Another presentation identifies five categories of intruders, each with different skills, levels of knowledge, especially with different objectives. All these categories can come from both outside and inside the company.
- The novice is usually a lone rookie. No computer experience or how to break into systems from outside. The novice works alone and has no outside help, being often an experimenter who commit illegal acts. It’s pretty easy to spot because it is not able to cover his tracks; what is hard is it to be considered a threat. Results of his “work” can usually be found in several locations:
- files with passwords ;
- user configuration files ;
- system configuration files .
The best way to fight is to educate novice users, because novices take advantage of deficiencies in the administration of passwords. Almost 80% of unauthorized entry systems happens this way.
- The disciple is that novice progressing beyond the initial stages, generally using IRC, exchanging messages with those who are similar. Not only greatly improves their knowledge, but it is part of a network. More advanced members are happy to share their experience and novices become disciples. They learn to better cover their tracks and to enter or leave the system without attracting attention. And although do not know yet modalities of security systems, but have learned how to do so as not to leave marks. “Disciples” most times get through password protection systems and know something about other security systems, which makes them a little harder to catch.
- The visitor is probably the most “innocent” of the attackers. These people are simply curious. It is seldom that they compromise systems unless they meet a serious opportunity. If a visitor will find an obstacle, the more often will retreat, seeking another system where access is easier. An exception to this rule, very rare, where the visitor noticed an interesting thing and is willing to spend some time longer for him to study.
- Advanced amateur or otherwise, semi-professional, is, unlike visitors, capable, hard to detect and often with a special desire to do harm. For many in this category the main purpose is to see how much can destroy. Generally they use programming mistakes operating system to bypass authentication mechanisms and get unauthorized access to the system.
- The professional is different from all other types of intruders: a person well-trained, professional computer spy. These people are very good to get into a computer system (server, PC, router, etc.) and leave it without being noticed in any way. They alter or bypass logging applications of activities as easy as it may compromise any part of the system. The best defense against this attack is to avoid binding the network of systems that contain important information and strict control of physical access to them.