Hackers are a diverse group that could have many reasons for hacking into a system. Their tools and techniques are as diverse as the hackers themselves. Even though they have diverse methods, the only way through a computer system is through a network. A hacked application can be pulled down by a user, e-mailed as a virus, or put on the computer by the hacker. The hacker can sniff the network to understand the packets that are being sent. The organization can sniff the network just as well to protect their networks.
The hacker, through a strong understanding of the operating system and applications, can control the computer once he gains access to it. The user, having access to the computer, can apply his knowledge of operating systems to contain the hacker. The hacker can be mapped to an isolated system to be contained and identified. The hacker is feared among the organizations of the world, but the hacker has more to lose, and there is always the chance that he is hacking into an organization that knows more about hacking than he does.
Protecting From Hackers
Some reports state that someone on the inside, such as a disgruntled employee, performs 85% of all hacks suffered by organizations. Unlike a hacker who is entering through the outside system, the hacker for an internal attack knows the systems. The employee is familiar with the resources that are available and may have a set of passwords to start hacking. There may be internal systems that he is familiar with, and the employee could have applied logic bombs or backdoors to assist in any attacks.
Keeping tabs in the workplace
There are applications that can be purchased to keep tabs on what employees are doing on their workstation. Managers who are aware of what the software engineer or system administrator is doing on a daily basis can keep that person from becoming a hacker. An employee who knows he is being watched would likely be hesitant to do something he shouldn't do. It is the employee who works weekends and until midnight without the manager watching who has the time to establish a hack.
Always be aware of what is being loaded onto the system's machine. Keep a running inventory of the programs that were installed. Check the list with some of the security sites for potential security risks. Be a minimalist when it comes to installing new programs. Only install programs that are by trusted and well-known vendors. Sometimes, I need to install programs to use for a month and then not re-use them for several more months. The program can be un-installed and re-installed when I need it several months later. Also monitor and be aware of what is running on the system computer. If the CPU usage of a machine is maxed out and there should be nothing running on the machine, obviously something harmful could be running in the background of the machine.
Isolating your suspects
If a hacker is suspected, set up a machine and account just for the hacker. Isolate the hacker into a machine that can be monitored and controlled with almost no utilities and access on it. Have the keystrokes and commands captured to log files. Isolating, monitoring, and controlling the hacker in a remote site can lead to the search and capture of the hacker. In many cases, the hacker will not know that he has been isolated, but may think that he has accessed an organization's system. Think like the hacker. Give the hacker a Trojan horse to download and find him. Because the hacker uses viral kits, sniffers, and other toolboxes where very little programming and computer knowledge is involved, the hacker may not be aware of the total damage that he may cause to a system.
Many hackers are tracked by organizations to give the estimate of the damage done to the organization so they can fix the damage. It might be that the hacker cannot give detailed information but can only point to a hack kit that he got on the Internet. The organization should always be aware of the hacking products and security Web sites. Several hacking sites that I visited last year no longer exist, and I am sure that any information on their tools is hard to come by. Organizations should know their systems well enough that, if they are hacked, they can assess the damage themselves and not depend on any other information.
Understanding your security system
The biggest effort that can help in securing systems is to be security aware. Many companies are aware of the latest and greatest technologies, but when asked about security, their typical response is "We have a firewall." A firewall does help if properly configured, but I have seen people answering this question and then pulling down hundreds of software packages the next time they're attacked.
There were so many programs on this person's desktop that a hard drive was added and when asked about the origin of some of the files, the response was "Just things collected over the years. I don't know where most of it came from." Even if the person was very technology aware, security should also be a big consideration. Some of the programs could be malicious without the person knowing. The suggestion was to compress and backup all of the files to a CD-ROM and later retrieve the files only when necessary. When considering security, be a minimalist with downloading and using programs of unknown origin. There may or may not have been malicious programs on this person's desktop. Usually, the only time that a hack is found is when it affects a system and it starts to cost money.
Hiring an expert
The biggest advantage that an organization could have is having security requirements established by a security expert. Many organizations give the security requirements to a business analysis person who lacks the background to understand security issues. The security expert will always ensure that chances of a security risk are avoided. Security consciousness is, in many ways, just a frame of mind. Just as a person is motivated to learn new technology, so there is a frame of mind for someone who wants to learn new security techniques. In the security plan, have tiger teams test the organization's systems and plan to revisit the security needs of the organization at regular intervals. Have a designated security administrator visit the advisories of applications and operating systems found at www.cert.org/advisories.
Tuesday, February 9, 2010
Subscribe to:
Comments (Atom)
About Me

- Shonam dua
- Web developer, I love to Code, Design and explore more and more latest technology gadget