Hackers and How to Control Them - Coursework Example

Hackers and How to Control Them Introduction Hacking is something that has been disturbing most of the company and if not handled with care can lead grade damages on the organization (Crossler, 2013). However there exist some steps that if an organization follows can reduce the threat level it faces when it comes to hackers. These steps include; the first thing is for the organization to understand its surrounding environment like the threats, risk, vulnerability that is at present in its environment. The second thing is for the organization to learn more about the existing problem so that they can build a strong defense mechanism for the problem. The third thing is for the organization to select the beast existing safeguards and countermeasures to put up a protection around the vulnerable system. However the company needs not to worry anymore as this paper is going to provide them with the common methods that the hackers use to attack their system and some of the ways in which these hackers can be prevented. Some of the common methods used by the hackers include; stealing of the password, stealing of the password, exploitation of the existing defaults, wireless attacks, monitoring of research that are vulnerable, Trojan horses, man in the middle attackers, research on the organization, being persistence and patient, social spying, being on the inside. Stealing of the password It is of great risk for industries and institution to rely only on password as the only security measure. This makes the hacking very easy as compared to the organization that uses a multifactor authentication. A password is a combination of numbers which a person has to remember and type into a computer terminal for purposes of accessing his or her account when needed. However the funny thing is that passwords that are very complex for human being to remember can easily be identified by the hackers cracking tools within a short period of time. These methods include; brute force attack, dictionary attack, and hybrid attack. These three methods are successfully used by the hackers to get access to the password (Ross et al, 2005). Wireless attacks Wireless network is something lived by most people, a situation in which a person moves around while maintaining the connection is very interesting. The installation of wireless network is very easy and its cost is very low. However the hackers find it easy to get access to personal details in the presence of wireless network. Monitoring of research that are vulnerable Hackers also take most of their time to do research on vulnerability of a system the organization do. They mainly do these researches by reading the discussion list, web sites, blogs, and other information provided by the public about the issues, the known problems, vulnerability with both the software and hardware. The more the research the hacker dose and the more he or she discovers the weakness that exists in as system before you discovers them and protect the system from them (Grimes, 2005). Social spying This is a process of observing to have information. However social engineering does not affect most of the small companies as the employees in such companies know their fellow workers. This makes it difficult for hackers to trick an employee from providing very important information to the hacker. For example, when a hacker calls any of the employees of a given industry and pretended to be a one of the sinner officer in the industry it will be easy for the junior employee to identify the voice of the hacker. Social spying is common in the ATM areas; this is so as most people when in a line they do not care hiding their PIN. Most of the people will simply whip their cards and enter their PIN as others watch. This is when some people memorize the PIN; this will allow that person acquires all the needed information to access the money given he or she can access the ATM card. Hackers may also spy on the user as he or she enters the password to the system by pretending to have come to deliver some flowers. However in an organization there are people who have developed a habit of placing their password on the CPU or monitor so as not to forget (Hasan et al, 2010). Malicious bot software Trojan horses, is one of the threats that is disturbing most of the industries and organizations in a daily basis. Also, there exists a threat that is less known by the companies and organizations but is also of a threat and could also be of great danger. These threats are known as malicious bot software. A bot, as known by the computer experts is a program that automatically operates as another program or users argent. Most of the hackers use different ways to send bots to the institution, companies, or people they are targeting. On the arrival of the bot, it waits for the hacker to command who then manipulates them within the infected system while the user of the system is unaware. With this ability, the hacker is in a position to install bots in various computers to form a botnets that can be used for massive distributed-denial-of-service (DDoS) attacks which will overcome the defense mechanism of the system. Botnets may also serve a purpose of installing the logging software that is in a position to extract a person’s data or passwords, used for mass mailing of the spam, and finally interfearng with the computer system and preparing them for future virus infection (Geer, 2005). Man in the middle attackers This is a situation where a hacker is in a position to convince or fool a user to set up communication through a server that is controlled be a hacker. These servers mainly serve the purpose of diverting communication between the user and the server without the user’s knowledge that he or she has been misdirected. These MITM attacks by fooling the computer, the user or the network into directing traffics that is legitimate to a system controlled by the hackers that is illegitimate. MITM can hijack mails sent to the user, it also has an interface that looks the same like that of logging in, and it can fool the user to enter his or her ID. These ID are then reproduced and then sent to the real server. These attacks can also be performed using very advanced methods like ARP (Address Resolution Protocol), router table poisoning, DNS (Domain Name Server), DNS hijacking, HOSTS file alteration, proxy re-routing, MAC (Media Access Control), duplication, poisoning, fake routing tables, query poisoning, rogue DNS servers and local DNS cache poisoning. And not also forgetting URL obfuscation, manipulation or encoding that is mainly used to conceal misdirecting link (James, 2007). Research on the organization Most of the hackers understand that knowledge is the only way they can manage to hackers in to the company system. Most of the companies do not understand that the materials they give out about the companies are very important and that they are putting their organizations at a risk of hackers. Most of the hackers find it easy to get through the security system of various organizations because they do a lot of research on these organizations (Nemati, 2011). This research which is majorly on the cellular phones has been in the rise and the security exports have identified a good number of viruses in the cellular phones. ,the bad news that the security researchers have identify is that if proper actions are not taken, the hackers will soon mange to hack into the cellular phone system. This will be by the hackers infecting cellular phone with dangerous software that will that can delete the victims’ personal data or make tool calls to run the phone bills of the victims. The attack on the cellular phones may end up causing the cell phone crush this is due to the attack overloading or degrading the mobile network. And if this continues in the future the hackers will be in a position to still the victim’s financial data. Of all the phones, smart phones are at the highest risk. This is because these smart phones provide internet connection, can download files, and work as microcomputers and some of the downloaded files could carry codes that are malicious (Leavitt, 2005). Being on the inside Most of the companies and organization have always assumed that hackers are people who are unknown forgetting that even one of the employs in these organizations can be a hacker. The recent research has clearly proven that most of the hacking taking place are mostly done by the inside people. A hacker can decide to look for a job in the company that he has been targeting and try his level best to win the trust of the company before hacking to its system for personal gain. It is possible to assume that the employee just decides to hack into the company system with the intension of harming the company. In trying to explain this irony, the comparison was taken with that of early years when the security personnel considered the train robbers and the highwaymen as grate criminals however their peer considered them as heroes. These resent days "electronic highwaymen" are modern deviants feed on the natural vulnerability information and communication corporations (Hollinger 1991). Ways in which industries and organization use protect themselves from the hackers Stealing of the password For the organization to protect itself for the password theft, it needs to make a very long password or use a multiple authentication factor. The organization should also avoid using the same password on several accounts particularly when some of these accounts are on public sites. Even though writing down of the password is very important for remembering and regular changing of it, it is important for the written password not to be stored in the where it be easily accessed. The organization have tried to avoid the continuers use of protocols that are insecure that conveys passwords in text that are clear, such as sites used for e-mail, web surfing, chat, file transfer and many more (Ross et al, 2005). Wireless attacks Companies and institutions have come with a proficient method to sense and prevent wormhole in the OLSR protocol. This method is first determined to identify the link that may be suspected to be a component of a wormhole tunnel. After identification, a recommended mechanism for wormhole detection is applied to the link is suspected using a means of exchange packets of encrypted probing between the two thought neighbors. This method has several advantages for example it doesn’t depend on any location information or time synchronization and has been identified to be having high rate of detection under different occasions (Naït-Abdesselam et al, 2008). Monitoring of research that are vulnerable For the company and to identify the vulnerability that exists in their system before the hacker dose, they have adopted and have been more watchful than the hackers. The companies