Information Systems Management Original Purpose of Hacking

Question: Describe about hacking methods, social Engineering, implementation of defensive tools while using internet: Using firewall, antivirus and applying safe surfing practices? Answer: Introduction: Although the term hacking implies the technique of gaining unauthorized access , into ones computer, original purpose of hacking is finding weaknesses of a system (Sandiego.gov, 2015).Waguih (2013) opined that the task of gaining access into a system for stealing information can be considered as cracking. However according to Vacca (2013) techniques which are used for accessing information without authorization can be classified as black hat hacking technique. Analysison security systems indicates that the incidentsof stealing confidential information for personaluse are increasing rapidly. Although advanced tools are being developed todefend these unauthorized attacks, the existing defending systems are not sufficientfor ensuring security of confidential data. Apart from this hackers are using highly advanced techniques for gaining information and the use of known conventional hacking techniques isdecreasing. Changesin common hacking process are increasing difficulty for data storin g process. On other hand, although the conventional hacking processes are familiar to system operators, often security of data is affected by these techniques also. The current essay deals with analysis of hacking techniques which are currently being used by hackers. The essay also contains discussion on the available methods fordefending such attacks. Hacking methods: Hackers apply expert knowledge for developing hacking techniques. As a result, several hacking methods are available to gain unauthorized access intoa system. However, in current essay some of the most common hacking techniques arediscussed. Key Loggers: Password stealing can be considered as the most common way of hacking (Perkins, 2015). Baloch, (2014) opines that password stealing can be considered as the easiest methodfor gaining access into a system without any authorization. However, the task of password stealing can be done using Key loggers. Although key logger techniques can be applied by using both hardware and software, use of software key loggers ismore asthissoftware provide more flexibility to user (Perkins, 2015). Key logger programs are easilyavailable in market as a form of small software. Such programs are used to detect every stroke on the keyboard of a system. When the user of a computer, where key logger software is installed, tries to access any account by using user ID and password, the installed software detects every activity on keyboard and stores it in a log (Baloch,2014).However, the hacker can get information regarding user ID and password by simply opening the software log. This information on password a nd login ID can be used to access confidential data easily. Perkins (2015) opines that Key logger software runs at the backend of a system. According to Baloch (2014) as the key loggerdoes not appear at the front end if a system, it is difficult for the user toidentify presence of this software. Shea (2013), states that installation of key loggerdoes not require in depth knowledgeon software systems. As a result, it can be installed by anyone without knowing the purpose and it increases the chances of being tracked by this software. Thissoftware can be installed withinnegligibletime. Even the hardware loggers can also be installed by simply plugging it into USB port of a system (Seo et al., 2013). Kizza (2014) also stated that installation process of key logger can be completed within little time and this timeefficient nature also caused increasein use of such software.Hackers always prefer to use those methods which not increase the chances of being tracked while accessing secured data withoutpermission.Getting informationabout the hacker is impossibleif key logger method is used accessing a system. Torney, (2012) stated that difficulty in tracking unauthorized activities increased effectiveness of key logging techniques to hackers. Although key logging techniques can be implemented easily, in case of most hardware and software key loggers, the hackers need to access asystem physically(Baloch,2014).Tariq et al. (2012) states that the need of getting physical access to a system reduces efficiency of logging systems specially use of hardware loggers is limited by this feature. However hardware loggers can be used in any operating systems whereas use of software loggersdepend onthe nature of operating system of a computer(Andhare, 2012).Sun et al. (2014) states that computers which are using operating systems other than Linux , have less chances of being attacked by key logger software as most of these software are compatible with windows operating systems. However chances of being attacked of Unix or Linux computers does not reduces completely as hackers can use hardware key loggers forgetting confidential information from these machines (Kizza, 2014). Viruses and worms: Although most of the activities relatedwith hacking take place to fulfill the purpose of accessing secured information, often