There are five sequential steps involved in the ‘ethical hacker’ penetration testing methodology.
1. The first step is ‘reconnaissance’. Reconnaissance can be either passive or active. Passive reconnaissance involves acquiring information without directly interacting with the target system. Active reconnaissance involves interacting with the target directly.
2. The second step is ‘scanning’. Scanning refers to the action of scanning the network for specific information on the basis of information gathered during reconnaissance. Scanning can include the use of dialers, port scanners, network mapping, and vulnerability scanners. The hacker needs to locate a single point of entry in order to launch an attack properly.
3. The third step is ‘gaining access’. This is the point where the hacker would penetrate and exploit their victim’s vulnerable system. The exploit can occur over a Local Area Network (wired or wireless), the internet, or even through social engineering. At this point, the attacker could gain access at the OS level, Application Level, or Network Level.
4. The fourth step is ‘maintaining access’. The attacker has already compromised the system and now he must reliably and silently maintain his access to the victim system. Hackers may ‘harden’ the victim system from other attackers as well as securing their exclusive access. Hackers can upload, download, or manipulate data, applications, and configurations on the compromised system.
5. The fifth and final step in the hacking methodology is ‘covering tracks’ or ‘clearing targets’. The hacker must mask his identity and activities on the victims system and/or network. Reasons for masking his identity could include the need for prolonged access to the system – where he might come back later to gather more information or further attack the system, continued use of system resources, removal of hacking tracks, or avoiding legal action.
There are two US codes that can be used as legal against the hacker.
- “18 U.S.C. Section 1029 – Fraud and Related Activity in Connection with Access Devices.”
- “18 U.S.C Section 1030 – Fraud and Related Activity in connection with Computers”