bullet_title.gif Business sectors
» Banking and Finance
» Construction and Real Estate
» Insurance
» Healthcare
» Investment Banking
» Manufacturing
» Pharmaceutical
» Telecommunications
» Transportation
» Utilities




   RSS Newsfeed


Data Security

 

Introduction


 

As an user of computer you must have seen messages for alerts for viruses, worms, Trojan horses and many other related to security of your computer, or you must be getting emails even phone calls making you alert about computer security. They must be telling you so many buzzwords like “your computer is being monitored and used by somebody else, we can solve the problem by installing some software…” and so on.

 

Now the bottom line is this:
Should you really worry about security issue?
Can someone really use your computer?
Answer is simple and straight “Yes”.

 

 

Why anybody would want to intrude your system?

 

There are various reasons; some of them can be things like:
Someone may be interested in getting your personal information, steal some data from your system, cause damage to your system or test their computer skills.
Someone may be interested in your personal information for financial gain; the person could be interested in your credit card number or your bank account number.
Most credit card thieves are interested in cracking databases maintained by merchants, financial firms like banks and credit reporting services.

 

 

How hacker can get your password or credit card information?

 

Hacker can install some malicious code that could track your keystrokes and send the information, such as usernames and passwords it obtained when you visited an online banking site, to remote attacker.

 

Its not always that person who is cracking your system (crackers) is for wealth and revenge. Most crackers see the process as a game; an exiting challenge that let them uses their knowledge of computer.
There are some cases where cracker wants to break into a “secure” system to demonstrate its vulnerabilities to its owners.
Reason can be there where cracker wants to use your system for doing illegal work. They don’t want them to be traced down, so they may want to put you in all illegal activities.
If you have high-speed Internet access with wireless router then the risk of getting exposed to the hackers is more.

 

Some of the security risks for wireless Internet access are Insertion Attacks, Interception and monitoring wireless traffic, Configuration change, and Network Jamming etc.

 

With so many reasons and so many cases regarding network security and so many threats coming from so many different angles, a question arises how are you supposed to protect yourself?

 

You cannot get 100% protection, some of the risk is impossible to avoid, you can’t control what comes from outside.

 

But still we can take some measures to minimize the disasters and risk of losing personal information.
Plan in advance for your system recovery; like having a back up for all your important data.

 

 

Basics of Security


Computers generally pick up viruses from infected files over a network or the Internet. Research shows that the main source for the spread of these unwanted guests is the Internet. Infected files are attached to anonymous messages and sent to thousands of people who unknowingly download and execute the file attachment, creating a chaos on their machines as well as the network they are on.

E-mails are the most common source of virus. Do not open any suspicious mail attachments, which come with any mail even from your friends or relatives, it can be a program to get into your system and take out all your data. Email worms routinely spoof the sender information. Some of the recent virus file extensions are exe, inf, url, vbs, vbe, wsf, wsh, wsc, zip etc.

 

Many people configure their mail clients to automatically forward the mails they receive; assuring that the infected file is generously distributed to other people too.

 

Regardless of how much protection you have in place, or whether you use a Mac, Windows XP, or Firefox browser etc, all the security precautions should be taken.

 

Obtain a good anti virus software, hardware or software based firewall, latest intrusion detection system, anti spy ware, install them in your system and keep updating these protection software, security patches from vendors regularly.

 

Changing your password on regular bases and most important, password should be unpredictable. Do not use your name your pet’s name or any other related name or number as your password. If you are giving your password to anyone like to your computer consultant then change it immediately after your work is done.

 

Disconnect your system from Internet when you don’t use it. If you are using wireless router then keep the password security or Wi-Fi Protected Access (WPA) enabled.

 

 

 

Hacking and Cracking


Hacking is an act of penetrating computer systems to gain knowledge about the system and how it works.
Hacking and cracking are activities that generate intense public interest. Also waking up the security world from sleep.

 


Hackers


Technically, a hacker is someone who is driven by curiosity and enthusiastic about computer programming and all things relating to the technical workings of a computer with an urge to win which  makes them more aggressive.
However, most people understand a hacker to be what is more accurately known as a 'cracker'

 


Crackers

 

Crackers are people who try to gain unauthorized access to computers. This is normally done through the use of a 'backdoor' program installed on your machine. A lot of crackers also try to gain access to resources through the use of password cracking software, which tries billions of passwords to find the correct one for accessing a computer.

 


What damage can a Hacker do?


This depends upon what backdoor program(s) are hiding on your PC. Different programs can do different amounts of damage. However, most allow a hacker to smuggle another program onto your PC. This means that if a hacker can't do something using the backdoor program, he can easily put something else onto your computer that can. Hackers can see everything you are doing, and can access any file on your disk. Hackers can write new files, delete files, edit files, and do practically anything to a file that could be done to a file. A hacker could install several programs on to your system without your knowledge. Such programs could also be used to steal personal information such as passwords and credit card information

 

 

How do Hackers hack?