the hackers are found to gain access of a system for affecting its functionality(Baloch,2014).Viruses can effectively destroy the working capabilities of a system bygenerating unwanted dataflowwithin it.Shea and Liu (2013) statethat virus-attack in a computer can cause hugefinancial loss for a system.Financial loss can be large even if the security of data is not affected. On other hand, Shea (2013) states that viruses are more effective than other hacking techniques as this software does not require physicalaccess to acomputer forinfecting it. Viruses are also small pieces of software which have ability to replicate themselves(Sandiego.gov, 2015). When a virus program is installed into a system, it starts attaching itself withother programs (intosaiitaudit.org, 2015). According to Shakarian et al. (2013) once a virus attaches itself with a program, it gets mo re chancesfor regenerating itself.Whenever the use of computerruns the virus infected program, it is replicated and attached with other programs. Thus the while system becomes infectedand presence of infected programs interrupts is functioningprocess. Viruses are available in various forms (Seo et al., 2013). High availability if such software increases its use by hackers.However, among the availabletypes of computer software, viruses of three types are used in most cases.Perkins (2015) opines that all viruses do not have the ability of self-replication, but they can damage a system equally. Sometimes theviruses which have no ability of being replicated automatically are found to be more harmfulthan those which can be replicated (Sun et al.2014). Types of viruses: Trojan horse is a type of computer virus which does not have the ability of replication. But these programs can erase important data stored in hard disk while running. It indicates that attack of Trojan horse cancause significantlosses if the data cannot be retrieved. Worm can be considered as one of the traditional viruses which are used by hackers. Worms affects asystem through conventional working method of a virus.Worms are easy to be transferred into machines. However, once the worms are transferred into a system, the programs start finding other programs ofcomputer for being attached. Oncethe infected programs start running, the worms become able to attach them with otherprograms which are already present in computer (Sun et al.2014). According to a program which is infected byworm cannot be executedefficiently. If the infected programs run for multiple times, efficiency of all programs residing within the system reduces. Although most of the worms attachit with any program and causeinterruptionin program execution, the nature of damage dependson program written by its creator. Creeper, one of the primary models of worms, used to propagate through different nodesof a system using ARPANET (Kizza, 2014).Creeper caused interruption in program execution by displaying unnecessary messages. However, the worms are innovated largely and worms which are used currently by hackers are able to cause significant losses(Seo et al., 2013). Mydoom can be considered as one of the most discussed worm in modern times.It used e-mail services for being installed into a system. After being installed the worm replicates itself and these copies are sent to different address writtenin address book of email account. After that the worm copied itself for being connected with shared devices.Once Mydoom is installed in a computer, the hacker can access it any time and it increases the security risks several times (Palmer, 2015). The above analysis indicates that risks caused by worms increased significantlywith advancement oftechnologies. However, Grossman (2015) states that increased availability of internet enhanced the enhanced the power of malicious software.According to Periyasamy (2013) theincidents ofworm attack are increasing as these programs are being transferred using e-mails.Most of viruses are freeware. Palmer (2015) stated that use of virus and worm not only provide the hackers with opportunity of stealing information at low cost, but it also increases flexibility of modifying availablesoftware according to requirements. Although viruses are extensively used for hacking, high availability of antivirus software limits effectiveness of viruses (Saleh et al.2013). Denial of service: Denial of service (DoS) attacks preventsthe authorized usersfrom usinga system by generating flowof unimportantdata into a network (Vacca, 2013).Hacker often uses Trojan horses for generating huge traffic within a network. Min et al. (2013) states thatDoS attacks are not directlyinvolved withstealing data but theabilityof interrupting data access process of authorized users make these attacksequally risky as other data stealing methods. However, analysis of current hacking trends indicatesthat hackers are now showing preference to use DDoS (Distributed Denial of Service) attacks. As stated by Kumar and Surisetty (2012) DDoS attacks makes the process of data access almost impossible for being executed as inthis case, unwanted traffic comes from multiple computers to the target system.DoS attacks not only interrupts data access for a short