The more IT pervades businesses, the more IT-based tools hackers have to exploit vulnerabilities. If you want your company to stay safe, you may need to ‘attack’ yourself to find out where the weak points are and fix them to prevent others from breaking in. The following list of hacker tools and techniques will give you an idea of the range of resources readily available over the Internet. Remember also that hackers may be plying their trade every day of the week. By comparison, some organisations may not have the time to run checks more once or twice a month. If you’re strapped for internal resources, consider other options like third party services to check or boost security.
- Port scanners. Even with 65,535 network ports on a computer, software scanning applications can check all of them rapidly. It only takes one insecure open port and a hacker already has an entry point into your system.
- Packet sniffers. These capture traffic to and from your systems or website for visualisation, analysis and possible data compromise.
- Packet crafting. Hackers make their own packets of data with hidden menaces, designed to get through firewall checks where possible and start hacker activities ranging from information theft to entire system hijacking.
- Password crackers. Today’s applications can recover 99.9% of alphanumeric passwords in seconds.
- Wireless hacking. For detecting the presence of wireless lans, analysing their traffic and cracking user passwords – automatically, in many cases.
- Vulnerability exploitation. Programmed to seek out known weaknesses, including those that exist in earlier versions of operating systems and application software. Particularly effective against organisations that are not installing updates like they should.
- Social engineering. Not IT-based, but so simple. If you want user account and password information, phone up, pretend to be a panicked user or support technician and just ask.
To be as effective and complete as possible, your ethical hacking still needs more than an intruder’s software toolbox. It also needs the right frame of mind – not just the internal business continuity perspective, but also an external hacker mentality. To start with however, the list above will already give you an idea of what you’re up against.