Information System for Travel and Tourism - Essay Example

INFORMATION SYSTEM FOR TRAVEL AND TOURISM Introduction There is no single description that fits a hacker. Ideally, a hacker is thought of as an individual who enjoys getting the most out of a system with restricted access. Hackers use the system and study it extensively until they become proficient in all the nuances. They intentionally break into systems and overstep their bounds. Hackers use methods such as password cracking, exploiting known security weaknesses, network spoofing, and social engineering to gain access to unauthorized systems (Momin, 2014, p. 1). Most people associate hacking techniques to breaking the law and assume that everyone engaging in the act is a criminal. In actuality, the essence of hacking is finding overlooked or unintended properties of a given situation and applying them in different ways to disadvantage the owners of the initial system. The essay identifies the common ways used by hackers to gain access to systems and critically evaluates the methods used to defend systems. Common hacking techniques Hackers focus on individual computer systems whenever they are online. Thus, one is less susceptible to hacking as long as they are not connected to the Internet. Access to the Internet makes computer hacking an easy task to execute. Hacking can be done in different ways, including the use of worms, Trojans, blended threats, time bombs, adware, spyware, steal -ware and viruses (Gupta, 2004, p. 53). They also crash on the wireless networks which are not strengthened by installed and enabled firewalls. Also, they can send email attachments containing malicious software that can eventually embed on the computer system of the receiver. Hackers also target systems that have weak passwords or security enforcements. Whatever the method used for hacking, the effect is always harmful to the computer user. Systems get flooded with malware and viruses which steal vital information necessary for the success of an organization. When a piece of these malicious codes starts infecting a large computer system, the system is regarded to be in the wild. There are thousands of known worms, viruses, and Trojans, but only a few can cause serious concerns. The threat level of each of these malicious codes refers to its potential to spread and even infect computer systems. Ideally, threats are classified into four categories; no, low, medium or high threats (Skormin, et al., 2003, pp. 195-205). No-threat ratings refer to malicious codes that are hoaxes. The low-threat rating is given to malicious code that requires human assistance in replicating and spreading from one computer to the other. The medium-threat rating is given to malicious codes that have a slow infection speed and have little or no damage at all to the infected systems. Lastly, high threat malicious codes can replicate at a faster speed and can result in considerable damage. Viruses are categorized as either e-mail or miscellaneous viruses. Ideally, a virus is a computer program that is developed to initiate an action on a computer system without the user’s knowledge or permission. Several viruses have been circulating the Internet since their introduction, and hundreds more are created and released each year. In addition, hackers often modify the existing viruses to perform tasks completely different from the task assigned by the original developer. Hackers have unique capabilities to improve the original ability and functionality of the virus. Computer viruses replicate and spread from a single computer system to another. They merely replicate and end up clogging the computer system’s e-mail systems. Other computer viruses are developed with a malicious payload that executes commands such as corrupting, deleting or disabling other computer security software (Erbschloe, 2004, p. 17). In addition, a select group of computer viruses have the ability to attach themselves to other code blocks to facilitate the propagation. Hackers build viruses with three major components; a replication mechanism, a trigger, and a group of tasks. A replication mechanism allows reproduction and enables viruses to move from one computer system to other computers (Ludwig, 2005, p. 541). The trigger is designed to execute the replication mechanism of the virus. The task or group of tasks executes on the computer and encourages the destruction or alteration of files, computer settings or configurations. These tasks hinder the operations of the computer system or networking device. The three components take on a wide variety of behaviours and forms. The replication mechanisms can vary can vary greatly and the virus can be designed to execute a continuous combination of tasks. Popular types of viruses include the boot sector virus, file-deleting virus, file infecting virus, macro viruses, mass mailers, multiple-characteristic viruses, polymorphic viruses, stealth viruses, and socially engineered e-mail message subject lines (Bocij, 2006, p. 37). The boot sector virus infects the hard drive or floppy disk used in the boot processes of a computer system. These devices contain master boot records and when infected by viruses can configure the operation of the whole system. File-deleting viruses are tasked with deleting specific files that execute basic instructions. Also, they can enable the computer systems to launch unwanted applications. Fileinfecting viruses attach themselves to some of the executable files with extensions such as (.com, .dll, .exe, .ovl or .ovr). Whenever these files are run, the viruses spread and attach themselves to the executable files. Macro viruses spread through the computer system instructions found in applications such as Microsoft Excel or Word. The instructions are stored as part of the file and can eventually travel to other systems if they are attached to an e-mail message, copied to a file server or placed in a removable storage device. Hackers develop mass mailer viruses to run within e-mail programs and replicate by automatically emailing themselves to the addresses stored in the computer user’s address book. Mass mailers are considered a threat to computer users since hackers can use them to drown their email boxes with unusual messages. Multiple-characteristic