time , but its impacts can harm system for long time also if the internet services are terminated due to presence of huge traffic in network (Palmer ,2015). Social Engineering: Social engineering is one of the most used hacking techniques. Implementation of hacking through social engineering can be done by using human based and computer based methods (Seo et al., 2013). In case of Human based social engineering techniques for hacking, one person can pretend as an important user of a network and can collect personal information from other users of the system (Kizza,2014).However, Held (2013) states that chances of successful hacking increases due to use of computer based social engineering techniques. Machinebased social engineering techniques which are used in most cases includephishing,baiting and online scams. Comparative analysis on all three techniquesindicates that chances of being victims of phishing and baiting canbe controlled by applying safe practices of e-mail handling while using internet. On other hand, one can be easily affected by baiting as baiting techniques can be implemented while downloading movie or music from internet(Sun et al.2014). Sniffing and spoofing: Sniffing and spoofing are two emerging techniques of hacking. However, both the techniques are highly advanced and the incidents of data security loss are increasing due to use of these techniques. The act of sniffing is not used for stealing data from a single computer, but this technique is capable of providing access to the data transmitted over the whole network to an unauthorized user. However, sniffing often is used by legitimate users for data monitoring. Although sniffing is used for monitoring data, it can be harmful when being used by black hat hackers and cracker as the data can be manipulated by them. Spoofing is another technique which uses e-mail services for getting unauthorized information. E-mails which are sent by hackers appear as the e-mails sent by legitimate senders. Whenever, a user tries to open or read such e-mail, important information regarding the user is accessed by hackers. As the victim does not identify the incidentsof information stealing, damages caused by such techniques increases (Saleh et al.2013). Analysis on defending systems: Although the incidentsof hacking are increasing rapidly, the chances of being victim of any such incidents can be reduced significantlyby applying several simple techniques while using a system. Grossman (2015) states that most of the attempts of hackers become successfulas thecommon users lack updated knowledge on internet use. However, themethods which can be used for preventing hackers include getting information on theoperating system (OS) of a computer, developingsafe habits of internet use, implementing defensive tools while using internet etc. one requires updating knowledge on internet to increases system security (Dondyk et al.2013). Importance of getting sufficientinformation on OS: Analysis on the hacking techniques indicates that the chances of being hacked depend on OS in a system. However all operating systems contain some features for increasing security of the machine. A user requires utilizing all these security measures provided by OS to prevent hacking.Coleman (2013) states that security techniques of OS can effectively prevent a system from being used byunauthorized people. Onother hand, Chung (2012) suggests that only utilization of OS features is not enough for enhancing security of data. As the number of on line hacking is increasing, system users also require to apply defensive tools for prevention of online scams (Vacca, 2013). Implementation of defensive tools while using internet: Using firewall, antivirus and applying safe surfing practices (Above Infranet, 2015) As most of the hacking techniques including socialengineering, sniffing, spoofingand so on are being applied using internet users requireunderstanding and implementing defensivetechniques to prevent hacking. According to Bosworth et al. (2014) use of firewalls is one of the basic techniques which increase network security. Although firewall prevents unauthorized users from accessing a system, using only firewall does not ensure system security (Vacca, 2013). Firewalls can be disabledeasily and once it is the system security reduces. Andhare (2012) stated that developmentof safe internetpractices is the most effective forpreventing hacking attacks. The activities like downloading filesfrom internet require to be controlled for increasing system security.As most of the internet hacking techniques areimplemented using e-mails by following some guidelines such as reading only those e-mails which are coming from known sources can keep the system secured (Kizza, 2014).However Al-Saleh et al.