ArtsAutosBooksBusinessEducationEntertainmentFamilyFashionFoodGamesGenderHealthHolidaysHomeHubPagesPersonal FinancePetsPoliticsReligionSportsTechnologyTravel

Computer System Security

Updated on December 27, 2014



Data security is vital for both large and small businesses. This is because both firms, large and small, have heavily invested in new technologies to store and safeguard their data. Additionally, their personal files, client’s and customer’s information, banking details, employees’ payrolls and any other firm-related information are securely stored in computers. Moreover, all this data is impossible to recover if lost. It is even worst when illegally accessed by illegal people and other cybercriminals. If this data is lost to floods, fires and other disasters, it is better than being lost to cybercriminals: hackers and other malware infections. This is because their consequences are extremely severe to both the firm and other related people. Therefore, how firms, both large and small, choose to handle and store their data is always important to customers and business partners.

The latest security threats, attacks and techniques used to compromise a system’s security

Many security threats operate by exploiting vulnerabilities that exist within a computer system. Vulnerability refers to a “hole” or weakness that exists in any network or computer device. In many cases, these flaws pass without being detected in the early stages of system development and testing procedures (Gupta, Joshi and Misra, 2010). Contrary, a threat refers to any qualified computer user who exploits the weaknesses of a computer system and continues to explore them to gain unauthorised entry or use of their resources. Vulnerabilities result to attacks whereby such people pose a threat to the system’s security by using various tools such as scripts and programs to access these networks and devices. In the modern computing world, there are various security threats and techniques that are commonly encountered by computer users. They comprise of hacking, phishing, spoofing, packet sniffing, spawning and spamming (Gupta, Joshi and Misra, 2010). They also constitute the use of malwares: root kits, Trojan horses, worms, botnets, viruses and adware’s to either gain illegitimate access or corrupt one’s data.

Hacking and Cracking

In the past, there used to be a large difference between hacking and cracking. A hacker used to be someone with intensive skills in computer programming. Hackers could think what programmers could not think and use their skills to solve security issues. On the contrary, crackers refer to skilled people who gain illegitimate access to systems with malicious intentions (Ealy, 2003). However, these two categories have the same meaning in today’s world. Except in the case of Certified Ethical Hackers, all hackers are the same because they exploit the system’s weaknesses for malicious intents. Hackers use a variety of backdoor administrative tools to hack a computer. For instance, some use a Trojan horse. The Trojan horse is a viral program that masquerades as an original software and tricks the computer user to install it on the computer (Ealy, 2003). Once installed or run on the computer, the application runs in the background and may alter all the systems’ security settings. For instance, it may stealthily turn off the computer’s firewall and facilitate access by other computers. Similarly, the Trojan horse also facilitates the entry of other viruses into the computer. This completely weakens the system’s security and provides more avenues for illegal access to secured data. Alternatively, some Trojan horses like Win 32 sality, Expire, executor 2 and Farb0 Trojan act as spywares (Ealy, 2003). Once a computer user is connected on the internet, they secretly get installed into the computer and start monitoring the user’s activities. Therefore, hackers use them steal important data such as passwords, credit cards and other confidential documents stored in the computer (Zuh, 2002). Additionally, Hackers may also use other backdoor administrative tools such as Orifice, SubSeven and Netbus because they all function in the same ways as Trojan horses.

Botnets, denial of service attacks and cracking

Whenever crackers need to access a computer illegally, they use a variety of softwares and techniques. For instance, a cracker might use botnets to override the system’s security (Chandola, 2014). A botnet refers to a set of interconnected computers over the internet whose security has been compromised by a hacker using viruses such as Trojan horses and other spyware tools. The latest examples of Botnets comprises of Citadel, Steal Rat and Andromeda Botnets. Additionally, each compromised computer is referred to as a Zombie. Because these compromised computers had been interconnected before they were attacked, each computer is in a position to communicate with the others and even their mainframe servers. Therefore, by using a command prompt option, the hacker uses one botnet, referred to as the bot header/bot master to control the other computers and do nefarious activities over the internet. For instance, the botnets may create a denial of service attack on the web server (Chandola, 2014). Denial of service attacks come in four different ways: buffer overflow, Smurf, Teardrop and SYN Flood attacks. A buffer overflow refers to the technique of providing a server with high loads of data such that it gets confused and avails administrative privileges to the cracker. This is sometimes referred to as network saturation. After gaining access to the server, a cracker may shut down the website server or a computer and ends up preventing other users from using it (Gupta, Joshi and Misra, 2010). This refers to a denial of service and is the most common technique used to compromise the security of websites.

