What is the difference between a threat and an attack?  How do exploits relate to vulnerabilities?  Is there an ethically acceptable reason to study and use the various attack methods described in this module?

---

A threat is the risk that a potential attack can happen on a system, or a network, while an a threat that has been acted upon; the system is being, or had been hacked, exploited, and penetrated. Vulnerabilities and exploits are so closely related, those who aren’t knowledgeable of cybersecurity, or the lingo associated with it often get them confused. A vulnerability is a weakness in a system or network that a hacker, or attacker can use to attack, while an exploit uses that vulnerability as part of the attack. A vulnerability would be an open port on a port, while an exploit uses that open port to gain access to the network it’s on.

An ethical reason someone might seek to hack, or gain knowledge of hacking techniques is to use them not only to simulate an attack to test the networks protection, but to help seal up those cracks in a network’s defenses. Going back to the open port example, you could configure a router to close all ports not in use to lessen the chance of a hacker, or a simulated hacker using those vulnerable ports as an attack vector. Whole career paths today are built off of simulating hacks, and finding exploits in a network so they can be remedied.