One of the challenges that can come up for us as we work with anything that may be new is the vocabulary. Maybe there's a term or a phrase that's used, and if we're not quite sure what it means, we may not be able to fully participate and understand the rest of the conversation past that point.
I remember one of my teachers telling me, Keith, if it's worth doing, it's worth doing right. And in the hacking environment, hack value is the idea that something is worth doing, or it's interesting enough to spend the time energy regarding that target, whether that target is a company or a specific system or a network.
And at the end of the day, if something doesn't have enough hack value, it's not going to be worth spending a lot of time and effort to compromise that type of a system if there's not much value in it. The term vulnerability is one of the biggest reasons that a device is susceptible to some kind of a hack or attack.
It's got a weakness. So whenever you and I see the concept of vulnerability, I'd like you to think, it's a weakness. It could be a weakness either in the design or the implementation or the configuration that could lead to an unexpected event. For example, a threat like an attacker or a hacker compromising the security of that system or causing a denial of service attack or extracting information that they shouldn't have been able to get from that system and so forth.
And if an attacker does leverage an attack against the system, and it's successful, the breach or the compromise of that system could be referred to as an exploit. And that goes right back to our vulnerabilities. The exploit was probably successful because a vulnerability existed.
And on the other side of the coin, we would want to make sure we knew what those vulnerabilities were so that we could put the proper countermeasures in place to defend against the threat. Another term that we're going to see over and over again is payload.
And the payload is the component of an attack that performs the intended malicious action, which could be interrupting or destroying the protocol stack, for example, on a server, causing it to not be able to communicate, or implementing some type of a backdoor inside of a system, or hijacking a computer.
So in an example where we have software that is running an exploit, the payload would be the part of that code that is doing the intended malicious action or activity against the target. Another concept that we'll hear quite a bit is zero day attack.
And a zero day attack as an attack that exploits a computer system or network, and it's usually leveraging a vulnerability. And here's the catch-- that vulnerability doesn't yet have a patch from the developer or from the manufacturer. For example, if Cisco released a version of the ASA software and a vulnerability was discovered, until Cisco has an update, a patch, that protects against the vulnerability, there's a potential the hackers could leverage that vulnerability, because the attack is ahead of the patch.
Now, in a production environment, what would we do about that? Would we just wait for Cisco, or whoever the vendor is to release the patch? The answer is no. We want to do some kind of additional control in front of that firewall if that was the problem to help mitigate, or be a countermeasure, against that vulnerability.
And I have a question for you. Do you suppose that there are some zero day attacks right now that hackers know about and are using and compromising systems with that the manufacturers don't yet know exists? And the answer is yes. It happens all the time.
So with popular operating systems, including Microsoft Windows, there's updates and patches and fixes that are released to help keep up with the security issues that are being discovered. And that's why it's a great idea to regularly test, verify, and implement updates and patches and fixes as they're related to security.
Another term that we're going to see is pivoting, also referred to as daisy chaining. And with daisy chaining, or pivoting, it involves getting access to one network and/or computer, and then using that information from that one device to basically turn and do further investigation on other devices.
An example might include an attacker who can't get access to the internal network, but can compromise the device on the DMZ, and then using that compromised device on the DMZ, potentially getting to the inside from the DMZ. Another concept is doxing, which is publishing personally identifiable information, called PII for short, about an individual, which can be collected from publicly available sources.
And then last, but not least, we have a bot. And a bot is a software application that can be controlled remotely to execute or automate a pre-defined task. For example, a bot net is a collection of computers that have malicious software running on them that can then be orchestrated as a group to launch an attack.
And that can be very tough to defend against. For example, if there's 10,000 computers all sending ICMP echo requests over and over and over again to a specific target or set of targets, unless somebody is doing filtering of certain types of traffic, it's very likely that's going to overwhelm the capacity and the bandwidth for those sites.
And that alone could cause a denial of service attack for individuals who otherwise should have access to that system, just from the bot net consuming all the bandwidth. Or, a bot net could be doing a TCP SYN flood attack, also to cause a denial of service to the individuals who normally should have access to that system.
In this Nugget, by looking at a few of the terms that are common to the world of hacking and attacks, we can be more familiar with those terms and what they mean as we continue to use them as part of our discussion as we go through this course together.
And until the next Nugget, I hope this has been informative for you, and I'd like to thank you for viewing.