Cross-site scripting and the use of Java Scripts

This is among the latest techniques used to compromise a system’s security. By using Java Scripts, hackers are able to generate codes and scripts that they use to gain illegal access to computers and networks. They write codes and scripts, emblem them onto their website’s Uniform Resource Locators (URLs) and lure online users to click on the links (Chandola, 2014). Once a computer user clicks on the link, the code transfers itself into the computer and secretly runs as a spyware, stealing confidential information. The scripts may also perform other destructive activities on the computer.

Packet sniffing

Just like cross scripting and the use of Java Scripts, packet sniffing is among the latest techniques used to steal moving data over the internet. Whenever people make online requests such as online credit transfers, banking activities over PayPal and many others, they transfer data over the internet. Data moves from the client’s computer server to the receiving computer server. If this data is not secured, people may trap, manipulate or even use it for their own selfish gains. Therefore, servers use different internet application security protocols such as SSL, TLS, 3D Secure (Secure Socket Layer, Transport Layer Security and 3Dormain Secure respectively) to code and protect this data. Contrary, packet sniffing is a technique that aims at stealing these secure packets of data before they reach their targeted web servers. It entails the use of special softwares that capture, analyse data such as internet traffics and present it in human readable form (Zuh, 2002). Common examples of packet sniffing softwares comprise of TPC Dumb, Dsniff, Wireshark developed by Ethereal, packet analysers, Pandora FMS, Xirrus Wi-Fi Inspector, NetXMS, ntopng, Splunk and many others (Chandola, Hess, 2014, 2010) (Hess. All these tools capture data being send over protected bandwidths. However, the full functionality and efficiency depends on the security protocol used to secure the transferred data. For instance, Splunk finds it difficult to hack, create an ARP Poisoning and capture online data that is secured using a 3D secure protocol.

W4-NETBIOS- Unprotected window shares

Microsoft’s Common Internet File System (CIFS)/ Server Message Block (SMB) enables interconnected computers to share their files over the internet (Chandola, 2014). This occurs when an organization wants to maintain an efficient coordination with employees scattered over different company branches. However, hackers find it easy to access these shared files and decode their messages. By collecting bulk information, they finally gain access to the organizations passwords and other confidential information. For instance, according to Chandola (2014) administrators of a certain government agency charged with the development of its software development planning made their files readable. They wanted to facilitate easy access of the files by different government facilities. However, in two days, hackers had gained access to these shared files and stolen the company’s mission planning softwares.

Root kits

This refers to an assortment of tools that hackers use to access or hack the operating system of a computer. They consist of utilities that monitor keystrokes, after log files, monitor traffics and attack other systems. Most of the root kits are kernel level, implying that they only attack the operating system. Examples of current kernel level rootkits comprise of Knark and Windows NT kernel-level Rootkit. Knark is developed for the latest versions of Linux, offering utilities such as execution redirection, remote execution of commands, hiding and un-hiding of files, gaining access to kernel roots and hiding strings in net/proc/tcp/udp/.

Ethereal, editing


Capturing Data Packets with Ethereal

© 2014 Musembi Daniel Nduva


    0 of 8192 characters used
    Post Comment

    • profile image


      3 years ago

      This is amazing

    • profile image


      3 years ago

      Wolla Wolla. Nice hub dude. I am passionate with comp securities. Good job


    This website uses cookies

    As a user in the EEA, your approval is needed on a few things. To provide a better website experience, uses cookies (and other similar technologies) and may collect, process, and share personal data. Please choose which areas of our service you consent to our doing so.

