Hacks and Attacks
Microcomputers and networks are the new foundation of business life in today’s technology-based market competition. According to the National Computer Security Association, more than half of the sixty million microcomputers used in the U.S. businesses alone, are connected to networks (1994). Being connected to a network, particularly the Internet, allows worldwide access to various information.
Today’s modern technological advancement is making our computing lives easier, but at the same time, such advancement is providing fertile ground for sowing new security threats and issues. Unfortunately, the physical and logical security measures that any of us provides to secure information offer no reliable protection when that information is being electronically transmitted.
Threats system securities are posed by individuals outside an organization; these individuals are called “Hackers”. A hacker explores the details of a programmable system and attempts to gain unauthorized access to a computer system, using various malicious means to break into a system. A hacker could make undetected and unauthorized changes to the contents of a transmitted message. Information of the transmitted message may be deleted or the message delayed. Also the destination address of the message could be changed, redirecting the message to other address or the senders address could be altered, which can cause the recipient of the message to believe that the message was sent by a different source. Information stored in personal, business, and government computer systems, which once considered to be vulnerable to any unauthorized access, disclosure, modifications, or destruction by a relatively small group of users within an organization, are now facing various threats and risks that will greatly affect millions of individuals worldwide who use computer networks.
Hacking Tools
In order to access a computer system, hackers uses various tools and applications that helps in exploiting the frame work of a computer system. The following are the known tools used by hackers to conduct their malicious trade:
- Security exploit
Is a prepared application or piece software that takes advantage of known computer weaknesses (such as a bug or glitch) in order to cause unintended or unanticipated computer software or hardware behavior. Security exploits are categorized by the mechanism used to take advantage of well known computer vulnerability. Some common types of exploits (sometimes referred to as “attacks”) are as follows:
Ø buffer overflow
Ø heap overflow
Ø integer overflow
Ø return-to-libc attack
Ø format string attack
Ø race condition
Ø code injection
Ø SQL injection
Ø cross-site scripting
Ø cross-site request forgery
- Packet sniffer
Packet sniffer is an application software or hardware device that captures TCP/IP packets transmitted in a network, which can be maliciously used to capture password and data in transit within the computer or the network.
- Rootkit
Rootkit is application software that conceals running processes, files or system data from the operating system. Rootkit is an essentially a technology; that can be used for both productive and destructive purposes. A toolkit can hide the mere fact the computer security has already been compromised; it includes replacements for system binaries making it impossible for the legitimate user to detect the presence of intruder.
- Social engineering
Social engineering is a collection of techniques used by hackers to in manipulating and convincing people to give confidential information about a system, under false premises.
- Trojan horse
Trojan horse is computer programs that appears to be legitimate, but actually performs elicit activity when it is run; similar to a virus, except that it doesn’t replicate itself. Trojan horse is not necessarily considered as malicious programs. It can be used in setting up a back door in a computer system so that the hacker can later return and gain access.
- Virus
A virus is a self-replicating computer program that infects a computer system. After the virus code is written, it inserts itself into an existing program. Once that particular program is executed, the virus code is activated and starts to replicates itself to other programs in the system.
- Worm
Worm are like virus, the difference is that a worm does not create multiple copies of itself on one computer system alone: it replicates through network. There are various types of computer worm that are based on their method and characteristics of replicating:
Ø Email Worms
Ø Instant messaging worms
Ø IRC worms
Ø File-sharing networks worms
Ø Internet or web application worms
Ø Database worms
Database and Application Worms
The security of database is a growing security concern for all users and companies, mainly because hackers or attackers main objectives are data, and the database is the final destination and storage for data. Database worms and application worms are types of worms that attack a database.
Database worm exploits and propagate through the vulnerabilities of a database rather than the computer’s operating system or web servers. Despite the lack of sophistication of this type of worms, it is still somewhat considered o be successful due to the poor state of database security. Database security is generally been ignored and the threat to management for such database threats has been non-existent. This worm can move rapidly from one database to another, causing problems by either erasing or changing data.
Web application worm take advantage of the existing network vulnerabilities, such as unpatched system or buffer overflow. Once an application worm infects a vulnerable system, it uses the system to identify other vulnerable system to propagate itself from one server to another. This worm targets the least prepared layer for internet attacks of most organizations because such layers are not protected by traditional internet security measures.
Malicious Mobile Code (MMC)
Malicious mobile code or MalCode are software program that moves from one computer to another and from one network to the other, that modifies a computer system without the consent of the owner. MMC includes viruses, Trojan horses, worms, script attacks, and rouge internet codes; but unlike viruses, MMC contains no specific instruction, it does not attach itself to a data to replicate itself but instead it autonomously move from one system to another and enables a hacker to exploit various computer systems.