viruses can occur in a combination of different virus types described above. Also, hackers can develop them using the ever-growing combination of capabilities, traits, and tasks. Polymorphic viruses change their appearance each time they infect a new computer system (Kwiecień, et al., 2014, p. 268). Thus, they are a good catch for hackers since they have the strange ability to hide from common virus protection software. Stealth viruses hide themselves from the operating system and any other virus protection software installed on the computer system. The viruses have the ability to make changes to the structure of the directory and the size of the files. Lastly, socially engineered virus messages prompt the computer user to open and execute potentially harmful programs without their knowledge. Blended threats Blended threats are malicious codes that can replicate on their own in several ways. The threats can have more than one trigger and can have various task capabilities. Blended threats can circulate on the Internet using worm and e-mail virus capabilities (United States, 2008, p. 38). Also, they have the capability to plant a Trojan virus on a computer system. The trigger can arise from an e-mail program action or rather a Web surfing action. Hackers have continuously become sophisticated in blending these characteristics and the capabilities of multiple types of threats. The sophistication among hackers in building blended threats forms part of an ongoing knowledge-building process in the hacking industry. Time bombs Time/logic bombs form part of the initial forms of hacking tools used by initial hackers. When installed on a computer system, time bombs become dormant and trigger at a later date during a specific circumstance or event. Time bomb triggers can be on a specific date or time or can even occur after a cumulative number of computer system starts. Time bombs are commonly used by most disgruntled hackers and programmers interested in retaliating against their employers. Also, time bombs can also be installed in blackmail attempts. Spyware A spyware describes a computer technology used by hackers in gathering information about someone or an organization without their consent or knowledge. Spyware programs are installed on an information system through various ways, including as part of a valid software virus or even as a result of adding a new legit program (Aycock, 2011, p. 1). Spyware gathers information from a computer system, such as the list of websites visited by the computer user, recorded keystrokes or the type of computer application programs installed on the information system. The hackers use the information gathered to enable interested and competing parties gain competitive advantage. Furthermore, the information gathered from spyware programs is combined with information from other databases to create lucrative profiles of individuals, work groups, families and the entire company. Such profiles are useful during direct marketing campaigns. Adware Hackers join efforts with some advertising networks to collect information from information system users and assist in the compilation of personal profiles. The hackers use malicious codes, commonly referred to as web bugs. The bugs have the ability to collect information concerning the website computer user’s visit and the actual activities they do on those websites (Aycock, 2011, p. 3). The bugs are commonly referred to as adware. The information collected is stored in a database and used to determine the types of banners and advertisements displayed on the websites. Some hackers use cookies on large websites as web bugs that in turn collect information about the computer information system. Most websites using the adware code claim to take these actions in order to improve the experience of the customer. Even though most of the websites have a privacy policy, it is often oblique and more advantageous to the hacker rather than the computer user. Steal-ware Hackers use these types of malicious programs on websites that have different types of affiliate marketing programs. Steal-ware majorly occurs in the form of scam charges. For instance, common steal-ware programs are designed to charge internet users for International calls even though they use local Internet service providers to visit websites (Brown, 2009, p. 209). Some hackers require website users to download certain software programs that in turn disconnect the computer modem and reconnect using their interface, incurring extra charges. Steal-ware programs collect data from the computer system and send it to the hacker’s computer system for development of more malicious and targeted computer programs. The steal-ware software modifies one’s affiliate tracking codes and replaces the browser’s cookies. As a result, the affiliate payments are redirected to the hacker’s account. Trojans Trojan horse attacks form one of the commonly used threats by hackers to breach computer security. Hackers use Trojan programs maliciously to perform actions that are not authorized and are completely unknown to the user. Popular actions of a Trojan horse program include deleting, blocking, modifying, copying or disrupting the performance of computer systems on a network. Hackers could develop a Trojan program in the form of a downloadable movie or music file. Whenever the computer user clicks on the same files, a dangerous program is installed. The program erases the computer hard disk and other storage devices connected to the computer and sends important information to the hacker. The information collected could be passwords or credit card numbers among other useful data. The data allows the hacker to hijack your computer system and commit illegal denial of service attacks. Trojan horses can come from executable files, look-alikes or even documents. Worms Computer worms are self-replicating programs that penetrate through a computer operating system with the intention of spreading malicious codes. Hackers use computer worms to spread copies of the original code to other computer users. The codes cause harm by excessively consuming the bandwidth or possibly deleting computer files and sending the documents through the email. Furthermore, computer worms can also install