and attempting to decrypt them (if the traffic was encrypted originally).

¦ Active: An active attack is easier to detect, because the attacker is actively sending traffic that can be detected. An attacker might launch an active attack in an attempt to access classified information or to modify data on a system.

¦ Close-in: A close-in attack, as the name implies, occurs when the attacker is in close physical proximity with the target system. For example, an attacker can bypass password protection on some routers, switches, and servers if he gains physical access to those devices.

¦ Insider: An insider attack occurs when legitimate network users leverage their credentials and knowledge of the network in a malicious fashion.

¦ Distribution: Distribution attacks intentionally introduce “back doors” to hardware or software systems at the point of manufacture. After these systems have been distributed to a variety of customers, the attacker can use his knowledge of the implanted back door to, for example, access protected data, manipulate data, or make the target system unusable by legitimate users.