Denial-of-Service (DoS)
Denial of service is an attack in which the attacker tries to prevent authorized users from accessing an Internet service. This is done by exercising a software bug that will cause Internet service to fail, sending large data to consume available bandwidth, or sending data to consume a particular resources needed by the service. Distributed denial of service (DDOS) attack uses multiple computers on the previously infected network. The computers on the infected network acts as “Zombie” and works together in sending out large data that increases network traffic.
Security Tools against Threats
Information security requires more than physical security and protection of computers and should incorporate combined technological and user control to an effective information security in order to avoid possible loss of information, accidental or intentional unauthorized access, prevent unauthorized access to confidential information, detect a loss or impending loss, recover after a loss has occurred, and correct system vulnerabilities to prevent the same loss from happening again (1984). No system can be completely secure but the possibility of security breach can be prevented, or their impact minimized, with proper implementation of an effective security measures. The following are the well-known best security measure to avoid security threats:
- Firewall
Installing a firewall in a computer system is the primary method in keeping a computer secure from intruders. This software functions in a network environment and allows and/or blocks traffic into and out of a private network or a computer. Using firewall will give users a secure access to the Internet as well as internal network. The following are the different methods used in order to provide firewall protection, and several of them are used in combination:
Ø Stateful Inspection
Also called “Stateful Packet Inspection” (SPI), it ensures that all inbound packets are the result of an outbound request and prevents harmful, unrequested or unknown packets from entering the computer. It tracks the transaction done by the computer, and examines multiple layers of protocol stacks and data.
Ø Network Address Transaction (NAT
NAT allows the use of one particular IP address to be shown in the network; one on each client station. It is found in routers and is built into Windows Internet Connection Sharing (ICS).
Ø Packet Filter
Packet filter block and filters traffic based on specific IP address or Applications specified by port number. This is typically done in a router and known as screening router.
Ø Proxy Server
Proxy server serves as a relay between two networks.
· Intrusion Detection System (IDS)
IDS are software that detects an attack on a computer system or the network; it detects unwanted system manipulation. It is designed to support multiple hosts and detects illegal actions within the host. IDS have various approaches that detect suspicious network traffic in different ways.
Ø NIDS
Network Intrusion Detection Systems monitor traffic to and from all devices on the network.
Ø HIDS
Host Intrusion Detection Systems runs on individual hosts or devices on the network. It monitors the inbound and outbound packets and alerts the user or administrator of suspicious activity is detected
Ø Signature Based
A signature based IDS monitors network packets and compare them against a database of signatures or attributes from known malicious threats.
Ø Anomaly Based
Anomaly based IDS monitors’ network traffic and compares it against an established baseline.
Ø Passive IDS
Passive IDS simply detects and alerts. When suspicious or malicious traffic is detected an alert is generated and sent to the administrator or user and it is up to them to take action to block the activity or respond in some way.
Ø Reactive IDS
Reactive IDS will not only detect suspicious or malicious traffic and alert the administrator, but will take pre-defined proactive actions to respond to the threat. Typically this means blocking any further network traffic from the source IP address or user.
· Secure Socket Layer (SSL)
SSL is an Internet security protocol widely used to validate web site identity and create and encrypted connection for sending valuable information. It uses digital certificate to validate and authenticate the user as well as the network, where a users could be logging on a rouge access point. SSL is responsible in managing the security of message transmitted over the internet. SSL has been succeeded by Transport layer security, which is based in SSL and Transport Control Protocol (TCP) layers.
· Anti-Virus
Anti-virus are computer programs that attempts to identify and eliminate computer viruses and Malware. Viruses can corrupt or erase important data in a computer system. And because computer viruses can replicate themselves once loaded onto a computer system without the user’s knowledge and consent, it is important to install an anti-virus to check a computer system for virus infection and prevent their spread.
· Encryption
Data encryption is a reversible data transformation that protects the data from unauthorized users. Data is transformed form original plain text to a ciphertext, which is difficult to comprehend. Data encryption protects the data’s confidentiality and integrity, sometimes its authenticity. Data encryption uses an encryption algorithm and various encryption keys.
Data security threats are part of the continuous development of technology. As technology develops, so are the threats in the security of data. In today’s technology-based living, the Internet provides us with convenient and portable way of living. Data security is necessary to avoid, if not mitigate the impact of risk to individual and organizational computing. Although, it is an unfortunate fact that security of network-based information today is unequal to the threats that compromises data security.
Effective security involves the acquisition of the right technology, together with efficient policies and practices that mitigates risk. Managing today’s technology-based business re quires comprehensive security and risk management approach. As technology develops, the threats associated with such development continuously evolves and becoming complex. These threats will never be eliminated but it can be avoided; with the right technology and proper knowledge on how to protect our system. After all, prevention is still better than cure.
Credit:ivythesis.typepad.com
0 comments:
Post a Comment