Computer System Security
Data security is vital for both large and small businesses. This is because both firms, large and small, have heavily invested in new technologies to store and safeguard their data. Additionally, their personal files, client’s and customer’s information, banking details, employees’ payrolls and any other firm-related information are securely stored in computers. Moreover, all this data is impossible to recover if lost. It is even worst when illegally accessed by illegal people and other cybercriminals. If this data is lost to floods, fires and other disasters, it is better than being lost to cybercriminals: hackers and other malware infections. This is because their consequences are extremely severe to both the firm and other related people. Therefore, how firms, both large and small, choose to handle and store their data is always important to customers and business partners.
The latest security threats, attacks and techniques used to compromise a system’s security
Many security threats operate by exploiting vulnerabilities that exist within a computer system. Vulnerability refers to a “hole” or weakness that exists in any network or computer device. In many cases, these flaws pass without being detected in the early stages of system development and testing procedures (Gupta, Joshi and Misra, 2010). Contrary, a threat refers to any qualified computer user who exploits the weaknesses of a computer system and continues to explore them to gain unauthorised entry or use of their resources. Vulnerabilities result to attacks whereby such people pose a threat to the system’s security by using various tools such as scripts and programs to access these networks and devices. In the modern computing world, there are various security threats and techniques that are commonly encountered by computer users. They comprise of hacking, phishing, spoofing, packet sniffing, spawning and spamming (Gupta, Joshi and Misra, 2010). They also constitute the use of malwares: root kits, Trojan horses, worms, botnets, viruses and adware’s to either gain illegitimate access or corrupt one’s data.
Hacking and Cracking
In the past, there used to be a large difference between hacking and cracking. A hacker used to be someone with intensive skills in computer programming. Hackers could think what programmers could not think and use their skills to solve security issues. On the contrary, crackers refer to skilled people who gain illegitimate access to systems with malicious intentions (Ealy, 2003). However, these two categories have the same meaning in today’s world. Except in the case of Certified Ethical Hackers, all hackers are the same because they exploit the system’s weaknesses for malicious intents. Hackers use a variety of backdoor administrative tools to hack a computer. For instance, some use a Trojan horse. The Trojan horse is a viral program that masquerades as an original software and tricks the computer user to install it on the computer (Ealy, 2003). Once installed or run on the computer, the application runs in the background and may alter all the systems’ security settings. For instance, it may stealthily turn off the computer’s firewall and facilitate access by other computers. Similarly, the Trojan horse also facilitates the entry of other viruses into the computer. This completely weakens the system’s security and provides more avenues for illegal access to secured data. Alternatively, some Trojan horses like Win 32 sality, Expire, executor 2 and Farb0 Trojan act as spywares (Ealy, 2003). Once a computer user is connected on the internet, they secretly get installed into the computer and start monitoring the user’s activities. Therefore, hackers use them steal important data such as passwords, credit cards and other confidential documents stored in the computer (Zuh, 2002). Additionally, Hackers may also use other backdoor administrative tools such as Orifice, SubSeven and Netbus because they all function in the same ways as Trojan horses.
Botnets, denial of service attacks and cracking
Whenever crackers need to access a computer illegally, they use a variety of softwares and techniques. For instance, a cracker might use botnets to override the system’s security (Chandola, 2014). A botnet refers to a set of interconnected computers over the internet whose security has been compromised by a hacker using viruses such as Trojan horses and other spyware tools. The latest examples of Botnets comprises of Citadel, Steal Rat and Andromeda Botnets. Additionally, each compromised computer is referred to as a Zombie. Because these compromised computers had been interconnected before they were attacked, each computer is in a position to communicate with the others and even their mainframe servers. Therefore, by using a command prompt option, the hacker uses one botnet, referred to as the bot header/bot master to control the other computers and do nefarious activities over the internet. For instance, the botnets may create a denial of service attack on the web server (Chandola, 2014). Denial of service attacks come in four different ways: buffer overflow, Smurf, Teardrop and SYN Flood attacks. A buffer overflow refers to the technique of providing a server with high loads of data such that it gets confused and avails administrative privileges to the cracker. This is sometimes referred to as network saturation. After gaining access to the server, a cracker may shut down the website server or a computer and ends up preventing other users from using it (Gupta, Joshi and Misra, 2010). This refers to a denial of service and is the most common technique used to compromise the security of websites.
Cross-site scripting and the use of Java Scripts
This is among the latest techniques used to compromise a system’s security. By using Java Scripts, hackers are able to generate codes and scripts that they use to gain illegal access to computers and networks. They write codes and scripts, emblem them onto their website’s Uniform Resource Locators (URLs) and lure online users to click on the links (Chandola, 2014). Once a computer user clicks on the link, the code transfers itself into the computer and secretly runs as a spyware, stealing confidential information. The scripts may also perform other destructive activities on the computer.
Just like cross scripting and the use of Java Scripts, packet sniffing is among the latest techniques used to steal moving data over the internet. Whenever people make online requests such as online credit transfers, banking activities over PayPal and many others, they transfer data over the internet. Data moves from the client’s computer server to the receiving computer server. If this data is not secured, people may trap, manipulate or even use it for their own selfish gains. Therefore, servers use different internet application security protocols such as SSL, TLS, 3D Secure (Secure Socket Layer, Transport Layer Security and 3Dormain Secure respectively) to code and protect this data. Contrary, packet sniffing is a technique that aims at stealing these secure packets of data before they reach their targeted web servers. It entails the use of special softwares that capture, analyse data such as internet traffics and present it in human readable form (Zuh, 2002). Common examples of packet sniffing softwares comprise of TPC Dumb, Dsniff, Wireshark developed by Ethereal, packet analysers, Pandora FMS, Xirrus Wi-Fi Inspector, NetXMS, ntopng, Splunk and many others (Chandola, Hess, 2014, 2010) (Hess. All these tools capture data being send over protected bandwidths. However, the full functionality and efficiency depends on the security protocol used to secure the transferred data. For instance, Splunk finds it difficult to hack, create an ARP Poisoning and capture online data that is secured using a 3D secure protocol.
W4-NETBIOS- Unprotected window shares
Microsoft’s Common Internet File System (CIFS)/ Server Message Block (SMB) enables interconnected computers to share their files over the internet (Chandola, 2014). This occurs when an organization wants to maintain an efficient coordination with employees scattered over different company branches. However, hackers find it easy to access these shared files and decode their messages. By collecting bulk information, they finally gain access to the organizations passwords and other confidential information. For instance, according to Chandola (2014) administrators of a certain government agency charged with the development of its software development planning made their files readable. They wanted to facilitate easy access of the files by different government facilities. However, in two days, hackers had gained access to these shared files and stolen the company’s mission planning softwares.
This refers to an assortment of tools that hackers use to access or hack the operating system of a computer. They consist of utilities that monitor keystrokes, after log files, monitor traffics and attack other systems. Most of the root kits are kernel level, implying that they only attack the operating system. Examples of current kernel level rootkits comprise of Knark and Windows NT kernel-level Rootkit. Knark is developed for the latest versions of Linux, offering utilities such as execution redirection, remote execution of commands, hiding and un-hiding of files, gaining access to kernel roots and hiding strings in net/proc/tcp/udp/.
Capturing Data Packets with Ethereal
© 2014 Musembi Daniel Nduva