It takes a thief to catch a thief. This is a well known saying... and it's true. It's also true in the case of hackers (or crackers if you're view on hackers is the same as mine). If you want to become a hacker, here's an really good guide. To be truly a good hacker it takes years and the right attitude.
In this article I will shed some light on the thinking and working process of a hacker (or cracker, who are your greatest worry, because of their destructive and/or criminal attitude. From now on I will use the word hacker). If I have to explain the way in which a hacker thinks, I often ask what people think of when they see a safe. Word like safety, trust and hiding important stuff come to mind. A hacker sees one thing: challenge. The better something is protected, the better the challenge is.
Now for the way a hacker works (the same process can apply to buglers) looks like this:
1. Gathering information
The first step is to gather information about the object (server, company, etc.) you want to hack. The first way is to do this in an undetectable way. So use a search engine and other sources of digital information like DNS records and server headers. Sources of analogue information are also useful. Most people don't think about what they throw away, so dumpster diving is a good way to find useful information.
The next step is to gather information in a detectable way, but trying to remain undetected. This sounds hard, but it isn't. The digital way is to connect to a server and do some portscanning. The analog way is called social engineering. Asking normal questions, either digital or analogue, will give you a lot of information, without standing out of the crowd.
2. Getting in
You have your information. You know which technology is used and some of the people who work with it. You may even have already found some usernames or even passwords. And of course you've looked up known bugs in the software and hardware used. So you try to gain access (and I'm not going to tell you how, for several reasons which seem obvious to me and hopefully to you too).
3. Staying in
The door is unlocked. You're in. Now you have to create a way the door seems locked the same way, but is open for you. This way you can return wherever you feel like it.
4. Cleaning tracks
A break in, every break in, will leave tracks. You will have to clean those to remain undetected. So, for example, clear log-files or at least a part of it.
Now you know a little about how a hacker thinks and works, you should use this information to make sure you're safe from hacking attempts. Use this and the seven security rules I wrote earlier about and you will minimize the chance of being hacked and, if your security is broken, minimize the damage. So think about what you and your co-workers leave on the internet, in the trash, on home computers, laptops and memory-sticks, and in conversations in public places. Teach them how to recognize social engineering attempts. And last, but not least, think about your network and application security. One part of think defense is a plan on how to react on a security break.