    For more information on managing or withdrawing consents and how we handle data, visit our Privacy Policy at:

    Show Details
    HubPages Device IDThis is used to identify particular browsers or devices when the access the service, and is used for security reasons.
    LoginThis is necessary to sign in to the HubPages Service.
    Google RecaptchaThis is used to prevent bots and spam. (Privacy Policy)
    AkismetThis is used to detect comment spam. (Privacy Policy)
    HubPages Google AnalyticsThis is used to provide data on traffic to our website, all personally identifyable data is anonymized. (Privacy Policy)
    HubPages Traffic PixelThis is used to collect data on traffic to articles and other pages on our site. Unless you are signed in to a HubPages account, all personally identifiable information is anonymized.
    Amazon Web ServicesThis is a cloud services platform that we used to host our service. (Privacy Policy)
    CloudflareThis is a cloud CDN service that we use to efficiently deliver files required for our service to operate such as javascript, cascading style sheets, images, and videos. (Privacy Policy)
    Google Hosted LibrariesJavascript software libraries such as jQuery are loaded at endpoints on the or domains, for performance and efficiency reasons. (Privacy Policy)
    Google Custom SearchThis is feature allows you to search the site. (Privacy Policy)
    Google MapsSome articles have Google Maps embedded in them. (Privacy Policy)
    Google ChartsThis is used to display charts and graphs on articles and the author center. (Privacy Policy)
    Google AdSense Host APIThis service allows you to sign up for or associate a Google AdSense account with HubPages, so that you can earn money from ads on your articles. No data is shared unless you engage with this feature. (Privacy Policy)
    Google YouTubeSome articles have YouTube videos embedded in them. (Privacy Policy)
    VimeoSome articles have Vimeo videos embedded in them. (Privacy Policy)
    PaypalThis is used for a registered author who enrolls in the HubPages Earnings program and requests to be paid via PayPal. No data is shared with Paypal unless you engage with this feature. (Privacy Policy)
    Facebook LoginYou can use this to streamline signing up for, or signing in to your Hubpages account. No data is shared with Facebook unless you engage with this feature. (Privacy Policy)
    MavenThis supports the Maven widget and search functionality. (Privacy Policy)
    Google AdSenseThis is an ad network. (Privacy Policy)
    Google DoubleClickGoogle provides ad serving technology and runs an ad network. (Privacy Policy)
    Index ExchangeThis is an ad network. (Privacy Policy)
    SovrnThis is an ad network. (Privacy Policy)
    Facebook AdsThis is an ad network. (Privacy Policy)
    Amazon Unified Ad MarketplaceThis is an ad network. (Privacy Policy)
    AppNexusThis is an ad network. (Privacy Policy)
    OpenxThis is an ad network. (Privacy Policy)
    Rubicon ProjectThis is an ad network. (Privacy Policy)
    TripleLiftThis is an ad network. (Privacy Policy)
    Say MediaWe partner with Say Media to deliver ad campaigns on our sites. (Privacy Policy)
    Remarketing PixelsWe may use remarketing pixels from advertising networks such as Google AdWords, Bing Ads, and Facebook in order to advertise the HubPages Service to people that have visited our sites.
    Conversion Tracking PixelsWe may use conversion tracking pixels from advertising networks such as Google AdWords, Bing Ads, and Facebook in order to identify when an advertisement has successfully resulted in the desired action, such as signing up for the HubPages Service or publishing an article on the HubPages Service.
    Author Google AnalyticsThis is used to provide traffic data and reports to the authors of articles on the HubPages Service. (Privacy Policy)
    ComscoreComScore is a media measurement and analytics company providing marketing data and analytics to enterprises, media and advertising agencies, and publishers. Non-consent will result in ComScore only processing obfuscated personal data. (Privacy Policy)
    Amazon Tracking PixelSome articles display amazon products as part of the Amazon Affiliate program, this pixel provides traffic statistics for those products (Privacy Policy)