Many information-security vulnerabilities aren’t critical by themselves.
However, exploiting several vulnerabilities at the same time can take its toll.

For example, a default Windows OS configuration, a weak SQL Server administrator password, and a server hosted on a wireless network may not be major security concerns separately. But exploiting all three of these vulnerabilities at the same time can be a serious issue.

Nontechnical attacks

• Exploits that involve manipulating people — end users and even yourself —are the greatest vulnerability within any computer or network infrastructure.
• Humans are trusting by nature, which can lead to social-engineering exploits.
• Social engineering is defined as the exploitation of the trusting nature of human beings to gain information for malicious purposes.

Network-infrastructure attacks

Hacker attacks against network infrastructures can be easy, because many networks can be reached from anywhere in the world via the Internet. Here are some examples of network-infrastructure attacks:

• Connecting into a network through a rogue modem attached to a
  computer behind a firewall
• Exploiting weaknesses in network transport mechanisms, such as TCP/IP and NetBIOS
• Flooding a network with too many requests, creating a denial of service (DoS) for legitimate requests
• Installing a network analyzer on a network and capturing every packet that travels across it, revealing confidential information in clear text configuration
• Piggybacking onto a network through an insecure 802.11b wireless

Operating-system attacks
Hacking operating systems (OSs) is a preferred method of the bad guys. OSs comprise a large portion of hacker attacks simply because every computer has one and so many well-known exploits can be used against them.

Occasionally, some operating systems that are more secure out of the box — such as flavours of BSD UNIX but hackers prefer attacking operating systems like Windows because they are widely used and better known for their vulnerabilities.

• Exploiting specific protocol implementation
• Attacking built-in authentication systems
• Breaking file-system security
• Cracking passwords and encryption mechanisms

Application and other specialized attacks
Applications take a lot of hits by hackers. Programs such as e-mail server
software and Web applications often are beaten down:

• Hypertext Transfer Protocol (HTTP) and Simple Mail Transfer Protocol (SMTP) applications are frequently attacked because most firewalls and other security mechanisms are configured to allow full access to these programs from the Internet.
• Malicious software (malware) includes viruses, worms, Trojan horses, and spyware. Malware clogs networks and takes down systems.
• Spam (junk e-mail) is wreaking havoc on system availability and storagespace. And it can carry malware.
• Ethical hacking helps reveal such attacks against your computer systems.

Traditionally, a hacker is someone who likes to tinker with software or electronic systems. Hackers enjoy exploring and learning how computer systems operate.

Recently, hacker has taken on a new meaning — someone who maliciously breaks into systems for personal gain. Technically, these criminals are crackers (criminal hackers). Crackers break into (crack) systems with malicious intent. They are out for personal gain: fame, profit, and even revenge. They modify, delete, and steal critical information, often making other people miserable.

The good-guy (white-hat) hackers don’t like being in the same category as the bad-guy (black-hat) hackers. (These terms come from Western movies where the good guys wore white cowboy hats and the bad guys wore black cowboy hats.) Whatever the case, most people give hacker a negative connotation.

Understanding the Need to Hack Your Own Systems

To catch a thief, think like a thief.

That’s the basis for ethical hacking.
Protecting your systems from the bad guys — and not just the generic vulnerabilities that everyone knows about — is absolutely critical. When you know hacker tricks, you can see how vulnerable your systems are.

You don’t have to protect your systems from everything. You can’t. The only protection against everything is to unplug your computer systems and lock them away so no one can touch them — not even you. That’s not the best approach to information security. What’s important is to protect your systems from known vulnerabilities and common hacker attacks.

via Hacking For Dummies