Effectively hacking into a system is achieved by a planned structured approach. The more information gleaned about a target will yield a more successful attack. Lisa Bock provides an overview of the five phases of an attack: Reconnaissance, Scanning, Gaining Access, Maintaining Access, and Covering tracks.
- [Voiceover] Effectively hacking into a system…is achieved by a planned structured approach.…The more information gleaned about a target…will yield a more successful attack.…Typically, there are five phases:…reconnaissance, scanning, gaining access,…maintaining access, and covering tracks.…Probably the most time-consuming,…the reconnaissance or recon phase is…obtaining as much information about the target as possible.…
The key is to narrow the scope…so the recon is more targeted.…Questions that should be asked before beginning is,…who is the target?…What is it we want once we get in?…Where is the target located physically and logically?…When do we tack?…Now or during a course of period of time…that we can elude detection?…And, how should we attack?…Well, this method will be evident after we scan our systems…and see where their vulnerabilities lie.…
Once reconnaissance is complete and enough information is…available to understand how the organization operates…and what data or services might be a value,…the process is scanning the network.…
Security expert Lisa Bock starts with an overview of ethical hacking and the role of the ethical hacker. She reviews the kinds of threats networks face, and introduces the five phases of ethical hacking, from reconnaissance to covering your tracks. She also covers penetration-testing techniques and tools. The materials map directly to the "Introduction to Ethical Hacking" competency from the CEH Body of Knowledge, and provide an excellent jumping off point for the next courses in this series.
Note: Our Ethical Hacking series will map to the 18 parts of the EC-Council's certification exam. Find more courses in the series on Lisa's author page.
- Ethical hacking principles
- Managing incidents
- Creating security policies
- Protecting data
- Conducting penetration testing
- Hacking in phases