Penetrating Computer Systems and Networks

This chapter discusses different aspects of penetration of computer systems and networks. Both technical and nontechnical aspects come into play when people attempt to penetrate security systems. Penetration of information systems is possible by means of a wide range of methods, some of which are very hard to defend against. People responsible for securing systems have to defend against this wide range of penetration methods. The cheapest and most effective attacks are often nontechnical, exploiting human frailty rather than weaknesses in the technology. Experienced criminal hackers tend to favor the nontechnical attack over the technical; and the best defense, employee awareness, is also nontechnical. Systems can be attacked at the client, at the server, or at the connection between the two. This chapter looks at methods of tricking people into allowing unauthorized access to systems. It also examines technical measures for overcoming security barriers and specific techniques for penetration, and describes legal and political aspects of system penetration.