There are many ways in which a hacker can hack. Some of them are:

• NetBIOS
• ICMP Ping
• FTP
• rpc.statd
• HTTP

 

NetBIOS


NetBIOS hacks are the worst kind, since they don't require you to have any hidden backdoor program running on your computer. This kind of hack exploits a bug in Windows 9x. NetBIOS is meant to be used on local area networks, so machines on that network can share information. Unfortunately, the bug is that NetBIOS can also be used across the Internet - so a hacker can access your machine remotely.

 

 

ICMP ‘Ping’ (Internet Control Message Protocol)


ICMP stands for Internet Control Message Protocol and is one of the main protocols that make the Internet work. 'Ping' is one of the commands that can be sent to a computer using ICMP. Ordinarily, a computer would respond to this ping, telling the sender that the computer does exist. This is all pings are meant to do. Pings may seem harmless enough, but a large number of pings can make a Denial-of-Service attack, which overloads a computer. Also, hackers can use pings to verify existents of a computer with no firewall (firewalls can block pings) so they could  launch a more serious form of attack against a computer.

 

 

FTP (File Transfer Protocol)


FTP stands for File Transfer Protocol  and is a standard Internet protocol. It may be used for file downloads from some websites. If you have a web site of your own, you may use FTP to upload files from your local computer to the web server. However, FTP can also be used by hackers.  FTP normally requires some form of authentication for access to private files, or for writing to files

FTP backdoor programs, such as-
• Doly Trojan
• Fore
• Blade Runner
simply turn your computer into an FTP server, without any authentication.

 

 

rpc.statd


This is a problem specific to Linux and Unix. The problem is the infamous unchecked buffer overflow problem. This is where a fixed amount of memory is set aside for storage of data. If data is received that is larger than this buffer, the program should truncate the data or send back an error, or at least do something other than ignore the problem. Unfortunately, the data overflows the memory that has been allocated to it, and the data is written into parts of memory it shouldn't be in. This can cause crashes of various different kinds. However, a skilled hacker could write bits of program code into memory that may be executed to perform the hacker's evil deeds.

 

HTTP (Hyper Text Transfer Protocol).

HTTP hacks can only be harmful if you are using Microsoft web server software, such as Personal Web Server. There is a bug in this software called an 'unchecked buffer overflow'. If a user makes a request for a file on the web server with a very long name, part of the request gets written into parts of memory that contain active program code. A malicious user could use this to run any program they want on the server.

 

 

Where and how to start Hacking


After you get yourself a good scanner, scan some prefixes and find some cool dialups, then do the following:

 

First Method


• From your terminal, dial the number you found.
• You will hear a series of Beeps. (Telling you that you are connecting to a remote computer.
• After few seconds you will hear something like “CONNECT 9600”.
• It then identifies the system you are on.
• If nothing happens after it says “CONNECT 9600” try hitting ENTER a number of times.
• If you get a bunch of garbage adjust your parity, data bits, stop bits etc. until it becomes clear.
• Now when you get connected to the server you can apply either of the above mentioned methods.


Second Method  (TELNET)


• Get your local dialups.
• Then you dial the number from your terminal & connect.
• Press Enter and wait for a few seconds.
• Then it will say “Terminal =”.
• Type your terminal emulation.
• If you don’t know what it is hit ENTER.
• It will give you a prompt @.
• Type ‘c’ (connects to the host)
• Type NAU (Network user address) that you want to connect.
• Find out the type of system you are on UNIX, VAX/VSM, PRIME.

 

Here is a list of some Telenet commands and their functions.
• c Connect to a host.
• stat Shows network port.
• Full Network echo.
• half Terminal echo.
• Telemail Mail. (need ID and password)
• mail Mail. (need ID and password)
• set Select PAD parameters
• cont Continue.
• d Disconnect.
• hangup Hangs up.
• access Telenet account. (ID and password)  

 

 

* NO WARRANTY


This material is furnished on an "as is" basis. The provider makes no warranties of any kind, either expressed or implied as to any matter including, but not limited to, warranty of fitness for a particular purpose or merchantability, exclusivity or results obtained from use of the material. The provider does not make any warranty of any kind with respect to freedom from patent, trademark, or copyright infringement.

 

 
Copyright | Disclaimer | Privacy | Webmail | Login
Page: unique views 24 - loaded in 0.016 seconds - last modified 2007-12-04, 22:27
Site: users online 4 - unique visitors 7695 - page views 8169 - since 2019-03-04, 5:10
Powered by AbbaSiteMaker 2.3 | © 2019 by ASL Consulting LTD ( 1988 - 2019 )