| Summary: |
Generally, the goal of a hacker is to authenticate to the target with the highest level of access and permissions possible, then remove evidence of an attack. To hack a target system, an attacker has to establish the passwords associated with active usernames, escalate the level of permission where possible by exploiting operating system vulnerabilities, and erase traces that they were there. To achieve this successfully, an attacker has to be able to: employ various password cracking techniques and tools, escalate privileges, hide files, cover tracks, and erase evidence, maintain access via rootkits.
When the user provides an identity to gain access to a system, there has to be a mechanism to ensure that the assumed identity is valid.
Authentication verifies a user' s claimed identity is valid (binding of identity to subject), by something unique to the individual. The most common surrogate from of authentication is the password ('something you know') which is assumed secret. Knowledge of the password is assumed to guarantee that the user is authentic.
While a username (rarely secret) identifies an account, the password is the key to a person online identity. Passwords are a prime target for hackers to use in order to gain unauthorised access to critical data systems. |
Loading previews...
