In This Chapter

Understanding the enemy

Profiling hackers and malicious users

Understanding why attackers do what they do

Examining how attackers go about their business

Before you start assessing the security of your systems, it’s good to know a few things about the people you’re up against. Many information security product vendors and other professionals claim that you should protect your systems from the bad guys — both internal and external. But what does this mean? How do you know how these people think and execute their attacks?

Knowing what hackers and malicious users want helps you understand how they work. Understanding how they work helps you to look at your information systems in a whole new way. In this chapter, I describe the challenges you face from the people actually doing the misdeeds as well as their motivations and methods. This understanding better prepares you for your security tests.

What You’re Up Against

Thanks to sensationalism in the media, public perception of hacker has transformed from harmless tinkerer to malicious ...