have made this possible by advancing in their research in identifying the vulnerability that exists in the system before the hackers identifies them and tries to research for a solution to protect or to rectify the problem before the hacker attacks the system. The companies and organizations have been determined in keenly concentrating on the groups of discussion and web sites of each and every manufacture they are using their software or hardware in a regular basis. The websites and the discussion groups have helped the organizations to understand the issues and problems that the manufacturers have failed to publicize and or have no easy solution. This websites includes hackerstorm.com, US CERT, securityfocus.com, and hackerwatch.org. Social Spying Companies and organizations have tried to frequently remind the employees on the importance of their password and how to safely keep them from the reach of other people. The security of the companies and organization has been tightened and any visitor is not allowed in the working environment but at the guest rooms. The companies have burnt selling of any commodity at the working environment and any deliveries are to be left to the security officers who will deliver them to their respective places. Through this means, the organizations and companies have reduced the hacking of their systems via social spying. Man in the middle attackers the The companies and institution have tried to protect themselves against the attack of MITM by totally avoiding the links that are arte provided in e-mails. The companies have further confirmed that the links they are using from the website are within the domain that is trusted or are either maintaining the encryption of SSL. Apart from all the confirmation, the companies and institution have introduced the IDS (Intrusion Detection System), local system, and DNS to oversee the traffics of the network and alteration. Research on the organization However the company needs not to worry because hackers have not developed a way in which they can hacks into the system. This is because the cellular phone is still a new technology and most hackers don’t understand it well. This does not mean that the cellular users and the company should not take pre-casino, the companies should be determine in doing research just as the hackers are doing to identify ,if there exists any loophole or vulnerability in the cellular. There is also need for the mobile operation companies to search for ways of improving the security (Leavitt, 2005). Being on the inside The company have now understood the need to also have an internal defense in position to help in the management of an internal threats faced by the companies or organizations. The human resource department has also improved its hiring technique by understanding the background of the employee and his or her criminal records. This will help the organization to understand if the person they are employing has been involved ion any criminal activity that can also harm the industry. This has been possible through being strict on the implementation of the last privilege principle, keystroke monitoring, and prevention of the installation of the software by the users, prohibiting of the external removable source of media, thorough auditing, deactivating all the USB ports, and internet monitoring, and filtering. Conclusion Hackers can use many methods to break in to the security system of an organization or a company. However it is the responsibility of these companies to research on the various loopholes that exists in their systems. This is the way that the companies and organizations can protect their secret which can be used by the hackers to create harm to their system and company in general. The companies should be in a position to understand the various methods and approaches the hacker uses to attack their companies and system. This is the only way that the companies will research in the right direction to prevent the hackers. Bibliography BASKERVILLE, R. (2013). Future directions for behavioral information security research. computers & security, 32, 90-101. CROSLER, R. E., JOHNSTON, A. C., LOWRY, P. B., HU, Q., WARKENTIN, M., & NEMATI, H. R. (2011). Security and privacy assurance in advancing technologies: new developments. Hershey, PA, Information Science Reference. GEER, D. (2005). Malicious bots threaten network security. Computer, 38(1), 18-20. GRIMES, R. A. (2005). Honeypots for Windows. Berkeley, CA, Apress. http://www.books24x7.com/marc.asp?isbn=1590593359. HASAN, M., PRAJAPATI, N., & VOHARA, S. (2010). Case study on social engineering techniques for persuasion. arXiv preprint arXiv:1006.3848. HOLLINGER, R. C. (1991). Hackers: Computer heroes or electronic highwaymen?. ACM SIGCAS Computers and Society, 21(1), 6-17. JAMES M. S. (2007). Ten Ways Hackers Breach Security. Web < https://learningnetwork.cisco.com/servlet/JiveServlet/downloadBody/3879-102-2-37992/Ten%20Ways%20Hackers%20breach%20security.pdf. > accessed March 26, 2015. LEAVITT, N. (2005). Mobile phones: the next frontier for hackers?. Computer, 38(4), 20-23. NAÏT-ABDESSELAM, F., BENSAOU, B., & TALEB, T. (2008). Detecting and avoiding wormhole attacks in wireless ad hoc networks. Communications Magazine, IEEE, 46(4), 127-133. ROSS, B., JACKSON, C., MIYAKE, N., BONEH, D., & MITCHELL, J. C. (2005, August) Stronger Password Authentication Using Browser Extensions. In Usenix security (pp. 17-32). Read More