backdoor on the computer system. Worms are confused to be computer viruses, but they are completely different in actuality. The difference lies in the speed at which they spread. Worms undergo self-replication and spread across various networks, exploiting the vulnerabilities regardless of the absence of the guidance of cybercriminals. The use of computer worms by hackers poses a serious security threat to computer systems due to the potential of damage they can eventually cause. Worms can be transported through file attachments and sharing of links and networks to the infected websites. Security strategies against advanced hacking attacks to computer systems In today’s information age, many security breaches occur since computer users do not use the required security policy. Thus, some of the most severe cases of hacking have been detected through simplistic methods. Also, computer users play a significant role in significantly enhancing the security of an information system, and their role should never be downplayed and underrated. Information system users must develop and enforce an effective strategy to lessen the likelihood of their data and system being breached by unexpected security threats. Some of the security measures likely to enhance the security of an information system include the development of a defensive strategy, response strategies, insider threats, an incident response platform, and documentation of attack reports across the entire Information Technology department. Information system departments should invest in the development of a complete defensive strategy, including effective intrusion detection and protection measures. Investing and deploying a defensive strategy allows computer users to leg up and avoid possible hacker attacks. The strategies allow computer information systems to detect digital fingerprints of the most common and persistent security threats designed by unsuspecting hackers. Also, computer users can benefit from preventive measures, early detections, and mitigation strategies by integrating more intensive visibility and control strategies. For hacking threats, in particular, a company must keep a secure network that will require reactive and proactive security strategies. Information Technology administrators can keep the organization’s site and computer system secure by implementing programs that regularly test and deploy necessary security updates (Brown, 2009, p. 80). All the installed software on servers and endpoints should also be updated regularly. They should ensure that necessary security software such as antivirus programs are present across the board of computer information systems. The security software should be configured to detect effectively and even prevent possible phases of a hacker attack on the information system. It should also observe possible indicators on the computer network, disks, and memory storage. Security measures should be backed up with a response strategy that mitigates all forms of attack that arise. Catching cyber criminals are tough and requires a time-consuming memory. A response is more than just the tools and techniques and more of a process and management strategy. Recommendation The standard operating procedures and processes of computer information systems should be developed with security measures in mind. The measures should cover not only employees, but also computer contractors, partners, and customers. Furthermore, information system experts should investigate anomalous system and network behaviour. Most attacks are known to start with reconnaissance, and such suspicious occurrence could make up the first sign of an attack. Security experts should continuously plan and review the incident response procedures with the involved parties rather than the Information Technology groups alone. At times, hacker security attacks are announced in advance, and the computer users fed with relevant information about the attack beforehand. During such circumstances, it is important for information security officers take proactive defence actions and exercise high levels of awareness of their computer logs and networks. Conclusion Worth noting, one’s information system infrastructure does not have to be a ticking time bomb. Even though hacking is a common form of digital exploitation, information system users must find useful ways to combat it. It is very unfortunate that society has people who can eavesdrop on one’s online activity and gain unfair competitive advantage to their benefit. If one’s information system runs on a Windows platform, it is best to hide every online activity using an antivirus and a reliable firewall. Also, it is advisable to turn off the information system immediately one suspects a virus attack, rootkit, spyware or malware to avoid spreading. Bibliography Aycock, J. D., 2011. Spyware and adware. 1st ed. New York: Springer. Bocij, P., 2006. The dark side of the Internet : protecting yourself and your family from online criminals. 1st ed. Westport, Connecticut: Praeger. Brown, B. C., 2009. The complete guide to affiliate marketing on the Web : how to use and profit from affiliate marketing programs. 2nd ed. Ocala, Fla: Atlantic Publication Group. Erbschloe, M., 2004. Trojans, Worms, and Spyware : a Computer Security Professional's Guide to Malicious Code. 1st ed. Burlington: Elsevier. Gupta, S., 2004. Hacking in the computer world. 1st ed. New Delhi: Mittal Publications. Kwiecień, A., Gaj, P. & Stera, P., 2014. Computer networks : 21st International Conference, CN 2014, Brunów, Poland, June 23-27, 2014. Proceedings. 1st ed. Cham: Springer. Ludwig, M. A., 2005. The giant black book of computer viruses. 3rd ed. Show Low, Arizona: American Eagle. Momin, N., 2014. Cool Hacking Trick. [Online] Available at: http://www.coolhackingtrick.com/2014/03/computer-hacking-in-new-age-all-you.html [Accessed 18 March 2015]. Skormin, V. A., Summerville, D. H. & Moronski, J. S., 2003. Detecting Malicious Codes by the Presence of Their "Gene of Self-replication". researchgate.net, 2776(12), pp. 195-205. United States, G. A. O., 2008. Information security emerging cybersecurity issues threaten federal information systems : report to congressional requesters. 1st ed. Chicago: DIANE Publishing. Read More