(2013) considers that lack of knowledge of e-mail users are responsible for increasing risk of a system. Baloch (2014) also suggests that prevention of hacking by applying safe surfing techniques is one of the most useful defensive techniques as one does not need technological knowledge for following these practices. After maintaining safe internet surfing guidelines properly, the chances of being hacked does not reduces completely as the hackers alwaysinnovate known techniques. Use of antivirus software makes the system secured even if any malicious software enters into machine (Fu-Hau Hsu et al. 2012).However the level of security provided by antivirus can vary according to design of the software. The current analysis on defending systems indicatesthat noneof theavailable techniques is sufficient for protecting asystemif it is used alone.Users require implementingdifferent technique together to increase security of a system. Conclusion: Discussion on hacking methods reflects that the number of hacking is increasing due to availability of internet. Current trend of hacking indicates that availability of internet enabled hackers to develop new ways of information stealing. However, the conventional methods of hacking are also being innovated and this increasing the risk of confidential dataloss. As the incidents of hacking are increasing, new tools for preventing unauthorized access are also being developed. However, level of security increases if these tools are used efficiently. References Above Infranet, (2015). Our Firewalls and Antivirus - Above Infranet. [Online] Available at: https://aboveinfranet.com/solutions/security-solutions/firewalls-anti-virus/#.VPllD_msWSo [Accessed 6 Mar. 2015]. Al-Saleh, M., Espinoza, A. and Crandall, J. (2013). Antivirus performance characterisation: system-wide view. IET Information Security, 7(2), pp.126-133. Andhare, M. (2012). Mitigating Denial-of-Service Attacks Using Genetic Approach. IOSRJEN, 02(03), pp.468-472. Baloch, R. (2014). Ethical Hacking and Penetration Testing Guide. Hoboken: Taylor and Francis. Bosworth, S., Kabay, M. and Whyne, E. (2014). Computer Security Handbook, Set. Hoboken: Wiley. Chung, Y. (2012). Distributed denial of service is a scalability problem. SIGCOMM Comput. Commun. Rev., 42(1), p.69. Coleman, E. (2013). Coding freedom. Princeton: Princeton University Press. Dondyk, E., Rivera, L. and Zou, C. (2013). Wi-Fi access denial of service attack to smartphones. International Journal of Security and Networks, 8(3), p.117. Fu-Hau Hsu, Min-Hao Wu, Chang-Kuo Tso, Chi-Hsien Hsu, and Chieh-Wen Chen, (2012). Antivirus Software Shield against Antivirus Terminators. IEEE Trans.Inform.Forensic Secure., 7(5), pp.1439-1447. Grossman, J. (2015). Cross-Site Scripting Worms Viruses the Impending Threat the Best Defense. [Online] www.whitehatsec.com. Available at: https://www.whitehatsec.com/assets/WP5CSS0607.pdf [Accessed 3 Mar. 2015]. Held, G. (2013). Windows networking tools. Boca Raton, FL: CRC Press. intosaiitaudit.org, (2015). The basics of protecting against computer hacking. [Online] Available at: https://intosaiitaudit.org/intoit_articles/19_03_Hacking.pdf [Accessed 3 Mar. 2015]. Kizza, J. (2014). Computer Network Security and Cyber Ethics. Jefferson N.C.: McFarland Company, Inc., Publishers. Kumar, S. and Surisetty, S. (2012). Microsoft vs. Apple: Resilience against Distributed Denial-of-Service Attacks. IEEE Security Privacy Magazine, 10(2), pp.60-64. Min, B., Varadharajan, V., Tupakula, U. and Hitchens, M. (2013). Antivirus security: naked during updates. Softw. Pract. Exper. 44(10), pp.1201-1222. Palmer, C. (2015). Ethical hacking. [Online] pdf.textfil.es. Available at: https://pdf.textfil.es/security/palmer.pdf [Accessed 3 Mar. 2015]. Periyasamy, (2013). A PROFICIENT TRACEBACK APPROACH USING PROVINCIAL LOCALITY ASPECTS TO ELIMINATE DENIAL OF SERVICE ATTACKS. Journal of Computer Science, 9(2), pp.271-276. Perkins, J. (2015). Access Control Policy. [Online] www.lse.ac.uk. Available at: https://www.lse.ac.uk/intranet/LSEServices/policies/pdfs/school/accConPol.pdf [Accessed 3 Mar. 2015]. Sandiego.gov, (2015). Hacking and Viruses | San Diego Public Library. [Online] Available at: https://www.sandiego.gov/public-library/services/specialresources/pctech/child/ethics/virus.shtml [Accessed 3 Mar. 2015]. Seo, D., Lee, H. and Perrig, A. (2013). APFS: Adaptive Probabilistic Filter Scheduling against distributed denial-of-service attacks. Computers Security, 39, pp.366-385. Shakarian, P., Shakarian, J. and Ruef, A. (2013). Introduction to cyber-warfare. Amsterdam [Netherlands]: Morgan Kaufmann Publishers, an imprint of Elsevier. Shea, J. (2013). Combating computer viruses. New York: Gareth Stevens. Shea, R. and Liu, J. (2013). Performance of Virtual Machines under Networked Denial of Service Attacks: Experiments and Analysis. IEEE Systems Journal, 7(2), pp.335-345. Sun, S., Jiang, M., Ma, X., Li, C. and Liang, L. (2014). Hacking on decoy-state quantum key distribution system with partial phase randomization. Scientific Reports, 4. Tariq, U., Malik, Y. and Abdulrazak, B. (2012). Defense and Monitoring Model for Distributed Denial of Service Attacks. Procedia Computer Science, 10, pp.1052-1056. Torney, M. (2012). New Integrated Defence and traceback approach for Denial of service attacks. IOSRJEN, 2(1), pp.106-110. Vacca, J. (2013). Computer and information security handbook. Amsterdam: Morgan Kaufmann Publishers is an imprint of Elsevier. Waguih, H. (2013). A Data Mining Approach for the Detection of Denial of Service Attack. IAES International Journal of Artificial Intelligence (IJ-AI), 2(2).