What Are the Various Methods Hackers Use to Compromise Networks?

[Avichal]

I understand some of the things that hackers can do like sending a malicious application when I download something. That application can steal me data, mess with my computer etc.
Is this the only way hacking can be done?

You can't really access someone's else's server and look at their data so I suppose the only security issue is the availability of dangerous software on the internet? But I know there is more - what else are the threats?

I have not studied about computer networks and security yet so I am really uneducated in this field.

 

[CompuChip]

You can't really access someone's else's server and look at their data

Of course you can. Most servers have some way of accessing them in order to administer them, for example FTP, telnet or SSH. If the server (as in the daemon running on the machine to provide that service) has security leaks then these can be exploited to gain full access. In general, any service that talks to the outside world is a potential safety risk. This includes the browser, e-mail program, database server, web server, IM program, Java, any many others even including the operating system itself. Security flaws in any of these may cause a hacker to gain access. For example some browsers used to have a problem with memory pointers overrunning if URLs were too long, so by carefully crafting a long URL an attacker could write certain data / instructions to computer memory not belonging to the browser. By inserting especially constructed data in forms on websites which are not properly secured, the database server can be tricked into giving basically any database content it's not allowed to show. Email programs that are not careful about e.g. scripts in messages may give attackers access to the system.

So basically, any program is a potential backdoor to the system. If the security is not up to date this door is at a crack, and with the proper force may be forced into giving full access to the system.

 

[Avichal]

Every computer is connected to each other today right? But you cannot really access any other computer's data or can you?

 

[CompuChip]

Well, I can't, but that doesn't stop some people from trying. If nobody could, then people wouldn't spend billions of <insert your currency> every year to counter hacking.

 

[oli4]

To each his own, I would put this as an example of networking hack

 

[Avichal]

Well, I can't, but that doesn't stop some people from trying. If nobody could, then people wouldn't spend billions of <insert your currency> every year to counter hacking.

Didn't actually refer to you when I said "you". Meant any other person by it.
Anyways ssh/telnet and internet are the ways that I know two or more computers can connect. But though internet you can only retrieve HTML data that the other person wishes to share and ssh/telnet are secure ways to connect that require passwords. I can't see ways for any malpractices here.

I want to know what kind of security breaches exist. Thank You!

 

[Avichal]

Also I don't understand why secure transmission is required. Is it possible to intercept electrical signals and then read the data it was transferring?

 

[turbo]

I understand some of the things that hackers can do like sending a malicious application when I download something. That application can steal me data, mess with my computer etc.
Is this the only way hacking can be done?

You can't really access someone's else's server and look at their data so I suppose the only security issue is the availability of dangerous software on the internet? But I know there is more - what else are the threats?

I have not studied about computer networks and security yet so I am really uneducated in this field.

Start with this Wiki article. It will give you a lot to think about. The article is disjointed and fragmentary, but still can be useful if you are just learning about computer security weaknesses. Good luck.

 

[Avichal]

Start with this Wiki article. It will give you a lot to think about. The article is disjointed and fragmentary, but still can be useful if you are just learning about computer security weaknesses. Good luck.

Which wiki article??

 

[harborsparrow]

Google "packet sniffer"

 

[jtbell]

ssh/telnet are secure ways to connect that require passwords.

Telnet is not secure. Both your login information (username/password) and the data that you exchange with the other computer are transmitted "in the clear" i.e. not encrypted. If someone can intercept that information, either by hooking into a wired network connection, or by picking up unprotected wi-fi packets, or by planting something that intercepts packets at an Internet routing server, they have some of your data right there, and they can also get your login information so they can log on as if they were you, and do anything you have permission to do on that other computer.

ssh does encrypt everything, which makes it much harder to use any intercepted data. But you still have to be careful about your password. If someone finds it out either by guessing a commonly-used one, or "cracking" it by trying a lot of different ones, or "phishing" it out of you in an e-mail or something, the encryption won't do any good.

A lot of "hacking" is done by "social engineering", i.e. tricking you into giving the bad guys your login/access information.

And as Compuchip noted, a lot of network software and applications have bugs or loopholes in them that hackers can exploit by sending them just the right data. That's why most software gets updated so often. People keep finding new loopholes.

The Holy Grail for a hacker is getting system administrator access (e,g, 'root' access on a Unix or Linux machine) because then they can literally do anything on that machine.